Regulatory Note — Crypto Activities – Federal Reserve Policy Statement
On January 27, 2023, the Federal Reserve Board issued a policy statement (the “Policy Statement”) that effectively requires Fed approval before a state member bank engages in any crypto-asset-related activity. The Statement builds on a joint statement issued on January 3 by the Fed, the OCC, and the FDIC (the “Joint Statement”). In companion actions the same day, the Fed made public its denial of the application of Custodia Bank, Inc., for Federal Reserve System membership, and the Federal Reserve Bank of Kansas City denied Custodia’s application for a master account.
The Policy Statement is intended to promote a “level playing field” for “all banks with a federal supervisor,” but the standards set forth necessarily apply only to insured and uninsured state member banks. These banks are now explicitly subject to one set of limits on crypto- related and other novel activities. The Policy Statement appears largely but not fully to supplant SR 22-6. Going forward, an application typically will be necessary and must satisfy both legal and prudential requirements. A state member bank now operating a crypto business should already be discussing the permissibility of this business with the Fed pursuant to SR 22-6.
Legal. On the legal side, the Fed relies on its authority under section 9(13) of the Federal Reserve Act to limit the activities of State member banks and their subsidiaries in a manner consistent with 12 U.S.C. § 1831a. Section 1831a and its implementing regulations require a state bank to apply to the FDIC for permission to engage in activities not permissible for a national bank. The Policy Statement establishes a rebuttable presumption of permissibility:
Presumption. The Fed presumes that a state member bank may engage only in those activities that are legally permissible either (i) for national banks, (ii) by federal statute, or (iii) under 12 C.F.R. part 362. State member banks may not be able to invoke any of these grounds for many crypto activities. The OCC has so far permitted national banks to engage only in a handful of such activities. If a bank relies on national bank permissibility, it must adhere to all the OCC conditions on the business. Additionally, no federal statute appears to authorize crypto activities by state member banks. Finally, the FDIC has not yet spoken specifically to the permissibility of any crypto activity although some state nonmember banks now conduct such activities.
Rebutting the presumption. A proposed rebuttal would take the form of an application under Regulation H, 12 C.F.R. § 208.3(d)(2), which requires Fed approval before a state member bank changes “the general character of its business.” The necessary section 208.3(d)(2) application must contain two elements: (i) a clear and compelling rationale for the Fed to allow the proposed deviation from the presumption and (ii) robust plans for managing the risks of the proposed activity in accordance with principles of safe and sound banking.
Prudential. A section 208.3(d)(2) application must show that the applicant bank has internal controls and information systems that are appropriate to the nature, scope, and risks of its activities. The bank also must demonstrate its ability to comply with applicable laws and regulations, including those relating to consumer compliance and anti-money laundering.
Crypto-related activities. For these activities – including a crypto-asset business or the use of distributed ledger technology – a state member bank must have in place appropriate systems to monitor and control risks. These risks include liquidity, credit, market, operational (including cybersecurity and use of third parties), and compliance risks (including compliance with Bank Secrecy Act and Office of Foreign Asset Control requirements). Fed supervisors expect state member banks to maintain an effective control environment for crypto-related activities.
Review of applications. Although no section 208.3(d)(2) applications of course have been filed yet, the Fed has considered several less formal requests relating to the crypto business. In the Supplementary Information to the Policy Statement, the Fed states that it has not yet been presented with facts and circumstances that would rebut its presumption about permissibility. Consistent with the Joint Statement, the Fed observes that holding crypto assets as principal or issuing tokens on open, public, and/or decentralized networks (or similar systems) present virtually insurmountable safety and soundness concerns. However, two other activities may be permissible – acting as custodian to hold crypto assets and issuing dollar tokens to facilitate payments using distributed ledger or similar technologies.
The Custodia applications. Although Custodia did not file a section 208.3(d)(2) application, the denials reflect the substance of the Policy Statement. In discussing the denied membership application, the Fed notes in particular its concerns about Custodia’s plan to issue a crypto asset on networks that are not closed and about Custodia’s ability to mitigate money laundering and terrorism financing risks.
Considerations for an applicant. A state member bank considering a crypto-asset- related activity should bear in mind that the Policy Statement is not the sole guidance for two reasons. First, if the OCC has not permitted a national bank to engage in the activity, a state member bank should expect to file an application with the FDIC under 12 C.F.R. § 303.121, as well as the section 208.3(d)(2) application with the Fed. The FDIC reviews 303.21 applications under different standards from those used by the Fed. Second, even if an activity is legally permissible, section 208.3(d)(2) requires (as noted above) an application for any change “in the general character” of the bank’s business.