New year, new US cryptocurrency and digital-asset regulations
WHILE MOST OF THE WORLD WAS TAKING A MUCH-NEEDED BREAK OVER THE HOLIDAY SEASON, US FINANCIAL REGULATORS STEAMED AHEAD, ISSUING A RAFT OF NEW REGULATIONS DESIGNED TO ADDRESS THE LACK OF STANDARDS FOR THE CRYPTO-ASSET MARKETPLACE.
IN THIS BRIEFING WE ANALYZE THE NEW REGULATIONS AND THEIR LIKELY IMPACT ON THIS BURGEONING CORNER OF THE FINANCIAL SYSTEM.
In the past fortnight, US policy makers have issued five important statements on the regulation of cryptocurrencies and digital assets. These statements build on earlier policy announcements and amount to a comprehensive framework for the regulation of the crypto- and digital-asset market. The fundamental principle underlying these policies is “same business, same risk, same rules” – i.e. if crypto-asset businesses engage in activity which is the same as activity conducted by regulated banks, they will be subject to the same regulations.
The key risks that these policies attempt to address are:
Safety and soundness – payment services using cryptocurrencies and/or stablecoins must ensure they are backed by at least 1:1 reserves (which must be held in high quality USD assets) and have appropriate controls in place to ensure adequate liquidity to meet customer redemption demands in a timely manner.
Anti-money laundering – all participants in the US financial system must apply KYC to all customers (this means no anonymous wallets, hosted or unhosted) and retain records of all transactions. FinCEN has expanded its reporting requirements to explicitly encompass cryptocurrency transactions.
Operational risk and resilience – banks offering cryptocurrency services and using blockchain payment networks must assess the risks associated with these novel technologies and ensure they have adequate controls in place.
Investor protection – digital asset securities may be transacted but such activity must be confined to a new category of special purpose digital asset security broker-dealer. Such special purpose broker-dealers transacting in digital asset securities must fully understand the inherent risks associated with the underlying technology and have controls in place to ensure that they maintain full control of the customer’s assets while in their custody.
These new rules mark a new era for US cryptocurrency and digital asset businesses, with newfound clarity regarding regulatory expectations on many key issues. Although some in the crypto world may not favor the application of traditional banking regulation (e.g. KYC and prudential standards), we believe this is an important step in bringing the technological potential of cryptocurrencies and digital assets into the mainstream.
We expect to see a boom in applications for new special purpose digital asset broker-dealer licenses along with increased engagement by supervisors at the OCC with banks’ cryptocurrency and stablecoin activities. With similar regulatory initiatives emerging in other key jurisdictions (e.g. the EU’s proposed Markets in Crypto-Assets regulation), 2021 is going to be an exciting year for digital finance!
The following list sets out the raft of recent regulatory policies and provides our summary analysis:
Federally Chartered Banks and Thrifts May Participate in Independent Node Verification Networks and Use Stablecoins for Payment Activities
4 Jan 2021, OCC, IL 1174
Allows banks to use Stablecoins and blockchain networks (“Independent Node Verification Networks” / INVNs) to conduct banking activity e.g. payments.
Emphasizes the risks of new technologies and re-iterates the need for banks to assess the operational, compliance, fraud and money laundering risks arising from Stablecoins and blockchain networks. Does not introduce new requirements but links to recent FinCEN statements on AML risks in virtual currencies.
c.f. OCC Bulletin 2017-43: New, Modified, or Expanded Bank Products and Services: Risk Management Principles
c.f. FFIEC BSA/AML Examination Manual
Statement on Key Regulatory and Supervisory Issues Relevant to Certain Stablecoins
23 Dec 2020, President’s Working Group on Financial Markets
The general principle is “same business, same risk, same rules.”
Depending on its design and other factors, a stablecoin may constitute a security, commodity, or derivative subject to the U.S. federal securities, commodity, and/or derivatives laws. If so, the federal securities laws, and/or the Commodity Exchange Act (“CEA”), would govern the stablecoin itself, transactions in, and/or participants involved in the stablecoin arrangement.
Where primarily used for retail payments (e.g. Facebook Diem):
Stablecoin issuers are required to meet bank-like prudential standards: “Strong reserve management practices include ensuring a 1:1 reserve ratio and adequate financial resources to absorb losses and meet liquidity needs. U.S. dollar-backed stablecoin arrangements should hold high-quality U.S. dollar-denominated assets; hold these assets at U.S.-regulated entities; utilize multiple custodians; and secure investment with high-quality obligors.”
