Breaking Down the OCC’s Semiannual Risk Perspective: Crypto Asset & Cybersecurity Risks

Written by: Cristina Palladino

On June 14, 2023, the Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective for Spring 2023, which reports the key risks threatening the safety and soundness of bank compliance along with the applicable laws and regulations.

In the report, the OCC highlighted the key trends surrounding operational, compliance, interest rate, and credit risks.

Although these risks all present potential impacts to your organization, below we will take a deep dive into the cybersecurity and crypto asset risks you should look out for.

What are the Risks Associated with Crypto Assets?

The report highlights the OCC’s cautious approach to crypto asset products, services, and activities. This continued approach is due to high volatility, high-risk lending, excessive leverage, interconnected concentration within the crypto industry, and the lack of comprehensive regulation. The OCC, Federal Reserve, and the Federal Deposit Insurance Corporation recently issued statements describing several key risks associated with crypto assets and the crypto asset sector. Effective practices to mitigate these risks may include the following:

  • Understanding the direct and indirect drivers of potential behavior of deposits from crypto-asset-related entities and the extent to which those deposits are susceptible to unpredictable volatility.
  • Assessing potential concentration or interconnectedness across deposits from crypto asset-related entities and the associated liquidity risks.
  • Incorporating the liquidity risks or funding volatility associated with crypto-asset related deposits into contingency funding planning, including liquidity stress testing and, as appropriate, other asset-liability governance and risk management processes.
  • Performing robust due diligence and ongoing monitoring of crypto-asset-related entities that establish deposit accounts, including assessing the representations made by those crypto-asset-related entities to their end customers about such deposit accounts that, if inaccurate, could lead to rapid outflows of such deposits.

How to Mitigate Price Volatility of Crypto Assets

The price of crypto assets has generally been volatile and dynamic since its inception in 2009. However, banks can mitigate crypto asset pricing volatility through several approaches. Methods include limiting their overall portfolio exposure to these investments (such as less than 1% or 5% of their portfolio), investing in the more well-established crypto assets (including Bitcoin and Ethereum), or investing in stablecoins, which are pegged to traditional fiat currency can reduce the pricing volatility.

The bank could also participate in the crypto asset ecosystem without subjecting their own funds to a significant price volatility risk. There is a desire from consumers to hold their crypto assets at a safe and seasoned custodian, rather than at an offshore or a less regulated digital asset exchange. Banks can offer these services to their depositors by either holding the digital asset on behalf of their customers or holding a key to a personal digital asset wallet for its users. Therefore, if banks can provide comfort to their customers that their assets are secure, this would allow them to become involved in the crypto asset ecosystem without volatility exposure.

Cyber Risks and Guidance for Banks

Banks also continue to face increased operational risks related to cybersecurity. As artificial intelligence becomes more prevalent, vigilant cybersecurity processes and procedures will help banks protect themselves from cybersecurity risks. Nevertheless, the Federal Reserve has announced new guidelines for their supervised banks. This guidance states that banks must receive written notification of supervisory non-objection before using tokens to facilitate payments. Additionally, the Fed has established a Novel Activities Supervision Program to enhance the supervision of novel activities related to crypto assets, distributed ledger technology, and technology-driven partnerships with nonbanks to deliver financial services.

To obtain a written notification of supervisory non-objection, banks must demonstrate that they have established appropriate risk management practices for the proposed activities. The new program will be risk-based with the level and intensity of supervision varying depending on the level of engagement in novel activities by each banking organization. The Fed will notify in writing those institutions whose novel activities will be subject to examination through the program and periodically evaluate, and update which banks should be subject to examination.

If you have any questions regarding cybersecurity, crypto assets, or other risks relating to the OCC’s report, please reach out to a member of our team.