OCC Green-Lights Crypto Activities for Banks

In recent months, the federal Office of the Comptroller of the Currency (OCC) has signaled a more permissible regulatory stance towards national banks and federal savings associations (collectively, banks) engaging in crypto-asset activities. “I will continue to work diligently to ensure regulations are effective and not excessive, while maintaining a strong federal banking system,” said Acting Comptroller of the Currency Rodney E. Hood earlier this year. On March 7, the OCC began formalizing its shift away from its Biden-era approach to regulating banks’ crypto-asset activities with the issuance of Interpretive Letter 1183 . Through this interpretive letter, the OCC rescinded its supervisory non-objection process for banks seeking to engage in crypto-asset activities, thereby removing significant red tape around banks’ abilities to do so. This interpretive letter also reaffirmed the OCC’s prior guidance permitting banks to engage in a range of crypto-asset activities. The OCC followed up on this action in May with Interpretive Letter 1184 . In it, the OCC further confirmed that banks may engage in certain crypto-asset activities and addressed the roles third-party service providers—such as fintech companies—can play in those activities. The interpretive letter was generally supportive of third parties’ involvement in them. Key Takeaways: The OCC will no longer require banks to undergo a supervisory non-objection process (see definition below) before offering products and services relating to crypto assets to their customers. Banks regulated by the OCC can now offer crypto-asset products and services without needing to first demonstrate that they have adequate compliance processes in place. Removing this process significantly lowers the barriers to crypto-asset banking activities becoming more widespread. Supervisory expectations still apply, though. The OCC will likely still use supervisory exams to check whether banks have implemented strong controls to manage the risks associated with crypto-asset activities. The OCC also re-confirmed that banks can provide crypto-asset custody services, hold funds as reserves of stablecoins, and provide certain payments services relating to stablecoins, including acting as nodes for distributed ledgers in connection with verifying customers’ payments and facilitating payment transactions on a distributed ledger. Regarding crypto-asset custody services at least, the OCC has confirmed that banks may use third-party sub-custodians to provide custody services, subject to appropriate third-party risk management practices. Banks interested in offering crypto-asset products and services to customers should review the OCC’s existing guidance to identify compliance obligations and expectations. Expect the OCC’s guidance to evolve as crypto-asset activities mature and gain wider adoption in the banking industry. Because crypto-asset activities are still novel in the banking industry, banks may benefit from taking a proactive approach to identifying appropriate controls and processes for managing risks associated with crypto-asset products and services. What the Recent Interpretive Letters Do The OCC’s recent interpretive letters signal a shift away from the more cautious and restrictive approach taken by the agency under the Biden administration and the OCC’s confidence in banks’ abilities to manage risks associated with crypto-asset activities. They reaffirm that banks are permitted to engage in certain crypto-asset activities and expressly permit third-party service operators to provide crypto-asset custody services (to be “sub-custodians”). They also give banks a green light to explore crypto-asset opportunities as such opportunities may arise by eliminating the supervisory non-objection process first adopted in 2021. Previously, a bank’s ability to engage in crypto-asset activities was constrained by a supervisory non-objection process adopted in 2021 that required banks to obtain the OCC’s tacit approval before engaging in such activities. The OCC’s recent interpretive letters eliminated this supervisory non-objection process. What Crypto-Asset Activities Are Permitted? Interpretive Letter 1170 – Permits banks to provide crypto-asset custody services to customers in both fiduciary and non-fiduciary capacities as part of their traditional safekeeping and custody activities. Interpretive Letter 1172 – Allows banks to receive and hold deposits from stablecoin issuers, including reserves for stablecoins associated with hosted wallets. Interpretive Letter 1174 – Authorizes banks to engage in certain payment-related activities involving stablecoins, including acting as nodes for an independent node verification network (i.e. , a distributed ledger) in connection with verifying customers’ payments and facilitating payment transactions on a distributed ledger. In its recent interpretive letters, the OCC reaffirmed that these crypto-asset activities are still permissible banking activities. The OCC also expressly confirmed that banks may use third-party, which indicates that the OCC might also be supportive of third-party service providers participating in banks’ other crypto-asset activities as well. What Was the OCC’s Supervisory Non-Objection Process? Under the now-rescinded Interpretive Letter 1179, banks seeking to engage in crypto-asset activities were required to notify their OCC supervisory office and obtain a written non-objection before proceeding. Non-objection letters would be issued only if the bank could demonstrate, to the supervisory office’s satisfaction, that it had adequate risk management processes in place to identify, measure, monitor, and control potential risks associated with its planned crypto-asset activities. Additionally, banks had to show a clear understanding of the laws applicable to its planned crypto-asset activities, such as federal securities laws, anti-money laundering laws, and consumer protection laws. Eliminating this supervisory non-objection process removes a significant regulatory barrier to banks’ abilities to engage in crypto-asset activities. However, its removal does not absolve banks of their responsibility to effectively manage the risks associated with these activities. Crypto-Asset Risk Management Going Forward Moving forward, these activities will be reviewed by the OCC as part of its regular supervisory process. That means banks engaging in crypto-asset activities must still ensure that such activities are carried out in a safe, sound, and fair manner and in compliance with applicable law. If a third-party service provider—such as a fintech company—will be involved in them, banks will be expected to implement appropriate third-party risk management practices as well. By eliminating the supervisory non-objection barrier, the OCC has placed greater responsibility on banks to implement the appropriate comprehensive risk management frameworks. They may find it easier to integrate crypto-related products and services into their offerings as a result. Still, the OCC will likely expect banks to implement strong controls to manage the risks associated with these activities consistent with those outlined in the OCC’s previous interpretive letters and guidance. For example: Crypto-Asset Custody Services – The OCC has stated that strong security controls are needed to avoid mismanagement of cryptographic keys, which can lead to irretrievable losses. The OCC recommends dual controls, segregation of duties, and secure storage solutions (e.g., cold wallets) to prevent unauthorized access, along with robust audit procedures for effective cryptographic key management. Holding Stablecoin Reserves – The OCC has highlighted liquidity risks and compliance with applicable capital and liquidity regulations as primary areas of concern, particularly if reserve balances do not align with outstanding stablecoins. Accordingly, if they are holding stablecoin reserves, banks should maintain daily reserve verification requirements that ensure a 1:1 backing of the stablecoin by fiat, and they should also establish contractual restrictions with stablecoin issuers to ensure redemption obligations do not exceed available reserves. Stablecoin Payments Activities – The OCC expects banks to address the anti-money laundering, cybersecurity, fraud, and consumer protection risks associated with payments-related crypto-asset activities by developing sufficient technological expertise to manage the complexity of blockchain transactions safely and in compliance with applicable laws, particularly given the potentially pseudo-anonymous nature of such transactions. Banks engaging in crypto-asset activities should align with these expectations. However, crypto-asset activities remain relatively novel in comparison to traditional banking activities, and the compliance questions they raise may not yet be fully understood. The OCC’s safety and soundness expectations may evolve and new legislation may alter applicable laws. Staying up to date on the regulatory landscape surrounding crypto-asset activities is likely key for banks’ engaged in them. Banks engaged in crypto-asset activities may be able to stay ahead of new regulatory developments by taking a proactive approach to managing these risks, such as by developing robust governance frameworks to prevent regulatory gaps and engaging with regulators and industry to inform supervisory expectations.

Source: CoinDesk