FRB Policy Statement Limits Activities—especially Crypto-Asset Activities—of State Member Banks
On 27 January 2023, the Board of Governors of the Federal Reserve System (the FRB) issued a policy statement (the Policy Statement) that limits state member banks to the activities which are either permissible for national banks or otherwise permissible for state-chartered banks under federal law. The Policy Statement applies equally to insured and uninsured state member banks and seeks to “level the competitive playing field among banks with different charters.” It also applies to subsidiaries of state member banks.
In the preamble to the Policy Statement, the FRB discusses how it would presumptively apply the Policy Statement to certain crypto-asset1 activities of state member banks:
The FRB presumptively prohibits state member banks from holding crypto-assets as principal.
The FRB would allow a state member bank to issue dollar-denominated tokens only if such activity adheres to all of the conditions that a national bank would be subject to, including receiving the FRB’s supervisory nonobjection before commencing such activity.
Nothing in the Policy Statement would prohibit a state member bank from providing safekeeping services for crypto-assets in a custodial capacity.
The Policy Statement is effective on 7 February 2023 (the date it was published in the Federal Register), and will be codified as an interpretation of the FRB’s Regulation H at 12 C.F.R. § 208.112.
The Policy Statement Aligns State Member Bank Permissible Activities with Those of National Banks
Under section 9(13) of the Federal Reserve Act,2 the FRB has broad discretion to prohibit or restrict state member banks and their subsidiaries from engaging as principal in any activity that is not permissible for a national bank or not otherwise permissible for a state bank under federal statute or under the regulations of the Federal Deposit Insurance Corporation (FDIC) at 12 C.F.R. Part 362 (Part 362). With the Policy Statement, the FRB is using this authority to expressly limit the powers of state member banks to permissible activities of national banks or those activities permitted for state banks under federal law. When engaging in permissible activities of national banks, state member banks and their subsidiaries will be required to comply with the terms, conditions, and limitations placed on national banks with respect to such activity by the OCC. With this interpretation, the FRB seeks to ensure that the same bank activity, presenting the same risks, should be subject to the same regulatory framework, regardless of which agency supervises the bank.3
When considering the permissibility of an activity, a state member bank must first determine whether the activity would be permissible for a national bank, including under the regulations and interpretations of the Office of the Comptroller of the Currency (the OCC). If no such national bank authority exists, a state member bank may then seek authority under other federal statutes and Part 362 to determine if such activity is permissible for insured state banks. Under Part 362, an FDIC-insured state bank may engage in an activity that is not permissible for national banks upon the FDIC’s determination that the activity would pose no significant risk to the Deposit Insurance Fund.4 Additionally, under Part 362, an individual insured bank may apply for the FDIC’s consent to engage in an activity that is not permissible for national banks.5 A state member bank wishing to engage in any activity that the FDIC has only permitted under Part 362 for a specific bank would require seeking specific FRB approval.
If a state member bank or its subsidiaries wish to engage in an activity that is not permissible for a national bank or otherwise permissible for a state bank under federal statute or Part 362, the state member bank or its subsidiary must obtain the FRB’s prior permission under Regulation H.6 The Policy Statement creates a rebuttable presumption that such activities are prohibited for state member banks and their subsidiaries to engage in as principal. The presumption may be rebutted through showing (a) a clear and compelling rationale for the FRB to allow a deviation in regulatory treatment among federally supervised banks, and (b) that the bank or its subsidiary has robust risk management plans for such proposed activity. Legal permissibility is not enough to engage in an activity; safety and soundness considerations also must be met. Given the rationale for issuing this Policy Statement, the FRB has created a very high bar in stating that there must be a showing of a clear and compelling rationale for a state member bank to engage in an activity that is not permitted by the FDIC or OCC for other charter types of banks.
Crypto- Asset Activities of State Member Banks Are Tightly Restricted
The Policy Statement follows closely on the heels of the Joint Statement on Crypto-Asset Risks to Banking Organizations issued by the FRB, FDIC, and OCC on 3 January 2023 (the Joint Statement). The FRB and other federal banking regulators continue to refine their thinking and guidance on banks engaging in the crypto-asset sector, and as they do so, they continue to take a skeptical and conservative approach to crypto-asset activities. The federal banking regulators are on record as stating the need to insulate the banking sector from some of the recent disruptions in the crypto-industry.7 The Policy Statement continues this trend of limiting the types of crypto-asset activities in which banks and their affiliates may engage as principal.
