AGENCY:

Board of Governors of the Federal Reserve System.

ACTION:

Final guidance.

SUMMARY:

The Board of Governors of the Federal Reserve System (Board) has approved final guidelines (Account Access Guidelines) for Federal Reserve Banks (Reserve Banks) to utilize in evaluating requests for access to Reserve Bank master accounts and services (accounts and services).

DATES:

Implementation Date is August 19, 2022.

FOR FURTHER INFORMATION CONTACT:

Jason Hinkle, Assistant Director (202-912-7805), Division of Reserve Bank Operations and Payment Systems, or Gavin Smith, Senior Counsel (202-452-3474), Legal Division, Board of Governors of the Federal Reserve System. For users of TTY-TRS, please call 711 from any telephone, anywhere in the United States.

SUPPLEMENTARY INFORMATION:

I. Background

The payments landscape is evolving rapidly as technological progress and other factors are leading both to the introduction of new financial products and services and to different ways of providing traditional banking services. Relatedly, there has been a recent uptick in novel charter types being authorized or considered by federal and state banking authorities across the country. As a result, the Reserve Banks are receiving an increasing number of inquiries and access requests from institutions that have obtained, or are considering obtaining, such novel charter types.

A. Summary of May 2021 Proposed Account Access Guidelines

On May 5, 2021, the Board requested comment on proposed guidelines to be used by Reserve Banks in evaluating requests for accounts and services (Original Proposal or Proposed Guidelines).^[1 2] The Original Proposal reflected the Board's policy goals of (1) ensuring the safety and soundness of the banking system, (2) effectively implementing monetary policy, (3) promoting financial stability, (4) protecting consumers, and (5) promoting a safe, efficient, inclusive, and innovative payment system. The Original Proposal was also intended to ensure that Reserve Banks apply a transparent and consistent set of factors when reviewing requests for access to accounts and services (access requests).³

The Original Proposal consisted of the following six principles:

1. Each institution requesting an account or services must be eligible under the Federal Reserve Act or other federal statute to maintain an account at a Reserve Bank and receive Federal Reserve services and should have a well-founded, clear, transparent, and enforceable legal basis for its operations.

2. Provision of an account and services to an institution should not present or create undue credit, operational, settlement, cyber or other risks to the Reserve Bank.

3. Provision of an account and services to an institution should not present or create undue credit, liquidity, operational, settlement, cyber or other risks to the overall payment system.

4. Provision of an account and services to an institution should not create undue risk to the stability of the U.S. financial system.

5. Provision of an account and services to an institution should not create undue risk to the overall economy by facilitating activities such as money laundering, terrorism financing, fraud, cybercrimes, or other illicit activity. Start Printed Page 51100

6. Provision of an account and services to an institution should not adversely affect the Federal Reserve's ability to implement monetary policy.

The first principle specified that only institutions that are legally eligible for access to Reserve Bank accounts and services would be considered for access. The remaining five principles addressed specific risks, ranging from narrow risks (such as risk to an individual Reserve Bank) to broader risks (such as risk to the U.S. financial system).^[4] For each of these five principles, the Original Proposal set forth factors that Reserve Banks should consider when evaluating an institution's access request against the specific risk targeted by the principle (several factors are pertinent to more than one principle). The identified factors are commonly used in the regulation and supervision of federally-insured institutions and many of the factors are utilized in existing Reserve Bank risk management practices. The Original Proposal noted that requests from non-federally-insured institutions would generally be subject to a greater level of review. In addition, the Board noted that, when applying the Account Access Guidelines, the Reserve Bank reviewing the access request should integrate to the extent possible the assessments of the requesting institution by its state and/or federal supervisors into the Reserve Bank's own independent assessment of the institution's risk profile.

The Board intended for the Original Proposal to support consistency in evaluating account access requests across Reserve Banks, while maintaining the discretion granted to the Reserve Banks under the Federal Reserve Act to grant or deny access requests. The Board noted in the Original Proposal that a consistent framework across Reserve Banks would reduce the potential that one Reserve Bank might be considered to be more likely to grant access requests than another Reserve Bank and would mitigate the risk that an individual access request decision by one Reserve Bank could create de facto Federal Reserve System policy regarding access requests for a particular business model or risk profile.

The Original Proposal was based on a foundation of risk management and mitigation. In developing the Original Proposal, the Board considered the risks that may arise when an institution gains access to accounts and services. These risks include, among others, risks to the Reserve Banks, to the payment system, to the financial system, and to the effective implementation of monetary policy. The Original Proposal would prompt the Reserve Bank to evaluate an eligible institution's risk profile and identify risk-mitigation strategies adopted by the eligible institution (including capital, risk management frameworks, compliance with regulations, and supervision) as well as potential risk mitigants that could be implemented by the Reserve Bank (including account agreement provisions, restrictions on financial services accessed, and account risk controls).

In the Original Proposal, the Board expressed the Federal Reserve's broad policy goals in providing accounts and services. In addition, the Board stated that, while the Proposed Guidelines would be intended primarily to apply to new access requests, Reserve Banks would also apply them to existing account and services relationships where appropriate, such as when a Reserve Bank becomes aware of a significant increase in the risks that an account holder presents due to changes in the nature of, for example, its principal business activities or condition.

The Board requested comment on all aspects of the Original Proposal, including whether the scope and application of the Proposed Guidelines was sufficiently clear and appropriate to achieve their intended purpose. The Board also requested comment on whether other criteria or information might be relevant when Reserve Banks evaluate access requests. The Board further sought comment specifically on the following aspects of the Original Proposal:

1. Do the Proposed Guidelines address all the risks that would be relevant to the Federal Reserve's policy goals?

2. Does the level of specificity in each principle provide sufficient clarity and transparency about how the Reserve Banks will evaluate requests?

3. Do the Proposed Guidelines support responsible financial innovation?

Finally, the Board sought comment on whether the Board or the Reserve Banks should consider other steps or actions to facilitate the review of access requests in a consistent and equitable manner.

B. Summary of March 2022 Supplemental Notice

On March 1, 2022, the Board published a second notice (the Supplemental Notice),^[5] which proposed to incorporate into the Account Access Guidelines a tiered review framework to provide additional clarity on the level of due diligence and scrutiny that Reserve Banks would apply to different types of institutions when applying the six risk-based principles.

In the Original Proposal, the introductory text to the Account Access Guidelines noted that the application of the Guidelines to requests by federally-insured institutions should be fairly straightforward, while requests from non-federally-insured institutions may necessitate more extensive due diligence. The Supplemental Notice proposed a three-tiered review framework—which would become Section 2 of the Account Access Guidelines—to provide additional clarity regarding the minimum level of review for different types of institutions.

