On August 16, 2022, the Board of Governors of the Federal Reserve System (“Federal Reserve”) issued guidance for banking organizations that engage or seek to engage in crypto-asset-related activities (“ August 2022 Guidelines”).1
The August 2022 guidance is the latest step by US federal banking regulators to define and limit the regulatory scope of banking organizations’ crypto-asset-related activities. Most importantly, the August 2022 guidelines require Federal Reserve-regulated banking organizations to notify their supervisory point of contact prior to crypto-asset-related activities and put in place adequate controls and systems around such activities. In addition, banking organizations are responsible for providing notice of any crypto-asset related activity currently being undertaken by the banking organization. The August 2022 guidelines adopt a broad definition of crypto-asset activity and include activities that involve the “facilitation” of purchases and sales of crypto-assets by customers without explaining what constitutes “facilitation” .
In this legal update, we provide background information on the regulation of crypto-asset-related activities by banking organizations, summarize the August 2022 guidance, and discuss its implications for banking organizations.
On November 23, 2021, federal banking regulators released a roadmap for a joint effort to clarify the legal authority of banking organizations to engage in crypto-related activities.2 He said federal regulators have determined that there are a number of issues regarding banking organizations’ involvement in crypto-related activities that warrant additional oversight guidance. Therefore, regulators planned to issue regulatory documents throughout 2022 that would provide (i) greater clarity on whether certain crypto-asset-related activities conducted by banking organizations are legally permitted and (ii) expectations for safety and soundness, consumer protection and compliance. with existing laws.
On the same day, the Office of the Comptroller of the Currency (“OCC”) separately withdrew its previous crypto-related interpretations stating that an OCC-regulated bank cannot engage in the activities discussed in previous letters. only if it “can demonstrate, to the satisfaction of its oversight office, that it has controls in place to conduct the business in a safe and sound manner.3 The revised guidelines then required OCC-regulated banks to notify their OCC oversight office in writing before engaging in crypto-related activities and receive a written no-objection from the agency. . Subsequently, the Federal Deposit Insurance Corporation (“FDIC”) issued guidelines requiring FDIC-regulated banks to notify the agency before engaging in any activity involving or related to crypto-assets.4 However, banking organizations regulated by the Federal Reserve were not covered by the actions of the OCC or the FDIC.
August 2022 Tips
The August 2022 guidance is similar to previous OCC and FDIC actions in that it establishes a notice requirement and emphasizes the need for strong risk management practices and compliance controls. It requires banking organizations regulated by the Federal Reserve to notify their primary oversight point of contact within the agency before engaging in any activity related to cryptoassets. Banking organizations that currently engage in crypto-asset-related activities must also promptly notify the Federal Reserve if they have not already done so. For these purposes, crypto-asset related activity includes, but is not limited to, traditional crypto-asset custody and custodial services, ancillary custody services, facilitating purchases and sales of crypto- assets by customers, loans secured by crypto-assets and issuance and distribution of stablecoins. This prior notification requirement runs counter to typical regulatory approaches to expanding financial activities by banking organizations, but is similar to the approach taken by the OCC and FDIC regarding crypto-related activities.5
Before engaging in any activity related to crypto-assets, a Federal Reserve-regulated banking organization must also (i) assess the legality of the activity; (ii) determine whether any filings are required under applicable federal or state law; and (iii) have adequate systems, risk management and controls in place to conduct the business in a safe and sound manner and in compliance with all applicable laws.
The August 2022 guidelines do not explicitly state that specific crypto-asset-related activity is permitted for a Federal Reserve-regulated banking organization. Instead, it indicates that a banking organization must analyze the legality of such activities under relevant state and federal laws and determine whether deposits are required under federal banking laws. For example, a bank holding company should review a proposed business under Section 4 of the Bank Holding Company Act of 1956, as amended, and Federal Reserve Regulation Y. The August 2022 guidelines also encourage member state banks to consult with their state. regulators regarding any state filings, notify their state regulator before engaging in any crypto-asset-related activity, and consider applying the Federal Reserve’s change in business approval process to the activity . Regulators can question authorization determinations by banking organizations, and the August 2022 guidance suggests that banking organizations consult with the Federal Reserve if they have questions regarding the authorization of activity related to cryptoassets. .
