Skip to main content

FDIC Proposes New Requirements for Custodial Accounts

UPDATE: The comment period has been extended through Jan. 16, 2025. See FDIC Extends Comment Period for New Requirements for Custodial Accounts for more information.

Go-To Guide:
  • The FDIC issued a notice of proposed rulemaking (Proposed Rule) that would impose new recordkeeping requirements for certain custodial deposit accounts, like those often used in bank-fintech partnerships.

  • The Proposed Rule is intended to ensure the FDIC’s ability to promptly make deposit insurance determinations; however, costs to comply with the new requirements could be significant.

  • FDIC-insured banks and fintechs should review their business models and assess what steps they may need to take to comply.

  • Those impacted by the Proposed Rule should consider submitting comments by Dec. 2, 2024, to voice their concerns with the proposed requirements.

On Oct. 2, 2024, the Federal Deposit Insurance Corporation (FDIC) published a notice of proposed rulemaking (Proposed Rule) designed to strengthen recordkeeping requirements for custodial deposit accounts with transactional features, like those often used in banking-as-a-service (BaaS) models and other bank-fintech partnerships. The Proposed Rule is intended to ensure the FDIC’s ability to promptly make deposit insurance determinations and, if necessary, pay deposit insurance claims as soon as possible following the failure of an FDIC-insured bank holding such custodial accounts.

“The [Proposed Rule] approved by the FDIC Board today is an important step to ensure that banks know the actual owner of deposits placed in a bank by a third party. . . and that the banks are able to provide the depositor their funds even if the third party fails,” FDIC Chairman Martin J. Gruenberg said. “In addition, it will strengthen the FDIC’s ability to make deposit insurance determinations and, if necessary, pay deposit insurance if the bank fails. Further, the proposed rule will strengthen compliance with anti-money laundering and countering the finance of terrorism law.”

Background

Under the Federal Deposit Insurance Act (FDI Act), the FDIC is required to pay deposit insurance “as soon as possible” following the failure of any insured depository institution (IDI). To pay deposit insurance, the FDIC generally uses a failed IDI’s records to aggregate the amounts of all deposits that are maintained by a depositor in the same “right and capacity” (i.e., legal basis of ownership), and then applies the standard maximum deposit insurance amount of $250,000. But in certain circumstances—for instance, when custodial account records are maintained by a third party—the FDIC may use the records of parties other than the failed IDI to make deposit insurance determinations.

In its Proposed Rule, the FDIC explained that its ability to use third-party records to make prompt deposit insurance determinations and if necessary, pay claims to depositors, would be impeded if those records were inadequate or unreliable. That risk was highlighted by the recent bankruptcy of a technology company that served as an intermediary between fintech companies and IDIs. After the technology company’s bankruptcy, the IDIs encountered difficulties in obtaining, reviewing, and reconciling the company’s records, which affected the ability of consumers to access funds placed at the IDIs.

The Proposed Rule

Against that backdrop, the FDIC’s Proposed Rule would, if finalized in its present form, establish new recordkeeping requirements and related compliance obligations at IDIs for certain “custodial deposit accounts with transactional features.”

Subject to certain express exemptions,1 the Proposed Rule would define the term “custodial deposit account with transactional features” to mean any deposit account that meets three requirements:

  • the account is established for the benefit of beneficial owner(s);
  • the account holds commingled deposits of multiple beneficial owners; and
  • a beneficial owner may authorize or direct a transfer through the account holder from the account to a party other than the account holder or beneficial owner (e.g., merchant payment purposes).

The Proposed Rule would define the term ‘‘beneficial owner’’ to mean a ‘‘person or entity that owns . . . an interest in the deposit held in a custodial deposit account,’’ which is generally the person or entity that engages with a BaaS provider or fintech company to obtain services. It would define the term “account holder” to mean ‘‘the person or entity who opens or establishes a custodial deposit account with transactional features with an [IDI],’’ which is generally the BaaS provider or fintech company providing services directly to the public.


