The last few years had started to see a convergence between crypto and banking, with Bitcoin appearing to rapidly grow mainstream. That momentum hit a wall with the spectacular crypto market failures of 2022, including the collapse of the crypto exchange FTX. In response to the significant volatility and the exposure of vulnerabilities in the crypto sector that resulted, the federal prudential bank regulators (the Board of Governors of the Federal Reserve System [Fed], the Federal Deposit Insurance Corporation [FDIC], and the Office of the Comptroller of the Currency [OCC]) have recently taken coordinated moves to, with an increasingly firmer hand, delineate the types of risks related to the crypto sector that banks should be aware of—and, in certain instances, that do not belong in the banking system, in their view.
The policy lines being drawn are critical because banks continue play a dominant role in mainstream, day-to-day financial activities. A bank’s expansion into crypto activities or offerings underpinned by distributed ledger technology (DLT), particularly in partnership with a fintech company, could amplify adoption of these technologies. A fintech company offering crypto services or a DLT-based platform may find its own scale, reach, and reputation in augmented by partnering with a bank. If done carefully and cautiously, these partnerships could also help safely integrate certain crypto and DLT-based innovations into more mainstream uses. What that could look like and the supervisory expectations around such offerings are starting to take shape, as reflected by recent actions by the federal prudential regulators. As the Biden Administration has emphasized, these actions reflect “the imperative of separating risky digital assets from the banking system.” Even still, not all crypto and DLT-based activities are off the table.
We are at an important turning point in the industry, with riskier crypto enterprises failing and banking regulators stepping up to make their expectations clearer. It is important for fintech companies that partner with or are looking to partner with banks to offer crypto or DLT-based services, investors in these companies, and their legal advisers to stay abreast of where the prudential overseers are beginning to draw a red line with respect to crypto activities and the opportunities for responsible innovation that remain.
Recent Crypto Developments
The Fed, FDIC, and OCC had jointly announced in November 2021 that they conducted a series of interagency “policy sprints” focused on crypto, but only recently have they started to paint clearer boundaries for the types of crypto activities that banks may engage in. These recent announcements include their joint statement on crypto-asset risks to banking organizations, issued January 3, 2023; the Fed’s policy statement to promote a level playing field for all banks with a federal supervisor, regardless of deposit insurance status, issued on January 27, 2023; and the Fed’s announcement of its denial of the application by Custodia Bank, Inc. to become a member of the Federal Reserve System, also made on January 27, 2023.
Here are some practical takeaways for fintech companies that are partnering with or are looking to partner with banks in connection with crypto- or DLT-based offerings:
Banks are not barred from providing crypto custody services: The Fed explicitly stated that it is not taking off the table for its supervised banks the ability to provide safekeeping services, in a custodial capacity, for crypto—if conducted in a safe and sound manner and in compliance with consumer protection, anti-money laundering, and anti-terrorist financing laws. The OCC has previously concluded that a national bank may provide crypto custody services on behalf of customers.
Banks are unlikely to be holding crypto assets for their own account (“as principal,” such as for investment or market-making activity): The joint statement noted that holding as principal crypto-assets that are underpinned by an open, public, or decentralized blockchain is “highly likely to be inconsistent with safe and sound banking practices.”
The Fed went further in its policy statement, noting that it would “presumptively prohibit” its supervised banks from holding most crypto as principal. Overcoming this presumption will be no small feat, as the Fed’s policy statement includes a litany of safety and soundness concerns.
There is a path for banks to issue “dollar-denominated tokens” underpinned by DLT: A bank seeking to issue a dollar token would need to demonstrate, to the satisfaction of its supervisor, that it has controls in place to conduct the activity in a safe and sound manner, and it must receive a supervisory nonobjection.
It seems highly unlikely that a bank would receive a greenlight to issue tokens underpinned by an open, public, or decentralized blockchain. Additionally, where the bank does not have the ability to obtain and verify the identity of transacting parties, and therefore may not have a sufficient risk management framework to mitigate money laundering and terrorism financing risks, supervisors are highly likely to conclude that its activities are inconsistent with safe and sound banking practices.
These guardrails still leave room for innovation. For example, the New York Innovation Center, a division of the Federal Reserve Bank of New York established in partnership with the Bank for International Settlements Innovation Hub, announced its participation in a proof-of-concept project with a number of major banks to explore the feasibility of an interoperable network of digital central bank liabilities and commercial bank digital money using a shared, permissioned DLT.
The purely crypto-centric bank business model is likely to be a relic of history: The agencies have expressed significant safety and soundness concerns with business models that are concentrated in crypto activities or have concentrated exposures to the crypto sector. At the same time, crypto companies are not being shunned from the banking system; banks are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.
More generally, the prudential regulators’ crypto actions are a reminder that banks are a “special” type of entity, and the banking system is bounded by a shifting federal regulatory perimeter. That is, banks are supervised and highly regulated institutions, and there are important guardrails with respect to the crypto-related activities they can engage in.
Unique Aspects of Bank-Fintech Partnerships
As a threshold matter, banks are limited in the activities they can engage in by “legal permissibility”—that is, before a bank can engage in new activities of any kind, including crypto-related activities, it must ensure that the specific activity is permissible under applicable banking law and regulation. In addition, prudential oversight means that banks have to operate with safety and soundness in mind, as well as have appropriate measures and controls in place to manage risks. Banks must also ensure compliance with all relevant laws, including those related to anti-money laundering/countering the financing of terrorism and consumer protection. The Fed, FDIC, and the OCC have each instructed their supervised banks to follow specific notice requirements if they are seeking to engage in crypto-related activities.
A bank-fintech partnership in offering crypto or DLT-based services can yield unique benefits when executed safely and within these guardrails. A fintech company that partners with a bank could leverage the bank’s resources, infrastructure, and regulatory compliance experience to safely offer crypto services to a larger audience. A bank might rely on the fintech company for back-end technology services or front-end user interfaces to support the crypto services it can offer to its banking customers. Robust integration of crypto functionality and DLT with traditional banking systems, with sound risk controls and consumer education, would also make it safer and easier for the general public to use these technologies.
We are entering a new chapter in the evolution of crypto, DLT, and the businesses around them. Crypto is not vanishing any time soon, and technologies like DLT continue to present a unique and potentially promising opportunity for fintech companies and banks to collaboratively upgrade the outdated underpinnings of our financial system. Rather than keeping innovation out of the banking system, the industry and its regulators would do better to figure out the best way to integrate it safely and incrementally. The bank-fintech partnerships that are most advanced in addressing legal uncertainties, mitigating risk, and building strong compliance infrastructures will be best positioned for success. Critical to that success is good legal counsel on how to intelligently navigate the novel and evolving regulatory issues raised by crypto and DLT.
The Fed also noted that the OCC has gone so far as to require a national bank to divest crypto held as principal that it acquired through a merger with a state bank: “Specifically, the OCC conditioned its recent approval of the merger between Flagstar Bank, FSB and New York Community Bank into Flagstar Bank, NA on the divestiture of holdings of ‘Hash,’ a crypto-asset, after a conformance period, as well as a commitment not to increase holdings of any crypto-related asset or token ‘unless and until the OCC determines that . . . Hash or other crypto-related holdings are permissible for a national bank.’” See also OCC Conditional Approval Letter No. 1299, at 9 (October 27, 2022). ↑