The Federal Reserve, OCC, and FDIC jointly issued guidance yesterday detailing risk management expectations for banks offering cryptocurrency custody services. The agencies clarified that this document doesn’t establish new rules but consolidates existing supervisory expectations.
This guidance follows recent policy changes under the current administration, including multiple regulatory letters that have eased prior restrictions on banks’ digital asset activities.
The guidance arrives after SEC Staff Accounting Bulletin 121, which previously limited bank crypto custody, was rescinded in early 2025. Despite these restrictions, bank-held crypto assets grew to $16 billion by mid-2024, according to Basel Committee data, up from negligible amounts in 2023.
One of the main points of the bank regulator’s statement is staff skills. Given the complexity of crypto-asset safekeeping, the statement states that the board, officers, and staff of a banking organization should be knowledgeable about crypto-asset safekeeping services to establish sufficient operational capacity and suitable controls for carrying out the activity safely and soundly, while adhering to relevant laws and regulations.
Key risk areas identified include:
- Cryptographic key management
- Anti-money laundering compliance
- Third-party vendor risks
The guidance notes that most banks rely on external technology providers even for direct custody services.
The guidance follows last week’s Senate confirmation of Jonathan Gould as OCC head. Gould previously worked at blockchain company Bitfury with former Acting Comptroller Brian Brooks.
