Guidelines for Evaluating Account and Services Requests, 12957-12962 [2022-04897]

Agencies

• FEDERAL RESERVE SYSTEM

[Federal Register Volume 87, Number 45 (Tuesday, March 8, 2022)]
[Notices]
[Pages 12957-12962]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-04897]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

[Docket No. OP-1747]


Guidelines for Evaluating Account and Services Requests

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Supplemental notice and request for comment.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
is issuing a supplemental notice and request for comment on updates to 
its proposed guidelines (Account Access Guidelines) for Federal Reserve 
Banks (Reserve Banks) to utilize in evaluating requests for access to 
Reserve Bank master accounts and services (accounts and services). The 
supplemental notice includes a new section of the proposed Account 
Access Guidelines that would establish a tiered-review framework to 
provide additional clarity on the level of due diligence and scrutiny 
to be applied to requests for Reserve Bank accounts and services.

DATES: Comments must be received on or before April 22, 2022.

FOR FURTHER INFORMATION CONTACT: Jason Hinkle, Assistant Director (202-
912-7805), Division of Reserve Bank Operations and Payment Systems, or 
Sophia H. Allison, Senior Special Counsel (202-452-3565) or Gavin 
Smith, Senior Counsel (202-872-7578), Legal Division, Board of 
Governors of the Federal Reserve System. For users of TTY-TRS, please 
call 711 from any telephone, anywhere in the United States.

ADDRESSES: You may submit comments, identified by Docket No. OP-1765, 
by any of the following methods:
    Agency Website: https://www.federalreserve.gov. Follow the 
instructions for submitting comments at https://www.federalreserve.gov/apps/foia/proposedregs.aspx.
    Email: [email protected]. Include docket number in 
the subject line of the message.
    Fax: (202) 452-3819 or (202) 452-3102.
    Mail: Ann E. Misback, Secretary, Board of Governors of the Federal 
Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 
20551.
    All public comments are available from the Board's website at 
https://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as 
submitted, unless modified for technical reasons or to remove 
personally identifiable information at the commenter's request. 
Accordingly, comments will not be edited to remove any identifying or 
contact information. Public comments may also be viewed in-person in 
Room M-4365A, 2001 C St. NW, Washington, DC 20551, between 9:00 a.m. 
and 5:00 p.m. during federal business weekdays.

SUPPLEMENTARY INFORMATION:

I. Background

    On May 5, 2021, the Board requested comment on proposed guidelines 
to be used by Reserve Banks in evaluating requests for accounts and 
services (Original Proposal).\1\ The Original Proposal reflected the 
Board's policy goals of (1) ensuring the safety and soundness of the 
banking system, (2) effectively implementing monetary policy, (3) 
promoting financial stability, (4) protecting consumers, and (5) 
promoting a safe, efficient, inclusive,

[[Page 12958]]

and innovative payment system. The Original Proposal was also intended 
to ensure that Reserve Banks apply a transparent and consistent set of 
factors when reviewing requests for accounts and services (access 
requests).
---------------------------------------------------------------------------

    \1\ 86 FR 25865 (May 11, 2021).
---------------------------------------------------------------------------

    The Original Proposal consisted of six principles. The first 
principle specified that only institutions that are legally eligible 
for access to Reserve Bank accounts and services would be considered 
for access. The remaining five principles addressed specific risks, 
ranging from narrow risks (such as risk to an individual Reserve Bank) 
to broader risks (such as risk to the U.S. financial system).\2\ For 
each of these five principles, the Original Proposal set forth factors 
that Reserve Banks should consider when evaluating an institution's 
access request against the specific risk targeted by the principle. The 
identified factors are commonly used in the regulation and supervision 
of federally-insured institutions. The Board notes that, when applying 
the proposed Account Access Guidelines, the Reserve Bank would 
integrate to the extent possible the assessments of an institution by 
its state and/or federal supervisors into the Reserve Bank's own 
independent assessment of the institution's risk profile.
---------------------------------------------------------------------------

