In the past year, the Board of Governors of the Federal Reserve System (the Board) Biden administration officials, and other U.S. banking regulators have repeatedly voiced growing concerns about certain cryptoasset activities. They have highlighted significant risks they believe such activities pose both to institutions engaged in them and the broader financial system.
Three actions, all on January 27, 2023, show how these concerns are manifesting themselves and offer insight into the types of scrutiny that institutions dealing with cryptoassets may face going forward.
- The Board denied Custodia Bank, Inc.’s application to become a member of the Federal Reserve System (Federal Reserve), citing Custodia’s “novel business model and proposed focus on cryptoassets,” which the Board said presents “significant safety and soundness risks.” The Federal Reserve Bank of Kansas City (FRBKC) also disclosed that day that it had earlier denied Custodia’s application for a master account. These decisions illustrate the Board’s cautious approach to cryptoasset activities in general and show how the guidelines the Board issued last year for reviewing master account applications are being applied in practice.
- The Board issued a policy statement interpreting section 9(13) of the Federal Reserve Act (the Act) to limit the activities of state member banks, whether insured or uninsured, to those either permissible for a national bank or permitted to state banks under federal law. The preamble and press release make clear that the policy statement was prompted largely by questions raised and proposals made by supervised institutions regarding cryptoasset activities. The policy statement states that most cryptoasset activities undertaken by state member banks as principal will be presumptively prohibited or, at minimum, presumed to be inconsistent with safe and sound banking practices.
- The National Economic Council (NEC) published the Administration’s Roadmap to Mitigate Cryptocurrencies’ Risks. It calls on Congress to “step up its efforts” to enact cryptoasset legislation but cautioned against legislation that “deepens the ties between cryptocurrencies and the broader financial system.”
Denial of Custodia’s Federal Reserve System Membership and Master Account Applications
Custodia Bank, a Wyoming-chartered special purpose depository institution, applied in October 2020 to obtain a master account at the FRBKC.1 A master account would give Custodia direct access to the Federal Reserve’s payment systems, including the FedWire network. Firms with master accounts thus avoid the costs of having to utilize other financial intermediaries that have access to the Federal Reserve’s payment services.
Custodia’s master account application was but one piece of its long-running engagement with the Board and the FRBKC, which began several months earlier in June 2020 when Custodia delivered its proposed cryptoasset-focused business plan to the FRBKC. On May 5, 2021, the Board proposed a new framework to standardize the application process for master accounts and Reserve Bank financial services (the Account Access Guidelines).2 Shortly thereafter, in August 2021, Custodia filed an application for full membership in the Federal Reserve.
In June 2022, Custodia filed suit against the Board and the FRBKC in federal court in Wyoming, alleging a “patently unlawful delay” in the Board’s consideration of Custodia’s master account application. In a motion to dismiss filed January 27, 2023 — the same day the Board announced the denial of Custodia’s application for Federal Reserve membership — the FRBKC disclosed that Custodia’s master account application had also been denied. The FRBKC’s motion did not elaborate on the reason for the denial. The FRBKC had previously pointed to Board’s multi-year review of the proposed Account Access Guidelines as one reason for the delay in considering Custodia’s master account application.
In its press release announcing the denial of Custodia’s membership application, the Board cited Custodia’s “novel business model and proposed focus on cryptoassets,” saying those present “significant safety and soundness risks.” The Board specifically cited the January 3, 2023, Joint Statement on Cryptoasset Risks to Banking Organizations that it issued along with the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC). That enumerated various risks and vulnerabilities associated with cryptoassets and the cryptoasset sector, and warned that certain cryptoasset-related activities would very likely be inconsistent with safe and sound business practices. See our January 6, 2023, client alert, “US Regulators Express Concern About Banks’ Exposure to Cryptoasset Risks,” for a further discussion.
The following sections provide an overview of the Account Access Guidelines, which were finalized in August 2022.
Last Year’s Account Access Guidelines Established a Framework for Master Account Applications
Fintechs and other non-traditional financial institutions such as Custodia have long sought to obtain master accounts and access Federal Reserve services. Many have contended that the process for obtaining a master account lacks transparency and that the Reserve Banks have not treated applications inconsistently.
To address this issue, the Board proposed Account Access Guidelines on May 5, 2021, to standardize the application process. The proposal was updated on March 1, 2022, and ultimately issued in final form on August, 15, 2022.
The guidelines lay out six principles to guide the evaluation of applications and divide institutions into three risk tiers for purposes of reviewing applications.
