The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (collectively, the Agencies) on January 3, 2023 issued a joint statement on crypto-asset risks to banking organizations (Joint Statement).1 The Joint Statement comes in response to “significant volatility and the exposure of vulnerabilities in the crypto-asset sector” in the past year, and it follows several notable events impacting the crypto-asset sector, including firm failures, allegations of fraud and other misconduct among market participants, and increased enforcement activity and regulatory scrutiny from financial regulators.
The Joint Statement highlights key risks associated with digital assets implemented using cryptographic techniques, as well as the crypto-asset sector more broadly, that the Agencies believe banking organizations should consider. The Joint Statement emphasizes the importance of ensuring that “risks related to the crypto-asset sector that cannot be mitigated or controlled do not migrate to the banking system.”
In the Joint Statement, the Agencies state their belief that “issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices,” though the Joint Statement also acknowledges that the “banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type,” subject to applicable law or regulation.
The eight key risks that the Joint Statement enumerated concentrate on the following areas:
- Anti-Money Laundering: the crypto-asset sector’s risk of fraud and scams, including inaccurate or misleading representations and disclosures and other practices that may be unfair, deceptive or abusive.
- Regulatory Uncertainties: legal uncertainties and immature risk management and governance practices in the crypto-asset sector, some of which are currently the subject of legal processes and proceedings.
- Volatility and Contagion Risk: significant volatility in crypto-asset markets, especially the susceptibility of stablecoins. The Joint Statement also states that there is certain contagion risk within the sector as certain participants are interconnected, leading to concentration risks.
- Decentralized Finance: decentralized finance creates heightened risks including, but not limited to, “the lack of governance mechanisms establishing oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.”
Through the Joint Statement, the Agencies also emphasize that they have significant concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector. The Agencies note that they are “continuing to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that adequately addresses safety and soundness, consumer protection, legal permissibility, and compliance with applicable laws and regulations, including anti-money laundering and illicit finance statutes and rules.”
While the Joint Statement does not provide further rulemaking, market participants should note several areas of concern highlighted by the Agencies, which may provide insight into future regulatory developments.
Principally, market participants should recognize the current regulatory emphases upon ensuring effective consumer protection, reducing volatility in cryptocurrency markets, and mitigating concentration risks.
Interested market participants should also note the Agencies’ observation that issuing or storing cryptocurrency assets on public or decentralized networks are “highly likely to be inconsistent with safe and sound banking practices.” This may signal that federal regulators have begun to articulate a firmer position on cryptocurrency practices and may also suggest an intent to pursue future regulatory or enforcement action based on this assessment.
Market participants that constitute decentralized autonomous organizations or similar entities should likewise note the Agencies’ concerns that such organizations may not have adequate governance mechanisms or clearly defined contracts and standards. To the extent able, such entities should consider providing plainly articulated procedures surrounding investment contracts and transparent governance protocols. Banking organizations that may consider engaging with such decentralized entities should conduct thorough due diligence before committing to such an association.
Finally, entities that participate in cryptocurrency and digital asset transactions should continue to strengthen internal processes and protections designed to provide clarity with regard to banking practices and protect against risk exposure and fraud.