The Federal Reserve Board, Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency have issued a joint statement on crypto-asset risks to banking organizations. The term “crypto-asset” refers to any digital asset implemented using cryptographic techniques.
The statement begins with the agencies’ observations that “[t]he events of the past year have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector” and that “[t]hese events highlight a number of key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware of.” These observations are followed by descriptions of key risks associated with crypto-assets and the crypto-asset sector.
Highlighting the importance of insulating the banking system from risks related to the crypto-asset sector that cannot be mitigated or controlled, the agencies state that they “continue to take a careful and cautious approach related to current or proposed crypto-asset-related activities and exposures at each banking organization.” While affirming that “[b]anking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation,” the agencies also state that they “are continuing to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that adequately addresses safety and soundness, consumer protection, legal permissibility, and compliance with applicable laws and regulations, including anti-money laundering and illicit finance statutes and rules.” They identify “issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system” as “highly likely” to be inconsistent with safe and sound banking practices and indicate that they also have “significant” safety and soundness concerns “with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.”
The agencies note that each of them has developed a process for banking organizations to “engage in robust supervisory discussions regarding proposed and existing crypto-asset-related activities.” Banks are advised to “ensure that crypto-asset-related activities can be performed in a safe and sound manner, are legally permissible, and comply with applicable laws and regulations, including those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices). They are also advised to “ensure appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to effectively identify and manage risks.”