Author: FinTax

Original Link: https://mp.weixin.qq.com/s/L43fUJiS6OmliYZg0uH6Kw

Disclaimer: This article is a reprint. Readers can access more information through the original link. If the author has any objections to the form of reprinting, please contact us and we will modify it according to the author's requirements. Reprinting is only for information sharing, and does not constitute any investment advice, nor does it represent the views and positions of Wu Shuo.



News Overview According to reports, on July 14, 2025, the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued a joint statement (hereinafter referred to as the "Statement") to guide banks on how to provide crypto asset custody services to customers. This is the latest move by regulators in the Trump era as they weigh how traditional lenders should participate in the digital asset business. The statement said that banks considering providing custody services for crypto assets should consider the evolving nature of the crypto market, including the technology behind crypto assets, and they must implement a risk management framework that can adequately adapt to the relevant risks. Previously, regulators withdrew previous guidance on the risks of the crypto industry in April, allowing lenders to more freely offer products and services to customers engaged in digital asset transactions. At that time, the Federal Reserve also revoked the 2022 directive requiring banks to give advance notice of crypto asset activities. FinTax Brief Commentary 1. Statement Content: Six Key Risk Points of Bank Crypto Custody The joint statement lists a series of current laws, regulations, guidance and risk management principles related to providing crypto asset custody services, highlighting various risk management, legal and compliance risks, and elaborating on related mitigation measures. The statement is divided into six parts: (1) General Risk Management Considerations: Banking institutions should consider potential risks before providing crypto asset custody services. Effective risk assessment should involve the banking institution's core financial risks, the ability to understand asset categories, the ability to ensure a strong control environment, contingency plans, and employees' necessary knowledge of crypto asset custody, so as to provide services in a safe and sound manner. In addition, banking institutions providing custody services for crypto assets should also consider the ever-changing nature of the crypto asset market and build a risk governance framework that can adequately adapt to the relevant changes. (2) Crypto Key Management: The loss or leakage of crypto keys or other sensitive information is one of the main risks of crypto asset custody. Banking institutions should have control over crypto assets, that is, reasonably prove that no other party can obtain information sufficient to transfer crypto assets out of the banking institution's control, and this control standard should also apply to the banking institution's sub-custodians. In addition, banking institutions should also consider how to securely generate crypto keys, develop contingency plans for key loss or leakage, and focus on their cybersecurity environment as a risk management priority. (3) Other Risk Management Considerations: Different types of crypto assets require different key management solutions, or there may be software or hardware requirements that banks lack the experience or ability to handle, and the potential risks involved in different account models may also vary. Therefore, banking institutions need to adjust according to the specific custody services provided while following the standard custody risk management principles. (4) Legal and Compliance Risks: First, like other banking activities, crypto asset custody activities must comply with the Bank Secrecy Act (BSA), Anti-Money Laundering (AML), Counter-Terrorism Financing (CFT), and the Office of Foreign Assets Control (OFAC). Second, changes in the crypto asset regulatory environment can also bring higher compliance risks, and banking institutions should ensure that related activities comply with all applicable laws and regulations. Finally, customers may misunderstand the role of banking institutions in custody arrangements, leading to risks. This requires banks to provide customers with clear, accurate and timely information about their custody activities to reduce such risks. At the same time, banking institutions should also follow applicable record-keeping and reporting requirements. (5) Third-Party Risk Management: "Third-party risk" refers to the risks brought by sub-custodians or other service providers (such as technology providers, cash management institutions) that banking institutions cooperate with. Banking institutions are responsible for the activities carried out by their sub-custodians according to the terms and conditions. Therefore, banks should conduct sufficient due diligence, including assessing the sub-custodian's key management solution, its compliance with custody risk management principles, the handling of customer assets in the event of bankruptcy or operational failure, and the appropriateness of its risk management and record keeping. For other service providers, banks should weigh the risks of purchasing third-party software or hardware, as well as the risks of maintaining such software or hardware as a service. (6) Audit Requirements: Audit procedures are critical to effective risk management and internal control. Therefore, banking institutions' audit procedures should appropriately cover crypto asset custody services (including third-party risk management), focus on the risks specific to crypto asset custody, such as key generation, storage and deletion, the transfer and settlement of crypto assets, the adequacy of related information technology systems, and assess employees' ability to identify and control crypto asset risks. If banking institutions lack audit expertise, they should hire appropriate independent third parties to conduct audits. 