If activity related to crypto-assets is deemed permitted, the August 2022 guidelines require banking organizations to put in place adequate systems, risk management and controls. These measures should enable the organization to identify, measure, monitor and control the risks associated with the activity on an ongoing basis and cover operational risk, financial risk, legal risk, compliance risk and any other risk necessary to ensure the activity. is carried out in a manner that is consistent with safe and sound banking and in compliance with applicable laws. The Federal Reserve explicitly calls consumer protection, anti-money laundering and economic sanctions laws, cybersecurity, and financial stability laws as applicable to crypto-asset-related activities. While all activities of a banking organization are subject to these risk management and compliance requirements, regulators often emphasize these obligations when they have concerns about how organizations conduct particular activities. .6 Therefore, banking organizations should expect increased scrutiny from examiners and explicitly document how they identify, monitor, measure, and manage risks and compliance issues associated with crypto-asset-related activities.
Key points to remember
The August 2022 guidelines will require banking organizations engaged in crypto-asset-related activities to notify their Federal Reserve supervisors of their activities and will likely result in some restrictions on such activities. Accordingly, as part of such advice, banking organizations should be prepared to explain to their supervisors how they are currently or in the future managing the risks associated with their crypto-asset business and otherwise dealing with issues. management and compliance set out in the August 2022 guidance.
The August 2022 guidelines adopt a notice requirement for future crypto-asset-related activity that is similar to past actions by the OCC and FDIC. A notification requirement arguably does not obligate an agency to approve a banking organization’s involvement in crypto-asset-related activity. However, notification requirements can often be as restrictive as an approval requirement if a regulator uses the notice as an opportunity to raise prudential or legal concerns about the bank’s intended action. Accordingly, banking organizations should be prepared to address in any notice the risk, management and compliance issues raised in the August 2022 guidance and should expect a waiting period after submission of the notice. .
Finally, the August 2022 guidance illustrates the Biden administration’s reluctance to allow banking organizations to engage in crypto-asset-related activities without the enactment of a specific statutory regulatory regime for crypto-asset markets. . Although the administration has signaled its willingness to allow banking organizations to issue stablecoins in its negotiations over possible stablecoin legislation, financial regulators appointed by President Biden have raised concerns about the risks of related activities. to crypto-assets for banking organizations and indicated that their restriction approach has shielded banking organizations from recent volatility in the crypto-asset markets.seven Therefore, for the foreseeable future, banking organizations will likely continue to face significant pushback from financial regulators on efforts to penetrate crypto-asset markets and provide crypto-asset-related services to their customers. clients.
1 Federal Reserve, SR 22-6 (August 16, 2022), https://www.federalreserve.gov/supervisionreg/srletters/SR2206.htm.
2 Please see our legal roadmap update: https://www.mayerbrown.com/en/perspectives-events/publications/2021/11/us-banking-regulators-release-roadmap-for-cryptorelated-activities -by-banks.
3 OCC, Bull. 2021-57 (23 Nov. 2021), https://occ.gov/news-issues/bulletins/2021/bulletin-2021-57.html.
4 FDIC, FIL-16-2022 (April 7, 2022), https://www.fdic.gov/news/financial-institution-letters/2022/fil22016.html.
5 See 12 CFR §§ 225.22(a), 225.87(a).
6 For instance, Federal Reserve, SR 21-19 (December 10, 2021) (relationships with investment funds); Federal Reserve, SR 07-5 (April 17, 2007) (structured finance activities).
seven Remarks by Acting Comptroller Michael J. Hsu at DC Blockchain Summit 2022 – Crypto: A Call to Reset and Recalibr (treas.gov)