SoFi's Digital Asset Activity
Arguments and Counterarguments
Yesterday four Democratic members of the Senate Banking Committee sent a letter to SoFi Technologies, Inc. raising questions about whether SoFi’s digital asset activities are permissible under U.S. federal banking law. The same Senators also sent a second letter to the U.S. federal banking regulators asking similar questions.
This post lays out what is known with respect to SoFi’s activities and makes a few guesses about the bank regulatory positions SoFi may have adopted.
What Is Prohibited?
SoFi became a bank holding company earlier this year by acquiring Golden Pacific Bank. The structure of the transaction was such that both OCC and Federal Reserve Board approval was required, and in connection with the approval each agency imposed certain conditions, the OCC with respect to the activities of the bank and the Board with respect to the activities of the holding company and its non-bank subsidiaries.
The OCC’s letter conditionally approving the transaction is publicly available. Among other things, the OCC required SoFi Bank to enter into an Operating Agreement.1 While the Operating Agreement is in effect, SoFi Bank:
shall not engage in any crypto-asset activities or services currently performed by SoFi Inc., or any other cryptoasset activities or services, unless it has received prior written determination of no supervisory objection from the OCC under the procedures set out in the Operating Agreement
As for the Board, SoFi’s application to become a bank holding company and SoFi’s election of financial holding company status were acted on under delegated authority. This means that the application was approved by the staff of the Federal Reserve Bank of San Francisco, without needing a formal approval vote and order from the Board in Washington, DC.
In a case like this one the supervisory and policy staff in DC are likely to have had significant input into the processing of the application, including with respect to issues relating to permissibility. So, to be clear: the fact that the application was approved under delegated authority does not mean that the application was okayed by the Reserve Bank without the Board’s knowledge or approval.2
The delegated authority point is relevant, however, because the lack of a formal Board order means there is no publicly available description from the Board detailing its views as to the permissibility or impermissibility of SoFi’s activities.3 Instead, what we have is SoFi’s summary from its 10-K filed earlier this year:
With respect to our digital assets trading activities, we do not hold or store members’ digital assets, but instead rely on a third-party custodian, and we hold an immaterial amount of digital assets in order to facilitate paying new member bonuses when members initiate their first digital assets trade. We do this for member convenience to facilitate a seamless payment of digital assets.
In connection with our approval as a bank holding company, the Board of Governors of the Federal Reserve (the “Federal Reserve”) determined that the activities of SoFi Digital Assets, LLC in providing members with the ability to buy or sell various digital currencies through SoFi Digital Assets, LLC's omnibus account with a third-party custodian is not a permissible activity under the Bank Holding Company Act and Regulation Y. However, under Section 4 of the Bank Holding Company Act, the Federal Reserve has permitted us to continue our current digital assets related offering for a two-year conformance period from the date we became a bank holding company, with the possibility for three one-year extensions, provided that we do not expand our impermissible activities, except as authorized by the Bank Holding Company Act and Regulation Y, or increase our established risk limits for total customer digital assets maintained in wallets that are accessible online, referred to as “hot wallets”, or held on balance sheet.
SoFi repeated this description in substantially the same form in its Q1 and Q2 10-Qs.
The disclosure in SoFi’s most recent 10-Q filed earlier this month changed slightly from the disclosure used in SoFi’s 10-Qs from earlier this year, as you can see in this redline. The redline shows that SoFi has moved away from the descriptive language regarding SoFi Digital Assets, LLC’s omnibus account in favor of more general language describing a prohibition on “certain crypto-related activities.” But it is not clear to me if this was meant to convey any meaning or whether this was just wordsmithing.
The Senators’ Claims
In addition to general consumer protection concerns, the Senators raise two issues of interest to this blog.
Impermissible Expansion of Activities
First, the Senators note that in March 2022 SoFi “announced a new service allowing customers of its national bank to invest part of every direct deposit into digital assets with no fees.” The Senators raise concerns that this may have violated either or both of SoFi’s commitment to the Board not to expand its impermissible activities and SoFi Bank’s commitment to the OCC to keep the bank out of crypto. The Senators cite to a SoFi press release in which SoFi described the new offering as follows:
SoFi … today announced members will now be able to invest part of every direct deposit into cryptocurrency with zero fees. … Members will be able to set a recurring purchase for the cryptocurrency of their choice with each paycheck for no purchase fee, investing either by dollar amount or percentage of their deposit, into one of 30 coins.