Must be redeemable 1:1 for fiat currency
No anonymous customers, including unhosted wallets.
Emphasis on the need for robust cybersecurity and operational resilience.
SEC Issues Statement and Requests Comment Regarding the Custody of Digital Asset Securities by Special Purpose Broker-Dealers
23 Dec 2020, SEC, 34-90788
The SEC will allow special purpose broker-dealers (who only deal in digital assets) as long as they meet the SEC’s standards for customer protection, in particular, new standards for the custody of digital assets.
The key text is “broker-dealer deems itself to have obtained and maintained physical possession or control of customer fully paid and excess margin digital asset securities for the purposes of paragraph (b)(1) of Rule 15c3-3” – in English, if the broker-dealer provides safe and secure custody of the digital assets, then it will be deemed to meet the customer protection rule (one of the SEC’s primary concerns vis-à-vis crypto businesses).
The constraints on “special purpose digital asset broker-dealers” include:
Limiting business to only "digital asset securities" and no traditional assets or non-security digital assets (these would need to be transacted through another appropriately licensed entity, e.g. a Money Service Business or a traditional broker-dealer)
Broker-dealers also must disclose risk to customers and implement "policies and procedures reasonably designed to mitigate risk."
Written contingency plans for hard forks, 51% attacks, theft, and the unauthorized use of keys, among other possibilities.
Written policies related to assessing risk of assets and their underlying technology.
FinCEN Proposes Rule Aimed at Closing Anti-Money Laundering Regulatory Gaps for Certain Convertible Virtual Currency and Digital Asset Transactions
18 Dec 2020, FinCEN, SM1216
Banks and money services businesses (MSBs) would be required to submit reports, keep records, and verify the identity of customers in relation to transactions above certain thresholds involving virtual currency (e.g. BitCoin) wallets not hosted by a financial institution (also known as “unhosted wallets”) or virtual currency wallets hosted by a financial institution in certain jurisdictions identified by FinCEN.
First, this proposed rule would require banks and MSBs to file a report with FinCEN containing certain information related to a customer’s virtual currency transaction and counterparty (including name and physical address), and to verify the identity of their customer, if a counterparty to the transaction is using an unhosted or otherwise covered wallet and the transaction is greater than $10,000 (or the transaction is one of multiple virtual currency transactions involving such counterparty wallets and the customer flowing through the bank or MSB within a 24-hour period that aggregate to value in or value out of greater than $10,000).
Second, this proposed rule would require banks and MSBs to keep records of a customer’s virtual currency transaction and counterparty, including verifying the identity of their customer, if a counterparty is using an unhosted or otherwise covered wallet and the transaction is greater than $3,000.
Stablecoin Tethering and Bank Licensing Enforcement (STABLE) Act
2 Dec 2020, Congress
Applies full banking regulation to Stablecoin issuers:
any prospective issuer of a stablecoin to obtain a banking charter
any company offering stablecoin services must follow the appropriate banking regulations under the existing regulatory jurisdictions
any company or bank issuing a stablecoin to notify and obtain approval from the Fed, the FDIC, and the appropriate banking agency 6 months prior to its issuance and maintain an ongoing analysis of potential systemic impacts and risks
any stablecoin issuers obtain FDIC insurance or otherwise maintain reserves at the Federal Reserve to ensure that all stablecoins can be readily converted into United States dollars, on demand.
SEC FinHub Staff Statement on OCC Interpretation [re: banks holding Stablecoin reserves]
21 Sep 2020, SEC
Digital asset may or may not be a security: engage with the SEC to determine classification; c.f. SEC’s Framework for “Investment Contract” Analysis of Digital Assets
OCC Chief Counsel’s Interpretation on National Bank and Federal Savings Association Authority to Hold Stablecoin Reserves
21 Sep 2020, OCC, IL 1172
National Banks may hold reserves for stablecoins that are backed by fiat currency on at least a 1:1 basis.
Authority of a National Bank to Provide Cryptocurrency Custody Services for Customers
22 July 2020, OCC, IL 1170
National Banks may facilitate a customer’s cryptocurrency and fiat currency exchange transactions.
Framework for “Investment Contract” Analysis of Digital Assets
3 Apr 2019, SEC
SEC’s framework for assessing whether a digital asset is a security or not, based on the “Howey test”:
The Investment of Money
Common Enterprise
Reasonable Expectation of Profits Derived from Efforts of Others