Banks Can do (Almost) Anything Under CLARITY
June 19, 2026
The arc of national-bank digital-asset authority from 2020 to 2024 was the cleanest case study available in regulatory whiplash. OCC Interpretive Letter 1170 (July 22, 2020) confirmed that national banks could provide cryptocurrency custody services. IL 1172 (September 21, 2020) extended the authority to holding stablecoin reserves. IL 1174 (January 4, 2021) authorized independent node verification networks and stablecoin issuance. IL 1179 (November 18, 2021) then walked back the predecessor letters by imposing a supervisory non-objection requirement before any covered activity could be conducted. SAB 121 (April 2022, rescinded in 2025) added accounting-side friction by requiring custodied digital assets to be reflected on bank balance sheets. The FDIC’s 2022 “pause letters” to state-chartered banks discouraged or blocked specific digital-asset activities. Custodia Bank, Inc. v. Federal Reserve Board, 1:22-cv-00125 (D. Wyo.), the Operation Choke Point 2.0 hearings, and the BNY Mellon and JPMorgan Onyx custody platforms played out against the same regulatory background. Whether a national bank could custody Bitcoin depended in 2024 on which administration was in office and which OCC interpretive letter was most recent. That posture is not how a federal banking system is supposed to operate.
§401 of the engrossed Senate substitute is the legislative end of the arc. The section enumerates fourteen specific bank activities involving digital assets, declares them permissible by statute, authorizes national banks, financial holding companies, federal credit unions, and (by parity) insured state banks and state credit unions to engage in them, eliminates prior-notice and prior-approval requirements outside the existing organic banking statutes, and explicitly excludes the activities from being treated as anything other than the business of banking under 12 U.S.C. § 24 Seventh. Whatever residual question the OCC’s interpretive-letter framework left open about whether banks could do these activities at all is now answered by Congress.
The Fourteen Activities
§401(g) is the operative list. It is best read in full because the breadth of the authority granted only becomes apparent when the activities are read consecutively. The list runs to:
- providing custodial, fiduciary, or safekeeping services for digital assets;
- providing related custodial services for digital assets and distributed ledgers, including staking, facilitating digital asset lending, distributed ledger governance services, and advancing funds for the purchase of digital assets or in respect of distributions on digital assets, whether as principal or agent;
- facilitating customer purchases and sales of digital assets;
- making loans collateralized by digital assets;
- engaging in payment activities involving digital assets;
- purchasing or selling digital assets as principal for any investment or trading purpose;
- operating a node on a distributed ledger;
- providing self-custodial wallet software;
- engaging in derivatives transactions, including related hedging activities, in a manner consistent with 12 C.F.R. § 7.1030 as in effect on the date of enactment;
- providing brokerage services, including clearing and execution services, whether alone or in combination with other incidental activities;
- facilitating transactions in the secondary market for all types of digital assets on a riskless principal basis;
- holding as principal digital assets to the extent incidental to an otherwise permissible activity, including holding digital assets to pay fees arising from distributed ledger system interactions;
- underwriting, dealing in, or making a market in digital assets; and
- exercising all such incidental powers as are necessary to carry out any of the activities described in paragraphs (1) through (13).
Read activity by activity, the structural changes are substantial. Custody (g)(1) was confirmed by IL 1170 in 2020 and contested under IL 1179 thereafter. §401 puts it beyond dispute. Related custodial services (g)(2) including staking, lending, governance, and advancing funds were never cleanly addressed in the IL series and were treated as supervisory negotiations under the IL 1179 regime. §401 enumerates them as permitted. The staking authorization in particular intersects with the §4B(a)(5)(B)(iv) custodial staking framework covered in Post #8 of this series: the SEC’s rule defining “exclusively administrative or ministerial” custodial staking will define the operational scope of bank staking services, but the activity itself is statutorily authorized.
(g)(3) facilitating customer purchases and sales is a brokered-execution authority that maps onto bank trading desks operating as agents for customers. (g)(4) lending collateralized by digital assets covers Bitcoin-backed loans, ETH-backed loans, and the broader category of digital-asset-secured lending that pre-CLARITY regulatory uncertainty had pushed into specialty lenders. (g)(5) payment activities involving digital assets is the stablecoin-payment-rails authority and dovetails with the GENIUS Act framework for permitted payment stablecoin issuers.
