Access to Reserve Bank accounts and payment services: FRB guidelines

Final guidelines establishing the principles and factors

August 2022

Citing the uptick in “novel” charter types, such as cryptocurrency custody banks and others, authorized or under consideration by federal and state banking authorities, and related inquiries and requests from these institutions to access Reserve Bank accounts and services, the Federal Reserve Board has issued final guidelines for reviewing all requests for access to Reserve Bank accounts and payment services. A key feature of that review will be consideration of whether the request has the “potential to set a precedent that could affect the Federal Reserve’s ability to achieve its policy goals now or in the future.”

Institutions considering submission of an access request should proactively assess their organization against each of the principles and key factors outlined in the guidelines, particularly with regard to risk management and governance, compliance, and operational resiliency, and be able to demonstrate how they meet each of the principles.

Notably, FRB Governor Bowman cautioned that the release of the guidelines was only a first step in the process to provide transparency to the evaluation of access requests, adding that more work is needed to fully implement the guidelines and accelerated review times should not be expected.

The Federal Reserve Board (FRB) issued final guidelines establishing the principles and factors that Federal Reserve Banks (Reserve Banks) will use when reviewing requests for access to Reserve Bank accounts and services. The final guidelines are “substantially similar” to the FRB’s May 2021 proposed guidelines and the March 2022 supplemental proposal of a tiered review framework. They are meant to establish transparency, consistency, and a risk-based focus in the review process.

As outlined below, the Account Access Guidelines are comprised of two sections:

Tiered Review Framework
Principles

Account Access Guidelines: Tiered Review Framework

The final guidelines outline a tiered review framework to guide the level of due diligence and scrutiny applied by Reserve Banks in their review of different types of institutions. Access requests will be reviewed on a case-by-case, risk focused basis and Reserve Banks may grant or deny a request from an institution in any of the three tiers based on application of the principles and factors in the guidelines (see discussion below).

	Tier 1 Institutions	Tier 2 Institutions	Tier 3 Institutions
Definition	Eligible institutions that are federally insured	Eligible institutions that are not federally insured, but: Are subject to prudential supervision by a federal banking regulator, or Have a holding company that is subject to FRB oversight	Eligible institutions that are not federally insured, and not considered Tier 2, such as: Federal- and state-chartered institutions without holding companies subject to FRB oversight, or Institutions subject to a regulatory framework substantially different than federally insured institutions (“novel” charters)
Review Level	Less intensive; more streamlined	Intermediate	Strictest
Rationale	Tier 1 institutions are already subject to standard and comprehensive federal banking regulations, and detailed regulatory and, in most cases, financial information is readily available	Tier 2 institutions are subject to similar, but not identical, regulations as Tier 1 institutions, and can therefore present greater risks. However, Reserve Banks will have supervisory information and some regulatory authority over Tier 2 institutions	Tier 3 institutions may be subject to substantially different regulatory frameworks, presenting greater risks than Tier 1 and 2 institutions, and detailed regulatory and financial information may not exist or be available

Tier 1 Institutions

Tier 2 Institutions

Tier 3 Institutions

Definition

Eligible institutions that are federally insured

Eligible institutions that are not federally insured, but:

Are subject to prudential supervision by a federal banking regulator, or
Have a holding company that is subject to FRB oversight

Eligible institutions that are not federally insured, and not considered Tier 2, such as:

Federal- and state-chartered institutions without holding companies subject to FRB oversight, or
Institutions subject to a regulatory framework substantially different than federally insured institutions (“novel” charters)

Review Level

Less intensive; more streamlined

Intermediate

Strictest

Rationale

Tier 1 institutions are already subject to standard and comprehensive federal banking regulations, and detailed regulatory and, in most cases, financial information is readily available

Tier 2 institutions are subject to similar, but not identical, regulations as Tier 1 institutions, and can therefore present greater risks. However, Reserve Banks will have supervisory information and some regulatory authority over Tier 2 institutions

Tier 3 institutions may be subject to substantially different regulatory frameworks, presenting greater risks than Tier 1 and 2 institutions, and detailed regulatory and financial information may not exist or be available

Account Access Guidelines: Principles

Six (6) principles and associated factors will be considered as part of a request review, including:

Eligibility
Risk to the Reserve Banks
Risk to the payments system
Risk to the stability of the U.S. financial system
Risk of illicit activities
Risk to monetary policy implementation

Further, Reserve Banks will incorporate the assessment of an institution by state and/or federal supervisors, as appropriate and to the extent possible, into their own independent assessment for each of the principles. The FRB states the factors are commonly used in the regulation and supervision of federally insured institutions such that evaluating access requests from non-federally insured institutions “may require more extensive due diligence.”