    \2\ The Account Access Guidelines were designed primarily as a 
risk management framework and, as such, focus on risks an 
institution's access could pose. The Board notes, however, that 
granting an access request could also have net benefits to the 
financial system, although these are not a focus of the Account 
Access Guidelines.
---------------------------------------------------------------------------

    The Original Proposal noted that the application of the Guidelines 
to requests by federally-insured institutions should be fairly 
straightforward, while requests from non-federally insured institutions 
may require more extensive due diligence. This supplemental notice 
(Updated Proposal) includes the Original Proposal substantially as 
proposed but includes a new section 2 of the Account Access Guidelines 
that would incorporate a tiering framework based on an institution's 
characteristics. The three tiers would provide additional clarity on 
how the Reserve Banks would apply the principles in section 1 of the 
Account Access Guidelines to different types of institutions.

II. Overview of Comments on Original Proposal

    The Board received 46 individual comment letters and 281 duplicate 
form letters in response to the Original Proposal. Nearly all the 
comment letters expressed general support for the proposed Account 
Access Guidelines, and most letters also made recommendations for 
improvements. Commenters represented several types of institutions, 
including (1) institutions with traditional charters, such as banks and 
credit unions, and their trade associations; (2) institutions with 
novel charters, such as cryptocurrency custody banks, and their trade 
associations; and (3) think tanks and non-profit advocacy groups. The 
views expressed by the first category of commenters often conflicted 
with the views expressed by the second category of commenters.\3\ The 
duplicate form letters included recommendations that mirrored those 
submitted by trade associations for institutions with traditional 
charters.
---------------------------------------------------------------------------

    \3\ For example, many commenters in the first category suggested 
that institutions with novel charters should face a more challenging 
path to access accounts and services, while many commenters in the 
second category suggested that institutions with novel charters 
should face an easier path to access accounts and service.
---------------------------------------------------------------------------

III. Updated Proposal

    The Account Access Guidelines listed in this Updated Proposal 
consist of two sections. Proposed section 1--which describes the six 
principles that the Reserve Banks would use in evaluating requests for 
accounts and services--is substantially the same as the Account Access 
Guidelines described in the Original Proposal.\4\
---------------------------------------------------------------------------

    \4\ The Updated Proposal incorporates certain technical changes 
to Section 1. For example, some commenters read Principle 6 to 
suggest that Reserve Banks, rather than the Board, have the 
authority to establish the interest on reserve balances (IORB) rate. 
The Updated Proposal deletes the language that commenters read to 
suggest that Reserve Banks have the authority to establish the IORB 
rate.
---------------------------------------------------------------------------

    The Original Proposal noted that the application of the Account 
Access Guidelines to requests by federally-insured institutions should 
be fairly straightforward, while requests from non-federally insured 
institutions may require more extensive due diligence. The Updated 
Proposal includes a new section 2 of the Account Access Guidelines, 
which would establish a three-tiered review framework to provide 
additional clarity regarding the review process for different types of 
institutions.
    Tier 1 would consist of eligible institutions that are federally-
insured. These institutions are already subject to a comprehensive set 
of federal banking regulations, and, in most cases, detailed regulatory 
and financial information about these firms would be readily available. 
Accordingly, access requests by Tier 1 institutions would generally be 
subject to a less intensive and more streamlined review. In cases where 
the application of the Guidelines to Tier 1 institutions identifies 
potentially higher risk profiles, the institutions would receive 
additional attention.
    Tier 2 would consist of eligible institutions that are not 
federally-insured but (i) are subject (by statute) to prudential 
supervision by a federal banking agency; and (ii) any holding company 
of which would be subject to Federal Reserve oversight (by statute or 
by commitments).\5\ Tier 2 institutions would be subject to similar but 
not identical regulations as federally-insured institutions, and as a 
result, may present greater risks than Tier 1 institutions. 
Additionally, detailed regulatory and financial information regarding 
Tier 2 institutions is less likely to be available and may not be 
available in public form. Accordingly, access requests by Tier 2 
institutions would generally receive an intermediate level of review.
---------------------------------------------------------------------------

