Banking Regulators’ Guidance for U.S. Banks on Crypto Custody

The Federal Reserve, FDIC, and Office of the Comptroller of the Currency have jointly issued new guidance on how U.S. banks should approach crypto custody services. The statement is aimed at banks already involved or considering involvement in holding crypto-assets for customers.

Banks Must Meet Strict Standards Before Offering Crypto Custody Services

The statement restates that banks must obey the current compliance requirements and risk management practices in protecting digital assets. The emphasis here is on safekeeping which means the storage of crypto custody on behalf of a customer.

According to the joint statement, banks can offer crypto custody either as trusted managers with legal duties (fiduciary role). It can also be through secure storage providers without management responsibility (non-fiduciary role), depending on the service agreement and regulatory requirements.

If a bank holds the cryptographic keys, it holds the liability. That means the bank has full control and full responsibility. The regulators stated that banks must ensure no one else, not even the customer, can access the keys. This is what regulators call the benchmark for “true control.”

Key risks identified include cryptographic key loss, cybersecurity breaches, market volatility, and anti-money laundering obligations. Banks are expected to build proper internal controls and stay updated on crypto custody industry developments.

Banks must assess whether they have the technical capacity and compliance readiness before entering crypto custody safekeeping. Institutions will need strong operational frameworks, staff with crypto expertise, and updated technologies to handle the evolving risks of digital assets.

Banks Are Also Responsible for Third-Party Custody

There also is a provision for third-party crypto custody vendors, although the bank is responsible for any failure. Regulators stress that the banks should engage in due diligences regarding such vendors particularly in terms of private key storage. The agreements should clearly state what occurs when assets become compromised and vendors become insolvent.

The statement also revealed that anti-money laundering (AML), terrorism financing (CFT), and OFAC regulations have to be followed. Banks must confirm the identity of their customers and monitor suspect movements. Such requirements can be more difficult to achieve in a blockchain-based context in which identity is not necessarily transparent.

The official release adds that clarity is paramount regarding the legal aspects of crypto custody management. Corporate agreements can be concluded through on-chain votes, forks, or airdrop, on behalf of all the parties. Banks should also address concerns regarding wallet management, regardless of the type of storage, and the use of smart contracts.

The regulators also expect banks to have separate audit programs. These audits should include crypto custody safe keeping controls, the management of crypto keys, and personnel ability. Should they lack internal experts, the banks can hire retain third party auditors.

The recent development follows a report by CoinGape that the reputational risk factor that banks have been facing before this administration was terminated by the Federal Reserve. The requirement prevented banks from offering crypto custody-related services.

✓ Share:

Paul

Paul Adedoyin is a crypto journalist with 4+ years experience who provides timely news, in-depth research, and insightful content to inform and empower his audience. His works have been featured on sites such as CryptoMode, CryptoNewsFlash among others.
He holds a degree in Geophysics from OAU, Nigeria. When he’s not writing, he loves watching soccer and reading educative journals.
He can be reached via [email protected]

Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.

Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.

Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.