Federal regulators are sending a clear message that a financial institution must identify and control for inherent risks related to its facilitation or participation in crypto activities including Bitcoin.
Financial institutions considering the potential rewards associated with crypto activities should also prepare for stricter regulatory scrutiny based on recent guidance. Thoroughly identifying, understanding, and documenting the risks and the necessary risk-mitigating controls is an essential first step.
In light of messaging and guidance from federal regulators, we recommend that financial institutions conduct a related risk assessment. Such a risk assessment provides a documented inventory and living record of controls mapped to associated risk factors. Regulators will expect supervised institutions to identify and actively manage these risks. The related controls should be individually identified and rated based on specific characteristics, providing and documenting an assessment of the overall effectiveness of the financial institution’s control environment for mitigating associated risks.