Similar to what the OCC issued in December 2021, in August 2022, the Federal Reserve Board (FRB) issued a Supervisory Letter outlining the steps FRB member banks should take prior to engaging in crypto-asset-related activities, such as assessing whether such activities are legally permissible and determining whether any regulatory filings are required. Additionally, the Supervisory Letter states that Board-supervised banking organizations should notify the Board prior to engaging in crypto-asset-related activities.
Concerned that crypto-asset-related activities pose risks related to safety and soundness, consumer protection, and financial stability, the Supervisory Letter also emphasized that FRB member banks and affiliates must have adequate systems and controls in place to conduct crypto-asset-related activities.
Risks Highlighted by the Fed in the Supervisory Letter Include:
- Money laundering – The letter emphasizes that crypto-related financing poses heightened risks associated with the governance of the underlying network as well as cybersecurity.
- Consumer protection – Concern for the consumer was emphasized throughout the letter as the FRB highlighted risks to the public due to price volatility, misinformation, fraud, as well as the outright loss or even theft of assets.
- Legal status – There is some question regarding the legal status of many crypto-assets – is it a security, is it fungible, is it a derivative – as well as the very limited legal precedent regarding how crypto-assets would be treated in varying contexts, including, for example, in bankruptcy court.
- Financial stability – Certain types of crypto-assets, such as stablecoins, if adopted at large scale, could also pose risks to financial stability, potentially through destabilizing runs and disruptions in the payment systems. Perficient covered a well-researched Fed paper on this topic here – NY Federal Reserve Evaluates Stablecoin Frameworks – Perficient Blogs
To counteract and minimize such risks, the Fed’s Supervisory Letter required that prior to engaging in any crypto-asset-related activity, a supervised banking organization must first ensure such activity is legally permissible and determine whether any filings are required under applicable federal or state laws. The letter highlighted mandatory compliance with the following federal regulations:
- The Bank Holding Company Act
- The Home Owners’ Loan Act
- The Federal Reserve Act
- The Federal Deposit Insurance Act
Notification of Proposed Activities
Once legality is determined and the proper filings are completed, financial institutions must then notify in writing the firm’s lead supervisory point of contact at the Federal Reserve.. The letter promises that Federal Reserve supervisory staff will provide relevant supervisory feedback in an unspecified timely manner.
Additionally, the Federal Reserve’s Supervisory Letter also encourages financial institution executives to notify their state regulators prior to engaging in any crypto-asset-related activities.
Engaging in Crypto-Asset-Related Activities: A Federal Reserve Checklist
The Federal Reserve will require a firm, prior to engaging in crypto-asset-related activities, to have in place adequate systems, risk management, and controls so the new activities are practiced in a safe and sound manner that is compliant with applicable consumer protection statutes and regulations. This includes having adequate systems in place to identify, measure, monitor, and control the risks associated with such activities on an ongoing basis. These systems, risk management, and controls must cover:
- Operational risk, including:
- the risks of new, evolving technologies,
- the risk of hacking,
- the risk of third-party relationships)
- Financial risk
- Legal risk
- Compliance risk (including, but not limited to, compliance with
- The Bank Secrecy Act (“BSA”),
- Anti-money laundering requirements,
- Sanctions requirements