As presaged by Acting Comptroller Hsu’s earlier statements that cryptocurrency precedents issued under the prior Comptroller were under review, the Letter attempts to constrain without overturning OCC Interpretive Letters 1170 (addressing whether Banks may provide cryptocurrency custody services),2 1172 (addressing whether Banks may hold deposits backing stablecoins),3 and 1174 (analyzing whether Banks may act as nodes on a distributed ledger to verify payments or engage in certain other stablecoin activities to facilitate payment transactions).4 Although the Letter does not rescind these interpretative letters, it indicates that before exercising any of the authorities articulated in those letters, a Bank will need to obtain specific approval tied to the OCC’s assessment of the Bank’s ability to engage in the activity in a safe and sound manner. For this purpose, a Bank must notify its supervisory office of its intent to engage in the activities and obtain a written nonobjection from the supervisory office.5 Banks making such filings should expect rigorous, and likely extended, review.
The OCC’s assessment of safety and soundness in connection with activities involving cryptocurrency, distributed ledger, and stablecoin will focus on the Bank’s risk assessment and risk management systems and its controls to address identified risks. Banks engaging in such activities are expected to address, among other things, operational risks (including hacking, fraud, and third-party risk management), liquidity risks, strategic risks and compliance risks (including but not limited to compliance with the Bank Secrecy Act, anti-money-laundering requirements, sanctions requirements, commodities laws, securities laws, and consumer protection laws). The Letter specifies that “consistent with longstanding OCC precedent, a proposed activity cannot be part of the ‘business of banking’ if the bank lacks the capacity to conduct the activity in a…
