Speaking recently with our many community bank clients, we’ve seen a significant increase in questions and concerns regarding the increased presence of crypto-assets business models. The general sentiment is “I know it’s being discussed, but I’m not sure how the regulators will view this or how it will affect the current operations of my community bank.” As these questions continue to increase, this article has been prepared to provide some insights into the FDIC’s current regulatory developments, as well as some practical information on how community banks can start to explore this topic at their own organization.

Let’s start with how the regulatory landscape has changed over the last few years. Between April 2022 and March 2025, the FDIC issued two brief Financial Institution Letters on this topic: FIL-16-2022 and FIL-7-2025. It doesn’t take much reading between the lines to identify an apparent shift from a precautionary, pre-notification stance on banks’ crypto-related activities (FIL-16-2022) to a permissions-based, risk-management stance that rescinds the prior notice requirement (FIL-7-2025). In the 2022 letter, the FDIC required banks to notify the agency before engaging in any crypto-related activity and emphasized evolving safety and soundness, consumer protection, and financial stability risks. Following, in the 2025 letter, the FDIC affirmed that FDIC-supervised institutions may engage in permissible crypto-related activities without prior FDIC approval, provided risks are adequately managed and activities comply with applicable law.

Additionally, in February 2025, the FDIC published 25 “pause letters,” which were sent to banks between October 2018 and January 2025, discussing the FDIC’s concerns with their crypto-related activities. In the context of the release, Acting FDIC Chairman Travis Hill commented about the FDIC’s position evolving to provide a pathway forward for banks by saying, “Looking forward, we are actively reevaluating our supervisory approach to crypto-related activities. This includes replacing Financial Institution Letter (FIL) 16-2022 and providing a pathway for institutions to engage in crypto- and blockchain-related activities while still adhering to safety and soundness principles.”

Taking a slightly deeper look at the remarkably brief 2025 FIL, the following highlights are noteworthy:

• Risk-Based Approach: The letter reiterates that banks must conduct all activities “safely and soundly and consistent with all applicable laws and regulations.” Risk areas called out include market/liquidity, operational and cyber, consumer-protection, and AML.
• How Permissibility Is Framed: FIL-7-2025 affirms that activities involving new and emerging technologies — including crypto-assets and digital assets — can be permissible if risks are managed. It references OCC interpretive letters on custody and stablecoin reserves as examples of activities that may be permissible when executed appropriately.
• Forward-Looking Coordination: The FIL states the FDIC will work with other banking agencies to replace the 2023 interagency statements on crypto-asset risks and liquidity vulnerabilities with further guidance or regulations and continue engagement with the President’s Working Group on Digital Asset Markets.
• Tone: The tone is notably pragmatic and enabling. The accompanying press release quotes Acting Chairman Travis Hill as saying the FDIC is “turning the page on the flawed approach of the past three years.” This signals a desire to provide a clearer path for banks to engage in crypto/blockchain activities under safety-and-soundness standards.

Additionally, following on the heels of the FIL in March of last year, Congress generated additional tailwind on the topic by signing the GENIUS Act into law. While the details of the GENIUS Act aren’t being discussed in this release, the Act generally defines and regulates stablecoins that are used for payments or settlements. At the time the Act was signed into law, whitehouse.gov described the Act by saying, “This long-overdue legislation creates the first-ever Federal regulatory system for stablecoins, ensuring their stability and trust through strong reserve requirements.” The Act goes a long way to promote more widespread use of stablecoins throughout the economic system while providing regulatory guardrails that a community bank must be familiar with when considering a crypto-friendly business model.

With the apparent change in tone at the regulatory level, the question we hear most frequently is, “How are community banks getting involved with crypto-assets in practice?” While the short answer is that not many are, there are a few emerging topics that community banks may want to consider if they want to start preparing for a crypto-friendly environment for their customers.

Although the industry is still in its infancy with crypto-assets, there have been a few potential use cases at larger players like JPMorgan and B of A that have shown potential to possibly “trickle down” to the community banking space:

• Custody Services: Offering custody services for your customers’ crypto-assets may align with some banks’ current Trust Services or Wealth Management divisions. In the early stages, a streamlined approach to this type of service may involve a mutual partnership with a third-party service where the bank acts as the custodian for the asset broker. This approach may be appealing to banks hoping to attract or retain younger customers who already hold crypto-assets but are unsure about the safety or security of the parties safeguarding those assets.
• Stablecoin Reserves: Many crypto exchanges and fintech firms (River, for example) attract customers to their platform by holding client assets in full reserve, meaning that for every dollar invested in crypto-assets, they hold a dollar in a cash reserve with a qualified institution. This provides an opportunity for banks to be that institutional partner. With the passing of the GENIUS Act, we expect to see particular interest in stablecoin activity over the coming years.
• Crypto-Backed Lending: As crypto-assets continue to become a larger part of consumers’ asset portfolios, customers may have an increased need to convert those less liquid assets into spendable dollars. While lending against direct crypto-asset holdings, such as bitcoin, is likely to be well outside the risk tolerance of most community banks, other crypto-related assets, such as publicly traded crypto-ETFs, may be a viable source of loan collateral; however, robust risk mitigation policies would need to be developed and implemented to ensure the safety and soundness of the activities.

Any time a bank is venturing into uncharted territory, a slow, methodical approach is critical. The following are a few actionable insights to help a community bank explore crypto-related activities consistent with FIL-7-2025:

• Start with activities that have clearer supervisory lineage. Consider crypto custody, stablecoin reserve services or participation in permissioned networks/INVN for payments — areas referenced by bank regulators and consistent with FIL-7-2025’s framing of potentially permissible activities. These business models also relate directly to the more robust guidance published by the OCC in Interpretive Letters 1170, 1172 and 1174.
• Treat crypto like any other new product — build the risk stack first. Before launch, document product-level risk assessments covering market/price volatility, liquidity risk, operational resilience and cybersecurity, BSA/AML and sanctions, consumer disclosures, and third-party/vendor risks. Align with your existing Part 364 safety-and-soundness standards and risk appetite statements.
• Clarify permissibility for your charter and structure. “Permissible” is not blanket approval. Confirm legal authority under state law (for state nonmember banks) and Part 362, where applicable; map each proposed activity to legal authority and supervisory expectations. Keep board minutes and counsel memos current.
• Engage your supervisory team proactively. FIL-7-2025 removes prior approval, not supervisory dialogue. However, a diligent product rollout will always require sharing your program design, controls, KPIs/KRIs and issues-management plan with your exam team. This preserves transparency and mitigates surprises during exams. Details of the plan are the key to successful regulatory buy-in, so reduce confusion by ensuring plain-language disclosures that distinguish insured deposits from crypto-assets and explain custody, segregation and loss scenarios.

The FDIC has pivoted from a 2022 posture that required prior notification and emphasized uncertainty to a 2025 framework that permits banks to engage in permissible crypto-related activities without prior approval, anchored in safety and soundness and compliance. For community banks, the opportunity is to pilot targeted use cases with proper risk-assessment controls, proactive supervisory transparency and consumer-centric clarity, while staying nimble as interagency guidance evolves.

As always, our firm is happy to answer questions or provide guidance on this or any other subject. Please feel free to reach out to me or any one of our firm leaders should you have any questions.