When it comes to reading between the lines of financial regulators’ advisory letters, tone matters.
Take last week’s letter from the National Credit Union Administration (NCUA) which gave the federally insured credit unions (FICUs) it oversees permission to partner with digital asset providers to allow retail customers to buy, sell and trade in cryptocurrencies.
Now compare it to the one issued by Comptroller of the Currency Michael Hsu’s agency to the national banks and federal savings associations it regulates a month earlier.
On the surface, both said much the same thing: Financial institutions can provide cryptocurrency services (albeit with some notable differences: the OCC’s letter dealt with more back-end services, including custody services as well as holding and using dollar-pegged stablecoins for transaction settlement).
Neither was enthusiastic.
The NCUA’s letter said it “does not prohibit FICUs from establishing these relationships” — which is not as enthusiastic as “are allowed,” you’ll note — and added that it these relationship would be evaluated by the NCUA on a case-by-case basis “in the same manner as all other third-party relationships.” It went on to list factors including “exercising sound judgment and conducting the necessary due diligence, risk assessment, and planning” as well ongoing risk measurement and monitoring.
Due Diligence
The NCUA noted that its letter was in response to comments received during an ongoing “request for information” process “about the current and potential impact on FICUs, related entities, and the NCUA of activities connected to digital assets and related technologies.”
It also linked to a half dozen other guidance letters issued by the NCUA and other agencies, and said that it “recognizes that issues involving digital assets and DLT are rapidly evolving and will look to provide further clarifications and guidance, as appropriate.”
The letter went on to say that “FCUs are not limited in the types of products and services they may introduce to their members through third parties,” adding another caveat about sound judgement and due diligence.
Danger Ahead
At first glance, the OCC’s letter sounded ever-so-slightly more positive, saying the activities in question were “legally permissible.”
However, the whole sentence read that the OCC letter “clarifies that the activities addressed in those interpretive letters are legally permissible for a bank to engage in, provided the bank can demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner.”
That emphasized “provided” speaks volumes. And the backstory is that Hsu’s predecessor proactively announced that those services were allowed — something Hsu put on hold for a review.
Then there was the accompanying press release, warning banks “not engage in the activity until it receives a non-objection from its supervisory office.”
Overall, the OCC made it clear it was not eager to see institutions dabbling in digital assets.
A Very Big Hint
Digging down, the NCUA letter has one clause that could well discourage all but the biggest crypto service providers from teaming up with federally insured credit unions — and it revolves around that “insured” part.
Noting that the federal government would not insure crypto holdings, the NCUA told FICUs that their contracts with third-party digital asset service providers “should require contracts with third parties to include provisions to indemnify the FICU for any monetary damages arising from the provision of digital asset services, including fraud.”
Those last two words are mighty big ones.
The Securities and Exchange Commission (SEC) has said loudly and for years that it believes the bitcoin trading market is rife with fraud and market manipulation.
And the cost of fraud is very high in crypto. In a recent preview of its 2022 Crypto Crime Report, blockchain intelligence firm Chainalysis said fraud and theft was responsible for $7.7 billion in losses this year.
Which suggests only large firms like Coinbase, Kraken, and FTX.US that have big insurance policies or big self-insurance reserves will make their way into NCUA-regulated FICUs.
Which is likely what the agency wants.