Banks must apply existing risk controls when offering crypto custody services, per new guidance from US regulators.
Fiduciary and non-fiduciary custody options require different legal and operational safeguards under federal and state laws.
Recent regulatory shifts under Trump’s administration allow banks to engage in crypto without needing prior approval.
Three U.S. federal banking regulators issued a common statement on Monday regarding the safety of cryptocurrencies. The Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) have asked banks to incorporate existing risk-management measures when providing crypto custody services. The agencies explained that the statement introduced no new supervisory requirements but stressed the need to manage crypto-related risks effectively.
https://twitter.com/federalreserve/status/1944812846962954581 Agencies Emphasize Safe and Compliant Custody Operations
In their statement, the regulators have noted that banks are encouraged to observe any crypto custody exercises through proper application of laws and regulations. The specific agencies mentioned were the preservation of crypto-assets by applying safe management of cryptographic keys. The institutions which provide or intend to provide custody should make sure that the operations are safe, sound and legal.
The agencies clarified that the advice does not create any additional supervisory frameworks. Nevertheless, they emphasised the necessity to discuss operational risks and the issues of appropriate controls when processing digital assets of customers.
Two Types of Crypto Custody Outlined by Regulators
Banks offering crypto custody services may do so under fiduciary or non-fiduciary arrangements, depending on their legal status. Fiduciary arrangements involve banks acting as trustees on behalf of their clients. These require adherence to specific federal regulations, including 12 CFR 9 or 150. State-level laws and other applicable legal standards must also be observed in fiduciary setups.
These financial institutions are required to establish effective protection of non-fiduciaries. Such protective measures are expected to prevent cyberattacks, preserve secret keys, and prevent asset mismanagement. Regulators emphasized that to ensure customer support, meaningful internal controls are to be used, and the risk-management method should be detailed.
Updated Crypto Stance Follows Regulatory Shifts
The joint statement comes amid changes in federal policy regarding digital assets. Earlier this year, President Donald Trump signed an executive order focused on crypto regulation. The order aimed to move digital asset businesses under more structured federal oversight.
Following that development, the FDIC eliminated reputational risk from its supervisory considerations. This move enabled supervised banks to participate in crypto-related activities without prior approval. New guidance from the FDIC clarified the regulatory path for banks offering crypto services.
The statement issued on Monday signals a shift from earlier restrictions that had limited bank involvement in the crypto sector. While not establishing new rules, the agencies reaffirmed their position on operational risk, legal compliance, and custody responsibilities. Institutions engaged in crypto custody must continue to follow established frameworks while updating protections against evolving digital threats.