A New “Operation Choke Point”? The Quickly Changing Rules on Crypto Activities for Member Banks
22 min read
Federal Reserve Policy Statement and Related Member Bank Application Denial
In an effort to align the permissibility of crypto activities for all member banks of the Federal Reserve System (the "FRS", which includes all national banks and state member banks), the Board of Governors of the Federal Reserve System (the "Federal Reserve") issued a policy statement under Section 9(13) of the Federal Reserve Act ("FRA") limiting permissible state member bank activities (the "Policy Statement") while simultaneously announcing the denial of Custodia Bank, Inc.'s ("Custodia") application for membership to the FRS. The Policy Statement exercised the Federal Reserve's discretionary authority under FRA Section 9(13) to limit the activities of insured and uninsured state member banks to those permissible for national banks. The authority to engage in permissible activities under Section 9(13) also must be exercised consistent with Section 24 of the Federal Deposit Insurance Act (the "FDIA"), which prohibits all insured state banks from principally engaging in activities not permissible for national banks unless authorized by federal statute or the Federal Deposit Insurance Corporation ("FDIC"). Section 24 of the FDIA does not apply to uninsured state banks.
The Policy Statement sets forth a rebuttable presumption prohibiting state member banks from engaging in activities impermissible for national banks unless authorized by federal statute or FDIC regulation, whether or not such activity is permissible under applicable state law.1 That presumption may be rebutted only if (1) there is a "clear and compelling" reason justifying the "deviation in regulatory treatment among federally supervised banks," and (2) the state member bank has "robust" risk management plans for the proposed activity that accord "with principles of safe and sound banking." The Federal Reserve then addressed state member bank inquiries into "crypto-asset-related activities" and concluded that the rebuttable presumption would apply to state member banks seeking to either hold crypto-assets as principal or issue dollar-denominated tokens.
On the same day that the Federal Reserve denied Custodia's membership application, the Federal Reserve Bank of Kansas City (the "FRBKC") also denied Custodia's "master account" application. Custodia is a special purpose depository institution chartered under the laws of the State of Wyoming. These actions come on the heels of a turbulent year in the crypto-asset space and at a pivotal moment for the banking industry, as banks and non-banks alike seek to employ novel crypto-asset business models, as well as implement distributed ledger technology to provide more efficient financial services. We summarize below the recent actions by the Federal Reserve, FRBKC, and other regulators and discuss their implications for banking institutions looking to commence or expand their crypto-asset banking services and activities.
After Bitcoin and Ethereum reached their all-time highs in November 2021, the cryptocurrency market entered a downward spiral that continued throughout 2022. That spiral was exacerbated in May 2022 with the collapse of TerraUSD ("UST"), an ostensibly dollar-pegged "stablecoin" that was intended to maintain its peg algorithmically through arbitrage pressure. UST entered a death spiral to zero that ultimately helped lead to the further collapse of Three Arrows Capital, Voyager Digital, LLC, Celsius Network Limited, and much of the rest of the interconnected market. The most recent blow to hit the crypto markets was the collapse of both Sam Bankman-Fried's cryptocurrency exchange FTX, and its affiliated hedge fund, Alameda Research, in November 2022. This relentless market collapse hit as traditional, often-slower-to-act financial institutions started engaging in crypto-asset activities.
