With market sentiment towards stablecoins at an all-time high, banks increasingly want a piece of the action. Many are looking at providing account services to the growing numbers of stablecoin issuers. But the direct transferability of stablecoins raises novel financial crime considerations, and banks have had to grapple with exactly how to apply their controls in light of these. It is against this backdrop that the Wolfsberg Group, an industry body focused on financial crime, has published risk-management guidance for banks servicing stablecoin issuers. The guidance promotes a tailored, risk-based approach and provides helpful examples. This is highly welcome and will provide a useful reference point for banks across the globe.

The promise and peril of stablecoins

Stablecoins have been a hot topic in bank boardrooms the world over for some time now. Their ability to settle rapidly across borders without reliance on traditional payment rails presents significant commercial opportunities as well as threats to traditional bank business models. Banks have been strategising as to how best to carve-out a role in this complex and evolving ecosystem. Among other things, we have seen banks exploring issuance, custody and financing roles, as well as providing account services to stablecoin issuers. 

One key challenge that banks have to navigate is that, in some cases, the peer-to-peer transferability of stablecoins could support money laundering, terrorist financing, breach of sanctions and other types of financial crime, and banks have extensive regulatory obligations to manage those risks. 

But not all stablecoin systems are alike, nor do all potential bank roles pose the same risks. Banks have had to grapple with how to assess relevant risks and calibrate their risk-management frameworks in a way that allows them to capitalise on commercial opportunities while effectively discharging their compliance obligations. 

The Wolfsberg guidance

In this context, new Wolfsberg Group guidance on the Provision of Banking Services to Fiat-backed Stablecoin Issuers is highly timely and welcome. While it is narrowly focused on the provision of banking services to corporate stablecoin issuers in regulated jurisdictions, it provides a helpful roadmap for banks considering these types of roles, and could also be a useful reference point more broadly.

The Wolfsberg Group is an association of 12 global banks which develops guidance on financial crime compliance. While it does not represent the views of any regulator, it is influential in establishing standards across the industry.

Risk-based relationship management

The core principle of the guidance is that, as with any banking relationship, a bank needs to:

• analyse the issuer's financial crime risk exposure and how it purports to manage those risks (i.e. the issuer's risk management framework);
• determine whether that is consistent with the bank's risk appetite; and 
• develop its own risk management framework to monitor, at a macro level, that the issuer's risk profile remains within the agreed risk appetite.

The bank's risk management framework and monitoring approach needs to be tailored accordingly. The guidance provides links to the general due diligence and compliance questionnaires published by Wolfsberg and outlines further themes unique to stablecoin issuers that should be considered. This includes things like the jurisdiction of the issuer, regulation applicable to the issuer, the issuer's policies and procedures, its use of third parties, its oversight in respect of transfers and its processes for performing due diligence on underlying blockchains. 

Analysing the ecosystem and business model

The guidance stresses that banks need to understand the issuer's business and the bank's role in it, including the purpose of each account and associated product, expected fund flows and the issuer's clients. This will enable banks to identify unusual or unexpected activity and assess the issuer's commitment to staying within the agreed risk appetite. 

The guidance helpfully distinguishes between direct clients (who the issuer is responsible for onboarding and maintaining a direct relationship with) and other users through whom stablecoins may be transferred. It implicitly acknowledges the limitations of the issuer's direct oversight in respect of these other users but does provide examples of measures that an issuer may take to oversee circulation, which may be relevant to the bank's risk assessment. For example, an issuer may conduct on-chain monitoring of stablecoin circulation or only allow transfers to whitelisted wallets. 

Different services, different approach

The guidance recommends that the bank's monitoring of account activity should be tailored based on the nature of the account. For example:

• Operating accounts. As these accounts are unrelated to token issuance or redemption, traditional monitoring approaches will apply. Among other things, the monitoring approach should be designed to check that operating activity remains segregated from reserve management and client settlement activity. 
• Reserve management accounts. These accounts will hold fiat backing assets. Among other things, transactions would generally be limited to transfers into and out of issuer settlement accounts, and the monitoring approach should reflect that. Segregation and reserve management obligations applicable to the issuer should also be considered with a view to identifying signs of unusual activity.
• Client settlement accounts. The guidance identifies that these accounts may present the greatest monitoring challenges for banks, as they could directly reveal the degree to which the issuer is operating within the financial crime risk appetite agreed with the bank. Exactly what the monitoring process will look like will depend on various factors, including in relation to the issuer’s processes and oversight and the bank’s risk appetite. 

For some types of issuers, banks may want to limit their offerings to some types of account services but not others.

A tailored approach to on-chain monitoring

A key question for banks is whether it is sufficient to monitor fiat account activity, or whether they also need to monitor on-chain activity. The guidance identifies that the prospect of on-chain monitoring poses a challenge for banks, as it can be a limitless and often fruitless exercise if deployed without appropriate direction. 

The guidance helpfully states that when it comes to on-chain monitoring, the bank's approach should be driven by the single question of whether the issuer is operating within its own risk appetite, as agreed with the bank. For example:

• In some cases, the bank may deem it necessary to consider the history of on-chain transaction of the stablecoin prior to redemption.
• In some cases, the bank may be able to rely on the issuer's own on-chain monitoring processes.
• In other cases, for example for a regulated issuer that only mints to and burns for regulated direct clients in low risk jurisdictions, on-chain monitoring may only be necessary on an ad hoc basis. 

That said, the guidance recommends that banks should maintain in-house expertise on blockchain monitoring and that vendor solutions are not a substitute for the resource necessary to undertake appropriate oversight. 

Implications beyond financial crime teams

While this guidance is of most direct relevance to banks’ financial crime teams, it also has important implications for structuring teams. A key takeaway from this guidance is that the higher the issuer’s risk profile, the greater the work and cost will be for the bank in effectively monitoring it. That in turn will influence the economics of the arrangement and so should be considered at the early stages.