[Federal Register Volume 87, Number 160 (Friday, August 19, 2022)]
[Notices]
[Pages 51099-51110]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-17885]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

[Docket No. OP-1747]


Guidelines for Evaluating Account and Services Requests

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Final guidance.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
has approved final guidelines (Account Access Guidelines) for Federal 
Reserve Banks (Reserve Banks) to utilize in evaluating requests for 
access to Reserve Bank master accounts and services (accounts and 
services).

DATES: Implementation Date is August 19, 2022.

FOR FURTHER INFORMATION CONTACT: Jason Hinkle, Assistant Director (202-
912-7805), Division of Reserve Bank Operations and Payment Systems, or 
Gavin Smith, Senior Counsel (202-452-3474), Legal Division, Board of 
Governors of the Federal Reserve System. For users of TTY-TRS, please 
call 711 from any telephone, anywhere in the United States.

SUPPLEMENTARY INFORMATION:

I. Background

    The payments landscape is evolving rapidly as technological 
progress and other factors are leading both to the introduction of new 
financial products and services and to different ways of providing 
traditional banking services. Relatedly, there has been a recent uptick 
in novel charter types being authorized or considered by federal and 
state banking authorities across the country. As a result, the Reserve 
Banks are receiving an increasing number of inquiries and access 
requests from institutions that have obtained, or are considering 
obtaining, such novel charter types.

A. Summary of May 2021 Proposed Account Access Guidelines

    On May 5, 2021, the Board requested comment on proposed guidelines 
to be used by Reserve Banks in evaluating requests for accounts and 
services (Original Proposal or Proposed Guidelines).1 2 The 
Original Proposal reflected the Board's policy goals of (1) ensuring 
the safety and soundness of the banking system, (2) effectively 
implementing monetary policy, (3) promoting financial stability, (4) 
protecting consumers, and (5) promoting a safe, efficient, inclusive, 
and innovative payment system. The Original Proposal was also intended 
to ensure that Reserve Banks apply a transparent and consistent set of 
factors when reviewing requests for access to accounts and services 
(access requests).\3\
---------------------------------------------------------------------------

    \1\ 86 FR 25865 (May 11, 2021).
    \2\ The Proposed Guidelines are designed to be applied to both 
new and pending access requests as well as cases where the Reserve 
Bank determines to reevaluate the risk of existing accounts. This 
broad application is intended to ensure that risks are identified 
and mitigated and that institutions are treated in a fair and 
equitable manner.
    \3\ In developing the Account Access Guidelines, the Board 
sought to incorporate as much as possible existing Reserve Bank risk 
management practices.
---------------------------------------------------------------------------

    The Original Proposal consisted of the following six principles:

    1. Each institution requesting an account or services must be 
eligible under the Federal Reserve Act or other federal statute to 
maintain an account at a Reserve Bank and receive Federal Reserve 
services and should have a well-founded, clear, transparent, and 
enforceable legal basis for its operations.
    2. Provision of an account and services to an institution should 
not present or create undue credit, operational, settlement, cyber 
or other risks to the Reserve Bank.
    3. Provision of an account and services to an institution should 
not present or create undue credit, liquidity, operational, 
settlement, cyber or other risks to the overall payment system.
    4. Provision of an account and services to an institution should 
not create undue risk to the stability of the U.S. financial system.
    5. Provision of an account and services to an institution should 
not create undue risk to the overall economy by facilitating 
activities such as money laundering, terrorism financing, fraud, 
cybercrimes, or other illicit activity.

[[Page 51100]]

    6. Provision of an account and services to an institution should 
not adversely affect the Federal Reserve's ability to implement 
monetary policy.

    The first principle specified that only institutions that are 
legally eligible for access to Reserve Bank accounts and services would 
be considered for access. The remaining five principles addressed 
specific risks, ranging from narrow risks (such as risk to an 
individual Reserve Bank) to broader risks (such as risk to the U.S. 
financial system).\4\ For each of these five principles, the Original 
Proposal set forth factors that Reserve Banks should consider when 
evaluating an institution's access request against the specific risk 
targeted by the principle (several factors are pertinent to more than 
one principle). The identified factors are commonly used in the 
regulation and supervision of federally-insured institutions and many 
of the factors are utilized in existing Reserve Bank risk management 
practices. The Original Proposal noted that requests from non-
federally-insured institutions would generally be subject to a greater 
level of review. In addition, the Board noted that, when applying the 
Account Access Guidelines, the Reserve Bank reviewing the access 
request should integrate to the extent possible the assessments of the 
requesting institution by its state and/or federal supervisors into the 
Reserve Bank's own independent assessment of the institution's risk 
profile.
---------------------------------------------------------------------------

    \4\ The six principles were designed primarily as a risk 
management framework and, as such, focused on risks an institution's 
access could pose. The Board notes, however, that granting an access 
request could also have net benefits to the financial system.
---------------------------------------------------------------------------

    The Board intended for the Original Proposal to support consistency 
in evaluating account access requests across Reserve Banks, while 
maintaining the discretion granted to the Reserve Banks under the 
Federal Reserve Act to grant or deny access requests. The Board noted 
in the Original Proposal that a consistent framework across Reserve 
Banks would reduce the potential that one Reserve Bank might be 
considered to be more likely to grant access requests than another 
Reserve Bank and would mitigate the risk that an individual access 
request decision by one Reserve Bank could create de facto Federal 
Reserve System policy regarding access requests for a particular 
business model or risk profile.
    The Original Proposal was based on a foundation of risk management 
and mitigation. In developing the Original Proposal, the Board 
considered the risks that may arise when an institution gains access to 
accounts and services. These risks include, among others, risks to the 
Reserve Banks, to the payment system, to the financial system, and to 
the effective implementation of monetary policy. The Original Proposal 
would prompt the Reserve Bank to evaluate an eligible institution's 
risk profile and identify risk-mitigation strategies adopted by the 
eligible institution (including capital, risk management frameworks, 
compliance with regulations, and supervision) as well as potential risk 
mitigants that could be implemented by the Reserve Bank (including 
account agreement provisions, restrictions on financial services 
accessed, and account risk controls).
    In the Original Proposal, the Board expressed the Federal Reserve's 
broad policy goals in providing accounts and services. In addition, the 
Board stated that, while the Proposed Guidelines would be intended 
primarily to apply to new access requests, Reserve Banks would also 
apply them to existing account and services relationships where 
appropriate, such as when a Reserve Bank becomes aware of a significant 
increase in the risks that an account holder presents due to changes in 
the nature of, for example, its principal business activities or 
condition.
    The Board requested comment on all aspects of the Original 
Proposal, including whether the scope and application of the Proposed 
Guidelines was sufficiently clear and appropriate to achieve their 
intended purpose. The Board also requested comment on whether other 
criteria or information might be relevant when Reserve Banks evaluate 
access requests. The Board further sought comment specifically on the 
following aspects of the Original Proposal:

    1. Do the Proposed Guidelines address all the risks that would 
be relevant to the Federal Reserve's policy goals?
    2. Does the level of specificity in each principle provide 
sufficient clarity and transparency about how the Reserve Banks will 
evaluate requests?
    3. Do the Proposed Guidelines support responsible financial 
innovation?

    Finally, the Board sought comment on whether the Board or the 
Reserve Banks should consider other steps or actions to facilitate the 
review of access requests in a consistent and equitable manner.

