Compliance Blog

On December 16, 2021, the National Credit Union Administration (NCUA) issued Letter to Credit Unions 21-CU-16 (letter) to provide guidance regarding the authority of federal credit unions to connect digital asset service providers with federal credit union members. The letter outlines federal credit unions’ authority to establish relationships with third-party digital asset services and how federal credit unions may monitor and evaluate these relationships.  

NCUA maintains the Federal Credit Union Act authorizes federal credit unions to “act as a finder to bring together their members and providers of third-party services, including services related to digital assets.” This authority is granted within the incidental powers of federal credit unions. NCUA cautions federal credit unions that while the guidance permits a federal credit union, under its incidental powers, to provide “administrative functions in connection with finder activities…these functions do not create an agency or brokerage relationship.” NCUA stresses a federal credit union is also required to comply with other applicable laws and regulations such as the Bank Secrecy Act, cyber security requirements, and other safety and soundness practices. For one, a federal credit union acting within its finder capacity must also ensure compliance with §721.7 of NCUA’s own regulations.

This new guidance does not create exceptions to the existing regulatory framework. NCUA emphasizes the original framework, which exists to oversee how federal credit unions connect its members with third-party services, still applies to third-party digital asset service providers. As a result, the guidelines are written within the existing framework to assist federal credit unions in establishing practices to manage third party-member relationships in relation to digital assets and products. One concern emphasized throughout the letter is the rapidly changing technological environment and its effects on available digital asset products and services. With the fluid situation and the potential risks, NCUA maintains a federal credit union’s written policies and procedures should be written to “ensure appropriate internal controls and ongoing compliance with applicable law.”

The letter outlines what procedures and policies a federal credit union should have in place to manage third party-member relationships. According to the letter, a federal credit union should conduct its own due diligence in selecting third-party service providers and review existing NCUA guidance. NCUA suggests written policies and procedures address aspects of the third party-member relationship such as what services and products are offered, each parties’ responsibilities, indemnification, and the administrative role of the credit union and its employees. The letter also highlights appropriate disclosure practices. For example, members entering third-party relations with digital asset providers should be informed of the product’s risks relating to advertisements. The advertisements to members should disclose such things as the product’s lack of federal insurance, the product’s volatility and speculative nature, and the product’s associated fees.  

In addition, the letter notifies federal credit unions that NCUA will examine “the rigor with which [federal credit unions] execute compliance and risk oversight of third-party relationships established to deliver member access to digital asset services.” NCUA indicates the relationship between third-party digital asset service providers and credit union members, as well as the role a federal credit union plays as facilitator may be a focus of future examinations. A credit union may want to review this letter and other related guidance to ensure the credit union’s policies and procedures are adequate before facilitating relationships between its members and third-party digital asset services.

In case you are interested in more information on this issue and its impact on federal credit unions, NAFCU recently sent a letter to NCUA Chairman Todd Harper regarding digital asset issues affecting federal credit unions. The letter may be read here.