Pub. 17 2022-2023 Issue 3

In today’s financial regulatory environment, two of the hottest topics are (1) cryptocurrency and (2) cybersecurity. Within the past year, multiple agencies have released various regulations and guidance regarding cryptocurrency, banking, and cybersecurity, both individually and collectively. As my teachers would say, if something is said more than once, it is probably important, and you will likely see the material again. Similarly, cryptocurrency and cybersecurity threats are likely here to stay, and regulators are preparing for those implications. Banks are now put on the spot to adapt to the market shift and the regulations that will surely follow. What is cryptocurrency? The Merriam-Webster’s dictionary defines cryptocurrency as “any form of currency that only exists digitally, that usually has no central issuing or regulating authority but instead uses a decentralized system to record transactions and manage the issuance of new units, and that relies on cryptography to prevent counterfeiting and fraudulent transactions.” How does cryptocurrency relate to banking? For bankers, the question of how cryptocurrency relates to banking is pressing and hard to answer. Crypto-currency usage is typically stereo-typed between two different groups: underground-market transactions (i.e., drug market or selling a kidney online) and GameStop/Reddit kids that almost crashed the stock market in 2021. Volatility and illicit activity are two of the biggest regulatory fears for bankers, so how do banking and cryptocurrency relate? First, who are the individuals actually investing or using cryptocurrency? According to a November 2021 article from Pew Research, 16% of Americans have used or are invested in cryptocurrency. Of that 16% of Americans, 52% of those individuals are between the ages of 18-49. The individuals in this age group are not typical “in-person” banking customers. As the market is shifting and these individuals have more market power, banks scramble to advertise to this group. Cryptocurrency may be a way to do that successfully. The guidance from regulators is that banking, one of the most highly regulated industries in the country, is supposed to mix with cryptocurrency, one of the most unregulated commodities in the world. The two seem like oil and water, but the Office of the Comptroller of the Currency (OCC) argues in Interpretive Letter #1170 that it is more like M&Ms and popcorn, an unlikely yet satisfying combination. The OCC didn’t actually say that, but they did argue that for banks, providing custodial services related to cryptocurrency would be in line with a bank’s intended purpose – “safe keeping” of assets. The banking world has been shifting from physical currency and safekeeping to virtual safekeeping for many years now. Therefore, the argument is that providing services for cryptocurrency is not a far-fetched idea, but a natural progression. How does cryptocurrency relate to cybersecurity? Because cryptocurrency is “so hot” right now and because of its anonymity, it is a prime target for hackers and bad actors around the world. From what the banking industry is seeing with P2P activity in relation to Regulation E and the new Interagency Guidance on cybersecurity, the question many bankers are asking is, “Do we want to add cryptocurrency to this dumpster fire?” The answer: Maybe. The Interagency Guidance defines a “cybersecurity incident” as one that rises to the level of a “notification incident.” A cybersecurity incident is an occurrence that: (i) Results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits; or (ii) Constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Cryptocurrency: Safe or “Sus”? — Continued on page 28 According to a November 2021 article from Pew Research, 16% of Americans have used or are invested in cryptocurrency. Of that 16% of Americans, 52% of those individuals are between the ages of 18-49. The individuals in this age group are not typical “in-person” banking customers. 27

RkJQdWJsaXNoZXIy ODQxMjUw