Approach to Capital Calculations
Second, the Senators say that SoFi’s activities “raise[] questions about the appropriate calculation of capital requirements.” In particular, the Senators ask SoFi’s CEO to explain:
How has SoFi determined the appropriate credit, market, and operational risk capital requirements for digital asset exposures, including customer digital assets and digital assets held on SoFi’s balance sheet?
SoFi’s Response
It has been an extremely volatile few weeks for the crypto industry, with speculation, well-founded or otherwise, swirling around the spillover effects that may reach the handful of regulated banks with significant ties to the sector.4
Perhaps for this reason, SoFi was quick to release an 8-K yesterday afternoon responding to the Senators’ letter, and also stressing the “non-material” nature of its crypto activities.5
SoFi takes our regulatory and compliance commitments seriously, including our non-bank operations within the digital assets space. We believe we have been fully compliant with the mandates of our bank license and all applicable laws. We maintain consistent, constructive dialogue with each of our federal and state regulators.
Cryptocurrency remains a non-material component of our business. As disclosed in our latest 10-Q filing, our brokerage related fees (which include all cryptocurrency related fees) totaled $3.85 million in the third quarter of 2022 and the fair value of digital assets held by third-party custodians for the benefit of our members, which is recorded on our consolidated balance sheet, totaled approximately $132.5 million as of September 30, 2022. We do not engage in any other cryptocurrency financing activity other than allowing members to buy and sell crypto currency via our platform executed by third party partners, including no leveraging or yielding.
We do not partner with FTX nor have any direct exposure to FTX.
Arguments and Counterarguments
It is tough to judge the claims in the Senators’ letter without knowing more about both (1) what is actually prohibited and (2) what SoFi is actually doing on an entity-by-entity level. Even so, it is possible to offer a few educated guesses on the positions that SoFi might have taken.
Permissibility
Assuming that the activities described in the Senators’ letter that were announced by SoFi in March 2022 were indeed new to the agencies,6 there are a few possible arguments on which SoFi may be relying.
With respect to the Board order, perhaps SoFi’s position is that this is not in fact a new activity at all, but rather is simply a variant of an existing activity which SoFi is permitted to continue for the next two years, subject to the conditions set out by the Board.
SoFi’s argument might be, for example, that SoFi was already giving its customers access to cryptocurrency prior to becoming a bank holding company. Viewed from this perspective, the only new thing in the March announcement was allowing SoFi banking customers to get access to crypto more easily by having a portion of their direct deposits converted into crypto without needing to pay additional fees. Thus, maybe SoFi could argue that they simply removed a friction from an existing customer-facing activity, rather than engaged in an entirely new one.
Of course, given what happened next, from a consumer protection perspective increased barriers between crypto and March 2022 SoFi customers who wanted to buy that crypto would probably have been a good thing, rather than a friction to be resolved by the banking system. But that does not necessarily go to the question of permissibility.
Looking at the careful phrasing in the 10-K, another possibility in relation to the Board order is that this direct deposit feature (a potentially misleading name, as explained in point 3 below) is not covered by the Board’s order at all.
The Board’s order found impermissible — again based on SoFi’s characterization in the 10-K — SoFi giving customers the “[1] ability to buy or sell various digital currencies [2] through SoFi Digital Assets, LLC's [3] omnibus account with [4] a third-party custodian.”
Maybe the argument is that the specific activity involving all four of those things was impermissible, but a different offering to customers not involving one or more of those things could be permissible.
Of course, it is not clear that the direct deposit offering does in fact represent a change to any of the four steps described in the 10-K, but on the other hand if that is true, maybe it supports the argument in point 1 above re: this not actually being a new activity.
Even if one can reconcile the activities of SoFi and its non-bank subsidiaries with the Board’s limitations, there is still the OCC’s broad prohibition on SoFi Bank being involved in “any crypto-asset activities or services currently performed by SoFi Inc., or any other cryptoasset activities or services.”
