NCUA: Credit Unions Can Engage Crypto-Currency Vendors

Congress continued wrestling this week with how to regulate crypto currencies, as NCUA told credit unions they can engage third-parties offering crypto-currency services if they hew to certain precautions.

NCUA collected comments on the issue from July to October, and NAFCU, CUNA and others have asked NCUA for guidance.

In response, NCUA Chair Todd Harper sent a letter to credit unions Thursday “to provide clarity about the already existing authority of federally insured credit unions (FICUs) to establish relationships with third-party providers that offer digital asset services.”

“The authority for federally insured, state-chartered credit unions (FISCUs) to establish these relationships will depend upon the laws and regulations of their states,” he said.

Harper wrote that the NCUA will evaluate relationships with crypto-currency vendors on the same basis as all other third-party relationships: looking at how well they exercise sound judgment, conduct due diligence, assess risk and plan.

And whatever NCUA does, he wrote that some crypto-currency activities will fall under the jurisdiction of other regulatory agencies, including the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Financial Crimes Enforcement Network (FinCEN), and individual state agencies.

Harper wrote that federal credit unions may continue to act as a finder to bring together their members and vendors, including those providing crypto-currency services. However, he added that “they should be cautious that these functions do not create an agency or brokerage relationship and trigger compliance problems under any applicable laws.”

“Further, it is of paramount importance to the NCUA ,” he wrote, that federally insured credit unions continue to comply with laws and sound business practices, including those for consumer financial protection, cybersecurity, Bank Secrecy Act and anti-money laundering and sanctions requirements from the Office of Foreign Assets Control.

Federally insured credit unions “should fully evaluate the risks involved with digital asset activities, including legal risks, reputation risks, and economic risks,” Harper wrote.

Because of the “breadth and rapid evolution of the digital asset sector,” credit unions should draft policies and procedures. Among other issues, these written policies should:

• Describe the responsibilities of the credit union and the third party. “FICU policies and contracts should make clear that the third-party digital asset service provider is responsible for ensuring the digital asset services are conducted in compliance with all applicable laws and policies. The FICU should maintain the right to check for compliance and access member accounts for verification and oversight.”
• Protect the credit union from liability. “FICUs should require contracts with third parties to include provisions to indemnify the FICU for any monetary damages arising from the provision of digital asset services, including fraud.”
• Monitor legal compliance. “The compliance function should include a system that monitors member complaints and periodically reviews and randomly samples member account activity to look for evidence of abuse. FICUs should also provide regular, periodic compliance reports to their boards of directors to ensure appropriate oversight.”

The letter also warned credit unions they “must neither mislead nor confuse members as to the nature or risks of these uninsured products. To avoid member confusion, third parties should not offer products with a product name that is intentionally similar to a FICU’s name.”

In any sales or marketing activities, members should be told that the products offered:

• Are not federally insured,
• Are not obligations of the FICU,
• Are not guaranteed by the FICU,
• Are or may be heavily speculative and volatile,
• May have associated fees,
• May not allow member recourse,
• Are being offered by a third party.