Advertisement
Fed, OCC, and FDIC Spell Out Crypto Custody Rules – No New Requirements, Just Safeguards
- Banks need dynamic risk frameworks to adapt to evolving crypto markets and underlying technologies.
- Senior management should assess technical capacity and market risks before offering digital asset safekeeping.
- Agencies confirmed this is a clarification of existing rules, not a change in regulatory expectations.
US regulators have issued a formal clarification on how banks should approach crypto-asset safekeeping, confirming that no new supervisory standards are being introduced.
The statement, jointly released by The Federal Reserve (The Fed), the Office of the Comptroller of the Currency (OCC), and the (Federal Deposit Insurance Corporation) FDIC, is aimed at banking organisations currently engaged in or exploring safekeeping services for crypto-assets. The guidance is limited to safekeeping – defined as holding assets for clients – and not broader custody offerings.
Banks must handle crypto-related risks with the same standards used for conventional financial products and services. These include managing cybersecurity threats, maintaining control over cryptographic keys, and protecting sensitive customer data.
Where safekeeping is performed in a fiduciary capacity – such as when acting as a trustee or executor – banks must comply with federal regulations under 12 CFR 9 or 150, alongside any relevant state laws. Non-fiduciary services are governed by the bank’s agreement with the client.
Related: BoE’s Andrew Bailey Hits the Brakes on Bank-Issued Stablecoins, Bets on Tokenised Deposits
Obligations for Safekeeping
The guidance requires banks to establish full control over crypto-assets, ensuring that customers cannot unilaterally transfer assets. Key management practices must also apply to any sub-custodians used to perform these services.
Banks are encouraged to conduct a detailed analysis of each crypto-asset they plan to support, considering its specific risks, technological requirements, and market behaviours. Risk frameworks must be dynamic to adapt to changes in the market and underlying technologies.
Existing compliance rules under the Bank Secrecy Act, anti-money laundering, and Office of Foreign Assets Control regulations remain fully applicable. Banks are instructed to involve compliance officers and senior leadership when evaluating crypto-related risks.
Given the complexities of crypto-asset safekeeping, a banking organisation’s board, officers, and employees should have the requisite knowledge and understanding of crypto-asset safekeeping services.
The Fed, OCC, and FDIC
The regulators reiterated that this guidance is not a change in policy but rather a restatement of how current laws apply to crypto activities, signalling continued regulatory caution while enabling financial institutions to participate in the digital asset space.
Related: Fed Drops ‘Reputational Risk’ Label in Bank Exams, Easing Path for Crypto Firms
Advertisement
Author
Rachel Lourdesamy
Rachel is a freelance writer based in Sydney with experience within financial services, marketing, and corporate communications in the APAC region. An avid reader and a graduate of the University of Sydney, she covers topics including business, finance and human interest.
