Government Crypto Asset Risk Statement for Banking Organizations

Reference guide:

The joint statement highlights the key risks associated with crypto assets that banking organizations need to be aware of and outlines the agencies’ supervisory approach. The Agencies advise that the issuance or holding of major crypto assets issued, stored or transferred in an open, public and/or decentralized network or similar system is highly likely to be incompatible with safe and sound banking practices. Agencies report significant security and robustness concerns with business models focused on crypto-asset-related activities or that have concentrated exposures to the crypto-asset sector. The Agencies advise that they continue to closely monitor banks’ exposures related to crypto assets and will issue additional statements related to activities related to crypto assets, as they deem necessary.

On January 3, 2023, the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (collectively, the “Agencies” ) issued a joint statement (Joint Statement) reiterating previous guidance related to cryptocurrencies and highlighting the risks of crypto assets for banking organizations.^one The Joint Statement follows a year of volatility and exposure of vulnerabilities in the crypto-asset sector, including the failures of large crypto-asset companies. The Joint Statement underlines the importance of ensuring that risks related to the crypto-asset sector that cannot be mitigated or controlled do not migrate to the banking system.

The Joint Statement identifies eight key risks associated with crypto assets and crypto industry participants that banks need to be aware of. These key risks include:

• Risk of fraud and scam among participants in the crypto-asset sector.

• Legal uncertainties related to custody practices, redemptions and property rights, some of which are currently the subject of judicial processes and proceedings.

• Inaccurate or misleading representations and disclosures by crypto asset companies, including false statements regarding federal deposit insurance and other practices that may be unfair, deceptive or abusive, contributing to significant harm to investors, customers and retail and institutional counterparties.

• Significant volatility in crypto asset markets, the effects of which include potential impacts on deposit flows associated with crypto asset companies.

• Susceptibility of stablecoins to risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves.

• Risk of contagion within the crypto-asset sector as a result of interconnections between certain crypto-asset participants, including through opaque lending, investment, financing, servicing and operating arrangements. These interconnections can also present concentration risks for banking organizations with exposure to the crypto-asset sector.

• Risk management and governance practices in the crypto-asset sector that show a lack of maturity and robustness.

• Increased risks associated with open, public, and/or decentralized networks, or similar systems, including, but not limited to, the lack of governance mechanisms establishing system oversight; the absence of contracts or standards to clearly establish roles, responsibilities and obligations; and vulnerabilities related to cyberattacks, outages, lost or trapped assets, and illicit financing.

The agencies warn that “issuing or holding as primary crypto assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system, is highly likely to be inconsistent with safe and sound banking practices.” In addition, the Joint Statement notes that the Agencies have significant security and robustness concerns with business models concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.

Banks should expect and prepare for enhanced scrutiny of crypto asset-related exposures

While the Joint Statement reminds banks that they “are not prohibited or discouraged from providing banking services to customers of any specific class or type, provided the services are permitted by law or regulation,” the Agencies note that they continue to evaluate if they are updated or to what extent. and proposed crypto-asset-related activities by banks may be carried out in a manner that adequately addresses safety and soundness, consumer protection, legal permissibility, and compliance with applicable laws and regulations, including statutes and rules against money laundering and illicit finance.

The Agencies note that they will carefully review any proposals by banks to engage in activities involving crypto assets, and that banks must ensure that activities involving crypto assets can be conducted in a safe and sound manner, are legally permissible, and comply with applicable regulations. . laws and regulations, including those intended to protect consumers. Banks are reminded to ensure proper risk management of crypto-related activities, including board oversight and the development and implementation of policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to identify and manage risks effectively.²

Entities seeking to become regulated banking organizations are also expected to adopt and demonstrate appropriate risk management processes and controls to mitigate risks associated with planned activities, which would include any activities related to crypto assets, prior to being chartered or authorized to start. business.

regulatory perspective

In the Joint Statement, the Agencies commit to: (1) continue to closely monitor crypto asset-related exposures of banking organizations and take a careful and cautious approach related to current or proposed crypto asset-related activities and exposures at each banking organization ; (2) issue additional statements, as warranted, related to the involvement of banking organizations in activities related to crypto assets; and (3) engage and collaborate with other relevant authorities, as appropriate, on matters arising from activities involving crypto assets.

Conclution

The agencies stated that they will continue to closely monitor banking organizations’ crypto asset-related exposures and, as necessary, will issue additional statements related to banking organizations’ involvement in crypto asset-related activities. Meanwhile, banking organizations must ensure proper risk management, including board oversight, policies, procedures, risk assessments, controls and monitoring, to effectively identify and manage risks.

---

^one By “crypto-asset”, the Agencies generally refer to any digital asset implemented using cryptographic techniques.

² Watch Interagency Guidelines Establishing Safety and Robustness Standards 12 CFR 30, Appendix A (OCC); 12 CFR 208, Appendix D-1 (Federal Reserve) and 12 CFR 364, Appendix A (FDIC). See also OCC Guidelines Setting High Standards for Certain Large National Insured Banks, Federal Insured Savings Associations, and Federal Insured Branches, 12 CFR 30, Appendix D (OCC).