The Federal Reserve Board (FRB) recently issued letter SR 22-6 regarding the engagement in crypto-asset-related activities by FRB-supervised financial institutions, including those with less than $10 billion in assets. The FRB encourages financial institutions that have questions to submit them via the FRB’s website.
Letter SR 22-6 provides that FRB-supervised financial institutions engaging or seeking to engage in crypto-asset-related activities should notify their lead supervisory point of contact at the Federal Reserve prior to engaging in any crypto-asset-related activity, to ensure that the activity desired is legally permissible, and if any filings are required under state or federal laws. State member banks are also encouraged to notify their state regulator prior to engaging in any crypto-asset-related activity.
Prior to engaging in these crypto-asset-related activities, financial institutions should ensure they have adequate systems in place to identify, measure, monitor, and control the risks associated with these crypto-asset-related activities on an ongoing basis. These systems should cover operational risk, financial risk, legal risk, compliance risk, and any other risk necessary to ensure the activities are conducted in a manner that is consistent with safe and sound banking practices and in compliance with applicable laws, including consumer protection statutes.
The FRB gives examples of operational risk, such as, the risks of new and evolving technologies; the risk of hacking, fraud, and theft; and the risk of third-party relationships. The FRB indicates that the compliance risks include compliance with the Bank Secrecy Act, anti-money laundering requirements, and sanctions requirements.
Crypto-asset-related activities present potential opportunities to financial institutions, their customers, and the overall financial system; however, these activities may pose risks related to safety and soundness, consumer protection, and financial stability, including the following:
- Technology and operations: The technology underlying these emergent crypto-assets is still evolving, and these are thought to pose risks similar to cybersecurity. These risks are enhanced when the technology underlying these crypto-assets involves open, permissionless networks
- Financial stability: Certain types of assets, such as stablecoins, if embraced by large numbers of people, could pose risks to financial stability including through disruptions in the payment systems.
- Anti-money laundering and countering of financing of terrorism: The somewhat anonymous nature of crypto-assets can be used to facilitate money laundering and finance criminal activity. Some crypto-assets have limited transparency, making it difficult to identify and track ownership, which has been a criticism of these assets by various government entities whose responsibility it is to reduce and prevent money laundering and other financial crimes.
- Consumer protection and legal compliance: Crypto-assets pose consumer risks such as a) price volatility, b) misinformation, c) fraud, d) theft and e) loss. In addition, financial institutions engaging in crypto-asset-related activities face potential legal and consumer compliance risks stemming from a range of issues, including a) uncertainty regarding the legal status of certain crypto-assets, b) potential exposure arising out of losses by consumers, c) operational failures, d) relationships with crypto-asset service providers; e) and limited legal precedent regarding how crypto-assets would be treated in varying contexts, including loss or bankruptcy.