Hro Banner
February 7, 2023

Prudential Regulator Steps into the Breach: The Federal Reserve Board’s Recent Actions on Crypto Assets


U.S. Federal prudential regulators, and in particular the Board of Governors of the Federal Reserve System (the “Board”), have been busy since the start of the new year issuing statements related to crypto asset-related activities and the crypto asset industry more broadly.

On January 3, 2023, the Board, together with the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Agencies”), issued a joint statement that addressed crypto asset-related risks to banking organizations (the “Joint Statement”).[1]  The Joint Statement discussed, among other things, a number of key risks associated with crypto assets and crypto industry participants, and was prepared in response to the previous year’s volatility and exposure of vulnerability in the crypto industry.[2]  On January 23, 2023 and January 27, 2023, respectively, the Board released a policy statement to promote a level playing field for all banks with a federal supervisor, regardless of the bank’s deposit insurance status (the “Policy Statement”), and denied an application by Custodia Bank, Inc. (“Custodia”), a Wyoming-chartered special-purpose depository institution (a “SPDI”), to become a member of the Federal Reserve System.[3]  We discuss each of these developments in more detail below.


Joint Statement on Crypto Asset Risks to Banking Organizations

The Joint Statement released by the Agencies discussed risks related to crypto assets and the crypto industry that the Agencies view as important when firms are proposing to engage in crypto-related activities. Importantly, according to the Joint Statement, the Agencies are of the view that “issuing or holding as principal crypto assets that are issued, stored or transferred on an open, public and/or decentralized network, or similar system, is highly likely to be inconsistent with safe and sound banking practices.”[4]

In the Joint Statement, the Agencies discussed the following risks banking organizations should be aware of:

  • Risk of fraud and scams (e.g., rug pulls and other get-rich-quick schemes) among crypto asset sector participants;
  • Legal uncertainties related to custody practices, redemptions, and ownership rights;
  • Significant volatility in crypto asset markets;
  • Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organizations that hold stablecoin reserves;
  • Risk management and governance practices in the crypto asset sector exhibiting a lack of maturity and robustness; and
  • Heightened risks associated with open, public, and/or decentralized networks or similar systems, including, but not limited to: (i) the lack of governance mechanisms establishing oversight of the system; (ii) the absence of contracts or standards to clearly establish roles, responsibilities and liabilities; and (iii) vulnerabilities related to cyberattacks, outages, lost or trapped assets and illicit finance.[5]
  • The Joint Statement underscores the Agencies’ view of the importance of isolating the crypto-related risks to the crypto industry in an effort to prevent the migration of those risks into the traditional banking system.[6]  The Agencies note that they carefully review proposals from banking organizations to engage in crypto asset-related activities and detail how the Agencies continue to take a case-by-case approach in assessing these proposals.[7]  In explaining the Agencies’ approach to crypto-related proposals, the Joint Statement provides a reminder of the recent failures of many large players in the crypto ecosystem and notes that the Agencies continue to take a “careful and cautious” approach in assessing crypto-related activities and exposures at banking organizations.[8] Interestingly, however, the Joint Statement makes clear that banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type.[9]  Instead, the Agencies are continuing to assess whether and how current and proposed crypto-related activities by banking organizations can be conducted and address the risks outlined above.[10]In the Joint Statement’s concluding remarks, the Agencies note that they will continue to closely monitor crypto-related exposures to banking organizations, issue statements on crypto asset-related engagements by banking organizations and engage and collaborate with other relevant authorities, as needed, on issues arising from activities involving crypto assets.[11]Policy Statement on Section 9(13) of the Federal Reserve ActThe Policy Statement released by the Board discussed the process by which the Board expects state member banks to determine whether an activity is permissible, as well as a potential method of application of section 9(13) to specific activities of interest.[12]
  • Section 9(13) of the Federal Reserve Act (the “Act”), permits the Board to limit the activities of state member banks and subsidiaries of state member banks to those activities that are permissible for a national bank in a manner consistent with section 24 of the Federal Deposit Insurance Act (the “FDIA”).[13]  The Board concludes that section 9(13) provides the Board with authority to prohibit or otherwise restrict state member banks and their subsidiaries from engaging as principal in any activity that is not permissible for a national bank, unless the activity is permissible for state banks by federal statute or under part 362 of the FDIC’s regulation.[14]  In doing so, the Board reinforces the principle that the same banking activity, which presents the same risks, should be subject to the same regulatory framework regardless of the bank’s supervising agency.[15]  Consistent with this principle, the Policy Statement sets out a rebuttable presumption, discussed below, under which the Board will exercise its discretion to limit state member banks and their subsidiaries to engaging as principal in only those activities that are permissible for national banks. Additionally, state member banks will be subject to the same terms, conditions and limitations that are placed on such national banks’ activities.[16]The Board sets out an expectation that state member banks should  look to federal statutes, OCC regulations and OCC interpretations to determine whether an activity is permissible for national banks.[17]  If those sources do not authorize national banks to engage in the activity, then state member banks should look to whether there is authority for state banks to engage in the activity under federal statute or FDIC regulations.[18]  If these sources also do not indicate authority for state banks to engage in the activity, a state member bank may not engage in the activity unless it receives permission from the Board under the Board’s Regulation H.[19]  Importantly, the Policy Statement does not change the legal obligation of insured state member banks to seek approval from the FDIC when required under section 24 of the FDIA.[20]In considering whether a state member bank will be granted permission to engage in an activity under Regulation H, the Board will presume, subject to rebuttal, that a state member bank is prohibited from engaging as principal in any activity that is impermissible for national banks, unless the activity is permissible for state banks under federal statute or FDIC regulation.[21]  However, this presumption may be rebutted if there is a “clear and compelling rationale” for the Board to allow the proposed deviation in regulatory treatment among federally supervised banks, and the state member bank has plans for managing the risks of the proposed activity in accordance with the principles of safe and sound banking.[22]
  • The Board noted that in issuing this Policy Statement, the Board is attempting to promote a level playing field for all banks with a federal supervisor regardless of banks’ deposit insurance status and mitigate the risks of regulatory arbitrage.[23]Application of Section 9(13) to Specific Activities of InterestThe Policy Statement explains that the Board has received a number of inquiries regarding whether state member banks can engage in crypto-related activities. We outline below how the Policy Statement describes the way in which the Board would presumptively apply section 9(13) of the Act to these activities.Holding Crypto Assets as Principal. The Policy Statement explains that the Board’s position with respect to allowing state member banks to hold most crypto assets, including bitcoin and ether, as principal in any amount would be to presumptively prohibit the activity under section 9(13) of the Act.[24]  In support of this, the Policy Statement notes that the Board cannot point to any authority that allows national banks to hold most crypto assets, and there is not a federal statute or rule expressly on point that permits state banks to hold crypto assets as principal.[25]  The Policy Statement details additional reasons that the Board would presumptively prohibit the activity, which include the perceived lack of a fundamental economic use case, the value being driven largely by future expectations, illicit finance risks and cybersecurity risks.[26]  As a result, the Board views these risks, taken together, as preventing firms that hold crypto assets from being able to engage in prudent risk management.[27]
  • Issuing Dollar Tokens. The Policy Statement describes how the Board believes that issuing dollar tokens on public networks is likely to be inconsistent with safe and sound banking practices.[28]  Similar to the risks related to holding crypto assets as principal, the Board explains that cybersecurity and illicit finance risks are present in issuing dollar tokens, but notes here that unhosted wallets pose an increased risk given that the issuing bank does not have the ability to obtain and verify the identity of those transacting in the dollar token.[29]  The Policy Statement also explains how a state member bank, which is seeking to issue a dollar token, would be required to comply with the same conditions that the OCC has set forth for national banks interested in issuing a dollar token.[30]  A state member bank, for example, would need to demonstrate to Federal Reserve Board Supervisors that the bank has sufficient controls in place to conduct the activity in a safe and sound manner.[31]  A bank interested in engaging in this activity would also need to receive a supervisory non-objection prior to issuing a dollar token.[32]Denial of Application by Custodia Bank, Inc.On January 27, the Board announced its denial of an application by Custodia to become a member of the Federal Reserve System (the “Order”). Shortly thereafter, the Federal Reserve Bank of Kansas City denied Custodia’s application for a master account, which permits an institution to have direct access to the Federal Reserve’s payment systems and to settle transactions with other participants in central bank money.[33]Custodia, formerly known as Avanti Financial, was formed in 2020 to connect crypto assets with the traditional financial system in a safe and sound manner. As a Wyoming SPDI, Custodia is required to comply with all federal laws, including those relating to anti-money laundering, customer identification and beneficial ownership.[34]  Custodia is also subject to enhanced investor protection obligations, such as implementing a recovery and resolution plan that outlines potential recovery actions to address significant financial or operational stress, which could threaten the safe and sound operation of the institution.[35]  Custodia does not offer FDIC insurance.
  • In its Order, the Board concluded that the proposed activities presented safety and soundness risks that warranted a denial.[36]  For example, Custodia proposed to engage in crypto-related activities that included issuing a crypto asset on open, public and decentralized networks, which the Board believed presented significant safety and soundness risks.[37]  The Board found that Custodia’s risk management framework was “insufficient” to address concerns presented by the proposed crypto-related activities, including Custodia’s ability to mitigate money laundering and terrorism financing risks.[38]  In light of these concerns, the Board explained that Custodia’s application as submitted was inconsistent with the factors the Board is required to evaluate by law.[39]ConclusionRegulators are expected to continue to monitor and release statements regarding the unique risks native to crypto assets and the crypto industry. Banks seeking to engage in crypto-related activities will need to continue to evaluate crypto-related risks and develop robust systems to monitor and control such risks so that safe and sound banking practices can be adhered to in the digital age.Overall, the clear message of these statements and actions is that the Board (at least for now) views crypto as kryptonite to American banking. For any engagement with it, advance permission must be sought, is unlikely to be granted and, without which, forgiveness will not be given.
    Click here to download this article.


