Federal banking regulators have issued a joint statement in an effort to provide clarity on banks' engagement in crypto-asset related activities.
The statement does not create any new supervisory requirements but warns financial institutions that they must be particularly diligent in dealing with crypto-asset safekeeping.
“Given the virtual nature of crypto-assets, and the potentially increased operational risks associated with crypto-asset safekeeping, a banking organization's cybersecurity environment should be a key focus of risk management,” the agencies said.
The statement continues, “Crypto-asset safekeeping may involve elevated levels of compliance and legal risks due to the evolving regulatory landscape.”
The document states that a banking organization that is considering providing safekeeping for crypto-assets should consider the evolving nature of the market, including the technology associated with the assets and implement a risk governance framework that adapts to relevant risks.
“Providing crypto-asset safekeeping services may entail significant resources and attention, such as developing or procuring new technology, establishing a strong control environment, and ensuring staff have appropriate technical expertise,” according to the statement. “In addition, crypto-assets may experience price volatility, which could affect the demand for safekeeping services and the value of assets held.”
In addition, rapid evolution in the market could affect the technology used for safekeeping services.
The agencies said that sound practices generally include a comprehensive analysis of each crypto-asset before safekeeping it.
They said that as with all new products, services and activities, banking organizations should consider potential risks before offering crypto asset safekeeping.
They said that an effective risk assessment should consider such things as the banking organization's:
- Core financial risks given the strategic direction and business model.
- Ability to understand a complex, evolving and potentially unfamiliar asset class. This includes keeping abreast of industry leading practices.
- Ability to guarantee a strong control environment.
- Contingency plans to address any unanticipated challenges.
The agencies said that considering the complexities of crypto-asset safekeeping, a banking organization's board, officers and employees should have the necessary knowledge to establish adequate operational capacity and appropriate controls.
“Sound practices typically include performing a comprehensive analysis of each crypto-asset before safekeeping that crypto-asset, including for example, by identifying vulnerabilities and dependencies that could create material risks to the banking organization's safety and soundness,” the policy statement said.
As with other banking activities, crypto-asset safekeeping relationships are subject to the applicable Bank Secrecy Act/anti-money laundering requirements, as well as countering the financing of terrorism and Office of Foreign Assets Control.
In certain cases, a banking organization may choose to contract with third party custodians or other service providers. Subject to the terms and conditions of the customer agreement, a banking organization is responsible for the activities performed by the third party.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
