Mainstreaming Digital Asset Custody? OCC Greenlights Digital Asset Custody Services for Crypto Assets

On July 22, the Office of the Comptroller of the Currency (“OCC”) clarified in an interpretive letter that “providing cryptocurrency custody services, including holding unique cryptographic keys associated with cryptocurrency, is a modern form of traditional bank activities related to custody services” that national banks and federal savings associations may provide their customers. The OCC also acknowledged that the permissible custody services for cryptocurrencies by these banks may extend beyond passively holding keys. Banks have been reticent to engage with digital assets and cryptocurrency over regulatory oversight and related risk concerns. Custody of digital assets has been a critical concern for a variety of regulators seeking to ensure the safeguarding of digital assets by financial intermediaries. The SEC, FINRA, CFTC and state authorities have all issued statements relating to the custody of digital assets by financial intermediaries.

In the interpretive letter, the OCC also addressed the authority of a national bank to provide cryptocurrency custody services for customers, the OCC also reaffirms its position that “national banks may provide permissible banking services to any lawful business they choose, including cryptocurrency businesses, so long as they effectively manage the risks and comply with applicable law.” While the OCC’s guidance provides opportunities, banking crypto customers will require additional compliance resource outlays for data security, anti-money laundering compliance, and staff with industry experience.

Acting Comptroller of the Currency, Brian Brooks, former Chief Legal Officer at Coinbase who joined the agency in April, stated in a release that “from safe-deposit boxes to virtual vaults, we must ensure banks can meet the financial services needs of their customers today.” Accordingly, he expressed that the OCC’s announcement “clarifies that banks can continue satisfying their customers’ needs for safeguarding their most valuable assets, which today for tens of millions of Americans includes cryptocurrency.”

The letter explains that providing custody services for cryptocurrency is permissible in both non-fiduciary and fiduciary capacities. For example, national banks providing custody services in a non-fiduciary capacity may escrow encryption keys used in connection with digital certificates because, as the letter describes, “a key escrow service is a functional equivalent of physical safekeeping.” In addition, national banks holding cryptocurrencies in a fiduciary capacity would have the authority to manage them in the same way they manage other assets they hold as fiduciaries. The letter also emphasizes the importance for the banks of having adequate systems in place, such as for identifying, measuring, monitoring, and controlling the risks of custody services provided and ensuring that the contemplated duties of the custodian bank are within its capabilities and consistent with all applicable law. The letter cautions that banks entering the space “should develop and implement those activities consistent with sound risk management practices and align them with the bank’s overall business plans and strategies.”

Banks looking to provide these services should practice caution. Earlier this year, the OCC imposed significant remedial requirements on M.Y.Safra bank, a bank with a model focused on providing banking services to blockchain businesses including blockchain-based financial institutions. In particular, the OCC determined that the bank needed to improve its systems involving customer due diligence and suspicious activity reporting. The blockchain’s public ledger system, which allows all parties the ability to follow transactions past their institution, will likely bring additional monitoring requirements that banks must incorporate into their current systems (See our previous alert for more information). Institutions looking to expand their services to cryptocurrency offerings and custody services should consider the following:

• Ensure that the compliance team is incorporated early in the conversation including in assessment of risks and development of transaction systems.
• Be prepared for likely increases in transaction volumes due to the speed at which blockchain systems operate.
• Develop supportable and documented alert triggers that conform with the OCC’s guidance on model validation.
• Ensure that systems that monitor customer profiles and activity integrate newly developed blockchain services with traditional banking services.

The OCC’s announcement marks a remarkable development for the cryptocurrency industry in the United States, and is a significant step in allowing wider adoption of cryptocurrencies by allowing large, regulated financial institutions that already provide similar safekeeping services to enter a space formerly occupied by few specialist firms. This announcement follows the OCC’s other recent developments in the crypto industry and demonstrates the OCC’s proactive approach to financial innovation. In June, the OCC issued an advance notice of proposed rulemaking, inviting public comment on its regulations on any banking issue related to digital activities of national banks and federal savings associations, and their use of technology and innovation, including blockchain technology, cryptocurrency and artificial intelligence. Comments to the advance notice of proposed rulemaking are due by August 3, 2020.