On January 3, 2023, the US federal banking regulators released a statement highlighting key risks for banking organizations associated with crypto-assets and the crypto-asset sector and describing their approaches to supervision in this area.1 While the statement is consistent with the concerned tone of earlier guidance, it provides more detail regarding supervision of these activities.

In this Legal Update, we provide background on the federal banking regulators’ approach to supervising crypto-asset activities and discuss their most recent statement.


Since November 2021, federal banking regulators have been increasingly wary of the crypto-asset activities of banking organizations. Their initial views were that it was important to coordinate development of a uniform policy on the scope and prudential requirements for banking organizations’ crypto-related activities.2 They determined that there were a number of issues surrounding banking organizations’ participation in crypto-related activities that warranted further supervisory guidance. They planned to release regulatory materials throughout 2022 that would provide (i) greater clarity on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible and (ii) expectations for safety and soundness, consumer protection and compliance with existing laws.

Their coordination took the form of supervisory directives that banking organizations provide their primary federal regulator with prior notice of most crypto-asset activities.3 In practice, these prior notice requirements function as prior approval requirements.

More recently, the Office of the Comptroller of the Currency and Board of Governors of the Federal Reserve System have approved applications from banking organizations that imply certain crypto-asset activities are not permissible for banking organizations.4

However, formal agency guidance on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible has not been issued.

January 2023 Statement

The most recent statement attempts to take a balanced approach. It lists eight “key risks” associated with crypto-assets and crypto-asset sector participants . However, it also states that banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation. Further, it notes that the agencies continue to build knowledge, expertise, and understanding of crypto-asset risks.

Embedded in this current approach are two noteworthy statements for banking organizations and the crypto sector.

First, the regulators state that they believe that “issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system” is highly likely to be inconsistent with safe and sound banking practices. While not phrased as a final determination, it sets a seemingly high bar for a banking organization to demonstrate that it has adequately assessed the risks of a proposed activity and sufficiently mitigated these once an activity is determined to fall within this definition.

Second, the regulators state that the agencies have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector. This concern may be aimed at certain banking organizations with large concentrations in the crypto-asset sector. This is similar to what we have seen in the past with regulator concerns regarding concentrations of money services businesses and certain types of credit exposures.

However, neither statement – nor the broader joint statement itself – distinguishes among the various types of crypto-asset activities in which an organization may engage or the corresponding (and differing) levels of risk that may be associated with those activities.


The risks identified in the most recent statement from the federal banking regulators have been well-publicized in the market and are not particularly novel.

However, the identification of certain crypto-asset activities as possibly being inconsistent with safe and sound banking practices may dissuade many banking organizations from considering or pursuing those activities. Banking organizations that are currently considering, planning or developing their crypto-asset strategies should anticipate regulatory scrutiny with risk mitigation structures.

Similarly, the crypto-asset sector has long struggled to obtain traditional banking services from beyond a relatively small number of banking organizations. Therefore, these concerns could result in crypto-asset activities and customers remaining outside the bank regulatory perimeter.



1 Press Release, Agencies issue joint statement on crypto-asset risks to banking organizations (Jan. 3, 2023), https://www.federalreserve.gov/newsevents/pressreleases/bcreg20230103a.htm.

2 See our Legal Update on the initial roadmap: https://www.mayerbrown.com/en/perspectives-events/publications/2021/11/us-banking-regulators-release-roadmap-for-cryptorelated-activities-by-banks.

3 See our Legal Update on these prior notice requirements: https://www.mayerbrown.com/en/perspectives-events/publications/2022/08/crypto-guidance-released-by-us-federal-reserve.

4 See, e.g., OCC, Cond. App. No. 1299 (October 27, 2022).