Joint Statement on Crypto Risk Highlights Need for Strong Governance

Joint Statement on Crypto-Asset Risks to Banking Organizations

On January 3, 2023, The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) issued a joint statement highlighting key risks for banking organizations associated with crypto assets and the crypto-asset sector.

The joint statement describes eight key risks, including to fraud, volatility, and contagion risk within the crypto-asset sector. Each of these key risks have been demonstrated by the significant volatility and vulnerabilities in the crypto-asset sector over the past year, such as the bankruptcies of major cryptocurrency companies FTX, Celsius Network, and Three Arrows Capital, and the subsequent fallout seen through companies such as BlockFi and Voyager. The agencies believe that crypto assets issued, stored, or transferred on an open, public, and/or decentralized network or similar system are “highly likely to be inconsistent with safe and sound banking practices.” The agencies also have “significant safety and soundness concerns” associated with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector. In this alert, we lay out the risks highlighted by the agencies and practical considerations for banks to address these risks.

Key Risks

The joint statement identifies key risks that span several themes, including AML/financial crime, consumer protection, concentration, and liquidity risk.

• Risk of fraud and scams among crypto-asset sector participants

• Legal uncertainties related to custody practices, redemptions, and ownership rights, some of which are currently the subject of legal processes and proceedings

• Inaccurate or misleading representations and disclosures by crypto-asset companies, including misrepresentations regarding federal deposit insurance, and other practices that may be unfair, deceptive, or abusive, contributing to significant harm to retail and institutional investors, customers, and counterparties

• Significant volatility in crypto-asset markets, the effects of which include potential impacts on deposit flows associated with crypto-asset companies

• Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves

• Contagion risk within the crypto-asset sector resulting from interconnections among certain crypto-asset participants, including through opaque lending, investing, funding, service, and operational arrangements. These interconnections may also present concentration risks for banking organizations with exposures to the crypto-asset sector.

• Risk management and governance practices in the crypto-asset sector exhibiting a lack of maturity and robustness

• Heightened risks associated with open, public, and/or decentralized networks, or similar systems, including, but not limited to, the lack of governance mechanisms establishing oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities, and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance. (Federal Reserve, et al., 2023).

Considerations

There are practical steps banks can take to mitigate the risks highlighted by the agencies to ensure sound risk management. The following are specific considerations for banks in response to the joint statement.

• Governance and Risk Management: Development of compliance programs, policies and procedures, audit, and risk assessment to manage the risk of their digital assets exposure. 

• Monitor Developments: The agencies will continue to take a careful and cautious approach related to current and proposed crypto-asset-related activities and exposures at banking organizations. The agencies will also continue to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that is safe and sound, legally permissible, and in compliance with applicable laws and regulations, including those designed to protect consumers. As such, it is critical for financial institutions to keep apprised of developments to guidance and regulatory expectations.

• Assess Exposure: Banks should carefully examine their exposure to the risks highlighted by the agencies and consider a proactive approach to this developing landscape. Banks should also examine any interconnectivity and dependencies between clients.

• Due Diligence: While the agencies are not prohibiting banks from dealing with crypto-asset holders and companies, the contagion risk that the recent bankruptcies have demonstrated should prompt banks to take initiative in the development of robust programs for enhanced due diligence on any crypto-asset companies they may serve, including open-source research, and blockchain analytics. Further, it is important that banks have a strong understanding of the products and services offered by their clients in the crypto space to assess the financial and reputational risks of those relationships, as well as any money laundering or sanctions risk that may exist.

How Guidehouse Can Help

Guidehouse can help corporations assess their compliance programs, including reviewing and identifying gaps in the existing program, and making recommendations for enhancements to avoid violations and fines before they occur. Guidehouse understands that each corporation is unique and faces different challenges. Guidehouse can recommend tailored approaches to meet regulatory requirements and enact effective compliance solutions for the individual corporation.

Special thanks to Max Weber, and John Flynn for co-authoring this article.