On August 8, the Federal Reserve Board (Fed) issued a press release providing additional information on its Novel Activities Supervision Program (Program) to monitor novel activities in the banks it oversees. Novel activities are defined to include: (1) technology-driven partnerships with non-banks to provide banking services to customers, and (2) activities involving crypto-assets and distributed ledger or “blockchain” technology. According to the Fed, “the Program will be risk-focused and complement existing supervisory processes, strengthening the oversight of novel activities conducted by supervised banking organizations.” The Fed will notify those banking organizations whose novel activities will be subject to examination in writing and will routinely monitor supervised banking organizations that are exploring novel activities.
In the concurrently issued SR-23-7: Creation of Novel Activities Supervision Program, the Fed stated the Program will focus on the following activities:
- Technology-driven partnerships with non-banks to provide banking services.
- This includes all manner of the growing number of customer-facing banking as a service (or BAAS) partnerships.
- For example, application programming interfaces (APIs) that provide automated access to the bank’s infrastructure.
- Crypto-asset related activities. For example, activities such as crypto-asset custody, crypto-collateralized lending, facilitating crypto-asset trading, and engaging in stablecoin/dollar token issuance or distribution.
- Projects that use distributed ledger technology (DLT) with the potential for significant impact on the financial system. For example, the exploration or use of DLT for various use cases such as issuance of dollar tokens and tokenization of securities or other assets.
- Concentrated provision of banking services to crypto-asset-related entities and fintechs.
- This includes providing normal deposit, lending and payments to firms concentrated within these industries.
- For example, banking organizations concentrated in providing traditional banking activities to crypto-asset-related entities or fintechs.
In the conclusion to its SR-23-7, the Fed stated it “will continue to build upon and enhance its technical expertise to better understand novel activities, the novel manifestations of risks of such activities, and appropriate controls to manage such risks … The Program will also operate in keeping with the principle that banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.”
Additionally, in the simultaneously issued SR-23-8: Supervisory Nonobjection Process for State Member Banks Seeking to Engage in Certain Activities Involving Dollar Tokens, the Fed clarified that a state member bank seeking to engage in dollar token activities, including for the purpose of testing, must notify its lead supervisory point of contact at the Fed of the bank’s intention to engage in the proposed activity and receive a written notification of supervisory nonobjection. To obtain a written nonobjection, a state member bank must demonstrate that it has established appropriate risk management practices for the proposed activities. The Fed states it will focus on the risks discussed in the preamble to the Joint Statement on Crypto-Asset Risks to Banking Organizations including, but not limited to:
- Operational risks. This includes those risks associated with the governance and oversight of the network, clarity of the roles, responsibilities, and liabilities of parties involved, and the transaction validation process.
- Cybersecurity risks. This includes risks associated with the network on which the dollar token is transacted, the use of smart contracts, and any use of open source code.
- Liquidity risks. This includes the risk that the dollar token could experience substantial redemptions in a short period of time that would trigger rapid outflows of deposits.
- Illicit finance risks. This includes risks relating to compliance with Bank Secrecy Act and Office of Foreign Asset Control requirements, such as requiring banking organizations to verify the identity of a customer, perform due diligence to understand the nature and purpose of the customer relationship, and perform ongoing monitoring to identify and report suspicious activity.
- Consumer compliance risks. This includes risks related to identifying and ensuring compliance with any consumer protection statutes and regulations that apply to the specific dollar token activity.
Even after receiving a written nonobjection, the Fed states that state member banks will continue to be subject to supervisory review and heightened monitoring of these activities.
As forecasted here, the Fed also reemphasized that uninsured and insured banks supervised by the Fed will be subject to the same limitations on novel banking activities. Thus, an uninsured Wyoming or other special purpose depository institution will be held to the same standards as an insured bank.