“Crypto”-related innovation in financial services is expanding at a dizzying pace. Before 2009 when the first Bitcoin was “mined” into existence, cryptocurrencies did not exist. Now there are over 19,000 cryptocurrencies with a market capital of over $1.2 trillion.¹ As much as 22% of the U.S. adult population owns Bitcoin.² Bank core processing vendors are announcing relationships with Fintechs to add cryptocurrency functions to banks’ service offerings.³

“Crypto” related innovation extends well beyond digital currencies. The term has come to embrace technological and operational innovations supported by blockchains, distributed ledgers, and other technical solutions to disintermediate transactions, including contracts.

Against this backdrop, there has been relatively little regulatory guidance for community banks considering whether to adopt “crypto” solutions. In April 2022, the Federal Deposit Insurance Corporation (FDIC) issued Financial Institution Letter FIL-16-2022, “Notification and Supervisory Feedback Procedures for FDIC-Supervised Institutions Engaging in Crypto-Related Activities” (Crypto FIL).⁴ It is important for bankers to understand three issues related to the Crypto FIL: Definitions, Risks, and Notification.

Definitions

The Crypto FIL applies to “crypto-related activities,” which the FDIC defines as “acting as crypto-asset custodians; maintaining stable coin reserves; issuing crypto and other digital assets; acting as market makers or exchange or redemption agents; participating in blockchain and distributed ledger-based settlement or payment systems, including performing node functions; as well as related activities such as finder activities and lending. “Crypto asset” is defined as any digital asset implemented using cryptographic techniques.

Unfortunately, these are not exhaustive definitions. The FDIC notes that the definitions are “based on known existing or
proposed crypto-related activities engaged in by FDIC supervised institutions, but given the changing nature of this
area, other activities may emerge that fall within the scope” of the Crypto FIL.

Risks

The FDIC highlighted significant risks of crypto-related activities, including safety and soundness, financial stability, and consumer protection. The FDIC further acknowledged that other significant risks may be associated with specific
crypto-related activities.

Safety and soundness

The innovative and largely unregulated nature of crypto-activities makes their integration into bank services offerings
extremely challenging. With respect to offering crypto-asset account services, the FDIC is concerned about a broad range of operational risk issues, including liquidity, market, pricing, anti-money laundering, information security, information privacy, and technological reliability risks.

For those banks considering extending credit reliant on crypto-assets, the FDIC raises a host of concerns. Some concerns relate to assessing the asset’s structure, quality, credit risk, value, and liquidity. The FDIC also notes that
accounting, auditing, and financial reporting related to crypto-assets are evolving. Additional risks include confirming
asset ownership and lien perfection.

Financial Stability

The FDIC expressed concern regarding two separate threats to financial system stability. First, the FDIC is concerned that crypto market events such as runs on crypto assets could destabilize banks connected with those markets. Second,
the FDIC is concerned that bank operational failures could destabilize individual institutions.

Consumer Protection

A significant appeal of many cryptocurrencies is their unregulated and often speculative nature. The FDIC expressed concern regarding how banks can offer cryptocurrency products while ensuring consumers do not confuse the risks related to such products with the protections and insurance associated with deposit products and services. Exposure to claims about unfair or deceptive acts or practices related to crypto-related activities is of particular concern.

Notification

The FDIC directs banks to promptly notify their FDIC Regional Director if they engage in or plan to engage in crypto-related activity. The notice should include a description of the activity and the proposed timeline for engaging in the activity. In response, the FDIC may request information to assess the safety and soundness, financial stability, and consumer protection considerations related to the proposed activity. The burden will be on banks to demonstrate their ability to conduct crypto-related activities in a safe and sound manner.

Compliance Recommendations

If we assume that the Crypto FIL applies strictly to activities involving cryptocurrencies, it would seem easy to identify when a bank needs to notify the FDIC. However, the “crypto-related activities” definition is somewhat vague and subject to continuous expansion. Many activities that are not strictly related to cryptocurrencies will likely come under the notice requirement, such as dealing with nonfungible tokens, Metaverse properties, distributed ledger activities, or smart contracts. As banks continue to work with Fintech partners to expand their service options and streamline their operations, they may find themselves engaging in cryptorelated activities.

To ensure compliance with the Crypto FIL, bankers should take two steps. First, bankers should understand and keep abreast of developments related to cryptocurrency, blockchain, distributed ledger technology, and crypto-assets.
Second, bankers should ensure that their vendor management process includes detailed questions about whether and how technology vendors use technologies or processes that could be considered crypto-related activities.

Many of the technology innovations backing cryptocurrencies promise benefits for financial institutions. The challenge will be safely and intentionally integrating them into the bank’s existing operating models.