From its founding in 1933, the FDIC has always provided so-called “pass-through insurance,” which allows a person or entity to hold funds in a deposit account for the benefit of others.1 The FDIC’s enabling statute expressly provided that deposit insurance should be calculated based on the beneficial owners of a deposit account,2 regardless of in whose name the account is, and the FDIC first codified this principle in its regulations in 1946.3 In 1984, the FDIC and Federal Home Loan Bank Board issued a joint final rule that restricted deposit insurance for certain types of pass-through arrangements, but this was struck down by the D.C. Circuit the following year for violating the express provisions of the FDI Act.4
Today, there exists a vast array of deposit arrangements that qualify for pass-through insurance, ranging from health savings accounts (HSAs) to homeowners association (HOA) accounts to certain clearing services to sweep accounts to prepaid cards to fintechs. For the most part, consumers benefit tremendously from the availability of pass-through insurance, as it reduces the risk of loss when placing funds with certain third parties, and it has enabled the emergence of a wide variety of innovative financial products over the years.
At the same time, pass-through arrangements pose certain challenges for the FDIC as the deposit insurer and resolution authority — and, potentially, by extension for consumers. For example, there are various ways consumers who believe their funds are FDIC-insured can end up losing money and lacking FDIC protection. To take an extreme example, imagine a person or entity promises to place customers’ funds in an FDIC-insured account, but instead steals the money and disappears. The FDIC has no authority in such a case to provide insurance to the customers, as the FDIC’s authority only extends to money actually deposited at a bank, and is only triggered when the bank fails.5 (The FDIC can take, and has on numerous occasions taken, action against such a scam proactively, but this is only helpful if the FDIC is aware of it in advance.)
The Synapse bankruptcy appears to involve a different version of a similar story. Customers of various fintech firms were led to believe their money was being placed in FDIC-insured bank accounts, with the fintechs using Synapse as an intermediary. But when Synapse failed, tens of millions of dollars was, it appears, missing.6 Over 100,000 customers lost access to their accounts, and many could experience significant losses. This is devastating for those involved, as many personal stories provided to the bankruptcy court have illustrated.7
While the Synapse story is still unfolding, these problems could have been identified much sooner if the partner banks maintained better records and conducted frequent, routine reconciliations. The proposal today would, in part, address these issues by requiring banks with certain types of pass-through accounts to maintain records of end-user depositors8 and conduct reconciliations at the close of each business day.
I am going to vote in favor of the proposal. I recognize that certain types of pass-through arrangements have become much more complex in recent years, exacerbating the potential risks, and improving recordkeeping and reconciliation practices (1) can reduce the likelihood of another Synapse-like disaster in the event of a third-party failure, and (2) may result in a more orderly resolution in the event the bank fails.
I appreciate staff’s engagement with me and willingness to accept some of my requested changes to the proposal. Among other things, I appreciate the removal of a provision that would have required banks to ensure that every beneficial owner’s balance was accurate at the close of business each day, which I don’t think is plausible for a bank with, potentially, millions of end-user depositors and hundreds of thousands of daily transactions.9
Still, I have a number of concerns about the proposal that I hope we will receive comments on and address in a final rule. First, I strongly believe we should consider a minimum threshold for when the requirements of the rule apply. Under the proposal, if a bank has one deposit account covered by the proposal, the bank would need to fully comply with all aspects of the rule. This seems excessive, given what could be a substantial compliance burden. The proposal estimates that between 600 and 1,100 banks could be scoped in,10 even though only a few dozen are heavily engaged in the type of activity at which the proposal is targeted. I encourage comments on what type of threshold we should consider – specifically, what metric and at what amount, and why. I also encourage comments on the exemptions – whether they are the correct exemptions, whether there are any additional exemptions that would be appropriate, and why.
Second, the proposal would require a certification of compliance signed by the CEO, COO, or highest ranking official. I think this requirement should either be deleted or qualified as was done in Part 370.11 The banking agencies already have authorities to take supervisory or enforcement action in the event of noncompliance, and the certification requirement could be interpreted to impose strict liability in the event any customer balance is found to be inaccurate at any point in time. It’s hard not to be struck by the dichotomy of an agency that has senior leaders who have repeatedly expressed ignorance of longstanding workforce culture issues at the same time demanding omniscience by the heads of banks we regulate.
Third, I think we can do more to reduce the burden on institutions while still achieving the proposal’s objectives. At a minimum, we should delete the requirement that banks establish and maintain written policies and procedures. While I expect banks will generally update their policies and procedures anyway, codifying it in the regulation encourages examiners to focus on a bank’s documentation and policies and procedures, rather than the actual recordkeeping and reconciliation. Our Part 370 recordkeeping rule did not include a policies and procedures requirement, and the absence of such a requirement does not seem to have impacted compliance whatsoever. And as I have said in the past,12 and as a number of other commenters continue to point out,13 supervision should be more focused on core risks and less on process and documentation.