One possibility is that, as the OCC’s order contemplates, SoFi sought and received the OCC’s prior supervisory non-objection.
If not, though, I can see the Senators’ argument that a direct deposit program offered by SoFi Bank in which a portion of the deposit is then used to purchase crypto appears, at least on its face, to be involvement by SoFi Bank in “any other cryptoasset activities or services.”
Maybe the argument, however, is that if a SoFi Bank customer chooses to “set a recurring purchase for the cryptocurrency of their choice” in connection with their direct deposits, then that portion of the customer’s funds is never actually deposited with the bank and never actually touches the bank at all.
Instead, the argument would go, the transaction is handled by other SoFi entities, without any technical involvement by the bank. In other words, it is not the case that a customer deposits money into her SoFi Bank account and then SoFi Bank sends the money over to various other SoFi entities to go buy crypto on behalf of the customer. Instead, the other SoFi entities handle the transaction from the very beginning, without any involvement from the bank.
I do not know for sure that this is the position SoFi has adopted, but you could maybe find support for it in the SoFi press release. The release accompanies the sentence saying “Members will be able to set a recurring purchase for the cryptocurrency of their choice…” with a footnote explaining that such recurring “[a]utomated Investing and advisory services are provided by SoFi Wealth LLC, an SEC-Registered Investment Adviser. … Brokerage services are provided to SoFi Wealth LLC by SoFi Securities LLC.”
Depending on the cryptocurrencies in question, other federal regulators may have questions about that sentence,7 and the prospect of investing a portion of a paycheck in one of 30 cryptocurrencies sounds rather horrifying to me from an investment perspective. But in terms of the narrow question of technical compliance with the OCC order to keep the bank away from crypto, perhaps this is how SoFi was able to get comfortable.
Capital
For better or worse, part of the answer to the Senators’ question around capital is pretty easy. The Senators wonder whether SoFi is appropriately accounting for “credit, market, and operational risk capital requirements” in relation to the cryptocurrency that it holds. The short answer with respect to market and operational risk is likely that SoFi is not accounting for this at all, because SoFi is not required to do so.
Under the U.S. capital rules, banking organizations must calculate risk-weighted assets for market risk only if the bank has significant exposure to market risk, which the regulations define as trading assets equal to (i) 10% percent or more of total assets or (ii) $1 billion or more. SoFi’s current trading assets are well below that threshold.8
Similarly, the requirement to calculate risk-weighted assets for operational risk applies only to a very small group of banking organizations, in which SoFi is not currently included.
Still, the Senators raise an interesting question with respect to how SoFi is calculating risk-weighted assets for credit risk in relation to the crypto held in the omnibus account. The requirement to calculate RWAs for credit risk is a requirement applicable to almost all banking organizations, including SoFi, so unlike the market risk RWA and operational risk RWA question, this is a live one.
I am not sure we can get a complete answer from publicly available materials, but by looking at SoFi’s most recent FR Y-9C, we may able to form an educated guess.
At September 30, 2022, SoFi reported approximately $550,314,000 of “other assets” held on its balance sheet (p. 18).
These other assets included approximately $132,456,000 of assets which SoFi describes as “safeguarding digital assets” (p.50). This corresponds exactly to SoFi’s press release yesterday, which stated that “digital assets held by third-party custodians for the benefit of our members, which is recorded on our consolidated balance sheet, totaled approximately $132.5 million.”9
As for the risk weights it assigns to “other assets”10 for purposes of calculating risk-based capital ratios, SoFi breaks it down as follows (pp. 62-63):
0% risk weight: $132,485,000
100% risk weight: $680,595,000
250% risk weight: $60,706,000
“Other Risk-Weighting Approaches”: $2,067,000
All other risk weights (e.g., 400%, 1250%): $0
Based on this, it appears that all or almost all of SoFi’s digital assets are being assigned either a 0% risk weight or a 100% risk weight. Between the two, I would guess that SoFi has chosen to assign its crypto to the 100% risk-weight bucket. This is because the Board’s capital rules require that a 100% risk-weight be assigned to all assets not specifically assigned a different risk weight or deducted from capital, and currently the Board’s capital rules do not address crypto.
