FDIC Proposes Rulemaking on Custodial Deposit Accounts in Wake of Synapse Bankruptcy

As part of a larger effort to address risks related to third-party deposit relationships, on October 2, 2024, the Federal Deposit Insurance Corporation (FDIC) announced and published a notice of proposed rulemaking (Proposed Rule) that would require insured depository institutions (IDIs) holding certain custodial accounts to maintain complete, accurate, and reliable records to determine the actual consumers who own funds held in the pooled custodial accounts and the account balance attributable to each consumer. With the Proposed Rule, the FDIC attempts to address the challenges that arose with the bankruptcy earlier this year of Synapse, a "middleware provider" for fintech companies that provided technological infrastructure that allowed fintech companies to integrate banking services into their applications. Comments on the Proposed Rule are due by December 2, 2024.

This post provides an overview of the Proposed Rule, describes the circumstances of the Synapse bankruptcy spurring the Proposed Rule, and outlines several key questions that will need to be addressed in the public comment process.

Proposed Recordkeeping Requirements

A "custodial deposit account" arrangement is a relationship where one party opens a deposit account at a bank on behalf of others whose funds are pooled together in the account but who often lack a direct relationship with the bank. The Proposed Rule would apply to IDIs that hold "custodial deposit accounts with transactional features," which would be defined as a deposit account that: (1) is established for the benefit of beneficial owners; (2) holds pooled deposits of multiple beneficial owners; and (3) is used in a manner that allows beneficial owners to authorize or direct a transaction of funds from the account to another party. The Proposed Rule would define "beneficial owner" as "a person or entity that owns, under applicable law, the funds in a custodial deposit account" and "account holder" as "the person or entity who owns or establishes a custodial deposit account with transactional features with an insured depository institution."

The Proposed Rule would not apply to ten types of custodial accounts even if they have transactional features. Exempted accounts would include: custodial deposit accounts that hold only trust deposits; custodial deposit accounts established by broker dealers and investment advisers; interest on lawyers trust accounts; and custodial deposit accounts maintained in connection with certain employee benefit plans. The FDIC indicated that account holders of these accounts are often subject to other recordkeeping requirements, and some of these accounts have relatively limited transactional activity.

The Proposed Rule would require IDIs that hold custodial deposit accounts with transactional features to maintain records in a specified data file format that would identify for each custodial deposit account the beneficial owners of the account, the balance attributable to each beneficial owner, and the ownership category in which the beneficial owner holds the deposited funds. The Proposed Rule would also require IDIs to maintain appropriate internal controls that include: (1) maintaining accurate deposit account balances, including the respective individual beneficial ownership interests associated with the custodial deposit account; and (2) conducting daily reconciliations against the beneficial ownership records.

The Proposed Rule would allow the required records to be maintained by the IDI through a third party if certain requirements are satisfied. First, the IDI would be required to have direct, continuous, and unrestricted access to records maintained by the third party. Second, the IDI would be required to have continuity plans in place, including backup recordkeeping for the required beneficial ownership records and technical capabilities to ensure compliance with the proposal's requirements. And third, the IDI would be required to maintain documented internal controls. The contract between the IDI and the third party would also need to clearly define roles and responsibilities for recordkeeping, including assigning to the IDI rights of the third party that are necessary to access data held by other parties, explicitly require the third party to implement appropriate internal controls, and provide for periodic validations by a person independent of the third party.

To ensure compliance with the Proposed Rule, the IDI would be required to establish and maintain written policies and procedures that, if applicable, also address achieving compliance with the requirements specific to maintaining records through a third party. The IDI would also need to annually certify to the FDIC and its primary federal regulator that it has implemented and tested its implementation of the recordkeeping requirements within the preceding twelve months and prepare an annual report to the FDIC and its primary federal regulator.

Synapse Bankruptcy

The Synapse bankruptcy case revealed specific partnership and technological failures that made (and continue to make) reconciliation and distribution of customer funds a real nightmare for the Synapse trustee and for the customers whose accounts and funds were managed in part by Synapse. Due to deficiencies and discrepancies in the recordkeeping of the IDIs that worked with Synapse and trouble reviewing and reconciling Synapse's data, customer deposits continue to be held up at the IDIs, preventing consumers from accessing their funds. Based on what we know from the bankruptcy about the specific failures of the IDIs to maintain ledgers of the customers or the deposit amounts attributed to each individual customer, the core thesis of the Proposed Rule broadly tracks those expectations—where a bank and its fintech partners are using custodial accounts with transactional features, the bank would need to maintain either its own ledger evidencing funds held for the benefit of each customer or "direct, continuous, and unrestricted" access to a ledger maintained by the fintech or another service provider. And, either way, the bank would need to reconcile transaction activity through these accounts daily.

Takeaways

While it is unusual for the FDIC to directly respond to a singular event with a rulemaking, given the federal banking agencies' recent string of enforcement actions affecting the bank-fintech market, it may come as a welcome relief to many IDIs and fintech companies to see the FDIC regulating proactively by rulemaking instead of reactively by enforcement.

Notwithstanding, the Proposed Rule contains some ambiguities and imperfections that will need to be fleshed out through the public comment process. Some of the potential problem areas are:

• The definition of "beneficial owner" in the Proposed Rule hinges on ownership of the funds held in the custodial account. The reference to ownership of funds may seem clear on its face, but the reality is not that simple. Many custodial account arrangements, particularly in the payments and money movement spaces, are intentionally structured such that the beneficiaries do not own funds held in the custodial account. An anchor to ownership will create friction between banks and their fintech partners about who owns what, and the answer to that question will have downstream effects for both parties and their customers on tax, accounting, finance, and other matters far beyond recordkeeping.
• The proposed file specifications for custodial account ledgers are connected to the information that the FDIC would require to make a pass-through deposit insurance determination if the bank holding the account failed. However, not all custodial account arrangements intend to be covered by FDIC pass-through insurance. If pass-through insurance is not a product objective for a custodial account arrangement, different file specifications may be more appropriate to facilitate distribution of funds in the event of the custodian's bankruptcy.
• The Proposed Rule would require that if a bank outsources ledgering to a third-party service provider, it must have "direct, continuous, and unrestricted" access to the ledger. However, it is not yet clear how the FDIC expects banks to demonstrate and test their direct, continuous, and unrestricted access to a ledger in an event like the Synapse bankruptcy where the entity responsible for the ledger has dissolved, its people have left and moved on, and, as a result, there is no one around to support the service provider's side of the required access channel.

+++

We will continue to track the industry's response to the proposed rulemaking and any developments from the FDIC, and if the rule is adopted we will report more on how insured depository institutions can come into compliance.

DWT's banking and payments practice is a multidisciplinary team of subject matter experts in financial services, privacy, data security, technology transactions, enforcement and litigation, and other relevant areas. The B&P team regularly advises depository institutions on compliance with applicable federal and state banking laws and related requirements.

For more information or assistance in preparing a comment letter to the FDIC's proposed rulemaking, please contact any of the authors or your usual DWT contact.