The six principles in the final Account Access Guidelines are largely the same as those in the original and March 2022 proposals, with minor technical revisions in response to public comments. Most relevant here, principles 2 through 5 spell out the risks the Reserve Bank reviewing the master account application should consider, ranging from the narrow (e.g., risk to the individual Reserve Bank) to the broad (e.g., risk to U.S. financial system).3 The principles provide guidance on how to evaluate the applying institution’s specific risk exposure.
The March 2022 amendment to the Board’s initial proposal added a three-tiered categorization of institutions to structure the review of master account applications based on the level of regulatory supervision to which the institution is subject. The three tiers reflect what the Board views as the escalating potential levels of risk associated with the types of institutions categorized in each tier and, thus, the need for increasingly stringent levels of scrutiny and due diligence by Reserve Banks.
- Tier 1: federally-insured institutions, which generally have detailed regulatory and financial information readily available due to federal banking regulations. Account access requests by such institutions would generally be subjected to more streamlined review, except in cases where the application of the guidelines to the institution identifies a potentially higher risk profile.
- Tier 2: institutions that are not federally insured but are nonetheless subject to prudential supervision by a federal banking agency. Tier 2 includes both state- and federally-chartered institutions with a holding company that is subject to Federal Reserve oversight. Tier 2 institutions would receive an intermediate level of review because they are regulated to a somewhat lesser degree than Tier 1 institutions and are less likely to have detailed regulatory and financial information readily available.4
- Tier 3: institutions that are not federally insured and do not fall within Tier 2. These institutions would generally receive the strictest level of review as they are potentially subject to weaker supervision and may not have detailed regulatory and financial information available.
Implications of the Guidelines
The final Account Access Guidelines note that all access requests will be reviewed on a case-by-case and risk-focused basis according to the institution’s specific risk profile. The preamble explains that requests by institutions that engage in novel activities for which authorities are still developing appropriate supervisory and regulatory frameworks — such as Custodia, according to the Board — may take comparatively longer than requests by more traditionally-focused institutions. Overall, the tiered framework appears to reflect a judgment by the Board that more traditional financial institutions generally will present lower risk than other types of institutions, particularly with respect to monetary policy and safety and soundness concerns.
The Account Access Guidelines are intended to make the application process for a master account more transparent and clarify why requests from non-traditional institutions may be processed at a slower pace than others. In this way, they may help to provide context for FRBKC’s consideration and, ultimately, its denial of Custodia’s master account application.
Because many nontraditional lenders are unregulated and unsupervised at the federal level, like Custodia, they will likely fall into the Tier 3 category and be subject to the strictest level of review. Therefore, even with increased transparency and consistency across the Reserve Banks applying the Account Access Guidelines, the master account application process will likely remain a significant hurdle for nontraditional banks seeking to obtain a Federal Reserve master account.
Policy Statement Interpreting Section 9(13) of the Act
Section 9(13) of the Act authorizes the Board to regulate the activities of state member banks. On its face, the January 27, 2023, policy statement clarifies that the Section 9(13) permits the Board to prohibit or restrict the activities of state member banks and their subsidiaries, regardless of deposit insurance status, from engaging as principal in any activity that is not (i) permissible for a national bank or (ii) permissible for a state bank under federal law.
The policy statement sets out the Board’s expectation that state member banks will look to federal statutes, OCC regulations and OCC interpretations to assess whether an activity is permissible for national banks. If federal authorities and interpretations do not authorize the activity for national banks, then a state member bank must determine if federal law nonetheless authorizes a state bank to engage in the activity.
“[T] he same bank activity, representing the same risks, should be subject to the same regulatory framework, regardless of which agency supervises the bank,” the policy statement says. The statement is intended to “promote a level playing field and limit regulatory arbitrage,” the Board said in its press release.
While the language in the policy statement is generalized and agnostic as to the specific type of activity in question, both the Board’s press release and the preamble to the policy statement make it clear that the primary impetus for the policy statement was the high volume of inquiries and proposals the Board has received in recent years from banks seeking to engage in cryptoasset activities and the concerns expressed in the banking agencies’ January 3, 2023, joint statement.
The preamble to the policy statement specifically references the joint statement and the risks described there, and sets out how the Board intends to exercise its authority under Section 9(13) with respect to the following cryptoasset activities:
- There is a presumption that holding cryptoassets as principal is prohibited. The Board states that it has not identified any statutory authority permitting national banks to hold most cryptoassets, including bitcoin and ether, as principal in any amount. The Board also said it has not identified any federal statute or rule permitting state banks to do the same. As a result, the policy statement establishes a presumption that state member banks would be prohibited from engaging in such activity under Section 9(13).
