On November 23, 2021, the Chief Counsel and Senior Deputy Comptroller Benjamin W. McDonough of the Office of the Comptroller of the Currency (the "OCC") issued OCC Interpretive Letter 1179 (dated November 18, 2021) ("IL 1179"). While the ostensible purpose for IL 1179 was to "clarif[y] that the activities addressed in [three previous] interpretive letters are legally permissible for a [national] bank to engage in," the actual purpose appears to be the opposite: while the three previous interpretive letters acted as a de facto grant of authority by confirming that national banks could engage in certain crypto and blockchain-related activities pursuant to their existing banking powers, IL 1179 essentially abrogates that authority by imposing a requirement that banks gain written approval prior to engaging in the activities.
Without owning up to its actual purpose, the OCC in IL 1179 attempts to have it both ways: to purportedly affirm the prior legal analysis (with no discussion of why its affirmation was necessary for letters little more than a year old), while effectively preventing national banks from actually engaging in those activities absent OCC approval. Further, the approval requirement put in place by IL 1179 is applied seemingly randomly, and without concrete justification as to its necessity—in fact, the OCC on the same day issued another interpretation concerning national banks engaging in risky activities and did not apply the same roadblock.
Finally, within the last year, the OCC revisited and revised the entire regulatory framework for national banks engaging in activities that are part of the "business of banking": in 52 pages of detailed analysis, the OCC several times changed what had previously been the requirement to obtain a non-objection letter from the OCC instead to a requirement to provide prior notice (and perhaps representations of safety and soundness) to engage in a new activity. Where a pre-clearance is required, that requirement was mandated through a public notice and comment process—not through a summary letter without specific analysis. So we ask: why are digital asset activities being singled out?
What does OCC IL 1179 say?
Following the statement from the OCC that it was "reviewing" the conclusions of Interpretative Letters 1170, 1172 and 1174, issued in 2020 and 2021, the OCC issued IL 1179. These prior letters analyzed and concluded that certain cryptocurrency, distributed ledger, deposit-taking and stablecoin payments activities were legally permissible for national banks pursuant to their existing banking powers.
OCC IL 1179 provides that the activities described in those letters remain legally permissible; "provided the bank can demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner." It then goes on to make the claim that "consistent with longstanding OCC precedent, a proposed activity cannot be part of the 'business of banking' if the bank lacks the capacity to conduct the activity in a safe and sound manner."
This is a highly unusual and somewhat backward claim. Either an activity is part of the business of banking or it is not: while we agree that national banks should not engage in banking activities unless they can do so in a safe and sound manner, "how" a national bank engages in a banking activity—and whether or not the bank has obtained supervisory approval to engage in that activity—has not routinely been a determining factor as to whether a bank has the legal authority to engage in that activity. Congress determines the extent and nature of the "business of banking." For national banks, this determination is in the National Bank Act. Congress has delegated to the OCC the authority to make determinations as to whether activities are part of the "business of banking"; this delegation is not authority, however, for the OCC to determine that activities found by Congress to be permissible should require pre-clearance, such as deposit-taking.
We presume that in requiring national banks to obtain pre-clearance prior to engaging in certain activities, the OCC would determine that those activities present unique or high risks. The OCC does not routinely require such an extra step, and does not provide any justification as to why the pre-clearance process set forth in IL 1179 is necessary when it had already confirmed the permissibility of those activities in its previous interpretive letters.
How does a bank demonstrate to the OCC that it can conduct the crypto activities in a safe and sound manner?
OCC IL 1179 sets out a process by which a national bank should notify its supervisory office in writing of its intention to engage in crypto activities. The national bank may not engage in such activities until it receives written notification of the non-objection to its plans by the supervisory office. To get such clearance, a national bank must demonstrate that it has adequate systems in place to identify, measure, monitor and control the risks of the activity on an ongoing basis. Risks that must be identified with respect to cryptocurrency activities include, but are not limited to, (i) operational risk, (ii) liquidity risk, (iii) strategic risk, and (iv) compliance risk. Areas that will raise concerns include compliance with the Bank Secrecy Act, anti-money laundering, sanctions and consumer protection laws, and "the specific conditions, processes and controls discussed in Interpretive Letters 1170, 1172 and 1174."
