Regulatory Oversight of Cryptocurrency Exposure: A Comprehensive Evaluation of the Basel Committee's Prudential Framework

Josef Bergt
2023

Introduction

The realm of digital finance and its fast-paced developments have been remarkable over the past years. A particular aspect of note has been the rise of cryptocurrencies and their interaction with the conventional banking system. These novel, decentralized assets have been sources of both immense fascination and intense scrutiny from the financial world and its regulators. In the midst of these developments, the Basel Committee on Banking Supervision (BCBS) has taken a significant stride by publishing its finalized prudential standard for banks' exposure to cryptocurrencies.

The Committee released its second consultation paper on the prudential treatment of banks’ exposures to cryptocurrencies in June 2022. The input from various stakeholders guided the Committee to establish its finalized prudential framework, which received the approval of its supervisory body, the Group of Governors and Heads of Supervision. This paper is an in-depth examination of this final standard published in December 2022, set to be operationalized by 1 January 2025 and subsequently integrated into the consolidated Basel Framework. While the work of the BCBS is generally not legally binding per se, it is usually adopted by the Committee's members and implemented in corresponding national law.

The Architecture of the Prudential Standard

The final standard remains faithful to the structure originally outlined in the second consultation document. Its essence lies in a systematic classification of cryptocurrencies into two primary groups, where banks will be mandated to maintain an ongoing classification of cryptoassets under these two categories:

• Group 1 cryptoassets: These cryptocurrencies meet the entirety of a specific set of classification conditions. The Group 1 assets can be further divided into tokenized traditional assets (Group 1a) and cryptocurrencies with effective stabilization mechanisms (Group 1b). The capital requirements for Group 1 cryptoassets align with the risk weights associated with the underlying exposures as detailed in the Basel Framework.
• Group 2 cryptoassets: This group includes the cryptocurrencies that do not satisfy any classification conditions. Consequently, these cryptocurrencies pose increased and additional risks relative to Group 1 cryptoassets and are thus subject to a more stringent capital treatment. This group includes tokenized traditional assets and stablecoins failing the classification conditions as well as unbacked cryptocurrencies. Further, Group 2 is divided into assets for which a limited amount of hedging is permissible (Group 2a) and those where no hedging is acknowledged (Group 2b).

Moreover, several key components shape the prudential standard, including:

• Infrastructure risk add-on: An add-on to risk-weighted assets (RWA) is implemented to cover infrastructure risk for all Group 1 cryptoassets. This add-on can be activated by the authorities based on any observable weaknesses in the infrastructure underlying cryptoassets.
• Redemption risk test and supervision/regulation requirement: These criteria must be fulfilled for stablecoins to be classified under Group 1. They aim to ensure that only stablecoins released by supervised and regulated entities with robust redemption rights and governance are eligible for inclusion.
• Group 2 exposure limit: A bank's total exposure to Group 2 cryptoassets must not surpass 2% of the bank's Tier 1 capital and should generally be below 1%. Any breach of these limits would lead to stricter capital treatments.
• Other elements: The standard also outlines how the operational risk, liquidity, leverage ratio, and large exposure requirements should be applied to banks' cryptocurrency exposures. Further, the supervisory review process and a specific set of disclosure requirements are also prescribed.

Changes in the Prudential Standard Post-Consultation

Based on feedback from stakeholders and evolving market trends in cryptoassets, the Committee incorporated several modifications in the final prudential standard compared to the second consultation proposal.

Infrastructure Risk Add-On

The second consultation suggested an add-on for infrastructure risk as a fixed add-on to RWA, set at 2.5% of the exposure value for all Group 1 cryptoassets. The Committee decided to replace this with a more dynamic approach that allows authorities to initiate and increase an add-on based on any detected weaknesses in the infrastructure underlying specific cryptoassets. This new approach is intended to motivate banks to proactively address infrastructure risks to evade the imposition of an add-on in the future.

Basis Risk Test, Redemption Risk Test and Supervision/Regulation Requirement

The second consultation included a condition in Group 1 classification that cryptocurrencies with stabilisation mechanisms must pass a redemption risk test and a basis risk test. The redemption risk test aimed to ensure the reserve assets were sufficient to redeem the cryptocurrencies at all times, including during extreme stress, for the peg value. Meanwhile, the basis risk test, a quantitative test based on the market value of the cryptocurrency, was designed to ensure the holder of a cryptocurrency can sell it in the market for an amount closely mirroring the peg value.