B. Summary of March 2022 Supplemental Notice

    On March 1, 2022, the Board published a second notice (the 
Supplemental Notice),\5\ which proposed to incorporate into the Account 
Access Guidelines a tiered review framework to provide additional 
clarity on the level of due diligence and scrutiny that Reserve Banks 
would apply to different types of institutions when applying the six 
risk-based principles.
---------------------------------------------------------------------------

    \5\ 87 FR 12957 (March 8, 2022).
---------------------------------------------------------------------------

    In the Original Proposal, the introductory text to the Account 
Access Guidelines noted that the application of the Guidelines to 
requests by federally-insured institutions should be fairly 
straightforward, while requests from non-federally-insured institutions 
may necessitate more extensive due diligence. The Supplemental Notice 
proposed a three-tiered review framework--which would become Section 2 
of the Account Access Guidelines--to provide additional clarity 
regarding the minimum level of review for different types of 
institutions.
    Under the Supplemental Notice, proposed Tier 1 would consist of 
eligible institutions that are federally-insured. These institutions 
are already subject to a homogeneous and comprehensive set of federal 
banking regulations, and, in most cases, detailed regulatory and 
financial information about these firms would be readily available to 
Reserve Banks. Accordingly, the Supplemental Notice stated that access 
requests by Tier 1 institutions would generally be subject to a less 
intensive and more streamlined review.\6\
---------------------------------------------------------------------------

    \6\ The Supplemental Notice stated that, in cases where the 
application of the Guidelines to a Tier 1 institution identifies a 
potentially higher risk profile, the institution would receive 
additional attention.
---------------------------------------------------------------------------

    In the Supplemental Notice, proposed Tier 2 would consist of 
eligible institutions that are not federally-insured but that are 
subject to federal prudential supervision at the institution and, if 
applicable, at the holding company level.\7\ The Supplemental Notice 
explained that Tier 2 institutions are subject to similar but not 
identical regulations as federally-insured institutions, and as a 
result, may present greater risks than Tier 1 institutions. 
Additionally, detailed regulatory and financial information regarding 
Tier 2 institutions is less likely to be available and may not be 
available in public form. Accordingly, the Supplemental Notice stated 
that access requests by Tier 2 institutions would generally receive an 
intermediate level of review.
---------------------------------------------------------------------------

    \7\ The Supplemental Notice noted the Board would expect holding 
companies of Tier 2 institutions to comply with similar requirements 
as holding companies subject to the Bank Holding Company Act.
---------------------------------------------------------------------------

    In the Supplemental Notice, proposed Tier 3 would consist of 
eligible

[[Page 51101]]

institutions that are not federally insured and not subject to 
prudential supervision by a federal banking agency at the institution 
or holding company level. The Supplemental Notice stated that Tier 3 
institutions may be subject to a supervisory or regulatory framework 
that is substantially different from, and possibly weaker than, the 
supervisory and regulatory framework that applies to federally-insured 
institutions, and as a result may pose the highest level of risk. 
Detailed regulatory and financial information regarding Tier 3 
institutions may not exist or may be unavailable. Accordingly, the 
Supplemental Notice stated that access requests by Tier 3 institutions 
would generally receive the strictest level of review.
    The Board sought comment on all aspects of the proposed three-
tiered review framework.

II. Discussion

    The Board is adopting final Account Access Guidelines. Section 1 of 
the final Account Access Guidelines is substantially the same as the 
Original Proposal with minor changes to improve clarity in response to 
comments received. As described further below, the Board has made 
certain changes in Section 2 of the final Account Access Guidelines to 
provide more comparable treatment between non-federally-insured 
institutions chartered under state and federal law. Specifically, the 
Board has revised Tier 2 to include a narrower set of non-federally-
insured national banks than the definition proposed in the Supplemental 
Notice.\8\ Under the revised Tier 2, non-federally-insured institutions 
that are chartered under federal law will only be considered in Tier 2 
if the institution has a holding company that is subject to Federal 
Reserve oversight. In addition, the Board is updating the Section 2 
tiering framework to emphasize that the review of institutions' 
requests will be completed on a case-by-case, risk-focused basis within 
each of the three tiers.\9\ For example, Reserve Banks may take 
comparatively longer to review access requests by institutions that 
engage in novel activities for which authorities are still developing 
appropriate supervisory and regulatory frameworks.
---------------------------------------------------------------------------

    \8\ These revisions to Tier 2 apply only to non-federally-
insured institutions chartered under federal law. Under the final 
Account Access Guidelines, a non-federally-insured institution 
chartered under state law will (consistent with the Supplemental 
Notice) be considered in Tier 2 if (i) the institution is subject to 
prudential supervision by a federal banking agency, and (ii) to the 
extent the institution has a holding company, that holding company 
is subject to Federal Reserve oversight.
    \9\ As described further below, the Board is making some other 
minor updates to Section 2 of the Account Access Guidelines, 
including clarifying that Edge and Agreement Corporations and U.S. 
branches and agencies of foreign banks would fall under a Tier 2 
level of review due to Federal Reserve oversight over these 
institutions.
---------------------------------------------------------------------------

    By adopting the final Account Access Guidelines, the Board would 
establish a transparent and equitable framework for Reserve Banks to 
apply consistently to access requests. To promote consistency, the 
Reserve Banks are working together, in consultation with the Board, to 
expeditiously develop an implementation plan for the final Guidelines.

A. Comments on the Original Proposal

    The Board received 46 individual comment letters and 281 duplicate 
form letters in response to the Original Proposal. Nearly all of the 
comment letters expressed general support for the Proposed Guidelines, 
and most letters also made recommendations for improvements. Commenters 
represented several types of institutions, including (1) institutions 
with traditional charters, such as banks and credit unions, and their 
trade associations; (2) institutions with novel charters, such as 
cryptocurrency custody banks, and their trade associations; and (3) 
think tanks and non-profit advocacy groups. The views expressed by the 
first category of commenters often conflicted with the views expressed 
by the second category of commenters. The duplicate form letters 
included recommendations that mirrored those submitted by trade 
associations for institutions with traditional charters, which opposed 
greater account access for institutions with novel charters.
    Many commenters provided general comments on the Original Proposal 
that addressed one or more of three high-level themes: (1) policy 
requirements to gain access to accounts and services; (2) 
implementation of the Proposed Guidelines; and (3) legal eligibility 
for Reserve Bank accounts. Some commenters made recommendations related 
to the Proposed Guidelines that did not fit into these themes and are 
also described below. Lastly, some commenters provided responses to the 
specific questions posed in the Original Proposal as well as comments 
on specific principles in the Proposed Guidelines.
1. Policy Requirements To Gain Access to Accounts and Services
    Most commenters, while supporting the Proposed Guidelines, provided 
recommendations for improvements to the Guidelines that, in their view, 
would assist the Board in achieving its stated policy goals. These 
recommendations to amend the Proposed Guidelines were often 
conflicting.
    Many commenters made recommendations that would, in their view, 
provide an easier path for institutions, particularly those with novel 
charters, to successfully gain access to accounts and services. Some of 
these commenters recommended that the Board provide more specific 
requirements for access requests, so that requesting institutions, 
chartering authorities, and other banking regulators would have more 
clarity on what is required for obtaining access to accounts and 
services. Other commenters stated that the Proposed Guidelines may be 
ineffective if they are implemented in a way that subjects institutions 
with novel charters to restrictions that resemble regulatory 
requirements that do not fit their business models. While some 
commenters generally stated that requirements for access to accounts 
and services should accommodate institutions that have different levels 
of regulatory oversight, others suggested that the Board establish 
charter-specific requirements for account access. Some commenters 
expressed concern about the statement in the Original Proposal that 
``access requests from non-federally-insured institutions may require 
more extensive due diligence,'' suggesting that this position would 
stifle innovation to the extent that it would impose stricter 
requirements on state-chartered institutions without federal deposit 
insurance. Finally, some commenters recommended that the Board could 
mitigate the risks posed by institutions with certain novel banking 
charters by allowing such institutions to maintain limited-access 
accounts that would provide a subset of services offered by Reserve 
Banks.
    Many commenters, on the other hand, recommended that the Proposed 
Guidelines should provide a more challenging path for institutions with 
novel charters to gain access to accounts and services. Many of these 
commenters argued that the Proposed Guidelines should subject non-
federally-insured institutions to the same types of requirements as 
apply to federally-insured depository institutions, regardless of the 
institution's business model. These commenters generally argued that 
institutions with novel charters are not subject to the same strict and 
costly regulations or to the same rigorous reviews as apply to 
traditional institutions, providing such institutions with unfair 
advantages over institutions with traditional charters.

