Custody Reinstated: What the Return of Bank Crypto Safekeeping Means for Broker-Dealers and Registered Investment Advisers
Published by CRC | July 2025
Beginning in 2020, under Acting Comptroller Brooks, the OCC began to dismantle barriers to bank crypto custody, framing it as an extension of trust and fiduciary services. However, early 2023 cautions from the Fed and FDIC dampened momentum by warning against volatility and liquidity risk.
A pivotal regulatory reset occurred in March–April 2025:
With Letter 1184 in May 2025, the OCC offered comprehensive confirmation of banks’ ability to buy, sell, and custody crypto assets, even via sub-custodians, under familiar safety and compliance frameworks.
On July 14, 2025, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) issued a joint statement which codified that stance and confirmed that federally supervised banks may once again provide crypto-asset safekeeping services, provided such activities are conducted “in a safe and sound manner and in compliance with applicable laws and regulations.”¹
This clarification reinstates a path for regulated banks to serve as custodians for digital assets and presents meaningful implications for both broker-dealers and SEC-registered investment advisers (RIAs). For broker-dealers, this development offers a structurally compliant method to offer crypto-related products without directly holding digital assets. For RIAs, the statement revives the possibility of using banks as qualified custodians under Rule 206(4)-2 of the Advisers Act, subject to appropriate oversight and due diligence.
While the guidance expands opportunity, it also elevates expectations. Broker-dealers and RIAs must ensure that any bank digital asset custody arrangement is carefully structured to avoid inadvertent custody triggers, mitigate operational risk, and align with fiduciary, recordkeeping, and AML/CFT obligations.
The interagency guidance acknowledges that “crypto-asset safekeeping activities can be analogous to traditional safekeeping activities”² when executed within strong governance and risk management frameworks. For broker-dealers and RIAs, this provides a gateway to deliver digital asset strategies through institutions with recognized legal authority and regulatory oversight.
For SEC-registered investment advisers, this is particularly important in the context of the Custody Rule (Rule 206(4)-2 under the Advisers Act), which requires advisers to maintain client funds or securities with a qualified custodian. Federally chartered banks, banking institutions, and savings associations remain one of the expressly permitted categories of qualified custodians under the rule.
Despite the restored permissibility of bank crypto custody, both BDs and RIAs remain responsible for managing their regulatory obligations. The joint statement cautions that crypto safekeeping presents “heightened operational, legal, and technological risks” and that institutions must maintain expertise in custody design, key management, and risk controls.³
Custody has long been a regulatory focal point, and this development is likely to reaffirm and extend that scrutiny to digital asset custody arrangements. For broker-dealers, the key risk is inadvertently triggering custody under Rule 15c3-3, particularly if arrangements suggest shared control over digital assets or cryptographic keys. Even with a bank custodian, firms must avoid operational entanglements that could be viewed as constructive custody. Recordkeeping obligations under SEC Rules 17a-3 and 17a-4, as well as AML and sanctions requirements under FINRA Rule 3310, remain fully applicable.
For SEC-registered investment advisers, the primary concern is maintaining compliance with Rule 206(4)-2 of the Advisers Act. Advisers must ensure the bank custodian qualifies under the rule and has exclusive possession or control of client assets. Poorly defined custody arrangements, especially around access to keys or client authorization flows, can result in violations. As noted in recent Risk Alerts, custody-related deficiencies continue to be a top exam issue, and crypto custody will almost certainly fall within that lens.
To ensure regulatory alignment while maximizing the benefits of bank crypto custodians, firms should begin by establishing clear contractual arrangements that unambiguously define the bank as having sole and exclusive control over the crypto assets and associated keys. These documents should be reviewed carefully for any language that may imply indirect access or authority by the broker-dealer or adviser.
Firms must also perform rigorous due diligence on the bank custodian, evaluating its cryptographic key management practices, cybersecurity protocols, SOC reports, and operational resilience. This process should not be limited to an initial review—ongoing vendor oversight and governance must be embedded in the firm’s compliance program.
Both broker-dealers and advisers should take steps to revise their supervisory procedures and compliance manuals to reflect the unique risks and responsibilities of engaging in crypto custody through a third party. These updates should address risk assessment, escalation protocols, and custodial oversight.
In parallel, disclosures to clients must be enhanced. Marketing materials, investor agreements, and regulatory filings—particularly Form ADV for RIAs—should include accurate, plain-English explanations of how custody is handled, the risks of crypto asset exposure (including volatility, forks, and key loss), and any third-party dependencies.
Finally, firms must coordinate closely with custodial banks on AML and sanctions compliance. This includes sharing responsibility for blockchain transaction monitoring, aligning suspicious activity reporting procedures, and ensuring that Travel Rule and OFAC screening obligations are fulfilled.
The July 2025 interagency statement reopens the door for regulated banks to participate in the digital asset economy, offering broker-dealers and investment advisers a valuable opportunity to modernize their offerings through partnerships with highly supervised institutions. However, this path must be navigated with caution.
For broker-dealers, the ability to offer crypto exposure without holding assets directly reduces operational burden but not necessarily regulatory accountability. For RIAs, the clarification may enhance the pool of viable qualified custodians, but advisers must still structure relationships and disclosures in full alignment with Rule 206(4)-2 and associated guidance.
As the statement notes, “safe and sound crypto-asset safekeeping requires appropriate due diligence, internal controls, and governance.”⁴ Firms that meet this moment with thoughtful structure and proactive compliance will be best positioned to lead in a rapidly maturing digital asset marketplace.
1-4 Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation. “Joint Statement on Crypto-Asset Safekeeping.” July 14, 2025.
Anti-money laundering (AML) compliance has long been a foundational obligation for broker-dealers and a growing […]
State Trust Companies, Regulatory Evolution, and the Long Journey Toward Durable Digital Asset Markets How […]
Artificial intelligence and automated decision tools are rapidly becoming embedded in the operational and compliance […]
Anti-money laundering (AML) compliance has long been a foundational obligation for broker-dealers and a growing […]
State Trust Companies, Regulatory Evolution, and the Long Journey Toward Durable Digital Asset Markets How […]
Artificial intelligence and automated decision tools are rapidly becoming embedded in the operational and compliance […]
