This Week in AML

Federal Reserve Issues Guidance on Crypto Activities

The Federal Reserve has issued additional information for banking organizations about crypto-asset-related activities. It is contained in Supervisory Letter SR 22-6. The Letter reviews areas of risk for providers of these products. It also reminds organizations there are regulatory notice requirements they need to follow. John and Elliot discuss the risks identified by the Fed and how this Letter relates to a joint statement on crypto-asset policy issued by US regulators in late 2021. They also talk about the importance of having open communications with your bank regulators as you explore offering crypto-related services.



Federal Reserve Issues Guidance on Crypto Activities TRANSCRIPT


Elliot Berman: Hi, John, how are you today?

John Byrne: I'm good. Elliot. How are you doing? I'm good

Elliot Berman: too, I was on vacation last week as we talked, and it was very restful, and now, you know, back catching up, but that's part of the cost of going on vacation.

John Byrne: Yeah. Back catching up and realizing we have to be strong about defending our law enforcement partners from verbal and physical assault, but that's for another podcast or webinar.

Elliot Berman: Yeah, but I fully agree with that. So when I got back, I was looking at email and things, and I noticed that the federal reserve issued a new supervisory letter 22-6 that focused on how banks and other banking organizations, things they should think about when they're engaging in activities related to crypto assets.

I wonder if you saw that?

John Byrne: I did, and I think it's pretty important to note that all the banking agencies, obviously in the treasury department, have been pretty vocal about crypto-related issues for a couple of years. So obviously, there's both a concern and an interest in staying ahead and staying educated.

So this is definitely consistent with that, so I think that they built off the interagency statement. Issued a few months ago. And as you said that the fed has this specific supervisory letter, and I noticed a couple of things about it in our world. It talks about how the crypto asset sector can pose risks for a whole host of things, including money laundering and terrorist financing.

And that is also something that we continue to struggle with both law enforcement and. Our community, because crypto assets have limited Transparency, as they say in the letter. So sometimes very difficult to track ownership. So that's one, and, but obviously, there's a number of other areas that they think are risky.

Elliot Berman: Yeah. So, as a starting point, I thought it was interesting to use the phrase CRI crypto assets, they have a bunch of footnotes, and in the definition, it's very broad. It's sort of anything that uses cryptography technology, so we're talking about, you know, not just the currencies, but other forms of crypto assets that are, becoming available in the marketplace.

They also talk about organizations' need for technical and operational capabilities. To manage the risks that arise from being in this space. They talk about, you know, reminding everybody that banks need to operate in a safe and sound manner and that they have consumer protection obligations, all of which they have to, you know, they have to look at these new activities that they're, getting into or evaluating through those lenses.

John Byrne: Right. And they, in terms of stability, they say they specifically call out stablecoins, and they say that's adopted at a large scale that also poses a risk to stability through runs and disruptions in the payment system. But going back to your point on consumer protection, that's always an issue for the financial sector.

To make sure you're protecting your customers, they have a whole list of things that they believe, our potential negative aspects of crypto assets, fraud, loss of assets, you know, compliance risk, and a whole host of things. So, you know, clearly, they've been doing a lot of work in this space and just trying to make sure that financial institutions are going into this with our eyes wide.

Elliot Berman: Yes, absolutely, another piece, and it's a little, it's not the core of what you and I normally talk about, but because this is the supervisory letter, they do remind institutions, both bank holding companies and, banks that they supervise that, that those institutions need to work their way through the, authorized activity analysis.

Because of each of the different types of crypto assets and the activities you might be involved with, whether it's custody or facilitation of customer purchases and sales, loan collateralization using crypto assets, or payment-related activities, you need to work your way through the various regulations that apply to you and determine whether it's a permissible activity.

And then to the extent, it follows the rules, whether it's advanced notice and, and, approval or notice within so many days of starting or requesting clarity that it, a permissible activity, they also point to everybody to the fact that there are possibly state laws that may apply or other federal law.

Because again, at the moment, in the US, the SEC is viewing cryptocurrencies, at least in some situations, as to be securities. So you've got an entirely separate regime of regulation that you have to be aware of. And that's, again, a compliance risk issue.

