Notice2022-17885
Guidelines for Evaluating Account and Services Requests
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
August 19, 2022
Issuing agencies
Federal Reserve System
Abstract
The Board of Governors of the Federal Reserve System (Board) has approved final guidelines (Account Access Guidelines) for Federal Reserve Banks (Reserve Banks) to utilize in evaluating requests for access to Reserve Bank master accounts and services (accounts and services).
Full Text
<html>
<head>
<title>Federal Register, Volume 87 Issue 160 (Friday, August 19, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 160 (Friday, August 19, 2022)]
[Notices]
[Pages 51099-51110]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-17885]
-----------------------------------------------------------------------
FEDERAL RESERVE SYSTEM
[Docket No. OP-1747]
Guidelines for Evaluating Account and Services Requests
AGENCY: Board of Governors of the Federal Reserve System.
ACTION: Final guidance.
-----------------------------------------------------------------------
SUMMARY: The Board of Governors of the Federal Reserve System (Board)
has approved final guidelines (Account Access Guidelines) for Federal
Reserve Banks (Reserve Banks) to utilize in evaluating requests for
access to Reserve Bank master accounts and services (accounts and
services).
DATES: Implementation Date is August 19, 2022.
FOR FURTHER INFORMATION CONTACT: Jason Hinkle, Assistant Director (202-
912-7805), Division of Reserve Bank Operations and Payment Systems, or
Gavin Smith, Senior Counsel (202-452-3474), Legal Division, Board of
Governors of the Federal Reserve System. For users of TTY-TRS, please
call 711 from any telephone, anywhere in the United States.
SUPPLEMENTARY INFORMATION:
I. Background
The payments landscape is evolving rapidly as technological
progress and other factors are leading both to the introduction of new
financial products and services and to different ways of providing
traditional banking services. Relatedly, there has been a recent uptick
in novel charter types being authorized or considered by federal and
state banking authorities across the country. As a result, the Reserve
Banks are receiving an increasing number of inquiries and access
requests from institutions that have obtained, or are considering
obtaining, such novel charter types.
A. Summary of May 2021 Proposed Account Access Guidelines
On May 5, 2021, the Board requested comment on proposed guidelines
to be used by Reserve Banks in evaluating requests for accounts and
services (Original Proposal or Proposed Guidelines).<SUP>1 2</SUP> The
Original Proposal reflected the Board's policy goals of (1) ensuring
the safety and soundness of the banking system, (2) effectively
implementing monetary policy, (3) promoting financial stability, (4)
protecting consumers, and (5) promoting a safe, efficient, inclusive,
and innovative payment system. The Original Proposal was also intended
to ensure that Reserve Banks apply a transparent and consistent set of
factors when reviewing requests for access to accounts and services
(access requests).\3\
---------------------------------------------------------------------------
\1\ 86 FR 25865 (May 11, 2021).
\2\ The Proposed Guidelines are designed to be applied to both
new and pending access requests as well as cases where the Reserve
Bank determines to reevaluate the risk of existing accounts. This
broad application is intended to ensure that risks are identified
and mitigated and that institutions are treated in a fair and
equitable manner.
\3\ In developing the Account Access Guidelines, the Board
sought to incorporate as much as possible existing Reserve Bank risk
management practices.
---------------------------------------------------------------------------
The Original Proposal consisted of the following six principles:
1. Each institution requesting an account or services must be
eligible under the Federal Reserve Act or other federal statute to
maintain an account at a Reserve Bank and receive Federal Reserve
services and should have a well-founded, clear, transparent, and
enforceable legal basis for its operations.
2. Provision of an account and services to an institution should
not present or create undue credit, operational, settlement, cyber
or other risks to the Reserve Bank.
3. Provision of an account and services to an institution should
not present or create undue credit, liquidity, operational,
settlement, cyber or other risks to the overall payment system.
4. Provision of an account and services to an institution should
not create undue risk to the stability of the U.S. financial system.
5. Provision of an account and services to an institution should
not create undue risk to the overall economy by facilitating
activities such as money laundering, terrorism financing, fraud,
cybercrimes, or other illicit activity.
[[Page 51100]]
6. Provision of an account and services to an institution should
not adversely affect the Federal Reserve's ability to implement
monetary policy.
The first principle specified that only institutions that are
legally eligible for access to Reserve Bank accounts and services would
be considered for access. The remaining five principles addressed
specific risks, ranging from narrow risks (such as risk to an
individual Reserve Bank) to broader risks (such as risk to the U.S.
financial system).\4\ For each of these five principles, the Original
Proposal set forth factors that Reserve Banks should consider when
evaluating an institution's access request against the specific risk
targeted by the principle (several factors are pertinent to more than
one principle). The identified factors are commonly used in the
regulation and supervision of federally-insured institutions and many
of the factors are utilized in existing Reserve Bank risk management
practices. The Original Proposal noted that requests from non-
federally-insured institutions would generally be subject to a greater
level of review. In addition, the Board noted that, when applying the
Account Access Guidelines, the Reserve Bank reviewing the access
request should integrate to the extent possible the assessments of the
requesting institution by its state and/or federal supervisors into the
Reserve Bank's own independent assessment of the institution's risk
profile.
---------------------------------------------------------------------------
\4\ The six principles were designed primarily as a risk
management framework and, as such, focused on risks an institution's
access could pose. The Board notes, however, that granting an access
request could also have net benefits to the financial system.
---------------------------------------------------------------------------
The Board intended for the Original Proposal to support consistency
in evaluating account access requests across Reserve Banks, while
maintaining the discretion granted to the Reserve Banks under the
Federal Reserve Act to grant or deny access requests. The Board noted
in the Original Proposal that a consistent framework across Reserve
Banks would reduce the potential that one Reserve Bank might be
considered to be more likely to grant access requests than another
Reserve Bank and would mitigate the risk that an individual access
request decision by one Reserve Bank could create de facto Federal
Reserve System policy regarding access requests for a particular
business model or risk profile.
The Original Proposal was based on a foundation of risk management
and mitigation. In developing the Original Proposal, the Board
considered the risks that may arise when an institution gains access to
accounts and services. These risks include, among others, risks to the
Reserve Banks, to the payment system, to the financial system, and to
the effective implementation of monetary policy. The Original Proposal
would prompt the Reserve Bank to evaluate an eligible institution's
risk profile and identify risk-mitigation strategies adopted by the
eligible institution (including capital, risk management frameworks,
compliance with regulations, and supervision) as well as potential risk
mitigants that could be implemented by the Reserve Bank (including
account agreement provisions, restrictions on financial services
accessed, and account risk controls).
In the Original Proposal, the Board expressed the Federal Reserve's
broad policy goals in providing accounts and services. In addition, the
Board stated that, while the Proposed Guidelines would be intended
primarily to apply to new access requests, Reserve Banks would also
apply them to existing account and services relationships where
appropriate, such as when a Reserve Bank becomes aware of a significant
increase in the risks that an account holder presents due to changes in
the nature of, for example, its principal business activities or
condition.
The Board requested comment on all aspects of the Original
Proposal, including whether the scope and application of the Proposed
Guidelines was sufficiently clear and appropriate to achieve their
intended purpose. The Board also requested comment on whether other
criteria or information might be relevant when Reserve Banks evaluate
access requests. The Board further sought comment specifically on the
following aspects of the Original Proposal:
1. Do the Proposed Guidelines address all the risks that would
be relevant to the Federal Reserve's policy goals?
2. Does the level of specificity in each principle provide
sufficient clarity and transparency about how the Reserve Banks will
evaluate requests?
3. Do the Proposed Guidelines support responsible financial
innovation?
Finally, the Board sought comment on whether the Board or the
Reserve Banks should consider other steps or actions to facilitate the
review of access requests in a consistent and equitable manner.
B. Summary of March 2022 Supplemental Notice
On March 1, 2022, the Board published a second notice (the
Supplemental Notice),\5\ which proposed to incorporate into the Account
Access Guidelines a tiered review framework to provide additional
clarity on the level of due diligence and scrutiny that Reserve Banks
would apply to different types of institutions when applying the six
risk-based principles.
