Federal regulators continue to advise on how banks and credit unions conduct due diligence for digital assets solution providers.
A lapse in vetting could expose FIs to an array of risks, ranging from reputational impact to non-compliance with government sanctions and BSA requirements.
In its Fiscal Year 2023 Bank Supervision Operating Plan, the OCC urged examiners to determine if banks apply proper risk management governance to third-party relationships. Examiners were encouraged to ensure banks conduct the proper due diligence for potential relationships.
Risk management governance applies to any third-party relationship, including fintechs. Examiners should identify if a bank's relationships involve customer-facing products and services, are critical to operations, represent significant concentrations, affect operational resilience, or impact regulatory compliance. They should also determine if a bank and its third parties have sufficient, qualified staff to meet contractual obligations. Cyber-related risks are another important consideration.
The direction goes beyond crypto and other digital assets.
The OCC wants examiners to identify banks that implement significant operational changes using innovations such as cloud computing, AI, digitized risk management processes, and Banking-as-a-Service (BaaS) arrangements. When new products, including crypto-related services, are present, examiners should evaluate items such as reviews of due diligence activities and evaluations of expertise to manage a wide range of risks.
Finally, examiners should assess whether banks sought and received supervisory non-objections before engaging in highlighted activities.
A recent OCC regulatory order, along with messaging from the Federal Deposit Insurance Corp. on crypto relationships, provides more evidence that federal regulators are closely watching how banks evaluate their fintech relationships.
Global Adoption Rises
Other factors are increasing the importance of conducting proper due diligence, including the growing popularity of offering digital assets and leveraging digital ledger technologies (DLT). We continue to see worldwide adoption and buildout of the crypto rails in countries like Vietnam, the Philippines, Ukraine, and India.
Users in lower-middle and upper-middle-income countries often rely on crypto to send remittances, preserve savings in times of fiat currency volatility, and fulfill other financial needs unique to their economies. These countries tend to lean on Bitcoin and stablecoins more than others.
As a result of this adoption, financial institutions around the world are starting to offer digital assets and install digital ledger technologies (DLT), reflecting client demand and recognition that adoption provides opportunities to add revenue, cut costs, and gain clients.
Here are a few examples:
- Revolut(UK) offers a variety of banking services as well as the ability to purchase Bitcoin through its app
- Change (Estonia) offers crypto trading services and investment options in traditional assets such as stocks, gold, indices, and commodities
- Worldcore (Czech Republic) offers users the ability to spend via debit and virtual cards in various currencies, including crypto
We've seen several FIs offer services to retail and institutional investors in the US. While most of these solutions are focused on retail clients and offer crypto buy/sell/hold options, BNY Mellon, America's oldest bank with $43 trillion in assets under custody, has begun offering custodial services for its institutional clients. When surveying those clients, BNY Mellon found that 91% were interested in investing in tokenized products, and 41% already had them in their portfolios.
JPMorgan Chase is another bank that has invested in DLT. It has an entire business unit called Onyx that focuses on digitizing assets and providing real-time cross-border settlement. And Current, a fintech provider, uses DLT to lower operating expenses, letting it offer higher-than-average yields.
The Bottom Line
For the past two years, SRM has been helping financial institutions identify and evaluate the risks of engaging with digital assets and DLT. Due diligence is challenging for banks and credit unions to handle independently. Even if an FI believes it has identified a good digital asset partner, it is critical to have an independent review of that decision.
SRM welcomes the opportunity to help determine if digital assets and/or DLT would benefit your financial institution and assist in finding the right partner(s) to deliver a compliant and scalable solution in a timely manner. Contact us if you would like to discuss the potential benefits of digital assets or DLT.