Federal Reserve, FDIC, and OCC highlight vulnerabilities of crypto assets after 2022 Crypto Winter

The Fed, FDIC, and OCC reminded how important it is that such risks that cannot be mitigated or controlled do not migrate to the banking system.

The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC), have issued a joint statement on crypto-asset risks to banking organizations.

The statement follows the significant volatility triggered by the events in 2022 which have exposed vulnerabilities in the crypto-asset sector and highlighted a number of key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware of.

Federal agencies highlight 8 risks about crypto-assets

Of these risks, the three federal institutions focused on eight, including fraud/scams, regulatory uncertainty, misleading representations, volatility, stablecoin risk, contagion risk, lack of maturity of risk management and governance, and heightened risk of decentralized networks:

• Risk of fraud and scams among crypto-asset sector participants.

• Legal uncertainties related to custody practices, redemptions, and ownership rights, some of which are currently the subject of legal processes and proceedings.

• Inaccurate or misleading representations and disclosures by crypto-asset companies, including misrepresentations regarding federal deposit insurance, and other practices that may be unfair, deceptive, or abusive, contributing to significant harm to retail and institutional investors, customers, and counterparties.

• Significant volatility in crypto-asset markets, the effects of which include potential impacts on deposit flows associated with crypto-asset companies.

• Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves.

• Contagion risk within the crypto-asset sector resulting from interconnections among certain crypto-asset participants, including through opaque lending, investing, funding, service, and operational arrangements. These interconnections may also present concentration risks for banking organizations with exposures to the crypto-asset sector.

• Risk management and governance practices in the crypto-asset sector exhibiting a lack of maturity and robustness.

• Heightened risks associated with open, public, and/or decentralized networks, or similar systems, including, but not limited to, the lack of governance mechanisms establishing oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.

Crypto-asset risks must not migrate to the banking system

The Fed, FDIC, and OCC reminded how important it is that such risks that cannot be mitigated or controlled do not migrate to the banking system.

“The agencies are supervising banking organizations that may be exposed to risks stemming from the crypto-asset sector and carefully reviewing any proposals from banking organizations to engage in activities that involve crypto-assets. Through the agencies’ case-by-case approaches to date, the agencies continue to build knowledge, expertise, and understanding of the risks crypto-assets may pose to banking organizations, their customers, and the broader U.S. financial system.

“Given the significant risks highlighted by recent failures of several large crypto-asset companies, the agencies continue to take a careful and cautious approach related to current or proposed crypto-asset-related activities and exposures at each banking organization. Banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation. The agencies are continuing to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that adequately addresses safety and soundness, consumer protection, legal permissibility, and compliance with applicable laws and regulations, including anti-money laundering and illicit finance statutes and rules.

“Based on the agencies’ current understanding and experience to date, the agencies believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices. Further, the agencies have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector. The agencies will continue to closely monitor crypto-asset-related exposures of banking organizations. As warranted, the agencies will issue additional statements related to engagement by banking organizations in crypto-asset-related activities. The agencies also will continue to engage and collaborate with other relevant authorities, as appropriate, on issues arising from activities involving crypto-assets. Each agency has developed processes whereby banking organizations engage in robust supervisory discussions regarding proposed and existing crypto-asset-related activities.

“Banking organizations should ensure that crypto-asset-related activities can be performed in a safe and sound manner, are legally permissible, and comply with applicable laws and regulations, including those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices). Banking organizations should ensure appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to effectively identify and manage risks.