Quick Thoughts on the Federal Reserve Board's New Crypto Policy Statement

Today the Federal Reserve Board announced that it has unanimously voted to deny an application from Custodia Bank to become a member of the Federal Reserve System.¹ I think it is prudent to wait on any further analysis of that decision until the Board releases its order denying the application, which the Board intends to do once it has reviewed the order for confidential information.

Concurrently with the Custodia denial, the Board also today released a policy statement laying out the Board’s views on the permissibility of certain crypto-related activities by any insured or uninsured bank supervised by the Board. In the long-run, I believe this policy statement will wind up being a much bigger deal than the Custodia order, as it will have implications not only for banks narrowly focused on crypto but also, for the reasons explained below, for any bank that is supervised by a Federal regulator.

Background to the Statement

Because I hope that a range of readers with different backgrounds will come across this post, I think it makes sense to start with a very brief simplified background that skips over a bunch of details, omits various nuances, etc.

• In the United States banks may be chartered either at the state level or at the federal level.

• If a bank is chartered at the federal level it is supervised by the Office of the Comptroller of the Currency. All national banks are members of the Federal Reserve System.

• If a bank is chartered at the state level, it may elect to become a member of the Federal Reserve System, in which case it is called a member bank and is supervised by the Federal Reserve Board.

• A state-chartered bank may also elect not to become a member of the Federal Reserve System. Such banks, called non-member banks, are supervised the Federal Deposit Insurance Corporation.

• Permissible activities of national banks are determined by the National Bank Act and other federal laws, as well as regulations adopted by the OCC.

• Permissible activities of state banks are determined by applicable state law, subject to the federal overlay described below.

• Under Section 24 of the Federal Deposit Insurance Act (FDIA), an insured state bank generally may not engage as principal in any activity that is not permissible for national banks, unless authorized by federal statute or the FDIC.

As a result of the above, insured state banks are generally now permitted to do nothing more as principal (and sometimes less, depending on what state law says²) than national banks can do.

This could, in theory, create a potential gap in the law, as uninsured state banks (like Custodia, for example), are not subject to Section 24 of the FDIA. That could, in turn, mean that some state member banks supervised by the Board are not subject to the same restrictions on activities as other member banks supervised by the Board or as national banks or non-member banks.

To address this, the Federal Reserve Board determined today that, using its authority under Section 9(13) of the Federal Reserve Act, it will limit the activities of any member bank (insured or not) to those activities that are permissible under Section 24 of the FDIA.

This necessarily required an analysis from the Board of what is permissible under Section 24 of the FDIA, which in turn meant that today’s policy statement includes an analysis of what the Board believes is permissible or impermissible for national banks. Nothing requires the FDIC and OCC to agree with the Board’s interpretations, but it is highly unlikely that this statement would have been released without interagency coordination, especially given the Board’s statement today that it was seeking to “promote a level playing field and limit regulatory arbitrage.”

So, bottom line, today’s policy statement has implications for any bank in the United States involved in, or thinking about getting involved in, cryptocurrency.

Things to Keep in Mind

As discussed below, the policy statement for the first time gives guidance from the Board as to its assessment of the permissibility, or not, of certain activities. But before getting to that discussion, there are a few important things to keep in mind.

• Legal Permissibility Necessary But Not Sufficient. The Board makes clear in today’s statement that legal permissibility is a “necessary, but not sufficient, condition to establish that a state member bank may engage in a particular activity.” Even if an activity is legally permissible, a bank must be able to conduct that activity in a safe and sound manner. “For instance, it should have in place internal controls and information systems that are appropriate in light of the nature, scope, and risks of its activities.” Further, “[w]ith respect to any novel and unprecedented activities, appropriate systems to monitor and control risks, including liquidity, credit, market, operational, and compliance risks, are particularly important; Federal Reserve supervisors will expect banks to be able to explain and demonstrate an effective control environment related to such activities.”

• Notice and Other Requirements Still Apply. Even if an activity is legally permissible, the prior notice or other requirements imposed by the Board still apply. So, if a member bank wants to do something crypto-related, it still needs to give notice to its lead supervisory point of contact under SR Letter 22-6. Similarly, if the member bank is relying on authority that is available to a national bank only if that national bank has given prior notice to the OCC and receives a written supervisory nonobjection, then the equivalent requirements would apply to the member bank. It would need to give the Board prior notice and receive a written supervisory nonobjection before engaging in the activity.

• Applies Only to Banks. Today’s statement, by its terms, applies only to state member banks supervised by the Board. It does not, again at least by its terms, apply to bank holding companies, savings and loan holding companies, or their non-bank affiliates. In theory, then, BHCs or SLHCs could have available to them authorities (for example under Section 4(k) of the BHC Act) to engage in certain activities that the Board has determined a bank cannot itself conduct. Based on information that is publicly available, however, to this point there is not much evidence that BHCs or their non-bank affiliates have been permitted to engage in many (any?) such activities.

With these caveats acknowledged, let’s look at three specific activities addressed by the statement.

Presumptively Prohibited: Holding Crypto Assets as Principal

The Federal Reserve Board today said it had identified no authority that permits national banks to “hold most crypto-assets, including bitcoin and ether, as principal in any amount.” There also is no federal statute or rule that would otherwise expressly authorize banks to engage in crypto activity as principal.

As a result, the Board will “presumptively prohibit state member banks from engaging in such activity.” This presumption will be rebuttable, but only if “there is a clear and compelling rationale for the Board to allow the proposed deviation in regulatory treatment among federally supervised banks, and the state member bank has robust plans for managing the risks of the proposed activity in accordance with principles of safe and sound banking.”