Under the Supplemental Notice, proposed Tier 1 would consist of eligible institutions that are federally-insured. These institutions are already subject to a homogeneous and comprehensive set of federal banking regulations, and, in most cases, detailed regulatory and financial information about these firms would be readily available to Reserve Banks. Accordingly, the Supplemental Notice stated that access requests by Tier 1 institutions would generally be subject to a less intensive and more streamlined review.^[6]

In the Supplemental Notice, proposed Tier 2 would consist of eligible institutions that are not federally-insured but that are subject to federal prudential supervision at the institution and, if applicable, at the holding company level.^[7] The Supplemental Notice explained that Tier 2 institutions are subject to similar but not identical regulations as federally-insured institutions, and as a result, may present greater risks than Tier 1 institutions. Additionally, detailed regulatory and financial information regarding Tier 2 institutions is less likely to be available and may not be available in public form. Accordingly, the Supplemental Notice stated that access requests by Tier 2 institutions would generally receive an intermediate level of review.

In the Supplemental Notice, proposed Tier 3 would consist of eligible Start Printed Page 51101 institutions that are not federally insured and not subject to prudential supervision by a federal banking agency at the institution or holding company level. The Supplemental Notice stated that Tier 3 institutions may be subject to a supervisory or regulatory framework that is substantially different from, and possibly weaker than, the supervisory and regulatory framework that applies to federally-insured institutions, and as a result may pose the highest level of risk. Detailed regulatory and financial information regarding Tier 3 institutions may not exist or may be unavailable. Accordingly, the Supplemental Notice stated that access requests by Tier 3 institutions would generally receive the strictest level of review.

The Board sought comment on all aspects of the proposed three-tiered review framework.

II. Discussion

The Board is adopting final Account Access Guidelines. Section 1 of the final Account Access Guidelines is substantially the same as the Original Proposal with minor changes to improve clarity in response to comments received. As described further below, the Board has made certain changes in Section 2 of the final Account Access Guidelines to provide more comparable treatment between non-federally-insured institutions chartered under state and federal law. Specifically, the Board has revised Tier 2 to include a narrower set of non-federally-insured national banks than the definition proposed in the Supplemental Notice.^[8] Under the revised Tier 2, non-federally-insured institutions that are chartered under federal law will only be considered in Tier 2 if the institution has a holding company that is subject to Federal Reserve oversight. In addition, the Board is updating the Section 2 tiering framework to emphasize that the review of institutions' requests will be completed on a case-by-case, risk-focused basis within each of the three tiers.^[9] For example, Reserve Banks may take comparatively longer to review access requests by institutions that engage in novel activities for which authorities are still developing appropriate supervisory and regulatory frameworks.

By adopting the final Account Access Guidelines, the Board would establish a transparent and equitable framework for Reserve Banks to apply consistently to access requests. To promote consistency, the Reserve Banks are working together, in consultation with the Board, to expeditiously develop an implementation plan for the final Guidelines.

A. Comments on the Original Proposal

The Board received 46 individual comment letters and 281 duplicate form letters in response to the Original Proposal. Nearly all of the comment letters expressed general support for the Proposed Guidelines, and most letters also made recommendations for improvements. Commenters represented several types of institutions, including (1) institutions with traditional charters, such as banks and credit unions, and their trade associations; (2) institutions with novel charters, such as cryptocurrency custody banks, and their trade associations; and (3) think tanks and non-profit advocacy groups. The views expressed by the first category of commenters often conflicted with the views expressed by the second category of commenters. The duplicate form letters included recommendations that mirrored those submitted by trade associations for institutions with traditional charters, which opposed greater account access for institutions with novel charters.

Many commenters provided general comments on the Original Proposal that addressed one or more of three high-level themes: (1) policy requirements to gain access to accounts and services; (2) implementation of the Proposed Guidelines; and (3) legal eligibility for Reserve Bank accounts. Some commenters made recommendations related to the Proposed Guidelines that did not fit into these themes and are also described below. Lastly, some commenters provided responses to the specific questions posed in the Original Proposal as well as comments on specific principles in the Proposed Guidelines.

1. Policy Requirements To Gain Access to Accounts and Services

Most commenters, while supporting the Proposed Guidelines, provided recommendations for improvements to the Guidelines that, in their view, would assist the Board in achieving its stated policy goals. These recommendations to amend the Proposed Guidelines were often conflicting.

Many commenters made recommendations that would, in their view, provide an easier path for institutions, particularly those with novel charters, to successfully gain access to accounts and services. Some of these commenters recommended that the Board provide more specific requirements for access requests, so that requesting institutions, chartering authorities, and other banking regulators would have more clarity on what is required for obtaining access to accounts and services. Other commenters stated that the Proposed Guidelines may be ineffective if they are implemented in a way that subjects institutions with novel charters to restrictions that resemble regulatory requirements that do not fit their business models. While some commenters generally stated that requirements for access to accounts and services should accommodate institutions that have different levels of regulatory oversight, others suggested that the Board establish charter-specific requirements for account access. Some commenters expressed concern about the statement in the Original Proposal that “access requests from non-federally-insured institutions may require more extensive due diligence,” suggesting that this position would stifle innovation to the extent that it would impose stricter requirements on state-chartered institutions without federal deposit insurance. Finally, some commenters recommended that the Board could mitigate the risks posed by institutions with certain novel banking charters by allowing such institutions to maintain limited-access accounts that would provide a subset of services offered by Reserve Banks.

Many commenters, on the other hand, recommended that the Proposed Guidelines should provide a more challenging path for institutions with novel charters to gain access to accounts and services. Many of these commenters argued that the Proposed Guidelines should subject non-federally-insured institutions to the same types of requirements as apply to federally-insured depository institutions, regardless of the institution's business model. These commenters generally argued that institutions with novel charters are not subject to the same strict and costly regulations or to the same rigorous reviews as apply to traditional institutions, providing such institutions with unfair advantages over institutions with traditional charters. Start Printed Page 51102 Some commenters recommended that the Proposed Guidelines include more granular and strict standards, such as explicit capital and liquidity requirements. Others recommended additional requirements for account access, such as compliance with the Community Reinvestment Act and consumer protection laws, or that Reserve Banks consider the risks from an institution's affiliate relationships and subject an institution's holding company to the Bank Holding Company Act. Still other commenters suggested that the Proposed Guidelines should require all accountholders that do not file call reports to publicly provide periodic audited financial reports so that payment system participants are better able to assess counterparty risk.

