Lack of Crypto Governance, Oversight, Standards, and Risk Management Frightens Feds
Three Federal Agencies have warned banks about the dangers of dealing with digital assets. On the first banking day of the new year, the Federal Reserve (Fed), the FDIC, and the Office of the Controller of the Currency (OCC), the three banking regulators in the US, issued a three-page joint warning to banks. It points to eight risks that banking organizations should not let migrate to the US banking system. And highlights processes to mitigate these risks while the three agencies develop frameworks to oversee the ever-changing asset class.
The Joint Statement on Crypto-Asset Risks to Banking Organizations is for the consumption of banks of all types and sizes through the US that have or may adopt policies. It warns the events of 2022 have “been marked by significant volatility,” and that vulnerabilities in the crypto-asset sector have surfaced.
The joint statement explains that banking organizations that have in the past seeked to engage in activities that involve crypto-assets. Have been taken on a case-by-case basis. “The agencies continue to build knowledge, expertise, and understanding of the risks crypto-assets may pose to banking organizations, their customers, and the broader U.S. financial system.” The statement says that the significant risks “highlighted by recent failures of several large crypto-asset companies,” will cause the three agencies to take a careful and cautious approach.
The agencies highlighted eight risks that they wanted banking organizations engaged in crypto-assets to understand may not be in accordance with safe and sound banking practices:
- Risk of fraud and scams among crypto-asset sector participants.
- Legal uncertainties related to custody practices, redemptions, and ownership rights, some of which are currently the subject of legal processes and proceedings.
- Inaccurate or misleading representations and disclosures by crypto-asset companies, including misrepresentations regarding federal deposit insurance, and other practices that may be unfair, deceptive, or abusive, contributing to significant harm to retail and institutional investors, customers, and counterparties.
- Significant volatility in crypto-asset markets, the effects of which include potential impacts on deposit flows associated with crypto-asset companies.
- Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves.
- Contagion risk within the crypto-assetsector resulting from interconnections among certain crypto-asset participants, including through opaque lending, investing, funding, service, and operational arrangements. These interconnections may also present concentration risks for banking organizations with exposures to the crypto-asset sector.
- Risk management and governance practices in the crypto-asset sector exhibiting a lack of maturity and robustness.
- Heightened risks associated with open, public, and/or decentralized networks, or similar systems, including, but not limited to, the lack of governance mechanisms establishing oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.
In 2022 the young crypto asset class took a beating similar to high-tech stocks. There is a reason banks are limited to their stock market activity. It seems that these three federal agencies, which do not include work being done by the SEC (or CFTC), are now working hard to regulate what banks can do involving these assets; in the meantime, they want to let banking organizations know that crypto-assets need to be dealt with extreme caution, perhaps moderation, and know that as far as the regulators are concerned, if they still want to serve crypto customers, they should discuss all planned activities with the appropriate regulator prior to filing an application and should ensure that risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, are in place to effectively identify and manage risks.
Managing Editor, Channelchek