After evaluating these approaches, the Committee decided not to implement the basis risk test at this time. However, the Committee will further examine whether there are statistical tests that can reliably identify low-risk stablecoins. If identified, this could be considered an additional requirement for inclusion in Group 1b.

Moreover, the Committee agreed that the supervision/regulation requirement should apply in addition to the requirement to pass the redemption risk test. For cryptocurrencies pegged to one or more currencies, the redemption risk test now includes a requirement that the reserve assets must be composed of assets with minimal market risk and credit risk. The Committee will further examine the appropriate composition of reserve assets for the redemption risk test.

Group 2 Exposure Limit

The requirement for banks to keep their total exposure to Group 2 cryptoassets below a threshold of 1% of their Tier 1 capital has been maintained in the final standard, albeit with certain modifications. First, exposures will now be measured as the higher of the gross long and gross short position in each cryptoasset, rather than the aggregate of the absolute values of long and short exposures, as proposed in the second consultation. This change aims to ensure that banks that hedge their exposures are not penalised under the limit.

Second, to reduce the "cliff effects", the Committee has agreed that if the limit is breached, the more stringent Group 2b capital treatment will apply only to the amount by which the limit is exceeded, rather than all Group 2 exposures. However, to ensure that banks do not significantly exceed the 1% threshold, a new 2% limit has been introduced which, if breached, will result in all Group 2 exposures being subject to the Group 2b capital treatment.

Responsibility for Assessing the Classification Conditions

The second consultation required banks to assess their cryptoassets against the classification conditions and seek prior supervisory approval to finalize the classification. The Committee acknowledged that this process could be excessively burdensome, especially in cases where the compliance or violation of the conditions is evident. As a result, the final standard has been altered to remove the supervisory pre-approval element. Instead, banks are now required to inform supervisors of classification decisions, with supervisors having the power to override these decisions if they disagree with a bank's assessment.

Interim Summary

• The Basel Committee's prudential framework sets out the standards for the treatment of banks' cryptoasset exposures, dividing cryptoassets into two primary groups: Group 1 (meeting all classification conditions, including tokenized traditional assets and cryptocurrencies with effective stabilization mechanisms) and Group 2 (failing to meet classification conditions like stablecoins and unbacked cryptocurrencies for example).
• The infrastructure risk add-on has been revised from a fixed add-on to a dynamic add-on, allowing authorities to increase the add-on based on observed weaknesses in a cryptoasset's underlying infrastructure.
• The Committee has decided not to implement the basis risk test at this time.
• Prior supervisory approval to finalize the classification of cryptoassets is no longer required.

Custodial Assets

In the recent past, the regulatory terrain regarding the treatment of custodial assets in banks' cryptoasset exposures has been a subject of spirited deliberation. Participants in the second consultative process voiced apprehension over the potential interpretation of the standard as pertaining to the application of credit, market, and liquidity risk prerequisites to customers' assets where banks operate in a custodial capacity. These concerns revolved around the potential misunderstanding that such assets would be subject to the aforementioned risk requirements - a notion that was not the intent of the standard. As such, the standard has been subsequently revised to elucidate those elements that apply specifically to the custodial services provided by banking institutions.

The Basel Committee on Banking Supervision is set to play a crucial role in monitoring the execution and consequences of the cryptoasset standard. Considering the swift and often unpredictable transformations within the cryptoasset market, the Committee anticipates that further adjustments and elucidations will be necessary over time. These are essential to ascertain consistent comprehension and execution of the standard, as well as to respond to emergent risks. To complement these efforts, the Committee will persistently gather data from banking institutions as an integral component of its customary Basel III monitoring endeavor. The Committee will also keep a close eye on and exchange information concerning the application of the standard and market developments, and will maintain active engagement with other standard setting entities.

Ongoing Review

In a bid to enhance oversight, the Committee has concurred on a group of issues that will undergo particular monitoring and review. One such issue is the exploration of statistical tests and redemption risk tests. The Committee has expressed a desire to investigate further whether reliable statistical tests that can identify low-risk stablecoins exist. Should such a test be unearthed, the Committee will contemplate its addition as a supplementary prerequisite for inclusion in Group 1b. Concurrently, there is a push to examine further the suitable composition of reserve assets for the redemption risk test.