Board Response

The Board believes that the final Account Access Guidelines provide a framework that will effectively support responsible innovation and prudent risk management. The Account Access Guidelines establish a consistent, comprehensive, and transparent framework for Reserve Banks to analyze access requests on a case-by-case, risk-focused basis reflecting the institution's full risk profile (including its business model, size, complexity, and regulatory framework) and to mitigate, to the extent possible, the risks identified. Furthermore, as noted in the Original Proposal, each requesting institution's risk management and governance infrastructure is expected both to meet existing regulatory and supervisory requirements and to be sufficiently tailored to the institution's business, in the Reserve Bank's assessment, to mitigate the risks identified by the Account Access Guidelines.

As noted in the final Account Access Guidelines, a Reserve Bank may implement risk mitigants including imposing conditions or restrictions on an institution's access to accounts and services if necessary to mitigate risks set forth in the Account Access Guidelines. Reserve Banks also retain the discretion to deny a request for access to accounts and services where, in the Reserve Bank's assessment, granting access to the institution would pose risks that cannot be sufficiently mitigated.

2. Implementation of the Account Access Guidelines

Many commenters provided recommendations related to how the Proposed Guidelines will be implemented and how to promote consistency in their application by Reserve Banks. Some of these commenters asked the Board to specify the mechanism(s) by which such consistency would be achieved. Other commenters went further, suggesting that the Board should give consent and non-objection to Reserve Bank access-request determinations, or that the Board should form a centralized ( i.e., Board-led) evaluation committee to consider access requests. Further, several commenters suggested various avenues for increased communication from Reserve Banks about their decisions to grant or deny account requests, including publishing decisions on access requests (including any supporting analysis), maintaining an up-to-date list of all institutions that have been granted access, and formally communicating with state regulators about how the Federal Reserve views particular state charters. In addition, many commenters recommended that the Board establish timelines within which Reserve Banks must grant or deny access requests, arguing that such timeliness would provide greater transparency and give requesting institutions more clarity on the resources and time needed for the evaluation process. One commenter further argued that expectations of a lengthy review process could discourage institutions with novel charters from requesting accounts and thus discourage innovation.

Commenters expressed differing opinions on whether a Reserve Bank should conduct an independent assessment of a requestor's risk profile. Some commenters suggested that a Reserve Bank's assessment of a requestor's risk profile should defer to the primary regulator's assessment of the risks posed by the institution, while others said the Board should ensure that a Reserve Bank conduct an independent risk assessment separate from that of the institution's primary regulator. Additionally, a few commenters suggested that the Board remove language from the Proposed Guidelines that recognizes the authority granted to Reserve Banks under the Federal Reserve Act to exercise discretion in granting or denying requests for accounts and services.

Many commenters argued that the Proposed Guidelines should require ongoing review of non-federally-insured institutions, so as to appropriately monitor the risks that such institutions, and especially those with novel charters, could pose after obtaining access to accounts and services. Some commenters singled out cyber risk as a specific area for ongoing review.

Board Response

In the final Account Access Guidelines, the Board's primary goal is to establish a transparent and consistent framework for all access requests across Reserve Banks from both risk and policy perspectives. To emphasize this goal, the Board has incorporated in the introduction to the final Account Access Guidelines the expectation that Reserve Banks engage in consultation with the other Reserve Banks and the Board, as appropriate, to support consistent implementation of the Account Access Guidelines. In further support of this goal and as explained further below, the Board has adopted a new Section 2 of the Account Access Guidelines establishing a tiered review framework that provides additional guidance on the level of due diligence and scrutiny to be applied to access requests. Additionally, as noted previously, the Reserve Banks are working together, in consultation with the Board, to expeditiously develop an implementation plan for the final Guidelines.

Regarding comments to disclose information on particular requests, the Board notes that when evaluating access requests, Reserve Banks communicate directly with the requestor and, in some cases, with the institution's primary regulator, including by requesting additional information, clarifying the status of the request, and communicating any controls or limitations that might be placed on the account and services. However, the identity of institutions that maintain accounts at Reserve Banks, or that request access to accounts and services, is considered confidential business information and, as such, public disclosure of account status by the Reserve Banks would not be appropriate.^[10]

The Board has also considered whether the final Account Access Guidelines should include a timeline for completing reviews of access requests by Reserve Banks. The Board believes that the nature of relevant variables in access requests—including the variety of charter types, business models, regulatory regimes, and risk profiles—precludes specification of a single timeline. The Reserve Banks face challenges in balancing the desire by requestors for a specific timeline with Reserve Banks' need to perform thorough reviews of requestors with novel, complex, or high-risk business plans, along with requestors that are subject to novel regulatory regimes. Start Printed Page 51103 Setting a specific timeline could result in an increased number of premature or unnecessary denials of access requests in cases where the specified timeline does not allow the Reserve Banks sufficient time to understand the intricacies of the requesting institutions' risk profiles. Accordingly, the Board has not adopted a timeline expectation in the final Account Access Guidelines, but the Board has added language to emphasize the Board's expectations for Reserve Banks to coordinate in focusing on both timeliness and consistency in evaluating access requests.

The Board believes it is important that Reserve Banks evaluate both the potential risks posed by an eligible institution's access request and the potential actions to mitigate such risks. The final Account Access Guidelines emphasize that a Reserve Bank should integrate, to the extent possible, the assessments of an institution by state and/or federal supervisors into the Reserve Bank's independent assessment of the institution's risk profile. This integration will ensure that Reserve Banks use all relevant data in pursuing the goal of prudent risk management. The Board has also added language in the final Account Access Guidelines that clarifies the respective roles of the Board (Reserve Bank oversight) and the Reserve Banks (discretion in decision making) with respect to evaluating access requests.

With regard to the recommendation for ongoing review of the risks posed by non-federally-insured institutions' access to accounts and services once an access request has been granted, the Board notes that the introduction to the Account Access Guidelines includes language discussing existing condition monitoring practices. The Board believes that the Reserve Banks' existing risk-management practices sufficiently address the risks identified by these comments without the need for an explicit expectation in the Account Access Guidelines for ongoing review of non-federally-insured institutions.

3. Legal Eligibility

Some commenters requested that the Guidelines more specifically address legal eligibility for access to accounts and services. Others presented arguments about what entities are, or should be, legally eligible for access to accounts and services. Other commenters suggested that the Board should issue a moratorium on granting access requests made by institutions with novel charters until the Board clarifies legal eligibility, that the Board should publish a list of charter types already deemed to be legally eligible, or that the Board should study account access decisions by other central banks. One commenter argued that the Board should interpret the definition of a “depository institution” eligible for access to accounts and services as broadly as possible to support expanded access to accounts and services, which the commenter argued would support financial innovation.

