The Federal Deposit Insurance Corporation (FDIC) Office of Inspector General has issued its report on FDIC Strategies Related to Crypto-Asset Risks.
In recent years, the crypto-asset sector has experienced significant volatility. The total market capitalization of crypto assets fluctuated from about $132 billion in January 2019 to $3 trillion in November 2021. More concerning, the market capitalization fell by 60 percent to $1.2 trillion as of April 2023. These events highlight various risks that the crypto-asset sector could pose to financial institutions, including liquidity, market, pricing, and consumer protection risks. While currently limited, if material exposure of financial institutions to the risks posed by crypto-related activities were to manifest, it may affect the FDIC’s mission to maintain stability and public confidence in the Nation’s financial system. We conducted a review to determine whether the FDIC has developed and implemented strategies that address the risks posed by crypto assets.
We determined that the FDIC has started to develop and implement strategies that address the risks posed by crypto assets. However, the Agency has not assessed the significance and potential impact of the risks. Specifically, the FDIC has not yet completed a risk assessment to determine whether the Agency can sufficiently address crypto-asset related risks through actions such as issuing guidance to supervised institutions. In addition, the FDIC’s process for providing supervisory feedback on FDIC-supervised institutions’ crypto-related activities is unclear. As part of its process, the FDIC requested that financial institutions provide information pertaining to their crypto‑related activities. Additionally, the FDIC issued letters (pause letters), between March 2022 and May 2023, to certain FDIC-supervised financial institutions asking them to pause, or not expand, planned or ongoing crypto-related activities, and provide additional information. However, the FDIC did not (1) establish an expected timeframe for reviewing information and responding to the supervised institutions that received pause letters and (2) describe what constituted the end of the review process for supervised institutions that received a pause letter.
Until the FDIC assesses the risks of crypto activities and provides supervised institutions with effective guidance, the FDIC and some FDIC-supervised institutions may not take appropriate actions to address the most significant risks posed by crypto assets. In addition, based on evidence obtained during our evaluation, the FDIC’s lack of clear procedures causes uncertainty for supervised institutions in determining the appropriate actions to take. If financial institutions do not receive timely feedback from the FDIC and do not understand what constitutes the end of the FDIC’s review process, this uncertainty creates risk that the FDIC will be viewed as not being supportive of financial institutions engaging in crypto-related activities.
We made two recommendations for the FDIC to: (1) establish a plan with timeframes for assessing risks pertaining to crypto-related activities and (2) update and clarify the supervisory feedback process related to its review of supervised institutions’ crypto-related activities. The FDIC concurred with both recommendations and plans to complete corrective actions by January 30, 2024.