Digital Assets – Where Are We Now?
By Matt Goble, CRCM
In April 2022, the FDIC issued FIL-16-2022 titled Notification of Engaging in Crypto-Related Activities. This statute established a requirement for FDIC regulated financial institutions to notify the FDIC if they intend to engage in, or if they were currently engaged in, activity related to crypto-assets. The intent of this initial notification to the FDIC was to describe a proposed timeline of when the cryptocurrency activity will be conducted and details of the activity in order for the agency to assess the safety and soundness, consumer protection, and financial stability implications of such activities. From there, the FDIC would request additional information, if needed, and provide relevant supervisory feedback to the institution.
Now, fast-forward to March 2025, the FDIC issued FIL-7-2025 announcing the rescission of FIL-16-2022. This new directive provides guidance to clarify that FDIC supervised institutions may take part in crypto-related activities without providing notice and receiving prior approval from the FDIC. Crypto-related activities include, but are not limited to, acting as crypto-asset custodians; maintaining stablecoin reserves; issuing crypto and other digital assets; acting as market makers or exchange or redemption agents; participating in blockchain- and distributed ledger-based settlement or payment systems, including performing node functions; as well as related activities such as finder activities and lending.
As with all other activities, FDIC-supervised institutions should consider the associated risks—including, but not limited to, market and liquidity risks; operational and cybersecurity risks; consumer protection requirements; and anti-money laundering requirements—and should engage with their supervisory team as appropriate.
In recent years, these risks were highlighted by the failure of several large crypto-asset companies, which further exposed several key risks associated with digital assets and digital asset participants that banking organizations should be aware of, including –
- Risk of fraud and scams;
- Legal uncertainties involving ownership rights;
- Inaccurate or misleading representations and disclosures by crypto-asset providers, including misrepresentation of federal deposit insurance and other practices that may fall within the far-reaching standards of UDAAP, contributing to significant harm to customers;
- Risk management and governance practices are not adequate or robust enough to manage such risks associated with the crypto-asset sector; and
- Increased risks associated with open, public, and/or decentralized networks or similar systems, including, but not limited to, the lack of governance over the system, the absence of contracts or standards to establish roles, responsibilities, vulnerabilities, and liabilities related to cyber-attacks or illicit financing, for examples.
While the FDIC may have loosened its requirements for those who wish to participate in crypto-currency activities, business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector have caused the agencies significant safety and soundness concerns.
If your organization is currently engaged in or proposing a business model that is concentrated on crypto-asset-related activities or has concentrated exposures to the crypto-asset sector, the agencies warn that such banking organizations should ensure appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, and monitoring functions should be in place to effectively identify and manage those risks involved.
It will be interesting to see how the digital banking industry continues to evolve as the inclusion of crypto-asset services becomes more desired by customers and investors alike. As always, the Temenos Compliance Team will continue to monitor the industry for regulatory movement related to digital assets. If you have any questions or would like to speak to one of our advisors about your institution’s participation in such activity, don’t hesitate to reach out to us through a consultation request. We are here to help relieve the burden of compliance from you and your team.
