Federal banking regulators issued a joint assertion as we speak emphasizing that banks concerned in bitcoin and crypto-assets-related custody and different actions by following current legal guidelines and sustaining sturdy threat controls. The assertion, issued by the Federal Reserve, OCC, and FDIC, clarifies that it doesn’t introduce new guidelines however reminds banks of their obligations when dealing with bitcoin and different crypto on behalf of consumers.
“Banking organizations might present safekeeping for crypto-assets in a fiduciary or a nonfiduciary capability,” the doc acknowledged. “Banking organizations that present crypto-asset safekeeping in a fiduciary capability should adjust to 12 CFR 9 or 150, as relevant, state legal guidelines and laws, and every other relevant authorized provisions, such because the instrument that created the fiduciary relationship.”
The businesses emphasize that safekeeping bitcoin and different crypto-assets, primarily by management of consumers’ cryptographic keys, requires sturdy cybersecurity, operational experience, and full authorized compliance. Banks providing these companies should be ready to guard in opposition to dangers reminiscent of key loss, cyberattacks, and unauthorized asset transfers.
In addition they observe that bitcoin and different crypto safekeeping might demand specialised employees, safe infrastructure, and fixed monitoring of evolving applied sciences. Regulatory necessities like anti-money laundering (AML), countering the financing of terrorism (CFT), and OFAC sanctions nonetheless apply.
“Like all different banking actions, crypto-asset safekeeping relationships are topic to relevant Financial institution Secrecy Act/anti-money laundering (BSA/AML), countering the financing of terrorism (CFT), and Workplace of International Belongings Management (OFAC) necessities,” mentioned the doc.
The assertion additionally warns that banking organizations ought to conduct a full threat evaluation earlier than participating in bitcoin and different crypto safekeeping. This consists of evaluating the character of various crypto-assets, the expertise used, and the authorized obligations concerned.
“Topic to the phrases and situations within the buyer settlement, a banking group is accountable for the actions carried out by the sub-custodian…” the doc talked about. “Conducting due diligence earlier than choice of a sub-custodian is a crucial a part of sound risk management, and consists of evaluating the effectiveness of the sub-custodian’s cryptographic key-management answer, together with polices, processes, and inside controls, in addition to its adherence to straightforward safekeeping threat administration practices.”