Federal banking regulators issued a joint statement today affirming that U.S. banks may provide custody services for Bitcoin and digital assets if they comply with existing laws and maintain strong risk controls. 

The guidance, released by the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC), reiterates regulatory expectations without introducing new rules.

“Banking organizations may provide safekeeping for crypto-assets in a fiduciary or a nonfiduciary capacity,” the statement noted. 

Those acting in a fiduciary role must comply with 12 CFR 9 or 150, relevant state laws, and other applicable legal provisions.

Custody of digital assets, particularly involving cryptographic keys, requires robust cybersecurity, operational readiness, and legal compliance. 

Institutions are expected to manage risks such as key loss, cyberattacks, and unauthorized transfers.

Banks may need specialized staff, secure infrastructure, and ongoing monitoring of evolving technologies. 

Regulatory requirements related to anti-money laundering (AML), countering the financing of terrorism (CFT), and Office of Foreign Assets Control (OFAC) sanctions continue to apply.

“Like all other banking activities, crypto-asset safekeeping relationships are subject to applicable Bank Secrecy Act/anti-money laundering (BSA/AML), countering the financing of terrorism (CFT), and Office of Foreign Assets Control (OFAC) requirements,” the document stated.

Banks must also conduct thorough risk assessments before offering these services, evaluating asset types, technology used, and legal obligations.

“Subject to the terms and conditions in the customer agreement, a banking organization is responsible for the activities performed by the sub-custodian…” the statement added. 

Due diligence on sub-custodians should include a review of key management practices and overall risk controls.

Share this article
The link has been copied!