(g)(6) and (g)(13) are the two most expansive grants and deserve separate attention. (g)(6) authorizes purchasing or selling digital assets as principal for any investment or trading purpose. The pre-CLARITY position on bank principal trading in non-stablecoin digital assets was that such activity was not permissible under 12 U.S.C. § 24 Seventh because digital assets were not securities or otherwise within an enumerated category. (g)(6) overrides that position by statute. National banks can now hold Bitcoin, Ethereum, or any other digital asset on their balance sheets as principal investments, subject to safety-and-soundness oversight. (g)(13) authorizes underwriting, dealing in, or making a market in digital assets. The Glass-Steagall residue that nominally separates underwriting and dealing in securities from commercial banking has no analog in the digital-asset context; (g)(13) authorizes the full investment-bank suite of underwriting, dealing, and market-making for digital assets.
(g)(7) operating a node on a distributed ledger and (g)(8) providing self-custodial wallet software are the infrastructure authorities. Banks can run Ethereum validators, Bitcoin nodes, Solana validators, and similar infrastructure. They can also build and distribute wallet software, including non-custodial wallets where the bank does not hold the underlying keys. The latter is a substantial change from the pre-CLARITY interpretive framework, which would have struggled to fit non-custodial wallet software into 12 U.S.C. § 24 Seventh on a conventional reading.
(g)(9) derivatives transactions are authorized in a manner consistent with 12 C.F.R. § 7.1030 as in effect on the date of enactment. The reference to § 7.1030 incorporates the OCC’s existing derivatives regulatory framework. The structural choice is to extend the existing regulatory architecture for bank derivatives activities to digital-asset derivatives, without rewriting the framework.
(g)(10) brokerage services including clearing and execution and (g)(11) riskless-principal facilitation of secondary-market transactions are the broker-dealer-equivalent authorities. Banks can operate digital-asset brokerage platforms, clear digital-asset trades, and execute customer orders. (g)(11)’s riskless-principal authority specifically addresses the structural issue that bank trading of digital assets for customers requires the bank, in practice, to use its own account to offset the customer trade. The pre-CLARITY position was that riskless-principal digital-asset trading was not within § 24 Seventh; (g)(11) overrides.
(g)(12) holding as principal digital assets to the extent incidental to an otherwise permissible activity includes the de minimis category of bank operations: holding tokens to pay protocol fees, holding stablecoins for payment-rail operations, holding governance tokens to participate in protocol decisions affecting bank-held assets. The “incidental to” qualifier means the bank’s holding must be tied to another permitted activity, but the catchall is broad enough to accommodate the full range of operational holdings.
(g)(14) the incidental-powers clause is the residual. It authorizes “all such incidental powers as are necessary to carry out any of the activities described in paragraphs (1) through (13).” The clause functions like the parallel residual in 12 U.S.C. § 24 Seventh (”such incidental powers as shall be necessary to carry on the business of banking”), and operates as the catchall under which the OCC has historically expanded national-bank authority case-by-case. After §401, the OCC can rely on (g)(14) to authorize incidental activities that have not yet been invented.
The Structural Choice: Business-of-Banking by Statute
§401(c)(2) is the doctrinally important provision. It declares that the activities described in paragraphs (1) through (5) and (7) through (14) of §401(g) “are authorized as part of, or incidental to, the business of banking under the paragraph designated as the ‘Seventh’ of section 5136 of the Revised Statutes (12 U.S.C. 24).” The activity numbered (6), principal trading for investment or trading purpose, is conspicuously absent from §401(c)(2)’s business-of-banking declaration. The omission appears intentional. (g)(6) authorizes the activity as a statutory matter, but the business-of-banking classification under § 24 Seventh, which has historically constrained bank principal-trading activity in securities, is not extended.
§401(c)(2)’s structural move matters because it bootstraps the §401 activities into the existing 12 U.S.C. § 24 Seventh framework rather than creating a parallel regulatory architecture. The activities are not granted under a new digital-asset banking statute. They are added to the conventional business-of-banking framework. That has two consequences. First, the existing supervisory and safety-and-soundness framework applies. The OCC’s examiners can examine bank digital-asset activities the way they examine bank securities, deposit-taking, and lending activities. Second, the existing legal infrastructure (sound banking principles, customer-protection rules, transaction-with-affiliates restrictions, lending limits) applies. The §401(c)(3) rule of construction reinforces this: the digital-asset character of an activity does not exempt it from any prohibition, restriction, registration, limitation, or other requirement that would apply if the activity were conducted without digital-asset involvement. A bank conducting an underwriting under (g)(13) with respect to a digital asset that is a security must still comply with the securities laws applicable to that underwriting; a bank conducting derivatives transactions under (g)(9) must still comply with the derivatives regulatory framework. The (c)(3) clause is the equivalent of the §505 tokenization-parity rule covered in Post #13: form does not change substance.
