Cryptocurrency: The Risk Banks Already Have

The cryptocurrency market continues to evolve: New companies launching coins, wallets, exchanges and applications seemingly emerge every day, and crypto founders were named to Time Magazine’s Most Influential List.

The total market capitalization of cryptocurrency eclipsed $2 trillion on April 5, 2021, and sat at $2.44 trillion as of Sept. 15, 2021. El Salvador became the first country in the world to make Bitcoin legal tender, with President Nayib Bukele saying, “Bitcoin would be an effective way to transfer the billions of dollars in remittances that Salvadorans living outside the country send back to their homeland each year.”

More importantly, financial regulators have taken notice. Make no mistake, regulation oversight is coming. Kenneth Blanco, director of the Financial Crimes Enforcement Network, said, “Banks must be thinking about their crypto exposure. If banks are not thinking about these issues, it will be apparent when examiners visit. In January, the Office of the Comptroller of the Currency published a letter clarifying the authority to participate in independent node verification networks (INVN) and use stablecoins to conduct payment activities and other permitted banking activities for national banks and federal savings associations, along with the instructions that in participating in this capacity, “a bank must comply with applicable law and safe, sound, and fair banking practices.”

Gary Gensler, the U.S. Securities and Exchange Commission chairman, is intimately knowledgeable of cryptocurrency, having taught a course called Blockchain and Money at the Massachusetts Institute of Technology. Sen. Elizabeth Warren (D-Mass.) has pressed Treasury Secretary Janet Yellen to use her position as the chair of the Financial Stability Oversight Council to “ensure the safety and stability of consumers and our financial system.”

A number of large, leading banks are evolving their crypto programs, testing their crypto infrastructure and readying their organizations for participation in the crypto marketplace, whether as a custodian, exchange, coin issuer, broker, payment processor or participant. Other banks are in the queue to be fast followers and/or limited participants. They want to see how the market develops and how regulators react to the initial wave of participation. Yet, other institutions look at cryptocurrency participation as either a long-term initiative, or an activity that does not fit their risk profile.

The fact of the matter is, likely every bank has exposure to cryptocurrency in some capacity. Approximately 13% of Americans bought or traded cryptocurrency in the past 12 months, and approximately 46 million Americans (17% of the adult population) own at least a share of Bitcoin. That means that about one in eight Americans actively participates in the crypto marketplace. Unless your bank has less than eight customers, the law of averages dictates that your institution has exposure and one or more of your customers has sent or received money to or from entities within the cryptocurrency marketplace.

The good news is there are tools to help banks identify current exposure, track payments and facilitate compliance monitoring and reporting needs. As with any tool, the effectiveness of those tools comes down to features and performance. Some tools use name matching to identify that participation. However, the ownership structure of many of these emerging companies use innocuous-sounding corporate holding company names for payment processing to their crypto companies, which can make these tools less effective – complicating the current struggle of evaluating false positives by name checking alone. There are also tools and services which can do advanced due diligence on virtual asset service providers and help identify crypto money service businesses and previously unidentified crypto payments. Once an institution can assess current state exposure, it can develop an action plan.

Acknowledging that willingly or otherwise, most financial institutions have been brought into the crypto ecosystem and should be developing a plan of action now. The first step is to identify and assess an institution’s current state of exposure to cryptocurrency. Next, it should develop a strategy defining the institution’s planned participation in this space. Key considerations include: how transactions outside the organization’s risk tolerance will be handled and how the governance, risk and compliance (GRC) programs of the organization need to be updated to reflect the current and future state of doing business.

As the crypto ecosystem and regulations continue to evolve, savvy institutions will ensure they understand their current exposure in the market and work toward a target future-state GRC program that addresses the risks to which the organization is exposed.