Under the Policy Statement, the FRB presumptively prohibits state member banks and their subsidiaries from holding most crypto-assets as principal. The FRB notes that the OCC has only addressed the permissibility of a national bank holding crypto-assets as principal with respect to stablecoins. The OCC permits national banks to hold stablecoins to facilitate payments subject to the conditions of OCC Interpretive Letter 1179.8 However, the OCC has also required a national bank to divest crypto-assets held as principal that it acquired through a merger with a state bank.9 Thus, the permissibility of a national bank to hold crypto-assets as principal is currently very narrow.
Further, the Policy Statement provides that any state member bank seeking to issue a dollar token would need to adhere to all the conditions placed on such activity for a national bank. Moreover, it would have to demonstrate, to the satisfaction of FRB supervisors, that the bank has controls in place to conduct the activity in a safe and sound manner, and the bank will need to receive an FRB supervisory nonobjection before commencing such activity. The bar for receiving the supervisory nonobjection prior to engaging in such activity will likely be very high, and any bank wishing to issue a dollar token should carefully and extensively prepare its submission for nonobjection, including robust discussion of the risk management around such activity, the vendors and counterparties involved, the operational integrity of such activity, the impact on the bank’s capital and liquidity from such activity, and the means to control cybersecurity and anti-money laundering risks.
The FRB reiterated its position that issuing tokens on open, public, or decentralized networks, or similar systems, is highly likely to be inconsistent with safe and sound banking practices. Given these concerns, a state member bank would likely not be able to issue a token on a public blockchain such as bitcoin or ethereum. However, it appears that a private blockchain that is overseen in accordance with the governance expected of traditional financial systems, including contracts that establish roles and responsibilities, cybersecurity safeguards, mechanisms for recovery of lost, or trapped assets, and that screen out “illicit” finance may be deemed by the FRB as a safe and sound method of issuing tokens.10
Custody and Traditional Banking Services are not Limited by the Policy Statement
The Policy Statement does not prohibit a state member bank from providing safekeeping services in a custodial capacity for crypto-assets if such activity is conducted in a safe and sound manner and in compliance with consumer, anti-money laundering, and anti-terrorist financing laws. However, banks offering custody services for crypto-assets will face a high bar for appropriate conduct and compliance because, with respect to any novel and unprecedented activities such as crypto-asset activities, the FRB has elevated expectations for systems to monitor and control risks, and the FRB will expect banks to be able to demonstrate an effective control environment related to such activities. Any state member bank wishing to custody digital assets should make sure they have robust operational systems and procedures in place for maintaining such assets in a custodial capacity given some of the novel issues presented by safekeeping digital assets in comparison to other traditional asset types.
The Policy Statement also does not impact the ability of state member banks to offer traditional banking products and services to crypto- asset-companies, such as deposit or lending products. However, the Joint Statement cautioned banks from having business models or exposures that are concentrated in the crypt-asset sector.
Before engaging in any crypto-asset activities, a state member bank should consult with the FRB and its state regulator. Banks should expect extensive conversations regarding any proposed crypto-asset activities, as the regulators will want to thoroughly understand every aspect of the proposed crypto-asset activity. Accordingly, the bank should be prepared to discuss in robust detail the permissibility of the activity, the operational processes for conducting such activity, and the risk management and compliance framework that will be implemented to ensure that the crypto-asset activity is conducted safely and soundly. State member banks wishing to engage in crypto-asset activities should expect to be treated like a large, complex financial institution and thus subject to commensurate levels of supervision by examiners.
Little Impact for Non-Crypto-Asset Activities of Insured State Member Banks
Although the issuance of the Policy Statement was clearly driven by inquiries by state member banks to engage in novel activities such as crypto-asset activities, this guidance may have broader impacts on state member bank activities. For insured state member banks, the Policy Statement may not have a significant impact because under section 24 of the Federal Deposit Insurance Act, the activities of an insured state member bank should already be either permissible for a national bank under the National Bank Act or authorized under other federal law, including Part 362.
However, the Policy Statement could impact activities of the subsidiaries of insured state member banks that are in a bank holding company structure. Under Regulation Y, a state-chartered bank may acquire or retain a company that engages solely in activities in which the parent bank may engage subject to certain limitations. Specifically, a state-chartered bank or its subsidiary may, without the FRB’s prior approval, acquire or retain all (other than directors’ qualifying shares) of the securities of a company that engages solely in activities in which the parent bank may engage, at locations at which the bank may engage in the activity, and subject to the same limitations as if the bank were engaging in the activity directly.11 Now that the Policy Statement has been adopted, state member banks that were relying on this provision to own subsidiaries engaged in activities that are permissible under state law but not necessarily under federal law will presumably need to review the activities of such subsidiaries to ensure that the activities are permissible for a national bank or otherwise under federal law. This may also result in the subsidiaries of state member banks being required to receive approval from the FRB for novel activities when prior to the Policy Statement such approval would not have been required.