Several commenters recommended that the Board should ensure that its interpretation of legal eligibility supports responsible financial innovation as stated as a policy goal of the Board. Some of these commenters recommended that the Board review legal eligibility broadly to support innovation and expand eligibility. One commenter recommended that the Board decouple legal eligibility for a Reserve Bank account from eligibility for direct access to Federal Reserve financial services. The commenter argued that decoupling direct access to services from eligibility for accounts would have benefits for consumers and pointed to other countries which have taken such action.

Board Response

As the Board noted in the Original Proposal, it has been considering whether it may be useful to clarify the interpretation of legal eligibility under the Federal Reserve Act for access to accounts and services. After a careful analysis of this issue, the Board has determined it is not necessary to do so at this time. The Account Access Guidelines do not establish a legal eligibility standard, but the first principle clearly states that institutions must be eligible under the Federal Reserve Act or other federal statute to maintain an account at a Reserve Bank. The Board believes this provides sufficient clarity on what entities may legally request access to account and services, and the Reserve Banks will continue to assess an institution's legal eligibility under Principle 1 on a case-by-case basis to ensure that only entities that are legally eligible may request to obtain such access.^[11]

The Board notes that the purpose of the Account Access Guidelines is to ensure that Reserve Banks evaluate a transparent and consistent set of risk-focused factors when reviewing account requests. The Board is not expanding (or limiting) the types of institutions that legally may request access to Reserve Bank accounts and services.

4. Additional Comments

A. Comments Supporting a Ban on Novel Charter Account Access

Some commenters suggested that novel charters mix commercial and financial activities and provide a “back door entry” into banking for commercial entities. These commenters recommended that the Federal Reserve not grant access requests from institutions with novel charters.

Board Response

The Board does not believe that it is appropriate to categorically exclude all novel charters from access to accounts and services. The Account Access Guidelines as adopted are intended to be applied by Reserve Banks to access requests from eligible institutions with both novel and more traditional charters. The Board believes that the final Account Access Guidelines will provide a robust framework for analyzing and mitigating risks.

B. Comments Opposing the Proposed Guidelines

While most commenters supported the Original Proposal, three commenters opposed the Proposed Guidelines entirely. One of these commenters argued the Guidelines created opacity in the master account process, not clarity. Two other commenters opposed the Proposal because, in their view, the Proposed Guidelines would expand access to accounts and services to institutions with novel business models that pose high levels of risk to the payments and banking system.^[12]

Board Response

The Board believes that the final Account Access Guidelines provide greater transparency and clarity than currently exist on the factors that Reserve Banks should consider in evaluating access requests. The Board also believes that the final Account Access Guidelines strike an appropriate balance between providing transparency and allowing for implementation of the Guidelines across a variety of potential institutions that may request accounts ( e.g., institutions with differing charter types, business models, or regulatory regimes). The Board believes that the final Account Access Guidelines create a structured and sufficiently transparent framework that will help to foster a Start Printed Page 51104 consistent evaluation of access requests across all twelve Reserve Banks and will benefit the financial system broadly.

In response to the comments related to expansion of eligibility, the Board emphasizes that, as noted previously, the Account Access Guidelines do not establish legal eligibility standards but instead establish a risk-focused framework for evaluating access requests from legally eligible institutions under federal law.

C. Comments on Individual Principles

The Board received some comments on individual principles in the Original Proposal. Several commenters, while on net supportive of Principle 4 (Financial Stability) and Principle 6 (Monetary Policy Implementation), suggested some refinements, including a specification that most “traditional” institutions, due to their business model and size, would not create risks to financial stability and/or monetary policy implementation. Other commenters interpreted Principle 6 to suggest that Reserve Banks, rather than the Board, have the authority to establish the rate of interest on reserve balances (IORB). A few commenters expressed concern that these principles would be challenging to assess. Within this group, one commenter opined that the Board should adapt its monetary policy practices to the economic reality created by a competitive market rather than embed a monetary policy principle in the Guidelines. Finally, many commenters commended the Board for addressing these topics in the Guidelines; some of these commenters asked the Board to expand its discussion of the potential negative effects that granting account access to institutions with novel charters could have on financial stability and monetary policy implementation.

Board Response

The Board recognizes the concerns raised by commenters that the principles focused on financial stability and monetary policy implementation deal with complex topics requiring levels of analysis and precision that may be challenging to address. For instance, it will be difficult to forecast how granting account access to a requesting institution would affect the level and variability of the demand for and supply of reserves balances—which is important to monetary policy implementation. However, the Federal Reserve is able to estimate the potential risk posed by a requestor (such as the risk that an institution might have large, unpredictable swings in its account balance) and whether existing tools can adequately mitigate those risks. The Board also recognizes that some smaller institutions with traditional charters would likely not create risks to financial stability or monetary policy implementation. Nevertheless, the Board has determined that both the financial stability principle and the monetary policy principle should remain in the final Account Access Guidelines, because they provide full transparency to the public on the types of factors Reserve Banks should consider in evaluating access requests. In addition, the Board has amended a footnote in the Account Access Guidelines to delete the language that a few commenters interpreted to suggest that Reserve Banks have the authority to establish the IORB rate.

D. Comments on Specific Questions

As noted previously, the Original Proposal posed three specific questions and an additional open-ended question to the public.

a. Question 1

The Board asked whether the principles in the Proposed Guidelines address all the risks that would be relevant to the Federal Reserve's policy goals. Commenters generally agreed that the risks identified in the Proposed Guidelines are relevant for the Reserve Banks to consider when evaluating access requests. Many commenters raised concerns, however, regarding the ability of Reserve Banks to mitigate these risks in the case of institutions with novel charters that are not subject to regulatory and supervisory oversight that is similar to that applied to federally-insured institutions. Some commenters suggested that the Proposed Guidelines should put greater emphasis on consumer protection, particularly consumer privacy, and on cybersecurity risks.

Board Response

The Board notes that cybersecurity risk is included in Principle 2 (Risk to the Reserve Bank) and Principle 3 (Risk to the Payment System) of the final Account Access Guidelines as a factor that Reserve Banks should consider in their review of account requests. The Board also notes that, while the Account Access Guidelines do not specify consumer protection as an account-related risk, Principle 1 (Legal Eligibility) provides that Reserve Banks should assess the extent to which an institution's activities and services comply with applicable laws and regulations, including those that address consumer protection. Lastly, Section 2 of the final Account Access Guidelines (discussed further below) provides additional guidance on the level of due diligence expected by Reserve Banks for requests from institutions that are not subject to regulatory and supervisory oversight similar to that applied to federally-insured institutions.

b. Question 2

The Board asked whether the level of specificity in each principle provides sufficient clarity and transparency about how the Reserve Banks will evaluate requests. Many commenters addressing Question 2 recommended that the Board add more detail to the Proposed Guidelines to increase the level of clarity and transparency.

