US agencies give stark warning of crypto-risks for banks

On 3 January 2023, the US Federal Reserve, US Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) issued a Joint Statement on the risks posed by crypto-assets to banking organisations.

They say that events in 2022 were marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector, and they highlight a number of key risks associated with crypto-assets and crypto-asset sector participants that banks should be aware of. The risks identified include:

1. Fraud and scams among crypto-asset sector participants;
2. Legal uncertainties related to custody practices, redemptions and ownership rights, some of which are currently the subject of legal processes/proceedings;
3. Inaccurate or misleading representations and disclosures by crypto-asset companies, and other practices that may be unfair, deceptive, or abusive, contributing to significant harm to retail and institutional investors, customers, and counterparties;
4. Significant volatility in crypto-asset markets, the effects of which include potential impacts on deposit flows associated with crypto-asset companies;
5. Susceptibility of stablecoins to run risk, creating potential deposit outflows for banking organisations that hold stablecoin reserves;
6. Contagion risk within the crypto-asset sector resulting from interconnections among certain crypto-asset participants, including through opaque lending, investing, funding, service, and operational arrangements. These interconnections may also present concentration risks for banking organisations with exposure to the crypto-asset sector;
7. Risk management and governance practices in the crypto-asset sector exhibiting a lack of maturity and robustness; and
8. Heightened risks associated with open, public and/or decentralised networks, or similar systems, including, but not limited to, the lack of governance mechanisms to establish oversight of the system; the absence of contracts or standards to clearly establish roles, responsibilities and liabilities; and vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.

The US agencies say it is important that risks related to the crypto-asset sector that cannot be mitigated or controlled do not migrate to the banking system. They add that they are supervising banking organisations that may be exposed to risks stemming from the crypto-asset sector, and are carefully reviewing any proposals from banking organisations seeking to engage in activities that involve crypto-assets.

However, based on their current understanding and experience, the agencies say they believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public and/or decentralised network, or similar system, is highly likely to be inconsistent with safe and sound banking practices. Furthermore, they say they have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or that have concentrated exposures to the crypto-asset sector.

Whilst this stance is not entirely unexpected in light of the collapse of FTX and other crypto-asset intermediaries, it remains critically important to distinguish those use cases legitimately deploying distributed ledger technology to transform financial markets in a useful and beneficial manner.

This joint statement is a stark warning, but one might question whether it is right to characterise the overall sector in such terms.

Authors: David Capps, Senior Consultant; James Levy, Partner