- Develop appropriate policies, procedures, and internal controls for cryptocurrency and digital currency custody services.
- Have your senior management and board review business plans and strategies consistent with sound risk management practices.
- Review and ensure your bank has an effective information security infrastructure and controls in place to mitigate hacking, theft, and fraud.
- Review your bank’s due diligence process for compliance with anti-money laundering requirements.
The Office of the Comptroller of the Currency (“OCC”) recently released Authority of a National Bank to Provide Cryptocurrency Custody Services for Customers1, an interpretive letter stating national banks may provide cryptocurrency and digital currency custody services under certain circumstances. The determination also applies to federal savings associations and may permit those state-chartered banks that enjoy state “national bank parity laws” to provide similar cryptocurrency custody services.
The letter states that national banks could provide cryptocurrency and digital currency custody services in both a fiduciary and non-fiduciary capacity, including the safekeeping of unique cryptographic keys associated with cryptocurrency. The OCC also reaffirmed that national banks may provide permissible banking services to any lawful business they choose, including cryptocurrency businesses, so long as they effectively manage the risks and comply with applicable law.
Before You Offer Cryptocurrency Custody Services
The OCC notes that there is a growing demand for safely storing the cryptographic keys associated with cryptocurrencies on behalf of customers as part of banks’ existing custody business. However, the letter cautions that before offering cryptocurrency custody services, a bank should:
- Establish appropriately tailored policies, procedures, and internal controls;
- Maintain well-developed business plans and strategies consistent with sound risk management practices;
- Have effective information security infrastructure and controls in place to mitigate hacking, theft, and fraud; and
- Review its due diligence process for compliance with anti-money laundering requirements.
Accordingly, the OCC recommends any bank that is considering cryptocurrency custody services to consult with the OCC before offering the services. The OCC will review a bank’s crypto-custody services as part of the OCC’s normal supervisory process. State-chartered banks should have similar discussions with their regulators. Similar to other higher risk activities, such as banking money service or marijuana-related businesses, banks should apply higher scrutiny to providing cryptocurrency services.
We Can Help You
If your bank is considering offering cryptocurrency or digital custody services, we can assist you with developing appropriate policies, procedures and risk management practices. We can also supplement your bank’s internal review of your internal controls and due diligence processes. Finally, with our deep bench of former regulators, we can help your bank develop strategies for interfacing these issues with your regulators and planning for an examination of cryptocurrency custody services.
We recommend reviewing the following pandemic-related business and legal considerations we have been discussing with our clients: