Fed suggests enhancing supervision of “novel activities” by banks
On August 8, the Federal Reserve Board announced the issuance of two supervision letters that elaborate on the its program to supervise “novel activities” such as fintech partnerships, crypto-related activities, and activities using distributed ledger or “blockchain” technology. The first letter, SR 23-7, announces the establishment of the “Novel Activities Supervision Program,” a program designed to “ensure that the risks associated with innovation” supported by new technologies are managed appropriately by the bank. The program will focus on (i) technology-driven partnerships with non-banks; (ii) crypto-asset related activities such as asset custody, crypto-collateralized lending, asset trading, and crypto issuance and distribution; (iii) exploration or use of distributed ledger technology; and (iv) concentration of banking services to crypto-asset related entities and fintech companies. Supervisory teams will be tasked with monitoring and examining these novel activities within the existing supervisory portfolios and will take a risk-based approach on the level and intensity of supervision. The letter concludes that “the Program will also operate in keeping with the principle that banking organizations are neither prohibited nor discouraged from providing banking services to customers or any specific class or type” as permitted by law.
In the second supervisory letter, SR 23-8, the Fed announced a “nonobjection process” for banks seeking to engage in certain dollar token activities. Previously, the OCC issued an interpretive letter permitting national banks to use distributed ledger technology (or similar) to conduct payments using dollar tokens, as long as the bank could demonstrate adequate controls. (Covered by InfoBytes here). The letter clarifies that any bank supervised by the Fed that wishes to engage in those same activities must first obtain a written notice of supervisory nonobjection from the Fed. In order to do so, the bank must be able to demonstrate it has implemented adequate risk management practices, taking into account operational, cybersecurity, liquidity, illicit finance, and consumer compliance risks, among others. The bank must also demonstrate that it is aware of and can comply with laws applicable to the activities.