[[Page 51102]]

Some commenters recommended that the Proposed Guidelines include more 
granular and strict standards, such as explicit capital and liquidity 
requirements. Others recommended additional requirements for account 
access, such as compliance with the Community Reinvestment Act and 
consumer protection laws, or that Reserve Banks consider the risks from 
an institution's affiliate relationships and subject an institution's 
holding company to the Bank Holding Company Act. Still other commenters 
suggested that the Proposed Guidelines should require all 
accountholders that do not file call reports to publicly provide 
periodic audited financial reports so that payment system participants 
are better able to assess counterparty risk.
Board Response
    The Board believes that the final Account Access Guidelines provide 
a framework that will effectively support responsible innovation and 
prudent risk management. The Account Access Guidelines establish a 
consistent, comprehensive, and transparent framework for Reserve Banks 
to analyze access requests on a case-by-case, risk-focused basis 
reflecting the institution's full risk profile (including its business 
model, size, complexity, and regulatory framework) and to mitigate, to 
the extent possible, the risks identified. Furthermore, as noted in the 
Original Proposal, each requesting institution's risk management and 
governance infrastructure is expected both to meet existing regulatory 
and supervisory requirements and to be sufficiently tailored to the 
institution's business, in the Reserve Bank's assessment, to mitigate 
the risks identified by the Account Access Guidelines.
    As noted in the final Account Access Guidelines, a Reserve Bank may 
implement risk mitigants including imposing conditions or restrictions 
on an institution's access to accounts and services if necessary to 
mitigate risks set forth in the Account Access Guidelines. Reserve 
Banks also retain the discretion to deny a request for access to 
accounts and services where, in the Reserve Bank's assessment, granting 
access to the institution would pose risks that cannot be sufficiently 
mitigated.
2. Implementation of the Account Access Guidelines
    Many commenters provided recommendations related to how the 
Proposed Guidelines will be implemented and how to promote consistency 
in their application by Reserve Banks. Some of these commenters asked 
the Board to specify the mechanism(s) by which such consistency would 
be achieved. Other commenters went further, suggesting that the Board 
should give consent and non-objection to Reserve Bank access-request 
determinations, or that the Board should form a centralized (i.e., 
Board-led) evaluation committee to consider access requests. Further, 
several commenters suggested various avenues for increased 
communication from Reserve Banks about their decisions to grant or deny 
account requests, including publishing decisions on access requests 
(including any supporting analysis), maintaining an up-to-date list of 
all institutions that have been granted access, and formally 
communicating with state regulators about how the Federal Reserve views 
particular state charters. In addition, many commenters recommended 
that the Board establish timelines within which Reserve Banks must 
grant or deny access requests, arguing that such timeliness would 
provide greater transparency and give requesting institutions more 
clarity on the resources and time needed for the evaluation process. 
One commenter further argued that expectations of a lengthy review 
process could discourage institutions with novel charters from 
requesting accounts and thus discourage innovation.
    Commenters expressed differing opinions on whether a Reserve Bank 
should conduct an independent assessment of a requestor's risk profile. 
Some commenters suggested that a Reserve Bank's assessment of a 
requestor's risk profile should defer to the primary regulator's 
assessment of the risks posed by the institution, while others said the 
Board should ensure that a Reserve Bank conduct an independent risk 
assessment separate from that of the institution's primary regulator. 
Additionally, a few commenters suggested that the Board remove language 
from the Proposed Guidelines that recognizes the authority granted to 
Reserve Banks under the Federal Reserve Act to exercise discretion in 
granting or denying requests for accounts and services.
    Many commenters argued that the Proposed Guidelines should require 
ongoing review of non-federally-insured institutions, so as to 
appropriately monitor the risks that such institutions, and especially 
those with novel charters, could pose after obtaining access to 
accounts and services. Some commenters singled out cyber risk as a 
specific area for ongoing review.
Board Response
    In the final Account Access Guidelines, the Board's primary goal is 
to establish a transparent and consistent framework for all access 
requests across Reserve Banks from both risk and policy perspectives. 
To emphasize this goal, the Board has incorporated in the introduction 
to the final Account Access Guidelines the expectation that Reserve 
Banks engage in consultation with the other Reserve Banks and the 
Board, as appropriate, to support consistent implementation of the 
Account Access Guidelines. In further support of this goal and as 
explained further below, the Board has adopted a new Section 2 of the 
Account Access Guidelines establishing a tiered review framework that 
provides additional guidance on the level of due diligence and scrutiny 
to be applied to access requests. Additionally, as noted previously, 
the Reserve Banks are working together, in consultation with the Board, 
to expeditiously develop an implementation plan for the final 
Guidelines.
    Regarding comments to disclose information on particular requests, 
the Board notes that when evaluating access requests, Reserve Banks 
communicate directly with the requestor and, in some cases, with the 
institution's primary regulator, including by requesting additional 
information, clarifying the status of the request, and communicating 
any controls or limitations that might be placed on the account and 
services. However, the identity of institutions that maintain accounts 
at Reserve Banks, or that request access to accounts and services, is 
considered confidential business information and, as such, public 
disclosure of account status by the Reserve Banks would not be 
appropriate.\10\
---------------------------------------------------------------------------

    \10\ The Board notes that institutions may choose to self-
publicize their account and service requests and status.
---------------------------------------------------------------------------

    The Board has also considered whether the final Account Access 
Guidelines should include a timeline for completing reviews of access 
requests by Reserve Banks. The Board believes that the nature of 
relevant variables in access requests--including the variety of charter 
types, business models, regulatory regimes, and risk profiles--
precludes specification of a single timeline. The Reserve Banks face 
challenges in balancing the desire by requestors for a specific 
timeline with Reserve Banks' need to perform thorough reviews of 
requestors with novel, complex, or high-risk business plans, along with 
requestors that are subject to novel regulatory regimes.

[[Page 51103]]

Setting a specific timeline could result in an increased number of 
premature or unnecessary denials of access requests in cases where the 
specified timeline does not allow the Reserve Banks sufficient time to 
understand the intricacies of the requesting institutions' risk 
profiles. Accordingly, the Board has not adopted a timeline expectation 
in the final Account Access Guidelines, but the Board has added 
language to emphasize the Board's expectations for Reserve Banks to 
coordinate in focusing on both timeliness and consistency in evaluating 
access requests.
    The Board believes it is important that Reserve Banks evaluate both 
the potential risks posed by an eligible institution's access request 
and the potential actions to mitigate such risks. The final Account 
Access Guidelines emphasize that a Reserve Bank should integrate, to 
the extent possible, the assessments of an institution by state and/or 
federal supervisors into the Reserve Bank's independent assessment of 
the institution's risk profile. This integration will ensure that 
Reserve Banks use all relevant data in pursuing the goal of prudent 
risk management. The Board has also added language in the final Account 
Access Guidelines that clarifies the respective roles of the Board 
(Reserve Bank oversight) and the Reserve Banks (discretion in decision 
making) with respect to evaluating access requests.
    With regard to the recommendation for ongoing review of the risks 
posed by non-federally-insured institutions' access to accounts and 
services once an access request has been granted, the Board notes that 
the introduction to the Account Access Guidelines includes language 
discussing existing condition monitoring practices. The Board believes 
that the Reserve Banks' existing risk-management practices sufficiently 
address the risks identified by these comments without the need for an 
explicit expectation in the Account Access Guidelines for ongoing 
review of non-federally-insured institutions.
3. Legal Eligibility
    Some commenters requested that the Guidelines more specifically 
address legal eligibility for access to accounts and services. Others 
presented arguments about what entities are, or should be, legally 
eligible for access to accounts and services. Other commenters 
suggested that the Board should issue a moratorium on granting access 
requests made by institutions with novel charters until the Board 
clarifies legal eligibility, that the Board should publish a list of 
charter types already deemed to be legally eligible, or that the Board 
should study account access decisions by other central banks. One 
commenter argued that the Board should interpret the definition of a 
``depository institution'' eligible for access to accounts and services 
as broadly as possible to support expanded access to accounts and 
services, which the commenter argued would support financial 
innovation.
    Several commenters recommended that the Board should ensure that 
its interpretation of legal eligibility supports responsible financial 
innovation as stated as a policy goal of the Board. Some of these 
commenters recommended that the Board review legal eligibility broadly 
to support innovation and expand eligibility. One commenter recommended 
that the Board decouple legal eligibility for a Reserve Bank account 
from eligibility for direct access to Federal Reserve financial 
services. The commenter argued that decoupling direct access to 
services from eligibility for accounts would have benefits for 
consumers and pointed to other countries which have taken such action.
Board Response
    As the Board noted in the Original Proposal, it has been 
considering whether it may be useful to clarify the interpretation of 
legal eligibility under the Federal Reserve Act for access to accounts 
and services. After a careful analysis of this issue, the Board has 
determined it is not necessary to do so at this time. The Account 
Access Guidelines do not establish a legal eligibility standard, but 
the first principle clearly states that institutions must be eligible 
under the Federal Reserve Act or other federal statute to maintain an 
account at a Reserve Bank. The Board believes this provides sufficient 
clarity on what entities may legally request access to account and 
services, and the Reserve Banks will continue to assess an 
institution's legal eligibility under Principle 1 on a case-by-case 
basis to ensure that only entities that are legally eligible may 
request to obtain such access.\11\
---------------------------------------------------------------------------

