10/02/2024 | News release | Distributed by Public on 10/02/2024 08:14
The FDIC proposal is the latest measure by the federal banking agencies to address perceived risks arising from bank-fintech arrangements - in this case, those involving "custodial accounts with transactional features." Through recordkeeping and related requirements, the proposal seeks to ensure that banks, as well as the FDIC, can quickly assess amounts held by beneficial owners of these accounts upon the failure of banks, fintech partners or other service providers to these arrangements.
The FDIC recently proposed a rule intended to strengthen insured depository institutions' (IDIs) recordkeeping for custodial deposit accounts with transactional features.[1] As highlighted in the statements of several FDIC officials,[2] the proposal is part of a trend among the federal banking agencies to increase scrutiny of IDI-fintech relationships. For example, in a recent joint statement, the federal banking agencies expressed concerns about the perceived risks associated with banking-as-a-service (BaaS) and similar arrangements between IDIs and fintechs (or other nonbanks), while also expressing support for such relationships as long as they are appropriately structured and conducted in a safe and sound manner. See here for our client update regarding this statement.
The accounts that are the subject of the FDIC's latest proposal are "custodial deposit accounts with transactional features." Essentially, these are accounts that pool the funds of multiple underlying beneficial owners (typically the customers of a fintech) to support deposit and payment services through a third-party account holder, such as a fintech. The proposal seeks to facilitate prompt and accurate determination of beneficial owners' deposit insurance coverage in the event of a failure of an IDI. The proposal also seeks to reduce the likelihood of a disruption to beneficial owners' access to their funds in the event of an IDI's or account holder's failure, an impact that prominently occurred in the wake of the recent failure of a fintech "middleware" company.
Below is a discussion of certain key takeaways from the proposal, as well as a brief summary of the proposal's requirements. Comments on the proposal are due 60 days after the date of publication in the Federal Register.
The proposal would only apply to IDIs that hold "custodial deposit accounts with transactional features." The proposal defines custodial deposit accounts with transactional features as deposit accounts that meet three requirements:
Essentially, the proposal would apply to any custodial deposit account established by an account holder on behalf of beneficial owners and used by beneficial owners to transact with other third parties-for example, to make purchases or pay bills.
Certain types of custodial deposit accounts are exempted from the proposal because the FDIC believes that the policy objectives of the proposal would not be advanced by applying additional recordkeeping requirements to those accounts because either (i) the account is not expected to have transactional features or (ii) the account is already subject to recordkeeping requirements through another regulatory regime. Exempted custodial deposit accounts include, among others, custodial deposit accounts that hold only trust deposits; that are established at an IDI by government depositors, brokers, dealers or investment advisers; that are created in connection with employee benefits plans and retirement plans; and that are maintained in connection with a deposit placement network for purposes other than payment transactions.
Even with these exemptions, the proposal estimates that between 600 and 1,100 IDIs would be required to comply with the proposal. In his statement on the proposal, Vice Chairman Hill advocated for some form of minimum threshold to trigger the requirements of the proposal. Otherwise, according to Vice Chairman Hill, if an IDI has one covered custodial deposit account, it would be required to fully comply with all aspects of the proposal, including compliance, annual certification and reporting requirements. He opined that only "a few dozen" IDIs are heavily engaged in the type of activity targeted by the proposal and suggested that the proposal be more narrowly tailored to apply to such IDIs.
The cornerstone requirement of the proposal is that IDIs holding covered custodial deposit accounts would need to implement certain standardized recordkeeping requirements, which the FDIC indicates are intended to mitigate risks relating to account record discrepancies between IDIs and fintech or nonbank partners. In particular, IDIs would be required to maintain records establishing:
The proposal would require that these records be maintained in a specific electronic file format, which is described in detail in Appendix A to the proposal.[7]
The proposal would also require IDIs holding covered custodial deposit accounts to maintain internal controls that:
The proposal makes clear that the internal controls should "enable the IDI to be able to accurately determine individual beneficial ownership interests for deposits held in custodial deposit accounts, and would expedite a deposit insurance determination in the event of the IDI's failure."