    \5\ The Board would expect holding companies of Tier 2 entities 
to comply with similar requirements as holding companies subject to 
the Bank Holding Company Act.
---------------------------------------------------------------------------

    Tier 3 would consist of eligible institutions that are not 
federally insured and not subject to prudential supervision by a 
federal banking agency at the institution or holding company level. 
Tier 3 institutions may be subject to a supervisory or regulatory 
framework that is substantially different from, and possibly weaker 
than, the supervisory and regulatory framework that applies to 
federally-insured institutions, and as a result may pose the highest 
level of risk. Detailed regulatory and financial information regarding 
Tier 3 institutions may not exist or may be unavailable. Accordingly, 
access requests by Tier 3 institutions would generally receive the 
strictest level of review.
    The Board seeks comment on all aspects of the Updated Proposal.

[[Page 12959]]

IV. Updated Account Access Guidelines

Guidelines Covering Access to Accounts and Services at Federal Reserve 
Banks (Account Access Guidelines)

Section 1: Principles
    The Board of Governors of the Federal Reserve System (Board) is 
adopting account access guidelines comprised of six principles to be 
used by Federal Reserve Banks (Reserve Banks) in evaluating requests 
for master accounts and access to Federal Reserve Bank financial 
services (access requests).1 2 The account access guidelines 
apply to requests from all institutions that are legally eligible to 
receive an account or services, as discussed in more detail in the 
first principle.\3\ The Board expects the Reserve Banks to collaborate 
on reviews of account and service requests, as well as ongoing 
monitoring of accountholders, to ensure that the guidelines are 
implemented in a consistent and timely manner.
---------------------------------------------------------------------------

    \1\ As discussed in the Federal Reserve's Operating Circular No. 
1, an institution has the option to settle its Federal Reserve 
financial services transactions in its master account with a Reserve 
Bank or in the master account of another institution that has agreed 
to act as its correspondent. These principles apply to requests for 
either arrangement.
    \2\ Reserve Bank financial services mean all services subject to 
Federal Reserve Act, section 11A (``priced services'') and Reserve 
Bank cash services. Financial services do not include transactions 
conducted as part of the Federal Reserve's open market operations or 
administration of the Reserve Banks' Discount Window.
    \3\ These principles would not apply to accounts provided under 
fiscal agency authority or to accounts authorized pursuant to the 
Board's Regulation N (12 CFR 214), joint account requests, or 
account requests from designated financial market utilities, since 
existing rules or policies already set out the considerations 
involved in granting these types of accounts.
---------------------------------------------------------------------------

    The Federal Reserve System's (Federal Reserve) approach to 
providing institutions with accounts and services depends on, among 
other things, whether the institution is legally eligible to obtain an 
account and on the Federal Reserve's policy goals of ensuring the 
safety and soundness of the banking system, effectively implementing 
monetary policy, promoting financial stability, protecting consumers, 
and promoting a safe, effective, efficient, accessible, and innovative 
payment system. The Board believes it is important to make clear that 
legal eligibility does not bestow a right to obtain an account and 
services. While decisions regarding individual access requests remain 
at the discretion of the individual Reserve Banks, the Board believes 
it is important that the Reserve Banks apply a consistent set of 
guidelines when reviewing such access requests to promote consistent 
outcomes across Reserve Banks and to facilitate equitable treatment 
across institutions.\4\
---------------------------------------------------------------------------

    \4\ The Board has issued these account access guidelines under 
its general supervision authority over the operations of the Reserve 
Banks, 12 U.S.C 248(j). Decisions on access to accounts and services 
are made by the Reserve Bank in whose District the requestor is 
located.
---------------------------------------------------------------------------

