Crypto Custody Rules and Implementation

Key Storage Options:

KEY STORAGE APPROACHES

Method               | Security Level | Accessibility | Trade-offs
---------------------|----------------|---------------|------------------
Hot Wallet           | Low            | High          | Online, fast, risky
Warm Wallet          | Medium         | Medium        | Partial online access
Cold Storage         | High           | Low           | Offline, slow, safe
Air-Gapped HSM       | Very High      | Very Low      | Hardware, no network
Multi-Party Compute  | Very High      | Medium        | Distributed, no single point
Multi-Signature      | High           | Medium        | Requires multiple keys

A bank providing crypto custody must:

1. Secure Key Storage

2. Transaction Authorization

3. Recordkeeping

4. Insurance and Liability

5. Operational Resilience

---

Core Permission:

"A national bank may provide... cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency."

The Legal Reasoning:
The OCC reasoned that custody has always been a bank activity. Crypto custody is functionally the same—safekeeping assets for clients. The form of the asset (digital vs. physical) doesn't change the banking nature of the activity.

Expanded Permissions:

1. Execution Services

• Banks can buy/sell crypto for custody clients

1. Sub-Custody

• Banks don't have to build infrastructure

1. Integrated Services

The Custody Boundary:
The OCC has clearly approved custody (holding for clients) and ancillary services (execution at client direction). It has NOT approved using client assets for yield generation, proprietary positions, or lending activities.

---

When BNY Mellon or US Bank offer crypto custody, they typically don't operate their own key management infrastructure. Instead, they partner with specialized providers.

The Logic:

BUILD vs. BUY ANALYSIS FOR BANK CRYPTO CUSTODY

- Full control
- No third-party dependency
- Potential cost savings at scale

- $50-100M+ infrastructure investment
- 2-3 years to build properly
- Specialized talent required
- Ongoing technology evolution
- Cyber risk concentration

- Faster to market (months vs. years)
- Proven technology
- Specialized expertise
- Shared liability model
- Lower initial investment

- Third-party dependency
- Ongoing fees
- Less control
- Counterparty risk

**Result:**
Almost every bank has chosen "Buy" (sub-custody) over "Build" for initial crypto custody offerings.

If banks use sub-custodians for operations, what value do they add?

The Model:

Client → Bank (Relationship + Regulatory Wrapper) → Sub-Custodian (Operations)

---

XRP Relevance:
BNY Mellon's Ripple partnership positions it for XRP custody if/when offered. The RLUSD relationship creates foundation.

Significance:
US Bancorp is the 5th largest US bank. Its re-entry signals mainstream bank confidence in regulatory environment.

Significance:
JPMorgan's hesitance illustrates that even in permissive environment, largest banks move slowly. Reputation risk and client complexity create caution.

