The evolving regulatory landscape surrounding digital assets presents a host of challenges for banks looking to enter the crypto space. While recent decisions have helped clear a path for banks to engage in crypto-assets and related activities, the regulatory environment remains fragmented, with federal and state authorities offering varying levels of clarity and approval processes. Federal regulators, in particular, have taken a self-described “careful and cautious” approach, leaving a significant gap with respect to more prescriptive guidance for banks and financial institutions that want to integrate digital assets into their offerings in a safe and sound manner.
Accordingly, as federal legislation quickly takes shape and we see new market entrants from traditional financial services, it will be critical to highlight operational and risk management nuances that make digital assets activities different from typical banking activities. And absent alignment between federal and state regulators, achieving a cohesive framework for managing cryptocurrency-related risks remains an uphill battle.
The Dual Banking System: The Root of Regulatory Fragmentation
The structure of the U.S. banking system adds another layer of complexity. The U.S. operates under a dual banking system, where both federally-chartered and state-chartered banks exist side by side, each governed by its respective regulatory bodies. To simplify, the U.S. Office of the Comptroller of the Currency (OCC) oversees national banks, while state-level authorities manage state-chartered banks alongside federal counterparts such as the Federal Deposit Insurance Corporation (FDIC). The regulatory landscape mirrors this division, with states like New York and Wyoming leading the charge in developing digital asset-specific requirements, while federal regulators, like the OCC and Federal Reserve, have taken a more limited, cautious approach with respect to tailored obligations as well as signoffs for such activities.
As a result, banks have faced uneven paths towards meaningful adoption as regulators have taken varied approaches in terms of rules of the road within their existing supervisory structures (and what the signoff process itself should look like). Such fragmentation is one of the key reasons why some financial institutions have been hesitant to dive into digital asset services —despite the growing demand for digital asset products and services.
Promising Yet Challenging Roadmap: Moving Forward
Despite the regulatory challenges, the road ahead for banks entering crypto is not without promise. There are clear commercial opportunities to leverage blockchain technology in areas like crypto payments and stablecoins or crypto custody and related activities such as staking and collateralized lending. We have seen such actions by banks outside of the United States open up new revenue streams or reduce operating costs. However, these activities come with significant security and operational risks that must be appropriately tailored to ensure safe and compliant adoption.
- Achieving Clarity and Consensus
Federal and state regulators must continue to work together to create a cohesive and actionable framework for overseeing digital assets and blockchain-based financial services. Regulators need to advance policies that recognize the unique nature of digital asset activities, and how they differ from traditional banking practices. For example, certain risks such as illicit finance and fraud also take on different forms within the digital assets space, with different supervisory tools and resources from an oversight perspective. In New York and a few other jurisdictions, we have seen publications around usage of developed blockchain analytics tools both as a requirement for institutions and as part of regulators’ own supervisory processes as responsive measures to address such differences.
From an operating perspective, best practices for crypto custody, including key management and digital asset security also require more tailored processes (e.g., around governance, cybersecurity, and operations) that most U.S. regulators do not have formalized via rule-making, guidance, or examinations procedures.
It is also critical to consider and address the growing demand for new types of regulated financial institutions—from banks and money service businesses to broker-dealers and other capital markets participants—who wish to engage with crypto solutions. Regulators must also consider the interconnected nature of the cryptoecosystem, and the role of stablecoins in payments within the regulatory perimeter.
- Addressing Digital Asset-Specific Risks
While the U.S. has made significant progress in addressing risks like cybersecurity and operational resiliency, there is still work to be done. For example, New York has set strong precedents for crypto regulation through the NYDFS BitLicense and limited purpose trust charter regime as well as bank-specific virtual currency guidance. These measures include robust measures including capital requirements, AML controls, risk management frameworks, and disaster recovery planning. Consider, as examples, how digital assets activities require tailoring within existing bank risk taxonomies:
- Operational & Cyber Risk: IT/operational operational processes such as cryptographic key management systems, digital asset operations, and “onchain” transaction processing depart significantly from traditional custody and payments processing functions in banks today. These nuances require a “defense in depth” security architecture for financial institutions to detect, respond to, and neutralize potential security threats, as well as tailored access management process and business continuity / wind down planning specific to contemplated activities.
- Illicit Finance Risk: The nature of onchain transfers presents unique challenges around the types of actors and transaction types available via blockchain technologies. Accordingly, new entrants will need to consider how their deployments integrate blockchain intelligence and related controls into their custody technology and core systems, as well as build in operational controls such as address whitelisting and transaction authorization policies aligned to their risk postures.
- Third Party Risk: Where the cryptocurrency industry often highlights the benefits of modularity and composability (e.g., leveraging smart contract features as building blocks to achieve complex outcomes), for financial institutions, it will be critical to understand how different service providers such as custody technology, blockchain intelligence, pricing, staking-as-a-service, among others, integrate into existing operations and risk management processes.
Beyond these, additional risks such as those related to illicit finance, consumer protection, privacy, and accounting each which require tailored regulatory approaches. Policymakers must develop similar tools to help financial institutions monitor and mitigate these risks across blockchain networks.
What’s Next? Concrete Steps Ahead
The U.S. has the opportunity to remain a leader in blockchain innovation, but it requires more than just regulatory clarity. Financial institutions must innovate and adapt to the rapidly changing landscape. International markets are already leveraging blockchain to create faster, cheaper payment rails. U.S.-based institutions must prioritize secure and compliant blockchain-based solutions to maintain their competitive edge in the global payments and digital asset landscape.
As crypto adoption grows and regulatory oversight expands, banks must be prepared to navigate not just opportunities, but also the challenges that come with them. By prioritizing risk management, security, and regulatory compliance, financial institutions can successfully integrate digital assets into their portfolios—ensuring consumer protection while positioning themselves for long-term success in the evolving crypto landscape.
*Peter formerly served as NYDFS Virtual Currency Chief
