Skinny‑счета ФРС: глобальный эффект и уроки регуляторам

Fed "Skinny" Accounts: A Practical Guide to Accessing the U.S. Payment System

Introduction

This article serves as a practical guide for C-level executives and Compliance Directors at fintech and crypto companies considering direct access to the U.S. Federal Reserve (Fed) payment system. The goal is to provide a structured action plan, estimate the necessary resources, and analyze the risks involved in obtaining a so-called "skinny" account.

The analysis focuses on U.S. Federal Reserve requirements and is intended for organizations with sufficient resources to build an institutional-grade compliance infrastructure. We will examine the legal, technical, and operational aspects of preparation and provide specific templates for internal planning.

Key Findings

Strategic Opportunity: "Skinny" accounts (segregated balance accounts) are a Fed-proposed model for limited access to payment systems (Fedwire, ACH) for non-bank entities. This reduces dependence on intermediary banks and mitigates debanking risks.
High Standards: Access is granted in exchange for implementing institutional-grade compliance infrastructure comparable to that of a bank (AML/CFT, cybersecurity, corporate governance).
Significant Resources: Preparation requires substantial investment. According to the author's assessment, annual operating expenses can range from $250,000 to over $1 million for software, audits, and personnel (3–10+ FTEs).
Long-term Horizon: The concept is currently in the discussion stage. The formal rulemaking process could take 3 to 5 years and will face opposition from the banking lobby. Proactive preparation should begin now.

1. Concept and Legal Framework

Traditionally, access to Fed payment systems is restricted to depository institutions holding a Master Account. Fintech companies are forced to operate through correspondent banking, which creates operational risks and costs.

The concept of "skinny" accounts, voiced by Fed Governor Christopher Waller in his speech on February 17, 2023, proposes a third way—"segregated balance accounts" with the following characteristics:

Settlement Only: Intended solely for processing payments and settlements.
No Interest or Credit: Funds in these accounts do not earn interest, and access to the Fed's discount window is prohibited.

Legal Framework and Regulatory Barriers

The Fed's authority to provide accounts is governed by the Federal Reserve Act. However, there is significant legal debate regarding the legality of providing such accounts to non-bank entities.

Arguments "For": Proponents point to the broad language of the Federal Reserve Act, which potentially allows for payment services to maintain the stability and efficiency of the financial system.
Arguments "Against": Opponents, including the banking lobby, argue that this violates the spirit of the National Bank Act by blurring the line between banks and commercial companies, potentially creating risks to financial stability.

Beyond the Fed, other regulators play key roles: the OCC (Office of the Comptroller of the Currency), which oversees national banks, and FinCEN (Financial Crimes Enforcement Network), which sets AML/CFT standards. Any applicant must meet strict FinCEN requirements. Additionally, the company's activities will likely fall under state Money Transmitter Licenses (MTL) laws.

Impact of Crypto Incidents

The political risk for the "skinny" account initiative has increased significantly following high-profile incidents in the crypto industry. The collapse of the Terra/LUNA ecosystem and the bankruptcy of the FTX exchange amplified regulatory concerns regarding systemic risks associated with digital assets. These events serve as ammunition for opponents of "skinny" accounts to argue for a more conservative approach and restricted access to central financial infrastructure.

2. Current Status and Implementation Procedure

Currently, "skinny" accounts remain a concept. Their implementation will require a formal rulemaking procedure in accordance with the Administrative Procedure Act (APA).

Estimated Rulemaking Stages:

Notice of Proposed Rulemaking (NPRM): The Fed publishes a draft in the Federal Register.
Public Consultation Period (60–90 days): Gathering comments from market participants.
Analysis and Revision: The Fed reviews the feedback.
Publication of the Final Rule: The approved document with an effective date.

The entire process may take several years. The Fed's published guidelines for evaluating account requests (August 2022) serve as the foundation for future criteria. Applications are submitted to the regional Federal Reserve Bank where the company is registered. Review timelines could range from 6 to 18 months after the final rules are published.

3. Step-by-Step Preparation Plan

Step 1. Building Compliance and Technical Infrastructure

1.1. Technology Stack and Integration Architecture:

KYC/KYB: Integration with identity and business verification providers to automate onboarding.
Blockchain Analytics: Implementation of API solutions from providers (e.g., Chainalysis, Elliptic, TRM Labs) for automated transaction analysis and risk assessment.
Sanctions Screening: Real-time automated cross-referencing of counterparties against OFAC, EU, UN, and other lists.
Transactional Telemetry: Real-time collection and analysis of transaction data (source, destination, volume, velocity, behavioral patterns).
Logging and Data Retention: Maintaining an immutable log of all compliance decisions and transaction data for at least 5 years, per Bank Secrecy Act requirements.
Testing and Monitoring: Regular penetration testing, vulnerability scanning, and 24/7 system health monitoring.