This presumption may only be rebutted if there is a “clear and compelling rationale” for the Board to allow the proposed deviation in regulatory treatment, and the state member bank can demonstrate it has “robust plans for managing the risks of the proposed activity in accordance with principles of safe and sound banking.” The policy statement is clear that the Board has not yet been presented with facts sufficient to rebut this presumption.
- There is a presumption that issuing dollar tokens on open, public or decentralized networks is inconsistent with safe and sound banking. The policy statement notes that some state member banks have proposed to issue dollar-denominated tokens (i.e., stablecoins) using distributed ledger technologies. The policy statement points to the OCC’s Interpretive Letters 1174 and 1179 in 2021, which address the permissibility such issuances by national banks, and states that any state member bank seeking to issue dollar-denominated tokens must adhere to the conditions set forth in those Interpretive Letters. Those include demonstrating that the bank has controls in place to conduct the activity in a safe and sound manner and receiving a supervisory nonobjection before proceeding. The policy statement echoes the joint statement’s view that issuing tokens on open, public or decentralized networks is “highly likely to be inconsistent with safe and sound banking practices.”
Importantly, the policy statement applies only to activities by a state member bank acting as principal — that is, holding cryptoassets on its balance sheet. The Board makes clear that nothing in the policy statement prevents a state member bank from providing custodial services for cryptoassets if such activities are conducted safely and soundly and in compliance with consumer, anti-money laundering and anti-terrorist-financing laws.
The approach articulated in the policy statement is not unexpected in light of the risks and broad-based concerns described in the joint statement. It reflects the increasingly cautious approach laid out in the joint statement and prior guidance establishing frameworks that supervised institutions must follow when seeking to engage in cryptoasset activities.5 We view the policy statement as another incremental step in U.S. banking regulators’ implementation of their approach to the regulation of cryptoasset activities by the institutions they supervise.
The NEC’s Roadmap To Mitigate Cryptocurrency Risks
Finally, on January 27, 2023, the National Economic Council (NEC), published The Administration’s Roadmap to Mitigate Cryptocurrencies’ Risks, which calls on Congress to “step up its efforts” regarding cryptoasset legislation. The “roadmap” cautions that “[i]t would be a grave mistake to enact legislation that reverses course and deepens the ties between cryptocurrencies and the broader financial system.”
The roadmap builds on similar sentiment previously expressed by the Biden administration regarding cryptoassets, stating that some cryptoasset entities “ignore applicable financial regulations and basic risk controls” or “mislead consumers, have conflicts of interest, fail to make adequate disclosures, or commit outright fraud.”
It further applauds regulatory agencies that have used their authorities to “ramp up enforcement” and it directs the agencies to issue guidance on best practices regarding cryptoassets. The roadmap closes by acknowledging the benefits of “responsible technological innovations” while cautioning that “to realize these benefits, new technologies need commensurate safeguards,” and says the administration will “keep driving forward” with the cryptoasset framework it has developed, “while working with Congress to achieve these goals.”
Each of the developments discussed here reinforces the view that the Board, the other federal banking agencies and the current administration will continue to take a very cautious approach to cryptoassets and other nontraditional financial services for the foreseeable future.
In the absence of federal legislation, the Board, the FDIC and the OCC have encouraged supervised institutions to engage in robust dialogue with their regulators regarding any proposed or ongoing cryptoasset-related activities. The denial of Custodia’s Federal Reserve membership and master account applications provides a real-world example of how this cautious approach is playing out and how it may shape decisions about similarly situated institutions.
1 Custodia Bank was operating at this time as Avanti Financial Group, Inc. Avanti changed its name to Custodia Bank in February 2022.
2 The Account Access Guidelines define “financial services” in this context to mean “all services subject to Federal Reserve Act section 11A . . . and Reserve Bank cash services. Financial services do not include transactions conducted as part of the Federal Reserve’s open market operations or administration of the Reserve Banks’ Discount Window.”
3 The first principle is that the institution must be legal entitled to an account or access. The other principles refer to “undue credit, operational, settlement, cyber or other risks” to the Reserve Bank or the overall payment system, “undue risk to the stability of the U.S. financial system,” “undue risk to the overall economy by facilitating activities such as money laundering, terrorism financing, fraud, cybercrimes, or other illicit activity,” and state that the activity “should not adversely affect the Federal Reserve’s ability to implement monetary policy.”
4 The final definition of Tier 2 reflects some changes from the March 2022 proposal.
5 Our article, “The Fed Aligns With the OCC and FDIC on Banks’ Cryptocurrency Activities as Senators Question the OCC’s Approach, Citing Risks,” in Skadden’s August 2020 Distributed Ledger newsletter, explores these frameworks — and the Federal Reserve’s guidance specifically — in greater detail.
This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.