Skip to content

Bank's Crypto Services Notification

Board of Directors XXXXX

Subject: Third-Party Crypto-Asset Activity

Dear Members of the Board:

On November 28, 2022, we received XXXXX (the Bank) notification of the Bank’s intent to offer customers the ability to buy, sell, and hold cryptocurrency through the Bank’s mobile banking platform in conjunction with XXXXX in response to Financial Institution Letter (FIL), FIL-16-2022, Notification of Engaging in Crypto-Related Activities. FIL-16-2022 requested that all FDIC-supervised institutions that intend to engage in, or that are currently engaged in, any activities involving or related to crypto-assets (also referred to as “digital assets”) promptly notify the appropriate FDIC Regional Director.

As stated in FIL-16-2022, the FDIC may request that institutions provide information necessary to allow the FDIC to assess the safety and soundness, consumer protection, and financial stability implications of such activities. In order to begin those assessments, please provide the information in the attached list by February 24, 2023. If the requested information has not yet been developed, include the status and timeline for developing each item in the response, as applicable. Once the FDIC has completed its review of the above-requested information, we will determine whether additional information is necessary to complete the review of the activity. When we have completed our review, the FDIC will provide the institution with relevant supervisory feedback, as appropriate.

This letter is confidential and may not be disclosed or made public in any manner under part 309 of the FDIC Rules and Regulations (12 CFR part 309). If you have any questions, please contact Case Manager XXXXX or Review Examiner XXXXX. Written correspondence should be addressed to my attention at the New York Regional Office, and sent as a PDF document through the FDIC’s Secure Email portal (securemail.fdic.gov) using the following e-mail address: XXXXX@FDIC.gov.

Sincerely,

Frank R. Hughes
Regional Director

cc: XXXXX

Request List: Facilitation of Customer Purchase and Sale of Crypto-Assets Through Institution with Third Party

  1. Contracts (including any draft contracts that bank is reviewing/considering).
  2. Overview of the contracting process (e.g., who is/was involved in the review, analysis, and structuring).
  3. Any contract analysis performed prior to execution.
  4. Description of the transaction flows and related controls.
  5. Detailed description of the settlement process for customer buy/sell transactions between the bank, XXXXX, and any other related parties.
  6. The bank’s independent permissibility analysis and determination with respect to the activity.
  7. Bank’s analysis of Securities and Exchange Commission Staff Accounting Bulletin 121 and its applicability.
  8. Cost-benefit analysis for the activity.
  9. Project plan for the activity.
  10. Vendor management due diligence documentation and analysis related to both XXXXX and XXXXX, including audits, financials, insurance, complaints, compliance with U.S. AML and sanctions requirements, etc.
  11. Description of what happens to customers’ accounts or holdings Bitcoin, Ether, or other crypto-asset if the bank does not continue or cancels offering the services provided by XXXXX or if the third party cancels or fails to perform under the contract.
  12. Description of any fees that will be charged to customers related to the activity, and how they will be calculated. Also, describe if and how fees are split among the bank and any third parties involved in the activity.
  13. Description of any transaction limitations imposed by XXXXX for the bank on the amount Bitcoin, Ether, or other crypto-asset a customer may purchase or sell (e.g. daily, weekly, monthly).
  14. Description of transaction monitoring processes in place to identify and report suspicious activity associated with customer transactions between the bank and XXXXX.
  15. Description of the methodology that determines the price customer pays to XXXXX for Bitcoin, Ether, or other crypto-asset. This includes providing an explanation of how any market price is determined and how the spread, if any, is calculated.
  16. Customer agreements, disclosures, sample account statement, sample transaction receipt, and other terms and conditions related to the activities provided by or through the bank and by third parties (draft or proposed).
  17. Marketing materials, press releases, internal scripts, educational materials, and any other publicly-distributed information related to the activity (draft or proposed). This includes screen shots/screen recordings of any online banking or mobile application user interfaces (including hidden text that must be clicked) that will be made visible to customers by, or through, the bank in connection with activity. Also, a live demonstration of the user interface of the online banking or mobile application customer experience may be requested during the review of this activity.
  18. Any other due diligence materials.
  19. Describe how this crypto-asset activity fits into the bank’s strategic plan and objectives of the board and actions that would be taken should the activity fail to achieve the objectives.

  1. Implementation plan. Please include expected activity volumes, income projections used to determine whether the products are financially feasible, and any other analysis performed to support launching the products.

  2. Board and committee minutes reflecting discussion, analysis, approval, and any documentation provided on the activity.

  3. Risk assessment(s) related to the activity.

  4. Internal training materials related to the activity.

  5. Policies and procedures that will govern the crypto-related activity, including those related to consumer compliance and complaint resolution.

  6. If not outlined in policies and procedures, framework of assigned responsibilities and qualifications for those involved in day-to-day administration of crypto-related activity, including internal controls responsibilities. Description of oversight responsibilities (e.g. management, staff, committees (including members, frequency of meetings), and collectively, their approval authority).

  7. If program is Live/Beta Testing, provide transaction volumes that include: 1) number of active accounts using this service through bank, 2) total number and dollar volume of buy transactions completed (since implementation), and 3) total number and dollar volume of sell transactions completed (since implementation).