WOLF & CO Insights Banking & Crypto: Crucial Considerations

Banking & Crypto: Crucial Considerations

According to a December 2020 study conducted by Cornerstone Advisors, 60% of crypto owners would use their bank to invest in cryptocurrencies if the services were offered. However, according to the company’s What’s Up with Baking 2021 report, less than 1% of banks were interested in fintech partnerships that would provide crypto investing services for their customers. So, what’s the hesitation?

Although many traditional financial institutions are reluctant to adopt the use of cryptocurrency due to its inherent risks and perceived lack of steady regulation, some are capitalizing on recent regulatory approvals to offer crypto custody services and invest in cryptocurrencies themselves.

In January 2021, the Office of the Comptroller of the Currency (OCC) announced that national banks and federal savings associations can use public blockchains and stablecoins to perform payment activities. This comes on the back of the OCC’s July 2020 letter authorizing national banks and federal savings associations to provide cryptocurrency custody services as well.

Other governmental bodies have also embraced cryptocurrency, such as the Wyoming Division of Banking, which authorized the chartering of special purpose depository institutions (SPDIs). The new charter will allow banks to conduct activities around cryptocurrency and take custody of cryptocurrencies. This made Wyoming the first U.S. state to approve a banking charter for digital assets such as cryptocurrencies. The Wyoming SPDI legislation gives crypto owners and investors assurance that these banks would conduct the same crypto services as an exchange, but with the heightened level of security found in traditional banking.

For the institutions that recognize the benefits of offering crypto custody and crypto services, and those that may capitalize on the OCC’s acceptance to develop their own processes, there are many factors that must be considered before entering this space.

What to Consider Before Offering Crypto Services

With innovation comes responsibility, and organizations must be aware of the new operational, compliance, and fraud risks that emerge when entering the crypto industry.

Operational Risk

  • IT Security

While banks have experience handling operational risks such as electronic custody services, digital certification authority, and data processing activities, crypto custody services require vastly different information technology (IT) systems than those used when managing more traditional risks. Banks must scrutinize their current IT security controls and tailor their IT security programs to align with the new systems.

Banks might consider pursuing a Systems and Organization Controls (SOC) audit to evaluate their new IT control environment. SOC audits will verify the effectiveness of your new controls, expose inherent gaps, and provide heightened confidence in your ability to mitigate risk in an unfamiliar crypto environment.

  • Authorization

Cryptocurrency transactions are final and can’t be reversed. It’s essential that only authorized individuals have access to trading platforms and transactions are properly initiated and verified.

  • Accounting and Tax Reporting

Accounting and tax rules are newly created and subject to change. Institutions that engage in crypto-related activities must remain up-to-date to ensure they’re following applicable guidance.

  • Volatility

Fluctuations seen in crypto can be threatening. This may lead to a significant increase in customer trading during periods of high volatility.

Compliance Risk

According to CypherTrace’s February 2021 Cryptocurrency Crime and Anti-Money Laundering Report:

  • U.S. exchanges sent $41.2 million worth of Bitcoin directly to criminals in 2020
  • A third of cross-border Bitcoin volume is sent to exchanges with demonstrably weak Know Your Customer (KYC) protocols
  • The percentage of global Bitcoin volume sent to high-risk exchanges was at an all-time low, with a 59% drop from 2019

According to the Financial Crimes Enforcement Network’s (FinCEN), cryptocurrency transactions and custody services must abide by Anti-Money Laundering/Know Your Customer (AML/KYC) regulations under the Bank Secrecy Act (BSA). However, banks may experience difficulties while navigating the anonymous nature of cryptocurrency transactions on blockchain networks.

Cryptocurrencies don’t require a regulated intermediary when conducting peer-to-peer transactions. The anonymity that comes with the transaction identification on a blockchain network worries many regulated institutions, believing that these transactions would be more difficult to track and therefore harder to identify if illegal activity is occurring.

Banks should amend their BSA/AML compliance protocols to ensure their reporting and tracking requirements address the particular risks associated with cryptocurrencies.

Fraud Risk

Fraud is the most prominent cryptocurrency crime. However, as the sector becomes more widely used, organizations have bolstered their security protocols around cryptocurrency, leading to a decrease in the average value stolen by criminal actors from 2019 and 2020. (The amount was 160% higher in 2019 than in 2020). According to CypherTrace, crypto crime decreased 57% from 2019—dropping from $4.5 billion to $1.9 billion in 2020. However, fraudulent activity on these networks should still be of concern to banks, and they should take the proper precautions to mitigate the risk of fraud when entering the sector.


Although these risks may seem similar to those already faced by institutions, they require unique technological expertise to ensure proper controls and compliance environments are in place. The recent regulations and guidance passed by the OCC and the state of Wyoming are encouraging financial institutions to step into the world of cryptocurrency. However, banks must be aware of and prepare for the new and challenging obstacles they may encounter when creating crypto services or investing in cryptocurrencies.