Bank's Bitcoin Services Proposal Review

Board of Directors

XXXXX XXXXX XXXXX

Subject: Bitcoin Activity

Dear Members of the Board:

By letter dated May 10, 2022, XXXXX XXXXX, President and CEO of XXXXX (Bank) advised the FDIC of the Bank’s intent to offer customers the ability to buy, sell, and hold bitcoin through the Bank’s digital and mobile banking platform in conjunction with XXXXX XXXXX, in response to Financial Institution Letter (FIL)-16-2022, Notification of Engaging in Crypto-Related Activities. The Bank’s letter also stated plans to offer a debit card with cash rewards that XXXXX pays in the form of bitcoin. Furthermore, in the letter, XXXXX advised that it had extended credit in November 2021 to XXXXX XXXXX in the amount of $XXXXX.

Consistent with the procedures outlined in FIL-16-2022 and as stated in our letter to you on August 8, 2022, the FDIC is making an information request to allow the FDIC to assess the safety and soundness, consumer protection, and financial stability implications of such activities. Please see the attached request lists regarding the Bank’s crypto-related activities, and provide a response addressing each item on the request lists by Friday, January 6, 2023. If the requested information has not yet been developed, include the status and timeline for developing each item in the response, as applicable. Once the FDIC has completed its review of the above-requested information, we will determine whether additional information is necessary to complete the review of the activity. When we have completed our review, the FDIC will provide the institution with relevant supervisory feedback, as appropriate.

This letter is confidential and may not be disclosed or made public in any manner under part 309 of the FDIC Rules and Regulations (12 CFR part 309). If you have any questions, please contact Assistant Regional Director Michele Sharp or Case Manager XXXXX XXXXX at XXXXX XXXXX. Written correspondence should be addressed to my attention at the Kansas City Regional Office, and sent as a PDF document through the FDIC's Secure Email portal (https://securemail.fdic.gov/) using the following e-mail address: XXXXX@FDIC.gov. Information about how to use secure email and FAQs about the service can be found at https://www.fdic.gov/secureemail/.

Sincerely,
James D. LaPierre
Regional Director

Attachments (2)

cc: XXXXXXXX

Request List: Crypto-Asset Collateralized Commercial Lending

  1. Loan and security agreements.
  2. Risk assessment related to crypto lending.
  3. Loan policy, procedures, underwriting standards and customer eligibility criteria related to crypto lending, and a description of the bank’s expertise in crypto lending.
  4. Board and loan committee minutes reflecting approval, discussion, analysis, and any documentation provided to the board/loan committee (beyond the documentation provided to the FDIC on 6/3/22).
  5. For each credit: origination balance; balance as of 9/30/22; margin call history (when margin calls were made and met, and amounts), capital risk weighting treatment, loan loss reserve associated with such loans, note and security agreements.
  6. Borrower and guarantor financials and associated analyses (beyond the documentation provided to the FDIC on 6/3/22).
  7. Legal analysis and determination related to the permissibility of proposed activity, including crypto asset ownership and perfection of the bank’s security interest, and any accompanying opinion of counsel.
  8. Description of the collateral maintenance monitoring function and reporting on collateral maintenance monitoring.
  9. If collateral involved is re-hypothecated collateral tendered by the borrower’s clients, documentation of borrower’s authority to re-hypothecate (such as from the borrower’s underlying financing arrangements) and analysis of the adequacy and enforceability of the borrower’s documentation.
  10. For any collateral custodians and entities that provide collateral maintenance functions: a. Contracts or agreements b. Risk assessment and due diligence c. Bankruptcy implications analysis performed by the bank d. Ongoing monitoring.
  11. Detailed description of the information technology arrangement or infrastructure utilized for the collateral maintenance functions, including all data flows, interfaces with the bank’s core systems, and new IT development and costs to implement/facilitate.
  12. Independent credit review documentation.

Request List: XXXXX and XXXXX

  1. Overview of contracting process, including who was involved in the review. Please include contracts, including drafts, and any contract analysis performed prior to execution.
  2. Policies and procedures that will govern each of the crypto-related activities, including those related to consumer compliance and complaint resolution. If not outlined in policies and procedures, include a description of day-to-day oversight responsibilities and qualifications.
  3. Strategic plan, if updated since the Digital Banking Strategy dated September 2021, and related documents, including risk assessment and cost-benefit analysis, along with the implementation plan. For each activity, please include expected activity volumes, income projections used to determine whether the products are financially feasible, and any other analysis performed to support launching the products.
  4. The bank’s permissibility analysis and determination with respect to each activity.
  5. Board and committee minutes reflecting discussion, analysis, approval, and any documentation provided on the activities.
  6. Vendor management due diligence documentation and analysis related to XXXXX, including audits, financials, insurance, complaints, etc.
  7. Description of the transaction flows and related controls for the XXXXX Platform. Description of the controls for the settlement process between the bank and XXXXX and any transaction limitations imposed by XXXXX or the bank on the amount of bitcoin a customer may purchase or sell.
  8. Description of fees charged to customers, how fees are calculated, and how they are split between the bank and any third-parties involved in the activity.
  9. Description of the methodology that determines the price customer pays to XXXXX for bitcoin through the XXXXX Platform. Also, describe the methodology used to price the bitcoin awarded to customers through the XXXXX Program.
  10. Provide transaction volumes to date that include: 1) number of active accounts using this service through the bank, 2) total number and dollar volume of buy transactions completed, and 3) total number and dollar volume of sell transactions completed.
  11. Description of transaction monitoring processes in place to identify and report suspicious activity associated with customer transactions between the bank and XXXXX.
  12. Timeline for implementing XXXXX program.
  13. Provide any customer agreements, disclosures, sample account statements, sample transaction receipts, and other terms and conditions obtained or developed thus far in your due diligence process for these programs.
  14. Details on operational aspects of the XXXXX Program, including, but not limited to: 1) the types of credit and debit cards that can be enrolled in the program, 2) the process of converting rewards or USD to bitcoin; 3) when and how transaction receipts are provided for purchase transactions, 4) if and how customers can turn the features on or off for any given period.
  15. Marketing materials, press releases, internal scripts, educational materials, and any other publicly-distributed information related to the XXXXX Platform and the XXXXX Program (draft or proposed). In addition to those provided to the FDIC on 6/3/22, screen shots/screen recordings of all user interfaces (including hidden text that must be clicked) that will be made visible to customers by, or through, the bank in connection with the XXXXX Platform and the XXXXX Program (including enrollment screens).