    These account access guidelines also serve to inform requestors of 
the factors that a Reserve Bank will review in any access request and 
thereby allow a requestor to make any enhancements to its risk 
management, documentation, or other practices to attempt to demonstrate 
how it meets each of the principles.
    These guidelines broadly outline considerations for evaluating 
access requests but are not intended to provide assurance that any 
specific institution will be granted an account and services. The 
individual Reserve Bank will evaluate each access request on a case-by-
case basis. When applying these account access guidelines, the Reserve 
Bank should consider, to the extent possible, the assessments of an 
institution by state and/or federal supervisors into its independent 
analysis of the institution's risk profile. The evaluation of an 
institution's access request should also consider whether the request 
has the potential to set a precedent that could affect the Federal 
Reserve's ability to achieve its policy goals now or in the future.
    If the Reserve Bank decides to grant an access request, it may 
impose (at the time of account opening, granting access to service, or 
any time thereafter) obligations relating to, or conditions or 
limitations on, use of the account or services as necessary to limit 
operational, credit, legal, or other risks posed to the Reserve Banks, 
the payment system, financial stability or the implementation of 
monetary policy or to address other considerations.\5\ The account-
holding Reserve Bank may, at its discretion, decide to place additional 
risk management controls on the account and services, such as real-time 
monitoring of account balances, as it may deem necessary to mitigate 
risks. If the obligations, limitations, or controls are ineffective in 
mitigating the risks identified or if the obligations, limitations, or 
controls are breached, the account-holding Reserve Bank may further 
restrict the institution's use of accounts and services or may close 
the account. Establishment of an account and provision of services by a 
Reserve Bank under these guidelines is not an endorsement or approval 
by the Federal Reserve of the institution. Nothing in the Board's 
guidelines relieves any institution from compliance with obligations 
imposed by the institution's supervisors and regulators.
---------------------------------------------------------------------------

    \5\ The conditions imposed could include, for example, 
establishing a cap on the amount of balances held in the account. In 
addition, the Board may authorize a Reserve Bank to pay a different 
rate of interest on balances held in the account or may limit the 
amount of balances in the account that receive interest.
---------------------------------------------------------------------------

    Accordingly, Reserve Banks should evaluate how each institution 
requesting access to an account and services will meet the following 
principles.\6\ Each principle identifies factors that Reserve Banks 
should consider when evaluating an institution against the specific 
risk targeted by the principle (several factors are pertinent to more 
than one principle). The identified factors are commonly used in the 
regulation and supervision of federally-insured institutions. As a 
result, the Board anticipates the application of the account access 
guidelines to access requests by federally-insured institutions will be 
fairly straightforward in most cases. However, Reserve Bank assessments 
of access requests from non-federally insured institutions may require 
more extensive due diligence. Reserve Banks monitor and analyze the 
condition of institutions with access to accounts and services on an 
ongoing basis. Reserve Banks should use the guidelines to re-evaluate 
the risks posed by an institution in cases where its condition 
monitoring and analysis indicate potential changes in the risk profile 
of an institution, including a significant change to the institution's 
business model.
---------------------------------------------------------------------------

    \6\ The principles are designed to address risks posed by an 
institution having access to an account and services, ranging from 
narrow risks (e.g., to an individual Reserve Bank) to broader risks 
(e.g., to the overall economy). Review activities performed by the 
Reserve Bank may address several principles at once.
---------------------------------------------------------------------------

    1. Each institution requesting an account or services must be 
eligible under the Federal Reserve Act or other federal statute to 
maintain an account at a Federal Reserve Bank (Reserve Bank) and 
receive Federal Reserve services and should have a well-founded, clear, 
transparent, and enforceable legal basis for its operations.\7\
---------------------------------------------------------------------------

