Engagement in Crypto-Asset-Related Activities by Federal Reserve-Supervised Banking Organizations

Circular SR 22-6 CA 22-6 | Addressed to the Supervisory Officer and the Supervisory and Inspection staff of each Federal Reserve Bank and to the banking entities supervised by the Federal Reserve. By Michael Gibson, Director, Division of Banking Supervision and Regulation, and Eric Belsky, Director, Division of Consumer and Community Affairs, posted on the Federal Reserve website on August 16, 2022.

Applicability: This letter applies to all banking organizations supervised by the Federal Reserve, including those with $10 billion or less in consolidated assets.

The emerging crypto-asset2 sector presents potential opportunities to banking organizations, their customers, and the overall financial system; however, crypto-asset-related activities may pose risks related to safety and soundness, consumer protection, and financial stability, including, but not limited to:

  • Technology and operations: The technology underlying crypto-assets is nascent and evolving, and poses novel risks such as those associated with cybersecurity and governance of the underlying network and any related arrangements. These risks are particularly heightened when the underlying technology involves open, permissionless networks.
  • Anti-money laundering and countering of financing of terrorism: Crypto-assets can be used to facilitate money laundering and illicit financing. Some crypto-assets have limited transparency, making it difficult to identify and track ownership.
  • Consumer protection and legal compliance: Crypto-assets pose significant consumer risks such as those related to price volatility, misinformation, fraud, and theft or loss of assets. In addition, banking organizations engaging in crypto-asset-related activities face potential legal and consumer compliance risks stemming from a range of issues, including, for example, uncertainty regarding the legal status of many crypto-assets;potential legal exposure arising from consumer losses, operational failures, and relationships with crypto-asset service providers; and limited legal precedent regarding how crypto-assets would be treated in varying contexts, including, for example, in the event of loss or bankruptcy.
  • Financial stability: Certain types of crypto-assets, such as stablecoins, if adopted at large scale, could also pose risks to financial stability including potentially through destabilizing runs and disruptions in the payment systems.2

Given the heightened and novel risks posed by crypto-assets, the Federal Reserve is closely monitoring related developments and banking organizations’ participation in crypto-asset-related activities.

This letter provides that a Federal Reserve-supervised banking organization engaging or seeking to engage in crypto-asset-related activities should notify its lead supervisory point of contact at the Federal Reserve.3 As explained below, prior to engaging in any crypto-asset-related activity, a supervised banking organization must ensure such activity is legally permissible and determine whether any filings are required under applicable federal or state laws. A supervised banking organization should, prior to engaging in these activities, have in place adequate systems, risk management, and controls to conduct such activities in a safe and sound manner and consistent with all applicable laws, including applicable consumer protection statutes and regulations.

Legal Permissibility

Prior to engaging in new activities of any kind, a supervised banking organization must ensure that such activities are legally permissible.4 A supervised banking organization seeking to engage in (or currently engaged in) crypto-asset-related activities must analyze the permissibility of such activities under relevant state and federal laws and determine whether any filings are required under federal banking laws, including the Bank Holding Company Act,5 Home Owners’ Loan Act,6 Federal Reserve Act,7 Federal Deposit Insurance Act,8 or the regulations promulgated pursuant thereto, as applicable.

9 If any supervised banking organization has questions regarding the permissibility of any crypto-asset-related activities or about the applicability of any filing requirements, it should consult its lead supervisory point of contact at the Federal Reserve.

Notification of Proposed Activities

A supervised banking organization should notify its lead supervisory point of contact at the Federal Reserve prior to engaging in any crypto-asset-related activity. Any supervised banking organization that is already engaged in crypto-asset-related activities should notify its lead supervisory point of contact at the Federal Reserve promptly regarding the engagement in such activities, if it has not already done so. Federal Reserve supervisory staff will provide relevant supervisory feedback, as appropriate, in a timely manner.

In all cases, a supervised banking organization should, prior to engaging in these activities, have in place adequate systems, risk management, and controls to conduct crypto-asset-related activities in a safe and sound manner and consistent with applicable laws, including applicable consumer protection statutes and regulations. This includes having adequate systems in place to identify, measure, monitor, and control the risks associated with such activities on an ongoing basis. These systems should cover operational risk (for example, the risks of new, evolving technologies; the risk of hacking, fraud, and theft; and the risk of third-party relationships), financial risk, legal risk, compliance risk (including, but not limited to, compliance with the Bank Secrecy Act, anti-money laundering requirements, and sanctions requirements), and any other risk necessary to ensure the activities are conducted in a manner that is consistent with safe and sound banking and in compliance with applicable laws, including applicable consumer protection statutes and regulations. State member banks are also encouraged to notify their state regulator prior to engaging in any crypto-asset-related activity.

Reserve Banks are asked to distribute this letter to the supervised banking organizations in their districts and to appropriate supervisory staff. In addition, a supervised banking organization may send questions via the Board’s public website.10


1 A crypto-asset generally refers to any digital asset implemented using cryptographic techniques.

2 President’s Working Group on Financial Markets, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of Currency, Report on Stablecoins (November 2021), https://home.treasury.gov/system/files/136/StableCoinReport_Nov1_508.pdf.

3 Crypto-asset-related activities may include, but are not limited to, crypto-asset safekeeping and traditional custody services; ancillary custody services; facilitation of customer purchases and sales of crypto-assets; loans collateralized by crypto-assets; and issuance and distribution of stablecoins.

4 This letter does not address the legal permissibility of any specific crypto-asset-related activity.

5 Bank holding companies should consult section 4 of the Bank Holding Company Act (12 U.S.C. § 1843) and Regulation Y (12 CFR part 225).

6 Savings and loan holding companies should consult section 10(c) of the Home Owners’ Loan Act (12 U.S.C. § 1467a(c)) and Regulation LL (12 CFR part 238).

7 12 U.S.C. § 330. State member banks also should consult state supervisory agencies regarding any required state filings.

8 Under section 24 of the Federal Deposit Insurance Act, an insured state bank may not engage as principal in any type of activity that is not permissible for a national bank, unless (i) the Federal Deposit Insurance Corporation (FDIC) has determined that the activity would pose no significant risk to the Deposit Insurance Fund and (ii) the state member bank is, and continues to be, in compliance with applicable capital standards prescribed by the Board (12 U.S.C. § 1831a(a)(1)). State member banks should consult the regulations and interpretations of the Office of the Comptroller of the Currency and FDIC to determine if activities are permissible under federal law.

9 Among other such requirements, pursuant to section 208.3(d)(2) of the Board’s Regulation H, a state member bank may not, without the permission of the Board, cause or permit any change in the general character of its business or in the scope of the corporate powers it exercises at the time of its admission. 12 CFR 208.3(d)(2). See also SR Letter 02-09, “Guidance Regarding Significant Changes in the General Character of a State Member Bank’s Business and Compliance with Regulation H,” https://www.federalreserve.gov/boarddocs/srletters/2002/sr0209.htm; Frequently Asked Questions about Regulation H, 12 CFR 208.3–Q1, https://www.federalreserve.gov/supervisionreg/legalinterpretations/reg-h-frequently-asked-questions.htm.

10 See https://www.federalreserve.gov/apps/contactus/feedback.aspx.