1.2. Internal Procedures and SLAs (Service Level Agreements):

Risk Score Policy: Documenting threshold values.
Recommendation (Author's Assessment): Transactions with a risk score above 75/100 are automatically blocked for manual review. This threshold is a common industry practice to balance automation and control.
Review SLAs: Establish internal SLAs.
Recommendation (Author's Assessment): No more than 4 hours for manual analysis of a high-risk transaction. This ensures a balance between thoroughness and service speed.
API SLAs: Ensure high availability (not less than 99.95%) and low latency for all external and internal APIs.

Step 2. Preparation Roadmap

Phase 1 (0–6 months): Internal Audit and Planning.
- Conduct a gap analysis of current AML/CFT procedures (see Appendix B).
- Establish a compliance budget (see Section 4).
- Hire a Head of Compliance with experience in regulated financial institutions.
Phase 2 (6–18 months): Infrastructure Building.
- Implement and configure blockchain analytics and sanctions screening software.
- Develop and approve all necessary policies (AML, Cybersecurity, BCP/DRP).
- Complete a SOC 2 Type II audit and/or obtain ISO 27001 certification.
Phase 3 (Post-Final Rule): Application Preparation and Submission.
- Conduct an independent audit of the AML program.
- Assemble the document package for submission to the regional Fed bank.

For large institutional players (e.g., stablecoin issuers), timelines may be compressed through parallel task execution and greater resource allocation.

Step 3. Regulatory Interaction and Data Protection

3.1. Communication with the Fed:

Responsible Party: Communication with the regional Fed bank should be led by the Chief Compliance Officer (CCO) or Head of Legal, supported by the CEO.
Preliminary Consultations: It is advisable to initiate preliminary consultations after the NPRM is published.
Example Consultation Questions:
- "What are the bank's expectations for the level of detail in the AML/CFT policy?"
- "Which operational resilience metrics and BCP/DRP plans do you consider critical?"
- "Are there preferences for the data format regarding ownership structure and UBOs?"

3.2. Personal Data Protection:

If the company serves clients outside the U.S., it must ensure compliance with international regulations.

GDPR (for EU clients): Requires legal grounds for data processing, the appointment of a Data Protection Officer (DPO) in certain cases, and respect for data subject rights.
PDPA and other laws: Similar data protection laws apply in Singapore, Brazil, and other jurisdictions.
Company policies must account for cross-border data transfer requirements and ensure adequate protection.

4. Resource Estimation and Budget

Preparation requires significant capital (CapEx) and operational (OpEx) expenditures.

Category	CapEx (One-time)	OpEx (Annual)
Software & Integration	$50,000 – $200,000	$100,000 – $500,000+
Personnel (FTE)	—	$450,000 – $1,500,000+ (3–10+ FTEs)
Audits & Certification	$70,000 – $200,000 (SOC 2, ISO, AML)	$50,000 – $150,000 (maintenance audits)
Legal Services	$50,000 – $150,000	$30,000 – $100,000
Insurance	—	$50,000 – $200,000 (D&O, Cyber)

Estimated Budget and Resources by Company Size (Author's Assessment):

Metric	Small Company	Medium Company	Large Company
Personnel (FTE)	2–4	5–8	10+
Annual OpEx	$400,000 – $800,000	$800,000 – $2,000,000	$2,000,000+
Expected Capital	$10–20M	$20–50M	$50M+

Note: Budget and capital estimates are based on the author's analysis of market data and requirements for similar financial licenses (e.g., NY State Trust Charter).

5. Application Document Checklist

Primary Documents:

AML/CFT/Sanctions Policy: A detailed, implemented policy is the core document.
Independent AML Program Audit Report: Confirmation of control effectiveness.
Cybersecurity Audit Reports: SOC 2 Type II or ISO 27001 certificate.
Financial Statements (Last 3 Years): Audited.
Proof of Capital and Source of Funds/Wealth.
Business Plan: Including transaction volume projections, risk assessment, and financial model.

Secondary Documents:

Legal Documents: Articles of Incorporation, ownership structure disclosing all Ultimate Beneficial Owners (UBO).
Operational Documents: Description of the technology stack, Business Continuity, and Disaster Recovery Plans (BCP/DRP).
Biographical Sketches of Key Executives and Board Members (Fed form).
Insurance Policies (D&O, Cyber Insurance).