Office of the Comptroller of the Currency
Prior to the market collapse in 2022, the Office of the Comptroller of the Currency ("OCC") released several interpretive letters throughout 2020 and 2021. On July 22, 2020, the OCC issued Interpretive Letter 1170, which authorized national banks to provide certain cryptocurrency custody services on behalf of customers as part of the "business of banking."2 On September 21, 2020, the OCC issued Interpretive Letter 1172 authorizing national banks to hold cash deposits reserving stablecoin tokens also as part of the "business of banking" as authorized by 12 U.S.C. § 24.3 The OCC considers the following factors when determining whether an activity is part of the business of banking, including: (i) whether the activity is the functional equivalent to, or a logical outgrowth of, a recognized banking activity; (ii) whether the activity strengthens the bank by benefiting its clients or its business; (iii) whether the activity involves risks similar in nature to those already assumed by banks; and (iv) whether the activity is authorized for State-chartered banks.4
National banks are authorized to engage in other activities "incidental to the business of banking" if it is convenient or useful to an activity that is specifically authorized for national banks or to an activity that is otherwise part of the business of banking. In determining whether an activity is convenient or useful to such activities, the OCC considers the following factors: (i) whether the activity facilitates the production or delivery of a bank's products or services, enhances the bank's ability to sell or market its products or services, or improves the effectiveness or efficiency of the bank's operations, in light of risks presented, innovations, strategies, techniques and new technologies for producing and delivering financial products and services; and (ii) whether the activity enables the bank to use capacity acquired for its banking operations or otherwise avoid economic loss or waste.5 The OCC issued Interpretive Letter 1174 on January 4, 2021, which found that national banks may act as nodes on an independent node verification network (i.e., distributed ledger) to verify customer payments, and may engage in certain stablecoin activities to facilitate payment transactions on a distributed ledger.6
After a change in Acting Comptrollers, the OCC began to back away from its prior approvals of crypto-asset activities for national banks. It issued Interpretive Letter 1179 on November 18, 2021, which stated that while the activities described in Interpretive Letters 1170, 1172 and 1174 remained legally permissible for national banks, such legal permissibility also included a requirement that any national bank must first demonstrate, to the satisfaction of its regional OCC supervisory office, that it has controls in place to conduct the activity in a safe and sound manner, a so-called "pre-approval" requirement.7 The OCC's more cautious approach faced an immediate test on January 18, 2022, when the OCC conditionally approved Social Finance Inc.'s ("SoFi") application to create SoFi Bank, N.A. ("SoFi Bank") through the acquisition of Golden Pacific Bank, National Association on the condition "that the resulting bank will not engage in any crypto-asset activities or services."8 SoFi Bank's parent company, SoFi Technologies, Inc's application to the Federal Reserve to become a bank holding company was granted around the same time, and in the approval the Federal Reserve Bank of San Francisco ("FRBSF") held that the crypto-asset activities engaged in by its digital-asset-focused subsidiary, SoFi Digital Assets, could only be retained for a period of two years (with the possibility of three additional one year extensions) pursuant to Section 4(a)(2) of the Bank Holding Company Act of 1956, as amended (the "BHC Act").9 Put another way, the FRBSF found that the crypto-asset activities engaged in indirectly by SoFi Technologies, Inc. were impermissible activities under Section 4 of the BHCA.10
On October 28, 2022, the OCC approved the merger of New York Community Bank and Flagstar Bank, N.A., with Flagstar Bank as the resulting institution. One condition of approval imposed by the OCC was that Flagstar refrain from increasing and divest from its interest in the USDF Consortium—a group of nine banks that aim to further the adoption and interoperability of tokenized fiat deposits on blockchain—and Hash holdings (the native token of the Provenance Blockchain), unless the OCC decides they are permissible for national banks.11 In essence, this commitment imposes the pre-approval requirement of Interpretative Letter 1179 to any crypto-activities in which the new Flagstar may wish to engage.
Summary of White House Statement
On January 27, 2023 – the same day as the Policy Statement and the Federal Reserve's denial of Custodia - the White House's National Economic Council (the "Administration") released "The Administration's Roadmap to Mitigate Cryptocurrencies' Risks" (the "Administration Announcement").12 The Administration Announcement emphasized the need to effectively regulate crypto-assets to protect investors, hold bad actors accountable, and—in explicit reference to the May 2022 "so-called stablecoin" collapse—prevent turmoil in the cryptocurrency sector from spreading to the broader financial system.
The Administration Announcement is chiefly concerned with crypto-asset entities "ignoring" financial regulations, failing to institute "basic" risk controls, and engaging in fraudulent and misleading behavior. To that end, the Administration highlighted increased government and regulatory enforcement efforts and the issuance of necessary guidance. The Administration encouraged regulators to continue their efforts to clarify regulatory ambiguity and limit financial institutions' exposure to the risks of cryptocurrencies.