Board Response

The Board's response to these comments is described in Section II.A.

c. Question 3

The Board asked whether the principles support responsible financial innovation. Several commenters stated that the Proposed Guidelines achieve a balance between supporting responsible financial innovation and managing the identified risks by allowing for flexibility to accommodate different business models. Other commenters expressed concern, however, that the implementation of the Proposed Guidelines could stifle innovation if institutions were forced to comply with rules and regulations that do not make sense for their business model, size, or complexity.

Board Response

The Board believes the final Account Access Guidelines support risk-focused, case-by-case review by Reserve Banks of access requests. As such, the Board believes the Account Access Guidelines support responsible innovation by balancing the provision of accounts and services to a wide range of institutions on the one hand and managing risks related to such access on the other. This is discussed in more detail in Section II.A.

d. Question 4

The Board also requested comment on whether the Board or the Reserve Banks should consider other steps or actions to facilitate the review of access requests in a consistent and equitable manner. As noted previously, commenters provided a wide range of comments that recommended potential improvements to the Account Access Guidelines to enhance their effectiveness.

Board Response

The Board addressed these comments in Section II.A-C. Start Printed Page 51105

E. Technical Changes

Principle 5 in the Account Access Guidelines addresses the risks to the overall economy. While the Board did not receive specific comments on Principle 5, it has made minor technical changes to the language to ensure the clarity and accuracy of the discussions of institutions' Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) requirements and compliance programs. The Board has also made other minor technical edits to enhance the clarity of the Guidelines ( e.g., replacing the term “factors” with “principles” for consistency and clarifying the risk-free nature of Reserve Bank balances).

B. Comments on the Supplemental Notice

The Board received 24 comment letters on the Supplemental Notice. While most commenters generally expressed support for the proposed tiering framework, four commenters objected to the manner in which the proposed tiering framework would treat certain state-chartered institutions. A different group of commenters supported the tiering framework and called for heightened scrutiny of non-federally-insured depository institutions that request Reserve Bank accounts. Many commenters reiterated the comments that they previously submitted on the Original Proposal.^[13] In particular, a number of commenters recommended that non-federally-insured institutions, particularly those in Tier 3, not be granted access to Reserve Bank accounts and services. Additionally, one commenter, who supported the tiering framework generally, objected to Reserve Banks subjecting institutions with existing accounts to what the commenter termed “new standards” once the Board's Proposed Guidelines are made final.

1. Treatment of State-Chartered Institutions

Four commenters objected to the manner in which the proposed tiering framework would treat certain state-chartered institutions. These commenters principally argued that the proposed tiering framework would (1) result in disparate treatment of non-federally-insured institutions with state charters as compared to those with federal charters; (2) undermine the dual banking system; and (3) ignore the strong prudential regulation that some states have in place for non-federally-insured institutions.

Broadly, this group of commenters focused their concerns on the placement of depository institutions in proposed Tier 2 and Tier 3 while noting that they viewed Tier 1 as proposed as equitable and non-problematic. In particular, these commenters expressed concerns that non-federally-insured national trust banks (NTBs) chartered by the Office of the Comptroller of the Currency (OCC) would receive preferential treatment under the proposed guidelines and asserted that many state-chartered trusts are subject to robust prudential regulations. They further argued that the tiering framework erroneously implies that NTBs are subject to a similar set of regulations as federally-insured institutions. Two of the commenters further stated that their respective state-chartered trust banks are subject to robust regulation and supervision and suggested that these institutions should be subject to a less strict level of review than the Board proposed.

Relatedly, these commenters argued that the proposed tiering framework would introduce a bias in favor of federally-chartered institutions compared to state-chartered institutions. They argued that the tiering framework as proposed would result in an uneven playing field that would undermine the dual banking system. One of the commenters recommended that the Board revise the Proposed Guidelines to ensure that access to Reserve Bank accounts and services be afforded to eligible institutions on an equitable and impartial basis, regardless of whether they are state-chartered or federally-chartered.

Lastly, these commenters objected to language in proposed Tier 3 that might imply that state banking authorities' supervision is weaker than that of federal banking authorities. These commenters point to the robust regulatory standards and close supervision that states have had in place for many years for non-federally-insured institutions. One of the commenters also noted that state regulators work closely with their Reserve Bank on the supervision of state member banks.

One of the commenters recommended that the Account Access Guidelines should not have a tiering framework but, alternatively, that Reserve Banks should review access requests by applying an activity and risk lens to access requests. A different commenter recommended that the tiering framework should focus on an institution's past performance as a key criterion for determining whether it is included in Tier 2 or Tier 3.

Other commenters on the Supplemental Notice supported the tiering framework as proposed, noting that it provides additional transparency and clarity on the level of review an access request would receive based on key characteristics. One commenter noted that the tiering framework would help an institution requesting access understand Reserve Bank expectations and take steps to demonstrate that appropriate risk management policies and safeguards are in place.

Board Response

The Board has reviewed the comments provided and revised its approach to Tiers 2 and 3 in the final Account Access Guidelines. Specifically, the Board has made certain changes in Section 2 of the final Account Access Guidelines to provide more comparable treatment between non-federally-insured institutions chartered under state and federal law. As discussed above, the Board has modified Tier 2 to include a narrower set of non-federally-insured national banks than proposed in the Supplemental Notice. Under the revised Tier 2, a non-federally-insured institution chartered under federal law will be considered in Tier 2 only if the institution has a holding company that is subject to Federal Reserve oversight. In addition, a non-federally-insured institution chartered under state law will (as proposed in the Supplemental Notice) be considered in Tier 2 if (i) the institution is subject (by statute) to prudential supervision by a federal banking agency, and (ii) to the extent the institution has a holding company, that holding company is subject to Federal Reserve oversight (by statute or commitments).^[14]

The Board believes it is appropriate to subject non-federally-insured institutions that the Federal Reserve supervises to an intermediate level of review under Tier 2, as the Reserve Banks already have supervisory information about, as well as regulatory authority over, such institutions and understands their risk profiles. Tier 3 will contain all other non-federally-insured institutions.

In addition, the Board has made minor updates to the proposed tiering framework to emphasize that the review Start Printed Page 51106 of institutions' requests would be completed on a case-by-case, risk-focused basis within the three tiers, meaning that, within each tier, institutions with high-risk business models should be subject to more intensive review than those with lower-risk business models.