---------------------------------------------------------------------------
\5\ 87 FR 12957 (March 8, 2022).
---------------------------------------------------------------------------
In the Original Proposal, the introductory text to the Account
Access Guidelines noted that the application of the Guidelines to
requests by federally-insured institutions should be fairly
straightforward, while requests from non-federally-insured institutions
may necessitate more extensive due diligence. The Supplemental Notice
proposed a three-tiered review framework--which would become Section 2
of the Account Access Guidelines--to provide additional clarity
regarding the minimum level of review for different types of
institutions.
Under the Supplemental Notice, proposed Tier 1 would consist of
eligible institutions that are federally-insured. These institutions
are already subject to a homogeneous and comprehensive set of federal
banking regulations, and, in most cases, detailed regulatory and
financial information about these firms would be readily available to
Reserve Banks. Accordingly, the Supplemental Notice stated that access
requests by Tier 1 institutions would generally be subject to a less
intensive and more streamlined review.\6\
---------------------------------------------------------------------------
\6\ The Supplemental Notice stated that, in cases where the
application of the Guidelines to a Tier 1 institution identifies a
potentially higher risk profile, the institution would receive
additional attention.
---------------------------------------------------------------------------
In the Supplemental Notice, proposed Tier 2 would consist of
eligible institutions that are not federally-insured but that are
subject to federal prudential supervision at the institution and, if
applicable, at the holding company level.\7\ The Supplemental Notice
explained that Tier 2 institutions are subject to similar but not
identical regulations as federally-insured institutions, and as a
result, may present greater risks than Tier 1 institutions.
Additionally, detailed regulatory and financial information regarding
Tier 2 institutions is less likely to be available and may not be
available in public form. Accordingly, the Supplemental Notice stated
that access requests by Tier 2 institutions would generally receive an
intermediate level of review.
---------------------------------------------------------------------------
\7\ The Supplemental Notice noted the Board would expect holding
companies of Tier 2 institutions to comply with similar requirements
as holding companies subject to the Bank Holding Company Act.
---------------------------------------------------------------------------
In the Supplemental Notice, proposed Tier 3 would consist of
eligible
[[Page 51101]]
institutions that are not federally insured and not subject to
prudential supervision by a federal banking agency at the institution
or holding company level. The Supplemental Notice stated that Tier 3
institutions may be subject to a supervisory or regulatory framework
that is substantially different from, and possibly weaker than, the
supervisory and regulatory framework that applies to federally-insured
institutions, and as a result may pose the highest level of risk.
Detailed regulatory and financial information regarding Tier 3
institutions may not exist or may be unavailable. Accordingly, the
Supplemental Notice stated that access requests by Tier 3 institutions
would generally receive the strictest level of review.
The Board sought comment on all aspects of the proposed three-
tiered review framework.
II. Discussion
The Board is adopting final Account Access Guidelines. Section 1 of
the final Account Access Guidelines is substantially the same as the
Original Proposal with minor changes to improve clarity in response to
comments received. As described further below, the Board has made
certain changes in Section 2 of the final Account Access Guidelines to
provide more comparable treatment between non-federally-insured
institutions chartered under state and federal law. Specifically, the
Board has revised Tier 2 to include a narrower set of non-federally-
insured national banks than the definition proposed in the Supplemental
Notice.\8\ Under the revised Tier 2, non-federally-insured institutions
that are chartered under federal law will only be considered in Tier 2
if the institution has a holding company that is subject to Federal
Reserve oversight. In addition, the Board is updating the Section 2
tiering framework to emphasize that the review of institutions'
requests will be completed on a case-by-case, risk-focused basis within
each of the three tiers.\9\ For example, Reserve Banks may take
comparatively longer to review access requests by institutions that
engage in novel activities for which authorities are still developing
appropriate supervisory and regulatory frameworks.
---------------------------------------------------------------------------
\8\ These revisions to Tier 2 apply only to non-federally-
insured institutions chartered under federal law. Under the final
Account Access Guidelines, a non-federally-insured institution
chartered under state law will (consistent with the Supplemental
Notice) be considered in Tier 2 if (i) the institution is subject to
prudential supervision by a federal banking agency, and (ii) to the
extent the institution has a holding company, that holding company
is subject to Federal Reserve oversight.
\9\ As described further below, the Board is making some other
minor updates to Section 2 of the Account Access Guidelines,
including clarifying that Edge and Agreement Corporations and U.S.
branches and agencies of foreign banks would fall under a Tier 2
level of review due to Federal Reserve oversight over these
institutions.
---------------------------------------------------------------------------
By adopting the final Account Access Guidelines, the Board would
establish a transparent and equitable framework for Reserve Banks to
apply consistently to access requests. To promote consistency, the
Reserve Banks are working together, in consultation with the Board, to
expeditiously develop an implementation plan for the final Guidelines.
A. Comments on the Original Proposal
The Board received 46 individual comment letters and 281 duplicate
form letters in response to the Original Proposal. Nearly all of the
comment letters expressed general support for the Proposed Guidelines,
and most letters also made recommendations for improvements. Commenters
represented several types of institutions, including (1) institutions
with traditional charters, such as banks and credit unions, and their
trade associations; (2) institutions with novel charters, such as
cryptocurrency custody banks, and their trade associations; and (3)
think tanks and non-profit advocacy groups. The views expressed by the
first category of commenters often conflicted with the views expressed
by the second category of commenters. The duplicate form letters
included recommendations that mirrored those submitted by trade
associations for institutions with traditional charters, which opposed
greater account access for institutions with novel charters.
Many commenters provided general comments on the Original Proposal
that addressed one or more of three high-level themes: (1) policy
requirements to gain access to accounts and services; (2)
implementation of the Proposed Guidelines; and (3) legal eligibility
for Reserve Bank accounts. Some commenters made recommendations related
to the Proposed Guidelines that did not fit into these themes and are
also described below. Lastly, some commenters provided responses to the
specific questions posed in the Original Proposal as well as comments
on specific principles in the Proposed Guidelines.
1. Policy Requirements To Gain Access to Accounts and Services
Most commenters, while supporting the Proposed Guidelines, provided
recommendations for improvements to the Guidelines that, in their view,
would assist the Board in achieving its stated policy goals. These
recommendations to amend the Proposed Guidelines were often
conflicting.
Many commenters made recommendations that would, in their view,
provide an easier path for institutions, particularly those with novel
charters, to successfully gain access to accounts and services. Some of
these commenters recommended that the Board provide more specific
requirements for access requests, so that requesting institutions,
chartering authorities, and other banking regulators would have more
clarity on what is required for obtaining access to accounts and
services. Other commenters stated that the Proposed Guidelines may be
ineffective if they are implemented in a way that subjects institutions
with novel charters to restrictions that resemble regulatory
requirements that do not fit their business models. While some
commenters generally stated that requirements for access to accounts
and services should accommodate institutions that have different levels
of regulatory oversight, others suggested that the Board establish
charter-specific requirements for account access. Some commenters
expressed concern about the statement in the Original Proposal that
``access requests from non-federally-insured institutions may require
more extensive due diligence,'' suggesting that this position would
stifle innovation to the extent that it would impose stricter
requirements on state-chartered institutions without federal deposit
insurance. Finally, some commenters recommended that the Board could
mitigate the risks posed by institutions with certain novel banking
charters by allowing such institutions to maintain limited-access
accounts that would provide a subset of services offered by Reserve
Banks.
Many commenters, on the other hand, recommended that the Proposed
Guidelines should provide a more challenging path for institutions with
novel charters to gain access to accounts and services. Many of these
commenters argued that the Proposed Guidelines should subject non-
federally-insured institutions to the same types of requirements as
apply to federally-insured depository institutions, regardless of the
institution's business model. These commenters generally argued that
institutions with novel charters are not subject to the same strict and
costly regulations or to the same rigorous reviews as apply to
traditional institutions, providing such institutions with unfair
advantages over institutions with traditional charters.