    \7\ These principles do not apply to accounts and services 
provided by a Reserve Bank (i) as depository and fiscal agent, such 
as those provided for the Treasury and for certain government-
sponsored entities (12 U.S.C. 391, 393-95, 1823, 1435), (ii) to 
certain international organizations (22 U.S.C. 285d, 286d, 290o-3, 
290i-5, 290l-3), (iii) to designated financial market utilities (12 
U.S.C. 5465), (iv) pursuant to the Board's Regulation N (12 CFR 
214), or (v) pursuant to the Board's Guidelines for Evaluating Joint 
Account Requests.
---------------------------------------------------------------------------

    a. Unless otherwise specified by federal statute, only those 
entities that are member banks or meet the definition of a depository 
institution under section

[[Page 12960]]

19(b) of the Federal Reserve Act are legally eligible to obtain Federal 
Reserve accounts and financial services.\8\
---------------------------------------------------------------------------

    \8\ Unless otherwise expressly excluded under the previous 
footnote, these principles apply to account requests from all 
institutions, including member banks or other entities that meet the 
definition of a depository institution under section 19(b), as well 
as Edge and Agreement corporations (12 U.S.C. 601-604a, 611-631), 
and U.S. branches and agencies of foreign banks (12 U.S.C. 347d).
---------------------------------------------------------------------------

    b. The Reserve Bank should assess the consistency of the 
institution's activities and services with applicable laws and 
regulations, such as Article 4A of the Uniform Commercial Code and the 
Electronic Fund Transfer Act. The Reserve Bank should also consider 
whether the design of the institution's services would impede 
compliance by the institution's customers with U.S. sanctions programs, 
Bank Secrecy Act (BSA) and anti-money-laundering (AML) requirements or 
regulations, or consumer protection laws and regulations.
    2. Provision of an account and services to an institution should 
not present or create undue credit, operational, settlement, cyber or 
other risks to the Reserve Bank.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should confirm that the institution has an 
effective risk management framework and governance arrangements to 
ensure that the institution operates in a safe and sound manner, during 
both normal conditions and periods of idiosyncratic and market stress.
    i. For these purposes, effective risk management includes having a 
robust framework, including policies, procedures, systems, and 
qualified staff, to manage applicable risks. The framework should at a 
minimum identify, measure, and control the particular risks posed by 
the institution's business lines, products and services. The 
effectiveness of the framework should be further supported by internal 
testing and internal audit reviews.
    ii. The framework should be subject to oversight by a board of 
directors (or similar body) as well as oversight by state and/or 
federal banking supervisor(s).
    iii. The framework should clearly identify all risks that may arise 
related to the institution's business (e.g., legal, credit, liquidity, 
operational, custody, investment) as well as objectives regarding the 
risk tolerances for the management of such risks.
    c. The Reserve Bank should confirm that the institution is in 
substantial compliance with its supervisory agency's regulatory and 
supervisory requirements.
    d. The institution must, in the Reserve Bank's judgment:
    i. Demonstrate an ability to comply, were it to obtain a master 
account, with Board orders and policies, Reserve Bank agreements and 
operating circulars, and other applicable Federal Reserve requirements.
    ii. Be in sound financial condition, including maintaining adequate 
capital to continue as a going concern and to meet its current and 
projected operating expenses under a range of scenarios.
    iii. Demonstrate the ability, on an ongoing basis (including during 
periods of idiosyncratic or market stress), to meet all of its 
obligations in order to remain a going concern and comply with its 
agreement for a Reserve Bank account and services, including by 
maintaining:
    A. Sufficient liquid resources to meet its obligations to the 
Reserve Bank under applicable agreements, operating circulars, and 
Board policies;
    B. The operational capacity to ensure that such liquid resources 
are available to satisfy all such obligations to the Reserve Bank on a 
timely basis; and
    C. Settlement processes designed to appropriately monitor balances 
in its Reserve Bank account on an intraday basis, to process 
transactions through its account in an orderly manner and maintain/
achieve a positive account balance before the end of the business day.
    iv. Have in place an operational risk framework designed to ensure 
operational resiliency against events associated with processes, 
people, and systems that may impair the institution's use and 
settlement of Reserve Bank services. This framework should consider 
internal and external factors, including operational risks inherent in 
the institution's business model, risks that might arise in connection 
with its use of any Reserve Bank account and services, and cyber-
related risks. At a minimum, the operational risk framework should:
    A. Identify the range of operational risks presented by the 
institution's business model (e.g., cyber vulnerability, operational 
failure, resiliency of service providers), and establish sound 
operational risk management objectives to address such risks;
    B. Establish sound governance arrangements, rules, and procedures 
to oversee and implement the operational risk management framework;
    C. Establish clear and appropriate rules and procedures to carry 
out the risk management objectives;
    D. Employ the resources necessary to achieve its risk management 
objectives and implement effectively its rules and procedures, 
including, but not limited to, sound processes for physical and 
information security, internal controls, compliance, program 
management, incident management, business continuity, audit, and well-
qualified personnel; and
    E. Support compliance with the electronic access requirements, 
including security measures, outlined in the Reserve Banks' Operating 
Circular 5 and its supporting documentation.
    3. Provision of an account and services to an institution should 
not present or create undue credit, liquidity, operational, settlement, 
cyber or other risks to the overall payment system.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should confirm that the institution has an 
effective risk management framework and governance arrangements to 
limit the impact that idiosyncratic stress, disruptions, outages, cyber 
incidents, or other incidents at the institution might have on other 
institutions and the payment system broadly. The framework should 
include:
    i. Clearly defined operational reliability objectives and policies 
and procedures in place to achieve those objectives.
    ii. A business continuity plan that addresses events that have the 
potential to disrupt operations and a resiliency objective to ensure 
the institution can resume services in a reasonable timeframe.
    iii. Policies and procedures for identifying risks that external 
parties may pose to sound operations, including interdependencies with 
affiliates, service providers, and others.
    c. The Reserve Bank should identify actual and potential 
interactions between the institution's use of a Reserve Bank account 
and services and (other parts of) the payment system.
    i. The extent to which the institution's use of a Reserve Bank 
account and services might restrict funds from being available to 
support the liquidity needs of other institutions should also be 
considered.
    d. The institution must, in the Reserve Bank's judgment:

[[Page 12961]]

    i. Be in sound financial condition, including maintaining adequate 
capital to continue as a going concern and to meet its current and 
projected operating expenses under a range of scenarios.
    ii. Demonstrate the ability, on an ongoing basis (including during 
periods of idiosyncratic or market stress), to meet all of its 
obligations in order to remain a going concern and comply with its 
agreement for a Reserve Bank account and services, including by 
maintaining:
    A. Sufficient liquid resources to meet its obligations to the 
Reserve Bank under applicable agreements, Operating Circulars, and 
Board policies;
    B. The operational capacity to ensure that such liquid resources 
are available to satisfy all such obligations to the Reserve Bank on a 
timely basis; and
    C. Settlement processes designed to appropriately monitor balances 
in its Reserve Bank account on an intraday basis, to process 
transactions through its account in an orderly manner and maintain/
achieve a positive account balance before the end of the business day.
    iii. Have in place an operational risk framework designed to ensure 
operational resiliency against events associated with processes, 
people, and systems that may impair the institution's payment system 
activities. This framework should consider internal and external 
factors, including operational risk inherent in the institution's 
business model, risk that might arise in connection with its use of the 
payment system, and cyber-related risks. At a minimum, the framework 
should:
    A. Identify the range of operational risks presented by the 
institution's business model (e.g., cyber vulnerability, operational 
failure, resiliency of service providers), and establish sound 
operational risk-management objectives;
    B. Establish sound governance arrangements, rules, and procedures 
to oversee the operational risk management framework;
    C. Establish clear and appropriate rules and procedures to carry 
out the risk management objectives;
    D. Employ the resources necessary to achieve its risk management 
objectives and implement effectively its rules and procedures, 
including, but not limited to, sound processes for physical and 
information security, internal controls, compliance, program 
management, incident management, business continuity, audit, and well-
qualified personnel.
    4. Provision of an account and services to an institution should 
not create undue risk to the stability of the U.S. financial system.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should determine, in coordination with the 
other Reserve Banks and Board, whether the access to an account and 
services by an institution itself or a group of like institutions could 
introduce financial stability risk to the U.S. financial system.
    c. The Reserve Bank should confirm that the institution has an 
effective risk management framework and governance arrangements for 
managing liquidity, credit, and other risks that may arise in times of 
financial or economic stress.
    d. The Reserve Bank should consider the extent to which, especially 
in times of financial or economic stress, liquidity or other strains at 
the institution may be transmitted to other segments of the financial 
system.
    e. The Reserve Bank should consider the extent to which, especially 
during times of financial or economic stress, access to an account and 
services by an institution itself (or a group of like institutions) 
could affect deposit balances across U.S. financial institutions more 
broadly and whether any resulting movements in deposit balances could 
have a deleterious effect on U.S. financial stability.
    i. Balances held in Reserve Bank accounts are high-quality liquid 
assets, making them very attractive in times of financial or economic 
stress. For example, in times of stress, investors that would otherwise 
provide short-term funding to nonfinancial firms, financial firms, and 
state and local governments could rapidly withdraw that funding and 
instead deposit their funds with an institution holding mostly central 
bank balances. If the institution is not subject to capital 
requirements similar to a federally-insured institution, it can more 
easily expand its balance sheet during times of stress; as a result, 
the potential for sudden and significant deposit inflows into that 
institution is particularly large, which could disintermediate other 
parts of the financial system, greatly amplifying stress.
    5. Provision of an account and services to an institution should 
not create undue risk to the overall economy by facilitating activities 
such as money laundering, terrorism financing, fraud, cybercrimes, 
economic or trade sanctions violations, or other illicit activity.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should confirm that the institution has a BSA/
AML compliance program consisting of the components set out below and 
in relevant regulations.\9\
---------------------------------------------------------------------------