Furthermore, the Committee is set to dedicate time to ponder on the potential risks presented by cryptoassets that utilize permissionless blockchains. The focus is to determine if these risks can be sufficiently mitigated to permit their inclusion in Group 1 and what adjustments to the classification conditions would be required if so.

Equally, there are intentions to monitor how Group 1b cryptoassets, which a bank receives as collateral, are treated. As per the final standard, these cryptoassets are not allowed to be acknowledged as eligible collateral for the computation of regulatory capital requirements. The Committee aims to evaluate continually whether any Group 1b cryptoassets possess the necessary characteristics to be recognized as collateral for capital requirements purposes.

Group 2a crypto assets and hedging

Further attention will be paid to the Group 2a criteria and the degree of hedge recognition. The criteria for hedging recognition in the final standard echo the proposals delineated in the second consultation proposal. Cryptoassets that fulfill these criteria will be assigned to Group 2a and will be eligible for limited recognition. The Committee intends to closely monitor the specification of these thresholds and the degree of hedge recognition that the Group 2a classification allows.

Lastly, the calibration of the Group 2 exposure limit will be under scrutiny. Currently, this limit is premised on thresholds established at 1% and 2% of banks' Tier 1 capital. These thresholds are designed to protect the banking sector from the potentially significant risks presented by Group 2 cryptoassets. The Committee will reassess these thresholds' appropriateness as the cryptoasset market evolves.

In addition to this, the text of the standard on banks' exposures to cryptoassets has been laid out in a new chapter of the Basel Framework (SCO60). This new chapter defines the prudential treatment of banks' cryptoasset exposures, with the enforcement date set as 1 January 2025. The chapter includes the term "exposure", which entails on- or off-balance sheet amounts that give rise to credit, market, operational, and/or liquidity risks. Parts of the chapter are applicable to banks' cryptoasset activities, such as custodial services involving the safekeeping or administration of client cryptoassets on a segregated basis, that do not typically give rise to credit, market, or liquidity requirements.

Interim Summary

• The revised standard clarifies elements applicable to custodial services provided by banks, addressing concerns raised in the second consultation.
• The Basel Committee on Banking Supervision plans to closely monitor the implementation and effects of the cryptoasset standard.
• The Committee will conduct specific monitoring and review on various aspects such as statistical tests, redemption risk test, permissionless blockchains, Group 1b cryptoassets as collateral, Group 2a criteria, and calibration of the Group 2 exposure limit.
• A new chapter (SCO60 – Scope and Definitions: Cryptoasset Exposures) of the Basel Framework has been introduced that outlines the prudential treatment of banks' cryptoasset exposures, effective from 1 January 2025.
• The term "exposure" is defined within this new chapter, and requirements for different risk types and management processes are outlined.

Stabilisation Mechanisms

The increasingly complex landscape of cryptoassets requires robust regulatory mechanisms to manage and mitigate potential risks. This chapter explores the intricacies of such regulatory measures and aims to shed light on the classification conditions which are crucial to understanding the nature of cryptoassets. Cryptoassets can be subject to several risks depending on the nature of their backing, thus necessitating the use of stabilisation mechanisms. For instance, a cryptoasset redeemable for a fixed currency amount, while supported by bonds denominated in the same currency, may be exposed to credit, market and liquidity risks that could result in losses when compared to the value of the referenced currency. Furthermore, stabilisation mechanisms that rely on other cryptoassets or protocols that manipulate the supply of the cryptoasset fail to meet the first classification condition.

Clasification condition refers to cryptoassets comprising of tokenized conventional assets that conform to the classification criteria and cryptoassets that maintain reliable stabilization mechanisms and align with the classification standards. The second classification condition demands that all rights, responsibilities, and interests stemming from the cryptoasset arrangement be lucidly defined and enforceable in all jurisdictions where the asset is issued and redeemed. Furthermore, banks must ensure that these arrangements guarantee settlement finality and that they are subject to a legal review which must be available to the respective supervisory bodies upon request. An example of this can be seen in a cryptoasset arrangement that allows for the completion of redemption within five calendar days of the redemption request. This also requires that the legal documentation clearly delineates the rights and obligations of all parties involved, including those related to redemption, the traditional assets involved, and the determination of redemption value. Additionally, the terms of settlement finality must be explicitly documented, defining when and how financial risks are transferred from one party to another. This documentation must be made publicly available, with any offerings to the public being approved by the relevant regulatory body.

