The Securities and Exchange Commission has formally rescinded Staff Accounting Bulletin 121, easing capital burdens for regulated crypto custodians but leaving crypto custody regulation unclear. Moving forward, a collaborative framework between crypto custodians and regulators is essential in balancing risk management, transparency, and institutional participation.
This regulatory shift underscores cryptocurrency’s evolving role in financial markets. Once positioned to challenge traditional finance, cryptocurrencies are increasingly viewed as alternative assets. As they gain traction, demand for services such as trading, payment processing, settlement, and lending has grown—and many of them require secure custody.
Banks, given their expertise in safeguarding assets for customers, have waded into the crypto markets to provide storage solutions. With this growing institutional involvement comes regulatory scrutiny, particularly over the accounting treatment of custodial crypto assets.
SAB 121—a contentious measure issued by the SEC in March 2022—required recognition of custodial crypto holdings as both an asset and a corresponding liability at fair value on the entity’s own balance sheet and disclosure of the technological, legal, and regulatory risks unique to such custody.
The rule faced sharp backlash from industry groups and lawmakers, particularly over its recognition requirement. Before the issuance of SAB 122 on Jan. 23, a bipartisan congressional resolution sought to nullify the rule but was vetoed by former President Joe Biden last year.
Controversial Recognition Requirement
Custodial assets are typically held off balance sheet because custodians have no ownership rights or economic claims. SAB 121’s on-balance-sheet requirement deviated from this practice, essentially treating custodial crypto assets like bank deposits.
But unlike deposits, custodial assets (including crypto) are meant to remain legally separate, inaccessible to custodians, and unaffected by custodians’ financial risks. This requirement thus led to concerns about reporting inconsistencies and regulatory overreach.
A greater concern was how the requirement affected banks’ willingness and ability to serve as crypto custodians. In the US, banks undergo periodic stress tests by regulators such as the Federal Reserve to assess resilience during economic downturns. Recognizing custodial crypto assets as liabilities would lower capital ratios, making it more difficult for banks to pass stress tests without raising capital buffers.
This capital burden hindered banks from offering or scaling crypto custody services. As a result, SAB 121 may have unintentionally steered consumers toward less regulated, higher-risk, or more expensive alternatives for crypto custody.
The rule’s impact extended to banks offering broader crypto-related services such as payment processing. These banks facilitate on-ramp and off-ramp transactions, bridging cryptocurrencies and fiat currencies without direct custody involvement. Due to SAB 121’s recognition requirement, these banks might have faced increased settlement risks as they sought to avoid custodial crypto holdings, even temporarily, at reporting period ends.
As crypto assets integrate into traditional finance, excluding banks is impractical. Without major players driving technological and regulatory advancements, the crypto industry will develop more slowly, affecting overall trust and adoption.
Flawed Disclosure Requirement
Compared with its recognition requirement, SAB 121’s disclosure mandate raised valid concerns about crypto custody risks. Crypto custody presents unique challenges, particularly in safeguarding private keys. Storage solutions range from cold storage, hardware security modules, and multiparty computation to hot storage—managed by custodians or third parties. Each method balances security, cost, and operational efficiency.
Even banks are relatively new to crypto custody and must adopt specialized security measures. Given past exchange hacks—such as Mt. Gox, Bitfinex, and FTX—the call for greater transparency in crypto custody risk management seems reasonable.
But more disclosure doesn’t always mean better security. Excessive transparency about technological risks could expose vulnerabilities, increase hacking threats, and undermine proprietary innovations that offer a competitive edge. Furthermore, recognizing custodial crypto assets on balance sheets provides little insight into actual security preparedness.
Unlike technological risks, SAB 121’s call for disclosing legal and regulatory risks was perplexing. While it’s reasonable to expect crypto custodians to disclose custodial arrangements, such as additional insurance coverage, the broader issue lies in the absence of clear legal definitions and precedents for crypto assets.
Cryptocurrencies exist in a regulatory gray area. For example, US regulators have yet to agree whether to classify cryptocurrencies as securities or commodities, creating uncertainty over their legal treatment. This ambiguity complicates the development of regulatory safeguards and the legal resolution of disputes involving fraud, loss, theft, or bankruptcy—ultimately exposing consumers to greater risks.
However, custodians are largely the recipient of these uncertainties rather than the source. The brief implementation of SAB 121 and its subsequent rescission through SAB 122 only heightened concerns about regulatory ambiguity, making it difficult for banking institutions to justify investments in crypto custody services.
Outlook
The rapid growth of custodial crypto assets highlights the increasing demand for secure storage solutions and reinforces institutional custody as a critical service. A timely and necessary regulatory framework should provide clear guidance to navigate this expanding sector.
Although keeping custodial crypto assets off balance sheet aligns with the accounting treatment of traditional asset custody, voluntary footnote disclosures of select information about custodial crypto assets could help custodians demonstrate operational scale, financial stability, and growth—an approach some companies (such as Coinbase) already take.
Risk disclosure is essential but should remain flexible rather than mandated. Rules developed collaboratively between custodians and regulators would ensure relevance while protecting proprietary technology and fostering innovation. By allowing entities to assess their own risk exposure and tailor transparency levels, such an approach would promote market stability, consumer confidence, and long-term growth.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Author Information
Vivian Fang is the Richard E. Jacobs Chair of Finance at the Kelley School of Business, Indiana University. She has been teaching and researching cryptocurrencies since 2018.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Tax or Log In to keep reading:
Learn About Bloomberg Tax
From research to software to news, find what you need to stay ahead.
Already a subscriber?
Log in to keep reading or access research tools.