    \9\ Refer to 12 CFR 208.62 and 63, 12 CFR 211.5(k), 5(m), 24(f), 
and 24(j), and 12 CFR 225.4(f) (Federal Reserve); 12 CFR 326.8 and 
12 CFR part 353 (FDIC); 12 CFR 748.1-2 (NCUA); 12 CFR 21.11, and 21, 
and 12 CFR 163.180 (OCC); and 31 CFR 1020.210(a) and (b), and 31 CFR 
1020.320 (FinCEN), which are controlling.
---------------------------------------------------------------------------

    i. For these purposes, the Reserve Bank should confirm that the 
institution's BSA/AML compliance program contains the following 
elements: \10\
---------------------------------------------------------------------------

    \10\ Reserve Banks may reference the FFIEC BSA/AML Manual. These 
guidelines may be updated to reflect any changes to relevant 
regulations.
---------------------------------------------------------------------------

    A. A system of internal controls, including policies and 
procedures, to ensure ongoing BSA/AML compliance;
    B. Independent audit and testing of BSA/AML compliance to be 
conducted by bank personnel or by an outside party;
    C. Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance (BSA compliance 
officer);
    D. Ongoing training for appropriate personnel, tailored to each 
individual's specific responsibilities, as appropriate;
    E. Appropriate risk-based procedures for conducting ongoing 
customer due diligence to include, but not limited to, understanding 
the nature and purpose of customer relationships for the purpose of 
developing a customer risk profile and conducting ongoing monitoring to 
identify and report suspicious transactions and, on a risk basis, to 
maintain and update customer information;
    c. The Reserve Bank should confirm that the institution has a 
compliance program designed to support its compliance with the Office 
of Foreign Assets Control (OFAC) regulations at 31 CFR Chapter V.\11\
---------------------------------------------------------------------------

    \11\ Reserve Banks may reference the OFAC section of the FFIEC 
BSA/AML Manual. These guidelines may be updated to reflect any 
changes to relevant regulations.
---------------------------------------------------------------------------

    i. For these purposes, the Reserve Bank may review the 
institution's written OFAC compliance program, provided one has been 
created, and confirm that it is commensurate with the institution's 
OFAC risk profile. An OFAC compliance program should identify higher-
risk areas, provide for appropriate internal controls for