Lastly, in response to concerns raised by some comments that the language in the description of Tier 3 implies that supervision conducted by state banking authorities is broadly weaker than federal supervision, the Board has removed references to “supervisory” differences in the description of Tier 3.

2. Non-Federally-Insured Institutions

Several commenters expressed views that non-federally-insured institutions as a class pose an unacceptable level of risk to the payment system and financial markets. While some of these commenters directed their comments towards institutions in both Tiers 2 and 3, some focused solely on institutions in Tier 3. These commenters expressed a view that these institutions are not subject to sufficient regulation and as a result the Reserve Banks should not provide access to Tier 3 institutions or to non-federally-insured institutions more broadly.

Board Response

The Board does not believe that it is appropriate to categorically exclude all Tier 3 or non-federally-insured institutions from access to accounts and services. The Board believes that Tier 2 and 3 institutions represent a wide range of risk profiles (based on business model, size, complexity, regulatory framework, and other factors), and therefore a single response to account requests from this heterogenous group would not be appropriate. The Account Access Guidelines as adopted are intended to be applied by Reserve Banks to access requests from eligible institutions and the Board believes that the final Account Access Guidelines will provide a robust framework for analyzing and mitigating risks.

3. New standards

One commenter objected to Reserve Banks subjecting institutions with existing accounts to what the commenter termed “new standards” once the Board's Proposed Guidelines are made final.

Board Response

The Board has developed the Proposed Guidelines, in part, to increase the level of transparency and consistency of the process used by Reserve Banks to evaluate institutions' access to Reserve Bank accounts and services. As noted above, the Proposed Guidelines are informed by and incorporate, where possible, existing Reserve Bank risk-management practices. As a result, the Board views the final Account Access Guidelines as an evolution of existing practices rather than the creation of “new standards.” Additionally, the Board believes that in order for the Proposed Guidelines to be an effective risk-mitigation tool they should be applied broadly including to existing accounts. This view is supported by public comments on the Original Proposal discussed above. The Board expects that any Reserve Bank reevaluation of the risk of an institution's existing account will include discussions with the institution and its regulators.

III. Conclusion

For the reasons set forth above, the Board is adopting final Account Access Guidelines.

[This item will not publish in the Code of Federal Regulations]

IV. Account Access Guidelines

Guidelines Covering Access to Accounts and Services at Federal Reserve Banks (Account Access Guidelines)

Section 1: Principles

The Board of Governors of the Federal Reserve System (Board) has adopted account access guidelines comprised of six principles to be used by Federal Reserve Banks (Reserve Banks) in evaluating requests for master accounts and access to Reserve Bank financial services (access requests).^[1,2] The Board has issued these account access guidelines under its general supervision authority over the operations of the Reserve Banks, 12 U.S.C. 248(j). Decisions on individual requests for access to accounts and services are made by the Reserve Bank in whose District the requestor is located.

The Account Access Guidelines apply to requests from all institutions that are legally eligible to receive an account or services, as discussed in more detail in the first principle.^[3] The Board expects the Reserve Banks to engage in consultation with each other and the Board, as appropriate, on reviews of account and service requests, as well as ongoing monitoring of accountholders, to ensure that the guidelines are implemented in a consistent and timely manner. The Board believes it is important to make clear that legal eligibility does not bestow a right to obtain an account and services. While decisions regarding individual access requests remain at the discretion of the individual Reserve Banks, the Board believes it is important that the Reserve Banks apply a consistent set of guidelines when reviewing such access requests to promote consistency across Reserve Banks and to facilitate equitable treatment across institutions.

These Account Access Guidelines also serve to inform requestors of the factors that a Reserve Bank will review in any access request and thereby allow a requestor to make any enhancements to its risk management, documentation, or other practices to attempt to demonstrate how it meets each of the principles.

These guidelines broadly outline considerations for evaluating access requests but are not intended to provide assurance that any specific institution will be granted an account and services. The individual Reserve Bank will evaluate each access request on a case-by-case basis. When applying these account access guidelines, the Reserve Bank should factor, to the extent possible, the assessments of an institution by state and/or federal supervisors into its independent analysis of the institution's risk profile. The evaluation of an institution's access request should also consider whether the request has the potential to set a precedent that could affect the Federal Reserve's ability to achieve its policy goals now or in the future.

If the Reserve Bank decides to grant an access request, it may impose (at the time of account opening, granting access to service, or any time thereafter) obligations relating to, or conditions or limitations on, use of the account or services as necessary to limit operational, credit, legal, or other risks posed to the Reserve Banks, the payment system, financial stability or the implementation of monetary policy Start Printed Page 51107 or to address other considerations.^[4] The account-holding Reserve Bank may, at its discretion, decide to place additional risk management controls on the account and services, such as real-time monitoring of account balances, as it may deem necessary to mitigate risks. If the obligations, limitations, or controls are ineffective in mitigating the risks identified or if the obligations, limitations, or controls are breached, the account-holding Reserve Bank may further restrict the institution's use of accounts and services or may close the account. Establishment of an account and provision of services by a Reserve Bank under these guidelines is not an endorsement or approval by the Federal Reserve of the institution. Nothing in the Board's guidelines relieves any institution from compliance with obligations imposed by the institution's supervisors and regulators.

Accordingly, Reserve Banks should evaluate how each institution requesting access to an account and services will meet the following principles.^[5] Each principle identifies factors that Reserve Banks should consider when evaluating an institution against the specific risk targeted by the principle (several factors are pertinent to more than one principle).

The identified factors are commonly used in the regulation and supervision of federally-insured institutions. As a result, the Board anticipates the application of the account access guidelines to access requests by federally-insured institutions will be fairly straightforward in most cases which is consistent with Section 2 of these Guidelines. However, Reserve Bank assessments of access requests from non-federally-insured institutions may require more extensive due diligence. Reserve Banks monitor and analyze the condition of institutions with access to accounts and services on an ongoing basis. Reserve Banks should use the guidelines to re-evaluate the risks posed by an institution in cases where its condition monitoring and analysis indicate potential changes in the risk profile of an institution, including a significant change to the institution's business model.

1. Each institution requesting an account or services must be eligible under the Federal Reserve Act or other federal statute to maintain an account at a Federal Reserve Bank (Reserve Bank) and receive Federal Reserve services and should have a well-founded, clear, transparent, and enforceable legal basis for its operations.^[6]

a. Unless otherwise specified by federal statute, only those entities that are member banks or meet the definition of a depository institution under section 19(b) of the Federal Reserve Act are legally eligible to obtain Federal Reserve accounts and financial services.^[7]

b. The Reserve Bank should assess the consistency of the institution's activities and services with applicable laws and regulations, such as Article 4A of the Uniform Commercial Code and the Electronic Fund Transfer Act (15 U.S.C. 1693 et seq). The Reserve Bank should also consider whether the design of the institution's services would impede compliance by the institution's customers with U.S. sanctions programs, Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements or regulations, or consumer protection laws and regulations.