2. Policy Background: Trump Promotes Crypto Regulatory Reform Since Trump came to power for the second time, the U.S. government's attitude towards crypto assets has undergone a significant shift, and this joint statement was released against this background. In the past few months, several U.S. banking regulators have taken a series of actions to withdraw various interpretive letters and regulatory statements involving crypto assets from the Biden era. One major move was to remove the "reputational risk" assessment from the regulatory process, replacing the vague reputational risk with more specific financial risk categories. This move effectively avoided scrutiny agencies from pressuring banks to be unwilling to provide services to crypto asset companies, which helped eliminate banks' concerns about providing services to controversial industries such as crypto assets. Another major move was to cancel the prior notice requirement for participating in crypto asset-related activities. According to previous policies, banks were required to obtain a written "no-objection letter" from regulatory authorities before participating in crypto asset-related activities. Now, banks' crypto activities do not need to fulfill this procedure, but are monitored through regular regulatory procedures. In addition, various banking regulators have also restored regulatory policies that previously conflicted with the Biden government's regulatory philosophy, such as the OCC once again allowing its regulatory objects to buy and sell custodial crypto assets according to customer instructions, and allowing them to outsource custody and execution services to third parties provided that the third party can properly manage risks.After Trump came to power, he changed the previous U.S. government's guidelines urging banks to be cautious in the crypto field and implemented a comprehensive crypto asset regulatory reform. This is a fulfillment of his political commitments and an important measure to build the United States into the world's "crypto capital" and stimulate the innovative development of the U.S. economy. The joint statement released this time constitutes a part of the U.S. crypto asset regulatory reform, marking the U.S. government's abandonment of several enforcement-focused regulatory policies to release market vitality. After that, it began to guide banks and other entities to participate in crypto asset activities in a compliant, safe and sound manner by refining regulatory rules and enhancing business guidance to support the innovative development of the crypto industry, and more crypto-friendly statements may be released in the future. 3. Significance and Outlook: The Future of Bank Crypto Custody Supervision Overall, the statement discusses how existing laws, regulations, and risk management principles apply to crypto asset custody, and aims to provide guidance for banking institutions that provide or are considering providing crypto asset custody services, reflecting a more relaxed regulatory attitude, but still emphasizing that banking institutions should strictly control risks in crypto asset custody activities and comply with core principles such as safety, soundness, and consumer protection, reflecting the regulatory bottom line of the U.S. banking supervision department in the crypto industry. For banking institutions that are engaged in or considering engaging in crypto asset custody business, on the one hand, the statement provides entry opportunities for banking institutions with appropriate risk control capabilities and perfect governance structures, bringing new opportunities. On the other hand, the statement also provides specific references for the risk control matters of banking institutions that are already engaged in crypto asset custody business. The regulatory level will still focus on reviewing the compliance and security of all links, including operation, legal and finance. According to the statement, banking institutions may need to make certain adjustments to product rules and internal policies and procedures to reflect the unique risks and compliance obligations of crypto asset custody, such as improving network security protocols, key management systems, and conducting regular security tests. It should be noted that although the statement provides a certain degree of clarity, in the context of the government's crypto regulatory reform, the regulatory and legal environment at the federal and state levels is still uncertain, and simply meeting the various elements of the statement may not fully meet regulatory requirements. Banks and regulatory authorities at all levels still need to maintain continuous communication and keep good compliance records in order to accept strict regulatory review. From a longer-term perspective, the refinement of the U.S. crypto custody regulatory rules may attract more crypto asset companies to return or enter the United States and promote the innovative development of the U.S. blockchain industry. As traditional financial institutions gradually deepen their participation in the crypto asset field, related services such as crypto asset custody are included in the existing regulatory framework, and financial activities around crypto assets will prosper in a safer and more standardized environment.