Agencies Issue Joint Statement on Crypto-Asset Risks to Banking Organizations

  • Source:


Treliant is an essential consulting partner to the financial industry globally and is uniquely poised to assist banking organizations assess, mitigate, and effectively manage the risks posed by crypto-assets.  Our team of senior banking and compliance professionals has extensive experience in assessing the regulatory risks posed by crypto-assets relating to liquidity management, consumer protection, fraud, anti-money laundering, and sanctions. These risks have come under increased regulatory scrutiny and current events have resulted in clear and distinct guidelines and expectations regarding the need for crypto-specific risk management programs to alleviate safety and soundness concerns.

Treliant professionals have assisted a variety of crypto-asset businesses and understand the pseudonymous, decentralized nature of the asset class as well as the various corporate cultures and business models in the market.  Our understanding of crypto-assets as financial products  serves as the knowledge base for evaluating the associated liquidity, volatility, and financial crime risks inherent to crypto transactions of all types including exchange, trading, structured, and other decentralized finance activities.  This hands-on knowledge, coupled with our regulatory and financial crimes expertise, provides the unique skill set required to conduct the tailored  risk assessment and due diligence of crypto-asset businesses necessary to assist banking organizations with risk-based governance and compliance program design and implementation.   The U.S. Board of Governors of the Federal Reserve System (FRB), Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) have issued clear and distinct guidance establishing the expectations that risk-based programs be established to safeguard against the financial losses, global financial crimes, regulatory scrutiny and reputational damage associated with crypto-asset businesses.


Given the significant risks highlighted by recent failures of several large crypto-asset companies, the Board of Governors of the Federal Reserve System (Federal Reserve), the FDIC, and the OCC (collectively, the agencies) issued a joint statement on January 3, 2023 to banking organizations regarding the risks posed by crypto-assets.

The agencies have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.  Additionally, the agencies believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices.

Banking organizations that engage in crypto-asset related activities should ensure that crypto-asset-related activities can be performed in a safe and sound manner, are legally permissible, and comply with applicable laws and regulations, including those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices).

Appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to effectively identify and manage risks associated with crypto-assets is critical.  Key risks associated with crypto-assets include, without limitation:

  • Risk of fraud and scams among crypto-asset sector participants
  • Legal uncertainties related to custody practices, redemptions, and ownership rights,
  • Inaccurate or misleading representations and disclosures by crypto-asset companies
  • Significant volatility in crypto-asset markets, the effects of which include potential impacts on deposit flows associated with crypto-asset companies
  • Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves.
  • Contagion risk within the crypto-asset sector resulting from interconnections among certain crypto-asset participants, including through opaque lending, investing, funding, service, and operational arrangements
  • Risk management and governance practices in the crypto-asset sector exhibiting a lack of maturity and robustness.
  • Heightened risks associated with open, public, and/or decentralized networks, or similar systems, including, but not limited to,
    • the lack of governance mechanisms establishing oversight of the system;
    • the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and
    • vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.

Banking organizations that propose to engage or have existing crypto-asset-related activities should comply with the relevant agency’s processes for supervisory discussion.  Each agency has developed and issued statements regarding its processes.[i]

[i] See OCC Interpretive Letter 1179 “Chief Counsel’s Interpretation Clarifying: (1) Authority of a Bank to Engage in Certain Cryptocurrency Activities; and (2) Authority of the OCC to Charter a National Trust Bank,” (November 18, 2021); Federal Reserve SR 22-6/ CA 22-6: “Engagement in Crypto-Asset-Related Activities by Federal Reserve Supervised Banking Organizations,” (August 16, 2022); and FDIC FIL-16-2022 “Notification and Supervisory Feedback Procedures for FDIC-Supervised Institutions Engaging in Crypto-Related Activities,” (April 7, 2022).


Lynne Johnston

Lynne Johnston, a Senior Director with Treliant, is an experienced executive leading U.S. and non-U.S. bank and broker-dealer regulatory and compliance programs. Her areas of focus have included financial crimes, compliance risk management and risk reporting, third-party and vendor risk management, compliance testing and controls, compliance policies and training, regulatory…