The Board of Governors of the Federal Reserve System (Federal Reserve) approved final guidelines (Guidelines) on August 15, 2022, to be used by Federal Reserve Banks (Reserve Banks) to evaluate requests to use accounts and payment services offered by the Federal Reserve (access requests).¹ The Guidelines establish six factors that Reserve Banks will use to analyze access requests, as well as a three-tiered review system with distinct levels of review for different types of financial institutions. Notably, the Guidelines provide a pathway for institutions with “novel” charters to access these accounts and services, including master accounts directly held at Reserve Banks (rather than through intermediary institutions). The adoption of the Guidelines coincides with a recent increase in account access requests from non-federally insured institutions, including cryptocurrency companies.

Relatedly, the next day, the Federal Reserve issued a supervisory letter entitled “Engagement in Crypto-Asset-Related Activities by Federal Reserve-Supervised Banking Organizations” (Letter),² applicable to all banks supervised by the Federal Reserve. The Letter provides a list of crypto-related risk factors for supervised banking organization (Supervised Banks) to consider, as well as various reporting requirements with which Supervised Banks should comply when participating in crypto-related activities.

The Guidelines

The Guidelines outline six factors a Reserve Bank will consider when reviewing access requests and a three-tiered review framework delineating the standard of review for various types of institutions. Critically, the Federal Reserve highlights that mere legal eligibility “does not bestow a right to obtain an account and services” and that Reserve Banks have discretion regarding individual access requests. The Federal Reserve states that the purpose of the Guidelines is to provide a transparent and consistent set of factors to facilitate consistency and equitable treatment across institutions.

Review Factors

The considerations provided by the Guidelines for Reserve Banks to keep in mind when assessing whether to grant an institution’s access request are set forth below. These factors, although not exclusive, provide a baseline for Reserve Banks to utilize in their review process. In the event that a Reserve Bank approves an access request, it may subsequently: place risk management controls; otherwise restrict; or close an account as necessary to mitigate risks (including the risks specifically delineated in the Guidelines). Non-federally insured institutions may require more stringent due diligence to determine compliance with the factors, and the Reserve Banks will actively monitor and re-evaluate risks posed by an institution as necessary:

• An institution must be eligible to maintain an account and receive Federal Reserve services;

• Granting an access request cannot create undue risk to the Reserve Bank;

• Granting an access request cannot create undue risk to the overall payment system;

• Granting an access request cannot create undue risk to the stability of the U.S. financial system;

• Granting an access request cannot create undue risk to the overall economy by facilitating activities such as money laundering, fraud, or various other types of illicit activity; and

• Granting an access request cannot adversely affect the Federal Reserve’s ability to implement monetary policy.

Tiers

The Guidelines create three distinct tiers into which institutions that submit access requests will be categorized; each tier is subject to varying levels of review.

Tier 1

This tier consists of eligible financial institutions that are federally insured. Because Tier 1 institutions already must comply with federal banking regulations, the review process will be “less intensive and more streamlined” than for other tiers, although Tier 1 institutions with a higher risk profile may receive “additional attention” during the review process.

Tier 2

This tier consists of eligible financial institutions that are not federally insured but are subject by statute to “prudential supervision” by a federal banking agency and:

• If chartered under federal law, must have a holding company subject by statute or commitments to Federal Reserve oversight; or

• If chartered under state law and has a holding company, that holding company must be subject by statute or commitments to Federal Reserve oversight.

The Guidelines note that: Reserve Banks have some information regarding, and supervisory authority over, Tier 2 institutions; and Tier 2 institutions are subject to regulations similar (though not identical) to those governing Tier 1 institutions. Accordingly, Tier 2 institutions will receive an “intermediate” level of review.

Tier 3

This tier consists of eligible financial institutions that, like Tier 2 institutions, are not federally-insured, but are not considered under Tier 2. The Guidelines clarify that Tier 3 includes non-federally insured institutions that:

• Have a charter under federal law but do not have a holding company subject to Federal Reserve oversight; or

• Have a charter under state law and are not subject by statute to prudential supervision by a federal banking agency, or have a holding company that is not subject to Federal Reserve oversight.

Tier 3 institutions may be evaluated under a “substantially different” framework than the framework applied to federally insured institutions and are subject to the “strictest” level of review. Tier 3 institutions likely would encompass cryptocurrency companies and other institutions with novel charters.

The Letter

The Letter focuses on: potential risks for Supervised Banks to consider before engaging in crypto-asset-related activities; the legal permissibility of such activities; and requirements for notification of proposed activities for Supervised Banks intending to engage in such activities.

Before engaging in any crypto-asset-related activities, all Supervised Banks are required to have in place “adequate systems, risk management, and controls” to conduct such activities in a “safe and sound manner and consistent with applicable laws” and to “identify, measure, monitor, and control” any possible risks associated with those activities on an ongoing basis.

Potential Risks

The Federal Reserve posits four types of risks posed to banks engaging in crypto-asset-related activities. The Federal Reserve notes concerns about:

• Technology and operations risks – cryptocurrencies may pose novel challenges for cybersecurity and governance due to the evolving nature of technology, especially when dealing with open, permissionless networks.

