INTRODUCTION
In the 14 years since blockchain technology’s invention, banks have been left to compete with emerging business models and new stores of value while operating in an uncertain vacuum of regulatory guidance. The resulting whiplash of lightning-fast innovation seemingly incapacitated the U.S. regulators of currencies, commodities, and securities.

With only crisscrossing guidance offered thus far, it may seem impossible to make a risk-based decision on whether and to what extent a bank should adopt blockchain technology, including cryptocurrency and web3. However, using the tried-and-true Strengths, Weaknesses, Opportunities, Threats (SWOT) analysis, banks can establish a baseline with which to evaluate the impact the crisscrossing crypto crackdown will have on their internal and external environment.

First, here is a refresher on the more recent commentary and actions by banking regulators. We know that Basel will be releasing a second consultation later this year with an eye on a “global minimum prudential framework” to address risks associated with crypto assets. Their first consultation offered a risk-weighting methodology.

The U.S. Office of the Comptroller of the Currency (OCC) confirmed in July 2020 that national banks could
offer crypto custodial services. However, Acting Comptroller Michael J. Hsu recently publicly remarked that it is time to “reset and recalibrate.” The Federal Reserve Board (FRB) hasn’t released much guidance other than to say they will be releasing guidance. The FRB did examine the pros and cons of a Central Bank Digital Currency (CBDC) but “does not favor any policy outcome.” And the U.S. Treasury has offered a risk assessment of money laundering risks in the crypto asset space. The FDIC joined the OCC and FRB in their “Crypto-Asset Policy Sprint” statement but has offered little else outside of requiring banks to notify the FDIC prior to engaging in crypto-related activities. The CFPB broadened its own enforcement authority in this space last year, formalized in March by Executive Order: FinCEN. And finally, legislation introduced in early June appears ready to assign rulemaking and enforcement authority to the Commodity Futures Trading Commission (CFTC), leaving the Securities Exchange Commission (SEC) any leftover crypto assets classified as securities.

THE BASICS
It can be difficult to understand and analyze the risks associated with crypto assets if you don’t have a grasp of some foundational terminology. Unfortunately, there’s a lot of so-called “gatekeeping” in the “crypto community,” e.g., folks who use overly complicated lingo to seem more tech-savvy than others. So, here are a few layperson examples to help understand the basic terms and concepts.

What is blockchain?
Have you ever worked on a document at the same time as another person or team? You can see others’ initials moving about on the page, followed by their edits to the collaborative document. And the revision history is saved so everyone can see who made what changes. This is a great analogy for “distributed ledger technology” (DLT). But the key difference between DLT and blockchain is that no single authority maintains the data (e.g., OneDrive, Google, AWS). With blockchain, there is no centralized authority holding the data, and the data is not valid unless “approved” by a program that runs on many different devices around the world.

What is a crypto asset?
Crypto assets are much like your everyday tangible assets: cash, contracts, artwork, investments, information, etc.

However, crypto assets are entirely digital. Here, everyone knows your unique address (known as a wallet address) owns those assets because of the transaction information stored on the blockchain. A dollar bill may be compared to a Bitcoin. A contract may be compared to a “Smart Contract.” A non-fungible token may be compared to your house deed. Nearly every transaction made in your everyday life can be hosted
on a blockchain.

What makes a crypto asset a security versus a commodity versus fiat currency?
A “security” represents an investment in a common enterprise with the expectation of profit solely on the efforts of others (“solely” is removed in actual practice). A crypto asset offered to raise capital for a startup would likely be classified as a “security.”

Crypto assets generally fall into the classification of a commodity. A commodity is a resource nearly identical in all its instances and has a commonly known value, such as wheat. Financial commodities include identical (or nearly identical) futures and options contracts that have
commonly known values.

For the purposes of classifying crypto assets, “fiat” is defined as the “lawful money” of the United States. In other words, a currency that represents the debts of the government. You can’t pay your taxes in wheat, for example, but you can use U.S. dollars. A Central Bank Digital Currency (CBDC) would
be classified as fiat currency.

THE SWOT
A SWOT analysis considers your internal strengths and weaknesses and external opportunities and threats. This template offers baseline considerations to review the risks and opportunities associated with the emerging crypto regulatory scheme.

Strengths and Weaknesses

• Management: The Board and senior managers of the bank have a clear understanding of the existing regulatory parameters surrounding crypto assets, are knowledgeable about the application of those rules to bank offerings, maintain an awareness of emerging changes, and have a system in place to update the bank’s operations quickly and efficiently to comply.
• Internal Controls: The bank’s internal controls are built-out and appropriately monitored and tested to manage the increased credit, liquidity, and transaction risks associated with crypto asset custody, transactions, loans, issuance, and holdings. The bank stress tests contagion risks and enhances areas of identified deficiencies. Where applicable, the bank has consistent margin call triggers, procedures, and communication channels. Evaluations of crypto assets as collateral are reviewed for fair lending purposes.
• Personnel: Bank personnel are properly trained to understand and communicate the products and services offered to customers, are aware of and can appropriately mitigate the related risks, the number of assigned personnel is appropriate for the associated risks, and enough redundancy is built into roles to prevent any system failures that may result from the termination of key personnel. Vendors undergo a risk-based due diligence review before business begins and periodically thereafter.
• Technology: The hardware and software used to transact, secure, and maintain crypto assets are well-maintained and secure. External auditors are used to test and verify. The bank has a consistent and safe procedure for securing crypto collateral.
• Insurance: The bank maintains appropriate levels of insurance related to all facets of crypto asset products and services.
• Products: The bank can market and advertise crypto asset products and services in a manner consistent with existing laws and regulations and an eye for fair lending and UDAAP risks. It has reviewed existing non-crypto products and services, identified the potential impacts, and updated those growth strategies to account for the internally driven competition.

Opportunities & Threats

• Management: The Board and senior managers of the bank can readily identify risks and opportunities presented by the lack of crypto
  asset laws and regulations.
• Personnel: Personnel are excited to join a bank that offers roles in the crypto asset space; however, this area may also come with increased competition for bank personnel who maintain desirable skills in a new field.
• Technology: Rapid advances in technology offer opportunities to quickly adopt and roll out new product offerings and services; however, the maintenance and security of aging software and hardware suffer, and investments in new technology depreciate quickly.
• Competition: The bank is an early adopter of crypto products and services but may now lack the resources to act upon new trends, technology, and opportunities.
• Reputation: The bank is well-posed to trigger crisis management plans, maintains open channels of communication with relevant stakeholders, and has identified and mitigated risks associated with crypto asset environmental risk factors.
• Legal and Compliance: The bank’s compliance management system and risk management program appropriately identify and control crypto-asset risks, including the emerging regulatory scheme and the potential for increased litigation.

CONCLUSION
Given what little we know about the future legal and regulatory landscape of cryptocurrency, a comprehensive and bank-specific SWOT analysis may offer some comfort in the uncertainty. Take some time to discuss your bank’s crypto posture with your internal and external stakeholders and analyze the relevant strengths, weaknesses, opportunities, and threats for your bank. Continue getting involved in the discussions surrounding the proposed laws and regulations. And take this opportunity to enhance your risk management program and Compliance Management System to monitor and respond to the crypto regulatory crackdown we all know is coming.