The third classification condition relates to the design and operation of the cryptoasset and the network it operates on. This condition ensures that the functions of the cryptoasset such as issuance, validation, redemption, and transfer, as well as the network it operates on, do not present any material risks that could compromise the transferability, settlement finality, or, where applicable, redeemability of the cryptoasset. This necessitates robust risk management strategies that address potential threats including credit, market, and liquidity risks, operational risks, risks of data loss, and Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT). In addition, all significant elements of the network must be clearly defined to ensure the traceability of all transactions and participants.

The fourth classification condition requires that entities involved in the redemption, transfer, storage or settlement of the cryptoasset, or those that manage or invest reserve assets, must be regulated and supervised, or at the very least, be subject to appropriate risk management standards. They are also expected to have a comprehensive governance framework in place.

Responsibilities for determining and monitoring compliance with the classification conditions are vested in banks. They are required to assess, on an ongoing basis, whether the cryptoassets they are exposed to comply with these conditions. Additionally, banks must have the necessary risk management policies, procedures, governance, and IT capacities to assess and manage the risks associated with engaging in cryptoassets. Banks are also responsible for documenting this information for review by supervisory authorities. Moreover, they are expected to inform their supervisors about their classification decisions for each cryptoasset, ideally before the implementation date of the pertinent regulations. For any cryptoassets that a bank may wish to acquire after the implementation date, the bank must inform their supervisor of their classification assessment in advance of the acquisition.

Supervisory authorities, on the other hand, are responsible for reviewing and assessing banks' analysis, risk management and measurement approaches, as well as their classification decisions. These authorities may rely on other regulators, supervisors, or independent third-party assessors to evaluate the specific risk characteristics of cryptoasset arrangements. They also reserve the right to override banks' classification decisions if they do not concur with the assessments carried out by the banks.

For consistent application across jurisdictions, authorities are expected to routinely compare and share their supervisory information on banks' assessments of cryptoassets against the classification conditions.

Interim Summary

• Cryptoassets can be exposed to various risks depending on the nature of their backing, and stabilisation mechanisms that reference other cryptoassets or manipulate the supply of the cryptoasset fail to meet the first classification condition.
• The second classification condition demands that all rights, responsibilities, and interests from the cryptoasset arrangement be clearly defined and enforceable, and the arrangements should ensure settlement finality.
• The third classification condition relates to the design and operation of the cryptoasset and its network, which must not present any material risks that could compromise transferability, settlement finality, or redeemability.
• The fourth classification condition requires that entities involved in various operations of the cryptoasset be regulated and supervised, or at least be subject to appropriate risk management standards.
• Banks have a responsibility to assess and document compliance with the classification conditions and to communicate their classification decisions to their supervisors.
• Supervisory authorities review and assess banks' decisions and risk management measures and have the power to override banks' classification decisions.
• Consistent application across jurisdictions requires authorities to routinely compare and share supervisory information.

Banking / Trading Book and Risk Manifestation and Capital Requirements

The complexities of the cryptoasset market, with its diverse assortment of tokens, require nuanced approaches to ensure legal and regulatory compliance. Amid this evolving landscape, regulatory bodies around the globe have had to adapt, create, and implement detailed provisions that can effectively capture and address the unique risks associated with these assets.

In terms of distinguishing between the banking book and the trading book, serves as the primary guide for assigning cryptoassets. However, the specific classifications of these assets determine their assignment. Group 1a cryptoassets, mirroring traditional non-tokenised assets, are allocated based on the boundary criteria applied to their non-tokenised equivalents. Likewise, Group 1b cryptoassets follow the same process, but the allocation is based on their reference assets.

For Group 2a and Group 2b cryptoassets, the approach diverges. Group 2a cryptoassets are treated in line with the proposed market risk rules, irrespective of their origin, either from the banking book or trading book instruments. This approach aligns with the treatment of foreign exchange (FX) and commodities risk. Group 2b cryptoassets, on the other hand, must adhere to the standardised conservative prudential treatment outlined in SCO 60.83 to SCO 60.86 of the BCBS Prudential treatment of cryptoasset exposures.

