On Jan. 3, 2023, the Board of Governors of the Federal Reserve System (Federal Reserve), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) (collectively, the “Agencies”) issued a joint statement (Joint Statement) that reiterates prior crypto-related guidance and highlights crypto-asset risks to banking organizations.1 The Joint Statement follows a year of volatility and exposure of vulnerabilities in the crypto-asset sector, including failures of large crypto-asset companies. The Joint Statement underscores the importance of ensuring that the risks related to the crypto-asset sector that cannot be mitigated or controlled do not migrate to the banking system.
The Joint Statement identifies eight key risks associated with crypto-asset and crypto-asset sector participants that banks should be aware of. These key risks include:
- Risk of fraud and scams among crypto-asset sector participants.
- Legal uncertainties related to custody practices, redemptions, and ownership rights, some of which are currently the subject of legal processes and proceedings.
- Inaccurate or misleading representations and disclosures by crypto-asset companies, including misrepresentations regarding federal deposit insurance, and other practices that may be unfair, deceptive, or abusive, contributing to significant harm to retail and institutional investors, customers, and counterparties.
- Significant volatility in crypto-asset markets, the effects of which include potential impacts on deposit flows associated with crypto-asset companies.
- Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves.
- Contagion risk within the crypto-asset sector resulting from interconnections among certain crypto-asset participants, including through opaque lending, investing, funding, service, and operational arrangements. These interconnections may also present concentration risks for banking organizations with exposures to the crypto-asset sector.
- Risk management and governance practices in the crypto-asset sector exhibiting a lack of maturity and robustness.
- Heightened risks associated with open, public, and/or decentralized networks, or similar systems, including but not limited to the lack of governance mechanisms establishing oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.
The Agencies warn that “issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices.” Furthermore, the Joint Statement notes that the Agencies have significant safety and soundness concerns with business models concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.
Banks Should Expect and Prepare for Enhanced Scrutiny of Crypto-Asset-Related Exposures
While the Joint Statement reminds banks that they are “neither prohibited nor discouraged from providing banking services to customers of any specific class or type, provided the services are permitted by law or regulation,” the Agencies note that they continue to assess whether or how current and proposed crypto-asset-related activities by banks can be conducted in a manner that adequately addresses safety and soundness, consumer protection, legal permissibility, and compliance with applicable laws and regulations, including anti-money-laundering and illicit finance statutes and rules.
The Agencies note they will carefully review any proposals from banks to engage in activities that involve crypto-assets, and that banks should ensure crypto-asset-related activities can be performed in a safe and sound manner, are legally permissible, and comply with applicable laws and regulations, including those designed to protect consumers. Banks are reminded to ensure appropriate risk management of crypto-asset-related activities, including board oversight and the development and implementation of policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to effectively identify and manage risks.2
Entities seeking to become regulated banking organizations will also be expected to adopt and demonstrate appropriate risk management processes and controls to mitigate risks associated with planned activities, which would include any crypto-asset-related activities, before receiving a charter or otherwise being authorized to commence business.
In the Joint Statement, the Agencies commit to: (1) continuing to closely monitor crypto-asset-related exposures of banking organizations and taking a careful and cautious approach related to current or proposed crypto-asset-related activities and exposures at each banking organization; (2) issuing additional statements, as warranted, related to engagement by banking organizations in crypto-asset-related activities; and (3) engaging and collaborating with other relevant authorities, as appropriate, on issues arising from activities involving crypto-assets.
The Agencies stated that they will continue to closely monitor crypto-asset-related exposures of banking organizations, and, as needed, issue additional statements related to engagement by banking organizations in crypto-asset-related activities. In the meantime, banking organizations should ensure appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, and monitoring, to effectively identify and manage risks.
1 By “crypto-asset,” the Agencies refer generally to any digital asset implemented using cryptographic techniques.
2 See Interagency Guidelines Establishing Standards for Safety and Soundness 12 C.F.R. 30, Appendix A (OCC); 12 C.F.R. 208, Appendix D-1 (Federal Reserve) and 12 C.F.R. 364, Appendix A (FDIC). See also OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches, 12 C.F.R. 30, Appendix D (OCC).