In 2022, the Uniform Law Commission (ULC) introduced amendments to the Uniform Commercial Code (UCC), including a new Article 12 (UCC-12). Already introduced in over 29 states, this new Article seeks to govern certain transfers of Controllable Electronic Records (CERs). The 2022 amendments also updated Article 9 to contemplate the perfection of security interests for digital assets. So far, these amendments have been enacted in seven states: Alabama, Colorado, Indiana, Nevada, New Mexico, North Dakota and Washington.

The federal government has not yet created a legal framework for digital assets, although the Basel Committee on Banking Supervision (BCBS) did introduce its Prudential Treatment of Cryptoasset Exposure guidance late last year. It may be many years before banks see legislation enacted by the federal government and potentially years longer until a regulatory framework is in place (think of the substantial delays in promulgating regulations associated with Dodd-Frank, e.g., 1033 and 1071). States have begun to fill in these gaps to address market concerns about the lack of structure and guidance for commercial transactions involving digital assets.

New provisions under UCC-12 include rules for transactions involving new types of digital assets like cryptocurrency and non-fungible tokens (NFTs). The Article calls these assets “controllable electronic records” or CERs. CERs are defined as, “a record stored in an electronic medium that can be subjected to control under Section 12-105. The term does not include a controllable account, a controllable payment intangible, a deposit account, an electronic copy of a record evidencing chattel paper, an electronic document of title, electronic money, investment property or a transferable record.” (UCC 12-102(a)(1)). The UCC now defines “controllable account” and “controllable payment intangible” under Article 9 (UCC-9). These are representative of tethered assets akin to an electronic promissory note. “Controllable account” means those that are “evidenced by a controllable electronic record that provides that the account debtor undertakes to pay the person that has control under Section 12-105 of the controllable electronic record.” (UCC 9-102(a)(27A)). And “controllable payment intangible” means “a payment intangible evidenced by a controllable electronic record that provides that the account debtor undertakes to pay the person that has control under Section 12-105 of the controllable electronic record.” (UCC 9-102(a)(27B)).

One of the biggest concerns for lenders in dealing with CERs, controllable accounts and controllable payment intangibles is undoubtedly the method of attachment and perfection, as well as the priority of their security interest. UCC-9 has now been updated to reflect these new rules. Like non-electronic accounts and payment intangibles, lenders may perfect their security interest in CERs either by establishing control or by filing a financing statement. However, control prevails in a priority battle vs. a financing statement on its own. (UCC 9-331).

Other important considerations in the new UCC provisions are the take-free and the governing law rules. The take-free rules of UCC-9 are akin to the “holder in due course” rules from UCC Article 3 (UCC-3). “Qualifying purchasers” take priority over an earlier security interest, even if perfected. (UCC 12-104(e)). And, under the governing law provision, if there is no logical jurisdiction, the parties to the agreement may choose the jurisdiction. If no jurisdiction is agreed to, the governing law will be the District of Columbia. (UCC 12-107(c)).

Banks that have delved into crypto-assets are likely familiar with the Joint Statement on Crypto-Asset Risks to Banking Organizations released earlier this year, which reiterates the Agencies’ position “that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices. Further, the agencies have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.” Of course, this statement was viewed as a response to the November 2022 downfall of FTX. Suffice to say, the Agencies expect a good deal of partnership and cooperation with them when proposing, and prior to beginning, new crypto-asset-related activities.

So, banks now have a little guidance regarding risk-weighting crypto-assets, a little guidance from the Agencies, and a little guidance from the UCC (at least in some states). What’s next? Banks should continue to monitor these changes in their applicable jurisdictions, particularly banks that have already begun to enter the crypto-asset space. Consider how these changes will affect existing loan agreements, including the grace period in Article 13 (UCC-13) to renegotiate pre-existing loan agreements regarding the method of perfection. Policies, procedures and training should be updated to reflect the bank’s position on crypto-asset lending and custody services, even to simply state that the bank does not engage in crypto-asset activities. Contemplate and implement the requisite security standards and vendors for custody of CERs, controllable accounts, and controllable payment intangibles. Review the tax consequences and reporting obligations for crypto-asset transactions. Identify the risks associated with future laws and regulations that will affect the bank’s loan agreements and other services, and design controls and contract language to mitigate those risks to the extent possible. 

Theodore Kelly serves as Associate General Counsel for Compliance Alliance. He holds a Bachelor’s Degree in Political Science from The Ohio State University, a Master’s in Business Administration from Franklin University, and a Juris Doctor from Capital University Law School. Theo began his professional career serving in the United States Marine Corps in communications security and, later, the Ohio Army National Guard as a Military Police Platoon Leader. More recently, Theo served as first-line of defense at the largest bank in the world from 2015-2017 and led Ethics & Compliance operations at a Texas-based Fortune 500 company from 2017-2021.