The Administration noted that additional efforts are needed and unveiled its plan to release digital assets research and development priorities—priorities the Administration contends will help the technologies powering cryptocurrencies protect consumers "by default."13 The Administration further called for Congressional action to expand regulators' powers to prevent the misuse of customer assets, strengthen crypto-asset company disclosure requirements, and provide more severe penalties for violations of illicit-finance rules. The Administration concluded by warning against Congressional action that could "greenlight" mainstream financial institutions, such as pension funds, to "dive headlong into cryptocurrency markets."
Joint Statement by the Federal Bank Regulatory Agencies
The Federal Reserve and FRBKC actions described above followed shortly after the issuance by the Federal Reserve, the FDIC, and the Office of the Comptroller of the Currency (the "OCC" and, collectively, the "Agencies") on January 3, 2023 of an Interagency Statement on "Crypto-Asset Risks to Banking Organizations" (the "Interagency Statement"). The Interagency Statement highlighted the Agencies' concerns about risks to the banking institutions they regulate in light of the volatility experienced in the crypto-asset markets over the past year. The risks identified in the Interagency Statement include, among other things, legal uncertainties related to custody practices, redemptions, and ownership rights, safety and soundness, fraud and misrepresentation, contagion, and stablecoin run risk. As noted above in regards to the Federal Reserve denial of Custodia's application for FRS membership and discussed in more detail below, the Agencies also cited heightened risks associated with open, public, and/or decentralized networks, or similar systems, including, but not limited to, the lack of governance mechanisms establishing oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.
The Agencies appear to be adopting a consistent (or, at least, more consistent) approach to concerns about safety and soundness requirements for new crypto-asset activities and whether such considerations are or are not separate from the question of legal permissibility. As evidenced in its Policy Statement and Supervision and Regulation Letter 22-6 ("SR 22-6"), the Federal Reserve seems to distinguish between legal permissibility (whether an activity is authorized as a legal matter) from permissibility for the particular bank in question (which also requires the bank's regulator to approve or provide non-objection in light of, among other things, the bank's internal control framework and ability to engage in such activity in a safe and sound manner). Indeed, the Federal Reserve identified safety and soundness, consumer protection, financial stability, and legal permissibility as separate items of concern in its consideration of banks' proposed crypto-asset activities. In contrast, the OCC's actions and statements in this area, as evidenced in precedents such as OCC Interpretive Letter 1179, indicate that the OCC takes the position that whether or not an activity can properly be considered to be part of the business of banking necessarily also involves a consideration of whether the activity can be conducted at all in a safe and sound manner. The FDIC similarly highlights safety and soundness, consumer protection, and financial stability implications of crypto-asset activities in its Financial Institution Letter on Notification of Engaging in Crypto-Related Activities (FIL-16-2022).
We note that the focus on safety and soundness as a requirement for an activity to be permissible, as it appears in the Policy Statement, the Joint Statement, and the Agencies' guidance noted above, clearly arises in the context of, and has been motivated by, market-related and bad actor events that have occurred recently in the crypto space. The principles reflected in such guidance are nonetheless not specifically limited to crypto-asset activities, but rather would seem to be relevant, at least in theory, to all types of new activities by banking institutions. If the Agencies are indeed taking that broader approach, it would make for a substantial departure from the traditional approach of the Agencies in dealing with proposals by banking institutions to conduct previously unapproved activities, which have focused to a substantial extent on issues of legal permissibility.14
The Policy Statement refers to "crypto-assets" as digital assets (such as BTC and ETH) issued using distributed ledger technology and cryptographic techniques. The Federal Reserve did not include in this category assets represented on a blockchain that are more appropriately categorized within a recognized, traditional asset class (such as properly registered securities that are issued, stored, or transferred through a regulated clearing agency) but reserved the right to treat such assets as "crypto-assets" if using distributed ledger technology and cryptographic techniques changes the risks of that traditional asset.
Some banks have explored offering tokenized dollar products and services. Although permitted, banks are required to seek pre-approval or non-objection from the Agencies, as applicable and noted above. Pertinent to the provision of such products and services has been the question of whether FDIC insurance applies to tokenized dollars as so-called "pass-through insurance," and a number of other interpretive questions for which there is no definitive interpretive guidance.
