Client Alert: Joint Agency Statement on Crypto-Asset Risks to Banking Organizations

On January 3, 2023, the Federal Reserve, FDIC, and OCC (“the agencies”) released a joint statement on crypto-asset risks to banking organizations. The statement highlights myriad risks posed by banking sector exposure to the cryptocurrency market, including:

  • Fraud and scam exposure;
  • Lack of consumer protections;
  • High volatility;
  • Contagion risk;
  • Lack of mature risk management and governance processes; and
  • Vulnerabilities to illicit finance.

The agencies emphasize that, although banking organizations are not prohibited or discouraged from conducting business with particular classes of customers, the elevated risks associated with the cryptocurrency markets must not be allowed to migrate to the banking system. The agencies have particular concern with:

Banks acting as principal to issue or hold a crypto-asset associated with an open or decentralized network; and
Bank business models that are concentrated on servicing aspects of the cryptocurrency markets and market participants.

The agencies’ guidance indicates that traditional banking organizations should be judicious about bringing crypto-asset activity in-house and should be equally cautious when conducting business activities through partnership arrangements with crypto firms. Further, decentralized finance tools, absent appropriate AML and sanctions guardrails, appear to be incompatible with the agencies’ risk appetite.

From a Financial Crime Compliance standpoint, the guidance indicates that banks evaluating current or prospective relationships with cryptocurrency firms or decentralized finance service providers should have a robust risk management framework designed to evaluate the conceptual soundness and fitness-for-purpose of elements of the current or prospective partner’s risk management framework, including:

  • Governance Mechanisms
  • Board oversight
  • AML and Sanctions Policies and Procedures
  • AML and Sanctions risk assessments
  • AML and Sanctions transaction monitoring capabilities

How Exiger Can Help

The cryptocurrency industry will face unprecedented regulatory scrutiny in 2023. Banking organizations should re-review their exposure to cryptocurrency, and fully understand the business model and compliance framework of any crypto partners, to determine if such relationships remain within their risk appetite.

Exiger provides FCC services to a diverse range of financial institutions, including banks, broker-dealers, fintechs and crypto-native financial services companies. Our experienced team has deployed crypto-native new product approval processes and risk assessment methodologies, conducted comprehensive evaluations of BSA/AML and Sanctions programs, and evaluated the suitability of partnerships with third parties for a wide range of clients. We routinely provide our clients with written FCC materials, including BSA/AML and Sanctions policies & procedures, risk assessments, business processes, model validations and audit reports. Don’t be caught flat-footed by evolving regulatory expectations.

Contact us today to discuss how Exiger can help you fulfill and document your BSA/AML and Sanctions risk management requirements.

This client alert was produced by Chris Andre (Managing Director) and Dave Soiles (Associate Managing Director) in Exiger’s New York FCC Advisory Practice.

our blog


Empowering customers with Supply Chain AI
Gartner Event Encourages a ‘Rethink’ of Global Supply Chains
Supply chain risk management solution overview
Supply Chain Risk Management Vendor Analysis
Supply Chain Risk Management
A Playbook for Assuring Software Products in Critical Systems

Demo The
Exiger Platform

Save the Day
Be a supply chain superhero