On July 22, 2020, the Office of the Comptroller of the Currency (the “OCC”) issued Interpretive Letter No. 1170 (the “Letter”) authorizing national banks and federal savings associations to provide cryptocurrency custody services for customers in both fiduciary and non-fiduciary capacities. The Letter also may permit those state-chartered banks that enjoy state “national bank parity laws” to provide similar cryptocurrency custody services if their jurisdictions have not already adopted comparable cryptocurrency legislation.
The Letter builds on past agency interpretations and case law supporting a broad range of permissible activities and services that may be provided by financial institutions supervised by the OCC. Safekeeping and custody services for a wide variety of physical and electronic assets are long recognized permissible banking activities. The Letter concludes that providing cryptocurrency custody services, including holding the unique cryptographic keys associated with cryptocurrencies, is simply “a modern form of these traditional bank activities.”
The OCC examined the attributes of cryptocurrency technology and determined that while custody for cryptocurrencies differs from banks’ traditional physical custody activities, they are fundamentally similar activities. The Letter notes that there is a growing demand for safely storing the cryptographic keys associated with cryptocurrencies on behalf of customers as part of banks’ existing custody business. The Letter further notes that, as the financial markets become increasingly technological, there will likely be an increasing need for banks and other service providers to leverage new technology and innovative ways to provide traditional banking services on behalf of customers.
The Letter also cautions OCC-supervised institutions intending to launch cryptocurrency custody services to have well-developed business plans and strategies consistent with sound risk management practices in place and to implement effective policies, procedures, internal controls, and management information systems governing custody services. The OCC also noted that the due diligence process should include a review for compliance with anti-money laundering rules and have effective information security infrastructure and controls in place to mitigate hacking, theft, and fraud.