Custodia Applications Denied
Custodia is an uninsured special purpose depository institution chartered under Wyoming banking law, focused on providing digital asset banking, custody, and payment solutions. On October 29, 2020, Custodia applied to the FRBKC for a Federal Reserve "master account" that would give Custodia access to the Federal Reserve's account services, including its electronic payments system. In August 2021, Custodia also applied to the Federal Reserve for membership in the FRS, which (if accepted) would subject Custodia to oversight and regulation by the Federal Reserve as an uninsured state member bank.
For almost two years, Custodia's master account and Federal Reserve membership applications went unanswered. Consequently, on June 7, 2022, Custodia filed suit against the Federal Reserve and the FRBKC (collectively, the "FR Defendants") in the United States District Court of Wyoming for their unreasonable delays in processing Custodia's applications. On November 11, 2022, U.S. District Judge Skavdahl partially granted and partially denied the FR Defendants' motion to dismiss, leaving intact Custodia's Administrative Procedure Act, mandamus, due process, and declaratory judgment claims. Judge Skavdahl dismissed Custodia's alternative claims for relief in the event its applications were denied as non-justiciable on ripeness grounds because the applications had not yet been decided.
On January 27, 2023, FRBKC issued Custodia a letter denying its master account application and the FR Defendants promptly filed a new motion to dismiss the remaining claims (which sought prompt decisions on the applications by the FR Defendants) as moot in light of the FRBKC decision. On the same day, the Federal Reserve announced it denial of Custodia's application to become a member of the Federal Reserve System, citing that Custodia's application, as submitted, was inconsistent with the required factors under the law. As noted in the Federal Reserve's Press Release, Custodia "proposed to engage in novel and untested crypto activities that include issuing a crypto asset on open, public and/or decentralized networks," a business model about which the Federal Reserve is particularly concerned, as the Federal Reserve and the other agencies made clear in the Interagency Statement. Specifically, the Federal Reserve stated that Custodia's crypto activities are "highly likely to be inconsistent with safe and sound banking practices," and that Custodia's "risk management framework was insufficient to address concerns regarding the heightened risks associated with its proposed crypto activities, including its ability to mitigate money laundering and terrorism financing risks."
The Path Ahead
The Agencies' actions, complemented by the Administration's continuous research and statements on the risks of crypto-asset business activities for banking institutions, leave a trail of indications as to what the banking industry is likely to see in the year ahead. Such actions denote an effort by the Agencies to consolidate their regulatory posture with regard to such activities in the absence of legislative direction. As a result of such efforts, banks are faced with a limited set of crypto-asset activities in which they may engage, most of which are subject to pre-approval or non-objection by the Agencies.
A national bank may provide cryptocurrency custody activities under Interpretive Letter 1170, which the OCC described as "taking possession of the cryptographic access keys to that unit of cryptocurrency."15 As stipulated in Interpretive Letter 1179, a bank may engage in such cryptocurrency custody activities if it is able to demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner. As noted in Interpretive Letter 1179, a bank already engaged in such activity as of the date of publication of Interpretive Letter 1179 does not need to obtain supervisory non-objection.16 There are only a small handful of banks engaged in the activities described in Interpretive Letter 1170, and based on the tone and substance of the Agencies' actions, it will be extremely difficult for any other banks to gain approval to join them.
Other activities, such as operation of a closed-loop network or token transfer system, issuance of stablecoins or tokenized deposits, holding cash deposits as reserves for issued stablecoins, and holding crypto-assets as principal, present their own regulatory hurdles, all of which must be conducted in a safe and sound manner and in compliance with consumer, anti-money-laundering, and anti-terrorist-financing laws.17 The standards by which banks may satisfy these requirements remain unclear and ill-described by the Agencies, which therefore leaves the Agencies near full discretion to approve or disapprove pre-approval requests for almost any reason.
Banks are likely prohibited, for the time being, from engaging in crypto-asset activities on "open, public and/or decentralized networks," as opposed to those networks that are closed, permissioned, and centralized. As we noted above, the Agencies have shown a clear aversion to permitting banks to engage in such open, public and/or decentralized network. Consistent with the Agencies' concern for safety and soundness considerations, and permissibility more generally, the Agencies appear to prefer for banks, to the extent they wish to engage in crypto-asset activities, to operate on blockchain networks that may be more easily observed, maintained, and managed, taking into account prominent risks such as fraud and manipulation, illicit financial transactions, runs on the market, and contagion.