The Policy Statement May Impact Uninsured State Member Banks, Including Federal Reserve Member Trust Companies
For an uninsured state member bank, including a trust company that is a member of the Federal Reserve System, the Policy Statement restricts activities to those similar to an insured state member bank. This is a significant change for uninsured state member banks, which previously were governed by the permissibility of activities under state law and did not need to consider FDIC or OCC requirements. Uninsured state member banks will need to review their activities to make sure they conform to the guidance under the Policy Statement. Given the FRB’s recent action with regard to Custodia Bank,12 this could prove problematic for uninsured banks that have novel business models.
1 Under the Policy Statement, the FRB has defined the term “crypto-assets” as follows: “crypto-assets refers to digital assets issued using distributed ledger technology and cryptographic techniques (for example, bitcoin and ether), but does not include such assets to the extent they are more appropriately categorized within a recognized, traditional asset class (for example, securities with an effective registration statement filed under the Securities Act of 1933 that are issued, stored, or transferred through the system of a regulated clearing agency and in compliance with all applicable federal and state securities laws). To the extent transmission using distributed ledger technology and cryptographic techniques changes the risks of a traditional asset (for example, through issuance, storage, or transmission on an open, public, and/or decentralized network, or similar system), the [FRB] reserves the right to treat it as a ‘crypto-asset.’”
2 12 U.S.C. § 330.
3 This rationale was foreshadowed in comments by FRB Governors and staff in the months preceding the issuance of the Policy Statement. See, e.g., Testimony of Vice Chair Michael Barr before the U.S. Senate Committee on Banking, Housing, and Urban Affairs (Nov. 15, 2022). The FRB states that this principle of equal treatment is intended to both provide competitive equality between banks of different charter types and federal regulators and mitigate the risks of regulatory arbitrage.
4 See also 12 U.S.C. 1831a(a)(1) Under Part 362, the FDIC has set out certain equity investments and activities that are permissible for state banks.
5 12 C.F.R. § 362.3(b)(2)(i).
6 12 C.F.R. § 208.3(d)(2).
7 See Testimony of Vice Chair Michael S. Barr before the U.S. Senate Committee on Banking, Housing, and Urban Affairs (Nov. 15, 2022); Testimony of Acting Comptroller of the Currency Michael J. Hsu before the U.S. Senate Committee on Banking, Housing, and Urban Affairs (Nov.15, 2022); Testimony of FDIC Acting Chairman Martin J. Gruenberg before the U.S. Senate Committee on Banking, Housing, and Urban Affairs (Nov. 15, 2022).
8 See OCC Interpretive Letter No. 1174 (Jan. 4, 2021); OCC Interpretive Letter No. 1179 (Nov. 18, 2021).
9 See OCC Conditional Approval Letter No. 1299, at 9 (Oct. 27, 2022). The OCC conditioned its approval of the merger between Flagstar Bank, FSB, and New York Community Bank into Flagstar Bank, N.A. on the divestiture of holdings of “Hash,” a crypto-asset, after a conformance period, as well as a commitment not to increase holdings of any crypto-related asset or token “unless and until the OCC determines that . . . Hash or other crypto-related holdings are permissible for a national bank.”
10 Note that the OCC previously suggested that a national bank could transact on public blockchains in OCC Interpretive Letter No. 1174 (Jan. 4, 2021), an interpretation the OCC has subsequently been limiting in the “careful and cautious” approach to crypto-asset activities espoused by Acting Comptroller of the Currency Michael Hsu.
11 12 C.F.R. § 225.22(e)(2)(ii).
12 Concurrent with the issuance of the Policy Statement, the FRB also announced the denial of the application by Custodia Bank to become a member of the Federal Reserve System. The FRB denied Custodia Bank’s application on the grounds that its crypto-focused business model presented significant safety and soundness risks and that Custodia Bank’s risk management framework was insufficient to address concerns regarding the heightened risks associated with its proposed crypto-asset activities, including its ability to mitigate money laundering and terrorism financing risks. The Federal Reserve Bank of Kansas City (FRBKC) also denied Custodia Bank’s application to open a master account the same day as the denial of its Federal Reserve System membership. A master account with FRBKC would have granted Custodia Bank access to the FRB’s various financial services, including its payment system. The denial of Custodia Bank’s applications was not unexpected. Custodia Bank is suing the FRB and FRBKC over the application for a master account. Custodia Bank’s suit argues that it had been subject to unreasonable delay in the processing of its master account application and sought to pressure FRBKC to approve the application. The denial of the master account application by FRBKC was revealed in a motion to dismiss filed in the case by the FRB and FRBKC, which argues that the ruling on the application should render Custodia Bank’s lawsuit moot.