In recent months, the Federal Office of the Comptroller of the Currency (OCC) has signaled a more permitted legislative attitude towards national banks and federal savings associations (overall banks) participating in crypto-ass activities. “I will continue to work extensively to ensure that the rules are effective and not exaggerated, while maintaining a strong federal banking system,” said acting controller of the currency Rodney E. Hood earlier this year.
On March 7, OCC began formalizing its shift away from its Biden-Era approach to regulating Banks’ crypto-activation activities with the issuance of interpretive letter 1183. Through this interpretive letter, OCC removed its surveillance process for banks seeking to participate in crypto-asset activities, which removed significant banks around Bank’s skills. This interpretive letter also confirmed OCC’s previous guidance that allows banks to participate in a number of crypto activities.
OCC followed up on this action in May with interpretive letter 1184. In the confirmed OCC further, the banks can participate in certain crypto activities and treated the roles of third-party providers-as well as fintech companies playing in these activities. The interpretive letter generally supported third -party commitment to them.
Key Takeaways:
- OCC will no longer require banks to review a monitoring process that is not objective (see definition below) before offering products and services relating to crypto assets to their customers. Banks regulated by OCC can now offer crypto -active products and services without having to first demonstrate that they have adequate compliance processes in place.
- Removing this process lowers significant barriers to crypto-active banking activities becomes more widespread. However, monitoring expectations still apply. OCC is likely to still use supervisory exams to check if the banks have implemented strong controls to control the risks associated with crypto-activity activities.
- The OCC also confirmed that banks can provide Crypto-CSSSET’s parenting services, have funds such as reserves of stablecoins and deliver certain payments relating to stablecoins, including acting as nodes for distributed headbooks in verification of customers’ payments and easy payment transactions on a distributed LEDGER.
- With regard to Crypto-asso Coartor Services, OCC has confirmed that banks can use third-party undercustodians to provide custody services, subject to the appropriate third-party risk management practice.
- Banks that are interested in offering crypto -active products and services to customers should review OCC’s existing guidance to identify compliance obligations and expectations. Expect OCC’s guidance to develop as crypto-activity activities mature and gain broader adoption in the banking industry.
- Because crypto-activity activities are still new to the banking industry, banks can benefit from taking a proactive approach to identify appropriate controls and processes for managing risks associated with crypto-active products and services.
What the recent interpretive letters do
OCC’s recent interpretive letters signalize a shift away from the more cautious and restrictive approach that the agency has taken under the Biden administration, and OCC’s confidence in banks’ ability to control risks associated with crypto-active activities. They confirm that banks are authorized to participate in certain crypto-active activities and explicitly allow third-party service operators to provide the Crypto-Contic Parent Services (to be “Undercustodians”). They also give banks a green light to explore crypto-active options, as such options can arise by eliminating the supervisor, non-objection process that was first adopted in 2021.
Previously, a bank’s ability to participate in Crypto-ith-activities was limited by a non-objection process adopted by 2021, which required the banks to receive OCC’s tacit approval before participating in such activities. OCC’s recent interpretive letters eliminated this supervision process for the supervision process.
Which Crypto activities are allowed?
- Interpreting Letter 1170 Tillades Banks to provide Crypto-Contact Prhatulting Authority Services to customers in both fiduciary and non-fiduciary capacity as part of their traditional storage and custody activities.
- Interpreting Letter 1172 – Allows banks to receive and keep deposits from stablecoin issuers, including reserves for stableecoins associated with hosted wallets.
- Interpreting Letter 1174-Austria Banks to participate in certain payment-related activities involving stableecoins, including acting as nodes for an independent knot confirmation network (ie.At a distributed headbok) in the verification of customers’ payments and facilitates payment transactions on a distributed headbok.
In the recent interpretive letters, OCC confirmed that these crypto-activity activities are still allowed banking activities. OCC also explicitly confirmed that banks can use third parties, indicating that OCC may also support third-party providers participating in Banks’ other crypto-activity activities.
What was OCC’s supervisory process non-objection?
According to the now-built-up interpretative letter 1179, banks demanding to participate in crypto-activity activities to notify their OCC supervision office and get a written non-objection before continuing.
Non-Obformation letters would only be issued if the bank could demonstrate, to the satisfaction of the Supervisory Office, that it had sufficient risk management processes in place to identify, measure, monitor and control potential risks associated with its planned crypto activities.
In addition, banks had to show a clear understanding of the laws that apply to its planned crypto-activity activities, such as federal securities law, money laundering laws and consumer protection laws.
Removal of this non-objectified supervision removes a significant regulatory barrier to banks’ ability to participate in crypto-activity activities. However, its removal does not release banks for their responsibility to effectively manage the risks associated with these activities.
Crypto-active risk management in the future
In the future, these activities will be reviewed by OCC as part of its general supervision process. This means that banks participating in crypto-active activities still have to ensure that such activities are carried out in a safe, healthy and fair manner and in accordance with applicable law. If a third-party service provider-such as fintech company-will become involved in them, banks are also expected to implement appropriate third-party risk management practices.
By eliminating the supervisory barrier that has not been objectified, OCC has placed greater responsibility on the banks to implement the appropriate extensive risk management framework. They may think it is easier to integrate crypto-related products and services into their offerings as a result.
Still, OCC is likely to expect banks to implement strong controls to control the risks associated with these activities that are in line with those described in OCC’s previous interpretive letters and guidance. For example:
- Crypto-asset Coopolation Services-OCC has stated that strong security control is needed to avoid the wrong management of cryptographic keys, which can lead to irreparable losses. OCC recommends double control, separation of duties and secure storage solutions (eg cold wallets) to prevent unauthorized access along with robust audit procedures for effective cryptographic key management.
- HoldestableCoinReserver – OCC has highlighted liquidity risks and compliance with current capital and liquidity regulations as primary areas of concern, especially if reserve balances do not match outstanding stableecoins. Accordingly, if they have stablecoin reserves, banks should maintain daily requirements for reserve control to ensure a 1: 1 support of stableecoin of Fiat, and they should also establish contractual restrictions with StableCoin issuers to ensure that redemption obligations do not exceed available reserves.
- StableCOin payments Activities-occ expect the banks to tackle the anti-laundering of money laundering, cyber security, fraud and consumer protection risks associated with payments-related crypto-asset activities by developing adequate technological expertise to control the complexity of blockchain transaction pseudo-anonymity of such a transaction.
Banks participating in crypto-activity activities should adapt to these expectations. However, crypto-active activities remain relatively new in comparison to traditional banking activities, and the compliance questions they are traveling may not yet be fully understood. OCC’s expectations of safety and health can develop, and new legislation can change applicable laws. Keeping up to date in the regulatory landscape around crypto-activity activities is probably the key to the banks’ engaged in them.
Banks dealing with crypto-activity activities may be ahead of new regulatory developments by taking a proactive approach to managing these risks, such as developing robust management frameworks to prevent regulatory gaps and engage in regulators and industry to inform supervisory developments.