The BCBS standards CRE (Credit Risk Exposure / Calculcation of RWA for credit risk) and MAR (Minimum capital requirements for Market risk / Calculation of RWA for market risk) determine if Group 1 cryptoasset exposures are treated according to standardised or internal model-based approaches concerning credit and market risk, respectively. Yet, it is crucial to note that these models-based approaches cannot be applied to Group 2 cryptoassets. Interestingly, the deductions that apply to intangible assets do not affect cryptoasset exposures, even when a cryptoasset is considered an intangible under the applicable accounting standard.

When considering the minimum capital requirements for credit risk for Group 1 cryptoassets, Group 1a cryptoassets held in the banking book generally abide by the same rules for determining credit risk-weighted assets (RWA) as non-tokenised traditional assets. For instance, a tokenised corporate bond in the banking book would possess the same risk weight as a non-tokenised corporate bond in the banking book.

This is premised on the understanding that if two exposures offer the same level of legal rights and have the same likelihood of timely payment, they would probably pose similar credit loss risks and hold comparable values. Nevertheless, aspects of the credit standards, not directly linked to an asset's legal rights held by a bank or timely payment likelihood, require a separate assessment of the tokenised traditional asset. This implies that a tokenised asset may possess different market liquidity characteristics compared to a non-tokenised asset, primarily due to variations in the potential investor pool.

The differential market liquidity characteristics and market values of tokenised assets compared to non-tokenised ones become critical when assessing whether Group 1a cryptoassets meet credit risk mitigation requirements. Additionally, the timeframe for a secured creditor to seize cryptoasset collateral may vary from traditional assets. Hence, banks are required to independently assess the eligibility of such assets for collateral recognition. Factors considered include the speed of liquidation, legal certainty requirements, and market liquidity depth during a downturn. Furthermore, cryptoassets can only be recognised as collateral when confirmed that their volatility and holding periods under stressed market conditions are not materially increased compared to the traditional asset or pool of traditional assets. In any other scenario, the cryptoasset shall not be considered eligible for credit risk mitigation, unless the bank has received permission from its supervisor to reflect any significant increase in relevant parameters as part of its own Loss Given Default (LGD) estimates under the Internal Ratings-Based (IRB) approach.

Eligible forms of financial collateral are outlined in CRE22 for credit risk mitigation recognition under the standardised approach to credit risk. Group 1a cryptoassets that are tokenised versions of the instruments listed as eligible financial collateral under CRE22 could qualify for recognition as eligible collateral, subject to meeting the requirements described earlier.

Group 1b cryptoassets, due to their classification conditions, must be designed to be redeemable for a pre-set amount of a reference asset or assets, or cash equivalent to the value of the reference asset(s). The cryptoasset arrangement must also contain a substantial reserve asset pool to satisfy the redemption claims of cryptoasset holders. Even though these are common features, Group 1b cryptoassets may have varied structures. Banks that have banking book exposures to Group 1b cryptoassets must dissect their specific structures to identify all possible risks that could result in a loss. Each credit risk must be independently capitalised by banks using the credit risk standards set out in CRE.

Potential risks and corresponding capital requirements from banks' exposures to Group 1b cryptoassets may manifest in several ways. For instance, the risk may come from the reference asset itself. If the reference asset for a Group 1b cryptoasset gives rise to credit risk (e.g., a bond), banks may suffer a loss from the default of the reference asset's issuer. Therefore, banks are required to include in credit RWA, the RWA that would apply under CRE to a direct holding of the reference asset. If the reference asset gives rise to foreign exchange or commodities risk (e.g., foreign currency denominated financial assets or physical commodities), banks must calculate market RWA for the exposure equivalent to the market RWA that would apply under RBC 20.9 (Risk-based Capital Requirements) to a direct holding of the underlying traditional asset.

For Group 1b cryptoassets referencing a pool of traditional assets, banks must apply the requirements relevant to equity investments in funds to determine the applicable RWA for a direct holding of the referenced pool of traditional assets. Both the look-through approach and the mandate-based approach of CRE60 are available for cryptoassets that fulfil all requirements for these approaches. Otherwise, the fallback approach (i.e., a 1250% risk weight) must be applied.

