In January, shortly after President Trump began his second term, the Securities and Exchange Commission rescinded Staff Accounting Bulletin No. 121 (opens a new window), which eliminated a previous directive that banks and other companies taking custody of digital assets treat those assets as liabilities on their balance sheets. Last month, the government removed another roadblock for banks interested in the digital asset space — one more sign of the looser digital asset-related regulatory environment businesses can expect under the administration.
On March 28, the Federal Deposit Insurance Corporation published a new Financial Institution Letter that allows federally chartered banks and other FDIC-supervised institutions to engage in cryptocurrency-related activities without prior approval.
Under the new guidance, FIL-7-2025 (opens a new window), “FDIC-supervised institutions may engage in permissible activities, including activities involving new and emerging technologies such as crypto-assets and digital assets, provided that they adequately manage the associated risks,” the FDIC said. The new letter rescinds guidance in an earlier Biden-era letter, FIL-16-2022 (opens a new window), that required institutions to notify and await feedback from the FDIC if they intend to engage in digital asset activity.
Importantly, the FDIC noted in its new guidance that supervised institutions should consider various risks associated with digital asset activity. These include market and liquidity risks, operational and cybersecurity risks, consumer protection requirements, and anti-money laundering requirements. The FDIC also directed institutions to engage with the regulator’s supervisory team “as appropriate.”
FIL-7-2025 provides much-needed relief for FDIC-supervised institutions looking to become more involved in the digital asset ecosystem. But it’s vital that banks and other financial institutions consider several exposures when exploring digital asset activity. These include:
Board members’ personal exposure. Directors and officers liability (D&O) insurance policies purchased by financial institutions can offer significant protections to organizations and senior leaders. When originally underwritten, however, they may not have contemplated risks associated with digital asset custody and other services.
Professional liability. Financial institutions’ existing errors and omissions (E&O) insurance policies could have limited scope or important exclusions that could narrow coverage for new digital asset services or their use of blockchain technology.
Crime and custody risks. Under some crime policies, digital assets may be excluded or limited; for example, some policies may not define “digital assets” as money or property.
Well-crafted insurance programs can address many of these risks — and, fortunately, insurance for digital asset-related activities (even those conducted by more traditional institutions) continues to become more readily available and insured-friendly. Still, it’s imperative that financial institutions work with experienced insurance brokers as they look to find new coverage — including dedicated cyber/crime or specie/custody insurance — or alter terms in existing policies.
Lockton’s Emerging Asset Protection (LEAP) team will continue to monitor changes in the digital asset risk landscape, including the SEC’s new, more crypto-friendly approach, and continue to provide updates on what it means for your risk management and insurance programs. For more on this topic, contact a member of your Lockton team or email us at LEAP@lockton.com (opens a new window).
