U.S. Federal Reserve Board Announces Final Guidelines to Evaluate Accounts and Services Requests

Overview

The Board issued these Guidelines in response to the “recent uptick in novel charter types being authorized or considered by federal and state banking authorities across the country.”⁵ The original proposal by the Board noted that the application of the Guidelines to federally insured institutions would be “relatively straightforward” and the application of the Guidelines to non-federally-insured institutions may require “more extensive due diligence.” The supplemental notice proposed a three-tiered framework specifying the minimum level of review each type of institution would receive. The final Guidelines largely retain this framework. 

In applying the Guidelines, the Federal Reserve Banks (Reserve Banks) are instructed to consider the assessments of an institution by state and/or federal supervisors and whether the institution’s request has the potential to set a precedent that could affect the Board’s ability to achieve its policy goals now or in the future. Even if an application is approved, the Reserve Banks can impose conditions on the use of Accounts or Services as necessary to “limit operational, credit, legal, or other risks posed to the Reserve Banks, the payment system, financial stability or the implementation of monetary policy or to address other considerations.” These conditions can include limitations on balances held in Accounts or interest paid on those funds, with potentially significant implications for the utility of even approved applications. If these limitations prove ineffective at mitigating the identified risks, Reserve Banks can further restrict an institution’s use of Accounts and Services or even close the Account. Indeed, the Board indicates that ongoing monitoring will be appropriate to address potential changes in the risk profile of specific institutions or their use of Accounts and Services.

Section 1 of the Guidelines outlines six principles focused on risk management and mitigation; Section 2 describes how those principles will be applied in a three-tier review structure with varying levels of scrutiny corresponding to the level of risk associated with different entity categories. 

Section 1 of the Guidelines is substantially similar to the originally proposed guidelines. With respect to Section 2, in response to comments that the proposed Tier 2 definition created inequitable disparities between non-federally-insured state and federally chartered institutions, the Board revised the definition of Tier 2 institutions to cover a narrower set of non-federally-insured national banks. Non-federally-insured institutions chartered under federal law will be considered Tier 2 institutions only if they have a holding company subject to Board oversight, and those chartered under state law will be considered Tier 2 institutions if they are subject by statute to prudential supervision by a federal banking agency (generally Federal Reserve System member banks), and to the extent that each institution has a holding company, the holding company is subject to Board oversight. 

The Board also received several comments requesting that the Guidelines include a timeline for the completion of Reserve Bank review of Account and Service access requests. Due to the variation in charter types, business models, regulatory regimes, and risk profiles, the Board declined to specify a single timeline for processing Account and Service access requests. Language was added emphasizing a focus on timeliness, but a formal timeline was not implemented, and it remains to be seen whether the Guidelines will materially affect the timing for assessment of applications. 

The Board also declined to address comments requesting that the Board clarify its interpretation of legal eligibility for access to Accounts and Services, opting instead to continue to make these judgments on a case-by-case basis. At the same time, the Board specifically declined to issue a ban on applications by entities holding a novel charter. Although fintech companies have been encouraged by that decision, institutions with novel charters still face many challenges on the path to actually obtaining access to Accounts and Services. Indeed, it is worth noting in this regard that the Board continues to aggressively defend its position in Custodia Bank’s litigation to obtain such access.

Six Principles for Assessing Applications for Access to Accounts and Services

The six principles set forth in Section 1 of the Guidelines are as follows.

Principle 1: Each institution requesting an Account or Services must be eligible under the Federal Reserve Act or other federal statute to maintain an Account at a Reserve Bank and to receive Services and should have a well-founded, clear, transparent, and enforceable basis for its operations.

Only entities that are member banks or meet the definition of a depository institution under Section 19(b) of the Federal Reserve Act are legally eligible to obtain Accounts and Services.

In evaluating Principle 1, the Reserve Banks should assess the consistency of the institution’s activities and services with applicable laws and regulations, including Article 4A of the Uniform Commercial Code and the Electronic Fund Transfer Act (15 U.S.C. 1693 et seq). Reserve Banks should also consider whether the institution’s services would impede compliance with U.S. sanctions programs, Bank Secrecy Act (BSA), and anti-money-laundering (AML) requirements or regulations, or consumer protection laws and regulations. 

Principle 2: Provision of an Account and Services to an institution should not present or create undue credit, operation, settlement, cyber, or other risks to the Reserve Bank. 

In evaluating Principle 2, the Reserve Bank should confirm that the institution has an effective risk management framework and governance arrangements to ensure safe and sound operation during normal conditions and periods of idiosyncratic and market stress. The framework should at minimum identify, measure, and control the risks posed by the institution’s business and should be supported by internal testing and audit reviews. The framework should also be subject to oversight by a board of directors and state and/or federal banking supervisors. It should also identify all risks that might arise related to the institution’s business and its objectives regarding tolerance for those risks. The institution should be in substantial compliance with its supervisory agency’s regulatory and supervisory requirements. The final Guidelines contain additional information regarding factors Reserve Banks should use in their judgment in adjudicating these requests. 