Another risk may arise from the redeemer's default. If the redeemer entity fails, the cryptoassets may become worthless. The capital treatment of banks' exposures to the redeemer depends on the nature of the exposures. If the bank holding the cryptoasset has an unsecured claim on the redeemer in case of default, the bank must calculate credit RWA for its exposure to the redeemer. The credit RWA in this case must be equal to the RWA that would apply under CRE to a direct unsecured loan to the redeemer, with the loan amount equalling the redemption claim (i.e., peg value) of the cryptoasset. If the bank holding the cryptoasset has a secured claim on the redeemer in case of default, the bank must calculate credit RWA for its exposure to the redeemer, equalling the RWA that would apply under CRE to a direct secured loan to the redeemer. The loan amount, before any recognition of credit risk mitigation, should equal the redemption claim (i.e., peg value) of the cryptoasset. All conditions on the eligibility of collateral for the purposes of recognising credit risk mitigation set out in CRE apply.

Interim Summary

• Cryptoassets' allocation between banking and trading books is dictated by RBC25, taking into account each asset's specific classification.
• Group 1a cryptoassets mirror traditional non-tokenised assets, while Group 1b cryptoassets are allocated based on their reference assets.
• Group 2a cryptoassets align with the treatment of FX and commodities risk, while Group 2b cryptoassets must adhere to standardised conservative prudential treatment.

Minimum Capital Requirements for Counterparty Credit Risk (CCR) -Comprehensive Approach for Securities Financing Transactions (SFTs)

The established comprehensive approach for SFTs requires banks to leverage the formula delineated in the credit risk mitigation section of the standardised approach to credit risk. Group 1a cryptoassets that manifest as tokenised versions of the instruments on the list of eligible financial collateral are recognized as eligible collateral. However, Group 1b, Group 2a, and Group 2b cryptoassets, do not fall under the eligible forms of collateral under this approach. Therefore, banks receiving them as collateral will not receive any recognition for the net exposure calculation to the counterparty. This implies that banks loaning these groups of cryptoassets as part of an SFT need to implement the same haircut used for equities that are not traded on a recognized exchange, which equates to a haircut of 25%.

CCR Application for Group 1a Cryptoassets

Group 1a cryptoassets, essentially tokenised traditional assets, when used in derivatives, are generally subjected to the same rules determining CCR as non-tokenised traditional assets. These rules include the application of the Internal Models Method (IMM), which sets identical requirements for both tokenised and traditional assets. However, in scenarios where significant valuation differences exist between the traditional and tokenised asset, or when substantial basis risk is present, limitations may occur in the application of the IMM, particularly in the presence of missing data, short history, or data quality issues. In these instances, the Standardised Approach for Counterparty Credit Risk (SA-CCR) needs to be applied as described for Group 2a cryptoassets.

CCR Application for Group 1b and 2a Cryptoassets

Group 1b cryptoassets, known as cryptoassets with stabilisation mechanisms, are subjected to the same CCR RWA determination rules as non-tokenised traditional assets. Derivatives on Group 2a cryptoassets, on the other hand, are subjected to the SA-CCR. The SA-CCR process takes into account the replacement cost, considering legally enforceable netting of all transaction types in the netting set, including derivatives on Group 2a cryptoassets. Moreover, a new asset class "crypto" is created in the SA-CCR to calculate the potential future exposure (PFE) add-on. The SA-CCR for Group 2a cryptoassets incorporates various factors like supervisory factor, adjusted notional, supervisory delta adjustment, and maturity factor calculations.

CCR Application for Group 2b Cryptoassets

In calculating counterparty credit risk for derivative exposures that involve Group 2b cryptoassets, the exposure will be defined by the Replacement Cost (RC) plus the Potential Future Exposure (PFE), both multiplied by the alpha factor. For calculating the PFE for Group 2b cryptoassets, 50% of the gross notional amount must be applied per transaction, and they must not form part of any hedging set.

Minimum Capital Requirements for Operational Risk

The operational risk emanating from cryptoasset activities should typically be covered by the operational risk standardised approach. This includes income and expenses derived from cryptoasset-related activities. If the operational risks related to cryptoassets are not sufficiently captured by the minimum capital requirements for operational risk or the bank's internal risk management processes, banks and supervisors should take suitable measures to ensure capital adequacy and sufficient resilience within the supervisory review process.