[[Page 51102]]
Some commenters recommended that the Proposed Guidelines include more
granular and strict standards, such as explicit capital and liquidity
requirements. Others recommended additional requirements for account
access, such as compliance with the Community Reinvestment Act and
consumer protection laws, or that Reserve Banks consider the risks from
an institution's affiliate relationships and subject an institution's
holding company to the Bank Holding Company Act. Still other commenters
suggested that the Proposed Guidelines should require all
accountholders that do not file call reports to publicly provide
periodic audited financial reports so that payment system participants
are better able to assess counterparty risk.
Board Response
The Board believes that the final Account Access Guidelines provide
a framework that will effectively support responsible innovation and
prudent risk management. The Account Access Guidelines establish a
consistent, comprehensive, and transparent framework for Reserve Banks
to analyze access requests on a case-by-case, risk-focused basis
reflecting the institution's full risk profile (including its business
model, size, complexity, and regulatory framework) and to mitigate, to
the extent possible, the risks identified. Furthermore, as noted in the
Original Proposal, each requesting institution's risk management and
governance infrastructure is expected both to meet existing regulatory
and supervisory requirements and to be sufficiently tailored to the
institution's business, in the Reserve Bank's assessment, to mitigate
the risks identified by the Account Access Guidelines.
As noted in the final Account Access Guidelines, a Reserve Bank may
implement risk mitigants including imposing conditions or restrictions
on an institution's access to accounts and services if necessary to
mitigate risks set forth in the Account Access Guidelines. Reserve
Banks also retain the discretion to deny a request for access to
accounts and services where, in the Reserve Bank's assessment, granting
access to the institution would pose risks that cannot be sufficiently
mitigated.
2. Implementation of the Account Access Guidelines
Many commenters provided recommendations related to how the
Proposed Guidelines will be implemented and how to promote consistency
in their application by Reserve Banks. Some of these commenters asked
the Board to specify the mechanism(s) by which such consistency would
be achieved. Other commenters went further, suggesting that the Board
should give consent and non-objection to Reserve Bank access-request
determinations, or that the Board should form a centralized (i.e.,
Board-led) evaluation committee to consider access requests. Further,
several commenters suggested various avenues for increased
communication from Reserve Banks about their decisions to grant or deny
account requests, including publishing decisions on access requests
(including any supporting analysis), maintaining an up-to-date list of
all institutions that have been granted access, and formally
communicating with state regulators about how the Federal Reserve views
particular state charters. In addition, many commenters recommended
that the Board establish timelines within which Reserve Banks must
grant or deny access requests, arguing that such timeliness would
provide greater transparency and give requesting institutions more
clarity on the resources and time needed for the evaluation process.
One commenter further argued that expectations of a lengthy review
process could discourage institutions with novel charters from
requesting accounts and thus discourage innovation.
Commenters expressed differing opinions on whether a Reserve Bank
should conduct an independent assessment of a requestor's risk profile.
Some commenters suggested that a Reserve Bank's assessment of a
requestor's risk profile should defer to the primary regulator's
assessment of the risks posed by the institution, while others said the
Board should ensure that a Reserve Bank conduct an independent risk
assessment separate from that of the institution's primary regulator.
Additionally, a few commenters suggested that the Board remove language
from the Proposed Guidelines that recognizes the authority granted to
Reserve Banks under the Federal Reserve Act to exercise discretion in
granting or denying requests for accounts and services.
Many commenters argued that the Proposed Guidelines should require
ongoing review of non-federally-insured institutions, so as to
appropriately monitor the risks that such institutions, and especially
those with novel charters, could pose after obtaining access to
accounts and services. Some commenters singled out cyber risk as a
specific area for ongoing review.
Board Response
In the final Account Access Guidelines, the Board's primary goal is
to establish a transparent and consistent framework for all access
requests across Reserve Banks from both risk and policy perspectives.
To emphasize this goal, the Board has incorporated in the introduction
to the final Account Access Guidelines the expectation that Reserve
Banks engage in consultation with the other Reserve Banks and the
Board, as appropriate, to support consistent implementation of the
Account Access Guidelines. In further support of this goal and as
explained further below, the Board has adopted a new Section 2 of the
Account Access Guidelines establishing a tiered review framework that
provides additional guidance on the level of due diligence and scrutiny
to be applied to access requests. Additionally, as noted previously,
the Reserve Banks are working together, in consultation with the Board,
to expeditiously develop an implementation plan for the final
Guidelines.
Regarding comments to disclose information on particular requests,
the Board notes that when evaluating access requests, Reserve Banks
communicate directly with the requestor and, in some cases, with the
institution's primary regulator, including by requesting additional
information, clarifying the status of the request, and communicating
any controls or limitations that might be placed on the account and
services. However, the identity of institutions that maintain accounts
at Reserve Banks, or that request access to accounts and services, is
considered confidential business information and, as such, public
disclosure of account status by the Reserve Banks would not be
appropriate.\10\
---------------------------------------------------------------------------
\10\ The Board notes that institutions may choose to self-
publicize their account and service requests and status.
---------------------------------------------------------------------------
The Board has also considered whether the final Account Access
Guidelines should include a timeline for completing reviews of access
requests by Reserve Banks. The Board believes that the nature of
relevant variables in access requests--including the variety of charter
types, business models, regulatory regimes, and risk profiles--
precludes specification of a single timeline. The Reserve Banks face
challenges in balancing the desire by requestors for a specific
timeline with Reserve Banks' need to perform thorough reviews of
requestors with novel, complex, or high-risk business plans, along with
requestors that are subject to novel regulatory regimes.
[[Page 51103]]
Setting a specific timeline could result in an increased number of
premature or unnecessary denials of access requests in cases where the
specified timeline does not allow the Reserve Banks sufficient time to
understand the intricacies of the requesting institutions' risk
profiles. Accordingly, the Board has not adopted a timeline expectation
in the final Account Access Guidelines, but the Board has added
language to emphasize the Board's expectations for Reserve Banks to
coordinate in focusing on both timeliness and consistency in evaluating
access requests.
The Board believes it is important that Reserve Banks evaluate both
the potential risks posed by an eligible institution's access request
and the potential actions to mitigate such risks. The final Account
Access Guidelines emphasize that a Reserve Bank should integrate, to
the extent possible, the assessments of an institution by state and/or
federal supervisors into the Reserve Bank's independent assessment of
the institution's risk profile. This integration will ensure that
Reserve Banks use all relevant data in pursuing the goal of prudent
risk management. The Board has also added language in the final Account
Access Guidelines that clarifies the respective roles of the Board
(Reserve Bank oversight) and the Reserve Banks (discretion in decision
making) with respect to evaluating access requests.
With regard to the recommendation for ongoing review of the risks
posed by non-federally-insured institutions' access to accounts and
services once an access request has been granted, the Board notes that
the introduction to the Account Access Guidelines includes language
discussing existing condition monitoring practices. The Board believes
that the Reserve Banks' existing risk-management practices sufficiently
address the risks identified by these comments without the need for an
explicit expectation in the Account Access Guidelines for ongoing
review of non-federally-insured institutions.
3. Legal Eligibility
Some commenters requested that the Guidelines more specifically
address legal eligibility for access to accounts and services. Others
presented arguments about what entities are, or should be, legally
eligible for access to accounts and services. Other commenters
suggested that the Board should issue a moratorium on granting access
requests made by institutions with novel charters until the Board
clarifies legal eligibility, that the Board should publish a list of
charter types already deemed to be legally eligible, or that the Board
should study account access decisions by other central banks. One
commenter argued that the Board should interpret the definition of a
``depository institution'' eligible for access to accounts and services
as broadly as possible to support expanded access to accounts and
services, which the commenter argued would support financial
innovation.
Several commenters recommended that the Board should ensure that
its interpretation of legal eligibility supports responsible financial
innovation as stated as a policy goal of the Board. Some of these
commenters recommended that the Board review legal eligibility broadly
to support innovation and expand eligibility. One commenter recommended
that the Board decouple legal eligibility for a Reserve Bank account
from eligibility for direct access to Federal Reserve financial
services. The commenter argued that decoupling direct access to
services from eligibility for accounts would have benefits for
consumers and pointed to other countries which have taken such action.
