Crypto Vendor Due Diligence Review
Board of Directors
XXXXX
Members of the Board:
Enclosed is a copy of the May 16, 2022, FDIC Report of Examination (Report). In addition to our safety and soundness findings, the Report includes the results of an Information Technology examination and an Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) program review. The FDIC discloses to examined banks the composite and component ratings. The composite rating definitions are included in the Report. Part 309 of our Rules and Regulations requires that you keep the ratings and all Report contents confidential.
XXXXX
1 The Anti-Money Laundering Act of 2020 (the AML Act) amended subchapter II of chapter 53 of title 31 United States Code (the legislative framework commonly referred to as the “Bank Secrecy Act” or “BSA”). For purposes of consistency with the AML Act, the FDIC will now use the term “AML/CFT program” rather than “BSA/AML compliance program.” Use of “AML/CFT” has the same meaning as the previously used “BSA/AML.”
On May 16, 2022, bank management notified the FDIC that it started due diligence on a third party vendor that would allow customers the ability to buy/sell crypto assets. Please notify this office once management has completed its due diligence and has started beta testing the product, as the FDIC would like to complete a targeted review of the program. The purpose of the review is to assess the bank’s risk management practices, policies and procedures, and compliance with consumer protection and AML/CFT regulations, prior to full implementation of the program. We will also provide relevant supervisory feedback to the institution during the review.
The enclosed Report also contains other supervisory recommendations. Promptly addressing those findings will help to improve the related operational areas of your bank.
The last page of the Report is labeled Signatures of Directors/Trustees. Please have each director sign this page after reviewing the Report, and retain the Report for examiner review at subsequent examinations. We have also enclosed an invitation to participate in the FDIC’s post-examination survey process. Please refer to the invitation for details and instructions.
As a reminder, written correspondence can be sent to this office as a PDF document through the FDIC’s Secure Email portal (securemail.fdic.gov) using the following e-mail address: XXXXX@FDIC.gov. Information about how to use secure email and FAQs about the service are available at fdic.gov/secureemail. You may direct any questions to Case Manager XXXXX or me at XXXXX.
Sincerely,
Daniel W. Holmgren
Assistant Regional Director
Enclosures
cc: XXXXX
Federal Reserve Bank of Minneapolis