On July 22, 2020, the Office of the Comptroller of the Currency (OCC) published an interpretive letter clarifying the authority of national banks to provide cryptocurrency custody services for customers. This latest guidance is just one of many recent developments coming out of the OCC focused on modernizing the regulatory framework at the national level. Since Brian Brooks took over as acting Comptroller of the Currency on May 29, 2020, the agency has announced a number of significant initiatives designed to allow national banks to capitalize on technology and innovation.
In the interpretive letter, the OCC described safekeeping and custody services for a wide variety of customer assets, both physical and digital, as among the most basic and fundamental bank activities to support its finding that providing custody services for cryptocurrency is merely a modern form of traditional bank activities. The guidance highlights the OCC’s recognition that financial markets are becoming increasingly digitized and that banks need to leverage new technology and find innovative ways to serve their customers’ needs.
While the interpretive letter specifically focuses on the authority of banks to safeguard the cryptographic keys associated with cryptocurrency, the OCC clarifies that “crypto custody services may extend beyond passively holding ‘keys.’” This can reasonably be interpreted to mean that nationally chartered banks are authorized to play a more significant role in providing cryptocurrency services to customers. However, the lack of a codified definition for cryptocurrency in federal banking regulations creates some continued uncertainty for banks interested in providing crypto-related services.
The OCC also clarified that the authority extends to national banks providing crypto custody services in both a fiduciary and non-fiduciary capacity. To the extent that a national bank is providing crypto custody services in a fiduciary capacity, such activities must be conducted in compliance with applicable state, federal, and other law, such as the instrument that created the fiduciary relationship.
It is important to note that a bank wishing to engage in new crypto activities must develop and implement such activities in accordance with OCC guidance on sound risk management practices, and align the activities with the bank’s overall business plan and strategies. Banks seeking to engage in crypto activities are also expected to conduct thorough legal analysis to ensure proposed activities are conducted with all applicable laws and regulations.
The interpretive letter also reaffirms that national banks are permitted to provide banking services to any lawful business they choose, including cryptocurrency businesses, so long as they effectively manage the risks by implementing controls commensurate with those risks. As with all activities performed by national banks, crypto activities must be conducted in a safe and sound manner and banks must establish adequate systems for identifying, measuring, monitoring, and controlling the risks of such activities – this includes adopting policies and procedures, as well as implementing internal controls and developing management information systems governing crypto custody services. The OCC expects all custody activities to include dual controls, segregation of duties and accounting controls.
Finally, the OCC clarified that the conclusions and guidance contained in the interpretive letter apply equally to federal savings associations.