Principle 3: Provision of an Account and Services to an institution should not present or create undue credit, liquidity, operational, settlement, cyber, or other risks to the overall payment system.

In evaluating Principle 3, the Reserve Bank should confirm that institutions have effective risk management frameworks and governance agreements to limit the effect that idiosyncratic stress, disruptions, outages, cyber incidents, or other incidents have on other institutions or the payment system. The framework should have (1) clearly defined operational reliability objectives and policies and procedures in place to achieve those objectives; (2) a business continuity plan that addresses events that have the potential to disrupt operations and a resiliency objective to ensure the institution can resume services in a reasonable timeframe; and (3) policies and procedures for identifying risks that external parties may pose to sound operations, including interdependencies with affiliates, service providers, and others. The Reserve Bank should also identify actual and potential interactions between the institution’s Account and Services and the payment system to consider the extent to which the institution’s use of the Account and Services might affect the availability of funds and liquidity needs of other institutions. The final Guidelines contain additional information regarding factors Reserve Banks should use in their judgment in adjudicating these requests.

Principle 4: Provision of an Account and Services to an institution should not create undue risk to the stability of the U.S. financial system. 

In evaluating Principle 4, the Reserve Bank should consider whether the institution’s access to an Account and Services could introduce financial stability risk to the U.S. financial system and should confirm that the institution has an effective risk management framework and governance arrangements for managing liquidity, credit, and other risks in times of financial or economic stress. This includes consideration of how strains at the institution might be transmitted to other segments of the financial institution and how access to an Account and Services by the institution could affect deposit balances across U.S. financial institutions in times of financial and economic stress. 

Principle 5: Provision of an Account and Services to an institution should not create undue risk to the overall economy by facilitating activities such as money laundering, terrorism financing, fraud, cybercrimes, economic or trade sanctions violations, or other illicit activity. 

In evaluating Principle 5, the Reserve Bank should confirm that the institution has a BSA/AML compliance program that meets regulatory standards and has the following elements: (1) a system of internal controls; (2) independent audit and testing conducted by an institution’s personnel or an outside party; (3) a designated individual responsible for day-to-day compliance; (4) ongoing training for appropriate personnel; and (5) appropriate risk-based procedures for ongoing customer due diligence. The Reserve Bank should also confirm the compliance program supports compliance with Office of Foreign Assets Control regulations. 

Principle 6: Provision of an Account and Services to an institution should not adversely affect the Board’s ability to implement monetary policy. 

In evaluating Principle 6, the Reserve Bank should determine whether access to an Account and Services by the institution could have an effect on monetary policy and whether it could affect the level and variability of demand for and supply of reserves, key policy interest rates, the structure of key short-term funding markets, and the size of the consolidated balance sheet of Reserve Banks. The implications of providing an Account to the institution should be considered in times of stress and in normal times. 

Three Tiers of Review

Section 2 of the Guidelines provides a tiered review structure illustrating the level of due diligence and scrutiny for Reserve Banks to apply to different types of institutions. While the tiers provide guidance as to the level of diligence that applicants can expect, each request is reviewed on a case-by-case and risk-focused basis, and there can be different levels of review within each tier depending on the novelty, complexity, and risk involved in a specific institution’s application. We note below the description of each tier and level of scrutiny in the Board’s supplemental notice and Guidelines.⁶

In sum, although the publication of the Guidelines is an important milestone on the journey toward a more transparent and consistent application of standards for access to Accounts and Services, it is unlikely to materially affect the speed or rigor of Federal Reserve Bank review of applications from nontraditional institutions or based on novel business plans. Institutions seeking to pursue such applications will need to carefully and systematically address the factors noted in the Guidelines if they are to have any expectation of surviving the application gauntlet.

¹ “Accounts” excludes (1) accounts provided under fiscal agency or depository authority, (2) accounts of certain international organizations, (3) joint account requests, (4) account requests from designated financial market utilities, and (5) accounts pursuant to Regulation N.

² “Services” means all services subject to Federal Reserve Act section 11A (i.e., priced services) and Reserve Bank cash services and excludes transactions conducted as part of the Federal Reserve’s open market operations or administration of the Reserve Banks’ Discount Window.

³ https://www.federalreserve.gov/newsevents/pressreleases/files/other20220815a1.pdf.

⁴ https://www.federalreserve.gov/newsevents/pressreleases/bowman-statement-20220815.htm.

⁵ Id. 

⁶ https://www.federalreserve.gov/newsevents/pressreleases/files/board-memo-20220815.pdf.