    \11\ While Reserve Banks exercise decision-making authority with 
respect to access requests, the Board has interpretive authority 
with respect to the Federal Reserve Act and thus is responsible for 
interpreting the provisions of the Act concerning legal eligibility.
---------------------------------------------------------------------------

    The Board notes that the purpose of the Account Access Guidelines 
is to ensure that Reserve Banks evaluate a transparent and consistent 
set of risk-focused factors when reviewing account requests. The Board 
is not expanding (or limiting) the types of institutions that legally 
may request access to Reserve Bank accounts and services.
4. Additional Comments

A. Comments Supporting a Ban on Novel Charter Account Access

    Some commenters suggested that novel charters mix commercial and 
financial activities and provide a ``back door entry'' into banking for 
commercial entities. These commenters recommended that the Federal 
Reserve not grant access requests from institutions with novel 
charters.
Board Response
    The Board does not believe that it is appropriate to categorically 
exclude all novel charters from access to accounts and services. The 
Account Access Guidelines as adopted are intended to be applied by 
Reserve Banks to access requests from eligible institutions with both 
novel and more traditional charters. The Board believes that the final 
Account Access Guidelines will provide a robust framework for analyzing 
and mitigating risks.

B. Comments Opposing the Proposed Guidelines

    While most commenters supported the Original Proposal, three 
commenters opposed the Proposed Guidelines entirely. One of these 
commenters argued the Guidelines created opacity in the master account 
process, not clarity. Two other commenters opposed the Proposal 
because, in their view, the Proposed Guidelines would expand access to 
accounts and services to institutions with novel business models that 
pose high levels of risk to the payments and banking system.\12\
---------------------------------------------------------------------------

    \12\ Many of these commenters pointed to ``fintech'' related 
business models and other novel special purpose charters as posing 
heightened risk to the payment system and financial markets.
---------------------------------------------------------------------------

Board Response
    The Board believes that the final Account Access Guidelines provide 
greater transparency and clarity than currently exist on the factors 
that Reserve Banks should consider in evaluating access requests. The 
Board also believes that the final Account Access Guidelines strike an 
appropriate balance between providing transparency and allowing for 
implementation of the Guidelines across a variety of potential 
institutions that may request accounts (e.g., institutions with 
differing charter types, business models, or regulatory regimes). The 
Board believes that the final Account Access Guidelines create a 
structured and sufficiently transparent framework that will help to 
foster a

[[Page 51104]]

consistent evaluation of access requests across all twelve Reserve 
Banks and will benefit the financial system broadly.
    In response to the comments related to expansion of eligibility, 
the Board emphasizes that, as noted previously, the Account Access 
Guidelines do not establish legal eligibility standards but instead 
establish a risk-focused framework for evaluating access requests from 
legally eligible institutions under federal law.

C. Comments on Individual Principles

    The Board received some comments on individual principles in the 
Original Proposal. Several commenters, while on net supportive of 
Principle 4 (Financial Stability) and Principle 6 (Monetary Policy 
Implementation), suggested some refinements, including a specification 
that most ``traditional'' institutions, due to their business model and 
size, would not create risks to financial stability and/or monetary 
policy implementation. Other commenters interpreted Principle 6 to 
suggest that Reserve Banks, rather than the Board, have the authority 
to establish the rate of interest on reserve balances (IORB). A few 
commenters expressed concern that these principles would be challenging 
to assess. Within this group, one commenter opined that the Board 
should adapt its monetary policy practices to the economic reality 
created by a competitive market rather than embed a monetary policy 
principle in the Guidelines. Finally, many commenters commended the 
Board for addressing these topics in the Guidelines; some of these 
commenters asked the Board to expand its discussion of the potential 
negative effects that granting account access to institutions with 
novel charters could have on financial stability and monetary policy 
implementation.
Board Response
    The Board recognizes the concerns raised by commenters that the 
principles focused on financial stability and monetary policy 
implementation deal with complex topics requiring levels of analysis 
and precision that may be challenging to address. For instance, it will 
be difficult to forecast how granting account access to a requesting 
institution would affect the level and variability of the demand for 
and supply of reserves balances--which is important to monetary policy 
implementation. However, the Federal Reserve is able to estimate the 
potential risk posed by a requestor (such as the risk that an 
institution might have large, unpredictable swings in its account 
balance) and whether existing tools can adequately mitigate those 
risks. The Board also recognizes that some smaller institutions with 
traditional charters would likely not create risks to financial 
stability or monetary policy implementation. Nevertheless, the Board 
has determined that both the financial stability principle and the 
monetary policy principle should remain in the final Account Access 
Guidelines, because they provide full transparency to the public on the 
types of factors Reserve Banks should consider in evaluating access 
requests. In addition, the Board has amended a footnote in the Account 
Access Guidelines to delete the language that a few commenters 
interpreted to suggest that Reserve Banks have the authority to 
establish the IORB rate.
D. Comments on Specific Questions
    As noted previously, the Original Proposal posed three specific 
questions and an additional open-ended question to the public.
    a. Question 1
    The Board asked whether the principles in the Proposed Guidelines 
address all the risks that would be relevant to the Federal Reserve's 
policy goals. Commenters generally agreed that the risks identified in 
the Proposed Guidelines are relevant for the Reserve Banks to consider 
when evaluating access requests. Many commenters raised concerns, 
however, regarding the ability of Reserve Banks to mitigate these risks 
in the case of institutions with novel charters that are not subject to 
regulatory and supervisory oversight that is similar to that applied to 
federally-insured institutions. Some commenters suggested that the 
Proposed Guidelines should put greater emphasis on consumer protection, 
particularly consumer privacy, and on cybersecurity risks.
Board Response
    The Board notes that cybersecurity risk is included in Principle 2 
(Risk to the Reserve Bank) and Principle 3 (Risk to the Payment System) 
of the final Account Access Guidelines as a factor that Reserve Banks 
should consider in their review of account requests. The Board also 
notes that, while the Account Access Guidelines do not specify consumer 
protection as an account-related risk, Principle 1 (Legal Eligibility) 
provides that Reserve Banks should assess the extent to which an 
institution's activities and services comply with applicable laws and 
regulations, including those that address consumer protection. Lastly, 
Section 2 of the final Account Access Guidelines (discussed further 
below) provides additional guidance on the level of due diligence 
expected by Reserve Banks for requests from institutions that are not 
subject to regulatory and supervisory oversight similar to that applied 
to federally-insured institutions.
    b. Question 2
    The Board asked whether the level of specificity in each principle 
provides sufficient clarity and transparency about how the Reserve 
Banks will evaluate requests. Many commenters addressing Question 2 
recommended that the Board add more detail to the Proposed Guidelines 
to increase the level of clarity and transparency.
Board Response
    The Board's response to these comments is described in Section 
II.A.
    c. Question 3
    The Board asked whether the principles support responsible 
financial innovation. Several commenters stated that the Proposed 
Guidelines achieve a balance between supporting responsible financial 
innovation and managing the identified risks by allowing for 
flexibility to accommodate different business models. Other commenters 
expressed concern, however, that the implementation of the Proposed 
Guidelines could stifle innovation if institutions were forced to 
comply with rules and regulations that do not make sense for their 
business model, size, or complexity.
Board Response
    The Board believes the final Account Access Guidelines support 
risk-focused, case-by-case review by Reserve Banks of access requests. 
As such, the Board believes the Account Access Guidelines support 
responsible innovation by balancing the provision of accounts and 
services to a wide range of institutions on the one hand and managing 
risks related to such access on the other. This is discussed in more 
detail in Section II.A.
    d. Question 4
    The Board also requested comment on whether the Board or the 
Reserve Banks should consider other steps or actions to facilitate the 
review of access requests in a consistent and equitable manner. As 
noted previously, commenters provided a wide range of comments that 
recommended potential improvements to the Account Access Guidelines to 
enhance their effectiveness.
Board Response
    The Board addressed these comments in Section II.A-C.

