The Development of a Bank Regulatory Framework for Fintech and Digital Assets: Reviewing U.S. Prudential Regulators’ Recent Digital Asset ActionsJanuary 28, 2022
As we note in our companion memorandum,1 the Office of the Comptroller of the Currency (“OCC”) continues along its cautious course of allowing fintech and digital asset firms into the so-called “regulatory perimeter.” The most recent action along this course is the approval of a full, deposit-taking charter for a fintech lender.2 The charter approval last week has prompted us to review some of the recent actions by federal prudential regulators related to fintech and digital asset issues. In this memorandum we focus primarily on digital assets, while our companion memo looks more closely at fintech issues.
II. The Crypto Roadmap & OCC Interpretive Letter 1179
A. The Prudential Regulators’ Crypto Roadmap3
On November 23, 2021, the Board of Governors of the Federal Reserve System (“FRB”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”, and together with the FRB and FDIC, the “Banking Agencies”) issued a joint statement that (i) addressed interagency efforts with respect to the Banking Agencies’ “crypto sprint” initiative, and (ii) established a roadmap for prudential regulation of digital assets.4 Recognizing that prudentially regulated financial institutions are increasingly seeking to engage in digital asset-related activities,5 the Interagency Crypto Roadmap detailed that the Banking Agencies had conducted a number of interagency “policy sprints” involving a “preliminary analysis on various issues regarding crypto-assets.”6 The focus of the sprints included:
- the development of a universal vocabulary regarding banking organizations’ use of crypto-assets;7
- the identification and evaluation of key safety and soundness, consumer protection, and compliance risks’ associated with banking organizations’ use of crypto-assets;
- consideration of the “legal permissibility” of potential crypto-asset activities conducted by banking organizations;
- analysis of the application of existing banking regulations and guidance to banking organization crypto activities; and
- identification of areas of banking regulation that might benefit from further clarity from the Banking Agencies with respect to crypto-asset activities.
While the Interagency Crypto Roadmap did not provide significant detail on the substance of the interagency discussions that occurred during the crypto sprint, the joint statement did identify a number of crypto-asset activities banking organizations might engage in that the Banking Agencies’ staff reviewed and evaluated, including: (i) custody of crypto-assets; (ii) facilitation of crypto-asset transactions; (iii) crypto-asset collateralized loans; (iv) payment services and mechanisms involving crypto-assets (such as stablecoins); and (v) all other “[a]ctivities that may result in the holding of crypto-assets on a banking organization’s balance sheet.”8
The Interagency Crypto Roadmap stated that based on the Banking Agencies’ review, the agencies identified “a number of areas where additional public clarity is warranted.” Thus, throughout this year the Banking Agencies “plan to provide greater clarity” on the legal permissibility and expectations for safety and soundness, consumer protection, and compliance with existing banking laws and regulations related to the following crypto activities:
- Crypto-asset safekeeping and traditional custody services;
- Ancillary crypto-asset custody services;9
- Facilitation of crypto-asset transactions;
- Crypto-asset collateralized loans;
- Issuance and distribution of stablecoins; and
- Activities involving holding of crypto-assets on balance sheet.10
The Interagency Crypto Roadmap also indicated that the Banking Agencies will review and analyze the application of bank capital and liquidity standards to crypto-asset activities with respect to U.S. banking organizations, and will “continue to engage with the Basel Committee on Banking Supervision on its consultative process in this area.” Moreover, in terms of agency collaboration, the Interagency Crypto Roadmap also notes that the Banking Agencies will (i) continue to monitor the crypto-asset space and potentially address other issues that arise as the market for digital assets develops, and (ii) “continue to engage and collaborate with other relevant authorities [e.g., the Financial Stability Oversight Council, Securities and Exchange Commission, and the Commodity Futures Trading Commission], as appropriate, on issues arising from activities involving crypto-assets.”
