What Banks Should Know Before Banking Crypto Firms
September 18, 2025
For Immediate Release

The shift is visible: The Federal Reserve has wound down its “novel activities” program, the largest banks have been asked to review all customers they have “debanked” (including crypto companies), and the regulators are publicly signaling a change in their posture toward digital assets.

For years, both regulators and banks have treated crypto banking as prohibitively risky, driven in part by Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements and reputational concerns. That caution was understandable after high-profile collapses like FTX, but overreaction carries its own costs. The question now is not whether to serve crypto firms, but how.

Instead of treating crypto as a single, uniform risk, banks should view it as a menu of specific services, each with its own risk profile. Institutions that choose to participate need robust risk and compliance frameworks aligned with their risk appetite.

Below, we outline four key service areas—ranging from the most straightforward to the most complex—where those risks come into sharp focus.

Basic Operational Accounts

On the lowest end of the risk spectrum is providing a standard corporate account for a crypto firm. These accounts serve standard business purposes such as payroll and vendor payments. Risks here resemble those associated with other regulated financial institutions. Key considerations include ensuring that customer assets are not mixed with company funds and that accounts are only maintained for properly structured legal entities.

“For Benefit Of” (FBO) Accounts

Many crypto firms hold fiat currency on behalf of their customers, typically to facilitate transactions such as buying and selling digital assets. When banks provide FBO accounts for this purpose, additional risks arise.

Banks should focus on three areas in particular:

  • Recordkeeping: Banks should require transparent account structures that make it easy to trace and return customer funds if a firm becomes insolvent.
  • Commingling: Banks should verify—through periodic reviews and reconciliations—that customer assets are held separately from the firm’s corporate funds and cannot be repurposed for business use.
  • Customer controls: Banks should assess and, where possible, independently test a firm’s know your customer (KYC), onboarding, and ongoing monitoring processes to ensure customers are properly identified, risk-rated, and screened.

While this does create incremental risk for banks, it is important to note that many have offered these services for a long time to other “mainstream” market participants, such as broker-dealers.

Customer Transaction Accounts

Many crypto firms now seek to offer retail-style financial products, from payment cards to direct deposit, blurring the lines between traditional banking and digital asset services. When banks support these activities, the oversight burden rises.

Banks must confirm that the crypto firm’s KYC and transaction-monitoring standards meet their own. Sanctions compliance becomes especially critical. In practice, some banks may even treat the crypto firm’s customers as their own, subjecting them to the bank’s policies and procedures.

Banks are accustomed to evaluating the risks posed by empowering their customers to offer transaction services to third parties; there is no reason to evaluate this risk differently for crypto firms.

Custody of Digital Assets

Custody remains the riskiest area. While the challenges are widely recognized, they are not insurmountable. Proper safeguards require expertise in crypto infrastructure and information security—a key reason why this is an information security and safeguarding issue, distinct from AML or reputational risk.

Regulators recently announced draft guidance around bank’s custody requirements, a move that provides greater clarity for those looking to enter the market. While it’s likely that custody will continue to be handled by a small number of specialized firms or retained in-house by the crypto firms themselves in the near term, this new guidance could pave the way for more entrants looking to offer these services.

Beyond specific services offered, banks must also evaluate other key non-service specific risks, like liquidity and AML/BSA risk more broadly.

Regulators have often flagged liquidity as a key risk in banking crypto firms, but the dynamics are nuanced. In a market sell-off, for example, FBO account balances may actually increase as customers liquidate their crypto holdings into cash, at least in the short term. The greater risk is solvency and exposure to under-regulated markets, where customer assets may not be held on a like-for-like basis. For banks, the focus should be on managing concentration risks from very large FBO accounts, stress-testing deposit flows under different market scenarios, and evaluating jurisdictional exposures where protections for customer funds may be weaker.

Banks must also be satisfied that crypto firms have strong BSA/AML programs. However, dealing with risks posed by a “customer’s customer” is not new for banks. They are accustomed to these challenges in areas like correspondent banking, making this a manageable risk for institutions with robust compliance frameworks.

Not all banking services to crypto firms carry the same level of risk, nor have we fully articulated all of the considerations. By carefully distinguishing between activities—from basic operational accounts to custody of digital assets—banks can identify where risks are manageable and where they remain too great based on their institutions risk appetite.

Crypto remains a developing market, and regulatory frameworks continue to evolve. Banks that approach this sector with a clear-eyed understanding of the risks, rather than broad assumptions, will be better positioned to serve clients while protecting their balance sheets.

What Banks Should Know Before Banking Crypto Firms
No items found.
September 18, 2025
For Immediate Release

Driven by the passage of the Genius Act and a surge of banking charter applications from digital asset and crypto companies, theAdministration is pressing regulators to craft a clear framework for digital assets. With key agency posts now filled, early policy directives turning into tangible action, and whispers of disintermediation growing louder, the banking industry is reassessing its role in this fast-growing market.

