US banks have long faced uncertainty over whether they could legally and safely hold and manage crypto assets for clients. Until 2025, national banks navigating crypto custody risked operating in a regulatory gray area with no clear guidance on authority or compliance expectations, leaving many institutions hesitant to offer digital asset safekeeping services.

That uncertainty is now resolved. In a July 2025 joint statement, the OCC, Federal Reserve, and FDIC issued a coordinated set of guidance and clarifications that make it clear: national banks can provide crypto custody services, as long as they implement robust risk management and compliance frameworks.

This alignment of US banking regulators is a clear turning point. Banks now have confirmed authority, defined operational and compliance expectations, and a path to compete with crypto-native custodians in a trust-sensitive, highly regulated market.

Timeline of Regulatory Clarifications for Crypto Custody

A series of regulatory milestones between March and July 2025 transformed the landscape for banks considering crypto custody:

• March 7, 2025 – OCC Interpretive Letter 1183: Rescinded the requirement for pre-approval before engaging in crypto-asset custody activities, confirming banks can operate within their existing charter authority. Specific statement: “crypto-asset custody, distributed ledger, and stablecoin activities are permissible” 
• May 7, 2025 – OCC Interpretive Letter 1184: Explicitly confirmed that OCC-regulated banks have full authority to provide crypto custody services. Specific statement: "confirm that banks may buy and sell assets held in custody at the custody customer’s direction and are permitted to outsource bank-permissible crypto-asset activities, including custody and execution services to third parties, subject to appropriate thirdparty risk management practices."
• July 14, 2025 – OCC, Federal Reserve, and FDIC Joint Interagency Statement: Issued detailed guidance on crypto-asset safekeeping, emphasizing enterprise-grade risk management, governance and board oversight, cybersecurity, operational resilience, and compliance with BSA, AML, OFAC, CFT, and Travel Rule obligations. Specific statement: "These laws and regulations require banking organizations to verify customer identity, perform due diligence to understand the nature and purpose of the customer relationship, perform ongoing monitoring to identify and report suspicious activity, block transactions in accordance with OFAC sanctions, and follow the “Travel Rule.”
  

Together, these milestones establish both the authority to offer crypto custody and the supervisory expectations banks must meet to operate safely and securely.

Operational and Compliance Priorities for Banks Offering Crypto Custody

Regulatory clarity now enables banks to offer crypto custody, but success depends on translating guidance into concrete operational practices. Key areas for banking professionals to focus on include:

• Enterprise-grade risk management: Implement continuous risk assessment frameworks that cover market volatility, operational errors, and cyber threats specific to digital assets.
• Travel Rule Compliance & Identity verification: Ensure robust processes for capturing and transmitting verified originator and beneficiary information in compliance with the Travel Rule and AML/CFT obligations.
• Policy-based transaction controls: Embed automated approval workflows and transaction limits that enforce compliance policies consistently across all custody operations.
• Board oversight and governance: Establish clear accountability structures, reporting lines, and periodic reviews to align management, compliance, and operational teams on risk and regulatory obligations.
• Operational resilience and cybersecurity: Design custody infrastructure to withstand operational disruptions and cyberattacks while maintaining secure access and transaction integrity.

Notabene Approach to Scalable Compliance and Trust Infrastructure

Banks entering crypto custody need regulatory guidance, but they also need infrastructure that translates compliance into everyday operations. 

As banks enter the crypto custody space, regulatory clarity is only part of the challenge. Institutions also need infrastructure that operationalizes compliance—embedding it directly into how digital asset transactions are authorized, monitored, and secured.

Notabene Transact provides exactly that. It’s a transaction authorization platform purpose-built for regulated financial institutions managing digital asset flows. Through automated pre-transaction decisioning and robust data security, Transact helps banks meet evolving Travel Rule requirements while turning compliance into a strategic advantage—improving efficiency, strengthening data integrity, and unlocking new revenue opportunities.

With the largest active network of Travel Rule–compliant entities worldwide, Notabene offers the industry’s only solution that combines compliance-grade assurance with the scalability and adaptability needed for the high-growth, high-trust demands of digital asset markets. As regulations mature globally, Notabene Transact enables institutions to build trust infrastructure that grows with their business — ensuring every transaction is compliant, authorized, and secure by design.

Building Operational Readiness and Trust in Digital-Asset Custody

The 2025 regulatory clarifications from the OCC, Federal Reserve, and FDIC establish clear authority and supervisory expectations for banks offering crypto custody. Enterprise-grade risk management, governance, cybersecurity, and compliance are now baseline requirements, not optional best practices

These clarifications set a clear standard for securely managing digital assets with operational resilience and regulatory compliance. Banks that embed risk management and compliance at the core of their operations today are positioned to compete confidently and sustainably in the crypto market.