§401(b) extends the same architecture to financial holding companies under § 4(k) of the Bank Holding Company Act of 1956. The §401(g) activities are declared “financial in nature” for § 4(k) purposes, which authorizes FHCs (and their subsidiaries) to engage in the activities under the existing § 4(k) regulatory framework. The structural effect is that the major bank holding companies (JPMorgan Chase, Bank of America, Wells Fargo, Citigroup, Goldman Sachs, Morgan Stanley) and their non-bank subsidiaries (JPMorgan Onyx/Kinexys, the BNY Mellon digital-asset custody platform, the State Street digital-asset division) can conduct §401(g) activities at the holding-company level without separate banking-statute authorization.
State-Bank Parity and Credit Unions
§401(d) provides state-bank parity. For purposes of FDI Act § 24(a) and (d), the activities authorized for national banks under §401(c) are permissible for insured state banks and their subsidiaries to engage in as principal. The parity provision means that a state-chartered bank can do anything a national bank can do under §401, subject to state-law authorization and FDIC supervisory oversight. The Custodia Bank precedent on master-account access (the Custodia Bank litigation in the D. Wyo.) is not directly addressed by §401, but the parity provision means that a state-chartered specialty bank holding a state crypto-banking charter (Wyoming SPDIs, the Nebraska digital-asset depository institution charter, the Texas industrial banking framework) can engage in §401 activities to the extent the FDIC’s supervisory regime permits.
§401(e) extends authority to federal credit unions, with the §401(g) activities classified as authorized under § 107(17) of the Federal Credit Union Act. §401(f) provides credit-union parity for state-chartered credit unions, subject to state law and any NCUA limitations applicable to insured credit unions. The credit-union authorization is meaningful because the pre-CLARITY interpretive framework on credit-union digital-asset activities was even more restrictive than the national-bank framework. The 2021 NCUA Letter to Credit Unions 21-CU-16 permitted limited custody-and-execution partnerships with third-party providers but did not authorize principal-trading or full-service digital-asset banking. §401 changes that.
§401(h) and the End of Prior Approval
§401(h) is short and consequential. It eliminates prior-notice and prior-approval requirements for the §401 activities, except for those required under the National Bank Act, the Federal Reserve Act, the Bank Holding Company Act, and the Federal Credit Union Act. The OCC’s IL 1179 prior-supervisory-non-objection regime is foreclosed. The FDIC’s pause-letter framework, to the extent it operated as a prior-approval requirement outside the existing banking statutes, is foreclosed. The Federal Reserve’s pre-CLARITY positions on Federal Reserve-supervised institutions engaging in digital-asset activities, to the extent they imposed prior-approval requirements outside the existing statutes, are foreclosed.
The §401(h) carve-out for the organic banking statutes means that the routine supervisory tools the agencies use under those statutes (examination, capital and liquidity requirements, supervisory expectations communicated through guidance, enforcement actions for unsafe-and-unsound practices) remain available. What is foreclosed is the imposition of new prior-approval regimes that are not grounded in the existing organic statutes. The structural choice is to require the agencies to use the tools they have rather than to invent new tools for the digital-asset space.
§401(i) preserves the existing safety-and-soundness authorities of the federal banking agencies and the NCUA. The activities authorized under §401 are subject to ordinary supervisory oversight, and the agencies retain authority to determine that any §401 activity, as conducted by a particular institution, is unsafe or unsound and to take enforcement action accordingly. The structural choice is permissive-by-default with safety-and-soundness backstop, not permissive-with-prior-approval.
§401(j) and the NFT Exclusion
§401(j) excludes nonfungible assets from the authorities granted under §401. The exclusion runs through the entire section. Banks cannot custody NFTs, lend against NFTs, deal in NFTs, or make markets in NFTs under §401. The cross-reference to §602’s NFT framework covered in Post #12 of this series is implicit but important. NFTs sit in their own regulatory bucket under CLARITY. The bank-permissibility framework does not extend to that bucket.
The structural choice reflects the residual policy concerns about NFT market structure, valuation, and customer-protection issues. The May 2025 SEC staff statement on NFTs noted ongoing concerns about pump-and-dump schemes, market manipulation, and investor protection in NFT markets. Congress responded by excluding NFTs from the bank-permissibility regime, on the theory that banks should not be brokers, dealers, or custodians for an asset class with the volatility and information-asymmetry characteristics of NFTs. The exclusion is open to revisiting as the NFT market matures, but for now banks are not permitted to deal in or hold NFTs as principal.
§402 Portfolio Margining and §403 Netting
The cross-references to §402 and §403 deserve brief attention. §402 directs the CFTC and SEC to jointly issue rules to facilitate portfolio margining across securities, security-based swaps, futures, options on futures, swaps, and digital commodities. The rule must address the bankruptcy and SIPA treatment of accounts holding mixed assets, and must be developed with the participation of the Federal Reserve, FDIC, OCC, state bank supervisors, and SIPC. The portfolio-margining framework is structurally important because the §401 activities position banks to operate brokerage and clearing services for digital-asset and securities products simultaneously. The cross-margining of those positions is operationally significant for capital efficiency, and the §402 rulemaking will determine how aggressively the agencies can authorize netting across asset classes.