The supervisory office will determine whether an activity would be conducted in a safe and sound manner through evaluating the adequacy of a national bank's risk management systems and controls, risk measurement systems and other related criteria. This review will not be limited to cryptocurrency activities, however: "[t]he supervisory office will also evaluate any other supervisory concerns relevant to the particular proposal …" This appears to leave open the door to the possibility that a national bank's general condition and compliance results—unrelated to the proposal—could prevent that national bank from obtaining an OCC non-objection with respect to its cryptocurrency-related activities.
What activities are covered by OCC IL 1179?
By its terms, IL 1179 applies to any activities approved in OCC interpretive letters 1170, 1172, and 1174. These include (i) whether banks may provide cryptocurrency custody services, (ii) whether banks may hold dollar deposits to serve as reserves backing stablecoins, and (iii) whether banks may act as nodes on an independent node verification network to verify customer payments and engage in certain stablecoin activities to facilitate payment transactions.
In other places, IL 1179 speaks more broadly to "cryptocurrency activities." This broader term carries considerable ambiguity: for example, if a national bank were to provide customer-driven, agency services with regard to cryptocurrency outside the scope of the three letters, that service would appear to be covered by IL 1179's conclusions. Further, new cryptocurrency-based activities that banks have not yet offered may be covered. Assets that are based on distributed ledger technology ("DLT"), but do not share characteristics with cryptocurrency (such as DLT to be employed by banks to provide banking services) could also be covered. Finally, it's worth considering whether the OCC's statement that these activities are banking activities affect the ability of non-banks to engage in them without first obtaining a bank charter or appropriate license? After all, other banking activities (i.e., lending, deposit taking and payments) do often require an entity to obtain an appropriate license or charter.
On the same date as IL 1179, the OCC, the Board of Governors of the Federal Reserve System (the "Federal Reserve") and the Federal Deposit Insurance Corporation (the "FDIC") issued a short "Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps" (the "Joint Statement"). The Joint Statement stated that the regulators would provide "coordinated and timely clarity" on rules for banks to engage with cryptocurrencies. The activities review by the regulators under the Joint Statement include (i) crypto-asset safekeeping and traditional custody services, (ii) ancillary custody services, (iii) facilitation of the purchase and sale of crypto-assets by their customers, (iv) loans collateralized by crypto-assets, (v) payments activities, including stablecoins, and (vi) crypto-assets on bank balance sheets. These areas cover many, but not all, of the activities identified by IL 1179. Specifically, deposit taking related to stablecoin issuance is not identified.
Pursuant to the Joint Statement, the agencies plan to provide additional clarity on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible. Is IL 1179 just a pause on national banks engaging in these activities? If this is what the OCC intends, why not just say so? Regulatory pauses are common in times of changing rules. It is not clear otherwise how supervisors at the OCC would be able to grant an approval for an activity being reviewed by all three agencies.
Are any activities grandfathered by OCC IL 1179?
The letter states that national banks already engaged in "cryptocurrency, distributed ledger, or stablecoin activities" as of the date of publication of this letter "do not need to obtain supervisory non-objection. However … the OCC expects that a [national] bank that has commenced such activity will have provided notice to its supervisory office. The OCC will examine these activities as part of its ongoing supervisory process. [National b]anks engaged in such activities should have systems and controls in place consistent with those described in this letter."
How is IL 1179 consistent with the recent Report on Stablecoins by the President's Working Group ("PWG")?
On November 1, 2021, the PWG issued a Report on Stablecoins (the "Report"). The Report concludes, among other things, that "[t]here are key gaps in prudential authority over stablecoins" and recommends that "Congress [should] act promptly to enact legislation to ensure that … stablecoins … are subject to a federal prudential framework on a consistent and comprehensive basis." To implement this recommendation, the Report suggests that "legislation should require stablecoin issuers to be insured depository institutions" ("IDIs"). The Report notes that stablecoins can play an important role in customer payments. The OCC joined the recommendations and conclusions of the Report.