Board Response
As the Board noted in the Original Proposal, it has been
considering whether it may be useful to clarify the interpretation of
legal eligibility under the Federal Reserve Act for access to accounts
and services. After a careful analysis of this issue, the Board has
determined it is not necessary to do so at this time. The Account
Access Guidelines do not establish a legal eligibility standard, but
the first principle clearly states that institutions must be eligible
under the Federal Reserve Act or other federal statute to maintain an
account at a Reserve Bank. The Board believes this provides sufficient
clarity on what entities may legally request access to account and
services, and the Reserve Banks will continue to assess an
institution's legal eligibility under Principle 1 on a case-by-case
basis to ensure that only entities that are legally eligible may
request to obtain such access.\11\
---------------------------------------------------------------------------
\11\ While Reserve Banks exercise decision-making authority with
respect to access requests, the Board has interpretive authority
with respect to the Federal Reserve Act and thus is responsible for
interpreting the provisions of the Act concerning legal eligibility.
---------------------------------------------------------------------------
The Board notes that the purpose of the Account Access Guidelines
is to ensure that Reserve Banks evaluate a transparent and consistent
set of risk-focused factors when reviewing account requests. The Board
is not expanding (or limiting) the types of institutions that legally
may request access to Reserve Bank accounts and services.
4. Additional Comments
A. Comments Supporting a Ban on Novel Charter Account Access
Some commenters suggested that novel charters mix commercial and
financial activities and provide a ``back door entry'' into banking for
commercial entities. These commenters recommended that the Federal
Reserve not grant access requests from institutions with novel
charters.
Board Response
The Board does not believe that it is appropriate to categorically
exclude all novel charters from access to accounts and services. The
Account Access Guidelines as adopted are intended to be applied by
Reserve Banks to access requests from eligible institutions with both
novel and more traditional charters. The Board believes that the final
Account Access Guidelines will provide a robust framework for analyzing
and mitigating risks.
B. Comments Opposing the Proposed Guidelines
While most commenters supported the Original Proposal, three
commenters opposed the Proposed Guidelines entirely. One of these
commenters argued the Guidelines created opacity in the master account
process, not clarity. Two other commenters opposed the Proposal
because, in their view, the Proposed Guidelines would expand access to
accounts and services to institutions with novel business models that
pose high levels of risk to the payments and banking system.\12\
---------------------------------------------------------------------------
\12\ Many of these commenters pointed to ``fintech'' related
business models and other novel special purpose charters as posing
heightened risk to the payment system and financial markets.
---------------------------------------------------------------------------
Board Response
The Board believes that the final Account Access Guidelines provide
greater transparency and clarity than currently exist on the factors
that Reserve Banks should consider in evaluating access requests. The
Board also believes that the final Account Access Guidelines strike an
appropriate balance between providing transparency and allowing for
implementation of the Guidelines across a variety of potential
institutions that may request accounts (e.g., institutions with
differing charter types, business models, or regulatory regimes). The
Board believes that the final Account Access Guidelines create a
structured and sufficiently transparent framework that will help to
foster a
[[Page 51104]]
consistent evaluation of access requests across all twelve Reserve
Banks and will benefit the financial system broadly.
In response to the comments related to expansion of eligibility,
the Board emphasizes that, as noted previously, the Account Access
Guidelines do not establish legal eligibility standards but instead
establish a risk-focused framework for evaluating access requests from
legally eligible institutions under federal law.
C. Comments on Individual Principles
The Board received some comments on individual principles in the
Original Proposal. Several commenters, while on net supportive of
Principle 4 (Financial Stability) and Principle 6 (Monetary Policy
Implementation), suggested some refinements, including a specification
that most ``traditional'' institutions, due to their business model and
size, would not create risks to financial stability and/or monetary
policy implementation. Other commenters interpreted Principle 6 to
suggest that Reserve Banks, rather than the Board, have the authority
to establish the rate of interest on reserve balances (IORB). A few
commenters expressed concern that these principles would be challenging
to assess. Within this group, one commenter opined that the Board
should adapt its monetary policy practices to the economic reality
created by a competitive market rather than embed a monetary policy
principle in the Guidelines. Finally, many commenters commended the
Board for addressing these topics in the Guidelines; some of these
commenters asked the Board to expand its discussion of the potential
negative effects that granting account access to institutions with
novel charters could have on financial stability and monetary policy
implementation.
Board Response
The Board recognizes the concerns raised by commenters that the
principles focused on financial stability and monetary policy
implementation deal with complex topics requiring levels of analysis
and precision that may be challenging to address. For instance, it will
be difficult to forecast how granting account access to a requesting
institution would affect the level and variability of the demand for
and supply of reserves balances--which is important to monetary policy
implementation. However, the Federal Reserve is able to estimate the
potential risk posed by a requestor (such as the risk that an
institution might have large, unpredictable swings in its account
balance) and whether existing tools can adequately mitigate those
risks. The Board also recognizes that some smaller institutions with
traditional charters would likely not create risks to financial
stability or monetary policy implementation. Nevertheless, the Board
has determined that both the financial stability principle and the
monetary policy principle should remain in the final Account Access
Guidelines, because they provide full transparency to the public on the
types of factors Reserve Banks should consider in evaluating access
requests. In addition, the Board has amended a footnote in the Account
Access Guidelines to delete the language that a few commenters
interpreted to suggest that Reserve Banks have the authority to
establish the IORB rate.
D. Comments on Specific Questions
As noted previously, the Original Proposal posed three specific
questions and an additional open-ended question to the public.
a. Question 1
The Board asked whether the principles in the Proposed Guidelines
address all the risks that would be relevant to the Federal Reserve's
policy goals. Commenters generally agreed that the risks identified in
the Proposed Guidelines are relevant for the Reserve Banks to consider
when evaluating access requests. Many commenters raised concerns,
however, regarding the ability of Reserve Banks to mitigate these risks
in the case of institutions with novel charters that are not subject to
regulatory and supervisory oversight that is similar to that applied to
federally-insured institutions. Some commenters suggested that the
Proposed Guidelines should put greater emphasis on consumer protection,
particularly consumer privacy, and on cybersecurity risks.
Board Response
The Board notes that cybersecurity risk is included in Principle 2
(Risk to the Reserve Bank) and Principle 3 (Risk to the Payment System)
of the final Account Access Guidelines as a factor that Reserve Banks
should consider in their review of account requests. The Board also
notes that, while the Account Access Guidelines do not specify consumer
protection as an account-related risk, Principle 1 (Legal Eligibility)
provides that Reserve Banks should assess the extent to which an
institution's activities and services comply with applicable laws and
regulations, including those that address consumer protection. Lastly,
Section 2 of the final Account Access Guidelines (discussed further
below) provides additional guidance on the level of due diligence
expected by Reserve Banks for requests from institutions that are not
subject to regulatory and supervisory oversight similar to that applied
to federally-insured institutions.
b. Question 2
The Board asked whether the level of specificity in each principle
provides sufficient clarity and transparency about how the Reserve
Banks will evaluate requests. Many commenters addressing Question 2
recommended that the Board add more detail to the Proposed Guidelines
to increase the level of clarity and transparency.
Board Response
The Board's response to these comments is described in Section
II.A.
c. Question 3
The Board asked whether the principles support responsible
financial innovation. Several commenters stated that the Proposed
Guidelines achieve a balance between supporting responsible financial
innovation and managing the identified risks by allowing for
flexibility to accommodate different business models. Other commenters
expressed concern, however, that the implementation of the Proposed
Guidelines could stifle innovation if institutions were forced to
comply with rules and regulations that do not make sense for their
business model, size, or complexity.
Board Response
The Board believes the final Account Access Guidelines support
risk-focused, case-by-case review by Reserve Banks of access requests.
As such, the Board believes the Account Access Guidelines support
responsible innovation by balancing the provision of accounts and
services to a wide range of institutions on the one hand and managing
risks related to such access on the other. This is discussed in more
detail in Section II.A.
d. Question 4
The Board also requested comment on whether the Board or the
Reserve Banks should consider other steps or actions to facilitate the
review of access requests in a consistent and equitable manner. As
noted previously, commenters provided a wide range of comments that
recommended potential improvements to the Account Access Guidelines to
enhance their effectiveness.