If that is the approach SoFi has taken, it would be assigning to the crypto in the omnibus account the same risk weight that banks assign to, for example, ordinary corporate loans. Is that the right outcome? It does not quite feel right. It is a lower risk weight than that assigned to most equity exposures when calculating credit risk RWAs, and it is also a much more forgiving approach than the proposed Basel treatment of certain crypto exposures.11
At the same time, though, if this is in fact what SoFi is doing, I do not think you can say it is necessarily an incorrect application of the capital rules as currently written, and in any case as a relative matter SoFi is correct that the amounts in question here are not material.12
Although the OCC’s approval letter is public, the Operating Agreement itself is not.
See also the Board’s rules regarding delegation of authority, which provide that an application cannot be acted on by a Reserve Bank under delegated authority if, among other things, a member of the Board of Governors has indicated an objection to a Reserve Bank taking such action. So again to be very clear, this was not a situation where the Board wanted to act on the application itself, but somehow was foreclosed from doing so.
In their correspondence with SoFi, the Senators quote from (what I assume is) the FRBSF’s approval letter, but they did not make a copy publicly available.
For instance, WSJ over the weekend had an article titled “Crypto Bank Silvergate Battles FTX Contagion Fears,” while Provident Bancorp managed to wipe out more than a quarter’s worth of net income with a loan to a crypto-mining operator that went bad (8-K here).
I have added paragraph breaks, but otherwise this is verbatim from the 8-K. Note that in addition to disclaiming direct exposure to FTX in the 8-K, a SoFi spokesperson also in a statement to the media denied any exposure to “the FTT token, Alameda Research or Genesis Global Trading.”
Another possibility is that this activity was planned and already acquiesced to by the agencies, even if not launched, at the time of the approval orders. Based on publicly available information, there is no way of telling whether this was the case here.
For example, also new in this quarter’s 10-Q was the following disclosure:
We may also face regulatory action or penalties. The SEC has increased the focus and pace of enforcement actions related to what the SEC calls crypto asset securities. In addition, the SEC Chair Gary Gensler indicated in an October 2022 speech that he believed the vast majority of crypto tokens are securities and that many crypto intermediaries are transacting in securities and have to register with the SEC. If there are allegations that a digital asset we offer is a security, we could face potential liability, including an enforcement action or private class action lawsuits, and face the costs of defending ourselves in the action, including potential fines, penalties, reputation harm, and potential loss of revenue. Our personnel could also become disqualified from associating with a broker-dealer, which could adversely affect our business.
The Board does have the authority to require banking organizations not meeting these thresholds to nonetheless calculate risk-weighted assets for market risk, but based on SoFi’s public FR Y-9C reports, which report $0 of market risk RWAs, this authority has not been exercised.
It also tracks the most recent 10-Q disclosure from SoFi, which lists a “Digital assets safeguarding asset” of $132,456,000. SoFi explains that these assets “are classified as Level 2, because they do not trade in active markets, and are valued using quoted prices on an active exchange that has been identified as the principal market for the underlying digital assets that are being held by our third-party custodians for the benefit of our members.” See the table on page 49 of the 10-Q for a breakdown of the assets in question (mostly BTC and ETH, but also, among other holdings, more than $4 million worth of Dogecoin).
Note that the category “other assets” in this context is broader than the definition of “other assets” from the balance sheet earlier in the Y-9C, which is why the total here does not match the total there.
To be clear, the strict Basel approach, even if in effect, would not necessarily apply to SoFi’s crypto assets, which as I understand it are almost all held in custody on behalf of customers. Indeed, some (but not the SEC staff) would argue that such custodied assets should not be reflected on SoFi’s balance sheet at all.
Also worth acknowledging is that at the end of September 2022 SoFi had a CET1 risk-based capital ratio of 24.2%, well in excess of applicable requirements. Plus, even if you think risk weighting of assets is a fool’s errand, SoFi’s leverage ratio (i.e., a capital measure that treats all assets equally) at the end of the same period was 30.97%, again well in excess of applicable requirements.