According to reports, on July 14,2025, the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC),and the Office of the Comptroller of the Currency (OCC) issued a jointstatement (Interagency Statement on Crypto-Asset Safekeeping, hereinafterreferred to as the “Statement”) to guide banks on how to offer crypto-assetsafekeeping services to their customers. This marks the latest move byregulators under the Trump administration as they weigh how traditional lendinginstitutions should engage with digital asset businesses. The Statement notesthat banks considering offering safekeeping services for crypto-assets shouldtake into account the rapidly evolving nature of the crypto market, includingthe underlying technology, and must implement a risk management framework thatis capable of appropriately addressing associated risks.
Previously, in April, regulatorshad rescinded earlier guidance concerning crypto-related risks, therebyallowing banks more flexibility in providing products and services to clientsengaged in digital asset activities. At the time, the Federal Reserve alsorevoked the 2022 directive requiring banks to notify regulators in advance ofengaging in crypto-related activities.
The joint statement outlines aseries of existing laws, regulations, guidance, and risk management principlesrelevant to crypto-asset safekeeping. It highlights various operational, legal,and compliance risks while proposing corresponding mitigation strategies. TheStatement is structured into six key parts:
(1) General RiskManagement Considerations:
Before offering crypto-asset safekeeping services, banks should assesspotential risks. Effective risk assessment should cover core financial risks,the institution’s ability to understand the asset class, capacity to ensurestrong control environments, contingency planning, and necessary staffknowledge regarding crypto safekeeping. Furthermore, banks must consider theevolving characteristics of the crypto market and build a governance frameworkthat adapts accordingly.
(2) Cryptographic KeyManagement:
Loss or compromise of cryptographic keys or other sensitive information is aprimary risk in crypto safekeeping. Banks must maintain control overcrypto-assets—meaning they must be able to demonstrate that no other party canobtain the information necessary to move the assets outside the bank’s control.This standard also applies to sub-custodians. Banks should implement secure keygeneration, develop contingency plans for lost or compromised keys, and treatcybersecurity as a core component of risk management.
(3) Additional RiskManagement Considerations:
Different types of crypto-assets may require different key managementsolutions, and banks may lack the experience or capacity to manage specificsoftware or hardware requirements. Additionally, various account structurescarry unique risks. Therefore, banks should tailor their safekeeping riskmanagement strategies based on the specific services offered, while aligningwith standard custodial risk management principles.
(4) Legal and ComplianceRisks:
First, like all banking activities, crypto safekeeping must comply with theBank Secrecy Act (BSA), Anti-Money Laundering (AML) laws, Countering theFinancing of Terrorism (CFT) measures, and Office of Foreign Assets Control(OFAC) regulations. Second, the changing regulatory landscape aroundcrypto-assets introduces compliance uncertainty, and banks must ensure allactivities adhere to applicable laws and regulations. Lastly, banks mustprovide customers with clear, accurate, and timely information about theirsafekeeping arrangements to reduce the risk of misinterpretation. Banks arealso expected to comply with relevant recordkeeping and reporting requirements.
(5) Third-Party RiskManagement:
“Third-party risks” refer to risks posed by sub-custodians or service providers(e.g., tech vendors or cash management firms). Banks are accountable for theactivities conducted by sub-custodians under contractual terms. They mustconduct thorough due diligence, evaluating key management practices, adherenceto custodial risk principles, asset handling procedures in the event ofinsolvency or operational failure, and recordkeeping adequacy. For otherservice providers, banks should evaluate the risks of purchasing third-partysoftware/hardware or outsourcing such infrastructure as a service.
(6) Audit Requirements:
Audit processes are critical to effective risk management and internal control.Banks should implement audit programs that appropriately cover crypto-assetsafekeeping services, including oversight of third-party relationships. Theseaudits should address crypto-specific risks such as key generation, storage,deletion, asset transfer, settlement procedures, the adequacy of IT systems,and staff competency in risk identification and control. If banks lack in-houseexpertise, they should engage qualified independent third parties to conductaudits.
Since returning to office,President Trump’s administration has taken a markedly different approach tocrypto regulation. The joint statement was released against this backdrop. Inrecent months, U.S. banking regulators have rolled back several interpretiveletters and policy statements from the Biden era.
One major move was theelimination of “reputational risk” assessments from supervisory protocols. Thischange replaced vague reputational concerns with more concrete financial riskcategories, helping to remove the chilling effect that had discouraged banksfrom servicing crypto companies.
Another major reform was theremoval of pre-approval requirements for crypto activities. Under previouspolicy, banks had to obtain written non-objection letters from regulatorsbefore engaging in crypto activities. Now, such activities are subject to routinesupervision without prior notification.
Additionally, banking regulatorshave reinstated policies previously reversed under the Biden administration,such as allowing OCC-supervised entities to buy/sell custodied crypto-assets atcustomer direction and outsource safekeeping or execution functions toqualified third parties.
President Trump’s return tooffice marked a sharp departure from the previous administration’s cautionarystance. The new policies reflect his political commitment to establishing theU.S. as a “crypto capital” and fostering financial innovation. This jointstatement is part of a broader regulatory shift away from enforcement-drivenpolicies, toward rule-based guidance and operational clarity, encouragingcompliant and safe participation in crypto markets.
Overall, the Statement addresseshow existing laws, regulations, and risk management practices apply to cryptosafekeeping. It provides operational guidance for banks considering or alreadyoffering such services. While the tone is more permissive than in previousyears, it continues to emphasize the need for robust risk controls andadherence to safety, soundness, and consumer protection principles—underscoringregulators’ bottom line for crypto oversight.
For banks currently engaged in orexploring crypto safekeeping, the Statement opens new opportunities forinstitutions with sound governance and effective risk controls. At the sametime, it offers concrete guidance for those already in the space, highlightingcompliance and safety across operational, legal, and financial dimensions.Banks may need to revise internal policies and product structures to reflectthe unique risks of crypto safekeeping—such as upgrading cybersecurityprotocols, improving key management systems, and conducting regular stresstesting.
However, despite the clarityoffered, the regulatory environment at the federal and state levels remainsfluid amid ongoing reforms. Complying with the Statement alone may not fullymeet supervisory expectations. Banks must maintain regular communication withregulators and ensure thorough documentation for audit readiness.
In the long run, clearer cryptocustody rules may attract digital asset firms to relocate or expand in theU.S., boosting domestic blockchain innovation. As traditional financialinstitutions deepen their involvement in crypto, custodial and related serviceswill likely become integral parts of a safer, more standardized ecosystem forcrypto finance.
[1] https://www.federalreserve.gov/newsevents/pressreleases/bcreg20250714a.htm?utm
[2] https://www.federalreserve.gov/newsevents/pressreleases/bcreg20250424a.htm
[3] https://www.gtlaw.com/en/insights/2025/7/federal-banking-regulators-issue-guidance-on-risk-management-for-crypto-asset-safekeeping-activities?utm
[4] https://www.mofo.com/resources/insights/250724-crypto-asset-safekeeping-what-s-involved?utm
[5] https://www.steptoe.com/en/news-publications/blockchain-blog/federal-banking-agencies-issue-joint-statement-on-crypto-asset-safekeeping-risk-management.html?utm
[6] https://www.galaxy.com/insights/research/crypto-policy-under-trump-administration?utm
.png)
FinTax offers crypto accounting suite and tax software, along with expert services.