B. OCC Interpretive Letter 1179
i. Regulatory Clarification Regarding Banks’ Cryptocurrency Activities
Concurrent with the Banking Agencies’ release of the Interagency Crypto Roadmap, the OCC published interpretive guidance clarifying the authority of (i) banks to engage in certain cryptocurrency activities, and (ii) the OCC to charter national trust banks.11 Through Interpretive Letter 1179 the OCC confirmed that the cryptocurrency, distributed ledger, and stablecoin activities described in OCC Interpretive Letters 1170,12 1172,13 and 117414 remain legally permissible for a bank to engage in, “provided the bank can demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner.”15 Specifically, Interpretive Letter 1179 details the process by which banks seeking to engage in the crypto-related activities addressed in the interpretive letters must undertake before they can engage in any such activities. Interpretive Letter 1179 states that before a bank engages in any of the crypto-related activities addressed in Interpretive Letters 1170, 1172, and 1174, it must (i) notify its supervisory office, in writing, of its intention to engage in such activities, and (ii) receive written notification of the supervisory office’s non-objection.16 Interpretive Letter 1179 also states that the determination of whether to grant supervisory non-objection will be based on a supervisory office’s evaluation of the “adequacy of the bank’s risk management systems and controls, and risk measurement systems, to enable the bank to engage in the proposed activities in a safe and sound manner.”17 The letter clarifies that banks currently engaged in cryptocurrency, distributed ledger, and/or stablecoin activities as of the date of the letter’s publication do not need to obtain supervisory non-objection.18
Under the guidance set out in Interpretive Letter 1179, in order to obtain a supervisory non-objection, a national bank should demonstrate that it has established an “appropriate risk management and measurement process for the proposed activities, including having adequate systems in place to identify, measure, monitor, and control the risks of its activities, including the ability to do so on an ongoing basis.”19 The OCC offers a non-exhaustive list of the risks a bank might specifically address in the supervisory non-objection process including: (i) operational risk (such as the risks related to novel and evolving technologies; the risk of hacking, fraud, and theft; and third-party management risk); (ii) liquidity risk; (iii) strategic risk; and (iv) compliance risk (including, but not limited to, compliance with the Bank Secrecy Act, applicable anti-money laundering and sanctions requirements, and consumer protection laws).20
In addition to a supervisory office’s evaluation of the adequacy of a bank’s risk measurement and management information systems and controls with respect to the bank’s proposed crypto-related activities, a supervisory office will also evaluate (i) “any other supervisory considerations relevant to the particular proposal,” consulting with agency subject matter experts or the OCC Chief Counsel’s office, as appropriate, and (ii) whether a bank has illustrated that it “understands and will comply with laws that apply to the proposed activities.”21 A bank must also demonstrate, in writing, its understanding of any compliance obligations “related to the specific activities the bank intends to conduct, including, but not limited to, any applicable requirements under the federal securities law, the Bank Secrecy Act, anti-money laundering, the Commodity Exchange Act, and consumer protection laws.”22 Thus, a bank seeking to engage in the crypto-related activities addressed in Interpretive Letters 1170, 1172, and 1174 must address all applicable laws, and make sure that its proposed activities and compliance management system will be sufficient to ensure compliance.23
ii. Clarification on OCC Standards for Chartering National Trust Banks
Interpretive Letter 1179 also addressed whether the OCC has the authority under the National Bank Act to charter, or approve the conversion to, a national bank that limits its operations to those of a trust company and related activities, including in relation to both the fiduciary and non-fiduciary activities of a trust bank.24 Interpretive Letter 1179 reiterated the OCC’s clarification in Interpretive Letter 1176 that: (i) the OCC does, in fact, have the authority to charter a national bank that operates only as a trust company; (ii) the requirements of 12 C.F.R. Part 9 continue to apply to the current activities of national banks that have already been granted fiduciary powers; and (iii) that national banks conduct non-fiduciary activities that are not subject to 12 C.F.R. Part 9 “have not, and will not, become subject to 12 C.F.R. Part 9 because of [Interpretive Letter 1176].”25 In short, Interpretive Letter 1179 clarifies that Interpretive Letter 1176 did not expand the OCC’s chartering authority or change a bank’s existing obligations under the OCC’s fiduciary activities regulations. Interpretive Letter 1179 also clarified that the “OCC retains discretion to determine if an applicant’s activities that are considered trust or fiduciary activities under state law are considered trust or fiduciary activities for purposes of applicable federal law.”26
While the OCC’s clarification in Interpretive Letter 1179 as to its chartering authority under the National Bank Act does not specifically relate to banks’ involvement in crypto-related activities, as we note below, it is relevant for the purposes of firms engaging in crypto-related activities applying for a national bank charter.27
Additional clarity from the regulators on modernizing existing charters, and reviewing the risks and opportunities related to digital assets is generally welcome. As we have noted elsewhere,28 2022 will see more clarity coming from the federal banking agencies. As the crypto-asset sector continues to grow very quickly, the regulators will face more and more pressure to bring clarity on what is permissible and what is not for banking organizations.
