Crypto Services Notification Request

FDIC
DIVISION OF RISK MANAGEMENT SUPERVISION
FEDERAL DEPOSIT INSURANCE CORPORATION

Dallas Regional Office
600 North Pearl Street, Suite 700
Dallas, Texas 75201
(214) 754-0098 FAX (972) 761-2082

September 8, 2022

Board of Directors
XXXXX

Subject: Third-Party Crypto-Asset Activity

Dear Members of the Board:

On April 19, 2022, we received XXXXX (the Bank) notification of the Bank’s intent to offer customers the ability to buy, sell, and hold crypto-assets through the Bank’s digital and mobile banking platform in conjunction with XXXXX in response to Financial Institution Letter (FIL), FIL-16-2022, Notification of Engaging in Crypto-Related Activities.

As stated in FIL-16-2022, the FDIC may request that institutions provide information necessary to allow the FDIC to assess the safety and soundness, consumer protection, and financial stability implications of such activities. In order to begin those assessments, please provide the information in the attached list by October 14, 2022. If the requested information has not yet been developed, include the status and timeline for developing each item in the response, as applicable. Once the FDIC has completed its review of the above-requested information, we will determine whether additional information is necessary to complete the review of the activity. When we have completed our review, the FDIC will provide the institution with relevant supervisory feedback, as appropriate.

This letter is confidential and may not be disclosed or made public in any manner under part 309 of the FDIC Rules and Regulations (12 CFR part 309). If you have any questions, please contact Case Manager XXXXX or Review Examiner XXXXX. Written correspondence should be addressed to Kristie K. Elmquist, Regional Director, FDIC, Dallas Regional Office, and sent as a PDF document through the FDIC's Secure Email portal (https://securemail.fdic.gov/) using the following e-mail address: XXXXX@FDIC.gov. Information about how to use secure email and FAQs about the service can be found at https://www.fdic.gov/secureemail/.

Sincerely,

/s/ Kristie K. Elmquist
Kristie K. Elmquist
Regional Director

cc: XXXXX

Attachment

Crypto-Asset Activity Request List

  1. Contracts (including any draft contracts that the bank is reviewing/considering);
  2. Overview of the contracting process (e.g., who is/was involved in the review, analysis, and structuring);
  3. Any contract analysis performed prior to execution;
  4. Description of the transaction flows and related controls;
  5. Detailed description of the settlement process for customer buy/sell transactions between the bank, XXXXX, and any other related parties;
  6. The bank’s permissibility analysis and determination with respect to the activity;
  7. Bank’s analysis of SEC SAB 121 and its applicability;
  8. Cost-benefit analysis;
  9. Project plan;
  10. Vendor management due diligence documentation and analysis related to both XXXXX and the bank’s service provider, including audits, financials, insurance, complaints, etc.;
  11. Description of what happens to customers’ accounts or crypto-asset holdings if the bank does not continue or cancels offering the services provided by XXXXX;
  12. Description of any fees that will be charged to consumers related to the activity, and how they will be calculated. Also, describe if and how fees are split amongst the bank and any third-parties involved in the activity;
  13. Description of any transaction limitations imposed by XXXXX or the bank on the amount of crypto-assets a consumer may purchase or sell (e.g. daily, weekly, monthly);
  14. Description of the methodology that determines the price the consumer pays to XXXXX. This includes providing an explanation of how any market price is determined and how the spread, if any, is calculated;
  15. Consumer agreements, disclosures, and other terms and conditions related to the activities provided by or through the bank and by third parties (draft or proposed);
  16. Marketing materials, press releases, internal scripts, educational materials, and any other publicly-distributed information related to the activity (draft or proposed). This includes screen shots/screen recordings of any online banking or mobile application user interfaces (including hidden text that must be clicked) that will be made visible to consumers by, or through, the bank in connection with activities;
  17. Any other due diligence materials;
  18. Strategic plan that details how crypto-asset activity achieves objectives of the Board, and the contingency plan should the activity fail to achieve the objectives;
  19. Implementation plan. Please include expected activity volumes, income projections used to determine whether the products are financially feasible, and any other analysis performed to support launching the products;
  20. Board and committee minutes reflecting discussion, analysis, approval, and any documentation provided on the activity;
  21. Risk assessment(s) related to the activity;
  22. Internal training materials related to the activity;
  23. Policies and procedures that will govern the crypto-related activity, including those related to consumer compliance and complaint resolution;
  24. Framework of assigned responsibilities and qualifications for those involved in day-to-day administration of crypto-related activity, including internal control responsibilities; and,

  1. Description of oversight responsibilities (e.g. management, staff, committees (including members, frequency of meetings), and collectively, their approval authority).

  2. If the activity is in a testing phase or has been made available to customers, provide: 1) number of active accounts using this service through the bank; 2) total number and dollar volume of buy transactions completed (since implementation); and, 3) total number and dollar volume of sell transactions completed (since implementation).