Finally, while I am voting in favor of the proposal, my view has been that we should not be issuing it now. Less than two months ago, the banking agencies released a request for information (RFI) soliciting feedback on partnerships between fintechs and banks,14 and asked several questions directly related to the issues in this proposal, including specific questions related to recordkeeping and reconciliations. The comment period was scheduled to end at the end of September, and was recently extended an additional month. I believe we should have waited to issue this proposal until first receiving comments from the RFI – both because the comments we receive might help inform our policymaking, and because preempting the end of the comment period sends a message to the public that it is a waste of time to invest time and resources to provide feedback if the FDIC is going to move forward with its own predetermined policy changes anyway. But, I think we know why the current leadership does not believe there is time to go through the proper process.
I want to thank the staff for their work on this, and look forward to the comments to both this NPR and the RFI.
1 | See generally Federal Deposit Insurance Corporation, Pass-through Deposit Insurance Coverage (last updated May 29, 2024). |
2 | See Paul T. Clark, Just Passing Through: A History and Critical Analysis of FDIC Insurance of Deposits Held by Brokers and Other Custodians, Review of Banking and Financial Law, at note 3 (“Section 12B(l) of the Federal Reserve Act provided that “in determining the amount due to such owner . . . there shall be added together all net amounts due to such owner in the same capacity or the same right, on account of deposits, regardless of whether such deposits be maintained in his name or in the name of others for his benefit.””). This is now codified at 12 U.S.C. 1821(a)(1)(C) (“For the purpose of determining the net amount due to any depositor . . . , the Corporation shall aggregate the amounts of all deposits in the insured depository institution which are maintained by a depositor in the same capacity and the same right for the benefit of the depositor either in the name of the depositor or in the name of any other person . . .”). |
3 | See id. at note 4 and accompanying text. |
4 | FAIC Securities, Inc. v. United States, 768 F.2d 352 (D.C. Cir. 1985) (“These provisions [of the FDI Act] establish a clear and unequivocal mandate that the FDIC shall insure each depositor's deposits up to $100,000, determining the amount of those deposits by adding together all accounts maintained for the benefit of the depositor, whether or not in the depositor's name.”). |
5 | See generally 12 U.S.C. 1821. |
6 | See In re Synapse Fin. Techs., Inc., Case No. 1:24-bk-10646-MB (Bankr. C.D. Cal. September 12, 2024), Chapter 11 Trustee’s Ninth Status Report, at 7 (“The aggregate $65 million to $95 million estimated shortfall has not changed since the Eighth Status Report.”). |
7 | See, e.g., Post by Jason Mikula (June 16, 2024) (“User with funds frozen in Synapse bankruptcy emails judge, warns they are contemplating suicide because of situation”); Jason Mikula, Is Synapse’s Meltdown Fintech’s FTX Moment?, Fintech Business Weekly (May 19, 2024) (“One user, a single mom who had just bought a home, who may be unable to make her first mortgage payment due to the disruption, told the court, ‘I’m scared, I’m terrified. While they point fingers at each other, I just want to know, when I can pay my mortgage? That’s the only question I have for anybody involved in this situation.’”). |
8 | I use the terms “end-user depositor” and “beneficial owner” interchangeably. The proposed regulation uses the term “beneficial owner.” |
9 | Instead, the proposal seeks comment on a requirement that banks maintain accurate balances at the beneficial ownership level and conduct reconciliations no less frequently than at the close of business of each day. The preamble also notes that “reconciling variances due to unposted transactions and timing of transactions occurs and should be addressed based on standard banking practices, which are sufficient to manage and resolve such variances.” Notice of Proposed Rulemaking on Recordkeeping for Custodial Accounts, at 32-35. |
10 | The proposal notes that “[t]he FDIC does not have the data to accurately estimate the number of … IDIs” covered by the proposal, and it is possible the number could be much higher than 1,100. See id. at 42-44. |
11 | See 12 C.F.R. 370.10(a)(1)(iii) (requiring that the certification be signed by the CEO or COO and “made to the best of his or her knowledge and belief after due inquiry”). |
12 | See, e.g., Statement by Vice Chairman Travis Hill on the Proposed Corporate Governance Expectations for Large and Midsize Banks (October 3, 2023) (“In my view, a takeaway from the turmoil earlier this year is that bank supervisors should focus more on core risks to safety and soundness, and relatively less on process-related governance.”). |
13 | See, e.g., Raj Date, Banks Aren’t Over-Regulated, They Are Just Over-Supervised, Open Banker (September 10, 2024); Jeremy Newell, Bank Policy Institute, 4 Key Considerations on ‘Evolving Bank Supervision’ (September 10, 2024) (“Unfortunately, and as we have also described elsewhere, the risk-based approach to supervision that the Acting Comptroller describes is exactly contrary to the lived experience of bankers today, who frequently encounter an examination culture and practices that are increasingly focused on process rather than substance, and on immaterial matters rather than material financial risk.”). |
14 | Office of the Comptroller of the Currency, Federal Reserve System, Federal Deposit Insurance Corporation, Request for Information on Bank-Fintech Arrangements Involving Banking Products and Services Distributed to Consumers and Businesses, 89 Fed. Reg. 61577 (July 31, 2024). |