KPMG Insights
- Fintech/Third Parties. Continues to expand risk and compliance expectations for bank-fintech/third parties and arrangements.
- Beneficial Ownership/CIP. Establishes requirement that the institution maintain CIP-related information regarding the beneficial owners, as defined in the deposit insurance regulations, of the custodial account.
- Deposit Relevancy. Assists in insured deposit determinations and resolvancy.
___________________________________________________________________________________________________________________________________________
September 2024
The Federal Deposit Insurance Corporation (FDIC) proposes new recordkeeping requirements for insured depository institutions related to deposits received from nonbank third-party companies that have accepted those deposits on behalf of consumers and businesses (commonly referred to as custodial deposit accounts). The FDIC notes that custodial deposit accounts between institutions and nonbanks third party companies (e.g., fintechs) are becoming more common and complex, “warranting enhanced recordkeeping requirements.” Further, the FDIC states the proposed rule seeks to address risks related to these third-party arrangements, protect depositors, and promote public confidence in deposit insurance. Accordingly, the proposed rule would also expand risk and compliance expectations for certain bank and third-party arrangements.
Proposed Requirements
Under the proposed rule, FDIC-insured depository institutions (IDIs) holding custodial deposit accounts with transactional features (as defined in the proposed rule – see discussion below), other than custodial accounts with transactional features that are specifically exempted from the rule (see discussion below), would be subject to the following requirements:
- Recordkeeping: Maintain records of beneficial ownership for each custodial deposit account with transactional features (other than exempt accounts) in a specified data format (included in the proposal as Appendix-A). The records may be maintained by the IDI or a third party.
- Internal Controls: Implement internal controls that are appropriate to its size and the nature, scope, and risk of its activities, including:
- Maintaining accurate balances of custodial deposit accounts with transactional features at the beneficial ownership level; and
- Conducting reconciliation against the beneficial ownership records no less frequently than daily at the close of business.
- Compliance:
- Establish policies and procedures for compliance with the rule.
- Certify, annually, confirming that the IDI i) has implemented the recordkeeping requirements and tested them during the previous 12 months, and ii) is in compliance with the rule requirements. The certification must be signed by the chief executive office, chief operating officer, or other high-ranking official (as included in the rule) and filed with the FDIC and the IDI’s primary federal regulator.
- Report, annually, to the FDIC and the IDI’s primary federal regulator information including:
- A description of any material changes to the institution’s information technology systems since the prior annual report
- A list of the account holders that maintain custodial deposit accounts with transactional features that are not exempt from the recordkeeping requirements of the rule, the total balance of those custodial deposit accounts, and the total number of beneficial owners
- Results of the institution’s periodic testing of its compliance with the rule’s recordkeeping requirements
- Results of the independent validation of any records maintained by third parties.
- Records Maintained Through A Third Party: IDIs maintaining required records through a third party (e.g., vendor, software provider, service provider, or similar entity that regularly processes deposit transaction data – which may include the account holder), would be required to have:
- A contractual agreement with the third party that:
- Clearly defines roles and responsibilities for recordkeeping, including assigning to the institution the rights of the third party to access data held by other parties.
- Requires the third party to implement internal controls consistent with the IDI’s requirements.
- Requires periodic, but no less than annual, validation of the accuracy and completeness of the third party’s records by a person independent of the third party.
- Direct, continuous, and unrestricted access to the records of the beneficial owners maintained by the third party (and in the specified format), including in the event of the business interruption, insolvency, or bankruptcy of the third party.
- Continuity plans, including backup recordkeeping, and technical capabilities.
- Internal controls to i) accurately determine the respective beneficial ownership interests associated with custodial deposit accounts with transactional features, and ii) conduct reconciliations against the beneficial ownership records no less frequently than daily as of the close of business.
Exempt Custodial Deposit Accounts
The proposal would exempt certain custodial deposit accounts even if they have transactional features from the recordkeeping and compliance requirements. In particular, the proposal would exempt custodial deposit accounts:
- That hold only trust deposits.
- Established by government depositors.
- Established by brokers or dealers under the Securities and Exchange Act of 1934, and investment advisers under the Investment Advisers Act of 1940.
- Established by attorneys or law firms on behalf of clients, commonly known as interest on lawyers trust accounts (IOLTA accounts).
- Maintained in connection with employee benefit plans and retirement plans.
- Maintained by real estate brokers, real estate agents, title companies, and qualified intermediaries under the Internal Revenue Code.
- Maintained by a mortgage servicer in a custodial or other fiduciary capacity.
- For which federal or state law prohibits disclosure of the identities of the beneficial owners of the deposits.
- Of deposit placement networks or reciprocal networks (unless the network’s purpose is to enable clients to make payment transactions using funds in the custodial deposit account at the network IDIs).
- Holding security deposits tied to property owners for a homeownership, condominium, or other similar housing association governed by state law, and accounts holding security deposits tied to residential or commercial leasehold interests
Key Definitions for Purposes of the Rule
- Account Holder: The person or entity who opens or establishes a custodial deposit account with transactional features with an insured depository institution.
- Beneficial Owner: A person or entity that owns, under applicable law, an interest in the deposit held in a custodial deposit account. Note: The FDIC notes that “the proposed rule’s definition of “beneficial owner” should not be confused with other definitions of the same term, including that associated with the Corporate Transparency Act or the Customer Due Diligence rule, which relate to beneficial owners of legal entities, rather than accounts.”
- Custodial Deposit Account with Transactional Features: A deposit account established for the benefit of beneficial owners, where deposits of multiple beneficial owners are commingled, and owners may authorize or direct transfers through the account holder to parties other than the account holder or beneficial owner.
Compliance and Comment Period
The proposed requirements would apply to all custodial deposit accounts covered in the rule, no matter when a particular custodial deposit account was established. IDIs would be required to file their first certification and report within one year of the effective date of a final rule and annually thereafter.
The FDIC requests comment on the proposed rule within 60 days after publication in the Federal Register.