Marc Hochstein is the managing editor of CoinDesk.

The following article originally appeared in CoinDesk Weekly, a custom-curated newsletter delivered every Sunday exclusively to our subscribers.

“We don’t have them on the ropes yet but we definitely have them scared.”

That was the assessment of CoinDesk reader FireFox Bancroft, commenting on our story last month about Bank of America’s mention of cryptocurrency in the “risk factors” section of its annual filing with the Securities and Exchange Commission.

“Scared” might still be a bit of an overstatement. But it’s clear from the latest round of annual reports (also known as 10-K filings) that financial institutions, ranging from B of A’s gargantuan peers to regional players, are taking bitcoin and its brood more seriously than they did a year or even six months ago.

That change is a reflection of how far cryptocurrency and blockchain technology have come in a short time, not only in terms of valuation but also public awareness, even if widespread consumer adoption remains distant.

For Bank of America, the threat is twofold: cryptocurrency use could make it harder for the bank to trace financial flows in order to comply with anti-money-laundering laws, and the technology is a potential competitor to traditional financial intermediaries.

Echoing the latter concern, JPMorgan said some financial services business lines, including payment processing, “could be disrupted by technologies, such as cryptocurrencies, that require no intermediation.” It was a striking acknowledgment from a company whose CEO famously called bitcoin a fraud (though to be fair, he did later express regret over that remark).

But it’s not just Wall Street that’s got crypto on its radar. Main Street banks like WesBanco in West Virginia and IberiaBank in Louisiana also mentioned potential competition from the technology in their 10-Ks. Again, these are not the too-big-to-fail behemoths that Occupy and Elizabeth Warren rail against; they’re the successors to the Bailey Building & Loan in “It’s a Wonderful Life,” the institutions that host barbecues for the local chamber of commerce and march in the town parade. And they think they might plausibly lose some customers to crypto.

Perhaps the least surprising company to join this club was Goldman Sachs, considering that the investment bank started clearing bitcoin futures for clients toward the end of last year, though it’s not directly touching crypto.

Square is, however, through its Square Cash app’s bitcoin-buying feature, and one of the risk concerns cited by the payments company reflected this deeper involvement.

It warned that accounting rules for publicly traded companies aren’t clear on how to treat cryptocurrency. So there’s the possibility that if auditors or regulators disagree with method Square uses, it may have to restate previously reported results. Which is rarely good for a company’s stock price.

Kitchen sink

Stepping back, it’s important to recognize that despite the disclosures, these companies may still consider the risk from crypto to be remote.

Banks in particular tend to take an “everything but the kitchen sink” approach to their risk factor disclosures, likely as a CYA measure (the family-friendly term for that is “cover your assets”).

For example, in Goldman Sachs’ report, just before the passage on blockchain risk, is this warning:

“The use of computing devices and phones is critical to the work done by our employees and the operation of our systems and businesses and those of our clients and our third-party service providers and vendors. It has been reported that there are some fundamental security flaws in computer chips found in many types of these computing devices and phones. Addressing this issue could be costly and affect the performance of these businesses and systems, and operational risks may be incurred in applying fixes and there may still be residual security risks.”

That could probably be said of almost any business in the world today, except maybe the guy selling hot dogs on the corner or a rug seller in a bazaar.

Why include the obvious, along with the unlikely, in the list of contingencies? Under U.S. securities law, there’s no bright line rule for what’s “material” enough of a danger that it must be disclosed to shareholders. In a 2011 case, the Supreme Court refused to adopt a “statistical significance” test for materiality, instead reaffirming a previous decision‘s standard: would a reasonable investor have viewed the undisclosed event as significantly altering the total mix of information available?

So no, crypto doesn’t have the financial establishment on the ropes, and they may not even be scared. But they do think it’s a risk their shareholders might view as important enough to rate a mention under What Could Go Wrong For Us. That’s something.

Image via Shutterstock.