ALEXANDRIA, Va.–NCUA has published a set of guidelines aimed at clarifying federally insured credit unions’ (FICUs) authority to establish relationships with third-party providers that offer digital asset services to their members, including investments such as cryptocurrency.
The agency’s Letter to Credit Unions also includes key safety and soundness considerations.
The 2,300-word Letter explains digital assets are one of many terms used to describe distributed ledger technology (DLT) based tokens and comes as a second credit union has announced it is offering members access to bitcoin services. The letter follows a July 2021 request for information (RFI) seeking input on potential and current impacts of the use of digital assets and related technologies on FICUs, related entities, and the NCUA. The agency also stressed credit unions are expected to communicate so members are aware such products, which are not federally insured, may be highly speculative and may offer no recourse, among other things.
NCUA further noted federal credit unions are not prohibited from forming relationships with third-party providers of digital asset services, but due have responsibilities to their members.
Evaluated in Similar Manner
“A FICU’s relationship with third parties offering these services and related technologies will be evaluated by the NCUA in the same manner as all other third-party relationships,” the letter reads. “This includes a FICU exercising sound judgment and conducting the necessary due diligence, risk assessment, and planning when choosing to introduce or bring together an outside vendor with its members. FICUs should establish effective risk measurement, monitoring, and control practices for such third-party arrangements.”
The guidelines present four key considerations, including due diligence as well as credit union policies, procedures, and agreements; advertising and conduct in third-party arrangements; and supervisory considerations.
What’s Permissible
The letter notes that “introducing members to third parties that may provide members with services related to digital assets is permissible” as it:
- Is useful in carrying out an FCU’s business because it facilitates member services that allow an FCU to serve as their members’ primary financial institution
- Is the logical outgrowth of an FCU’s business, including its role in serving as its members’ primary financial institution
- Involves risks similar in nature to those FCUs already assume in serving their members, including referring members to various third-party service providers of other non-deposit financial products and services.
“FICUs are responsible for safeguarding member assets and ensuring sound operations irrespective of whether delivery of services is accomplished internally or through a third-party relationship,” it states in the section on supervision. “Accordingly, when assigning supervisory risk and CAMELS ratings as part of the supervisory process, examiners will evaluate the rigor with which FICUs execute compliance and risk oversight of third-party relationships established to deliver member access to digital asset services.”
The full text of the letter can be found here.