Board Response
The Board addressed these comments in Section II.A-C.
[[Page 51105]]
E. Technical Changes
Principle 5 in the Account Access Guidelines addresses the risks to
the overall economy. While the Board did not receive specific comments
on Principle 5, it has made minor technical changes to the language to
ensure the clarity and accuracy of the discussions of institutions'
Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign
Assets Control (OFAC) requirements and compliance programs. The Board
has also made other minor technical edits to enhance the clarity of the
Guidelines (e.g., replacing the term ``factors'' with ``principles''
for consistency and clarifying the risk-free nature of Reserve Bank
balances).
B. Comments on the Supplemental Notice
The Board received 24 comment letters on the Supplemental Notice.
While most commenters generally expressed support for the proposed
tiering framework, four commenters objected to the manner in which the
proposed tiering framework would treat certain state-chartered
institutions. A different group of commenters supported the tiering
framework and called for heightened scrutiny of non-federally-insured
depository institutions that request Reserve Bank accounts. Many
commenters reiterated the comments that they previously submitted on
the Original Proposal.\13\ In particular, a number of commenters
recommended that non-federally-insured institutions, particularly those
in Tier 3, not be granted access to Reserve Bank accounts and services.
Additionally, one commenter, who supported the tiering framework
generally, objected to Reserve Banks subjecting institutions with
existing accounts to what the commenter termed ``new standards'' once
the Board's Proposed Guidelines are made final.
---------------------------------------------------------------------------
\13\ For example, many commenters restated comments relating to
legal eligibility for accounts and services, while other commenters
restated their comment suggesting that non-federally-insured
institutions should receive accounts and services only if they are
subject to the same regulatory framework as federally-insured
institutions. The Board addressed these comments in Section II.A,
supra.
---------------------------------------------------------------------------
1. Treatment of State-Chartered Institutions
Four commenters objected to the manner in which the proposed
tiering framework would treat certain state-chartered institutions.
These commenters principally argued that the proposed tiering framework
would (1) result in disparate treatment of non-federally-insured
institutions with state charters as compared to those with federal
charters; (2) undermine the dual banking system; and (3) ignore the
strong prudential regulation that some states have in place for non-
federally-insured institutions.
Broadly, this group of commenters focused their concerns on the
placement of depository institutions in proposed Tier 2 and Tier 3
while noting that they viewed Tier 1 as proposed as equitable and non-
problematic. In particular, these commenters expressed concerns that
non-federally-insured national trust banks (NTBs) chartered by the
Office of the Comptroller of the Currency (OCC) would receive
preferential treatment under the proposed guidelines and asserted that
many state-chartered trusts are subject to robust prudential
regulations. They further argued that the tiering framework erroneously
implies that NTBs are subject to a similar set of regulations as
federally-insured institutions. Two of the commenters further stated
that their respective state-chartered trust banks are subject to robust
regulation and supervision and suggested that these institutions should
be subject to a less strict level of review than the Board proposed.
Relatedly, these commenters argued that the proposed tiering
framework would introduce a bias in favor of federally-chartered
institutions compared to state-chartered institutions. They argued that
the tiering framework as proposed would result in an uneven playing
field that would undermine the dual banking system. One of the
commenters recommended that the Board revise the Proposed Guidelines to
ensure that access to Reserve Bank accounts and services be afforded to
eligible institutions on an equitable and impartial basis, regardless
of whether they are state-chartered or federally-chartered.
Lastly, these commenters objected to language in proposed Tier 3
that might imply that state banking authorities' supervision is weaker
than that of federal banking authorities. These commenters point to the
robust regulatory standards and close supervision that states have had
in place for many years for non-federally-insured institutions. One of
the commenters also noted that state regulators work closely with their
Reserve Bank on the supervision of state member banks.
One of the commenters recommended that the Account Access
Guidelines should not have a tiering framework but, alternatively, that
Reserve Banks should review access requests by applying an activity and
risk lens to access requests. A different commenter recommended that
the tiering framework should focus on an institution's past performance
as a key criterion for determining whether it is included in Tier 2 or
Tier 3.
Other commenters on the Supplemental Notice supported the tiering
framework as proposed, noting that it provides additional transparency
and clarity on the level of review an access request would receive
based on key characteristics. One commenter noted that the tiering
framework would help an institution requesting access understand
Reserve Bank expectations and take steps to demonstrate that
appropriate risk management policies and safeguards are in place.
Board Response
The Board has reviewed the comments provided and revised its
approach to Tiers 2 and 3 in the final Account Access Guidelines.
Specifically, the Board has made certain changes in Section 2 of the
final Account Access Guidelines to provide more comparable treatment
between non-federally-insured institutions chartered under state and
federal law. As discussed above, the Board has modified Tier 2 to
include a narrower set of non-federally-insured national banks than
proposed in the Supplemental Notice. Under the revised Tier 2, a non-
federally-insured institution chartered under federal law will be
considered in Tier 2 only if the institution has a holding company that
is subject to Federal Reserve oversight. In addition, a non-federally-
insured institution chartered under state law will (as proposed in the
Supplemental Notice) be considered in Tier 2 if (i) the institution is
subject (by statute) to prudential supervision by a federal banking
agency, and (ii) to the extent the institution has a holding company,
that holding company is subject to Federal Reserve oversight (by
statute or commitments).\14\
---------------------------------------------------------------------------
\14\ In practice, non-federally-insured institutions that are
chartered under state law are subject to prudential supervision by
the Board if they become members of the Federal Reserve System.
---------------------------------------------------------------------------
The Board believes it is appropriate to subject non-federally-
insured institutions that the Federal Reserve supervises to an
intermediate level of review under Tier 2, as the Reserve Banks already
have supervisory information about, as well as regulatory authority
over, such institutions and understands their risk profiles. Tier 3
will contain all other non-federally-insured institutions.
In addition, the Board has made minor updates to the proposed
tiering framework to emphasize that the review
[[Page 51106]]
of institutions' requests would be completed on a case-by-case, risk-
focused basis within the three tiers, meaning that, within each tier,
institutions with high-risk business models should be subject to more
intensive review than those with lower-risk business models.
Lastly, in response to concerns raised by some comments that the
language in the description of Tier 3 implies that supervision
conducted by state banking authorities is broadly weaker than federal
supervision, the Board has removed references to ``supervisory''
differences in the description of Tier 3.
2. Non-Federally-Insured Institutions
Several commenters expressed views that non-federally-insured
institutions as a class pose an unacceptable level of risk to the
payment system and financial markets. While some of these commenters
directed their comments towards institutions in both Tiers 2 and 3,
some focused solely on institutions in Tier 3. These commenters
expressed a view that these institutions are not subject to sufficient
regulation and as a result the Reserve Banks should not provide access
to Tier 3 institutions or to non-federally-insured institutions more
broadly.
Board Response
The Board does not believe that it is appropriate to categorically
exclude all Tier 3 or non-federally-insured institutions from access to
accounts and services. The Board believes that Tier 2 and 3
institutions represent a wide range of risk profiles (based on business
model, size, complexity, regulatory framework, and other factors), and
therefore a single response to account requests from this heterogenous
group would not be appropriate. The Account Access Guidelines as
adopted are intended to be applied by Reserve Banks to access requests
from eligible institutions and the Board believes that the final
Account Access Guidelines will provide a robust framework for analyzing
and mitigating risks.
3. New standards
One commenter objected to Reserve Banks subjecting institutions
with existing accounts to what the commenter termed ``new standards''
once the Board's Proposed Guidelines are made final.
