On September 17th, the Federal Deposit Insurance Corporation ("FDIC") issued a proposed rule entitled “Recordkeeping for Custodial Accounts” with comments due sixty days from the date of publication in the Federal Register (it has not yet been published). The rule impacts a variety of custodial accounts and has the potential to significantly impact prepaid cards, payment apps and fintech-related deposit offerings because the banks holding the funds in custody will now need to impose additional requirements and policies on these kinds of accounts. As it is, fintechs can find it challenging and expensive to find a bank willing to maintain these kinds of accounts for them. This rule could make that particular pain point much worse.
We have described the proposed rule below, but first, the rule has already acquired two nicknames. The first is the “FBO Rule” referring to the titling often used for custodial deposit accounts where the funds are being held in custody “for the benefit of” the depositor, or “FBO accounts”. The second nickname is the “Synapse Rule”, referencing the collapse of Synapse Financial earlier this year. Synapse, as the FDIC has explained, “was a deposit broker that facilitated customer deposits for various fintech companies looking for banking services.” When Synapse filed for bankruptcy some of Synapse’s fintech clients were unable to access the deposits on behalf of their customers timely. The demise of Synapse has really shaken the bank regulators, with no less than four significant announcements since then referencing Synapse, including this proposed rule, but also the FDIC’s proposed “Unsafe and Unsound Banking Practices: Brokered Deposits Restrictions” rule, the joint statement with the Federal Reserve and the Office of the Comptroller of the Currency ("OCC") regarding Bank-Fintech arrangements, and the joint Request for Information on Bank-Fintech relationships. The regulators’ concern is for good reason, as this proposed rule explains, “Since May 2024, the FDIC National Center for Consumer and Depositor Assistance has received more than a thousand inquiries, complaints, and concerns from consumers regarding the Synapse bankruptcy. Published reports further suggest that some of those consumers affected by the Synapse bankruptcy had placed the funds in accounts through a fintech that they used for day-today living expenses thereby intensifying the effect of their loss of access.”
The proposed rule affects a subset of FBO accounts, specifically only “custodial deposit accounts with transactional features”, which is defined to mean a deposit account that meets these three requirements – (1) the account is established for the benefit of beneficial owners; (2) the account holds commingled deposits of multiple beneficial owners; and (3) a beneficial may authorize or direct a transfer through the account holder from the account to a party other than the account holder or beneficial owner.” (Beneficial owner in this context is not intended to incorporate the meaning of “beneficial owner” for anti-money laundering and know your customer ("KYC") purposes.) “[T]he the FDIC intends to apply the proposed recordkeeping requirements only to custodial deposit accounts that are established and used in a manner that allows beneficial owners to direct a transfer of funds from the account to another party – for example, to make purchases or pay bills.”
Practically speaking, this means that FBO accounts in which prepaid card funds are kept, as well as those FBO accounts that are held by payment apps and other fintech solutions, would be covered by the proposed rule. There are some exemptions from the definition – all of the following would be exempted – FBO accounts that only hold trust deposits, FBO accounts established by governmental depositors, FBO accounts established by investment advisors and broker/dealers, attorney IOLTA accounts, FBO accounts maintained in connection with employee benefit plans and retirement plans, and accounts held by mortgage servicers, HOAs and real estate agents, among others.
The obligations that arise when there is a “custodial deposit account with transactional features” fall upon the insured depository institution ("IDI") and mainly relate to requiring the IDI to maintain its own records regarding the beneficial owners of the funds in the FBO accounts. Specifically, IDIs will need to maintain their own ledgers of beneficial owner names, the balance attributable to each beneficial owner and the ownership category applicable to the deposited funds (e.g., joint deposit, etc.). In terms of maintaining these accounts, the IDIs would need to conduct reconciliations of the account “no less frequently than at the close of business daily”. Many accounts covered by this rule presently reconcile far less frequently than daily. IDIs also must create appropriate compliance policies and procedures and annually obtain a certification from the CEO/COO of the IDI stating that the recordkeeping requirements were properly implemented and tested, and that everything is in compliance with the policies and procedures.
The proposed rule does allow IDIs to utilize third parties to maintain the required records, which could mean that the IDIs would be able to rely upon the prepaid card companies or fintechs to manage the ledgers as they presently do. However, the IDI “would be required to have direct, continuous, and unrestricted access” to the records, which would be achieved by establishing secure real-time data exchanges between the IDI and the third party. Further, the IDI that utilizes a third party to maintain the records would need to develop a “contingency plan” tailored to each third party. Also, the proposed rule prescribes a set of contractual requirements that would govern the relationship between the IDI and the third party recordkeeper, and, of course, the “IDI would not be permitted, through any contract or agreement, to shift its responsibility for ensuring that the requirements of the proposed rule are satisfied. The proposed rule also would not limit, in any way, an IDI’s ability to include further risk mitigation measures in contracts with third parties, and IDIs would be encouraged to include additional measures as they deem appropriate.”