---

CRYPTO CUSTODY COMPETITIVE MAP

CRYPTO EXPERTISE
Low ←————————————→ High

REGULATORY High | Traditional Banks | Crypto Banks |
STANDING | (BNY, State St) | (Anchorage) |
| | |
Low | Emerging Players | Crypto-Native |
| | (Coinbase, |
| | Fireblocks) |
```

The Synthesis:
Rather than compete directly, the market has evolved toward partnership: banks provide relationship and regulatory wrapper, crypto-native firms provide technology and operations.

Custody Fee Ranges:

CRYPTO CUSTODY FEE COMPARISON (INSTITUTIONAL)

Provider Type        | Basis Points | Notes
---------------------|--------------|---------------------------
Banks (direct)       | 20-50 bps    | Premium for bank wrapper
Banks (sub-custody)  | 25-60 bps    | Includes sub-custody fees
Crypto-Native        | 10-35 bps    | Technology-focused
Self-Custody Support | 5-15 bps     | Software/infrastructure only

Fee Pressure:
As custody becomes commoditized, fees will compress. Banks may struggle to justify premium pricing absent differentiated services.

---

For banks, custody is typically the first step in broader crypto engagement:

BANK CRYPTO SERVICE EVOLUTION

Stage 1: CUSTODY
→ Hold client crypto assets
→ Low risk, clear permission
→ Build expertise and infrastructure

Stage 2: EXECUTION
→ Buy/sell for custody clients
→ IL 1184 permission
→ Revenue enhancement

Stage 3: PRIME SERVICES
→ Trading facilitation
→ Lending/borrowing
→ Margin services (if permitted)

Stage 4: MARKET MAKING
→ Principal trading
→ Liquidity provision
→ Requires capital allocation

Stage 5: INTEGRATION
→ Crypto in wealth management
→ Tokenization of bank products
→ DeFi integration (someday)

Current State:
Most banks are at Stage 1-2. Stage 3+ awaits regulatory clarity and capital framework changes.

---

Crypto custody represents genuine progress in bank-crypto integration. Banks can and are offering custody services, and the sub-custody model provides a practical path to market. For XRP, bank custody availability would enhance institutional access and support ecosystem development. However, custody is a narrow service—it doesn't automatically lead to banks using XRP for payments or treasury. Each additional service requires separate regulatory analysis and business justification. Custody is the foundation, not the destination.

---

Assignment: Analyze a major bank's crypto custody offering, evaluating its structure, capabilities, limitations, and potential for XRP inclusion.

Bank Selection:
Choose one of: BNY Mellon, US Bancorp, or State Street

Requirements:

Part 1: Service Structure (300-400 words)

• What crypto assets are supported?
• What services are offered (custody only? execution?)
• Who are eligible clients?
• What is the pricing model (if disclosed)?
• Who is the sub-custodian (if disclosed)?

Use public sources (press releases, website, news coverage).

Part 2: Regulatory Compliance Assessment (200-300 words)

• OCC IL 1170, 1183, 1184 requirements
• Third-party risk management expectations
• Safety and soundness standards

Identify any gaps or areas of potential examiner focus.

Part 3: XRP Inclusion Prospects (200-250 words)

• Does this bank currently support XRP custody?
• What would need to happen for XRP inclusion?
• What's the probability of XRP custody in 12-24 months?
• What partnership opportunities exist (e.g., Ripple relationship)?

Part 4: Competitive Position (150-200 words)

• How does this bank's offering compare to crypto-native providers?

• What advantages does the bank have?

• What disadvantages?

• Is the current offering sustainable competitively?

• Accuracy of service documentation (25%)

• Quality of regulatory analysis (25%)

• XRP assessment reasoning (25%)

• Competitive analysis depth (25%)

Time investment: 2-3 hours
Value: Develops ability to analyze bank crypto offerings and assess XRP relevance

---

1. Custody Fundamentals (Tests Understanding):

What makes crypto custody fundamentally different from traditional custody of securities?

A) Crypto custody requires more insurance
B) Crypto custody involves safeguarding private keys that directly control blockchain assets, with no central registry or recovery mechanism
C) Crypto custody is only available to institutional clients
D) Crypto custody is less regulated than securities custody

Correct Answer: B

Explanation: Traditional custody involves entries in central registries (like DTC)—ownership records that can be reconstructed and don't depend on physical possession. Crypto custody requires controlling private keys. Loss of keys means permanent loss of assets—there's no "password reset" or central registry to restore ownership. This fundamental difference drives all the security, insurance, and operational considerations unique to crypto custody. Insurance differences (A) are a consequence, not the cause. Client type (C) and regulation level (D) don't capture the fundamental distinction.

---

2. OCC Permissions (Tests Regulatory Knowledge):

Under IL 1184 (May 2025), which additional custody-related activity did the OCC authorize?

A) Proprietary trading of crypto for bank profit
B) Sub-custody arrangements allowing banks to use third-party crypto custodians
C) Crypto lending to retail customers
D) Staking of client assets for yield

Correct Answer: B

Explanation: IL 1184 explicitly authorized banks to use sub-custodians for crypto custody operations. This was significant because it validated the partnership model most banks use (bank as client interface, crypto-native firm as operational provider). IL 1184 also authorized execution services for custody clients. It did NOT authorize proprietary trading (A), lending (C), or staking (D)—those activities remain unclear or prohibited.

---

3. Sub-Custody Model (Tests Strategic Understanding):

Why do most banks use sub-custodians rather than building proprietary crypto custody infrastructure?

A) Bank regulators require sub-custody arrangements
B) Building proprietary infrastructure is faster and cheaper
C) Sub-custodians provide proven technology, specialized expertise, and faster time to market, while banks provide relationship and regulatory wrapper
D) Sub-custodians have exclusive licenses for crypto custody

Correct Answer: C

Explanation: The sub-custody model reflects rational build-vs-buy analysis: building proprietary crypto infrastructure requires $50-100M+ investment, 2-3 years, and specialized talent most banks lack. Sub-custodians offer proven technology and expertise, enabling banks to launch in months rather than years. Banks add value through existing client relationships, regulatory standing, and balance sheet strength. Regulators don't require sub-custody (A)—some banks could build internally. Building in-house is slower and more expensive, not faster (B). No exclusive licenses exist (D).

---

4. Bank Implementations (Tests Current Knowledge):

Which statement accurately describes the current state of major bank crypto custody?

A) JPMorgan offers the most comprehensive crypto custody, including XRP
B) BNY Mellon offers crypto custody and has announced a partnership with Ripple for RLUSD custody
C) US Bank has permanently exited crypto custody due to regulatory concerns
D) No major US bank currently offers crypto custody services

Correct Answer: B

Explanation: BNY Mellon is actively offering crypto custody and announced its Ripple partnership for RLUSD in July 2025. JPMorgan has been cautious about direct crypto custody for clients (A is wrong). US Bank resumed crypto custody in September 2025 after pausing during 2022-2024 (C is wrong). Multiple major banks offer custody (D is wrong). BNY Mellon's Ripple relationship is particularly relevant for XRP Academy students.

---

5. XRP Implications (Tests Applied Analysis):

What would most likely need to happen for a major bank like BNY Mellon to add XRP custody to its offerings?

A) Regulatory prohibition of Bitcoin custody, forcing banks to diversify
B) Demonstrated institutional demand for XRP custody and/or Ripple business development creating partnership incentive
C) Complete collapse of Bitcoin prices
D) Congressional mandate requiring banks to custody all cryptocurrencies

Correct Answer: B

Explanation: Banks add assets based on client demand and strategic partnerships. XRP custody would likely require: (1) institutional clients requesting XRP custody from their bank, and/or (2) Ripple business development creating partnership rationale (similar to RLUSD custody partnership). Banks won't add assets without business justification. Options A, C, and D describe implausible scenarios that wouldn't logically lead to XRP custody expansion.

---

For Next Lesson:
Lesson 8 will examine the GENIUS Act in depth—its provisions, implementation timeline, and implications for bank stablecoin activities. Understanding GENIUS is essential because it creates the statutory framework for bank stablecoin engagement, including RLUSD positioning.

---

End of Lesson 7

Total words: ~5,300
Estimated completion time: 50 minutes reading + 2-3 hours for deliverable