Under OCC Interpretive Letter 1174, national banks may act as nodes on an independent node verification network (i.e., distributed ledger) to verify customer payments, and may engage in certain stablecoin activities to facilitate payment transactions on a distributed ledger. The OCC acknowledged that certain stablecoins may be backed by U.S. dollars, while others "may be more complex, backed by commodities, cryptocurrencies, or other assets but with values that are pegged to a fiat currency or managed by algorithm."18 It should be noted, however, that Interpretive Letter 1174 discussed its view regarding the ability of national banks to engage in stablecoin issuance within the context of a dollar-backed product. As noted by the OCC, "[j]ust as banks may buy and sell [electronically stored value] as a means of converting the [electronically stored value] into dollars (and vice versa) to complete customer payment transactions, banks may buy, sell, and issue stablecoin to facilitate payments."19 In this regard, the OCC appears to have permitted, subject to supervisory non-objection under Interpretive Letter 1179, the issuance of stablecoins that are dollar-backed tokens.20 The OCC did not make explicit its view as to issuance of "more complex" stablecoins referenced above. In its Policy Statement, the Federal Reserve held the view that a state member bank seeking to issue what it referred to as a "dollar token" (but, importantly, did not distinguish from the term "stablecoin" referred to in Interpretive Letter 1174) would be required to "adhere to all the conditions the OCC has placed on national banks with respect to such activity, including demonstrating, to the satisfaction of Federal Reserve supervisors, that the bank has controls in place to conduct the activity in a safe and sound manner, and receiving a supervisory nonobjection before commencing such activity."21 The Federal Reserve specified, however, that tokens issued on open, public, and/or decentralized networks, or similar systems, are highly likely to be inconsistent with safe and sound banking practices because they raise concerns related to operational, cybersecurity, and run risks, and may also present significant illicit finance risks. Accordingly, banks appear free to pursue supervisory non-objection for the purpose of issuing dollar-backed tokens on closed-loop, permissioned blockchain networks, such as those established on an intra-bank or inter-bank (e.g., as part of a consortium) basis.22
The Agencies appear to be unwilling to permit banks to hold crypto-assets such as bitcoin and ether, as principal, in the near term. The Policy Statement notes that, "[t]o date, the OCC has not made a determination addressing the permissibility of a national bank holding cryptoassets as principal, other than 'stablecoins' to facilitate payments subject to the conditions of OCC Interpretive Letter 1179.23 In this regard, the Federal Reserve noted that it would "presumptively prohibit state member banks from engaging in such activity under section 9(13) of the Act."24 The FDIC would likely follow suit. As noted in the Interagency Statement, "[b]ased on the [A]gencies' current understanding and experience to date, the [A]gencies believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices."25
Although the OCC's major interpretive actions involving crypto-asset activities that are discussed above have identified only a small number of specific crypto-asset activities as being permissible for national banks, certain OCC conditional approvals for national banks or federal branches in formation suggest that traditional bank financial intermediation functions such as acting as broker or agent for customers in connection with trading in financial instruments may also be permissible for national banks in connection with in crypto-assets. Trading activities conducted by a bank as broker or agent for a customer would not expose the bank to principal risk or various of the other types of risks that would arise if a bank were to trade in or hold crypto-assets as principal or engage in financial intermediation activities in a principal capacity, such as acting as a dealer or a market maker, rather than in a brokerage or agency capacity. At a minimum, however, a national bank would presumably need to demonstrate to the satisfaction of the OCC that the bank has controls in place to conduct the crypto-asset brokerage or agency trading activities in a safe and sound manner, consistent with OCC Interpretive Letter 1179. As noted in the OCC's conditional approval for a federal branch of foreign bank Adyen N.V., which provides that "[t]he [b]ranch shall not engage in any crypto-asset related activities (including but not limited to holding crypto assets on balance sheet or in a custodial or fiduciary capacity, accepting crypto assets as collateral, making markets or other financial intermediation in crypto assets, or trading crypto assets, including acting as agent) unless specifically authorized to do so by the OCC."26 A state member bank would similarly be required under the Policy Statement to demonstrate an effective internal control framework for any such brokerage or agency trading activities for crypto-assets, as well as to comply with any terms, conditions or limitations imposed on such activities by the OCC in the case of national banks.