§403 directs the Fed, OCC, and FDIC to develop risk-based and leverage capital requirements that address netting agreements providing for termination and close-out netting across multiple types of financial transactions, in the event of counterparty default. The netting-recognition framework is structurally important for derivatives and other transactions involving digital assets. The pre-CLARITY position on whether close-out netting of digital-asset derivatives transactions qualified for capital netting recognition under the existing risk-based capital rules was uncertain, and §403 directs the agencies to clarify.
The Regulatory-competition Dynamic
The §401 framework reshapes the competitive landscape for digital-asset financial services. Three structural shifts are worth flagging.
First, national banks now have substantially equivalent authority to state-chartered specialty banks. The Wyoming SPDIs (Custodia, Kraken Bank as it eventually exists, Avanti as it existed), the Nebraska digital-asset depository institutions, and the federally chartered specialty banks that have been chartered or are pending now compete on a level playing field with national banks for digital-asset banking business. The §401(d) parity provision means that state-chartered banks are not disadvantaged relative to national banks on the federal-law authority front, but the federal supervisory regime (OCC for national banks, FDIC for state-chartered banks) and the master-account-access framework (covered partially by the Custodia Bank litigation) remain separate questions.
Second, financial holding companies can now offer the full digital-asset suite. JPMorgan’s Onyx/Kinexys platform, BNY Mellon’s digital-asset custody platform, State Street’s tokenization platform, and similar offerings at other major institutions can be expanded to include underwriting, market-making, principal trading, and brokerage activities. The competitive pressure on the standalone crypto exchanges (Coinbase, Kraken, Gemini, the Crypto.com US operation) will increase as the major FHCs enter the market with the structural advantages of established banking franchises (customer base, capital, regulatory relationships).
Third, federal credit unions enter the market with §401(e) authority. The historically conservative posture of the credit-union industry on digital-asset activities is now a strategic choice rather than a regulatory mandate. The largest credit unions (Navy Federal, State Employees’, PenFed) can engage in custody, brokerage, lending, and other §401 activities. The competitive effect on smaller community banks, which have historically competed with credit unions in retail and small-business banking, is direct.
The §404 Yield Carve-Out is the Limit
§404, covered in Post #11 of this series, is the residual prohibition on a “covered party” (a digital asset service provider and its affiliates, excluding permitted payment stablecoin issuers and registered foreign stablecoin issuers) paying interest or yield “economically or functionally equivalent” to deposit interest on payment stablecoin balances held by U.S. persons. The §404 prohibition does not apply to banks engaged in §401 activities other than payment-stablecoin yield, but it shapes the bank-stablecoin-product design space. A bank operating a payment-stablecoin product cannot pay interest on stablecoin balances in a manner equivalent to deposit interest; the bank’s stablecoin offering and its deposit offering must be substantively differentiated. The §404(c)(2) activity-based exception preserves activity-based rewards for liquidity provision, market-making, staking, governance participation, validation, and loyalty programs, which leaves substantial room for bank-stablecoin product design even within the §404 prohibition.
Takeaways
§401 may be the most consequential statutory change in U.S. banking law since the Gramm-Leach-Bliley Act of 1999. Once passed, the pre-CLARITY interpretive uncertainty will be over over. The prior-approval framework outside the existing organic banking statutes is foreclosed. The state-bank parity, FHC authority, and credit-union authority provisions complete the framework.
The structural questions that remain are about execution rather than authority. How will the OCC, FDIC, Federal Reserve, and NCUA exercise their ongoing supervisory oversight of §401 activities? How will the SEC and CFTC develop the §402 portfolio-margining framework? How will the §403 netting rulemaking shape capital efficiency for bank digital-asset derivatives activity? How will the §404 yield prohibition interact with bank stablecoin product design? These are the next round of practitioner questions, but they are questions about how banks engage in digital-asset activities, not whether they can.
The dynamic to watch is the rapidity of bank entry into the digital-asset business. The structural advantages of the major bank holding companies (regulatory relationships, capital, established customer bases, deposit franchises) are real. The structural disadvantages (legacy technology, conservative compliance culture, slow product cycles) are also real. The competitive pressure on the standalone crypto-native firms will be substantial. The market structure of U.S. digital-asset financial services in 2030 is going to look very different from the market structure of U.S. digital-asset financial services in 2025, and §401 is the reason.
Written by David Lopez Kurtz