Demystifying Banking Regulators’ Recent Crypto Actions: Key Takeaways for Fintech Companies
The last few years had started to see a convergence between crypto and banking, with bitcoin appearing to be rapidly growing mainstream. That momentum hit a wall with the spectacular crypto market failures of 2022, including the collapse of the crypto exchange FTX. In response to the significant volatility and exposure of vulnerabilities in the crypto sector that resulted, the federal supervisory banking regulators (Board of Governors of the Federal Reserve System (Fed), Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC)) have recently taken firmer, coordinated action to delineate the types of risks related to the crypto sector that banks should be aware of and, in certain cases, that do not belong in the banking system at all, in their outlook.
The political lines drawn are critical because the banks still play a dominant role in ordinary, day-to-day financial activities. A bank’s expansion into crypto activities or offerings underpinned by distributed ledger technology (DLT), especially in partnership with a fintech company, could amplify the use of these technologies. A fintech company can find its own scale, reach and reputation by offering crypto services or DLT-based network expanded by partnering with a bank. If done cautiously and cautiously, these partnerships can also help to safely integrate certain crypto- and DLT-based innovations into more mainstream applications. What that might look like and the regulatory expectations surrounding it are beginning to take shape, as reflected by recent actions by federal regulators. Like the Biden administration has stressed that these actions reflect “the imperative to separate risky digital assets from the banking system”. Even still, not all crypto- and DLT-based activities are off the table.
We are at an important turning point in the industry, with riskier crypto businesses falling and banking regulators stepping up to make their expectations clearer. It is important for fintech companies that work with or want to work with banks to offer crypto- or DLT-based services, investors in these companies and their legal advisors to keep abreast of where regulators are starting to draw a red line with respect for crypto activities and the opportunities for responsible innovation that remain.
Recent crypto developments
The Fed, FDIC and OCC jointly had announced in November 2021, they conducted a series of interagency “policy sprints” focused on crypto, but only recently have they begun to paint clearer boundaries on the types of crypto activities that banks can engage in. These recent announcements include their joint statement on crypto-asset risks for banking organizations, issued on January 3, 2023; Fed policy statement to promote a level playing field for all banks with a federal supervisor, regardless of deposit insurance status, issued January 27, 2023; and Fed notice of refusal application of Custodia Bank, Inc. to join the Federal Reserve System, also made Jan. 27, 2023.
Here are some practical takeaways for fintech companies working with or looking to work with banks in relation to crypto- or DLT-based offerings:
- Banks are not barred from offering crypto custody services: The Fed explicitly stated that it is not taking off the table for its supervised banks the ability to provide custody services, in a custodial capacity, for crypto – if it is done in a safe and sound manner and in compliance with consumer protection, anti-money laundering and anti-terrorist financing laws . The OCC has previously concluded that a national bank can offer crypto custody services on behalf of customers.
- It is unlikely that banks will hold crypto assets for their own account (“as a principal”, such as for investment or market-making activity): The joint statement noted that holding as principal crypto-assets that are underpinned by an open, public or decentralized blockchain is “highly likely to be inconsistent with safe and sound banking practices.”
The Fed went further in its policy statement, noting that it would “probably prohibit” the supervised banks from holding the majority of crypto as principal.1 Overcoming this assumption will be no small feat, as the Fed’s policy statement includes a number of safety and soundness concerns.
- It is an avenue for banks to issue “dollar-denominated tokens” underpinned by DLT: A bank wishing to issue a dollar token must demonstrate, to the satisfaction of the supervisor, that it has controls in place to conduct the activity in a safe and sound manner, and it must receive a supervisory no-objection.
It seems highly unlikely that a bank will get the green light to issue tokens underpinned by an open, public or decentralized blockchain. In addition, where the bank does not have the ability to obtain and verify the identity of the transaction parties, and therefore may not have an adequate risk management framework to reduce the risk of money laundering and terrorist financing, it is highly likely that the supervisory authorities will conclude that its activities are inconsistent. with safe and good banking practices.
These railings still leave room for innovation. For example, the New York Innovation Center, a division of the Federal Reserve Bank of New York established in partnership with the Bank for International Settlements Innovation Hub, announced its participation in a proof-of-concept project with a number of major banks to explore the possibility of an interoperable network of central bank digital liabilities and commercial bank digital money using a shared, permissioned DLT.
- The purely cryptocentric banking business model will likely be a relic of history: The agencies have expressed significant safety and soundness concerns with business models that are concentrated in crypto activities or have concentrated exposure to the crypto sector. At the same time, crypto companies are not being kicked out of the banking system; the agencies were careful to note that banks are neither prohibited nor discouraged from offering banking services to customers of any particular class or type, as permitted by law or regulation.
More broadly, regulators’ crypto actions are a reminder that banks are a “special” type of entity, and the banking system is bounded by a shifting federal regulatory perimeter. That is, the banks are under supervision and are highly regulated institutions, and there are important safeguards with regard to the crypto-related activities they can engage in.
Unique Aspects of Bank-Fintech Partnerships
As a threshold matter, banks are limited in the activities they can engage in by “legal permission” – that is, before a bank can engage in new activities of any kind, including crypto-related activities, it must ensure that the specific activity is permitted in in accordance with applicable banking laws and regulations. In addition, supervision means that the banks must operate with safety and soundness in mind, as well as having appropriate measures and controls in place to manage risk. The banks must also ensure compliance with all relevant laws, including laws relating to the fight against money laundering/fighting the financing of terrorism, and consumer protection. The fat, FDIC, and OCC have each instructed their supervised banks to follow specific notification requirements if they seek to engage in crypto activities.
A bank-fintech partnership to provide crypto- or DLT-based services can provide unique benefits when executed safely and within these guardrails. A fintech company partnering with a bank can leverage the bank’s resources, infrastructure and compliance experience to safely offer crypto services to a larger audience. A bank can rely on the fintech company for back-end technology services or front-end user interface to support the crypto services it can offer to its banking customers. Robust integration of crypto functionality and DLT with traditional banking systems, with good risk control and consumer education, will also make it safer and easier for the general public to use these technologies.
Remove
We are entering a new chapter in the development of crypto, DLT and the businesses around them. Crypto is not going away anytime soon, and technologies like DLT continue to present unique and potentially promising opportunities for fintech companies and banks to cooperatively upgrade the outdated foundations of our financial system. Rather than keeping innovation out of the banking system, the industry and its regulators would do better to figure out the best way to integrate it safely and incrementally. The bank-fintech partnerships that are most advanced in managing legal uncertainty, mitigating risk and building strong compliance infrastructures will be best positioned for success. We at Wilson Sonsini Goodrich & Rosati advise fintech companies on the integration of these innovative technologies into financial activities and advise our clients on how to intelligently navigate the new and evolving legal issues raised by crypto and DLT . Do not hesitate to contact Jess Cheng, Amy Caiazza, or any member of the firm fintech and financial services practice for more information.
[1] The Fed also noted that the OCC has gone so far as to require a national bank to dispose of crypto held as principal that it acquired through a merger with a state bank: “Specifically, the OCC conditioned its recent approval of the merger between Flagstar Bank, FSB and New York Community Bank into Flagstar Bank, NA regarding the divestment of its holdings of “Hash”, a crypto-asset, after a compliance period, as well as an undertaking not to increase its holdings of any crypto-related asset or token “unless and until determined by the OCC. . . Hash or other crypto-related holdings are permitted for a national bank.” OCC Conditional Approval Letter No. 1299, at 9 (Oct. 27, 2022).