Regulatory Note — Cryptocurrency, Stablecoins, and Distributed Ledgers: OCC Prior Notice Procedure
On November 23, in a release to the public of Interpretive Letter 1179 (Nov. 18, 2021) (the “Letter”), the OCC announced a prior notice procedure for national banks and federal savings associations (collectively, “banks”) planning to conduct certain cryptocurrency-related activities. In a separate portion of the Letter, the OCC discusses its authority to charter national trust banks.
In three earlier interpretive letters, the OCC approved several activities: providing cryptocurrency custody services (Interpretive Letter 1170), holding dollar deposits as reserves backing certain stablecoins (Interpretive Letter 1172), and acting as nodes on an independent node verification network (that is, a distributed ledger) and engaging in certain stablecoin activities to facilitate payment transactions on a distributed ledger (Interpretive Letter 1174).
While the Letter does not change the determinations in those letters, it “clarifies” that the approved activities are permissible “provided the bank can demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner.” Put another way, a proposed activity is not part of the ‘business of banking’ – and therefore is not a permissible activity – if the bank is unable to conduct the activity prudently.
To implement the safety and soundness proviso, the Letter states that a bank “should” notify its supervisory office in writing of its intention to engage in any of the approved cryptocurrency-related activities and receive a non-objection before beginning the activity. [1] The procedure is not a formal or enforceable requirement since the procedure was not the subject of notice-and-comment rulemaking. However, the procedure provides some assurance to a bank that the OCC will not, at least at the outset, challenge the activity on prudential grounds.
The written notice to the supervisory office should include these items:
Identification and discussion of the risks associated with the activity, including operational risk, liquidity risk, strategic risk, and compliance risk. Operational risk encompasses the risks related to new, emerging technologies, the risk of hacking, fraud, theft, and the use of third-party service providers.
A demonstration that the bank has established an appropriate management and measurement process for the proposed activity. [2]
In addressing compliance, a demonstration that the bank understands its obligations related to the specific activities, including applicable requirements under the federal securities laws, the Bank Secrecy Act, anti-money laundering, the Commodity Exchange Act, and consumer protection laws.
In reviewing the notice and issuing a non-objection, the OCC will consider the following factors:
The adequacy of the bank’s risk measurement and management information systems and controls to enable the bank to operate the business safely and soundly.
Other supervisory considerations relevant to the particular proposal. These considerations may require the supervisory office to consult with experts in the Washington office. This factor also may encompass any perceived weaknesses at the bank. Supervisory concerns about the bank’s ability to manage risk, even if unrelated to cryptocurrency, would inject complexity and uncertainty into the review process.
The bank’s demonstration that it understands and will comply with the laws that apply to the proposed activities.
* * *
The Letter also addresses Interpretive Letter 1176, released in January 2021, which discussed the OCC’s authority under 12 U.S.C. § 27(a) to charter (or approve a conversion to) a national bank with operations limited to those of a trust company and related activities. The Letter clarifies that letter in two respects. First, the earlier letter did not expand or otherwise change the obligations of a national bank under the OCC’s fiduciary activities regulation. Second, the OCC retains discretion in determining whether an activity is conducted in a fiduciary capacity for purposes of federal law; the scope of permissible fiduciary activities is not determined solely by applicable state law.
[1] As the OCC approves other cryptocurrency-related activities for banks, the agency presumably will expect the banks involved to follow the notice process.
[2] The risk management principles set forth in the Letter are consistent with those described in OCC Bulletin 2017-43, “New, Modified, or Expanded Bank Products and Services: Risk Management Principles” (Oct. 20, 2017), but that bulletin does not contain any prior notice procedure.