On April 7, 2022, the US Federal Deposit Insurance Corporation (FDIC) issued a Financial Institution Letter (“FIL”) requiring that all FDIC-supervised institutions that intend to engage in, or that are engaged in, any activities involving or related to crypto assets notify the FDIC. Because the overwhelming majority of U.S. banks are insured by the FDIC, the FIL means that nearly all banks must now disclose their crypto activities to the FDIC.
The definition of crypto asset is broad and the non-exhaustive list of examples includes: (i) acting as crypto-asset custodians; (ii) maintaining stablecoin reserves; (iii) issuing crypto and other digital assets; (iv) acting as market makers or exchange or redemption agents; and, (v) participating in blockchain- and distributed ledger-based settlement or payment systems.
The Risk considerations the regulator mentions are the ones we are used to hearing from the U.S. government:
Safety and Soundness
Crypto-related activities present new, heightened, or unique credit, liquidity, market, pricing, and operational risks that could present safety and soundness concerns. For example, there are fundamental ownership issues, including whether it is possible for ownership to be clearly validated and confirmed. Further, there are significant anti-money laundering/countering the financing of terrorism implications and concerns related to crypto assets, including reported instances of crypto assets being used for illicit activities. Relatedly, there are implications to information technology (IT) and information security, including IT risk exposure and whether sufficient frameworks are available, in relation to the level of risk, to maintain the confidentiality, integrity, and availability of information systems.
Financial Stability
The FDIC is concerned that certain crypto assets or crypto-related activities may pose systemic risks to the financial system. Systemic risks could be created as an unintended consequence resulting from the structure of a crypto asset or through the interconnected nature of certain crypto-related activities. For example, a disruption in crypto-asset transactions or crypto-related activities could result in a “run” on financial assets backing a crypto asset or crypto-related activity. Like other runs, this could create a self-reinforcing cycle of redemptions and fire sales of financial assets, which, in turn, could disrupt critical funding markets. Further, operational failures related to crypto assets or crypto-related activities could have a destabilizing effect on the insured depository institutions engaging in such activities.
Consumer Protection
The FDIC is concerned about risks to consumers related to crypto-related activities. For example, the FDIC is concerned about the risk of consumer confusion regarding crypto assets offered by, through, or in connection with insured depository institutions, as consumers may not understand the role of the bank or the speculative nature of certain crypto assets as compared to traditional banking products, such as deposit accounts. In addition, insured depository institutions face risks in effectively managing the application of consumer protection requirements, including laws related to unfair or deceptive acts or practices, to new and changing crypto-related activities.
The FIL requires that the institution notify the FDIC prior to engaging in “crypto-related activity.” Institutions currently engaged in such activity must promptly notify the FDIC. The requested information is that which is necessary to allow the agency to assess the safety and soundness, consumer protection, and financial stability implications of the crypto-related activity. That could vary on a case-by-case basis but the “initial notification . . . should describe the activity in detail and provide the institution’s proposed timeline for engaging in the activity.”
The FIL provides that, in response, the FDIC will review the relevant information, might request additional information, will consider the risk factors mentioned above and “provide relevant supervisory feedback to the institution, as appropriate, in a timely manner.”
Noticeably, there is no specific timetable for a response from the FDIC. And, the FIL does not specifically require prior approval or a no-objection requirement for the institution to engage in the crypto-related activity. As a practical matter, however, the effect might be the same.