John Byrne: You know, we, we talked about this before the, before our conversation, and that's the process of alerting your regulator, your examiner, to what you're doing.

And it's always sort of. My view is that regardless of what the regs or the particular product are, it certainly makes a lot of sense from a communication standpoint of nothing else but certain. From a legal standpoint, when required to alert your supervisor as to new products and services.

I mean, we also have always debated internally making sure the compliance staff is well aware of something before you release a product to the public, which used to be more of an issue than I think it is today. But I also looked at the statement as the notification part of it is sort of twofold, right?

The notification is to let you know, let your supervisor know that you've engaged in crypto asset-related activity. If you already are, and you haven't done that yet, obviously let them know if you're planning to, but also, they say in the statement that the federal reserve staff sh will not, should, will provide.

Supervisory feedback as appropriate in a timely manner. So putting a little bit of the onus on the regulators to say, Hey, this is what we're planning to do. This is what we put in place to your point. Here are all the laws and regulations that we think cover what we're trying to accomplish. And then getting more than feedback, but getting that response back from your regular.

And as you also mentioned, if there's a state issue, the state member banks are encouraged to notify their state regulator. So the bottom line is this is sort of both sides have an obligation here, I think a lot of this generally happens already, but I think this is pretty clear. This is much more important given the confusion about crypto assets and some crypto assets.

Equal, some are not, you know, that sort of thing, than any other product. So as I look at that, I'm taking that as a direction, opening up the lines of communication broader than they've ever been. Make sure you have that day-to-day dialogue with your examiners and your supervisors, and just make sure you're, you know exactly what you're doing before you decide to go down this road.

Elliot Berman: Agreed, yeah, when I was at a financial institution and involved in dealing with our regulators on an ongoing basis, particularly anti-money laundering space, but across the board, you know, this, our standard approach was no surprises. You don't want the regulators to first find out you're doing something new and particularly something new that is of high visibility and under a lot of scrutinies when they first show.

At the next exam, you should be able to have a communication channel open as you discussed and be able to walk them through the process. You're going through to evaluate the risk to get your compliance and operations teams on board. How you're gonna explain it to the customers, how you're gonna put the guardrails around what you are gonna do and what you're not gonna do, and how you're gonna manage all that.

And that really, and that process. It is a good discipline for being ready to launch a new product, whether it's something as new and comp and potentially complicated as crypto assets or something that's more than a more traditional mainstream product that you haven't offered before.

John Byrne: Yeah. And I would just end my part of this by saying, as I look at the. The one thing I would've done differently is I probably would've underlined this one sentence. That's sort of in the middle of it. And that's given the heightened and novel risks posed by crypto assets. The federal reserve is closely monitoring related developments and banking organizations' participation in crypto asset-related activities.

That's clearly, obviously what they're doing, but that's why communication is,

is just so important.

Elliot Berman: Yeah. So my last comment would be that they also call out in the supervisory letter that. The guidance applies to banks and bank holding companies of all sizes. So sometimes there are things that apply only to the smaller bank holding companies or only to the larger, meaning over $10 billion in assets.

But, this one clearly calls out that it's all bank-holding companies. And I think the scrutiny of smaller institutions. It will likely be higher because of the concern about whether they actually have the operational capability to get into some of these more complicated spaces.

John Byrne: That makes sense. Just as we close this down, I just wanna remind folks that August 25th at one o'clock ET will be our next live webinar. And that's titled AML/CFT and Transparency. What are the challenges? We will discuss the global focus on transparency. Also, the status of some US-based legislation, specifically regarding what we're calling enablers euphemistically. And so we will have a practicing lawyer from the justice department, as well as a staffer from Transparency International who has done a lot of work in this space. So, that is again, August 25th, at one o'clock ET.

Elliot Berman: Okay, John, I know you're gonna travel a little bit, so drive carefully to your next event, and we will talk next week.

John Byrne: Sounds good. Take care.

Elliot Berman:Alright. Bye-bye.