    [1]       See Joint Statement on Crypto-Asset Risks to Banking Organizations, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporations, Office of the Comptroller of the Currency,, (January 3, 2023) (the “Joint Statement”).

    [2]       Id.

    [3]       See Policy Statement on Section 9(13) of the Federal Reserve Act, RIN 7100-AG-53, Board of Governors of the Federal Reserve System,, (January 23, 2023) (the “Policy Statement”); see also Federal Reserve Board announces denial of application by Custodia Bank, Inc. to become a member of the Federal Reserve System, Board of Governors of the Federal Reserve System,, (January 27, 2023) (the “Order”).

    [4]       See Joint Statement, at 2.

    [5]       Joint Statement, at 1.

    [6]       Id.

    [7]       Id. at 2.

    [8]       Id.

    [9]       Id.

    [10]     Id.

    [11]     Id.

    [12]     See Policy Statement.

    [13]     Id. at 4.

    [14]     Id. at 11.

    [15]     Id. at 12.

    [16]     Id.

    [17]     Id. at 5.

    [18]     Id.

    [19]     Id.

    [20]     Id. at 4.

    [21]     Id. at 5.

    [22]     Id.; In its statement, the Board also reiterates to state member banks that legal permissibility is a necessary, but not sufficient, condition to establish that a state member bank may engage in a particular activity. The Board states that a state member bank must at all times conduct its business and exercise its powers with due regard to safety and soundness.

    [23]     Id. at 12.

    [24]     Id. at 8.

    [25]     Id.

    [26]     Id. at 9.

    [27]     Id.

    [28]     Id. at 10.

    [29]     Id.

    [30]     Id. at 9.

    [31]     Id. at 9—10.

    [32]     Id. at 10.

    [33]     See Order.

    [34]     See Wyo. Stat. § 13-12-107.

    [35]     See Wyoming Administrative Rules, Chapter 20: Special Purpose Depository Institutions, Section 4(b).

    [36]     See Order.

    [37]     Id.

    [38]     Id.

    [39]     Id.