The Federal Reserve Board recently issued two Supervision and Regulation Letters that provide guidance on the agency’s supervision of novel activities and the process such as fintech partnerships, crypto-related activities, and activities using distributed ledger or blockchain technology.
In SR Letter 23-7, the FRB announced the establishment of its new Novel Activities Supervision Program focus on (i) technology-driven partnerships with non-banks; (ii) crypto-asset related activities such as asset custody, crypto-collateralized lending, asset trading, and crypto issuance and distribution; (iii) exploration or use of distributed ledger technology; and (iv) concentration of banking services to crypto-asset related entities and fintechs. The program is designed to “ensure that the risks associated with innovation” supported by new technologies are managed appropriately by the bank where the level and intensity of supervision under the Program will vary based on the banking organization’s level of engagement in novel activities.
In SR Letter 23-8, the FRB provides a description of the supervisory nonobjection process for state member banks seeking to engage in certain activities involving tokens denominated in national currencies and issued using distributed ledger technology or similar technologies to facilitate payments (dollar tokens). The letter clarifies that any bank supervised by the Fed that wishes to engage in those same activities must first obtain a written notice of supervisory nonobjection from the Fed. In order to do so, the bank must be able to demonstrate it has implemented adequate risk management practices, taking into account operational, cybersecurity, liquidity, illicit finance, and consumer compliance risks, among others.
Putting It Into Practice: While broader in scope, it is notable that the FRB is categorizing bank-fintech partnerships as a “novel activity” subject to the new supervisory program. As such, banks involved with innovative fintech products and services should expect inquiries from the FRB. Before that happens, impacted companies should consider (i) identifying all “novel activities,” whether they are products, services, or relationships; (ii) reconfirming whether current compliance ensures appropriate controls addressing the risks expressed in the FRB’s latest letters, and update compliance where appropriate; and (iii) aligning the bank overall strategy regarding engagement in novel activities with that of the FRB.
In addition to oversight by prudential regulators, fintechs and their bank partners should continue to stay abreast of state “true lender” cases and related legislation, which may require contractual and operational shifts in the future as legislators and regulators continue their efforts to rein in alleged evasions of state laws manifested through bank partnership arrangements.