Bank's Crypto Plans Suspended

FDIC
Federal Deposit Insurance Corporation
Division of Risk Management Supervision
350 Fifth Avenue, Suite 1200, New York, NY 10118

May 18, 2023

Board of Directors
XXXXX

Subject: Crypto-Assets Visitation

Dear Board Members:

This letter summarizes the findings of the July 11, 2022 Crypto-Assets Visitation (Visitation). The Visitation was conducted jointly by the FDIC Divisions of Risk Management Supervision (RMS) and Depositor and Consumer Protection (DCP), and the XXXXX. The objective of the Visitation was to conduct a pre-implementation review of XXXXX planned crypto-asset related initiatives to assess the safety and soundness, consumer protection, and financial stability implications of such activities.

In accordance with FDIC Financial Institution Letter (FIL) 16-2022, Notification of Engaging in Crypto-Related Activities, issued on April 7, 2022, XXXXX formally notified the FDIC and XXXXX of its intent to lend fiat currency collateralized by crypto-assets, offer crypto-asset custodial services, and facilitate customer access to a crypto-asset buy, sell, and trade program in May 2022. However, the ensuing crypto-asset market volatility prompted management to postpone the crypto-asset secured lending pilot program and focus solely on a crypto-asset custody, buy, sell XXXXX initiative. As a result, the Visitation scope was limited to a review of the proposed crypto-asset XXXXX program.

To assess the risks associated with the planned crypto-asset XXXXX activity, examiners reviewed the strategic plan, risk assessments, project plans, third party due diligence memoranda, policies and procedures, consumer disclosures and marketing materials, and Board presentations. Examiners also reviewed staffing and resources, Enterprise Risk Management oversight, and audit coverage of the proposed activities. All of these areas were reviewed from multiple perspectives, including financial, Anti-Money Laundering/Countering the Financing of Terrorism, Information Technology, and consumer compliance.

1 In presentations to the FDIC New York Regional Office and XXXXX in 2021 and early 2022, XXXXX had also discussed other potential crypto-asset related activities, including permitting XXXXX accountholders to trade and stake cryptocurrencies, expanding merchant acquiring services to accept certain cryptocurrencies, and offering a XXXXX issued stablecoin. However, XXXXX management subsequently paused these initiatives and did not include them in their May 2022 notification.

---

Board of Directors
XXXXX
-2-

The findings of the Visitation indicate that risk management processes and controls for the crypto-asset XXXXX program have not been fully developed, implemented, or internally tested. Many of the documents provided by management during the Visitation were incomplete and had not been fully vetted by key stakeholders. Other key items, particularly publicly facing documents, including consumer disclosures and the XXXXX customer interface, have not been developed. In addition, the May 3, 2021 FDIC Compliance Examination and the October 12, 2021 Joint Safety and Soundness Examination determined that risk management practices need improvement in several areas, the remediation of which will require the dedication of significant resources to existing business activities and operations. For these reasons, we are unable to conclude that XXXXX has the ability to conduct the proposed crypto-asset XXXXX program in a safe, sound, and compliant manner.

Subsequent to the Visitation, on October 7, 2022, XXXXX emailed the FDIC and XXXXX to confirm that it had suspended the crypto-asset XXXXX initiative, and examiners have confirmed that crypto-asset activities are not contemplated in the 2023-2025 Strategic Plan. However, on March 21, 2023, XXXXX provided notification of its intent to provide a bank account to XXXXX for the purpose of holding deposit reserves corresponding to XXXXX's issuance of a stablecoin. As noted in the May 5, 2023 FDIC Information Request related to this proposed activity, XXXXX should not proceed with any crypto-asset activity until such time that the FDIC and XXXXX have determined XXXXX's ability to implement the activity in a safe and sound manner.

This letter is confidential and intended only for the bank’s internal use. The disclosure of such confidential supervisory information is governed by Part 309 of the FDIC Rules and Regulations and XXXXX. Should you have any questions or concerns regarding the content of this letter, please contact FDIC RMS Senior Case Manager XXXXX at XXXXX, FDIC DCP Senior Review Examiner XXXXX at XXXXX, or XXXXX Chief Examiner XXXXX at XXXXX, XXXXX.

Sincerely,

XXXXX
Frank R. Hughes
Regional Director
Federal Deposit Insurance Corporation

cc: Federal Reserve Bank of New York