Cryptocurrencies have become ubiquitous over recent years. Not a day goes by without a message in the news about a new virtual currency or blockchain development.
It is, therefore, not surprising authorities are re-evaluating their current cryptocurrency regimes. As a result, digital currencies are experiencing a significant increase in regulatory oversight.
Not all regulators see cryptocurrencies as a threat, however, and many are developing cryptocurrency-friendly environments to attract and spur investment in this sector. Such supportive regulations promise to foster continued growth, as well as increase transparency throughout the industry.
Since 2015, the New York State Department of Financial Services (DFS), granted numerous digital currency licenses and charters to “ensure that New Yorkers have a well-regulated way to access the virtual currency marketplace” under its “BitLicense” regulation, or the limited purpose trust company
 provisions of the New York Banking Law. To improve accessibility into the industry, DFS also recently released a Request for Comments on a Proposed Framework for a Conditional BitLicense, which DFS says will make it easier for start-ups to enter the New York virtual currency market.
Now, at a national level, the Office of Comptroller of the Currency (OCC) is paving the way for cryptocurrency across the United States. In July 2020, the OCC issued Interpretive Letter #1170, confirming that national banks are allowed to provide cryptocurrency custody services for their customers.
The letter also reaffirms the OCC’s position that national banks may provide permissible banking services to cryptocurrency businesses.
In September, the OCC went one step further and issued Interpretive Letter #1172, stating that U.S. banks may provide services to stablecoin issuers in the U.S. and provided the nation’s first set of guidance on how banks should handle stablecoin, or cryptocurrencies tied to fiat currencies.
The OCC’s letters are a big deal for those in the crypto world, as regulators are usually hesitant to break new ground. In showing a pro-virtual currency mindset, the OCC is moving the industry one big step forward and allowing other regulators to follow.
In the past, crypto-focused companies had difficulties procuring traditional banking services, sometimes forcing firms to turn to unregulated and dubious offshore payment processors to handle their cash management needs.
Much to the dismay of many crypto supporters, earlier this year Goldman Sachs stated in a widely publicized note that “cryptocurrencies, including Bitcoin, are not an asset class.”
For many years, boutique provider Silvergate Bank, the leading bank for innovative businesses in fintech and cryptocurrency-based in San Diego, was effectively the only bank providing services to the crypto industry (and even so, Silvergate is very selective of its client base).
In a stark about-face from a statement made in 2017 by its CEO calling bitcoin a “fraud,” JP Morgan is now the only large bank providing traditional banking services to cryptocurrency exchanges. Earlier this year, the bank offered its services for the first time to two crypto firms, Coinbase and Gemini Trust.
So, with these recent developments, can we now expect other FIs to jump on the opportunity to expand their service offerings to crypto firms? The answer is unclear.
Before setting off to become crypto custodians and launch their first virtual vault, best practices suggest FIs should navigate challenges in demand/ ROI, personnel, the technology required, security, and legal liability.
Virtual currencies are a complex product and represent a challenge to the payment system built and operated by banks.
Before preparing to establish a new custody platform, FIs will need to consider whether it makes sense for them in terms of their risk appetite, and ensure they have proper risk management practices and compliance frameworks to offer crypto services.
WHAT FACTORS DO FIs NEED TO CONSIDER FROM A RISK & COMPLIANCE PERSPECTIVE?
Operating in the heavily regulated financial services industry, it is critical for FIs to comply with federal and even local regulations to conduct business in a fair and transparent way.
As per the OCC’s Interpretive Letter #1170, any FI that provides cryptocurrency custody services must do so in “a safe and sound manner, including having adequate systems in place to identify, measure, monitor, and control the risks of its custody services…. Effective internal controls include safeguarding assets under custody, producing reliable financial reports, and complying with laws and regulations.”
Any FI that decides to offer digital asset custody services will need to comply with federal requirements to demonstrate compliance with financial crimes, consumer protection, and safety and soundness standards and controls.
Since digital assets introduce unique risks and challenges that are different from traditional bank risk profiles, FIs should develop a risk and compliance framework specific to digital assets that meet regulator expectations.
This framework will vary between FIs, including depending on whether a FI builds or acquires its own platform or partners with established digital asset custodians.
The risk and compliance framework should be based on a thorough identification of digital asset-specific risks, industry best practices, and existing regulatory expectations, and should focus on the following areas:
Security: Theft and loss of private keys has historically been a challenge for cryptocurrency. FIs will need to implement information security controls and have operational resiliency plans, with attendant policies, processes, and procedures in place designed to address disruptions or other adverse events.
Internal Controls: FIs will need to tailor internal controls to the risks presented by digital asset custody. The OCC’s Interpretive Letter mentions the need for “dual controls, segregation of duties and accounting controls” in areas such as the settlement of transactions, physical-access controls, and security servicing to ensure an asset is not lost, destroyed, or misappropriated by internal or external parties.
Fiduciary Risk: FIs should ensure that they keep up to date with the best practices to continue meeting heightened standards in a constantly evolving cryptocurrency sector.
- Verifying the origin and destination of digital assets held in custody;
- Compliance with funds-transfer recordkeeping requirements; and
- Monitoring for unusual activity, both for assets held in custody and for virtual-currency fund transfers into or out of the bank’s accounts.
- Sanctions: FIs should comply with sanctions obligations in the same way regardless of whether an activity is denominated in digital currency or traditional fiat-based money.
- Banks should have policies, processes, and procedures to ensure compliance with sanctions screening requirements for digital assets custody.
Since the cryptocurrency space is still a very new and evolving industry, risk and compliance will continue to be a learning process for both the FIs from a service provider perspective and the regulators from a supervisory perspective.
Ongoing developments in the crypto space will continue to drive regime changes around the world. As FIs contemplate whether to follow JP Morgan Chase’s lead and enter the crypto space, be sure to proactively:
- Develop a risk and compliance framework specific to digital assets that meet regulatory expectations.
- Evaluate the institution’s risk and compliance framework, including policies, procedures, internal controls, and management information systems governing custody services.
- Perform risk assessments to assess the unique risks and challenges in providing custody services for digital assets and help manage those risks.
- Evaluate compliance with applicable laws and regulations.
- Assess whether KYC/ODD/EDD processes meet regulatory expectations.
- Review transaction monitoring processes to ensure compliance with regulatory expectations.
- Investigate suspicious activity or suspected breaches to establish or maintain a strong compliance track record in either digital currency or traditional fiat-based money.
(Svetlana Stepanaviciute, Managing Director, and Emilia Drozda, Manager, with StoneTurn, also contributed to this piece.)