6. Risk Analysis and Scenarios

Risk Category	Description	Probability	Potential Impact
Legal/Regulatory	Rulemaking process blocked or delayed indefinitely due to bank lobbying or political changes.	High	High (Company strategy becomes unviable)
Legal/Regulatory	Final admission criteria are significantly stricter than expected (e.g., capital requirements > $100M).	Medium	High (Resources spent on prep do not pay off)
Operational	Failure to meet stated SLAs and compliance standards after gaining access.	Medium	Medium (Regulatory fines, account revocation)
Reputational	Public rejection of account application after submission.	Low (with proper prep)	High (Negative signal to investors/partners)

Scenario Analysis:

Optimistic (Probability: Low): Fed approves rules within 2–3 years. Access opens to a wide range of prepared companies.
Reasoning: Unlikely due to process complexity and political resistance.

Base Case (Probability: High): Process drags on for 3–5 years. Access provided in a pilot mode to 5–10 largest players with impeccable reputations.
Reasoning: Aligns with historical Fed implementation speeds for similar initiatives.

Pessimistic (Probability: Medium): Concept rejected due to financial stability risks. Regulatory pressure on the sector intensifies.
Reasoning: Possible in the event of new major crypto industry incidents.

7. Methodology and Limitations

This analysis is based on public statements from Fed officials, existing regulatory documents (2022 account access guidelines), industry compliance standards, and author expertise.

Limitations:

Prognostic Nature: In the absence of a final rule, all numerical parameters (capital, budgets, FTEs) are estimates and subject to change.
Lack of Precedent: Since no non-bank crypto company has yet received such an account, the analysis cannot rely on practical case studies.
Not Legal Advice: This material is for informational purposes only and should not be considered legal or investment advice.

8. Conclusion and 90-Day Action Plan

The "skinny" account concept is a strategic signal from the regulator: access to U.S. financial infrastructure for innovative companies is possible, but the price is transformation into an institution with bank-grade compliance, transparency, and operational resilience. The path to obtaining an account is long and resource-intensive, but for companies aiming for a central role in the future financial system, preparation must start today.

Action Plan for the Next 90 Days:

Conduct an Internal Audit: Use the checklist in Appendix B to assess your current compliance, corporate governance, and cybersecurity status. Identify key gaps.
Develop a Preliminary Budget: Based on estimates in Section 4, create a budget draft for the first 2 years of preparation (CapEx and OpEx). Present it to the board.
Define Team and Responsibilities: Appoint a C-level project lead (e.g., COO or CCO) and begin recruiting a key hire—a Compliance Director with traditional finance experience.

Appendix A: One-Page Roadmap (Template)

Phase	Timeline (Estimated)	Key Tasks	Responsible Parties (Example)
1. Audit & Planning	0–6 Months	Gap analysis, budgeting, hiring Head of Compliance	CEO, CFO
2. Infrastructure	6–18 Months	Software implementation, policy development, SOC 2 audit	CCO, CTO
3. Submission Prep	18+ Months	Independent AML audit, document package prep, Fed consultations	CCO, Legal

Appendix B: Internal Audit Checklist (Gap Analysis)

Check Area	Fed Requirement (Expected)	Current Status (Yes/No/Partial)	Required Actions
Corporate Governance	Independent directors and audit/risk committees in place.
Corporate Governance	Transparent ownership structure with UBO disclosure.
AML/CFT	Approved and implemented AML/CFT policy.
AML/CFT	Integrated software for transaction monitoring and screening.
AML/CFT	Regular independent AML program audit procedure.
Cybersecurity	SOC 2 Type II or ISO 27001 certificate.
Cybersecurity	Regular penetration testing and vulnerability scanning.
Operational Resilience	Approved and tested BCP/DRP plan.
Operational Resilience	Sufficient capital to cover operational risks.

Sources and Useful Links:

Waller, C. J. (2023, February 17). Speech on the Economic Outlook. Federal Reserve.
Link
Federal Reserve System. (2022, August 15). Final Guidelines for Evaluating Account and Services Requests.
Link
U.S. Government Publishing Office. Federal Register. (Official portal for tracking NPRMs).
Link
U.S. Department of the Treasury. OFAC Sanctions Lists.
Link
Chainalysis, Elliptic, TRM Labs — Leading blockchain analytics software providers.

The Global Impact of Fed ‘Skinny’ Accounts: A Strategy for Regulators