2. Provision of an account and services to an institution should not present or create undue credit, operational, settlement, cyber or other risks to the Reserve Bank.

a. The Reserve Bank should incorporate, to the extent possible, the assessments of an institution by state and/or federal supervisors into its independent assessment of the institution's risk profile.

b. The Reserve Bank should confirm that the institution has an effective risk management framework and governance arrangements to ensure that the institution operates in a safe and sound manner, during both normal conditions and periods of idiosyncratic and market stress.

i. For these purposes, effective risk management includes having a robust framework, including policies, procedures, systems, and qualified staff, to manage applicable risks. The framework should at a minimum identify, measure, and control the particular risks posed by the institution's business lines, products and services. The effectiveness of the framework should be further supported by internal testing and internal audit reviews.

ii. The framework should be subject to oversight by a board of directors (or similar body) as well as oversight by state and/or federal banking supervisor(s).

iii. The framework should clearly identify all risks that may arise related to the institution's business ( e.g., legal, credit, liquidity, operational, custody, investment) as well as objectives regarding the risk tolerances for the management of such risks.

c. The Reserve Bank should confirm that the institution is in substantial compliance with its supervisory agency's regulatory and supervisory requirements.

d. The institution must, in the Reserve Bank's judgment:

i. Demonstrate an ability to comply, were it to obtain a master account, with Board orders and policies, Reserve Bank agreements and operating circulars, and other applicable Federal Reserve requirements.

ii. Be in sound financial condition, including maintaining adequate capital to continue as a going concern and to meet its current and projected operating expenses under a range of scenarios.

iii. Demonstrate the ability, on an ongoing basis (including during periods of idiosyncratic or market stress), to meet all of its obligations in order to remain a going concern and comply with its agreement for a Reserve Bank account and services, including by maintaining:

A. Sufficient liquid resources to meet its obligations to the Reserve Bank under applicable agreements, operating circulars, and Board policies;

B. The operational capacity to ensure that such liquid resources are available to satisfy all such obligations to the Reserve Bank on a timely basis; and

C. Settlement processes designed to appropriately monitor balances in its Reserve Bank account on an intraday basis, to process transactions through its account in an orderly manner and maintain/achieve a positive account balance before the end of the business day. Start Printed Page 51108

iv. Have in place an operational risk framework designed to ensure operational resiliency against events associated with processes, people, and systems that may impair the institution's use and settlement of Reserve Bank services. This framework should consider internal and external factors, including operational risks inherent in the institution's business model, risks that might arise in connection with its use of any Reserve Bank account and services, and cyber-related risks. At a minimum, the operational risk framework should:

A. Identify the range of operational risks presented by the institution's business model ( e.g., cyber vulnerability, operational failure, resiliency of service providers), and establish sound operational risk management objectives to address such risks;

B. Establish sound governance arrangements, rules, and procedures to oversee and implement the operational risk management framework;

C. Establish clear and appropriate rules and procedures to carry out the risk management objectives;

D. Employ the resources necessary to achieve its risk management objectives and implement effectively its rules and procedures, including, but not limited to, sound processes for physical and information security, internal controls, compliance, program management, incident management, business continuity, audit, and well-qualified personnel; and

E. Support compliance with the electronic access requirements, including security measures, outlined in the Reserve Banks' Operating Circular 5 and its supporting documentation.

3. Provision of an account and services to an institution should not present or create undue credit, liquidity, operational, settlement, cyber or other risks to the overall payment system.

a. The Reserve Bank should incorporate, to the extent possible, the assessments of an institution by state and/or federal supervisors into its independent assessment of the institution's risk profile.

b. The Reserve Bank should confirm that the institution has an effective risk management framework and governance arrangements to limit the impact that idiosyncratic stress, disruptions, outages, cyber incidents, or other incidents at the institution might have on other institutions and the payment system broadly. The framework should include:

i. Clearly defined operational reliability objectives and policies and procedures in place to achieve those objectives.

ii. A business continuity plan that addresses events that have the potential to disrupt operations and a resiliency objective to ensure the institution can resume services in a reasonable timeframe.

iii. Policies and procedures for identifying risks that external parties may pose to sound operations, including interdependencies with affiliates, service providers, and others.

c. The Reserve Bank should identify actual and potential interactions between the institution's use of a Reserve Bank account and services and (other parts of) the payment system.

i. The extent to which the institution's use of a Reserve Bank account and services might restrict funds from being available to support the liquidity needs of other institutions should also be considered.

d. The institution must, in the Reserve Bank's judgment:

i. Be in sound financial condition, including maintaining adequate capital to continue as a going concern and to meet its current and projected operating expenses under a range of scenarios.

ii. Demonstrate the ability, on an ongoing basis (including during periods of idiosyncratic or market stress), to meet all of its obligations in order to remain a going concern and comply with its agreement for a Reserve Bank account and services, including by maintaining:

A. Sufficient liquid resources to meet its obligations to the Reserve Bank under applicable agreements, Operating Circulars, and Board policies;

B. The operational capacity to ensure that such liquid resources are available to satisfy all such obligations to the Reserve Bank on a timely basis; and

C. Settlement processes designed to appropriately monitor balances in its Reserve Bank account on an intraday basis, to process transactions through its account in an orderly manner and maintain/achieve a positive account balance before the end of the business day.

iii. Have in place an operational risk framework designed to ensure operational resiliency against events associated with processes, people, and systems that may impair the institution's payment system activities. This framework should consider internal and external factors, including operational risk inherent in the institution's business model, risk that might arise in connection with its use of the payment system, and cyber-related risks. At a minimum, the framework should:

A. Identify the range of operational risks presented by the institution's business model ( e.g., cyber vulnerability, operational failure, resiliency of service providers), and establish sound operational risk management objectives;

B. Establish sound governance arrangements, rules, and procedures to oversee the operational risk management framework;

C. Establish clear and appropriate rules and procedures to carry out the risk management objectives;

D. Employ the resources necessary to achieve its risk management objectives and implement effectively its rules and procedures, including, but not limited to, sound processes for physical and information security, internal controls, compliance, program management, incident management, business continuity, audit, and well-qualified personnel.