1 See Daniel Meade, Scott Cammarn, and Sebastian Souchet, The Development of a Bank Regulatory Framework for Fintech and Digital Assets: OCC’s Approval of Full Charter for a Fintech Company Continues the Movement of Fintech within the U.S. Bank Regulatory Perimeter (Jan. 28, 2022).
2 See News Release 2022-4, Office of the Comptroller of the Currency, OCC Conditionally Approves SoFi Bank, National Association (Jan. 18, 2022); Letter of Conditional Approval, Office of the Comptroller of the Currency, Conditional Approval to Charter SoFi Interim Bank, National Association, Cottonwood Heights, Utah and for SoFi Interim Bank, National Association to Merge With and Into Golden Pacific Bank, National Association, Sacramento, California and Engage in a Change in Asset Composition (Jan. 18, 2022)
3 This memorandum uses interchangeably the following terms: “crypto,” “crypto asset,” “cryptocurrency,” and “digital asset.”
5 See, e.g., Ephrat Livni and Eric Lipton, Crypto Banking and Decentralized Finance, Explained, N.Y. Times (Sept. 5, 2021) (last updated Nov. 1, 2021).
6 Interagency Crypto Roadmap at p. 1.
7 The Interagency Crypto Roadmap uses the term “crypto-asset” to refer to “any digital asset implemented using cryptographic techniques.” Interagency Crypto Roadmap at 1.
8 Interagency Crypto Roadmap, pp. 1-2.
9 The Interagency Crypto Roadmap distinguishes “traditional custody services” from “ancillary custody services” by defining the former to include “facilitating the customer’s exchange of crypto-assets and fiat currency, transaction settlement, trade execution, recordkeeping, valuation, tax services, and reporting”; the latter is considered by the statement to “potentially include staking, facilitating crypto-asset lending, and distributed ledger technology governance services.” Interagency Crypto Roadmap, fns. 3 & 4.
10 Interagency Crypto Roadmap, p. 2.
12 Office of the Comptroller of the Currency, Interpretive Letter #1170 (July 22, 2020). As noted in OCC Interpretive Letter 1179, Interpretive Letter 1170 concluded that “banks may provide certain cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency.” Interpretive Letter 1179 at p. 2. Additionally, footnote 39 of Interpretive Letter 1170 states the following: “The services that national banks may provide in relation to cryptocurrency they are custodying may include services such as facilitating [a] customer’s cryptocurrency and fiat currency exchange transactions, transaction settlement, trade execution, recording keeping, valuation, tax services, reporting, or other appropriate services. A bank acting as custodian may engage a sub-custodian for cryptocurrency it holds on behalf of customers and should develop processes to ensure that the sub-custodian’s operations have proper internal controls to protect the customer’s cryptocurrency.” Interpretive Letter 1170, at n. 39, p. 8.
13 Office of the Comptroller of the Currency, Interpretive Letter #1172 (Sept. 21, 2020). Interpretive Letter 1172 recognized that a stablecoin issuer may seek to utilize reserve accounts at a bank to “provide assurance that the issuer has sufficient assets backing the stablecoin in certain situations.” Interpretive Letter 1172, p. 1. Interpretive Letter 1172 concluded that, subject to certain conditions, national banks may hold such stablecoin reserves as a service to bank customers. Specifically, national banks may hold “deposits that serve as reserves for stablecoins that are backed on a 1:1 basis by a single fiat currency and held in hosted wallets.” Interpretive Letter 1179, p. 2.
