North Carolina made history when it passed the nation’s first law addressing issues surrounding blockchain and virtual currency. NC Privacy Law Blog recently sat down for a conversation with the man whose office played a key role in that effort, state Commissioner of Banks Ray Grace. (Hyperlinks added after the fact by NC Privacy Law Blog)
Q: How does one go about becoming the Commissioner of Banks?
A: Well, every child has their dream job. You want to be an astronaut, a cowboy, whatever. My dream, growing up in upstate New York, was to become a bank examiner.
Q: Very impressive.
A: Well, it’s a little more prosaic. I left the Marines in 1969 after my tour of Vietnam. I had been stationed at Camp Lejeune, and for reasons we’ll leave out of the interview, I ended up spending weekends in and loving Raleigh.
I returned to New York to finish college, but there was never any question that I would be back. I remember graduating in December 1973. Drove through a blizzard to get to Raleigh, where it was a balmy 60 degrees. Never looked back.
Q: And the office of Commissioner of Banks?
A: The economy wasn’t the greatest at the time. We were in a serious real estate recession. I was painting houses to pay the bills. I heard this office had an opening, so I interviewed.
Q: And the rest is history.
A: Pretty much. Now, the job itself has of course changed over the years, though not fundamentally. When I started with the agency, we most often visited community or small regional banks that were integral to the fabric of their communities. Our main concern then was asset quality, especially potential exposure in their real estate portfolios.
The emphasis and focus of our supervision has changed from time to time, but the bottom line has always been the same: protecting the public and ensuring the safety and soundness of our banks, and their compliance with banking laws.
Q: Technology is one of the changes?
A: Yes. When I started, everything was paper. Calculations were often handled on manual adding machines, notably Burroughs 100-key adding machines. Computers were just coming on the scene. They were there of course, and they became prevalent fairly quickly, but in the late 1970s and early 1980s, only a couple of the largest banks had their own mainframes.
Most banks used vendors, third-party processors, to have their work processed. A few very small banks did not adopt any computer processing until the mid-1980s, when NOW (negotiable order of withdrawal) accounts came on the scene.
Q: When did this change?
A: State and federal regulators became concerned about the control issues introduced with automation during the late 1970s. This gave rise to early automation examination procedures to assure banks developed appropriate control protocols for the automated environment. As you might expect, the level of sophistication and emphasis of supervisory involvement with automation evolved with the increasing presence of automation in the industry. At the time, we referred to this automation as EDP; electronic data processing. Now, of course, it’s referred to as IT; information technology.
Q: And North Carolina?
A: North Carolina was one of the first states to develop its own EDP examination team and protocols. We contracted with then-Peat Marwick Mitchell to get eight weeks of intensive training on EDP control concerns and the use of their new s2170 automated examination software. The initial team consisted of four volunteer examiners, including myself. One dropped out at the end of the training, but we had a core team to do EDP examinations, and North Carolina is still one of the relatively few states who have such a program.
Large banks then typically used “mainframe” computer systems, while smaller banks first opted for processing by cooperatives or other outside EDP vendors, such as Allied and ADP. Late, manufacturers introduced smaller computers such as the IBM System 34s and 36s, allowing an increasing number of banks to migrate from serviced to in-house processing.
Q: What were the technical issues in those days?
A: Well, you have to understand that computers marked the end of an era. Banks had been doing the Bob Cratchitt thing, using the “Boston ledger” system for almost a century. Bankers and bank examiners alike were accustomed to internal routines and controls in a fully manual system. The old “Boston Ledger,” hand-posting of transactions, paper debit and credit tickets, and so forth were the standard for banking.
As banks began to automate their systems, bankers and examiners had to migrate their thinking about the control environment to much different ways of recording transactions and maintaining books and records.
This presented challenge to bankers and examiners. We had to figure out where any new vulnerabilities lay, and how to mitigate them.
Q: How did you go about developing the new system without a track record?
A: By using and building on the training we had initially received from Peat Marwick, and working from analogs in the old manual world. Then on one examination at a small, well-run but newly-automating bank, we were brought up short by the CEO. We were explaining that her bank needed to develop a comprehensive “Systems and Procedures Manual” for its automated operations. She was a well-respected, no-nonsense old-school banker, and she asked me to recommend a similar bank that had such a manual. I couldn’t. She asked how we could expect her to do one if we hadn’t seen one, and further, how one could be obtained.
I suggested it would be really great if we could spend some time in a bank and develop one from scratch. If only I knew… She called the Governor, who called the Commissioner, who then called me and told me to stay there until I had written the manual. Suffice to say, we ended up writing a Systems and Procedures Manual.
We broke down the operations of the bank into components, and studied their interfaces with the automated systems, and from that, determined where control vulnerabilities existed. We developed practical but effective mitigants, and then reassembled the process.
That manual became the guideline for automated community banks for years thereafter.
Q: So those were the early days of involvement with automation technology for your agency. What about the 2016 Money Transmitters Act? First, why did you opt for legislation? Many regulators prefer to handle it by adjudication.
A: Well, it’s a question of fairness. Now I know that bankers have not exactly been popular recently. But in my four decades of experience, it’s a clean industry. We look at them closely. And I can count the folks I’d consider genuinely bad apples on one hand.
In 2010 and 2011, my predecessor in office, Joe Smith, took up a fairly comprehensive revision and modernization of Chapter 53 of the North Carolina General Statutes. It had been left unchanged for 60 or 70 years. By the way, that says something about the drafters. It’s pretty incredible that you can leave a statute largely untouched for that long without adverse consequences to the industry. But a lot had changed in the banking industry, and our statutes needed to recognize that.
