Home Credit union DLT Greenlit by NCUA – Fintech

DLT Greenlit by NCUA – Fintech


On May 25, 2022, the U.S. National Credit Union Administration (“NCUA”) issued a letter permitting federally insured credit unions to use Distributed Ledger Technologies (“DLT Letter”).1 The DLT letter also outlines some of the agency’s oversight expectations for DLT governance and risk management and notes that any use must comply with other applicable laws.

The DLT letter discusses the use of DLT as the underlying technology to support the otherwise permitted activities of a credit union. It does not allow specific uses of DLT, such as issuing cryptocurrency or validating digital asset transactions. However, it also does not require prior NCUA approval for DLT activities or explicitly prohibit any activity involving DLT. Therefore, the path for credit union involvement in digital asset innovation remains open and may present fewer barriers than the path for banks.

In this legal update, we summarize the DLT letter and discuss its possible implications for credit unions.

Letter DLT

The DLT letter does not define the term “DLT”, but the NCUA has historically defined it as “a shared electronic database where copies of the same information are stored on a distributed network of computers”.2 The DLT letter states that the use of DLT “as an underlying technology by credit unions is not prohibited if deployed for permitted activities and in compliance with all applicable laws and regulations.”

The DLT letter notes that DLT is a new and emerging technology and, therefore, should be subject to sound governance and risk management practices. A credit union may rely on a third-party vendor for assistance with DLT, but cannot assign these responsibilities solely to a vendor.

In terms of governance, NCUA expectations include notifying the credit union’s board of directors prior to the deployment of DLT and ensuring that the credit union and third parties comply with applicable laws and operate in a safe and sound manner.

For risk management, the NCUA’s expectations include applying a comprehensive risk management framework to the proposed DLT and considering relevant risks. The DLT letter notes that risks relevant to DLT include information and cybersecurity risk, legal and compliance risk, strategic and reputational risk, liquidity risk, and third-party risk.

In addition, the DLT letter states that credit unions must perform appropriate due diligence of proposed DLTs and ensure that the activity supported by the DLT is authorized for credit unions and will be conducted in accordance with applicable law, including including applicable state law.

Possible consequences

The DLT letter builds on the agency’s previous engagement with the digital asset industry. Most notably, in July 2021, the NCUA issued a request for information on how digital assets and related technologies may affect the credit union sector.3 This was followed in December 2021 by a letter that explicitly allowed credit unions to establish relationships with third-party providers who offer digital asset services to members of a credit union, subject to risk management practices. appropriate.4

The DLT letter is notable on its own in that it implies that no prior NCUA approval is required for a credit union to use DLT.5 Rather, it indicates that the agency expects credit unions to exercise judgment in deploying DLTs and indicates that NCUA reviewers will review that judgment retrospectively (i.e., after the credit union will have implemented the DLT). This contrasts with the landscape faced by banks, where the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation have stated that banks must obtain pre-approval to use DLT in cryptocurrency business.6

The DLT letter does not authorize credit unions to use DLT for specific activities, such as issuing cryptocurrency or validating digital asset transactions. Instead, it states that the DLT can be used with any activity that is otherwise permitted for the credit union (again, subject to appropriate risk management practices). This therefore leaves the door open for future determinations by the NCUA that specific digital asset activities are permitted for credit unions. As with banking regulators, we expect to see significant engagement from the digital asset industries and credit unions on which activities should or should not be considered permitted.


1. NCUA, 22-CU-07 (May 25, 2022), https://www.ncua.gov/regulation-supervision/letters-credit-unions-other-guidance/federally-insured-credit-union-use-technologies distributed ledger.

2. 86 Fed. Reg. 40,213 (July 27, 2021).

3. 86 Fed. Reg. 40,213 (July 27, 2021).

4. NCUA, 21-CU-16 (December 16, 2021).

5. A statement from NCUA Vice President Kyle Hauptman indicates that some credit unions are already using DLT, but the agency felt it necessary to issue the DLT letter to clarify that credit unions should generally feel comfortable pursuing DLT if interested. See https://www.ncua.gov/newsroom/speech/2022/ncua-vice-chairman-kyle-s-hauptman-statement-credit-union-use-distributed-ledger-technologies-letter.

6. See OCC, NR 2021-121 (23 November 2021); FDIC, FIL-16-2022 (April 7, 2022). Please see our legal update on the OCC pre-approval requirement: https://www.mayerbrown.com/en/perspectives-events/publications/2021/11/us-banking-regulators-release- roadmap-for-cryptorelated-activities-by-banks.

Visit us at mayerbrown.com

Mayer Brown is a global provider of legal services comprised of law firms that are separate entities (the “Mayer Brown Firms”). The Mayer Brown firms are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, two limited liability companies established in Illinois in the United States; Mayer Brown International LLP, a limited liability company incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales under number OC 303359); Mayer Brown, a SELAS based in France; Mayer Brown JSM, a partnership of Hong Kong and its associated entities in Asia; and Tauil & Checker Advogados, a Brazilian legal partnership with which Mayer Brown is associated. “Mayer Brown” and the Mayer Brown logo are registered trademarks of Mayer Brown law firms in their respective jurisdictions.

© Copyright 2020. Mayer Brown Practices. All rights reserved.

This article by Mayer Brown provides information and commentary on interesting legal issues and developments. The foregoing is not a complete treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action regarding the matters discussed here.