Skip to content

FDIC
Federal Deposit Insurance Corporation
Division of Risk Management Supervision
350 5th Avenue, New York, NY 10018
New York Regional Office

April 25, 2022

Board of Directors
XXXXX
XXXXX

  • Subject: Questions Related to XXXXX

Dear Members of the Board:

On February 22, 2022, the FDIC, Office of the Comptroller of the Currency, and Board of Governors of the Federal Reserve System met with the XXXXX and its member banks at the time. At that meeting, it was evident that the XXXXX had yet to finalize the use cases or functionality of the product and the Operating Rules by which the XXXXX and its members would be governed. The discussion indicated phases or versions of the product, with future solutions, and, subsequently, the FDIC has received revised information outlining three models under consideration for the XXXXX program.

In our letter to you on April 22, 2022, the FDIC stated it has a number of questions based on the discussion and information provided to date. The initial questions are attached and we request responses by June 9, 2022. As noted in our prior letter, we expect you to satisfactorily address these and any subsequent questions (in advance of implementation) to ensure the bank is operating in a safe and sound manner.¹ This is consistent with FIL-16-2022, which requests that institutions provide information necessary to allow the agency to assess the safety and soundness, consumer protection, and financial stability implications of such activities.

Written correspondence should be addressed to Jessica A. Kaemigk, Acting Regional Director, FDIC, New York Regional Office, and sent as a PDF document through the FDIC’s Secure Email portal (https://securemail.fdic.gov/) using the following email address: XXXXX@FDIC.gov. Information about how to use secure email and FAQs about the service can be found at https://www.fdic.gov/secureemail/.

If you have any questions, please contact Assistant Regional Director Ashley M. Amicangioli at XXXXX.

Sincerely,
Jessica A. Kaemigk
Acting Regional Director

¹ See e.g., Section 39 of the Federal Deposit Insurance Act and Part 364 of the FDIC Rules and Regulations.

XXXXX Board of Directors

Attachment – XXXXX Questions

CC: XXXXX Federal Reserve Bank of New York

Board of Directors

Page 3 of 7

Questions

  1. Governance and Structure of XXXXX

a. Describe the activities conducted by XXXXX, the assets held by XXXXX, the services XXXXX provides to XXXXX banks; and the relationship between XXXXX and XXXXX banks.

b. Describe the governance in place for XXXXX private protocol within the XXXXX blockchain, including the processes for decision-making, key participants, and key personnel. In your response, indicate the extent to which (i) XXXXX will participate in or exercise control over governance of XXXXX private protocol within the XXXXX blockchain; and (ii) participants on the private protocol could make decisions that would have binding effect with respect to XXXXX, including over XXXXX objections.

c. Describe what role, if any, XXXXX and XXXXX will play in the governance of the XXXXX.

d. Describe what role, if any, non-member, participating banks will play in the governance of XXXXX private protocol, including whether such banks will be restricted in conducting any activities related to the public XXXXX blockchain.

e. Provide the terms of the XXXXX smart contract, the rules of the XXXXX blockchain and the private protocol, and any documents that describe the terms of such smart contract. Identify the party responsible for creating and coding such terms into the smart contract.

f. Explain in detail the consensus mechanism for the XXXXX blockchain. Identify all persons that control 5 percent or more of the staking assets for the blockchain and provide the percentage controlled.

g. Explain any dispute resolution processes contemplated with respect to XXXXX members.

h. Provide a list of the fees XXXXX has already paid to XXXXX, and estimated expenses moving forward. In your response, please clarify what the fees are for and whether there are expectations of periodic payments to XXXXX.

i. Discuss the permissibility of XXXXX membership in XXXXX under section 24 of the Federal Deposit Insurance Act, 12 U.S.C. § 1831a, and part 362 of the FDIC Rules and Regulations, 12 C.F.R. part 362.

j. Clarify whether XXXXX operates a node or is otherwise involved in validating transactions on the XXXXX blockchain or the private protocol. Identify other entities that operate as a node or otherwise validate transactions. Explain how such nodes are assigned; the role they serve; the governance process for nodes; and whether the nodes for the XXXXX private protocol are the same or different than XXXXX nodes.

k. Describe what involvement, if any, XXXXX may consider in non-related activities of the XXXXX blockchain.

l. Identify the steps that XXXXX would need to take if it chooses to exit the XXXXX.

m. Describe key third-party relationships that the XXXXX and the XXXXX will enter into with respect to XXXXX activities. In your response, please address any XXXXX.