• Anti-money laundering and countering of financing of terrorism risks – cryptocurrency assets, particularly assets with limited transparency, may be used to facilitate money laundering and illicit financing.

• Consumer protection and legal compliance risks – cryptocurrencies may pose risks to consumers directly related to price volatility, misinformation, fraud, and theft or loss of assets.

• Financial stability risks – certain cryptocurrencies, including stablecoins, may disrupt existing financial systems by destabilizing runs and disruptions in payment systems.³

Supervised Banks also may face potential legal and consumer compliance risks (e.g., from consumer losses, operational failures, relationships with crypto-asset service providers, limited legal precedents).

Legal Permissibility

The Letter notes, as a preliminary matter, that a Supervised Bank is required to ensure that any new activities it contemplates are legally permissible. For crypto-asset-related activities, Supervised Banks must determine: whether the activities are legally permissible under relevant state and federal laws; and whether any filings are required under federal banking laws or regulations promulgated by such laws.

Notification of Proposed Activities

Supervised Banks must: notify their lead supervisory point of contact at the Federal Reserve prior to engaging in any crypto-asset-related activity; or when already engaged in crypto-asset-related activities, if the Supervised Bank had not previously provided notification. Additionally, a Supervised Bank should contact its lead supervisory point of contact at the Federal Reserve if it has any questions regarding the permissibility of any crypto-asset-related activities or about the applicability of any filing requirements.

The Letter also encourages Supervised Banks at the state-member level to notify their state regulator prior to engaging in any crypto-asset-related activity.

Discussion and Analysis

The Guidelines

While the Guidelines provide an outline by which Reserve Banks will evaluate future requests for account and service access, details about the review process largely are lacking. Instead, the Guidelines opt for a more general, case-by-case, approach that leaves the Reserve Banks with independence in selecting and applying factors at various levels of review. For example, the Guidelines do not: define what “intermediate” “strictest” or “less-intensive” levels of review mean; or note distinctions between each of these standards. Institutions that intend to submit an access request should review the six factors discussed above and should consider actions that might be taken to mitigate potential risks that could dissuade a Reserve Bank from granting such a request. Cryptocurrency companies and other institutions with novel charters should be aware that they will receive the strictest level of review, which may entail an intensive process to receive access from the Reserve Banks.

Further, institutions (including cryptocurrency companies) submitting access requests should note that the Guidelines do not require or ensure that a Reserve Bank will approve an access request. In fact, the Guidelines explicitly state that they are not intended to provide assurance that any specific institution will be granted an account and services.

Relatedly, the Guidelines are silent as to the timing of Reserve Bank decisions on access requests. Federal Reserve Governor Michelle Bowman expressed concerns that the Guidelines might be seen as providing an “accelerated timeline” for access request reviews, rather than a “first step” in providing a transparent process.⁴ Cryptocurrency companies should be aware that the Guidelines do not provide a deadline by which Reserve Banks must respond to requests and that the individual reviews of access requests might not be completed quickly. It is unclear whether future additions to the Guidelines or overall framework governing access requests will provide an easier pathway for cryptocurrency companies to receive this access.

The Letter

Supervised Banks that intend to engage in crypto-asset-related activities should maintain systems designed to address risks both to the bank itself and consumers. Further, Supervised Banks should be diligent in notifying contacts at the Federal Reserve regarding any activities that might be deemed to be “cryptocurrency-related activities” to avoid noncompliance with the Letter. The Letter also emphasizes the Federal Reserve’s desire for Supervised Banks to be proactive in reaching out with questions throughout the process of engaging in these activities.

Industry participants should note that while the Letter provides certain examples of conduct the Federal Reserve deems “crypto-asset-related activities”, it fails to provide a definition of the term or identify parameters beyond the examples listed. Accordingly, Supervised Banks may wish to ask for further guidance in specific instances if the nature of the activity and the applicability of the Letter’s requirements are in question.

Industry participants should remain aware of the ever-changing nature of the regulatory landscape with respect to cryptocurrency and digital asset oversight and anticipate: further clarifications to the Guidelines at a later date; and the possibility of additional future regulatory oversight from the Federal Reserve.

Footnotes
1) Guidelines for Evaluating Account and Services Requests, The Board of Governors of the Federal Reserve System (August 15, 2022). At times, this OnPoint tracks the Guidelines or the Letter (as later defined) without the use of quotation marks.

2) Engagement in Crypto-Asset-Related Activities by Federal Reserve-Supervised Banking Organizations, The Board of Governors of the Federal Reserve System, (August 16, 2022). The Letter uses the term “crypto-asset” to refer to “any digital asset implemented using cryptographic techniques.” In this OnPoint, the terms “crypto-asset” and “cryptocurrency” are used interchangeably

3) The Letter cites to a November 2021 report on stablecoins from the President’s Working Group. For further information, please refer to Dechert OnPoint, President’s Working Group on Financial Markets Issues Report on Stablecoins.

4) Statement on Guidelines to Evaluate Requests for Accounts and Services at Federal Reserve Banks by Governor Michelle W. Bowman.