Banking Regulators Send Strong Warning About Crypto Risks

, , ,
  • Federal banking agencies encourage banks to monitor crypto risks, stress importance of keeping crypto sector risks isolated from broader financial system.
  • Regulators view open, public or decentralized networks as highly likely to be inconsistent with safe and sound banking practices.
  • Bank-crypto firm relationships likely to see increased regulatory scrutiny.

Joint Statement Warns of Crypto Risks, Discusses Safety and Soundness Concerns

On January 3, the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) released a joint statement on risks that they believe crypto poses to banks.[1]

The statement continued a “careful and cautious” tone regarding bank crypto exposures from banking agencies. Acting Comptroller of the Currency Michael Hsu, FDIC Chair Martin Gruenberg, and FRB Vice Chair for Bank Supervision Michael Barr have each delivered remarks urging banks to be mindful of crypto risks in recent months.

The agencies’ statement encouraged banks to monitor several risks associated with crypto, including:

  • Legal uncertainty related to crypto custody and redemption rights;
  • Potential deposit insurance misrepresentations by crypto companies;
  • The susceptibility of stablecoins to run risk, which could cause outflow issues for banks holding stablecoin reserves;
  • Interconnections among crypto firms presenting potential concentration risks for banks with exposure to the sector; and
  • Risks associated with public or decentralized blockchains, including unclear governance mechanisms and legal rights.

The agencies were careful to clarify that banks are “neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.” However, the joint statement contained two statements which banks with interests in the crypto sector heed closely.

The first statement concerns exposures to crypto which is transferred on an open or decentralized network. The agencies stated that “issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices.” The Basel Committee on Banking Supervision has also expressed concerns with potential governance and legal rights issues associated with open or permissionless blockchains. Since many major crypto tokens and stablecoins are built on public or permissionless blockchains, this could entail a significant restriction on the types of tokens which banks can have exposure.

Second, the agencies stated that they have “significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.” While the statement does not elaborate on what agencies would consider to be concentration in this context, banks which offer services in line with the risk areas outlined in the joint statement should review risk management and governance frameworks closely to prepare for regulatory scrutiny.

An Increasingly Challenging Environment for Bank-Crypto Relationships

While the target audience for the joint statement is banks, the statement could have implications for nonbank crypto firms with bank engagements with or are seeking to partner with commercial banks. The joint statement’s characterization of nonbank crypto firms as lacking adequate risk management and governance frameworks and being vulnerable to contagion risks could further alienate crypto firms from the regulated banking system. It also raises the bar for banks and their partners in this space top demonstrate their risk management acumen and strength of their governance.

Banks should view this statement as part of regulators escalating rhetoric regarding the risks posed by third-party relationships, specifically those engaged in cryptocurrency, new technologies, or novel business models.

Banks engaging in or planning to engage in relationships with crypto firms should heed the guidance from the joint statement to “ensure appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to effectively identify and manage risks.”

Further, the statement signals increasing compliance challenges for banks with business models involving crypto. Banks with significant crypto exposures should evaluate their current business plan and risk management practices and prepare to demonstrate to their regulator the safety and soundness and legality of their business practices, specifically the strength of their risk management and governance frameworks.

Put Patomak’s Banking Expertise to Work

Patomak has deep experience in helping banks and other financial institutions manage risks and respond to developments in banking regulation. Contact us to learn how Patomak can help you navigate these challenges and help you meet your business goals.


[1] Joint Statement on Crypto-Asset Risks to Banking Organizations. January 3, 2023.