[[Page 51105]]

E. Technical Changes
    Principle 5 in the Account Access Guidelines addresses the risks to 
the overall economy. While the Board did not receive specific comments 
on Principle 5, it has made minor technical changes to the language to 
ensure the clarity and accuracy of the discussions of institutions' 
Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign 
Assets Control (OFAC) requirements and compliance programs. The Board 
has also made other minor technical edits to enhance the clarity of the 
Guidelines (e.g., replacing the term ``factors'' with ``principles'' 
for consistency and clarifying the risk-free nature of Reserve Bank 
balances).

B. Comments on the Supplemental Notice

    The Board received 24 comment letters on the Supplemental Notice. 
While most commenters generally expressed support for the proposed 
tiering framework, four commenters objected to the manner in which the 
proposed tiering framework would treat certain state-chartered 
institutions. A different group of commenters supported the tiering 
framework and called for heightened scrutiny of non-federally-insured 
depository institutions that request Reserve Bank accounts. Many 
commenters reiterated the comments that they previously submitted on 
the Original Proposal.\13\ In particular, a number of commenters 
recommended that non-federally-insured institutions, particularly those 
in Tier 3, not be granted access to Reserve Bank accounts and services. 
Additionally, one commenter, who supported the tiering framework 
generally, objected to Reserve Banks subjecting institutions with 
existing accounts to what the commenter termed ``new standards'' once 
the Board's Proposed Guidelines are made final.
---------------------------------------------------------------------------

    \13\ For example, many commenters restated comments relating to 
legal eligibility for accounts and services, while other commenters 
restated their comment suggesting that non-federally-insured 
institutions should receive accounts and services only if they are 
subject to the same regulatory framework as federally-insured 
institutions. The Board addressed these comments in Section II.A, 
supra.
---------------------------------------------------------------------------

1. Treatment of State-Chartered Institutions
    Four commenters objected to the manner in which the proposed 
tiering framework would treat certain state-chartered institutions. 
These commenters principally argued that the proposed tiering framework 
would (1) result in disparate treatment of non-federally-insured 
institutions with state charters as compared to those with federal 
charters; (2) undermine the dual banking system; and (3) ignore the 
strong prudential regulation that some states have in place for non-
federally-insured institutions.
    Broadly, this group of commenters focused their concerns on the 
placement of depository institutions in proposed Tier 2 and Tier 3 
while noting that they viewed Tier 1 as proposed as equitable and non-
problematic. In particular, these commenters expressed concerns that 
non-federally-insured national trust banks (NTBs) chartered by the 
Office of the Comptroller of the Currency (OCC) would receive 
preferential treatment under the proposed guidelines and asserted that 
many state-chartered trusts are subject to robust prudential 
regulations. They further argued that the tiering framework erroneously 
implies that NTBs are subject to a similar set of regulations as 
federally-insured institutions. Two of the commenters further stated 
that their respective state-chartered trust banks are subject to robust 
regulation and supervision and suggested that these institutions should 
be subject to a less strict level of review than the Board proposed.
    Relatedly, these commenters argued that the proposed tiering 
framework would introduce a bias in favor of federally-chartered 
institutions compared to state-chartered institutions. They argued that 
the tiering framework as proposed would result in an uneven playing 
field that would undermine the dual banking system. One of the 
commenters recommended that the Board revise the Proposed Guidelines to 
ensure that access to Reserve Bank accounts and services be afforded to 
eligible institutions on an equitable and impartial basis, regardless 
of whether they are state-chartered or federally-chartered.
    Lastly, these commenters objected to language in proposed Tier 3 
that might imply that state banking authorities' supervision is weaker 
than that of federal banking authorities. These commenters point to the 
robust regulatory standards and close supervision that states have had 
in place for many years for non-federally-insured institutions. One of 
the commenters also noted that state regulators work closely with their 
Reserve Bank on the supervision of state member banks.
    One of the commenters recommended that the Account Access 
Guidelines should not have a tiering framework but, alternatively, that 
Reserve Banks should review access requests by applying an activity and 
risk lens to access requests. A different commenter recommended that 
the tiering framework should focus on an institution's past performance 
as a key criterion for determining whether it is included in Tier 2 or 
Tier 3.
    Other commenters on the Supplemental Notice supported the tiering 
framework as proposed, noting that it provides additional transparency 
and clarity on the level of review an access request would receive 
based on key characteristics. One commenter noted that the tiering 
framework would help an institution requesting access understand 
Reserve Bank expectations and take steps to demonstrate that 
appropriate risk management policies and safeguards are in place.
Board Response
    The Board has reviewed the comments provided and revised its 
approach to Tiers 2 and 3 in the final Account Access Guidelines. 
Specifically, the Board has made certain changes in Section 2 of the 
final Account Access Guidelines to provide more comparable treatment 
between non-federally-insured institutions chartered under state and 
federal law. As discussed above, the Board has modified Tier 2 to 
include a narrower set of non-federally-insured national banks than 
proposed in the Supplemental Notice. Under the revised Tier 2, a non-
federally-insured institution chartered under federal law will be 
considered in Tier 2 only if the institution has a holding company that 
is subject to Federal Reserve oversight. In addition, a non-federally-
insured institution chartered under state law will (as proposed in the 
Supplemental Notice) be considered in Tier 2 if (i) the institution is 
subject (by statute) to prudential supervision by a federal banking 
agency, and (ii) to the extent the institution has a holding company, 
that holding company is subject to Federal Reserve oversight (by 
statute or commitments).\14\
---------------------------------------------------------------------------

    \14\ In practice, non-federally-insured institutions that are 
chartered under state law are subject to prudential supervision by 
the Board if they become members of the Federal Reserve System.
---------------------------------------------------------------------------

    The Board believes it is appropriate to subject non-federally-
insured institutions that the Federal Reserve supervises to an 
intermediate level of review under Tier 2, as the Reserve Banks already 
have supervisory information about, as well as regulatory authority 
over, such institutions and understands their risk profiles. Tier 3 
will contain all other non-federally-insured institutions.
    In addition, the Board has made minor updates to the proposed 
tiering framework to emphasize that the review

[[Page 51106]]

of institutions' requests would be completed on a case-by-case, risk-
focused basis within the three tiers, meaning that, within each tier, 
institutions with high-risk business models should be subject to more 
intensive review than those with lower-risk business models.
    Lastly, in response to concerns raised by some comments that the 
language in the description of Tier 3 implies that supervision 
conducted by state banking authorities is broadly weaker than federal 
supervision, the Board has removed references to ``supervisory'' 
differences in the description of Tier 3.
2. Non-Federally-Insured Institutions
    Several commenters expressed views that non-federally-insured 
institutions as a class pose an unacceptable level of risk to the 
payment system and financial markets. While some of these commenters 
directed their comments towards institutions in both Tiers 2 and 3, 
some focused solely on institutions in Tier 3. These commenters 
expressed a view that these institutions are not subject to sufficient 
regulation and as a result the Reserve Banks should not provide access 
to Tier 3 institutions or to non-federally-insured institutions more 
broadly.
Board Response
    The Board does not believe that it is appropriate to categorically 
exclude all Tier 3 or non-federally-insured institutions from access to 
accounts and services. The Board believes that Tier 2 and 3 
institutions represent a wide range of risk profiles (based on business 
model, size, complexity, regulatory framework, and other factors), and 
therefore a single response to account requests from this heterogenous 
group would not be appropriate. The Account Access Guidelines as 
adopted are intended to be applied by Reserve Banks to access requests 
from eligible institutions and the Board believes that the final 
Account Access Guidelines will provide a robust framework for analyzing 
and mitigating risks.
3. New standards
    One commenter objected to Reserve Banks subjecting institutions 
with existing accounts to what the commenter termed ``new standards'' 
once the Board's Proposed Guidelines are made final.
Board Response
    The Board has developed the Proposed Guidelines, in part, to 
increase the level of transparency and consistency of the process used 
by Reserve Banks to evaluate institutions' access to Reserve Bank 
accounts and services. As noted above, the Proposed Guidelines are 
informed by and incorporate, where possible, existing Reserve Bank 
risk-management practices. As a result, the Board views the final 
Account Access Guidelines as an evolution of existing practices rather 
than the creation of ``new standards.'' Additionally, the Board 
believes that in order for the Proposed Guidelines to be an effective 
risk-mitigation tool they should be applied broadly including to 
existing accounts. This view is supported by public comments on the 
Original Proposal discussed above. The Board expects that any Reserve 
Bank reevaluation of the risk of an institution's existing account will 
include discussions with the institution and its regulators.