Joe’s approach to drafting and successfully seeking passage of that rewrite impressed me as the way laws ought to be written in a functioning democracy. He actively sought out the input of all conceivable stakeholders; practical bankers, bank counsel, consumer advocates, legislative leaders, and held meetings with them at key points throughout the drafting process. This process was eminently fair to all involved, and it worked. That’s a model for legislation I wish to follow.
As to financial regulation, my approach is to be transparent about our objectives and expectations. That begins with laws that are fair to the industry and to the consumers it serves.
In applying those laws, I think it’s important to give value added with supervision. I do not believe in supervision that leads with the hammer, with enforcement actions or litigation. My preference is to assist entities to understand and comply with existing law, regulation and industry standards of behavior. Only when we encounter illicit resistance to this approach do we move to drop the hammer.
Q: So you opted for legislation because that reflects that philosophy?
A: Yes, very much so.
Q: And it was a conscious decision?
A: Well, sure. We had been having conversations with our colleagues from other states. There was this dawning realization that here comes yet another technological shift: Bitcoin, virtual currency, crypto-currency.
Q: What about virtual currency?
A: Our interest in that space began with our receipt of an application under the Money Transmitter Act from an entity that wanted to do money transmission, but with Bitcoin rather than fiat money. So this triggered a move on our part to examine the law. The decision we would make would set a precedent.
I held the application up for further study, as I didn’t think the Governor would want to wake up and learn North Carolina was the epicenter for the latest Mt. Gox or Silk Road scandal. We needed to know more about this technology, to better protect North Carolina consumers. We needed to be sure we had an adequate regulatory framework in place to accomplish that.
Q: What was the response?
A: Well, we contacted the stakeholders: the political leadership, law enforcement, other state agencies, industry groups, consumer groups, folks who were participating in the process, a legislative representative, and began holding periodic meetings to discuss and study the matter. Initially, there were two overarching concerns.
Two, some folks weren’t sure about the underlying fundamentals. I mean, this is purely virtual currency. Is this real money? Where is the value?
Q: How did you handle those concerns?
A: It was more a case of letting the process play out. Initially, almost every stakeholder was skeptical. Then, as they worked through it, they started coming around.
And at the end, they had (nearly) unanimously come to the opinion that virtual currency had real value and that it was probably here to stay. This wasn’t a flash in the pan or flavor of the month.
Q: So what were your objectives?
A: Well, we recognized that these developments had pluses. It is a fascinating technology. When it worked, it was fast and cheap. It could make settlements faster and easier. And it was durable: it came back from earlier scandals.
Private equity was pouring money in. That investment showed that they believed in it.
As for the concern that virtual currency was ethereal, that it was somehow not real money, just bits and bytes – well, in some ways that’s true of our currency, right? Twenty dollars is worth $20 because we agree that it is. It’s not worth $20 because the paper and ink are worth that much. And it isn’t backed by gold or other tangible assets.
It’s backed by the full faith and credit of the government. Virtual currency is validated and backed by believers, those who use it in the virtual marketplace.
Q: So what does the legislation do?
A: Well, the Money Transmitters Act, which we’re treating as effective October 1, 2016, clarifies issues of applicability and enforcement.
Financial supervision is costly; so the legislation changes the funding mechanism from fee-based to volume-based assessments, enabling the industry to fund the cost of its supervision.
The legislation gives us authority to enforce federal law (such as BSA) as well as state laws.
It allows so-called “permissible investments,” the consumers’ first line of assurance that funds will be on hand to settle transactions, to be held in like currencies. In other words, Bitcoin can be held to back Bitcoin. This eliminates the issue of volatility of virtual currency between transmission and receipt.
It clarifies applicability of the Act. For example, it clarifies the scope of the business-to business exemption.
Essentially, the revised MTA treats transmitters of virtual currency the same way as it does conventional, fiat transmitters such as Western Union.
Those conducting the money transmission business for consumers must be licensed, a process by which we seek to keep bad actors out of the business. The legislation recognizes that validation will be done by the market. It does not regulate individuals. Neither does it regulate virtual currency.
Q: And what’s your response to critics who say that you’re regulating this industry – blockchain, fintech – this free domain, a Wild West of innovation if you will?
A: I think we’re doing our job. We recognize there are risks. For example, if there was a major bitcoin theft, people would ask where the regulators were. We are putting reasonable measures in place that will hopefully protect consumers while not unduly hampering innovation. North Carolina encourages business and welcomes technological progress.
We don’t regulate the virtual currency industry. We regulate transmissions to consumers and those who facilitate those transmissions for gain – virtual currency is handled the same way we would supervise transactions in U.S. dollars.
All our examinations do – the same examinations that Western Union or any other non-exempt transmitter undergoes – is to verify the systems of control.
Q: What has the reaction to the legislation been?
A: Well, there were some initial misconceptions that caused resentment and pushback. But as people have become familiarized with the details of the legislation, that’s largely abated.
Q: Where do you see this headed?
A: Well, there is a lot of excitement, and a lot of talk of disruption. The history of banking is replete with changes. With regard to new technology, including the so-called “fintech” industry, history suggests that bankers will carefully follow new products and delivery mechanisms, determine which will give value to their model, and partner with or subsume them.
Now, we’re seeing private equity and the really big banks investing heavily in this technology. It’s a pretty heavy lift, but they have the resources and the credibility.
So some amazing changes are in the offing, many of which were not even imaginable five or 10 years ago. The proper role of regulators, in my opinion, is to continue to evaluate both the risks and the potential rewards of these new technologies, construct practical and effective measures to mitigate the risks, and allow the market to implement the changes. That, at least, is my intent.