In the proposal, the FDIC recognizes that many IDIs, including community banks, regularly rely on third-party vendors or software providers to assist in carrying out certain banking functions. Therefore, under the proposal, IDIs may choose to maintain the records required by the proposal through a contractual relationship with a third party, including the fintech or other nonbank partner itself. The FDIC also recognizes in the proposal that these third-party relationships can become complex and lead to operational challenges in the event of a failure. Therefore, if relying on a third party, the IDI would be required to have:
IDIs would remain responsible for compliance with the rule even if they contract with third parties for the provision of recordkeeping services. As a result, the proposal would not only impact the recordkeeping and compliance practices of IDIs, but would likely have a significant impact on those of their fintech and other nonbank partners.
The proposal would impose compliance requirements on IDIs with covered custodial deposit accounts to maintain written policies and procedures to ensure compliance with the rule. If an IDI chooses to maintain the records required by the proposal through a third party, then the IDI's written policies and procedures would also be required to address achieving compliance with the requirements specific to maintaining records through a third party described above.
In addition, IDIs holding covered custodial deposit accounts would be required to implement an annual certification and reporting process. With regard to the certification, IDIs' chief executive officer, chief operating officer or the highest ranking official of the IDI would be required to annually certify that the IDI:
IDIs would also be required to prepare an annual report containing:
An IDI would be required to submit the certification and report to the FDIC and the IDI's primary federal regulator (i.e., the Federal Reserve or OCC for state member banks or national banks, respectively). Although required annually, the proposal gives the FDIC and the IDI's primary regulator the authority to require the certification and report more frequently if an IDI experiences a significant change in its deposit-taking operations or an elevated risk of compliance is identified.
In his statement, Vice Chairman Hill stated that the proposal should be revised to align with the comparable requirements in the safety and soundness standards of 12 C.F.R. Part 370. Those regulations do not include a policies and procedures requirement, and the certification of compliance is qualified to "the best of the knowledge and belief [of the applicable officer] after due inquiry." Vice Chairman Hill stated that he believes such revisions would reduce the burden on IDIs, while still achieving the proposal's objectives.
Under the proposal, violations of its requirements could be addressed through the supervisory process, including though examinations or enforcement actions.
[1] Recordkeeping for Custodial Accounts, https://www.fdic.gov/system/files/2024-09/fr-npr-on-requirements-for-custodial-deposit-accounts.pdf.
[2] See, e.g., Statement by Martin J. Gruenberg Chairman, FDIC Notice of Proposed Rule: Requirements for Custodial Deposit Accounts with Transactional Features and Prompt Payment of Deposit Insurance to Depositors, https://www.fdic.gov/news/speeches/2024/statement-martin-j-gruenberg-chairman-fdic-notice-proposed-rule-requirements.
[3] Statement by Vice Chairman Travis Hill on Notice of Proposed Rulemaking on Custodial Deposit Accounts with Transaction Features and Prompt Payment of Deposit Insurance to Depositors, https://www.fdic.gov/news/speeches/2024/statement-vice-chairman-travis-hill-notice-proposed-rulemaking-custodial-deposit#.
[4] Statement by Jonathan McKernan, Director, FDIC Board of Directors, on Proposed Recordkeeping for Custodial Accounts, https://www.fdic.gov/news/speeches/2024/statement-jonathan-mckernan-director-fdic-board-directors-proposed-recordkeeping.
[5] Statement of CFPB Director Rohit Chopra, Member, FDIC Board of Directors, on Stopping Fintech Deposit Meltdowns, https://www.consumerfinance.gov/about-us/newsroom/statement-of-cfpb-director-rohit-chopra-member-fdic-board-of-directors-on-stopping-fintech-deposit-meltdowns/#:~:text=Consumers%20should%2C%20at%20the%20very,the%20FDIC%20name%20or%20logo.
[6] See our other client updates on the FDIC's request for information on deposit data and deposit insurance reform, proposal to expand its reach over some investments in bank holding companies and proposal to significantly expand the brokered deposit rule, as well as the Federal Reserve, FDIC and OCC's joint guidance on banking organizations' management of risks associated with third-party relationships and the Financial Stability Oversight Council's proposals regarding its authority to designate nonbank financial companies for Federal Reserve supervision and regulation.
[7] Appendix A to Part 375-Data Format and Structure, https://www.fdic.gov/system/files/2024-09/fr-npr-on-requirements-for-custodial-deposit-accounts.pdf.