Recordkeeping Requirements

For custodial deposit accounts with transactional features, an IDI would be required to maintain records of beneficial ownership in a specified data format and layout, with the specified format requiring, among other things, that an IDI identify each beneficial owner, the current balance attributable to each beneficial owner, and the ownership right and capacity for each beneficial owner.

If the IDI maintains the required records itself, it would be required to implement appropriate internal controls that include:

  • maintaining accurate balances of custodial deposit accounts with transactional features at the beneficial ownership level; and
  • conducting reconciliations against the beneficial ownership records no less frequently than at the close of business daily.

If the IDI maintains the required records though a third party, including any vendor, software provider, service provider, or similar entity, it would be required to implement the controls referenced immediately above and to also:

  • have direct, continuous, and unrestricted access to the records, including in the event of business interruption, insolvency, or bankruptcy of the third party;
  • have an appropriate continuity plan, including backup recordkeeping and appropriate technical capabilities to ensure compliance with the requirements of the Proposed Rule; and
  • have a contractual arrangement with the third party that clearly defines roles and responsibilities and authorizes the IDI to access relevant data; requires the third party to implement appropriate internal controls; requires a periodic, but no less than annual, validation of account records by a third party; and does not relieve the IDI of its responsibilities under the rule.

  • Additional Compliance Obligations

    An IDI holding custodial accounts with transactional features would also be subject to additional compliance obligations, including:

    • establishing and maintaining written policies and procedures to achieve compliance;
    • completing and filing with the FDIC an annual certification confirming that it has implemented the recordkeeping requirements, tested its implementation of the requirements, and is in compliance with the requirements; and
    • completing and filing with the FDIC an annual report that describes any material changes to the institution’s information technology system; lists the non-exempt holders of custodial accounts with transactional features, their respective balances, and the number of beneficial owners; and provides the results of the IDI’s period testing and independent validation.

    • Takeaways

      The Proposed Rule is reflective of the continued focus by the FDIC and other federal banking agencies on third-party relationships and risk management, especially as it concerns BaaS models and bank-fintech partnerships.

      The Proposed Rule would impose new, significant, and burdensome requirements on IDIs that offer custodial deposit accounts with transactional features, including new requirements that would flow down to fintechs, program managers, and other third parties whose models rely on these accounts. IDIs and their third-party partners should consider reviewing their business models in light of the Proposed Rule, and assessing what steps they may need to take to comply, including reviewing monitoring-and-testing procedures and sub-ledgers with daily reconciliation, and revising their contracts to incorporate required terms. The costs of coming into compliance with the Proposed Rule could be significant and, potentially require banks and fintechs to invest in new recordkeeping and reconciliation technology, and to take on additional compliance costs.

      Bank and fintechs should review the Proposed Rule and consider submitting comments to discuss their concerns with these proposed requirements, including compliance cost concerns. The deadline to submit comments on the Proposed Rule is Dec. 2, 2024.


      1 The Proposed Rule exempts from its scope custodial deposit accounts (i) holding only trust deposits; (ii) holding deposits established by government depositors; (iii) established by broker-dealers and investment advisers; (iv) established by attorneys or laws firms on behalf of clients; (v) maintained in connection with employee benefit plans and retirement plans; (vi) maintained by real estate brokers, real estate agents, title companies, and qualified intermediaries under the Internal Revenue Code; (vii) maintained by mortgage servicers; (viii) for which federal or state law prohibit disclosure of beneficial owners of the deposits; (ix) maintained in connection with deposit placement networks or reciprocal networks (unless the purpose of the network is to enable clients to make payment transactions using funds in the custodial deposit account at the network IDI; or (x) holding security deposits tied to property owners for a homeownership, condominium, or other similar housing association governed by state law, and accounts holding security deposits tied to residential or commercial leasehold interests.