III. Conclusion

    For the reasons set forth above, the Board is adopting final 
Account Access Guidelines.
    [This item will not publish in the Code of Federal Regulations]

IV. Account Access Guidelines

Guidelines Covering Access to Accounts and Services at Federal Reserve 
Banks (Account Access Guidelines)

Section 1: Principles
    The Board of Governors of the Federal Reserve System (Board) has 
adopted account access guidelines comprised of six principles to be 
used by Federal Reserve Banks (Reserve Banks) in evaluating requests 
for master accounts and access to Reserve Bank financial services 
(access requests).\1,2\ The Board has issued these account access 
guidelines under its general supervision authority over the operations 
of the Reserve Banks, 12 U.S.C. 248(j). Decisions on individual 
requests for access to accounts and services are made by the Reserve 
Bank in whose District the requestor is located.
---------------------------------------------------------------------------

    \1\ As discussed in the Federal Reserve's Operating Circular No. 
1, an institution has the option to settle its Federal Reserve 
financial services transactions in its master account with a Reserve 
Bank or in the master account of another institution that has agreed 
to act as its correspondent. These principles apply to requests for 
either arrangement.
    \2\ Reserve Bank financial services mean all services subject to 
Federal Reserve Act section 11A (``priced services'') and Reserve 
Bank cash services. Financial services do not include transactions 
conducted as part of the Federal Reserve's open market operations or 
administration of the Reserve Banks' Discount Window.
---------------------------------------------------------------------------

    The Account Access Guidelines apply to requests from all 
institutions that are legally eligible to receive an account or 
services, as discussed in more detail in the first principle.\3\ The 
Board expects the Reserve Banks to engage in consultation with each 
other and the Board, as appropriate, on reviews of account and service 
requests, as well as ongoing monitoring of accountholders, to ensure 
that the guidelines are implemented in a consistent and timely manner. 
The Board believes it is important to make clear that legal eligibility 
does not bestow a right to obtain an account and services. While 
decisions regarding individual access requests remain at the discretion 
of the individual Reserve Banks, the Board believes it is important 
that the Reserve Banks apply a consistent set of guidelines when 
reviewing such access requests to promote consistency across Reserve 
Banks and to facilitate equitable treatment across institutions.
---------------------------------------------------------------------------

    \3\ These principles would not apply to accounts provided under 
fiscal agency authority or to accounts authorized pursuant to the 
Board's Regulation N (12 CFR 214), joint account requests, or 
account requests from designated financial market utilities, since 
existing rules or policies already set out the considerations 
involved in granting these types of accounts.
---------------------------------------------------------------------------

    These Account Access Guidelines also serve to inform requestors of 
the factors that a Reserve Bank will review in any access request and 
thereby allow a requestor to make any enhancements to its risk 
management, documentation, or other practices to attempt to demonstrate 
how it meets each of the principles.
    These guidelines broadly outline considerations for evaluating 
access requests but are not intended to provide assurance that any 
specific institution will be granted an account and services. The 
individual Reserve Bank will evaluate each access request on a case-by-
case basis. When applying these account access guidelines, the Reserve 
Bank should factor, to the extent possible, the assessments of an 
institution by state and/or federal supervisors into its independent 
analysis of the institution's risk profile. The evaluation of an 
institution's access request should also consider whether the request 
has the potential to set a precedent that could affect the Federal 
Reserve's ability to achieve its policy goals now or in the future.
    If the Reserve Bank decides to grant an access request, it may 
impose (at the time of account opening, granting access to service, or 
any time thereafter) obligations relating to, or conditions or 
limitations on, use of the account or services as necessary to limit 
operational, credit, legal, or other risks posed to the Reserve Banks, 
the payment system, financial stability or the implementation of 
monetary policy

[[Page 51107]]

or to address other considerations.\4\ The account-holding Reserve Bank 
may, at its discretion, decide to place additional risk management 
controls on the account and services, such as real-time monitoring of 
account balances, as it may deem necessary to mitigate risks. If the 
obligations, limitations, or controls are ineffective in mitigating the 
risks identified or if the obligations, limitations, or controls are 
breached, the account-holding Reserve Bank may further restrict the 
institution's use of accounts and services or may close the account. 
Establishment of an account and provision of services by a Reserve Bank 
under these guidelines is not an endorsement or approval by the Federal 
Reserve of the institution. Nothing in the Board's guidelines relieves 
any institution from compliance with obligations imposed by the 
institution's supervisors and regulators.
---------------------------------------------------------------------------

    \4\ The conditions imposed could include, for example, 
establishing a cap on the amount of balances held in the account. In 
addition, the Board may authorize a Reserve Bank to pay a different 
rate of interest on balances held in the account or may limit the 
amount of balances in the account that receive interest.
---------------------------------------------------------------------------

    Accordingly, Reserve Banks should evaluate how each institution 
requesting access to an account and services will meet the following 
principles.\5\ Each principle identifies factors that Reserve Banks 
should consider when evaluating an institution against the specific 
risk targeted by the principle (several factors are pertinent to more 
than one principle).
---------------------------------------------------------------------------

    \5\ The principles are designed to address risks posed by an 
institution having access to an account and services, ranging from 
narrow risks (e.g., to an individual Reserve Bank) to broader risks 
(e.g., to the overall economy). Review activities performed by the 
Reserve Bank may address several principles at once.
---------------------------------------------------------------------------

    The identified factors are commonly used in the regulation and 
supervision of federally-insured institutions. As a result, the Board 
anticipates the application of the account access guidelines to access 
requests by federally-insured institutions will be fairly 
straightforward in most cases which is consistent with Section 2 of 
these Guidelines. However, Reserve Bank assessments of access requests 
from non-federally-insured institutions may require more extensive due 
diligence. Reserve Banks monitor and analyze the condition of 
institutions with access to accounts and services on an ongoing basis. 
Reserve Banks should use the guidelines to re-evaluate the risks posed 
by an institution in cases where its condition monitoring and analysis 
indicate potential changes in the risk profile of an institution, 
including a significant change to the institution's business model.
    1. Each institution requesting an account or services must be 
eligible under the Federal Reserve Act or other federal statute to 
maintain an account at a Federal Reserve Bank (Reserve Bank) and 
receive Federal Reserve services and should have a well-founded, clear, 
transparent, and enforceable legal basis for its operations.\6\
---------------------------------------------------------------------------

    \6\ These principles do not apply to accounts and services 
provided by a Reserve Bank (i) as depository and fiscal agent, such 
as those provided for the Treasury and for certain government-
sponsored entities (12 U.S.C. 391, 393-95, 1823, 1435), (ii) to 
certain international organizations (22 U.S.C. 285d, 286d, 290o-3, 
290i-5, 290l-3), (iii) to designated financial market utilities (12 
U.S.C. 5465), (iv) pursuant to the Board's Regulation N (12 CFR 
214), or (v) pursuant to the Board's Guidelines for Evaluating Joint 
Account Requests.
---------------------------------------------------------------------------

    a. Unless otherwise specified by federal statute, only those 
entities that are member banks or meet the definition of a depository 
institution under section 19(b) of the Federal Reserve Act are legally 
eligible to obtain Federal Reserve accounts and financial services.\7\
---------------------------------------------------------------------------

