A new program addresses innovative banking activities such as bank-fintech partnerships and digital assets while reinforcing guardrails around stablecoin activity.

On August 8, 2023, the Board of Governors of the Federal Reserve System (FRB) issued guidance to the banking organizations that it oversees regarding its supervision of novel activities. The guidance also provides information on the process that state banks can follow to engage in certain stablecoin activities.

Novel Activities Supervision Program

In SR 23-7 (Creation of Novel Activities Supervision Program), issued by its Division of Supervision and Regulation, the FRB described a new program that will be integrated with its existing supervisory portfolios, processes, and teams. The program seeks to improve the FRB’s ability to monitor and examine novel activities, including:

• complex, technology-driven partnerships with non-banks to provide banking services to customers (i.e., bank-fintech partnerships^[1]); and
• activities that involve digital assets and distributed ledger or blockchain technology, including:
  • digital asset custody
  • digital asset collateralized lending
  • facilitating digital asset trading
  • engaging in stablecoin or dollar token issuance or distribution
  • tokenization of securities
  • provision of banking services to digital asset-related entities and fintechs

The program will apply to all banks that the FRB supervises, including those with $10 billion or fewer in consolidated assets. It will be informed by a multidisciplinary group of leaders from across the FRB (as well as by engagement with external experts from academia and the banking, finance, and technology industries) “to better understand novel activities, the novel manifestations of risks of such activities, and appropriate controls to manage such risks.”

The program will be risk-based, with supervision commensurate with the types of activity under consideration and the level of the supervised banking organization’s engagement in that activity. The FRB also intends to monitor supervised banking organizations that are merely exploring such novel activities.

The FRB stated that it will notify all supervised banking organizations that will be subject to examination through the new program.

Nonobjection Process for Stablecoin Activities

In SR 23-8 / CA 23-5 (Supervisory Nonobjection Process for State Member Banks Seeking to Engage in Certain Activities Involving Dollar Tokens), issued by the Division of Supervision and Regulation and the Division of Consumer and Community Affairs, the FRB outlines a new process for state member banks to issue, hold, or transact in payment stablecoins.

The process builds on previous issuances from the FRB, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC), including:

• The FRB’s January 3, 2023 joint statement with the OCC and FDIC, addressing the various risks that the agencies view as being associated with cryptoassets and cryptoasset sector participants, and related risk management directives (for more information, see this Latham blog post).
• The FRB’s January 27, 2023 policy statement that it would presumptively exercise its authority under Section 9(13) of the Federal Reserve Act to limit state member banks to engaging as principal in only those activities that are permissible for national banks — in each case, subject to the terms, conditions, and limitations placed on national banks with respect to the activity — unless those activities are otherwise permissible for state banks under federal law (for more information, see this Latham blog post).
• The FRB’s February 23, 2023 joint statement with the OCC and FDIC highlighting key liquidity risks associated with digital assets and digital asset sector participants, and related risk management reminders.
• The OCC’s January 4, 2021 Interpretive Letter 1174, affirming national banks’ and federal savings associations’ authority to participate in independent node verification networks and use stablecoins to conduct payment activities and other bank-permissible functions. The OCC letter reminded participating banks to conduct any such activities consistent with sound risk management practices and to remain vigilant against fraud and operational, compliance, and other potential risks.
• The OCC’s November 18, 2021 Interpretive Letter 1179, which clarified that the activities addressed in previous OCC interpretive letters (covering bank crypto custody, bank stablecoin reserve holding, and banks acting as a node on a distributed leger) are legally permissible, provided the bank can demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner.

A state member bank must notify its lead supervisory point of contact at the FRB of the bank’s intention to engage in the proposed activity and should include a description of the proposed activity. FRB staff may follow up with the bank to seek additional information to better understand the proposal and the control framework that the state member bank has implemented.

A state member bank must also demonstrate that it has appropriate risk management practices, including adequate systems to identify, measure, monitor, and control the risks of stablecoin activity. The FRB will assess banks pursuing stablecoin activity for their ability to properly manage stablecoin risks, including:

• Operational risks: network governance and oversight; clarity of the roles, responsibilities, and liabilities of parties involved; and the transaction validation and settlement process
• Cybersecurity risks: network security; the use of smart contracts; and use of open source code
• Liquidity risks: substantial redemptions in a short period of time, leading to a run on the bank
• Illicit finance risks: anti-money laundering / know your client (AML/KYC) concerns, including customer verification and due diligence, and ongoing monitoring to identify and report suspicious activity
• Consumer Compliance risks: applicable consumer protection statutes and regulations

Before engaging in the proposed stablecoin activities, the state member bank must obtain a written notification of supervisory nonobjection from the FRB. A state member bank engaged in stablecoin activity as of the date of SR 23-8 may, however, continue to do so (provided it notifies its lead supervisory point of contact at the FRB of such activity by September 7, 2023), while the FRB considers whether to issue a supervisory nonobjection. Importantly, a supervisory nonobjection will not curtail standard supervisory review, and indeed state member banks should expect ongoing heightened monitoring of stablecoin-related activities.

Implications for Fintechs

The categorization of bank-fintech partnerships as a “novel activity” subject to FRB supervision has considerable implications for fintechs and the FRB member banks that partner with them. Although bank-fintech partnerships have generally been subject to regulators’ and legislators’ attention at both the federal and state levels, the program formalizes the FRB’s focus and will compel both banks and fintechs to evaluate their relationships with a sharper lens. Given that the FRB intends to monitor and examine novel activities at supervised banking organizations regardless of bank size, and even banks that are simply exploring novel activities, the chilling effect on both banks and fintechs may be inevitable. Banks may be wary of the heightened scrutiny, and fintechs may need to commit more resources to develop and maintain robust compliance and controls in their operations.

Conclusion

The FRB’s novel activities supervision program and clarification of supervisory requirements regarding stablecoin activity demonstrate once again the banking regulators’ cautious approach to fintech and digital asset activity. Both as a general matter and with respect to digital asset activities in particular, financial firms will be frustrated in their ability to bring continued innovation to the US financial markets until Congress acts to fill the substantial legislative gaps that continue to exist.

Latham & Watkins will continue to monitor developments in this area.

Endnote

[1] Defined in SR 23-7 as “Partnerships where a non-bank serves as a provider of banking products and services to end customers, usually involving technologies like application programming interfaces (APIs) that provide automated access to the bank’s infrastructure.”