The Federal Reserve Board (the “FRB”) has signaled a new approach to the oversight of “novel” activities by banks subject to FRB supervision.  In a recent letter to supervisory staff, the FRB indicated that it would introduce enhanced supervision under a risk-based approach for banks that seek to take advantage of “financial innovations supported by new technologies.” While the new program targets several crypto- and blockchain-related activities, the program will also impact fintech-bank partnerships which, for many banks, have become an essential tool for banking-as-a-service initiatives.

The letter follows the release of a FRB policy statement in February 2023 that signaled the agency’s intention to follow the Comptroller of the Currency’s (the “OCC”) guidelines for national banks to determine the range of permissible “novel” activities for state member banks.  The FRB also indicated that activities generally permitted by the Federal Deposit Insurance Corporation for insured institutions would also be permissible for state member banks.

The new supervision program will focus on four specific areas of bank activity:

• concentrated provision of traditional banking services to crypto-asset related entities and fintechs, including deposit, payment, and lending to crypto-asset firms and fintechs;

   

• projects that use distributed ledger technology with the potential for significant impact on the financial system;

   

• crypto-asset related activities including lending collateralized by crypto assets, facilitation of crypto-asset trading and the issuance or distribution of stablecoin/dollar tokens; and

   

• complex technology-driven partnerships with nonbanks to provide banking services to end customers, including services based on the use of application programming interfaces (“APIs”) that provide automated access to bank infrastructure.

The novel activities program will operate within the framework of existing FRB supervisory teams.  The letter notes that banks engaging in novel activities will be notified in writing that a review of such activities will be subject to examination.  The review will be risk-based, and the level of scrutiny will vary based on the level of the bank’s engagement in novel activities.  The FRB will also “routinely” monitor banks that are exploring novel activities.

While the letter’s focus on crypto-related assets is an understandable reaction to the inherent volatility of the crypto markets and the recent demise of several banks that were crypto market participants, the focus on fintech partnerships is perhaps the most important take-away from the letter.  While relatively few banks have actively engaged with crypto firms, a wider range of banks now partner with fintech providers through APIs to facilitate various banking-as-a-service strategies.  The FRB’s focus on bank-fintech partnerships suggests that a higher level of due diligence will be necessary to support such partnerships and that examiners will look for thorough documentation of the bank’s risk assessment of a prospective fintech partnership.

Separately, the FRB also released a letter directed to supervisory staff that outlines a nonobjection process for state member banks seeking to engage in activities involving tokens denominated in national currencies and issued through the use of distributed ledger technology.  The process builds upon a 2021 OCC interpretive letter that generally recognized the authority of a national bank to use distributed ledger technology involving tokens upon demonstration to supervisory staff that the bank had adequate controls in place to conduct the activity in a safe and sound manner.  As noted above, a state member bank is generally authorized to conduct activities that are permissible for a national bank in the novel technologies area so the FRB nonobjection process builds upon the OCC position regarding tokens.

The FRB letter provides that written nonobjection must now be obtained before engaging in token-related activities.  The process is initiated through notification provided to the bank’s lead FRB supervisory contact.  For banks already engaged in token-based activities, the supervisory letter provides that notice must be given to the lead supervisory contact, and the bank may continue to engage in such activities pending FRB issuance of a nonobjection.

In reviewing a nonobjection request, the FRB will consider six potential areas of concern:

• operational risks including risks associated with governance of the token-based networks, the transaction validation process and recordkeeping;
  
  
• cybersecurity risks associated with the token-based network;

   

• liquidity risks, including the risk of substantial redemptions in a short period of time that would trigger deposit outflows;

   

• illicit finance risks that implicate Bank Secrecy Act or Office of Foreign Asset Control requirements; and

   

• consumer compliance risks relating to compliance with consumer protection laws that cover token-based activity.

A clear understanding of the evolving regulatory framework for “novel activities” is essential to the successful implementation of any business strategy based on financial innovation.  While the regulators have acknowledged the benefits of innovation for the financial system, the agencies are proceeding cautiously with their evaluation of how individual banks will be allowed take advantage of such innovations.  But the regulators freely admit that their body of knowledge around these topics is evolving and that their approach to the supervision of novel activities, and the guidance they give to banks, may shift as their knowledge base grows.