Control structures today are not automated enough to keep up with an increasingly real-time world.
ORM needs to happen at the speed of operations.
We need to create an economic environment where companies can hire these workers as employees and pay them a living wage. There are steps policymakers can take to change the gig economy dynamic.
Dependency on tips over base pay is growing because of actions taken by gig companies to institute tipping.
Even for those lucky enough to be making what amounts in many states to the poverty wage of $15 per hour, many will get nothing but a week’s notice before being out on the street.
One study shows that consistent involvement in extracurricular activities increased a child’s likelihood of attending college by a whopping 400% compared to not being involved at all.
According to one report, almost 600 EMIs operate across Europe and the UK, holding over €35 billion in customer deposits.
The recent proposals from Acting Comptroller Hsu offer promising steps forward.
Data from S&P Global Market Intelligence shows banks providing banking as-a-service to FinTechs received 13.5 percent of severe enforcement actions in 2023.

The shift is visible: The Federal Reserve has wound down its “novel activities” program, the largest banks have been asked to review all customers they have “debanked” (including crypto companies), and the regulators are publicly signaling a change in their posture toward digital assets.

For years, both regulators and banks have treated crypto banking as prohibitively risky, driven in part by Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements and reputational concerns. That caution was understandable after high-profile collapses like FTX, but overreaction carries its own costs. The question now is not whether to serve crypto firms, but how.

Instead of treating crypto as a single, uniform risk, banks should view it as a menu of specific services, each with its own risk profile. Institutions that choose to participate need robust risk and compliance frameworks aligned with their risk appetite.

Below, we outline four key service areas—ranging from the most straightforward to the most complex—where those risks come into sharp focus.

Basic Operational Accounts

On the lowest end of the risk spectrum is providing a standard corporate account for a crypto firm. These accounts serve standard business purposes such as payroll and vendor payments. Risks here resemble those associated with other regulated financial institutions. Key considerations include ensuring that customer assets are not mixed with company funds and that accounts are only maintained for properly structured legal entities.

“For Benefit Of” (FBO) Accounts

Many crypto firms hold fiat currency on behalf of their customers, typically to facilitate transactions such as buying and selling digital assets. When banks provide FBO accounts for this purpose, additional risks arise.

Banks should focus on three areas in particular:

  • Recordkeeping: Banks should require transparent account structures that make it easy to trace and return customer funds if a firm becomes insolvent.
  • Commingling: Banks should verify—through periodic reviews and reconciliations—that customer assets are held separately from the firm’s corporate funds and cannot be repurposed for business use.
  • Customer controls: Banks should assess and, where possible, independently test a firm’s know your customer (KYC), onboarding, and ongoing monitoring processes to ensure customers are properly identified, risk-rated, and screened.

While this does create incremental risk for banks, it is important to note that many have offered these services for a long time to other “mainstream” market participants, such as broker-dealers.

Customer Transaction Accounts

Many crypto firms now seek to offer retail-style financial products, from payment cards to direct deposit, blurring the lines between traditional banking and digital asset services. When banks support these activities, the oversight burden rises.

Banks must confirm that the crypto firm’s KYC and transaction-monitoring standards meet their own. Sanctions compliance becomes especially critical. In practice, some banks may even treat the crypto firm’s customers as their own, subjecting them to the bank’s policies and procedures.

Banks are accustomed to evaluating the risks posed by empowering their customers to offer transaction services to third parties; there is no reason to evaluate this risk differently for crypto firms.

Custody of Digital Assets

Custody remains the riskiest area. While the challenges are widely recognized, they are not insurmountable. Proper safeguards require expertise in crypto infrastructure and information security—a key reason why this is an information security and safeguarding issue, distinct from AML or reputational risk.

Regulators recently announced draft guidance around bank’s custody requirements, a move that provides greater clarity for those looking to enter the market. While it’s likely that custody will continue to be handled by a small number of specialized firms or retained in-house by the crypto firms themselves in the near term, this new guidance could pave the way for more entrants looking to offer these services.

Beyond specific services offered, banks must also evaluate other key non-service specific risks, like liquidity and AML/BSA risk more broadly.

Regulators have often flagged liquidity as a key risk in banking crypto firms, but the dynamics are nuanced. In a market sell-off, for example, FBO account balances may actually increase as customers liquidate their crypto holdings into cash, at least in the short term. The greater risk is solvency and exposure to under-regulated markets, where customer assets may not be held on a like-for-like basis. For banks, the focus should be on managing concentration risks from very large FBO accounts, stress-testing deposit flows under different market scenarios, and evaluating jurisdictional exposures where protections for customer funds may be weaker.

Banks must also be satisfied that crypto firms have strong BSA/AML programs. However, dealing with risks posed by a “customer’s customer” is not new for banks. They are accustomed to these challenges in areas like correspondent banking, making this a manageable risk for institutions with robust compliance frameworks.

Not all banking services to crypto firms carry the same level of risk, nor have we fully articulated all of the considerations. By carefully distinguishing between activities—from basic operational accounts to custody of digital assets—banks can identify where risks are manageable and where they remain too great based on their institutions risk appetite.

Crypto remains a developing market, and regulatory frameworks continue to evolve. Banks that approach this sector with a clear-eyed understanding of the risks, rather than broad assumptions, will be better positioned to serve clients while protecting their balance sheets.

Among states with stricter COVID-19 policies, reducing unemployment benefits had little to no effect. The average effect of increased employment seems to have occurred only in those states with looser COVID protocols.
Notes
No items found.
Press Contact:
No items found.
Additional Resources:
No items found.
No items found.
Contact Us
No items found.
Item link
Insights Commentary
Terms of UsePrivacy Policy
© 2025 Ludwig Advisors