Crypto Services Assessment

FDIC
Federal Deposit Insurance Corporation
Division of Risk Management Supervision
Division of Depositor and Consumer Protection
1100, Walnut Street, Kansas City, Missouri 64106
Kansas City Regional Office
Phone (816) 234-8000

October 12, 2022

Board of Directors
XXXXX

Subject: Third-Party Crypto-Asset Activity

Dear Members of the Board:

On September 8, 2022, we received XXXXX (the Bank) notification of the Bank’s intent to offer customers the ability to buy, sell, and hold various crypto-assets through the Bank’s XXXXX banking platform by XXXXX in conjunction with a third party crypto-asset partner in response to Financial Institution Letter (FIL), FIL-16-2022, Notification of Engaging in Crypto-Related Activities. FIL-16-2022 requested that all FDIC-supervised institutions that intend to engage in, or that are currently engaged in, any activities involving or related to crypto-assets (also referred to as “digital assets”) promptly notify the appropriate FDIC Regional Director. We understand the Board has not yet selected a crypto-asset partner; however, on September 20, 2022, President XXXXX provided draft agreements involving the perceived leading candidate XXXXX in association with XXXXX XXXXX.

As stated in FIL-16-2022, the FDIC may request that institutions provide information necessary to allow the FDIC to assess the safety and soundness, consumer protection, and financial stability implications of such activities. In order to begin those assessments, please provide the information in the attached list by November 30, 2022. If the requested information has not yet been developed, include the status and timeline for developing each item in the response, as applicable. Once the FDIC has completed its review of the above-requested information, we will determine whether additional information is necessary to complete the review of the activity. When we have completed our review, the FDIC will provide the institution with relevant supervisory feedback, as appropriate.

This letter is confidential and may not be disclosed or made public in any manner under part 309 of the FDIC Rules and Regulations (12 CFR part 309).

If you have any questions, please contact Case Manager XXXXX at XXXXX or Review Examiner XXXXX at XXXXX. Written correspondence should be addressed to my attention at the Kansas City Regional Office, and sent as a PDF document through the FDIC’s Secure Email portal (securemail.fdic.gov) using the following e-mail address: XXXXX@FDIC.gov.

Sincerely,
James D. LaPierre
Regional Director

cc: XXXXX

Request List: Crypto-Asset Purchase and Sale Through Institution with Third Party

  1. Contracts, including any draft contracts that bank is reviewing/considering.
  2. Note: You do not need to provide draft contracts previously submitted in President XXXXX September 20, 2022, email, unless these documents have since been revised or finalized.
  3. Overview of the contracting process (e.g., who was/is involved in the review, analysis, negotiation, and structuring).
  4. Any contract analysis performed prior to execution.
  5. Description of the transaction flows and related controls.
  6. Detailed description of the settlement process for customer buy/sell transactions between the bank, crypto-asset custodian and crypto-asset trading platform, and any other related or third party, including trading/liquidity providers or technology service providers.
  7. The bank’s permissibility analysis and determination with respect to the activity.
  8. Bank’s analysis of Securities and Exchange Commission Staff Accounting Bulletin 121 and its applicability.
  9. Cost-benefit analysis for the activity, including costs associated with identifying, managing, and controlling risks (e.g., audit, policy, insurance, vendor management, legal counsel, etc.).
  10. Project plan for the activity.
  11. List of crypto-assets that will be available to buy/sell, due diligence and risk analysis for such crypto-assets, and policies and procedures that govern the selection process and criteria.
  12. Vendor management due diligence documentation and analysis related to third parties (e.g., XXXXX others) and XXXXX including audits, financials, insurance, complaints, etc.
  13. Detailed description of XXXXX role, including how the service will interface and integrate with XXXXX and bank systems, technology solutions, and data.
  14. Description of what happens to customers’ accounts or crypto-asset holdings if the bank does not continue or cancels offering the services provided by the selected crypto-asset provider, or if the third party cancels or fails to perform under the contract.
  15. Description of any fees that will be charged to customers related to the activity, and how they will be calculated. If XXXXX is selected as the crypto-asset provider, provide information on what the transaction size refers to in the draft XXXXX agreement when determining $/% fee amount. Also, describe if and how fees are split amongst the bank and any third parties involved in the activity.
  16. Description of any transaction limitations imposed by the crypto-asset partners (e.g., XXXXX et al.) or the bank on the amount of the crypto-asset a customer may purchase or sell (e.g., daily, weekly, monthly).
  17. Description of the methodology that determines the price customer pays to the crypto-asset provider for the crypto-asset. This includes providing an explanation of how the market price is determined and the process used to calculate the spread, including information on the amount of the spread.
  18. Customer agreements (other than previously provided unless since modified), disclosures, sample account statement, sample transaction receipt, and other terms and conditions related to the activities provided by or through the bank and by third parties (draft or proposed).
  19. Marketing materials, press releases, internal scripts, educational materials, and any other publicly distributed information related to the activity (draft or proposed) to be used by the bank or third parties. This includes screen shots/screen recordings of any online banking or mobile application user interfaces (including hidden text that must be clicked) that will be

REL0000042375

made visible to customers by, or through, the bank in connection with activity. Also, a live demonstration of the user interface of the online banking or mobile application customer experience may be requested during the review of this activity.

  1. Please describe the process the bank will use to allow XXXXX Support to provide phone, live chat, and email support to the bank’s participating customers, including the process in the draft contract that states, “XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXX.” Also, include any information related to controls, if any, the bank will use to monitor the support being provided to bank customers by XXXXX for this service.

  2. Any other due diligence materials.

  3. Describe how this crypto-asset activity fits into the bank’s strategic plan and objectives of the board and actions that would be taken should the activity fail to achieve the objectives.

  4. Implementation plan. Please include expected activity volumes, income projections used to determine whether the products are financially feasible, and any other analysis performed to support launching the products.

  5. Board and committee minutes reflecting discussion, analysis, approval, and any documentation provided on the activity.

  6. Risk assessment(s) related to the activity.

  7. Internal training materials related to the activity.

  8. Policies and procedures that will govern the crypto-related activity, including those related to consumer compliance and complaint resolution.

  9. If not outlined in policies and procedures, framework of assigned responsibilities and qualifications for those involved in day-to-day administration of crypto-related activity, including internal controls responsibilities. Description of oversight responsibilities (e.g., management, staff, committees (including members, frequency of meetings), and collectively, their approval authority)).

  10. Please describe the bank’s plans with respect to considering crypto-asset balances when applying for a retail mortgage or other loan product that is reflected in slide 1 of the XXXXX PowerPoint.

  11. Please describe if any disclosures will indicate that FDIC deposit insurance will be available to any XXXXX customers for United States dollar funds held by the bank for the benefit of such customers.