skip to Main Content

OCC Clarifies Rules for National Banks Engaging in Cryptocurrency Activity

On November 18, 2021, the Office of the Comptroller of the Currency (OCC) published Interpretive Letter #1179. This is the fourth interpretive letter in a series (1170, 1172, &1173) that discusses if it is permissible for National Banks and Federal Savings Associations to engage in certain cryptocurrency, distributed ledger, and stablecoin activities.

OCC Interpretive Letter #1179 clarifies that all crypto-related activities may only be conducted after a bank both:
• notifies its supervisory office of its intent to engage in such activities, and
• receives written notification of the supervisory office’s non-objection of such activities.

In order to receive a grant of “non-objection,” a bank must demonstrate that they have adequate controls in place before they engage in any of the following:
• provide custody services for crypto-assets,
• hold dollar deposits serving as reserves backing stablecoins,
• act as nodes on DLT networks to verify customer payments, and
• engage in certain stablecoin activities to facilitate payment transactions on DLT.

What controls must be in place to engage in crypto-related activity?

According to OCC Interpretive Letter #1179, federally chartered banks must have sufficient controls and safeguards in place to demonstrate to their supervisory authority that they can provide crypto service in a safe and sound manner. This includes having adequate systems in place “to identify, measure, monitor, and control the risks of its activities, including the ability to do so on an ongoing basis.”

In order to evaluate a bank’s practices to adequately minimize risk, the Supervisory Office will evaluate :
• The bank’s compliance with regulations (the Bank Secrecy Act, Federal Securities laws, the Commodity Exchange Act, and consumer protection laws)
• The bank’s existing appropriate risk management and measurement process (e.g., identifying, monitoring, and controlling risk)
• The bank ‘s ability to address novel risks associated with cryptocurrency activities (e.g., hacking, fraud, theft, liquidity risk, strategic risk, and compliance risk)

After implementing these controls, a bank will need to notify its supervisor in writing of its intention to engage in any of the crypto-related activities outlined above and wait until it receives written notification back from the regulator that it will not object to the activities. The regulator will evaluate the adequacy of the bank’s risk management systems and controls and risk measurement systems in order to reach a decision and will continue to review these activities as part of its ordinary supervisory processes.

What about Nationally-Chartered Banks that are already engaging in those crypto-activities?

The Interpretative Letter states that Nationally-Chartered Banks already engaging in the above activities as of today do not need to obtain retroactive approval. However, the OCC expects that they will have already notified their supervisory office and should understand that these crypto activities will be part of ongoing supervisory processes. They will need to demonstrate the adequacy of controls and safeguards in place to ensure the crypto activities are being conducted in a “safe and sound“ manner.

How can CipherTrace help?

With the publication of OCC Interpretive Letter 1179, Federally Chartered Banks now have clear guidance on how to provide crypto services. To obtain a supervisory non-objection, a bank should demonstrate that it has established an appropriate risk management and measurement process for crypto activities. Using industry-leading blockchain analytics tools like CipherTrace will ensure your bank can identify, measure, monitor, and control the risks of its crypto activities on an ongoing basis. CipherTrace’s cryptocurrency intelligence enables banks to comply with the Bank Secrecy Act, anti-money laundering, sanctions requirements, and consumer protection laws.

CipherTrace can help you:

  • Safely custody virtual assets and comply with the Travel Rule
  • Identify the total crypto exposure on your bank’s payment rails
  • Distinguish between high-risk versus low-risk crypto counterparties
  • Integrate CipherTrace with your existing transaction monitoring system
  • Identify which crypto companies to accept as bank customers
  • Gain insights into the key questions regulators are asking around crypto exposure

Request a demo of CipherTrace software tools now.

About CipherTrace

CipherTrace develops cryptocurrency anti-money laundering (AML)/counter-terrorist financing (CTF), blockchain forensics, crypto threat intel and regulatory solutions. Leading exchanges, banks, auditors, regulators and digital asset businesses use CipherTrace to comply with regulatory requirements, investigate financial crimes, and foster trust in the crypto economy. For more information, visit the CipherTrace website.

Disclaimer: This blog is provided for general informational purposes only. By using the blog, you agree that the information on this blog does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this blog. The blog is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this blog may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.

Back To Top