FDIC IG Report Provides New Details on FDIC's Approach to Crypto
Pause letters and other takeaways
Today the Office of Inspector General for the Federal Deposit Insurance Corporation released a report assessing whether “the FDIC has developed and implemented strategies that address the risks posed by crypto assets.” The OIG concludes that the FDIC has some room for improvement in this regard.
Beyond that headline takeaway, what I found more interesting in the report was the OIG’s description of the difficulties some FDIC-supervised institutions have apparently faced in getting feedback on crypto-related activities one way or the other.
As described by the OIG, the FDIC in 2021 had a plan to “provide clear guidance” to banks on what was or was not permissible. The FDIC in 2022 shifted gears, however, to what it describes as a “bottom-up” approach. This bottom-up approach has included, among other things, issuing a letter to FDIC-supervised institutions engaged in, or intending to engage in, crypto-related activities.
All of this has been publicly disclosed before. What is new in today’s report is the OIG’s description of what the FDIC did after receiving responses from banks to the FIL.
The OIG report says that, first, FDIC staff came up with a plan for reviewing responses to the FIL.
In June 2022, the Directors of RMS and DCP issued a memorandum to the Regional Directors (RD memo) to facilitate the tracking and review of notifications received in response to the FIL.
It is not clear what exactly the plan as set out in the RD memo involved — the remainder of this paragraph in the OIG report is almost entirely redacted.1 In any case, the FDIC adopted some sort of review process.
As a result of that review or based on other information that came to light,2 the FDIC sent “pause letters” to certain institutions, asking them to put their activities (or plans for expanded activities) on hold.
According to the FDIC, as part of its review of financial institutions’ crypto-related activities, between March 2022 and May 2023, the FDIC sent letters to [redacted] supervised institutions. The letters asked that the institutions pause from proceeding with planned activities or expanding existing activities and to provide additional information. The FDIC asked these [redacted] financial institutions to pause their crypto-related activities in order to assess the safety and soundness, consumer protection, and financial stability implications of such activities before providing supervisory feedback.
Seems fair enough so far. The weird thing, though, is that (as characterized by the OIG at least) for a number of institutions the FDIC seems to never have provided the supervisory feedback it said in the pause letters that it would provide.
Later in the OIG report:
The activities that institutions provided information on include crypto-asset-custody services, facilitation of customer purchase and sale of crypto assets through a third party, and crypto-asset-collateralized lending. According to the FDIC, as of August 2023, out of the [redacted] supervised institutions that received a pause letter, the FDIC had only provided [redacted] institutions with supervisory feedback. [Redacted] supervised institutions have decided not to pursue crypto-related activities or are no longer FDIC-supervised. The remaining [redacted] have not received any supervisory feedback from the FDIC.
This is all in the context of an FIL that, as the OIG today respectfully points out, indicated that supervisory feedback would be provided “in a timely manner.”
In response to these observations, the FDIC’s Director of the Division of Risk Management Supervision says that the FDIC will “update joint internal processes to include instructions for establishing expected timeframes” for reviewing and responding to information submitted in response to the FIL. A new (internal) memo will be issued by January 2024.
***
Toward the end of the report, the OIG says the FDIC’s actions as described above “create[] risk that the FDIC will be viewed as not being supportive of financial institutions participating in crypto activities.”3 I am not sure the FDIC sees that as a risk!
More seriously, given my own crypto-skeptical biases, it is pretty easy for me to believe that the FDIC found institutions doing some pretty silly stuff. Stuff that they really should not have been doing, either full stop or at least until better risk management systems were in place. But even if that is the case, was ghosting these financial institutions really the best way to get that point across?
In visual form:
The dates given in the report suggest that some pause letters were sent out even before the issuance of the FIL and the receipt of any submissions made in response to it.
The full paragraph in which this sentence appears is funny in its own right.
Based on evidence obtained during our evaluation, including our independent evaluation of the FDIC’s process, discussions with FDIC personnel, and statements made by individuals in the banking and crypto-asset industries, we determined that the FDIC’s lack of clear procedures and timely feedback regarding crypto-asset activities causes uncertainty for supervised institutions in determining the appropriate actions to take. While the FDIC has maintained communication with these institutions, the lack of a clear end to the review process results in an extended pause and uncertainty for some institutions. The uncertainty in the process creates risk that the FDIC will be viewed as not being supportive of financial institutions participating in crypto activities. Such a view leads to risk that the FDIC would inadvertently limit financial institution innovation and growth in the crypto space. This view has also been expressed by individuals in the banking and crypto-asset industries alleging that financial regulators have been cutting off crypto firms from accessing the banking system and stifling innovation.