Skip to content

SENT VIA SECURED ELECTRONIC MAIL

September 26, 2022

Board of Directors
XXXXX

Subject: Third-Party Crypto-Asset Activity

Dear Members of the Board:

On March 23, 2022, we received President and Chief Executive Officer XXXXX submission that provided high-level information relating to the subject. Specifically, the submission described XXXXX (the Bank) intent to offer its customers the ability to buy, sell, and hold Bitcoin through the Bank’s third-party arrangement with XXXXX Financial Institution Letter (FIL), FIL-16-2022, Notification of Engaging in Crypto-Related Activities, requested that all FDIC-supervised institutions that intend to engage in, or that are currently engaged in, any activities involving or related to crypto-assets (also referred to as “digital assets”) promptly notify the appropriate FDIC Regional Director.

As stated in FIL-16-2022, the FDIC may request that institutions provide information necessary to allow the FDIC to assess the safety and soundness, consumer protection, and financial stability implications of such activities. To help us continue that assessment, please provide the information in the attached request list by November 25, 2022. If the requested information has not yet been developed, please include the status and timeline for developing each item in the response, as applicable. Once the FDIC has completed its review of the requested information, we will determine whether additional information is necessary to complete the assessment. When we have completed our assessment, the FDIC will provide the institution with relevant supervisory feedback, as appropriate.

If you have any questions, please contact Case Manager XXXXX. Written correspondence should be addressed to Kristie K. Elmquist, Regional Director, FDIC, Dallas Regional Office, and sent as a PDF document through the FDIC’s Secure Email portal (https://securemail.fdic.gov/) using the following e-mail address: XXXXX@FDIC.gov. Information about how to use secure email and FAQs about the service can be found at https://www.fdic.gov/secureemail/.

XXXXX Subject: Third-Party Crypto Asset Activity

September 26, 2022

Sincerely,

Kristie K. Elmquist
Regional Director

Enclosure

cc: XXXXX

Crypto-Asset Activity Request List

Documentation (Prospective/Beta/Live):

  1. Contracts (including any draft contracts that bank is reviewing/considering)
  2. Overview of the contracting process (e.g., who is/was involved in the review, analysis, and structuring)
  3. Any contract analysis performed prior to execution
  4. Description of the transaction flows and related controls
  5. Detailed description of the settlement process for customer buy/sell transactions between the bank, XXXXX and any other related parties
  6. The bank’s permissibility analysis and determination with respect to the activity
  7. Bank’s analysis of SEC SAB 121 and its applicability
  8. Cost-benefit analysis
  9. Project plan
  10. Vendor management due diligence documentation and analysis related to both XXXXX and XXXXX including audits, financials, insurance, complaints, etc.
  11. Description of what happens to customers’ accounts or holdings if the bank does not continue or cancels offering the services provided by XXXXX
  12. Description of any fees that will be charged to consumers related to the activity, and how they will be calculated. Also, describe if and how fees are split among the bank and any third parties involved in the activity
  13. Description of any transaction limitations imposed by XXXXX or the bank on the amount of Bitcoin or other crypto-asset a consumer may purchase or sell (e.g. daily, weekly, monthly)
  14. Description of the methodology that determines the price consumer pays to XXXXX for Bitcoin or other crypto-asset. This includes providing an explanation of how any market price is determined and how the spread, if any, is calculated.
  15. Consumer agreements, disclosures, and other terms and conditions related to the activities provided by or through the bank and by third parties (draft or proposed)
  16. Marketing materials, press releases, internal scripts, educational materials, and any other publicly-distributed information related to the activity (draft or proposed). This includes screen shots/screen recordings of any online banking or mobile application user interfaces (including hidden text that must be clicked) that will be made visible to consumers by, or through, the bank in connection with activities.
  17. Any other due diligence materials.
  18. Strategic plan that details how crypto-asset activity achieves objectives of the board and the contingency plan should the activity fail to achieve the objectives.

  1. Implementation plan. Please include expected activity volumes, income projections used to determine whether the products are financially feasible, and any other analysis performed to support launching the products.

  2. Board and committee minutes reflecting discussion, analysis, approval, and any documentation provided on the activity.

  3. Internal training materials related to the activity.

  4. Policies and procedures that will govern the crypto-related activity, including those related to consumer compliance and complaint resolution.

  5. If not outlined in policies and procedures, framework of assigned responsibilities and qualifications for those involved in day-to-day administration of crypto-related activity, including internal controls responsibilities. Description of oversight responsibilities (e.g. management, staff, committees (including members, frequency of meetings), and collectively, their approval authority).

Documents (Live/Beta Programs only):

  1. Volumes to include: 1) number of active accounts using this service through bank, 2) total number and dollar volume of buy transactions completed (since implementation), and 3) total number and dollar volume of sell transactions completed (since implementation).