Minimum Liquidity Risk Requirements

For liquidity coverage ratio (LCR) and net stable funding ratio (NSFR) requirements, cryptoasset exposures, which include assets, liabilities, and contingent exposures, must generally follow a treatment consistent with existing approaches for traditional exposures with economically equivalent risks. However, the relative novelty and unique risks associated with cryptoassets necessitate additional clarifications and modifications to these standards.

Treatment as High-Quality Liquid Assets (HQLA)

Group 1a cryptoassets can be considered as HQLA to the extent both the underlying assets in their traditional form and the tokenised form of the assets satisfy the characteristics of HQLA. For instance, a tokenised bond that meets these HQLA eligibility criteria and temporarily resides on a distributed ledger to facilitate transfer could be considered as a Group 1a cryptoasset. Conversely, Group 1b and Group 2 cryptoassets are excluded from being considered as HQLA.

Application of the LCR and NSFR Frameworks

The classification and calibration of LCR outflow and inflow rates and NSFR available stable funding (ASF) and required stable funding (RSF) factors for cryptoassets and crypto liabilities depend on multiple factors, including the structure of the cryptoasset or crypto liability, its commercial function in practice, and the nature of a bank's exposure to the cryptoasset or crypto liability.

Interim Summary

• The comprehensive approach for SFTs requires banks to apply the formula from the credit risk mitigation section of the standardised approach to credit risk.
• Group 1a cryptoassets qualify as eligible collateral, but Group 1b, Group 2a, and Group 2b cryptoassets are not recognized as eligible forms of collateral in this approach.
• Group 1a cryptoassets are generally subject to the same rules determining CCR as non-tokenised traditional assets.
• Group 1b and 2a cryptoassets follow the same CCR RWA determination rules as non-tokenised traditional assets and are subjected to the SA-CCR, respectively.
• For Group 2b cryptoassets, the exposure in calculating CCR is defined by the RC plus the PFE, both multiplied by the alpha factor.
• The operational risk from cryptoasset activities should generally be covered by the operational risk standardised approach.
• For LCR and NSFR requirements, cryptoasset exposures should follow a treatment that aligns with existing approaches for traditional exposures with economically equivalent risks.
• Group 1a cryptoassets can be considered as HQLA, but Group 1b and Group 2 cryptoassets must not be considered as HQLA.
• The classification and calibration of LCR outflow and inflow rates and NSFR ASF and RSF factors for cryptoassets and crypto liabilities depend on the structure of the asset or liability, its commercial function, and the bank's exposure to it.

Cryptoasset Exposures: Analogous to Traditional Asset and Liability Exposures

In the financial world, Group 1a cryptoassets and cryptoliabilities are typically viewed with parity to their non-tokenised traditional counterparts. This view is held in terms of assignment of inflows, outflows, RSF (Required Stable Funding) factors, and ASF (Available Stable Funding) factors. However, the LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) treatment of such exposures is highly dependent on their specific categorization, which includes:

• Tokenised claims on a bank
• Stablecoins
• Other cryptoassets

Tokenised Claims on a Bank: Treatment as Unsecured Funding Instruments

Group 1a tokenised claims on a bank are usually treated as an unsecured funding instrument. This holds true when these claims are issued by a regulated and supervised bank, represent a legally binding claim on the bank, are redeemable in fiat currency at par value, and maintain a stable value backed by the issuing bank's creditworthiness and asset-liability profile rather than a segregated pool of assets.

For these tokenised claims, the maturity date is determined based on the holder's contractual redemption rights. Liabilities from self-issued tokenised claims must follow specific regulations regarding LCR outflow rates and NSFR ASF factors, counterparty classification, and treatment as stable retail deposits. Tokenised claims used primarily as a payment method should follow the categorisation methodology as specified in the appropriate regulations.

Stablecoins: Treated Similar to Securities

Stablecoins, specifically Group 1b cryptoassets and certain Group 2 cryptoassets, that are fully collateralised by a segregated pool of underlying assets which do not count toward the bank’s stock of HQLA (High-Quality Liquid Assets), are treated similarly to securities. When a bank is the issuer of a stablecoin and the issuance represents a legally binding claim on the bank, specific considerations must be made for LCR outflows, ASF factors, and asset segregation.