The Board then goes on to make clear that it does not expect to find many rationales compelling. It says it has serious safety and soundness concerns about banks holding crypto assets as they lack a “fundamental economic use case.” Accordingly, “engaging in prudent risk management based on the underlying value of most crypto-assets, their anticipated discounted cash flows, or the historic behavior of the relevant market” is not possible with respect to such assets.

Also:

[T]he crypto-asset sector— which is globally dispersed—is largely unregulated or noncompliant with regulation from a market-conduct perspective, and issuers are often not subject to or not compliant with disclosure and accounting requirements. This opacity may make it difficult or impossible to assess market and counterparty exposure risks.

Further, engagement in crypto-asset transactions can present significant illicit finance risks, in part due to the pseudonymity of transactors and validators.

Finally, crypto-assets that are issued or transacted on open, public, and/or decentralized ledgers may involve significant cybersecurity risks—especially in comparison to traditional asset classes.

Sometimes Okay: Issuing Dollar Tokens

The Board observes that, under two OCC interpretive letters, some national banks may have the authority to “issue dollar-denominated tokens (dollar tokens) using distributed ledger technology or similar technologies.” Therefore, the Board believes that member banks would have the same authority, assuming they “adhere to all the conditions the OCC has placed on national banks with respect to such activity, including demonstrating, to the satisfaction of Federal Reserve supervisors, that the bank has controls in place to conduct the activity in a safe and sound manner, and receiving a supervisory nonobjection before commencing such activity.”

The Board also, though, lists a number of circumstances under which issuing dollar tokens would not be consistent with safe and sound practices:

The Board generally believes that issuing tokens on open, public, and/or decentralized networks, or similar systems is highly likely to be inconsistent with safe and sound banking practices. The Board believes such tokens raise concerns related to operational, cybersecurity, and run risks, and may also present significant illicit finance risks, because—depending on their design—such tokens could circulate continuously, quickly, pseudonymously, and indefinitely among parties unknown to the issuing bank. Importantly, the Board believes such risks are pronounced where the issuing bank does not have the capability to obtain and verify the identity of all transacting parties, including for those using unhosted wallets.

The Board’s (very qualified) sign off on certain dollar token issuances could have implications for both the state-chartered and national bank members of the USDF Consortium, although the Board does not opine specifically on the permissibility, or lack thereof, of the Consortium’s activities.

The OCC has previously told New York Community Bancorp in connection with its acquisition of Flagstar Bank that it must:

divest its interest in USDF Consortium LLC, and any related holdings of Hash, within two years from the date of consummation of the merger unless the OCC determines in writing that it is permissible for the bank to retain these investments. Additionally, Flagstar NA shall not increase its membership interest in USDF Consortium LLC or its Hash holdings, or holdings of any other crypto-related currency or token, unless and until the OCC determines that the membership interest and Hash or other crypto-related holdings are permissible for a national bank.

It is interesting to note in this regard that in the context of the presumption against holding crypto-assets as principal, the Board today in a footnote quotes from the OCC’s order with respect to Hash, but leaves out any references to USDF, as shown here:

The OCC has required a national bank to divest crypto-assets held as principal that it acquired through a merger with a state bank. Specifically, the OCC conditioned its recent approval of the merger between Flagstar Bank, FSB and New York Community Bank into Flagstar Bank, NA on the divestiture of holdings of “Hash,” a crypto-asset, after a conformance period, as well as a commitment not to increase holdings of any crypto-related asset or token “unless and until the OCC determines that . . . Hash or other crypto-related holdings are permissible for a national bank.”

Crypto Custody Activities

Today in both the supplementary information to the policy statement and in the press release the Board stated that nothing in the policy statement should be interpreted as prohibiting “a state member bank, or prospective applicant [to become a state member bank], from providing safekeeping services, in a custodial capacity, for crypto-assets if conducted in a safe and sound manner and in compliance with consumer, anti-money laundering, and anti-terrorist financing laws.”

I do not see this as a blanket go-ahead. Instead, such activities will remain subject to the prior notice requirements of SR 22-6, meaning that supervisors will, before the fact, inquire into whether the member bank is indeed able to provide custodial services in line with the safety and soundness and other considerations described above. Presumably, the Bank of New York Mellon adequately satisfied the Board in that regard before launching its crypto custody services last fall.

I have been burned here before, but I wonder what, if anything, this implies about the two long-pending applications with the OCC from Paxos and Protego to charter national trust banks focused on providing crypto custody services. There is definitely a perspective from which this is a good sign, and I would still guess it is more likely than not that the banks will eventually be permitted to open and to join Anchorage Digital as OCC-chartered crypto custody banks.³

On the other hand, I could also see the perspective that this does not really change anything. The OCC by conditionally granting the charters had already concluded that such activities were, in theory, permissible for national banks. The issue has been not permissibility, but rather the banks’ ability to satisfy the OCC’s conditions, which no doubt include requirements related to safety and soundness, BSA/AML, consumer protection, and so on. Looking at the White House statement released today, one gets the sense the bar for meeting those expectations is going to remain quite high.

1

Custodia’s application for access to a master account remains pending and subject to litigation.

2

States generally have “parity” or “wild card” statutes that allow state-chartered banks to engage in the same activities as national banks, but these statutes vary in certain respects, including in terms of whether prior notice or prior approval is required.

3

Some people affiliated with Protego still seem pretty bullish on things at least. Last week a prominent Protego investor tweeted that the losses experienced recently by Silvergate and Signature Bank are “one of many reasons why [Protego Trust] is going to be so important since we can take cash deposits as a trust without the same risk.” I … guess so?