For those tracking developments impacting the crypto-asset space, the summer has been far from slow and leisurely. Multiple industry alerts flow daily with news of new legislative proposals, enforcement actions, and other events or issues impacting the industry. The news is inevitably accompanied by calls for greater legal certainty regarding crypto-asset characterization and clarity around the regulatory framework governing the industry. While news flows quickly, the pace of substantive developments, however, has been frustratingly slow for many. Unmoved by demands for faster and more definitive action, Federal banking regulators continue to demonstrate through their supervisory and regulatory actions that they view crypto-assets cautiously and expect the institutions they supervise to slow down and critically assess the risks associated with their crypto-related activities and third-party relationships.
On August 16, the Board of Governors of the Federal Reserve System (the “Federal Reserve”) released a Supervision and Regulation Letter (“S&R 22-6”) addressing the permissibility and requirements for its supervised banking organizations to engage in activities related to crypto-assets. S&R 22-6 acknowledges potential benefits that these assets present, but it also highlights the risks that accompanies these opportunities. Specifically, S&R 22-6 references the risks associated with technology and operations, anti-money laundering and terrorist financing compliance, consumer protection, and financial stability. The Federal Reserve released S&R 22-6 to draw institutional attention to these risks and to set out, at a high level, its expectations for those supervised banking organizations that may seek to participate in crypto-related activities. S&R 22-6 directs these organizations to:
- evaluate the legal permissibility of engaging in the activities, and the need for any required regulatory filings, under applicable Federal and state laws;
- notify their supervisory contacts before engaging in the activities (and also notify them if they have already engaged in any activities); and
- establish appropriate risk management systems and controls to conduct the activity in a safe and sound manner, including the capability to identify, measure, monitor, and control for associated risks across the full range of risk types (operational, compliance, financial, legal, etc.).
On the general issue of the legal permissibility of the activity, S&R 22-6 includes a reminder to state member banks that they may not, without the Federal Reserve’s approval, change the character of the bank’s business or scope of its powers from those at the time of membership admission. With respect to the requirement for notification to supervisory contacts, while S&R 22-6 does not specifically reference a requirement to obtain a written supervisory non-objection before engaging in the activity, it does state that supervision will provide the banking organization with “relevant supervisory feedback, as appropriate, in a timely manner.”
The Federal Reserve’s release aligns with a similar interpretive letter issued by the Office of the Comptroller of the Currency (“OCC”) last November. OCC Interpretive Letter #1179 requires a national bank or Federal savings association to receive written non-objection from its OCC supervisory office before engaging in any crypto-related activity that the OCC has previously determined to be permissible and to demonstrate to its supervisory office that the institution has risk management capabilities allowing it to engage in the activities in a safe and sound manner. Unconvinced of the adequacy of these requirements, however, a group of Democratic Senators recently released a letter asking the OCC to rescind all of its prior interpretive letters addressing the permissibility of certain crypto-related activities and to replace them with comprehensive guidance that the OCC, Federal Reserve, and FDIC should jointly develop.
In addition to agency guidance to the industry on the requirements necessary to engage in crypto-related activities, the Federal Reserve also recently addressed a review process for Reserve Banks to follow when institutions, including cryptocurrency custody banks, seek master accounts and access to Reserve Bank financial services. The day before the Federal Reserve’s release of S&R 22-6, it released Final Guidelines on factors for use in evaluating these access requests. The Federal Reserve had issued initial proposed guidelines for public comment in May 2021 and then in March 2022 released a supplemental proposal for comment that established a risk-tiering of institutions that would govern the scrutiny of review applied by the Reserve Banks to any request.
The Federal Reserve adopted the Final Guidelines largely as originally proposed and supplemented. Some commenters had recommended that the Federal Reserve specifically bar access requests from institutions with novel charters, like cryptocurrency custody banks. Though the Federal Reserve declined to adopt a blanket exclusion, it did note in the release that institutions engaging in novel activities where agencies are still developing appropriate supervisory and regulatory frameworks should expect comparatively longer review periods. Shortly after releasing the Final Guidelines, Michelle W. Bowman, member of the Federal Reserve Board of Governors, spoke at the VenCent Fintech Conference in Little Rock, Arkansas addressing “Technology, Innovation, and Financial Services.” Governor Bowman’s concluding remarks addressed the Final Guidelines, highlighting the higher standard of review that would be applied to non-federally insured institutions, and cautioning that release of the Final Guidelines may lead to false expectations on the timelines for evaluating and acting on requests.
Joining the Federal Reserve and OCC in issuing crypto-asset supervisory guidance, the Federal Deposit Insurance Corporation (“FDIC”) has also cautioned insured depository institutions regarding the risks of their crypto-asset offerings or third-party relationships with crypto companies. Following a joint demand by the Federal Reserve and the FDIC to Voyager Digital, a crypto brokerage firm, that Voyager cease and desist from making false and misleading statements concerning its FDIC insurance status, the FDIC issued an advisory to insured depository institutions as well. The FDIC Advisory (the “Advisory”), issued July 29, 2022, cites the possibility of customer confusion regarding the availability of FDIC insurance for these products, potentially leading to consumer harm and legal risks to the institution. The Advisory directed institutions to evaluate whether their crypto-asset activities and third-party risk management policies and procedures effectively manage their associated risks.
For institutions looking for fast access to Federal Reserve accounts or supervisory non-objection to crypto-related activities and for greater clarity on the overall regulatory framework governing these activities, the most recent statements from Federal banking regulators demonstrate instead that, for now at least, the only available course of action is to settle in for a slow and closely scrutinized ride.