Follow Up Inquiries on DLT Use and Vendor

FDIC
Federal Deposit Insurance Corporation
25 Jessie Street at Ecker Square, Suite 2300
San Francisco, California 94105

Division of Risk Management Supervision
Division of Depositor and Consumer Protection
San Francisco Regional Office
(415) 546-0160

November 21, 2022

XXXXX
Chief Financial Officer
XXXXX

Subject: FIL-16-2022 Notification of Engaging in Crypto-Related Activities-Blockchain Based Digital Records – Request for Additional Information

XXXXX

On August 10, 2022, you initially notified the FDIC of XXXXX engagement in blockchain-based digital records and the bank’s relationship with technology vendor XXXXX, and its recently wholly owned subsidiary XXXXX, in response to Financial Institution Letter 16-2022, Notification of Engaging Crypto-Related Activities. On August 30, 2022, as part of an ongoing August 22, 2022, Safety and Soundness examination, you replied via email to questions.

During the course of our ongoing review, we have determined that additional information is needed to understand the nature of the activity to allow the FDIC to determine what information may be needed to assess the safety and soundness, consumer protection, and financial stability implications of the activity. Please see the attached request list regarding the Bank’s activities, and provide a response addressing each of the items requested as well as supporting documentation by January 5, 2023.

This letter is confidential and may not be disclosed or made public in any manner under part 309 of the FDIC Rules and Regulations (12 CFR part 309). If you have questions, please contact Division of Risk Management Supervision Case Manager XXXXX at XXXXX or XXXXX for Division of Depositor and Consumer Protection Review Examiner XXXXX at XXXXX. Documents can be sent electronically as a PDF through the FDIC Secure Email portal at XXXXX@FDIC.gov. Information about how to use secure email and FAQs about the service can be found at https://www.fdic.gov/secureemail/.

Sincerely,

KATHY MOE
Kathy L. Moe
Regional Director

Enclosures

cc: [XXXXXXXX]

Attachment – Additional Information

  1. The bank’s notification letter states that the bank has purchased bonds through the XXXXX infrastructure.
    a. Were those transactions recorded, cleared, or settled on the Distributed Ledger Technology (DLT)/blockchain?
    b. If not, will future transactions be cleared, recorded, or settled on the DLT/blockchain?
    c. Please explain how/why the DLT/blockchain technology is used for these transactions.
    d. Was the blockchain/DLT native token utilized to complete these transactions or does the bank anticipate using it to complete future transactions?
    e. In order to participate in the XXXXX infrastructure, will the bank need to hold or utilize XXXXX native token? If so, what functions will the native token facilitate (e.g., gas fees)?
    f. Provide a comprehensive overview of the DLT solution and related components, such as broker, referral, website, and any others.
    g. Are smart contracts/chaincode utilized on the DLT to facilitate transactions? If so, explain what actions/transactions the smart contracts/chaincode govern. Provide the smart contract code and any assessments of that code.

  2. Please explain the node structure/consensus process of XXXXX.

  3. Does the bank serve as a node for XXXXX? If not, explain whether and how that limits the bank’s ability to view, transact, or otherwise interact on XXXXX.

  4. Does the bank serve any other role on the XXXXX blockchain?

  5. If responses to #2 and #3 are no, how does the bank initiate transactions (buy or sell) on the XXXXX infrastructure?

  6. The bank’s notification letter states that the bank utilizes a “parallel dual process.” The bank explained in an August 30, 2022 email that it maintains on-premises documentation on every XXXXX transaction identical to all other municipal transactions. Please explain in more detail what the parallel dual process entails, including, what documentation is on-premises, the digital process, and the dual processes for recordkeeping, clearing, and settling.

  7. Provide the projected volume of transactions using the XXXXX infrastructure for the remainder of 2022 and the next two years.

  8. Provide a comprehensive overview of the DLT solution and related components, such as broker, referral, website, and any others.

  9. Outline which aspects of the XXXXX technology and or DLT have previously or are currently being used by the bank and when, versus aspects that are under development/consideration and are planned to be used in the future. During the recent FDIC examination, the bank’s Chief Information Officer XXXXX stated that XXXXX was in the proof of concept stage and was not live; however, the bank’s notification to the FDIC stated that the bank has purchased eight municipal bonds through XXXXX. Please clarify the discrepancy between the information provided during the examination and in the bank’s notification.

  1. Provide all documentation provided to the board or committees related to the activity. Was
    board approval obtained? Was committee approval obtained and if so, which committee
    approved?
  2. What is the website purchased by the bank to support the XXXXX activity?
  3. What is the website’s purpose/function?
  4. Will the website be used by external users, such as consumers, customers, or non-customers?
  5. Who was the website purchased from? At what cost?
  6. Provide the risk assessment and due diligence related to each XXXXX and XXXXX
    product/service (including the DLT usage for securities/loan purchases/sales, broker services,
    website, and any other products/services).
  7. Provide all contracts/agreements with XXXXX or other related entities.
  8. XXXXX website reflects that a Non Fungible Token (NFT) has been minted for the
    bank.
    a. Does the bank maintain the private keys, and if so, how are those keys maintained for
    security purposes?
    b. Has the bank disposed of any NFTs? If so, please provide details on what was
    liquidated, when it was disposed, and the process explaining how it was disposed.
  9. Does XXXXX or any other product/service being offered or proposed to be offered
    include NFTs? If so:
    a. Are they minted for the bank?
    b. Does the bank maintain the private keys, and if so, how are those keys maintained for
    security purposes?