Skip to content

FDIC Requests Information to Assess Bitcoin Services

FDIC
Federal Deposit Insurance Corporation
Division of Risk Management Supervision
Division of Depositor and Consumer Protection
300 South Riverside Plaza, Suite 1700, Chicago, IL 60606

Chicago Regional Office
Phone (312) 382-7500
Fax (312) 382-6901

August 22, 2022

Board of Directors
XXXXX

Subject: Third-Party Crypto-Asset Activity

Dear Members of the Board:

On June 13, 2022, we received XXXXX (the Bank) notification of the Bank’s intent to offer customers the ability to buy, sell, and hold Bitcoin through the Bank’s digital and mobile banking platform in conjunction with Financial Institution Letter (FIL), FIL-16-2022, Notification of Engaging in Crypto-Related Activities.

The FDIC requests insured depository institutions provide information necessary to allow the FDIC to assess the safety and soundness, consumer protection, and financial stability implications of such crypto-asset activities. In order to begin those assessments, please provide the information in the attached list by October 22, 2022. If the requested information has not yet been developed, include the status and timeline for developing each item in the response, as applicable. Once the FDIC has completed its review of the requested information, we will determine whether additional information is necessary to complete the review of the activity. When we have completed our review, the FDIC will provide the institution with relevant supervisory feedback, as appropriate.

If you have any questions, please contact Case Manager XXXXX or Acting Review Examiner XXXXX. Written correspondence should be addressed to my attention at the Chicago Regional Office, and sent as a PDF document through the FDIC’s Secure Email portal (securemail.fdic.gov) using the following e-mail address: XXXXX@FDIC.gov.

Sincerely,

Gregory P. Bottone
Regional Director

cc: XXXXX

Crypto-Asset Activity Request List

  1. Strategic Plan that details how crypto-related activity achieves objectives of the Bank’s Board and the Contingency Plan in the event the activity fails to achieve those objectives.
  2. Project/Implementation plan including, but not limited to, expected volumes of activity, cost benefit analysis including income projections used to determine whether the services are financially feasible, and any other analysis performed to support launching the services.
  3. Risk assessments for all crypto-related services. Consideration should be made to Safety and Soundness, Information Technology, Anti-Money Laundering/Combating the Financing of Terrorism, and Consumer Compliance.
  4. Board and committee minutes reflecting approval, discussion, analysis, and any documentation provided on the activity.
  5. Legal analysis of the permissibility of the services under part 362 of the FDIC’s Rules and Regulations, and under the XXXXX banking regulations.
  6. Analysis performed with respect to SEC Staff Accounting Bulletin No. 121 and services.
  7. Vendor management due diligence documentation and analysis for XXXXX and XXXXX including audits, financials, insurance, complaints, etc.
  8. Contracts and legal agreements between the bank and third party vendors related to crypto-asset activities.
  9. Overview of the contracting process including who is involved in the review, analysis, and structuring.
  10. Contract analysis performed.
  11. Policies and procedures that will govern the crypto-related activity, including those related to consumer compliance and complaint resolution.
  12. If not outlined in policies and procedures, the framework of assigned responsibilities and qualifications for those involved in day-to-day administration of crypto-related services, including internal controls responsibilities, and a description of oversight responsibilities, for example: management; staff; committees, including committee members; frequency of meetings; and collectively, their approval authority, and expertise required to be a committee member.
  13. Internal training materials related to the crypto-related activity.
  14. Marketing materials, press releases, internal scripts, educational materials, and any publicly distributed information related to the crypto-related activity (draft or proposed). This includes screen shots/screen recordings of any online banking or mobile application interfaces (including hidden text that must be clicked) that will be made visible to consumers by, or through, the bank in connection with these activities.
  15. Schedule a live demonstration for the FDIC of the customer viewpoint from enrollment to purchase, sale, and trade confirmation.
  16. Draft consumer agreements, disclosures, or other terms and conditions related to these activities provided by, or through, the bank and by third parties.
  17. Reports of volume of crypto-related activity including: 1) the number of active accounts using this service through the bank, 2) the total number and dollar volume of buy transactions completed (since implementation), and 3) the total number and dollar volume of sell transactions completed (since implementation).
  18. Description of the transaction flow and related controls.
  19. Detailed description of the settlement process for customer buy/sell transactions between the bank, XXXXX, and any other related parties.
  1. Description of what happens to customers’ Bitcoin if the bank does not continue or cancels
    offering services provided by XXXXX.
  2. Description of any Bank fees that will be charged to consumers related to the crypto-related
    activity, and how they will be calculated. Also, describe if and how fees are split amongst the
    Bank and any third-parties involved in the activity.
  3. Description of any transaction limitations imposed by XXXXX or the bank on the amount of
    Bitcoin a consumer may purchase or sell and any time limits (e.g. daily, weekly, monthly).
  4. Description of the methodology that determines the price a consumer pays to XXXXX for a
    Bitcoin. This includes providing an explanation of how any market price is determined and how
    the spread, if any, is calculated.
  5. Plans for ongoing monitoring and audit of crypto-related products and services offered by the
    Bank.
  6. Any other due diligence materials.