The FIL’s definition of “crypto assets” and “crypto-related activities”
For the purposes of the FIL, the FDIC broadly defines “crypto assets” to “refer generally to any digital asset implemented using cryptographic techniques.”3 Similarly, the FDIC sets forth an open-ended definition of “crypto-related activities,” which includes
- acting as crypto-asset custodians
- maintaining stablecoin reserves
- issuing crypto and other digital assets
- acting as market makers or exchange or redemption agents
- participating in blockchain- and distributed ledger-based settlement or payment systems including performing node functions
- related activities such as finder activities and lending4
The FIL stresses that this is not an exhaustive list and “given the changing nature of this area, other activities may emerge that fall within the scope of this FIL.”5 Further, the FDIC makes clear that “[t]he inclusion of an activity within this listing should not be interpreted to mean that the activity is permissible for FDIC-supervised institutions.”6
The FIL establishes a three-step process for FDIC-supervised institutions to notify the FDIC prior to engaging in (or if currently engaged in) crypto-related activities. Pursuant to Section 39 of the Federal Deposit Insurance Act,7 and its implementing rules,8 the FDIC expects FDIC-supervised institutions to “be able to demonstrate their ability to conduct crypto-related activities in a safe and sound manner.”
- An FDIC-supervised institution should “promptly” notify the appropriate FDIC Regional Director of the crypto-related activity.9 This initial notification should describe the activity in detail and provide a proposed timeline for engaging in the activity.
- The FDIC will request additional information to allow the agency to assess the safety and soundness, consumer protection, and financial stability implications of the activity. The complete scope of information requested by the FDIC will be case-specific, varying based on the type of crypto-related activity. The FIL lays out the following, non-exhaustive, list of risk considerations:
- Safety and Soundness. The FDIC states that “[c]rypto related activities present new, heightened, or unique credit, liquidity, market, pricing, and operational risks that could present safety and soundness concerns.” This includes (i) fundamental ownership issues, including the validation of ownership; (ii) anti-money laundering and countering the financing of terrorism implications; (iii) information technology and security risks; (iv) credit risk exposures posed by the crypto asset or the structure that the asset is held in, including the ability to measure asset quality (including whether the asset is bankable10), credit risk, and counterparty risk exposure; (v) uncertainty of whether adequate methods for pricing and valuation exist; (vi) accounting, auditing, and financial reporting treatment; and (vii) “significant” liquidity implications, such as liquidity risk exposure.
- Consumer Protection. With respect to consumer protection, the FDIC raises concerns with “consumer confusion” regarding the role of insured depository institutions and the speculative nature of certain crypto assets. In addition, the FIL notes that insured depository institutions must “effectively manag[e]” consumer protection requirements, such as laws related to unfair or deceptive acts or practices, in connection with crypto-related activities.
- Financial Stability. The FDIC points to the potential systemic risk that “could be created as an unintended consequence resulting from the structure of a crypto asset or through the interconnected nature of certain crypto-related activities,” such as a run on financial assets backing a crypto asset. Another concern cited in the FIL is “operational failures related to crypto assets or crypto-related activities [having] a destabilizing effect on the insured depository institutions engaging in such activities.”
- Upon receiving the requested information, the FDIC will provide relevant supervisory feedback “in a timely manner.”11 There is no express timetable or requirement for when the FDIC will provide such feedback.
Accordingly, because of the risk of an extended review period, FDIC-supervised institutions that seek to engage in crypto activities should carefully structure their risk assessment and risk mitigation strategies to ensure as smooth a review process as possible.
1 FDIC-supervised institutions include FDIC-insured state-chartered banks that are not members of the Federal Reserve System, foreign banks with a U.S. branch insured by the FDIC, and State savings associations. See 12 U.S.C. 1813(q).
2 FDIC, NOTIFICATION OF ENGAGING IN CRYPTO-RELATED ACTIVITIES (Apr.7, 2022), available at https://www.fdic.gov/news/financial-institution-letters/2022/fil22016.html#letter (FIL).
7 12 U.S.C. § 1831p-1.
8 12 C.F.R. Part 364.
9 FIL, supra note 2. The FDIC also encourages FDIC-supervised institutions to notify their respective state regulators.
10 See FDIC, RISK MANAGEMENT MANUAL OF EXAMINATION POLICIES, SECTION 3.2, available at https://www.fdic.gov/regulations/safety/manual/section3-2.pdf (“Loans classified Loss are considered uncollectible and of such little value that their continuance as bankable assets is not warranted”).
11 FIL, supra note 2.