    \7\ Unless otherwise expressly excluded under the previous 
footnote, these principles apply to account requests from all 
institutions, including member banks or other entities that meet the 
definition of a depository institution under section 19(b) (12 
U.S.C. 461(b)(1)(A)), as well as Edge and Agreement Corporations (12 
U.S.C. 601-604a, 611-631), and U.S. branches and agencies of foreign 
banks (12 U.S.C. 347d).
---------------------------------------------------------------------------

    b. The Reserve Bank should assess the consistency of the 
institution's activities and services with applicable laws and 
regulations, such as Article 4A of the Uniform Commercial Code and the 
Electronic Fund Transfer Act (15 U.S.C. 1693 et seq). The Reserve Bank 
should also consider whether the design of the institution's services 
would impede compliance by the institution's customers with U.S. 
sanctions programs, Bank Secrecy Act (BSA) and anti-money laundering 
(AML) requirements or regulations, or consumer protection laws and 
regulations.
    2. Provision of an account and services to an institution should 
not present or create undue credit, operational, settlement, cyber or 
other risks to the Reserve Bank.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should confirm that the institution has an 
effective risk management framework and governance arrangements to 
ensure that the institution operates in a safe and sound manner, during 
both normal conditions and periods of idiosyncratic and market stress.
    i. For these purposes, effective risk management includes having a 
robust framework, including policies, procedures, systems, and 
qualified staff, to manage applicable risks. The framework should at a 
minimum identify, measure, and control the particular risks posed by 
the institution's business lines, products and services. The 
effectiveness of the framework should be further supported by internal 
testing and internal audit reviews.
    ii. The framework should be subject to oversight by a board of 
directors (or similar body) as well as oversight by state and/or 
federal banking supervisor(s).
    iii. The framework should clearly identify all risks that may arise 
related to the institution's business (e.g., legal, credit, liquidity, 
operational, custody, investment) as well as objectives regarding the 
risk tolerances for the management of such risks.
    c. The Reserve Bank should confirm that the institution is in 
substantial compliance with its supervisory agency's regulatory and 
supervisory requirements.
    d. The institution must, in the Reserve Bank's judgment:
    i. Demonstrate an ability to comply, were it to obtain a master 
account, with Board orders and policies, Reserve Bank agreements and 
operating circulars, and other applicable Federal Reserve requirements.
    ii. Be in sound financial condition, including maintaining adequate 
capital to continue as a going concern and to meet its current and 
projected operating expenses under a range of scenarios.
    iii. Demonstrate the ability, on an ongoing basis (including during 
periods of idiosyncratic or market stress), to meet all of its 
obligations in order to remain a going concern and comply with its 
agreement for a Reserve Bank account and services, including by 
maintaining:
    A. Sufficient liquid resources to meet its obligations to the 
Reserve Bank under applicable agreements, operating circulars, and 
Board policies;
    B. The operational capacity to ensure that such liquid resources 
are available to satisfy all such obligations to the Reserve Bank on a 
timely basis; and
    C. Settlement processes designed to appropriately monitor balances 
in its Reserve Bank account on an intraday basis, to process 
transactions through its account in an orderly manner and maintain/
achieve a positive account balance before the end of the business day.

[[Page 51108]]

    iv. Have in place an operational risk framework designed to ensure 
operational resiliency against events associated with processes, 
people, and systems that may impair the institution's use and 
settlement of Reserve Bank services. This framework should consider 
internal and external factors, including operational risks inherent in 
the institution's business model, risks that might arise in connection 
with its use of any Reserve Bank account and services, and cyber-
related risks. At a minimum, the operational risk framework should:
    A. Identify the range of operational risks presented by the 
institution's business model (e.g., cyber vulnerability, operational 
failure, resiliency of service providers), and establish sound 
operational risk management objectives to address such risks;
    B. Establish sound governance arrangements, rules, and procedures 
to oversee and implement the operational risk management framework;
    C. Establish clear and appropriate rules and procedures to carry 
out the risk management objectives;
    D. Employ the resources necessary to achieve its risk management 
objectives and implement effectively its rules and procedures, 
including, but not limited to, sound processes for physical and 
information security, internal controls, compliance, program 
management, incident management, business continuity, audit, and well-
qualified personnel; and
    E. Support compliance with the electronic access requirements, 
including security measures, outlined in the Reserve Banks' Operating 
Circular 5 and its supporting documentation.
    3. Provision of an account and services to an institution should 
not present or create undue credit, liquidity, operational, settlement, 
cyber or other risks to the overall payment system.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should confirm that the institution has an 
effective risk management framework and governance arrangements to 
limit the impact that idiosyncratic stress, disruptions, outages, cyber 
incidents, or other incidents at the institution might have on other 
institutions and the payment system broadly. The framework should 
include:
    i. Clearly defined operational reliability objectives and policies 
and procedures in place to achieve those objectives.
    ii. A business continuity plan that addresses events that have the 
potential to disrupt operations and a resiliency objective to ensure 
the institution can resume services in a reasonable timeframe.
    iii. Policies and procedures for identifying risks that external 
parties may pose to sound operations, including interdependencies with 
affiliates, service providers, and others.
    c. The Reserve Bank should identify actual and potential 
interactions between the institution's use of a Reserve Bank account 
and services and (other parts of) the payment system.
    i. The extent to which the institution's use of a Reserve Bank 
account and services might restrict funds from being available to 
support the liquidity needs of other institutions should also be 
considered.
    d. The institution must, in the Reserve Bank's judgment:
    i. Be in sound financial condition, including maintaining adequate 
capital to continue as a going concern and to meet its current and 
projected operating expenses under a range of scenarios.
    ii. Demonstrate the ability, on an ongoing basis (including during 
periods of idiosyncratic or market stress), to meet all of its 
obligations in order to remain a going concern and comply with its 
agreement for a Reserve Bank account and services, including by 
maintaining:
    A. Sufficient liquid resources to meet its obligations to the 
Reserve Bank under applicable agreements, Operating Circulars, and 
Board policies;
    B. The operational capacity to ensure that such liquid resources 
are available to satisfy all such obligations to the Reserve Bank on a 
timely basis; and
    C. Settlement processes designed to appropriately monitor balances 
in its Reserve Bank account on an intraday basis, to process 
transactions through its account in an orderly manner and maintain/
achieve a positive account balance before the end of the business day.
    iii. Have in place an operational risk framework designed to ensure 
operational resiliency against events associated with processes, 
people, and systems that may impair the institution's payment system 
activities. This framework should consider internal and external 
factors, including operational risk inherent in the institution's 
business model, risk that might arise in connection with its use of the 
payment system, and cyber-related risks. At a minimum, the framework 
should:
    A. Identify the range of operational risks presented by the 
institution's business model (e.g., cyber vulnerability, operational 
failure, resiliency of service providers), and establish sound 
operational risk management objectives;
    B. Establish sound governance arrangements, rules, and procedures 
to oversee the operational risk management framework;
    C. Establish clear and appropriate rules and procedures to carry 
out the risk management objectives;
    D. Employ the resources necessary to achieve its risk management 
objectives and implement effectively its rules and procedures, 
including, but not limited to, sound processes for physical and 
information security, internal controls, compliance, program 
management, incident management, business continuity, audit, and well-
qualified personnel.
    4. Provision of an account and services to an institution should 
not create undue risk to the stability of the U.S. financial system.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should determine, in consultation with the 
other Reserve Banks and Board as appropriate, whether the access to an 
account and services by an institution itself or a group of like 
institutions could introduce financial stability risk to the U.S. 
financial system.
    c. The Reserve Bank should confirm that the institution has an 
effective risk management framework and governance arrangements for 
managing liquidity, credit, and other risks that may arise in times of 
financial or economic stress.
    d. The Reserve Bank should consider the extent to which, especially 
in times of financial or economic stress, liquidity or other strains at 
the institution may be transmitted to other segments of the financial 
system.
    e. The Reserve Bank should consider the extent to which, especially 
during times of financial or economic stress, access to an account and 
services by an institution itself (or a group of like institutions) 
could affect deposit balances across U.S. financial institutions more 
broadly and whether any resulting movements in deposit balances could 
have a deleterious effect on U.S. financial stability.
    i. Balances held in Reserve Bank accounts present no credit or 
liquidity risk, making them very attractive in times of financial or 
economic stress. As