Board of Directors Page 4 of 7

contemplated relationships with XXXXX XXXXX XXXXX and their affiliates. n. If the applications for XXXXX include business-to-business payments, merchant payments, and peer-to-peer payments, explain whether different governance protocols would be adopted to ensure privacy, confidentiality and/or data security for the different types of customers and their data. o. Explain any restrictions in place regarding the use of data related to XXXXX transactions. In your response identify the parties with access to such data and the type(s) of data they can access and any controls monitoring the use of such data. Explain the rights and responsibilities with respect to privacy and/or data security violations. p. Explain the extent to which XXXXX transactions will make use of an off-chain contract execution environment. q. Provide a copy of the Operating Rules. r. Describe any insurance that is contemplated to cover loss or malfeasance at the XXXXX or XXXXX bank-level. s. Explain whether XXXXX banks or participating banks are required to sign exclusivity agreements with the XXXXX. In your response, clarify whether XXXXX banks or participating banks are allowed to join other similar XXXXX.

  1. Classifications. a. Explain the difference, if any, between the XXXXX use of the terms "XXXXX" XXXXX and "XXXXX". (Note these questions use the term "XXXXX", but should be read broadly if there is a difference in these terms.) b. The website XXXXX (last visited on 3/31/2022) uses the terms "XXXXX" and "XXXXX". XXXXX Clarify XXXXX understanding of XXXXX. c. Explain whether the XXXXX XXXXX identify the issuing bank and how, if at all, this distinction is apparent to banks and/or customers. d. Explain the basis for XXXXX determination that its participation in the XXXXX including all the activities that it would conduct as part of the XXXXX is permissible under applicable law.

  2. Accounting. a. Explain how funds exchanged for XXXXX XXXXX are reflected on the balance sheet of XXXXX. b. Explain whether and how the XXXXX XXXXX themselves are or will be reflected on the balance sheet of XXXXX. c. Explain whether reserves will be held in connection with the XXXXX liabilities and, if so, whether such reserves be held as cash or in the form of specific assets. If reserves are held, explain whether they serve as collateral for the XXXXX XXXXX. d. Provide example general ledger entries for XXXXX; transfer of XXXXX to a customer of another XXXXX bank; burning of XXXXX and settlement of due- to/due-from balances among XXXXX banks. Please provide a chart depicting the flow of funds.

Board of Directors

Page 5 of 7

  1. Exposure to Other Members of the XXXXX

a. Explain how XXXXX mitigates the risk of intraday (or over-the-weekend) exposures to other XXXXX banks. In your response, describe any controls in place to protect XXXXX from the failure of a fellow XXXXX bank during the term of these exposures.

b. Explain the liability, if any, XXXXX would have to holders of XXXXX issued by another XXXXX bank upon such bank’s failure.

  1. Risk Management and Controls.

a. Describe the role of the board in reviewing and approving bank participation in the XXXXX and XXXXX activities.

  i. Explain the process by which XXXXX board and/or management assessed XXXXX authority to participate in the XXXXX?

  ii. Identify the legal risks (including permissibility, if applicable) XXXXX Bank’s board considered when deciding whether to participate in the XXXXX. Explain how the XXXXX plans to mitigate and manage those risks.

  iii. If participation in the XXXXX was approved by the board, explain the basis upon which the board approved XXXXX participation while key questions related to liability, membership, operating rules, and use cases have not been finalized.

  iv. If participation in the XXXXX was not approved by the board, explain management’s authority to enter into the activity without board approval.

b. Explain the type of risk assessment and due diligence that was performed and identify key personnel involved in such activities.

c. Explain whether management identified relevant expertise needed to engage in this activity.

d. Explain whether XXXXX established any dollar volume-based limitations on customer activity or bank level activity (on a daily basis) (for example, to monitor total exposure/volume).

e. Explain whether the bank will upgrade or change any systems or procedures to allow for this activity.

f. Describe the risk management systems, processes, and controls in place or in development with respect to XXXXX activities, including the minting and burning of XXXXX, maintenance of XXXXX wallets, and participation in the XXXXX blockchain.

g. Describe the risk management systems, processes, and controls that XXXXX and the XXXXX have put in place to monitor and mitigate potential risks posed by the public XXXXX blockchain, including those related to blockchain governance disputes, software defects, and changes in protocol rules.

h. Explain how XXXXX public, permissionless nature impacts XXXXX ability to mitigate risks related to security and privacy.

i. Explain how XXXXX will mitigate operational risk where a step in the transfer process does not occur as expected.

j. Provide any continuity plans if the XXXXX blockchain fails, including operational errors or delays in processing and system outages.