4. Provision of an account and services to an institution should not create undue risk to the stability of the U.S. financial system.

a. The Reserve Bank should incorporate, to the extent possible, the assessments of an institution by state and/or federal supervisors into its independent assessment of the institution's risk profile.

b. The Reserve Bank should determine, in consultation with the other Reserve Banks and Board as appropriate, whether the access to an account and services by an institution itself or a group of like institutions could introduce financial stability risk to the U.S. financial system.

c. The Reserve Bank should confirm that the institution has an effective risk management framework and governance arrangements for managing liquidity, credit, and other risks that may arise in times of financial or economic stress.

d. The Reserve Bank should consider the extent to which, especially in times of financial or economic stress, liquidity or other strains at the institution may be transmitted to other segments of the financial system.

e. The Reserve Bank should consider the extent to which, especially during times of financial or economic stress, access to an account and services by an institution itself (or a group of like institutions) could affect deposit balances across U.S. financial institutions more broadly and whether any resulting movements in deposit balances could have a deleterious effect on U.S. financial stability.

i. Balances held in Reserve Bank accounts present no credit or liquidity risk, making them very attractive in times of financial or economic stress. As Start Printed Page 51109 a result, in times of stress, investors that would otherwise provide short- term funding to nonfinancial firms, financial firms, and state and local governments could rapidly withdraw that funding and instead deposit their funds with an institution holding mostly central bank balances. If the institution is not subject to capital requirements similar to a federally-insured institution, it can more easily expand its balance sheet during times of stress; as a result, the potential for sudden and significant deposit inflows into that institution is particularly large, which could disintermediate other parts of the financial system, greatly amplifying stress.

5. Provision of an account and services to an institution should not create undue risk to the overall economy by facilitating activities such as money laundering, terrorism financing, fraud, cybercrimes, economic or trade sanctions violations, or other illicit activity.

a. The Reserve Bank should incorporate, to the extent possible, the assessments of an institution by state and/or federal supervisors into its independent assessment of the institution's risk profile.

b. The Reserve Bank should confirm that the institution has a BSA/AML compliance program consisting of the components set out below and in relevant regulations.^[8]

i. For these purposes, the Reserve Bank should confirm that the institution's BSA/AML compliance program contains the following elements.^[9]

A. A system of internal controls, including policies and procedures, to ensure ongoing BSA/AML compliance;

B. Independent audit and testing of BSA/AML compliance to be conducted by bank personnel or by an outside party;

C. Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance (BSA compliance officer);

D. Ongoing training for appropriate personnel, tailored to each individual's specific responsibilities, as appropriate;

E. Appropriate risk-based procedures for conducting ongoing customer due diligence to include, but not limited to, understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile and conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information;

c. The Reserve Bank should confirm that the institution has a compliance program designed to support its compliance with the Office of Foreign Assets Control (OFAC) regulations at 31 CFR Chapter V.^[10]

i. For these purposes, the Reserve Bank may review the institution's written OFAC compliance program, provided one has been created, and confirm that it is commensurate with the institution's OFAC risk profile. An OFAC compliance program should identify higher-risk areas, provide for appropriate internal controls for screening and reporting, establish independent testing for compliance, designate a bank employee or employees as responsible for OFAC compliance, and create a training program for appropriate personnel in all relevant areas of the institution.

6. Provision of an account and services to an institution should not adversely affect the Federal Reserve's ability to implement monetary policy.

a. The Reserve Bank should incorporate, to the extent possible, the assessments of an institution by state and/or federal supervisors into its independent assessment of the institution's risk profile.

b. The Reserve Bank should determine, in consultation with the other Reserve Banks and the Board as appropriate, whether access to an account and services by an institution itself or a group of like institutions could have an effect on the implementation of monetary policy.

c. The Reserve Bank should consider, among other things, whether access to a Reserve Bank account and services by the institution or group of like institutions could affect the level and variability of the demand for and supply of reserves, the level and volatility of key policy interest rates, the structure of key short-term funding markets, and on the overall size of the consolidated balance sheet of the Reserve Banks. The Reserve Bank should consider the implications of providing an account to the institution in normal times as well as in times of stress. This consideration should occur regardless of the current monetary policy implementation framework in place.

Section 2: Tiered Review Framework

The tiered review framework in this section is meant to serve as a guide to the level of due diligence and scrutiny to be applied by Reserve Banks to different types of institutions. Although institutions in a higher tier will on average face greater due diligence and scrutiny than institutions in a lower tier, a Reserve Bank has the authority to grant or deny an access request by an institution in any of the three proposed tiers, based on the Reserve Bank's application of the Account Access Guidelines in Section 1 to that particular institution. As discussed above, an institution's access request will be reviewed on a case-by-case, risk-focused basis and the tiers are designed to provide additional transparency into the expected review process based on key characteristics.

1. Tier 1: Eligible institutions that are federally insured.^[11]

a. As federally-insured depository institutions, Tier 1 institutions are already subject to a standard, strict, and comprehensive set of federal banking regulations.

b. In addition, for most Tier 1 institutions, detailed regulatory and financial information would in most cases be readily available, often in public form.

c. Accordingly, access requests by Tier 1 institutions will generally be subject to a less intensive and more streamlined review.

d. In cases where the application of the Guidelines to Tier 1 institutions identifies potentially higher risk profiles, the institutions will receive additional attention.

2. Tier 2: Eligible institutions that are not federally insured but are subject (by statute) to prudential supervision by a federal banking agency.^[12] In addition, (i) if such an institution is chartered under federal law, it has a holding company that is subject to Federal Reserve oversight (by statute or commitments); and (ii) if such an institution is Start Printed Page 51110 chartered under state law and has a holding company, that holding company is subject to Federal Reserve oversight (by statute or commitments).^[13]

a. Tier 2 institutions are subject to a similar, but not identical, set of regulations as federally-insured institutions. As a result, Tier 2 institutions may still present greater risks than Tier 1 institutions.

b. Reserve Banks will have significant supervisory information about, as well as some level of regulatory authority over, Tier 2 institutions.

c. Accordingly, account access requests by Tier 2 institutions will generally receive an intermediate level of review.

3. Tier 3: Eligible institutions that are not federally insured and are not considered in Tier 2.

a. Non-federally-insured institutions that are chartered under federal law but do not have a holding company subject to Federal Reserve oversight would be considered in Tier 3.

b. Non-federally-insured institutions that are chartered under state law and are not subject (by statute) to prudential supervision by a federal banking agency, or have a holding company that is not subject to Federal Reserve oversight, would be considered in Tier 3.

c. Tier 3 institutions may be subject to a regulatory framework that is substantially different from the regulatory framework that applies to federally-insured institutions.

d. In addition, detailed regulatory and financial information regarding Tier 3 institutions may not exist or may be unavailable.

e. Accordingly, Tier 3 institutions will generally receive the strictest level of review.

-End-

Footnotes