[[Page 51109]]

a result, in times of stress, investors that would otherwise provide 
short- term funding to nonfinancial firms, financial firms, and state 
and local governments could rapidly withdraw that funding and instead 
deposit their funds with an institution holding mostly central bank 
balances. If the institution is not subject to capital requirements 
similar to a federally-insured institution, it can more easily expand 
its balance sheet during times of stress; as a result, the potential 
for sudden and significant deposit inflows into that institution is 
particularly large, which could disintermediate other parts of the 
financial system, greatly amplifying stress.
    5. Provision of an account and services to an institution should 
not create undue risk to the overall economy by facilitating activities 
such as money laundering, terrorism financing, fraud, cybercrimes, 
economic or trade sanctions violations, or other illicit activity.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should confirm that the institution has a BSA/
AML compliance program consisting of the components set out below and 
in relevant regulations.\8\
---------------------------------------------------------------------------

    \8\ Refer to 12 CFR 208.62 and 63, 12 CFR 211.5(k), 5(m), 24(f), 
and 24(j), and 12 CFR 225.4(f) (Federal Reserve); 12 CFR 326.8 and 
12 CFR part 353 (FDIC); 12 CFR 748.1-2 (NCUA); 12 CFR 21.11, and 21, 
and 12 CFR 163.180 (OCC); and 31 CFR 1020.210(a) and (b), and 31 CFR 
1020.320 (FinCEN), which are controlling.
---------------------------------------------------------------------------

    i. For these purposes, the Reserve Bank should confirm that the 
institution's BSA/AML compliance program contains the following 
elements.\9\
---------------------------------------------------------------------------

    \9\ Reserve Banks may reference the FFIEC BSA/AML Manual. These 
guidelines may be updated to reflect any changes to relevant 
regulations.
---------------------------------------------------------------------------

    A. A system of internal controls, including policies and 
procedures, to ensure ongoing BSA/AML compliance;
    B. Independent audit and testing of BSA/AML compliance to be 
conducted by bank personnel or by an outside party;
    C. Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance (BSA compliance 
officer);
    D. Ongoing training for appropriate personnel, tailored to each 
individual's specific responsibilities, as appropriate;
    E. Appropriate risk-based procedures for conducting ongoing 
customer due diligence to include, but not limited to, understanding 
the nature and purpose of customer relationships for the purpose of 
developing a customer risk profile and conducting ongoing monitoring to 
identify and report suspicious transactions and, on a risk basis, to 
maintain and update customer information;
    c. The Reserve Bank should confirm that the institution has a 
compliance program designed to support its compliance with the Office 
of Foreign Assets Control (OFAC) regulations at 31 CFR Chapter V.\10\
---------------------------------------------------------------------------

    \10\ Reserve Banks may reference the OFAC section of the FFIEC 
BSA/AML Manual. These guidelines may be updated to reflect any 
changes to relevant regulations.
---------------------------------------------------------------------------

    i. For these purposes, the Reserve Bank may review the 
institution's written OFAC compliance program, provided one has been 
created, and confirm that it is commensurate with the institution's 
OFAC risk profile. An OFAC compliance program should identify higher-
risk areas, provide for appropriate internal controls for screening and 
reporting, establish independent testing for compliance, designate a 
bank employee or employees as responsible for OFAC compliance, and 
create a training program for appropriate personnel in all relevant 
areas of the institution.
    6. Provision of an account and services to an institution should 
not adversely affect the Federal Reserve's ability to implement 
monetary policy.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should determine, in consultation with the 
other Reserve Banks and the Board as appropriate, whether access to an 
account and services by an institution itself or a group of like 
institutions could have an effect on the implementation of monetary 
policy.
    c. The Reserve Bank should consider, among other things, whether 
access to a Reserve Bank account and services by the institution or 
group of like institutions could affect the level and variability of 
the demand for and supply of reserves, the level and volatility of key 
policy interest rates, the structure of key short-term funding markets, 
and on the overall size of the consolidated balance sheet of the 
Reserve Banks. The Reserve Bank should consider the implications of 
providing an account to the institution in normal times as well as in 
times of stress. This consideration should occur regardless of the 
current monetary policy implementation framework in place.
Section 2: Tiered Review Framework
    The tiered review framework in this section is meant to serve as a 
guide to the level of due diligence and scrutiny to be applied by 
Reserve Banks to different types of institutions. Although institutions 
in a higher tier will on average face greater due diligence and 
scrutiny than institutions in a lower tier, a Reserve Bank has the 
authority to grant or deny an access request by an institution in any 
of the three proposed tiers, based on the Reserve Bank's application of 
the Account Access Guidelines in Section 1 to that particular 
institution. As discussed above, an institution's access request will 
be reviewed on a case-by-case, risk-focused basis and the tiers are 
designed to provide additional transparency into the expected review 
process based on key characteristics.
    1. Tier 1: Eligible institutions that are federally insured.\11\
---------------------------------------------------------------------------

    \11\ See 12 U.S.C. 1813(c)(2) (defining ``insured depository 
institution'' for purposes of the Federal Deposit Insurance Act) and 
12 U.S.C. 1752(7) (defining ``insured credit union'' for purposes of 
the Federal Credit Union Act).
---------------------------------------------------------------------------

    a. As federally-insured depository institutions, Tier 1 
institutions are already subject to a standard, strict, and 
comprehensive set of federal banking regulations.
    b. In addition, for most Tier 1 institutions, detailed regulatory 
and financial information would in most cases be readily available, 
often in public form.
    c. Accordingly, access requests by Tier 1 institutions will 
generally be subject to a less intensive and more streamlined review.
    d. In cases where the application of the Guidelines to Tier 1 
institutions identifies potentially higher risk profiles, the 
institutions will receive additional attention.
    2. Tier 2: Eligible institutions that are not federally insured but 
are subject (by statute) to prudential supervision by a federal banking 
agency.\12\ In addition, (i) if such an institution is chartered under 
federal law, it has a holding company that is subject to Federal 
Reserve oversight (by statute or commitments); and (ii) if such an 
institution is

[[Page 51110]]

chartered under state law and has a holding company, that holding 
company is subject to Federal Reserve oversight (by statute or 
commitments).\13\
---------------------------------------------------------------------------

    \12\ The federal banking agencies include the Board, the Office 
of the Comptroller of the Currency (OCC), the Federal Deposit 
Insurance Corporation, and the National Credit Union Administration. 
Non-federally-insured institutions that are chartered under federal 
law are subject to prudential supervision by the OCC. Non-federally-
insured institutions that are chartered under state law are subject 
to prudential supervision by the Board if they become members of the 
Federal Reserve System.
    \13\ Edge and Agreement Corporations and U.S. branches and 
agencies of foreign banks would fall under a Tier 2 level of review 
because of Federal Reserve oversight over these institutions.
---------------------------------------------------------------------------

    a. Tier 2 institutions are subject to a similar, but not identical, 
set of regulations as federally-insured institutions. As a result, Tier 
2 institutions may still present greater risks than Tier 1 
institutions.
    b. Reserve Banks will have significant supervisory information 
about, as well as some level of regulatory authority over, Tier 2 
institutions.
    c. Accordingly, account access requests by Tier 2 institutions will 
generally receive an intermediate level of review.
    3. Tier 3: Eligible institutions that are not federally insured and 
are not considered in Tier 2.
    a. Non-federally-insured institutions that are chartered under 
federal law but do not have a holding company subject to Federal 
Reserve oversight would be considered in Tier 3.
    b. Non-federally-insured institutions that are chartered under 
state law and are not subject (by statute) to prudential supervision by 
a federal banking agency, or have a holding company that is not subject 
to Federal Reserve oversight, would be considered in Tier 3.
    c. Tier 3 institutions may be subject to a regulatory framework 
that is substantially different from the regulatory framework that 
applies to federally-insured institutions.
    d. In addition, detailed regulatory and financial information 
regarding Tier 3 institutions may not exist or may be unavailable.
    e. Accordingly, Tier 3 institutions will generally receive the 
strictest level of review.
-End-

    By order of the Board of Governors of the Federal Reserve 
System.
Ann Misback,
Secretary of the Board.
[FR Doc. 2022-17885 Filed 8-18-22; 8:45 am]
BILLING CODE 6210-01-P