1 See Industry Letter - January 23, 2023: Guidance on Custodial Structures for Customer Protection in the Event of Insolvency | Department of Financial Services (ny.gov)
2 OCC Interpretive Letter No. 1170 (July 22, 2020)
3 OCC Interpretive Letter No. 1172 (Sept. 21, 2020)
4 12 CFR 7.1000(c).
5 12 CFR 7.1000(d).
6 OCC Interpretive Letter No. 1174 (January 2021)
7 OCC Interpretive Letter No. 1179 (November 2021)
8 OFFICE OF THE COMPTROLLER OF THE CURRENCY, OCC Conditionally Approves SoFi Bank, National Association, News Release 2022-4 (January 18, 2022).
9 SoFi Technologies' received its approval letter from the Federal Reserve Bank of San Francisco on January 18, 2022. Brown, Colleagues Call on Bank Regulators to Review SoFi's Crypto Activities, November 21, 2022.
10 We do not know exactly what those activities are. The Federal Reserve refused repeated FOIA requests to release that information, stating that that the responsive information contains "nonpublic proprietary information (e.g., information related to SoFi's business strategies and internal financial information)." This information, the Federal Reserve contended, is subject to withholding and was withheld pursuant to exemption 4 of the FOIA, 5 U.S.C. § 552(b)(4). In addition, the Federal Reserve determined that the information should be withheld because it is "reasonably foreseeable that disclosure would harm an interest protected by an exemption described in subsection (b) of the FOIA, 5 U.S.C. § 552(b)."
11 OCC Conditional Approval Letter No. 1299 (Oct. 27, 2022).
12 The Administration's Roadmap to Mitigate Cryptocurrencies' Risks, January 27, 2023.
13 Request for Information; Digital Assets Research and Development, 88 FR 5043, January 26, 2023.
14 See UnSound: OCC IL 1179 and Its Backwards Creation of New Law | White & Case LLP (whitecase.com).
15 OCC Interpretive Letter No. 1170 (July 22, 2020) at 5.
16 OCC Interpretive Letter No. 1179 (Nov. 18, 2021) at 2.
17 Board of Governors of the Federal Reserve System, Policy Statement on Section 9(13) of the Federal Reserve Act (Jan. 27, 2023) at 9.
18 OCC Interpretive Letter No. 1174 (January 2021) at 2.
19 OCC Interpretive Letter No. 1174 (Jan. 4, 2021) at 7.
20 Neither the OCC nor the Federal Reserve defined what it considered to be the difference between a stablecoin pegged to U.S. dollars from a tokenized dollar deposit. In practical terms one can consider the market difference to be that a stablecoin is an instrument issued by a non-bank that is an obligation reserved (collateralized) by U.S. dollars and other short-term highly liquid instruments; while a tokenized dollar is an instrument issued by a bank that is a tokenized version of a related dollar deposit, is not backed by specific reserves or collateral (other than the issuer bank's general cash reserves and other liquidity requirements) and does not itself carry independent value outside of the value of the underlying deposit.
21 Board of Governors of the Federal Reserve System, Policy Statement on Section 9(13) of the Federal Reserve Act (Jan. 27, 2023) at 9.
22 Yet, see the conditions placed by the OCC on Flagstar. OCC Conditional Approval Letter No. 1299 (Oct. 27, 2022).
23 See OCC Interpretive Letter No. 1174 (Jan. 4, 2021); OCC Interpretive Letter No. 1179 (Nov. 18, 2021); this statement appears to overlook the SoFi approval letter described above.
24 Board of Governors of the Federal Reserve System, Policy Statement on Section 9(13) of the Federal Reserve Act (Jan. 27, 2023) at 8.
25 Joint Statement on Crypto-Asset Risks to Banking Organizations, Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency (January 3, 2023).
26 See OCC Conditional Approval No. 1270 (July 2021)
Chante Eliaszadeh (White & Case, Associate, Los Angeles) contributed to the development of this publication.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2023 White & Case LLP