OCC Establishes Standards for National Banks Holding Stablecoin Reserves

The scope of the activity for which the Letter confirms authority is fairly narrow. The OCC acknowledges that stablecoins are an evolving technology, and the term typically describes a cryptocurrency that is backed by another asset and designed to maintain a stable value. Stablecoins may be backed by one or more fiat currencies, commodities, or another cryptocurrency. If backed by an asset other than fiat currency, the value of the stablecoin may nonetheless be pegged to a fiat currency or managed by an algorithm to control volatility. However, for purposes of the Letter, the OCC addresses only stablecoins that are backed on a 1:1 basis by a singular fiat currency, associated with a hosted wallet, and redeemable by the issuer for the underlying fiat currency upon request by the stablecoin holder. Accordingly, many stablecoins are not covered by the Letter.

An issuer of such a stablecoin may provide assurance to stablecoin holders that it is able to redeem the stablecoins upon request by maintaining a reserve account with a national bank or FSA of a sufficient amount of the underlying fiat currency. The Letter confirms that subject to a national bank’s compliance with its legal obligations, including the Bank Secrecy Act (BSA), and appropriate due diligence and other risk management controls, “a national bank may receive deposits from stablecoin issuers, including deposits that constitute reserves for a stablecoin associated with hosted wallets” pursuant to its authority to receive deposits under 12 U.S.C. 24(Seventh).³ Despite the conclusion speaking only of national banks, the OCC indicates that the analysis in the Letter also applies to FSAs.

As previously noted, given national banks’ and FSAs’ clear authority to receive deposits, there was little doubt of their authority to receive deposits from stablecoin issuers for purposes of establishing a reserve account. However, the Letter does shed some light on expectations of the OCC with respect to the safety and soundness considerations accompanying such activity.  The OCC highlights banks’ BSA obligations, specifically those related to customer due diligence and customer identification program (CIP) requirements. While this expectation clearly applies with respect to customer identification of the stablecoin issuer, including identification of the beneficial owners, the Letter is unclear as to OCC expectations regarding a national bank’s obligations with respect to due diligence of the issuer’s own customer identification practices for its stablecoin holders. Further clouding the issue, the Letter makes multiple references to banks’ obligations in connection with involvement in a prepaid program, including previously issued guidance regarding issuing banks’ obligation to apply CIP requirements to holders of prepaid cards.⁴ However, unlike a bank issuer of a prepaid program that would have a direct customer relationship with the prepaid card holders, a bank holding deposits for a stablecoin issuer typically would have no relationship with the underlying stablecoin holders. The Letter’s citation of the prior interagency guidance on prepaid cards — which provides, for example, that a third-party program manager should be treated as the bank’s agent rather than the bank’s customer for CIP purposes — therefore obscures rather than illuminates the OCC’s intent regarding CIP in a stablecoin environment. It may be that the OCC intended merely to flag that the nature of the claim of a stablecoin holder, for example, claim against the issuer versus direct claim on the reserve account itself, will affect that nature of a bank’s CIP requirements,⁵ but the Letter could have been more straightforward in this regard. National banks and FSAs may in any event need to consider what steps the stablecoin issuer itself has taken to address BSA compliance.

Furthermore, the Letter only addresses stablecoins held in hosted wallets, which is a material limitation on the ability to support stablecoins in open systems and apparently is intended to ensure that regulated entities with their own BSA (or foreign equivalent) obligations are directly responsible for anti-money laundering compliance in relation to the end users of the covered stablecoins.

In that same vein, the OCC provides that national banks and FSAs holding a reserve account for stablecoin issuers should verify “at least daily that reserve account balances are always equal to or greater than the number of the issuer’s outstanding stablecoins”⁶ and states that banks should establish contractual rights with stablecoin issuers to verify the number of outstanding stablecoins on a regular basis.⁷ Indeed, the scope of the Letter is expressly limited to stablecoins for which daily reserve matching is performed. The highlighting of this specific requirement is somewhat odd because although banks may face a reputational risk if a stablecoin issuer fails to maintain sufficient reserves, the bank does not hold the underlying credit risk, which would fall squarely on the issuer as the entity with the redemption obligation to the stablecoin holder. This suggests potentially heightened risk management expectations by the OCC in connection with national banks and FSAs providing services to cryptocurrency businesses and a desire by the OCC to ensure that national banks and FSAs do not play a role in the offering of stablecoins that may raise global or systemic risk of the type flagged by the Financial Stability Board.

The OCC further highlights that banks should establish appropriate risk management processes to address risks that are specific to cryptocurrency businesses. This includes the heightened liquidity risks associated with reserve accounts held for stablecoins. The Letter expresses the OCC’s expectation for “all banks to manage liquidity risk with sophistication equal to the risk undertaken and complexity of exposure.”⁸ Banks are further reminded of their obligation to comply with other applicable laws and regulations, including applicable federal securities laws.

In response to the OCC’s letter, the Securities and Exchange Commission (SEC) Staff of the Strategic Hub for Innovation and Financial Technology Division (FinHub) released a statement regarding digital assets, including stablecoins. Significantly, the SEC notes that market participants may structure and sell a digital asset in such a way that it does not constitute a security and implicate the registration, reporting, and other regulatory requirements of the U.S. federal securities laws. At the same time, the SEC reminds the market that whether a digital asset is a security, including a stablecoin, is a facts-and-circumstances analysis that requires application of the test from SEC v W.J. Howey Co. (U.S. 1946) and its progeny, and consideration of applicable SEC guidance, such as the Framework for “Investment Contract” Analysis of Digital Assets.⁹ The statement signals the SEC’s willingness to engage with market participants to provide informal feedback or a “no-action” position on whether certain stablecoins trigger the federal securities laws.

Together, the OCC and SEC letters signal growing regulatory acknowledgement of the importance of stablecoins and the need for regulated entities to participate in that market as well as in digital asset developments more generally. Additional guidance on other digital asset issues is expected from the OCC as it continues to attempt to define a roadmap for national banks and FSAs incorporating digital assets in their products, service, and operations.