Crypto Custody Made Clear: Joint Guidance From US Banking Regulators Released

The “big three” banking regulators in the United States—the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and the Federal Deposit Insurance Corporation (FDIC)—have jointly issued guidance on how banks should approach the custody of crypto assets. 

This guidance, while not introducing new rules, reinforces the necessity for banks to utilize existing risk management frameworks and compliance protocols when handling digital assets on behalf of their customers.

Standards For Crypto Asset Custody

According to reports from Fox journalist Eleanor Terret, the regulators’ statement is aimed at banking organizations that either currently provide or are considering offering safekeeping services for cryptocurrencies. 

The guidance defines “safekeeping” as the act of holding an asset for a customer’s benefit, emphasizing that banks may also offer additional custody services while focusing on the safekeeping of crypto assets.

The regulators acknowledge the complexities involved in digital asset custody. They highlight the importance of existing laws and regulations that govern fiduciary and non-fiduciary capacities. 

Banks offering these services must adhere to relevant legal standards, including those outlined in Title 12 of the Code of Federal Regulations (CFR). This includes managing crypto assets similarly to traditional assets.

Timur Suleimenov, head of the National Bank of Kazakhstan, noted that the potential for high returns from cryptocurrencies is enticing, but it is crucial to recognize the volatility associated with these assets. The regulators urge banks to conduct thorough risk assessments before entering the crypto safekeeping space. 

Furthermore, the guidance stresses the necessity for banks to have knowledgeable staff capable of navigating the intricacies of crypto-asset safekeeping. This includes developing contingency plans to address unforeseen challenges that may arise in providing these services. 

Audit Programs Recommended

In addition to operational risks, legal and compliance considerations are paramount. Banking organizations must comply with existing regulations, including the Bank Secrecy Act (BSA), anti-money laundering (AML) laws, and Office of Foreign Assets Control (OFAC) requirements. 

The guidance also emphasizes the importance of clear customer agreements that define the responsibilities of both the bank and its clients. Such agreements should address specific issues related to digital asset safekeeping, including governance, asset holding methods, and the role of any sub-custodians involved in the process. 

As banks consider offering crypto-asset safekeeping services, they must also weigh the benefits and risks of utilizing third-party sub-custodians. Due diligence is essential in selecting these partners, as banks remain responsible for the activities performed by any sub-custodian they engage. 

To ensure effective oversight, banks are encouraged to implement comprehensive audit programs that assess their crypto-asset safekeeping operations. These audits should cover various aspects, including cryptographic key management, customer asset transfers, and the overall effectiveness of the bank’s internal controls.

Featured image from DALL-E, chart from TradingView.com