15 Interpretive Letter 1179, p. 1.
16 The “supervisory office” was often referred to as the “examiner-in-charge” in previous OCC interpretive letters. See, e.g., Office of the Comptroller of the Currency, Interpretive Letter #1160 (Aug. 22, 2018). This change in terminology appears alongside what can reasonably be interpreted as a shift in how the OCC understands the supervisory non-objection process and the distinction between an activity’s legal permissibility and that activity’s safety and soundness. Interpretive Letter 1179 indicates that a national bank seeking to engage in certain crypto-related activities must receive prior-approval from its supervisory office, and that the bank will be subject to safety and soundness review by the supervisory office before the bank engages in any such activities. However, the OCC has previously taken the view that, for certain bank activities, prior-notice to a supervisory office (or examiner-in-charge)—and not prior-approval—is sufficient. This is evidenced not only by the supervisory non-objection process set out in OCC Interpretive Letter 1160, but also by the OCC’s December 2020 final rule related to certain derivatives and other activities and operations of national banks. See Activities and Operations of National Banks and Federal Savings Associations, 85 Fed. Reg. 83686, 83709 (Dec. 22, 2020) (“The OCC expects the notice requirement in the final rule to enhance prudential supervision of national bank derivatives activities by ensuring that banks evaluate the risks of the activities both at inception and on an ongoing basis. In addition, the OCC expects that incorporating notice as a regulatory requirement will ensure consistency in notice practices across OCC-supervised institutions … The notice requirement does not impose a prior approval requirement. Rather, the notice is designed to make OCC supervisors aware of a national bank’s derivatives activities so that such activities can be appropriately scoped into OCC’s ongoing supervision and oversight of the bank’s safety and soundness. In addition, having awareness of a bank’s derivatives activities will enable the OCC to raise questions as to whether the derivatives activity can be conducted in a safe and sound manner, or whether the derivatives activity is within the scope of those legally authorized for a national bank, before the bank activities commence or at any time, as is the case with any other permissible bank activities” (emphasis added).). Thus, it appears that the OCC is shifting to a prior-approval standard with respect to certain new banking activities.
17 Interpretive Letter 1179, pp. 1-2.
18 Interpretive Letter 1179, fn. 3 at p. 2. Footnote 3 of Interpretive Letter 1179 indicates that the OCC still “expects that a bank that has commenced such activity will have provided notice to its supervisory office,” and that the OCC “will examine these activities as part of its ongoing supervisory process.” Furthermore, footnote 3 states that banks engaged in such crypto-related activities “should have systems and controls in place consistent with those described in [Interpretive Letter 1179] to ensure that all activities are conducted in a safe and sound manner and consistent with all applicable law.”
19 Interpretive Letter 1179, p. 4.
20 Id. The OCC makes clear that a bank’s addressing of the risks associated with cryptocurrency activities under Interpretive Letter 1179 is “in addition to, and does not replace” the conditions, processes and controls detailed in Interpretive Letters 1170, 1172, and 1174. Id. (emphasis added).
22 We note that, given the continuing uncertainty among federal regulators with respect to how to regulate digital assets and various digital asset-related activities, the requirement under Interpretive Letter 1179 for a bank to illustrate that it “understands and will comply with” laws that apply to its proposed digital asset-related activities may be difficult to satisfy. For example, Interpretive Letter 1179 identifies that certain stablecoins may be regulated in the U.S. as securities, and that a bank’s issuance of a stablecoin that is a security would have to comply with all applicable securities laws and regulations. As of the date of this memorandum, the Securities and Exchange Commission has not provided concrete regulatory guidance or established specific regulations with respect to either digital assets overall, or stablecoins specifically. Furthermore, Interpretive Letter 1179 does not appear to provide any guidance for banks with respect to what might be considered safe and sound conduct regarding digital asset activities that are subject to regulatory uncertainty.
23 Interpretive Letter 1179, p. 4.
24 See Interpretive Letter 1179, p. 5.
26 Interpretive Letter 1179, p. 5.
27 See, e.g., News Release 2021-6, Office of the Comptroller of the Currency, OCC Conditionally Approves Conversion of Anchorage Digital Bank (Jan. 13 2021); see also Letter of Conditional Approval, Office of the Comptroller of the Currency, Application by Anchorage Trust Company, Sioux Falls, South Dakota to Convert to a National Trust Bank; Application for Residency Waiver (Jan. 13, 2021).