All full-service national banks are IDIs; therefore, the Report recommends that stablecoin issuance be limited to entities, such as national banks. As we have written elsewhere, this seems to indicate that the OCC and other banking agencies believe that stablecoin issuance, redemption and maintenance of reserves are part of the business of banking. Yet, three weeks after joining in issuing the Report, the OCC has now in IL 1179 made the issuance of stablecoins by national banks much more difficult.
So, does the OCC believe that stablecoin issuance is too risky for non-banks, and instead should be done by prudentially regulated national banks? Or, does it believe that stablecoin issuance (and other digital asset activities) are too risky to be performed by just any prudentially regulated national bank, and should instead be subject to an additional level of safety and soundness review and a pre-clearance written non-objection?
What does all of this mean?
OCC IL 1179 states broadly that "a proposed activity cannot be part of the 'business of banking' if the [national] bank … lacks the capacity to conduct the activity on a safe and sound basis." In support of its claim, it cites two Supreme Court cases from 1875 and 1906. It also cites three prior letters in which it required prior notice before a national bank could engage in a new activity.
Notwithstanding these citations and the related arguments, it is fairly unusual for the OCC to require a supervisory non-objection in writing prior to a national bank being able to engage in a new activity. This manner of pre-clearance is, as indicated by the letters cited by IL 1179, usually limited to those activities that might present new, unusual or high risks to the national bank. The activities listed above may or may not meet that standard, but the OCC does not cite any analysis or precedent as to why this would be the case—or why they it believes that should be the case now, after having not required it in 2020 and earlier in 2021.
Several of the previously approved activities, especially in Interpretive Letters 1170 and 1172, appear to be activities that national banks have been engaging in for at least as long as the Supreme Court cases cited have been in place. IL 1170 addressed custody services, and following analysis concludes that banks may provide custody for digital assets pursuant to their longstanding authority to provide custody services. IL 1170 does not specify how a national bank must custody digital assets, and instead leaves it to each national bank to provide that service in the best way possible. In many circumstances, national banks take on the client-facing role as custodian, while subcontracting the actual custody to a bank or trust company that specializes in providing those services for digital assets clients.
Similarly, IL 1172 addressed the ability of national banks to accept deposits related to the issuance by third parties of stablecoins (or similar assets). The issuers are required to hold certain levels of cash reserves, and that cash is almost always deposited in an insured bank. National banks have been authorized to take deposits since the adoption of the original National Bank Act in 1863 (as amended in 1864). Deposit taking is perhaps the most core of all banking activities, and indeed an activity in which only a bank can engage. It is unclear why engaging in this activity should require the written, pre-clearance of the OCC.
Moreover, if national banks (and perhaps all banks) cannot hold cash reserved from stablecoin issuance, where should that cash be held so as to be readily available for redemption requests from stablecoin holders and to avoid runs? If for some reason custody services and deposit taking become more risky when digital assets are involved, that analysis and conclusion goes unaddressed in IL 1179.
Rather than merely "clarifying" the OCC's previous cryptocurrency-related interpretive letters, IL 1179 seems to impose new requirements that are unusual in the context of prior OCC letters and practice, the Report and the analysis within IL 1179 itself. The OCC appears to want to limit the ability of national banks to engage in digital activities related to cryptocurrencies. However, as it has already found these activities to be permissible—which is not surprising given that the prior approvals relate to custody services, deposit taking, and payments activities, all of which are core banking functions—the OCC has issued an unusual and highly legalistic interpretation that appears to have no apparent aim other than to impede the ability of national banks to engage in those permissible activities. We can only conclude that the OCC wants to strictly limit these activities by national banks, and has introduced a pre-clearance step to achieve this goal and insulate itself from political and other pressures.