Institutions with access to accounts and services will be monitored by the Reserve Banks on an ongoing basis. The guidelines will be used to re-evaluate the risk posed by an institution in cases where its condition, monitoring, and analysis indicate potential changes in the institution’s risk profile, including a significant change to its business model.

1. Eligibility: Each institution requesting an account or services must be legally eligible (certain exceptions apply as noted in the guidelines)

Factors
Must be an FRB member bank or meet the definition of a depository institution (under section 19(b) of the Federal Reserve Act)
Able to comply with sanctions, BSA/AML requirements, and consumer protection laws and regulations

2. Risk to the Reserve Banks: Provision of an account and services to an institution should not present or create undue credit, operational, settlement, cyber or other risks to the Reserve Bank

Factors	Details
Risk management & governance	Robust risk management framework, including: Policies, procedures, systems, and qualified staff to manage all identified risks Appropriate board and supervisory oversight
Compliance	Substantial compliance with both regulatory and supervisory requirements
Capabilities	Must demonstrate ability to: Comply with FRB orders and policies, agreements and operating circulars, and other requirements Be in sound financial condition under a range of scenarios Maintain sufficient liquidity Employ settlement processes in accordance with the Bank’s account requirements (intraday basis)
Operational resiliency	Operational risk framework that considers and addresses: Cyber vulnerability Operational failures Third-party service provider resiliency

3. Risk to the payments system: Provision of an account and services to an institution should not present or create undue credit, liquidity, operational, settlement, cyber or other risks to the overall payments system

Factors	Details
Risk management & governance	Robust risk management framework, including: Policies and procedures for identifying external risks and dependencies Operational reliability objectives, policies, and procedures Business continuity plan Interdependencies with affiliates, service providers, and others
Account & payments interactions	Actual and potential interactions with the payments system based on institution’s access to an account, and potential impacts to liquidity needs of other institutions
Capabilities	Must demonstrate ability to: Comply with FRB orders and policies, agreements and operating circulars, and other requirements Be in sound financial condition under a range of scenarios Maintain sufficient liquidity Employ settlement processes in accordance with the Bank’s account requirements (intraday basis)
Operational resiliency	Operational risk framework that considers and addresses: Cyber-related risks Risks from use of the payments system Operational risks inherent in the institution’s business model

4. Risk to the stability of the U.S. financial system: Provision of an account and services to an institution should not create undue risk to the stability of the U.S. financial system, especially in times of financial or economic stress

Factors	Details
Financial stability risk	Whether access to an account and services by the institution itself or a group of like institutions introduces financial stability risk to the U.S. financial system
Risk management & governance	Effectiveness of risk management and governance arrangements for managing risks during times of financial or economic stress
Transmission	Ability of an institution to transmit liquidity and other strains to other segments during times of financial or economic stress
Deposits	Whether access to an account and services could affect deposit balances across U.S. financial institutions more broadly during times of financial or economic stress

5. Risk of illicit activities: Provision of an account and services to an institution should not create undue risk to the overall economy by facilitating activities such as money laundering, terrorism financing, fraud, cybercrimes, or other illicit activity

Factors	Details
BSA/AML compliance program	Including the program’s: Internal controls, policies, and procedures Independent audits and testing Designation of responsibility for compliance Appropriate risk-based procedures for customer due diligence Ongoing training
OFAC compliance	Design of compliance program to support OFAC regulations and sanctions, with consideration of features similar to the BSA/AML program

Factors

Details

BSA/AML compliance program

Including the program’s:

Internal controls, policies, and procedures
Independent audits and testing
Designation of responsibility for compliance
Appropriate risk-based procedures for customer due diligence
Ongoing training

OFAC compliance

Design of compliance program to support OFAC regulations and sanctions, with consideration of features similar to the BSA/AML program

6. Risk to monetary policy implementation: Provision of an account and services to an institution should not adversely affect the FRB’s ability to implement monetary policy

Factors	Details
Implementation of monetary policy	Whether access to an account and services could influence implementation of monetary policy
Potential negative effects	Whether access to an account and services could affect, in normal times and in times of stress, the level and variability of: Demand and supply of reserves Key policy interest rates Structure of short-term funding markets Overall size of the Reserve Bank’s consolidated balance sheet

Factors

Details

Implementation of monetary policy

Whether access to an account and services could influence implementation of monetary policy

Potential negative effects

Whether access to an account and services could affect, in normal times and in times of stress, the level and variability of: