Concerns on Bank's Stablecoin Reserves

FDIC
Federal Deposit Insurance Corporation
350 Fifth Avenue, Suite 1200
New York, New York 10118

July 23, 2024

Board of Directors
XXXXX
XXXXX

Subject: Notification of Engagement in Crypto-Related Activities

Dear Board Members:

We are writing to provide supervisory feedback in response to the notification provided by XXXXX (Bank) on March 21, 2023, regarding the Bank’s intent to maintain stablecoin reserves. The notification was provided pursuant to FDIC Financial Institution Letter (FIL) 16-2022, Notification of Engaging in Crypto-Related Activities. FIL 16-2022 requested that an FDIC-supervised institution that engages, or intends to engage, in any crypto-related activities notify the FDIC and provide any information requested by the FDIC to allow the agency to assess the safety and soundness, consumer protection, and financial stability implications of such activities.

We acknowledged receipt of the notification letter on May 5, 2023, and requested additional information, which was provided by the Bank on May 31, 2023. We further stated that the Bank should not proceed with any crypto-asset activity until such time that the FDIC has determined the Bank’s ability to implement the activity in a safe and sound manner. We had previously responded, on June 22, 2022, to the Bank’s May 20, 2022 notification of its intent to engage in activities involving digital assets, such as crypto custody, lending, and buy/sell program. The FDIC’s June 22, 2022 letter also informed the Bank that the FDIC had a number of questions and asked the Bank to address those questions in advance of implementation of the proposed activities, in order for the FDIC to assess the safety and soundness of the proposed activities and compliance with laws and regulations.

In the March 2023 letter, the Bank proposes to provide an account for the purpose of holding US dollar deposits placed by XXXXX corresponding to XXXXX’s issuance of XXXXX known as a crypto-asset. The deposits are represented by XXXXX as reserves backing XXXXX and XXXXX’s redemption commitments to end-customers and holders of XXXXX. The Bank’s Board of Directors has approved plans to hold up to XXXXX reserve funds initially kept overnight at the Federal Reserve. However, as market conditions evolve, the Bank stated that it may revise its cash and treasury management strategy. The Bank stated that it will not custody, transfer, or otherwise facilitate the movement of crypto-assets.

The Bank prepared a XXXXX Stablecoin Reserve Activity Risk Assessment (Risk Assessment) to evaluate and document the risks associated with the proposed crypto-related activity. The Risk Assessment assigned an overall residual risk rating of “low” based on the Bank’s ability to manage XXXXX.

---

XXXXX
July 23, 2024

the liquidity risk of the proposed activity. However, the Risk Assessment does not adequately address the potential liquidity impacts of changes in end-user customer activity and crypto-asset sector volatility. In addition, the Risk Assessment does not identify any controls that have been established to prevent XXXXX reserve funds from being used in the Bank’s business operations.

The Risk Assessment also concluded that the Bank’s review of XXXXX’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program served to mitigate compliance risk associated with the proposed activity. However, in January 2024, the Bank took action to exit its wire transfer and ACH relationship with XXXXX due to excessive money laundering risk and concerns about XXXXX customer due diligence controls. In addition, the Risk Assessment does not address consumer compliance risks. The 2021 Consumer Compliance Report of Examination issued on September 14, 2022, describes how the Board and management oversight and compliance program components of the Bank’s compliance management system (CMS) are weak. These weaknesses are reflective of a CMS that is seriously deficient at managing consumer compliance risk. As such, we are unable to conclude that the Bank has properly identified, measured, monitored, and controlled the compliance risks associated with the proposed crypto-related activity.

Collectively, the weaknesses related to liquidity and compliance risk management preclude the FDIC from concluding that the Bank has the ability to conduct the proposed crypto-related activity in a safe, sound, and compliant manner at this time.

This letter is confidential and may not be disclosed or made public in any manner under Part 309 of the FDIC Rules and Regulations (12 C.F.R. 309). If you have any questions, please contact Assistant Regional Director Ashley M. Amicangioli at XXXXX

Sincerely,
John F. Vogel
Regional Director