TLDR:
- US banks can offer crypto custody services, but must follow existing legal frameworks.
- Keeping cryptographic keys places full responsibility for banks for security and access protection.
- Outsourcing custody does not reduce responsibility; Due diligence on suppliers is mandatory.
- The supervisory authorities require traditional compliance for all digital assets for banks custody.
Banks can now have digital assets for customers, but must do so under tight review and within existing legal limits.
The US office for the currency controller (OCC), FederalAnd FDIC has issued a joint statement on how banks should approach crypto care. Although the message does not face new rules, it reinforces that the institutions must comply with current legal, compliance and risk standards. The message is clear: Crypto Custody is allowed, but it is high risk and requires full responsibility.
Regulators Seems to focus on ensuring safe custody without exposing the system to uncontrolled vulnerabilities.
Regulatory green light for crypto custody
The joint guidance confirms that banks can act as custodians for crypto assets, either in fiduciary or non-frequent roles.
However, institutions must apply the same regulations used for traditional financial products. The emphasis lies in strengthening risk management, legal compliance and operational liability in all Crypto services.
According to reporter Eleanor Terrett, the guidance emphasizes that all digital asset services must meet the same standards as other custody services. This means that banks cannot avoid traditional compliance, even with new financial instruments such as Cryptocurrencies.
🚨New: the “big three” bank regulations – @UsoccThe @Federal reserve & @Fdicgov – Just issued joint guidance on how banks should approach the custody of crypto assets. 🏦
The guidance does not create new rules, but confirms that banks must apply existing risk management, legal and … pic.twitter.com/hw3aeiavet
– Eleanor Terrett (@eeleanortrett) July 14, 2025
Control of keys is equal to control of the risk
A key point in the guidance is about important custody.
If a bank has private cryptographic keys on behalf of customers, it has full responsibility. Regulators state that for a bank to maintain full control, no customer should be able to access these keys.
The risk burden is therefore entirely on the bank when it takes direct custody. This approach ensures liability and leaves no room for shared control models that can weaken security standards.
Banks can use third -party suppliers for custody services, but this does not reduce their responsibilities. Institutions must implement thorough due diligence and continuously monitor suppliers. Even with outsourcing, the banks remain responsible for any failures or violations.
Supervisory authorities expect institutions to ensure that suppliers meet the same risk and compliance standards. This includes issues such as key safety, anti-money wash (AML), sanctions compliance Exposure to market risks.
Crypto custody is allowed, but with heavy review
The summary is that banks are allowed to keep crypto assets, but must do so with full awareness of the risks involved. Supervisory authorities have made it clear that although crypto care is not prohibited, it is far from an easy role.
From cybersecurity checks to lEgance responsibilityAll aspects will be carefully monitored. Banks entering this space must work with strict discipline, knowing that they remain responsible for all results.