Board Response
The Board has developed the Proposed Guidelines, in part, to
increase the level of transparency and consistency of the process used
by Reserve Banks to evaluate institutions' access to Reserve Bank
accounts and services. As noted above, the Proposed Guidelines are
informed by and incorporate, where possible, existing Reserve Bank
risk-management practices. As a result, the Board views the final
Account Access Guidelines as an evolution of existing practices rather
than the creation of ``new standards.'' Additionally, the Board
believes that in order for the Proposed Guidelines to be an effective
risk-mitigation tool they should be applied broadly including to
existing accounts. This view is supported by public comments on the
Original Proposal discussed above. The Board expects that any Reserve
Bank reevaluation of the risk of an institution's existing account will
include discussions with the institution and its regulators.
III. Conclusion
For the reasons set forth above, the Board is adopting final
Account Access Guidelines.
[This item will not publish in the Code of Federal Regulations]
IV. Account Access Guidelines
Guidelines Covering Access to Accounts and Services at Federal Reserve
Banks (Account Access Guidelines)
Section 1: Principles
The Board of Governors of the Federal Reserve System (Board) has
adopted account access guidelines comprised of six principles to be
used by Federal Reserve Banks (Reserve Banks) in evaluating requests
for master accounts and access to Reserve Bank financial services
(access requests).\1,2\ The Board has issued these account access
guidelines under its general supervision authority over the operations
of the Reserve Banks, 12 U.S.C. 248(j). Decisions on individual
requests for access to accounts and services are made by the Reserve
Bank in whose District the requestor is located.
---------------------------------------------------------------------------
\1\ As discussed in the Federal Reserve's Operating Circular No.
1, an institution has the option to settle its Federal Reserve
financial services transactions in its master account with a Reserve
Bank or in the master account of another institution that has agreed
to act as its correspondent. These principles apply to requests for
either arrangement.
\2\ Reserve Bank financial services mean all services subject to
Federal Reserve Act section 11A (``priced services'') and Reserve
Bank cash services. Financial services do not include transactions
conducted as part of the Federal Reserve's open market operations or
administration of the Reserve Banks' Discount Window.
---------------------------------------------------------------------------
The Account Access Guidelines apply to requests from all
institutions that are legally eligible to receive an account or
services, as discussed in more detail in the first principle.\3\ The
Board expects the Reserve Banks to engage in consultation with each
other and the Board, as appropriate, on reviews of account and service
requests, as well as ongoing monitoring of accountholders, to ensure
that the guidelines are implemented in a consistent and timely manner.
The Board believes it is important to make clear that legal eligibility
does not bestow a right to obtain an account and services. While
decisions regarding individual access requests remain at the discretion
of the individual Reserve Banks, the Board believes it is important
that the Reserve Banks apply a consistent set of guidelines when
reviewing such access requests to promote consistency across Reserve
Banks and to facilitate equitable treatment across institutions.
---------------------------------------------------------------------------
\3\ These principles would not apply to accounts provided under
fiscal agency authority or to accounts authorized pursuant to the
Board's Regulation N (12 CFR 214), joint account requests, or
account requests from designated financial market utilities, since
existing rules or policies already set out the considerations
involved in granting these types of accounts.
---------------------------------------------------------------------------
These Account Access Guidelines also serve to inform requestors of
the factors that a Reserve Bank will review in any access request and
thereby allow a requestor to make any enhancements to its risk
management, documentation, or other practices to attempt to demonstrate
how it meets each of the principles.
These guidelines broadly outline considerations for evaluating
access requests but are not intended to provide assurance that any
specific institution will be granted an account and services. The
individual Reserve Bank will evaluate each access request on a case-by-
case basis. When applying these account access guidelines, the Reserve
Bank should factor, to the extent possible, the assessments of an
institution by state and/or federal supervisors into its independent
analysis of the institution's risk profile. The evaluation of an
institution's access request should also consider whether the request
has the potential to set a precedent that could affect the Federal
Reserve's ability to achieve its policy goals now or in the future.
If the Reserve Bank decides to grant an access request, it may
impose (at the time of account opening, granting access to service, or
any time thereafter) obligations relating to, or conditions or
limitations on, use of the account or services as necessary to limit
operational, credit, legal, or other risks posed to the Reserve Banks,
the payment system, financial stability or the implementation of
monetary policy
[[Page 51107]]
or to address other considerations.\4\ The account-holding Reserve Bank
may, at its discretion, decide to place additional risk management
controls on the account and services, such as real-time monitoring of
account balances, as it may deem necessary to mitigate risks. If the
obligations, limitations, or controls are ineffective in mitigating the
risks identified or if the obligations, limitations, or controls are
breached, the account-holding Reserve Bank may further restrict the
institution's use of accounts and services or may close the account.
Establishment of an account and provision of services by a Reserve Bank
under these guidelines is not an endorsement or approval by the Federal
Reserve of the institution. Nothing in the Board's guidelines relieves
any institution from compliance with obligations imposed by the
institution's supervisors and regulators.
---------------------------------------------------------------------------
\4\ The conditions imposed could include, for example,
establishing a cap on the amount of balances held in the account. In
addition, the Board may authorize a Reserve Bank to pay a different
rate of interest on balances held in the account or may limit the
amount of balances in the account that receive interest.
---------------------------------------------------------------------------
Accordingly, Reserve Banks should evaluate how each institution
requesting access to an account and services will meet the following
principles.\5\ Each principle identifies factors that Reserve Banks
should consider when evaluating an institution against the specific
risk targeted by the principle (several factors are pertinent to more
than one principle).
---------------------------------------------------------------------------
\5\ The principles are designed to address risks posed by an
institution having access to an account and services, ranging from
narrow risks (e.g., to an individual Reserve Bank) to broader risks
(e.g., to the overall economy). Review activities performed by the
Reserve Bank may address several principles at once.
---------------------------------------------------------------------------
The identified factors are commonly used in the regulation and
supervision of federally-insured institutions. As a result, the Board
anticipates the application of the account access guidelines to access
requests by federally-insured institutions will be fairly
straightforward in most cases which is consistent with Section 2 of
these Guidelines. However, Reserve Bank assessments of access requests
from non-federally-insured institutions may require more extensive due
diligence. Reserve Banks monitor and analyze the condition of
institutions with access to accounts and services on an ongoing basis.
Reserve Banks should use the guidelines to re-evaluate the risks posed
by an institution in cases where its condition monitoring and analysis
indicate potential changes in the risk profile of an institution,
including a significant change to the institution's business model.
1. Each institution requesting an account or services must be
eligible under the Federal Reserve Act or other federal statute to
maintain an account at a Federal Reserve Bank (Reserve Bank) and
receive Federal Reserve services and should have a well-founded, clear,
transparent, and enforceable legal basis for its operations.\6\
---------------------------------------------------------------------------
\6\ These principles do not apply to accounts and services
provided by a Reserve Bank (i) as depository and fiscal agent, such
as those provided for the Treasury and for certain government-
sponsored entities (12 U.S.C. 391, 393-95, 1823, 1435), (ii) to
certain international organizations (22 U.S.C. 285d, 286d, 290o-3,
290i-5, 290l-3), (iii) to designated financial market utilities (12
U.S.C. 5465), (iv) pursuant to the Board's Regulation N (12 CFR
214), or (v) pursuant to the Board's Guidelines for Evaluating Joint
Account Requests.
---------------------------------------------------------------------------
a. Unless otherwise specified by federal statute, only those
entities that are member banks or meet the definition of a depository
institution under section 19(b) of the Federal Reserve Act are legally
eligible to obtain Federal Reserve accounts and financial services.\7\
---------------------------------------------------------------------------
\7\ Unless otherwise expressly excluded under the previous
footnote, these principles apply to account requests from all
institutions, including member banks or other entities that meet the
definition of a depository institution under section 19(b) (12
U.S.C. 461(b)(1)(A)), as well as Edge and Agreement Corporations (12
U.S.C. 601-604a, 611-631), and U.S. branches and agencies of foreign
banks (12 U.S.C. 347d).
---------------------------------------------------------------------------
b. The Reserve Bank should assess the consistency of the
institution's activities and services with applicable laws and
regulations, such as Article 4A of the Uniform Commercial Code and the
Electronic Fund Transfer Act (15 U.S.C. 1693 et seq). The Reserve Bank
should also consider whether the design of the institution's services
would impede compliance by the institution's customers with U.S.
sanctions programs, Bank Secrecy Act (BSA) and anti-money laundering
(AML) requirements or regulations, or consumer protection laws and
regulations.