[[Page 12962]]

screening and reporting, establish independent testing for compliance, 
designate a bank employee or employees as responsible for OFAC 
compliance, and create a training program for appropriate personnel in 
all relevant areas of the institution.
    6. Provision of an account and services to an institution should 
not adversely affect the Federal Reserve's ability to implement 
monetary policy.
    a. The Reserve Bank should incorporate, to the extent possible, the 
assessments of an institution by state and/or federal supervisors into 
its independent assessment of the institution's risk profile.
    b. The Reserve Bank should determine, in coordination with the 
other Reserve Banks and the Board, whether access to an account and 
services by an institution itself or a group of like institutions could 
have an effect on the implementation of monetary policy.
    c. The Reserve Bank should consider, among other things, whether 
access to a Reserve Bank account and services by the institution could 
affect the level and variability of the demand for and supply of 
reserves, the level and volatility of key policy interest rates, the 
structure of key short-term funding markets, and on the overall size of 
the consolidated balance sheet of the Reserve Banks. The Reserve Bank 
should consider the implications of providing an account to the 
institution in normal times as well as in times of stress. This 
consideration should occur regardless of the current monetary policy 
implementation framework in place.
Section 2: Tiered Review Framework
    The tiered review framework in this section is meant to serve as a 
guide to the level of due diligence and scrutiny to be applied by 
Reserve Banks to different types of institutions. Although institutions 
in a higher tier will face greater due diligence and scrutiny than 
institutions in a lower tier, a Reserve Bank has the authority to grant 
or deny an access request by an institution in any of the three 
proposed tiers, based on the Reserve Bank's application of the 
Guidelines in Section 1 to that particular institution.
    1. Tier 1: Eligible institutions that are federally insured.
    a. As federally-insured depository institutions, Tier 1 
institutions are already subject to a standard, strict, and 
comprehensive set of federal banking regulations.
    b. In addition, for most Tier 1 institutions, detailed regulatory 
and financial information would in most cases be readily available, 
often in public form.
    c. Accordingly, access requests by Tier 1 institutions will 
generally be subject to a less intensive and more streamlined review.
    d. In cases where the application of the Guidelines to Tier 1 
institutions identifies potentially higher risk profiles, the 
institutions will receive additional attention.
    2. Tier 2: Eligible institutions that are not federally insured, 
but that are subject to federal prudential supervision at the 
institution and, if applicable, at the holding company level.
    a. Although not federally insured, Tier 2 institutions are subject 
to prudential supervision at the institution level by a federal banking 
agency (by statute). In addition, any holding company of a Tier 2 
institution would be subject to Federal Reserve oversight (by statute 
or by commitments).
    b. Tier 2 institutions are subject to a similar, but not identical, 
set of regulations as federally-insured institutions. As a result, Tier 
2 institutions may still present greater risks than Tier 1 
institutions.
    c. In addition, detailed regulatory and financial information 
regarding such institutions may be less available or may not be 
available in public form.
    d. Accordingly, account access requests by Tier 2 institutions will 
generally receive an intermediate level of review.
    3. Tier 3: Eligible institutions that are not federally insured and 
that are not subject to federal prudential supervision at the 
institution and holding company level.
    a. Tier 3 institutions may be subject to a supervisory or 
regulatory framework that is substantially different from, and less 
rigorous than, the supervisory and regulatory framework that applies to 
federally-insured institutions.
    b. In addition, detailed regulatory and financial information 
regarding Tier 3 institutions may not exist or may be unavailable.
    c. Accordingly, Tier 3 institutions will generally receive the 
strictest level of review.

    By order of the Board of Governors of the Federal Reserve 
System.
Ann Misback,
Secretary of the Board.
[FR Doc. 2022-04897 Filed 3-7-22; 8:45 am]
BILLING CODE 6210-01-P