Recent guidance from the Office of the Comptroller of the Currency (OCC) has opened the door for banks to become more involved the cryptocurrency market. In July, the OCC clarified that national banks can now offer cryptocurrency custody services to their customers. And this week, the OCC affirmed that banks may hold deposits that serve as a reserve against currency-backed stablecoin cryptocurrencies.
These two announcements allow traditional banks to support cyptocurrencies by providing security and stability, and highlight the fast-growing interest in digital assets. The OCC’s clarifications will also likely drive financial technology partnerships and innovation in the banking space.
That innovation will come with new risks and exposures that will need to be addressed, including how banks will engage with cryptocurrency — will they develop their own digital asset custody solutions, partner with existing custodians, or acquire existing digital asset companies? Banks may pursue one or more of these solutions, and each comes with its own risk considerations.
Aside from the obvious technical and financial resource considerations, banks should consider how their risk profiles will change and how best to manage the risks that come with holding a new asset type with significant regulatory uncertainty.
To ensure they have appropriate insurance to transfer their expanded risk, banks should consider the types of assets under custody, their underlying value and volatility, use and access, and storage and security. This is essential to evaluating contract certainty and the appropriate program structure — for example, setting the right limits and retentions.
For speed to market and to leverage existing technical capabilities and expertise, some banks will likely partner with or white label services from an existing custodian.
As is common in such arrangements, insurance requirements will be key. Depending on the scope of services and access that’s granted to funds and/or client information, banks should contemplate requiring vendors to secure errors and omissions, cyber, and crime/fidelity coverage with appropriately tailored language and coverage extensions.
Digital asset insurance capacity remains constrained and not all firms approach risk management or transfer in a uniform way, which will add some complexity to this process. Establishing requirements and asking informed questions of potential partners will be an important evaluation criteria.
For banks that choose not to build solutions or partner, acquiring a digital asset custodian may be another option. As with any acquisition, there are due diligence considerations and risks that can be transferred via the right type of insurance.
Once a bank has identified a solution for securing digital assets, the next hurdle is determining how to quantify the risk of providing custody. Financial stress testing helps banks identify and quantify material risks in financial terms, which enables strategic decisions at the executive and board levels. This can help provide for a measure of present and future risk scenarios, enabling evaluation of risk transfer efficacy over time. Developing decision frameworks can connect risk to ongoing growth and business strategy for insurable and noninsurable risks — such as reputational harm — helping organizations find the balance between risk retention and transfer.
Finally, it is critical to understand how banks’ existing insurance solutions might cover digital assets and identify any gaps or coverage needs. These exposures can generally be covered by traditional forms of insurance, but policies may need to be tailored to specifically address them.
For example, an FI bond or crime policy commonly insures the financial loss due to theft, disappearance, or destruction of covered property — typically limited to money, securities, and other tangible items. Coverage can, however, be amended to include digital assets and private keys, and the optimal structure will depend on storage, security, and other considerations. Banks should also thoroughly explore options in specialty markets, which may provide broader and more cost-effective coverage.
Although preexisting policies will likely need to be updated to cover new asset classes, some insurers may be reluctant to continue providing coverage once a bank starts working with digital assets. That means it’s critical to present robust underwriting information.
While the OCC’s guidance creates new opportunities for banks, funds, and investment advisers, organizations interested in providing digital asset custody will need to investigate how best to do that — and there are still unknowns, particularly around the readiness of customers and other regulators to embrace digital asset custody by banks. Properly evaluating risk both at launch and at maturity will help banks to understand their risks, structure insurance programs with greater efficiency, and position themselves competitively.