2. Provision of an account and services to an institution should
not present or create undue credit, operational, settlement, cyber or
other risks to the Reserve Bank.
a. The Reserve Bank should incorporate, to the extent possible, the
assessments of an institution by state and/or federal supervisors into
its independent assessment of the institution's risk profile.
b. The Reserve Bank should confirm that the institution has an
effective risk management framework and governance arrangements to
ensure that the institution operates in a safe and sound manner, during
both normal conditions and periods of idiosyncratic and market stress.
i. For these purposes, effective risk management includes having a
robust framework, including policies, procedures, systems, and
qualified staff, to manage applicable risks. The framework should at a
minimum identify, measure, and control the particular risks posed by
the institution's business lines, products and services. The
effectiveness of the framework should be further supported by internal
testing and internal audit reviews.
ii. The framework should be subject to oversight by a board of
directors (or similar body) as well as oversight by state and/or
federal banking supervisor(s).
iii. The framework should clearly identify all risks that may arise
related to the institution's business (e.g., legal, credit, liquidity,
operational, custody, investment) as well as objectives regarding the
risk tolerances for the management of such risks.
c. The Reserve Bank should confirm that the institution is in
substantial compliance with its supervisory agency's regulatory and
supervisory requirements.
d. The institution must, in the Reserve Bank's judgment:
i. Demonstrate an ability to comply, were it to obtain a master
account, with Board orders and policies, Reserve Bank agreements and
operating circulars, and other applicable Federal Reserve requirements.
ii. Be in sound financial condition, including maintaining adequate
capital to continue as a going concern and to meet its current and
projected operating expenses under a range of scenarios.
iii. Demonstrate the ability, on an ongoing basis (including during
periods of idiosyncratic or market stress), to meet all of its
obligations in order to remain a going concern and comply with its
agreement for a Reserve Bank account and services, including by
maintaining:
A. Sufficient liquid resources to meet its obligations to the
Reserve Bank under applicable agreements, operating circulars, and
Board policies;
B. The operational capacity to ensure that such liquid resources
are available to satisfy all such obligations to the Reserve Bank on a
timely basis; and
C. Settlement processes designed to appropriately monitor balances
in its Reserve Bank account on an intraday basis, to process
transactions through its account in an orderly manner and maintain/
achieve a positive account balance before the end of the business day.
[[Page 51108]]
iv. Have in place an operational risk framework designed to ensure
operational resiliency against events associated with processes,
people, and systems that may impair the institution's use and
settlement of Reserve Bank services. This framework should consider
internal and external factors, including operational risks inherent in
the institution's business model, risks that might arise in connection
with its use of any Reserve Bank account and services, and cyber-
related risks. At a minimum, the operational risk framework should:
A. Identify the range of operational risks presented by the
institution's business model (e.g., cyber vulnerability, operational
failure, resiliency of service providers), and establish sound
operational risk management objectives to address such risks;
B. Establish sound governance arrangements, rules, and procedures
to oversee and implement the operational risk management framework;
C. Establish clear and appropriate rules and procedures to carry
out the risk management objectives;
D. Employ the resources necessary to achieve its risk management
objectives and implement effectively its rules and procedures,
including, but not limited to, sound processes for physical and
information security, internal controls, compliance, program
management, incident management, business continuity, audit, and well-
qualified personnel; and
E. Support compliance with the electronic access requirements,
including security measures, outlined in the Reserve Banks' Operating
Circular 5 and its supporting documentation.
3. Provision of an account and services to an institution should
not present or create undue credit, liquidity, operational, settlement,
cyber or other risks to the overall payment system.
a. The Reserve Bank should incorporate, to the extent possible, the
assessments of an institution by state and/or federal supervisors into
its independent assessment of the institution's risk profile.
b. The Reserve Bank should confirm that the institution has an
effective risk management framework and governance arrangements to
limit the impact that idiosyncratic stress, disruptions, outages, cyber
incidents, or other incidents at the institution might have on other
institutions and the payment system broadly. The framework should
include:
i. Clearly defined operational reliability objectives and policies
and procedures in place to achieve those objectives.
ii. A business continuity plan that addresses events that have the
potential to disrupt operations and a resiliency objective to ensure
the institution can resume services in a reasonable timeframe.
iii. Policies and procedures for identifying risks that external
parties may pose to sound operations, including interdependencies with
affiliates, service providers, and others.
c. The Reserve Bank should identify actual and potential
interactions between the institution's use of a Reserve Bank account
and services and (other parts of) the payment system.
i. The extent to which the institution's use of a Reserve Bank
account and services might restrict funds from being available to
support the liquidity needs of other institutions should also be
considered.
d. The institution must, in the Reserve Bank's judgment:
i. Be in sound financial condition, including maintaining adequate
capital to continue as a going concern and to meet its current and
projected operating expenses under a range of scenarios.
ii. Demonstrate the ability, on an ongoing basis (including during
periods of idiosyncratic or market stress), to meet all of its
obligations in order to remain a going concern and comply with its
agreement for a Reserve Bank account and services, including by
maintaining:
A. Sufficient liquid resources to meet its obligations to the
Reserve Bank under applicable agreements, Operating Circulars, and
Board policies;
B. The operational capacity to ensure that such liquid resources
are available to satisfy all such obligations to the Reserve Bank on a
timely basis; and
C. Settlement processes designed to appropriately monitor balances
in its Reserve Bank account on an intraday basis, to process
transactions through its account in an orderly manner and maintain/
achieve a positive account balance before the end of the business day.
iii. Have in place an operational risk framework designed to ensure
operational resiliency against events associated with processes,
people, and systems that may impair the institution's payment system
activities. This framework should consider internal and external
factors, including operational risk inherent in the institution's
business model, risk that might arise in connection with its use of the
payment system, and cyber-related risks. At a minimum, the framework
should:
A. Identify the range of operational risks presented by the
institution's business model (e.g., cyber vulnerability, operational
failure, resiliency of service providers), and establish sound
operational risk management objectives;
B. Establish sound governance arrangements, rules, and procedures
to oversee the operational risk management framework;
C. Establish clear and appropriate rules and procedures to carry
out the risk management objectives;
D. Employ the resources necessary to achieve its risk management
objectives and implement effectively its rules and procedures,
including, but not limited to, sound processes for physical and
information security, internal controls, compliance, program
management, incident management, business continuity, audit, and well-
qualified personnel.
4. Provision of an account and services to an institution should
not create undue risk to the stability of the U.S. financial system.
a. The Reserve Bank should incorporate, to the extent possible, the
assessments of an institution by state and/or federal supervisors into
its independent assessment of the institution's risk profile.
b. The Reserve Bank should determine, in consultation with the
other Reserve Banks and Board as appropriate, whether the access to an
account and services by an institution itself or a group of like
institutions could introduce financial stability risk to the U.S.
financial system.
c. The Reserve Bank should confirm that the institution has an
effective risk management framework and governance arrangements for
managing liquidity, credit, and other risks that may arise in times of
financial or economic stress.
d. The Reserve Bank should consider the extent to which, especially
in times of financial or economic stress, liquidity or other strains at
the institution may be transmitted to other segments of the financial
system.
e. The Reserve Bank should consider the extent to which, especially
during times of financial or economic stress, access to an account and
services by an institution itself (or a group of like institutions)
could affect deposit balances across U.S. financial institutions more
broadly and whether any resulting movements in deposit balances could
have a deleterious effect on U.S. financial stability.
i. Balances held in Reserve Bank accounts present no credit or
liquidity risk, making them very attractive in times of financial or
economic stress. As
[[Page 51109]]
a result, in times of stress, investors that would otherwise provide
short- term funding to nonfinancial firms, financial firms, and state
and local governments could rapidly withdraw that funding and instead
deposit their funds with an institution holding mostly central bank
balances. If the institution is not subject to capital requirements
similar to a federally-insured institution, it can more easily expand
its balance sheet during times of stress; as a result, the potential
for sudden and significant deposit inflows into that institution is
particularly large, which could disintermediate other parts of the
financial system, greatly amplifying stress.
