Crypto Compliance Document Request

From: XXXXX
To: FDIC Chicago Regional Office XXXXX
Subject: FW: Please RADD
Date: Thursday, December 1, 2022 9:26:21 AM

---

PDF Email Only

Business Line: RMS
Bank Name: XXXXX
City, State: XXXXX
Folder: Correspondence
Source: RO
Doc Name: Miscellaneous
Description: Third Party Crypto Asset Activity - 2nd Request to bank

---

From: XXXXX
Sent: Wednesday, November 30, 2022 12:09 PM
To: Richardson, Amy XXXXX@FDIC.gov; Bush, Debbie J. XXXXX@FDIC.gov; XXXXX
XXXXX; Muraywid, Sumaya A. XXXXX@FDIC.gov; Marks, Alicia R. XXXXX@FDIC.gov; XXXXX
Cc: XXXXX
Subject: FW: Additional requests - crypto-asset activity

I will RADD this email.

---

From: XXXXX
Sent: Wednesday, November 30, 2022 12:04 PM
To: XXXXX
XXXXX
Subject: Additional requests - crypto-asset activity

Hi XXXXX,

Thank you for giving us the live demo on the XXXXX platform yesterday. It was very helpful. As mentioned yesterday, the below items are requested in order to comprehensively evaluate the platform. Some items were not provided (ex: #8), and some require additional details. If you could please provide documents back to us by December 14th, we would be most appreciative. Please use the EFX session and number the documents as indicated below. After we evaluate these documents, we will let you know what our next steps are.

Thank you!

Crypto-Asset Activity – Follow-up Request List (numbers correspond to initial Request List)

---

1. Any consumer compliance risk assessment that was conducted to evaluate the activity. Please confirm whether the Risk Assessment Table provided to examiners on 10/14 was a document prepared by XXXXX

2. Bank’s legal analysis of the permissibility of the services under Part 362 of the FDIC’s Rules and Regulations, and under the XXXXX banking regulations.

3. Documentation showing whether the bank has confirmed their conclusion regarding SAB 121 with their external auditor.

4. Bank’s due diligence documentation and analysis for XXXXX and XXXXX

5. Signed agreements for the following: XXXXX Agreement; XXXXX Contract Amendment; XXXXX Agreement.

6. Bank resolution of attorney concerns regarding the contract language and insurance coverage.

7. Vendor Management Policy and other similar policies that would apply to this activity.

8. List of digital team members. Provide examples of daily monitoring reports. Provide more clarity on crypto responsibilities for COO and Retail Manager. Description of the internal controls related to the activity, including access controls.

9. A transaction flow showing data flow from all parties and apps involved, including the bank; XXXXX

10. Plans for ongoing monitoring and audit of crypto-related products and services offered by the Bank.

XXXXX
Case Manager
Division of Risk Management Supervision
Federal Deposit Insurance Corporation
Chicago Regional Office
XXXXX
XXXXX