Board of Directors

Page 6 of 7

k. Describe XXXXXXX efforts to conduct due diligence and assess the risks of engaging in the XXXXXXX smart contract.

l. Explain how XXXXXXX will ensure that the amount of funds in the omnibus deposit account matches, at a minimum, at all times the aggregate amount of XXXXXXX in its customers’ wallets.

m. Describe any testing XXXXXXX is conducting or will conduct in relation to the XXXXXXX blockchain, XXXXXXX smart contract, or other aspects of its participation in the XXXXXXX.

n. Describe and provide documentation of vulnerability analysis that has been performed related to the smart contracts.

  1. Settlement.

a. Explain when the final settlement of a transaction facilitated by XXXXXXX occurs, where it is recorded, and whether there are any dependencies on the public blockchain for settlement finality.

b. Provide a detailed account of what “XXXXXXX” is and for what it will be used. In your response, include whether it has a set price or whether its price can fluctuate.

c. Explain whether XXXXXXX will be paying “XXXXXXX” fees directly to update the XXXXXXX blockchain ledger and, if so, to whom such fees are paid.

d. Explain whether XXXXXXX plans to hold “XXXXXXX” and, if so, (i) how it will be reflected on XXXXXXX balance sheet and (ii) how much XXXXXXX plans to hold. If its price can fluctuate, explain how XXXXXXX intends to account for variations in the price of “XXXXXXX.”

e. Provide a description of the accounting methods and treatment used for XXXXXXX held by XXXXXXX (including initial recording and any subsequent entries).

  1. Use Cases.

a. Provide a detailed description of planned and potential use cases for XXXXXXX.

b. Explain how the XXXXXXX differs from other bank-offered peer-to-peer payments platforms (e.g., XXXXXXX). Explain if the XXXXXXX interacts with any such platforms.

c. Explain whether and how the XXXXXXX is developing an alias directory (e.g., email addresses). If so, explain (i) whether such directory will be housed by a central party, or such data will be stored in a decentralized manner; how any personal identifiable information (PII) stored in the alias directory will be protected.

d. Explain how customers effectuate peer-to-peer payments (e.g., in banks’ own apps or via a third-party app).

e. Identify and describe safeguards that will be put in place to mitigate the risk that customers send funds to an unintended recipient.

f. Provide screen shots to show the customer’s user experience.

  1. Consumer Protection.

a. Identify the fees and other charges that will be imposed on XXXXXXX customers that elect to use XXXXXXX to conduct transactions.

b. Describe the anticipated process for managing complaints from XXXXXXX customers related to XXXXXXX.

Board of Directors Page 7 of 7

c. Explain any steps XXXXX will take to ensure consumers understand any difference in protections between XXXXX and traditional banking products. d. Describe network rules, systems, and practices that will be put in place to protect consumers. For example, explain the rights consumers will have to dispute errors, payments mistakenly sent to the wrong party, or payments related to fraud. Describe how XXXXX and the XXXXX will ensure such disputes are resolved in a timely basis and in accordance with network rules and applicable laws and regulations. e. Explain whether XXXXX or any other entity will indemnify customers for breaches to the wallets. f. Explain whether consumers are required to enter into an agreement with XXXXX (or another entity) to maintain a wallet. g. Describe any representations that XXXXX is making or plans to make regarding the applicability of FDIC deposit insurance. h. Describe any representations that XXXXX is making or plans to make regarding the stability of XXXXX including regarding reserves. i. Explain whether responsibility for approval of advertising and marketing materials rests with individual XXXXX banks or the XXXXX as a whole, or if there is some other arrangement. j. Identify the consumer data that will be shared with the XXXXX and its participants, as well as any controls in place to protect PII and limit sharing. In your response, indicate whether any PII will be stored on a distributed ledger and describe any disclosures regarding data sharing that XXXXX intends to provide.