5. Provision of an account and services to an institution should
not create undue risk to the overall economy by facilitating activities
such as money laundering, terrorism financing, fraud, cybercrimes,
economic or trade sanctions violations, or other illicit activity.
a. The Reserve Bank should incorporate, to the extent possible, the
assessments of an institution by state and/or federal supervisors into
its independent assessment of the institution's risk profile.
b. The Reserve Bank should confirm that the institution has a BSA/
AML compliance program consisting of the components set out below and
in relevant regulations.\8\
---------------------------------------------------------------------------
\8\ Refer to 12 CFR 208.62 and 63, 12 CFR 211.5(k), 5(m), 24(f),
and 24(j), and 12 CFR 225.4(f) (Federal Reserve); 12 CFR 326.8 and
12 CFR part 353 (FDIC); 12 CFR 748.1-2 (NCUA); 12 CFR 21.11, and 21,
and 12 CFR 163.180 (OCC); and 31 CFR 1020.210(a) and (b), and 31 CFR
1020.320 (FinCEN), which are controlling.
---------------------------------------------------------------------------
i. For these purposes, the Reserve Bank should confirm that the
institution's BSA/AML compliance program contains the following
elements.\9\
---------------------------------------------------------------------------
\9\ Reserve Banks may reference the FFIEC BSA/AML Manual. These
guidelines may be updated to reflect any changes to relevant
regulations.
---------------------------------------------------------------------------
A. A system of internal controls, including policies and
procedures, to ensure ongoing BSA/AML compliance;
B. Independent audit and testing of BSA/AML compliance to be
conducted by bank personnel or by an outside party;
C. Designation of an individual or individuals responsible for
coordinating and monitoring day-to-day compliance (BSA compliance
officer);
D. Ongoing training for appropriate personnel, tailored to each
individual's specific responsibilities, as appropriate;
E. Appropriate risk-based procedures for conducting ongoing
customer due diligence to include, but not limited to, understanding
the nature and purpose of customer relationships for the purpose of
developing a customer risk profile and conducting ongoing monitoring to
identify and report suspicious transactions and, on a risk basis, to
maintain and update customer information;
c. The Reserve Bank should confirm that the institution has a
compliance program designed to support its compliance with the Office
of Foreign Assets Control (OFAC) regulations at 31 CFR Chapter V.\10\
---------------------------------------------------------------------------
\10\ Reserve Banks may reference the OFAC section of the FFIEC
BSA/AML Manual. These guidelines may be updated to reflect any
changes to relevant regulations.
---------------------------------------------------------------------------
i. For these purposes, the Reserve Bank may review the
institution's written OFAC compliance program, provided one has been
created, and confirm that it is commensurate with the institution's
OFAC risk profile. An OFAC compliance program should identify higher-
risk areas, provide for appropriate internal controls for screening and
reporting, establish independent testing for compliance, designate a
bank employee or employees as responsible for OFAC compliance, and
create a training program for appropriate personnel in all relevant
areas of the institution.
6. Provision of an account and services to an institution should
not adversely affect the Federal Reserve's ability to implement
monetary policy.
a. The Reserve Bank should incorporate, to the extent possible, the
assessments of an institution by state and/or federal supervisors into
its independent assessment of the institution's risk profile.
b. The Reserve Bank should determine, in consultation with the
other Reserve Banks and the Board as appropriate, whether access to an
account and services by an institution itself or a group of like
institutions could have an effect on the implementation of monetary
policy.
c. The Reserve Bank should consider, among other things, whether
access to a Reserve Bank account and services by the institution or
group of like institutions could affect the level and variability of
the demand for and supply of reserves, the level and volatility of key
policy interest rates, the structure of key short-term funding markets,
and on the overall size of the consolidated balance sheet of the
Reserve Banks. The Reserve Bank should consider the implications of
providing an account to the institution in normal times as well as in
times of stress. This consideration should occur regardless of the
current monetary policy implementation framework in place.
Section 2: Tiered Review Framework
The tiered review framework in this section is meant to serve as a
guide to the level of due diligence and scrutiny to be applied by
Reserve Banks to different types of institutions. Although institutions
in a higher tier will on average face greater due diligence and
scrutiny than institutions in a lower tier, a Reserve Bank has the
authority to grant or deny an access request by an institution in any
of the three proposed tiers, based on the Reserve Bank's application of
the Account Access Guidelines in Section 1 to that particular
institution. As discussed above, an institution's access request will
be reviewed on a case-by-case, risk-focused basis and the tiers are
designed to provide additional transparency into the expected review
process based on key characteristics.
1. Tier 1: Eligible institutions that are federally insured.\11\
---------------------------------------------------------------------------
\11\ See 12 U.S.C. 1813(c)(2) (defining ``insured depository
institution'' for purposes of the Federal Deposit Insurance Act) and
12 U.S.C. 1752(7) (defining ``insured credit union'' for purposes of
the Federal Credit Union Act).
---------------------------------------------------------------------------
a. As federally-insured depository institutions, Tier 1
institutions are already subject to a standard, strict, and
comprehensive set of federal banking regulations.
b. In addition, for most Tier 1 institutions, detailed regulatory
and financial information would in most cases be readily available,
often in public form.
c. Accordingly, access requests by Tier 1 institutions will
generally be subject to a less intensive and more streamlined review.
d. In cases where the application of the Guidelines to Tier 1
institutions identifies potentially higher risk profiles, the
institutions will receive additional attention.
2. Tier 2: Eligible institutions that are not federally insured but
are subject (by statute) to prudential supervision by a federal banking
agency.\12\ In addition, (i) if such an institution is chartered under
federal law, it has a holding company that is subject to Federal
Reserve oversight (by statute or commitments); and (ii) if such an
institution is
[[Page 51110]]
chartered under state law and has a holding company, that holding
company is subject to Federal Reserve oversight (by statute or
commitments).\13\
---------------------------------------------------------------------------
\12\ The federal banking agencies include the Board, the Office
of the Comptroller of the Currency (OCC), the Federal Deposit
Insurance Corporation, and the National Credit Union Administration.
Non-federally-insured institutions that are chartered under federal
law are subject to prudential supervision by the OCC. Non-federally-
insured institutions that are chartered under state law are subject
to prudential supervision by the Board if they become members of the
Federal Reserve System.
\13\ Edge and Agreement Corporations and U.S. branches and
agencies of foreign banks would fall under a Tier 2 level of review
because of Federal Reserve oversight over these institutions.
---------------------------------------------------------------------------
a. Tier 2 institutions are subject to a similar, but not identical,
set of regulations as federally-insured institutions. As a result, Tier
2 institutions may still present greater risks than Tier 1
institutions.
b. Reserve Banks will have significant supervisory information
about, as well as some level of regulatory authority over, Tier 2
institutions.
c. Accordingly, account access requests by Tier 2 institutions will
generally receive an intermediate level of review.
3. Tier 3: Eligible institutions that are not federally insured and
are not considered in Tier 2.
a. Non-federally-insured institutions that are chartered under
federal law but do not have a holding company subject to Federal
Reserve oversight would be considered in Tier 3.
b. Non-federally-insured institutions that are chartered under
state law and are not subject (by statute) to prudential supervision by
a federal banking agency, or have a holding company that is not subject
to Federal Reserve oversight, would be considered in Tier 3.
c. Tier 3 institutions may be subject to a regulatory framework
that is substantially different from the regulatory framework that
applies to federally-insured institutions.
d. In addition, detailed regulatory and financial information
regarding Tier 3 institutions may not exist or may be unavailable.
e. Accordingly, Tier 3 institutions will generally receive the
strictest level of review.
-End-
By order of the Board of Governors of the Federal Reserve
System.
Ann Misback,
Secretary of the Board.
[FR Doc. 2022-17885 Filed 8-18-22; 8:45 am]
BILLING CODE 6210-01-P
</pre></body>
</html>Indexed from Federal Register on August 19, 2022.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.