When a bank holds such a stablecoin, it must be subject to at least an 85% RSF in the NSFR and not result in inflows under the LCR. However, a holder may recognise inflows in the LCR or a reduced RSF factor in the NSFR under certain conditions.

Other Cryptoassets: Treatment Consistent with Non-HQLA

Group 2 cryptoassets that do not qualify for the treatment outlined above for tokenised claims and stablecoins must be treated similarly to non-HQLA as per the LCR and NSFR standards. Specific considerations must be given for banks that hold these types of cryptoassets or loans denominated in them.

Additional Considerations

Other key factors to be considered include outflow rates, stable funding requirements, and risks associated with a bank's role in issuing or transacting in cryptoassets. The treatment of specific types of transactions such as derivatives, secured funding, collateral swaps, and commitments to lend cryptoassets must be in line with the existing framework.

Leverage Ratio Requirements

The leverage ratio requirements for cryptoassets are treated consistent with the leverage ratio standard. The value for financial reporting purposes is determined based on applicable accounting treatment for exposures with similar characteristics. Derivative exposures for cryptoassets should follow the treatment of the risk-based capital framework.

Large Exposures Requirements

Large exposure requirements for cryptoassets follow the same principles as for other exposures. The treatment is consistent with requirements set out in existing frameworks, taking into account the bank's credit risk exposure and default risk.

Interim Summary

• Group 1a cryptoassets and cryptoliabilities are to be treated the same as their non-tokenised traditional assets and liabilities counterparts.
• Group 1a tokenised claims on a bank are generally treated as an unsecured funding instrument under specific conditions.
• Stablecoins are treated similarly to securities.
• Group 2 cryptoassets that do not qualify for the treatment as tokenised claims and stablecoins must be treated similar to non-HQLA.
• Specific considerations must be made for banks holding these types of cryptoassets or loans denominated in them.
• Other key factors include outflow rates, stable funding requirements, and risks associated with a bank's role in issuing or transacting in cryptoassets.
• Leverage ratio requirements for cryptoassets are treated in line with the leverage ratio standard.
• Large exposure requirements for cryptoassets follow the same principles as for other exposures.

Setting Boundaries: Group 2 Cryptoasset Exposure Limit

One significant regulatory step proposed is placing an exposure limit on banks' relationship with Group 2 cryptoassets. It has been determined that banks must ensure the aggregate of their direct and indirect exposures to these digital assets, including cash, derivatives, and holdings through vehicles like investment funds, ETF/ETN, or any legally formulated arrangements, does not exceed a specific threshold.

To bring precision to these limits, it has been suggested that a bank's total exposure to Group 2 cryptoassets should, under ordinary circumstances, not exceed 1% of the bank's Tier 1 capital. The absolute upper limit has been defined at 2% of the bank's Tier 1 capital, signifying a boundary that must not be crossed.

For situations where the 1% limit is breached, robust contingency measures have been proposed. Banks must adopt strategies to ensure that such situations are more the exception rather than the rule, and if a breach does occur, immediate notification of the supervisor is compulsory, followed by quick remedial action. In case the bank's exposure exceeds the 1% threshold, the excess will be subject to the capital requirements of Group 2b cryptoasset exposures. Moreover, if the exposure overshoots the 2% limit, all Group 2 cryptoasset exposures will be subject to the capital requirements that apply to Group 2b cryptoasset exposures.

In the context of assessing compliance with the Group 2 exposure limit threshold, exposures need to be measured using the same methodology for determining the Group 2b capital treatment. This means that all Group 2 cryptoasset exposures should be measured using the higher of the absolute value of the long and short exposures in each individual cryptoasset that the bank is exposed to, and derivatives need to be measured using a delta-equivalent methodology. Additionally, the definition of Tier 1 capital remains the same as specified in CAP10.2 (Definition of Capital).

Reinforcing Risk Management and Supervisory Review

The supervisory review process plays a critical role when it comes to managing exposures to cryptoassets. The proposal outlines the shared responsibilities of banks and supervisors, and delineates possible supervisory actions in cases where the minimum requirements are not met or the risk management is found lacking.

Bank Risk Management

Cryptoasset activities introduce new types of risks and amplify certain existing ones. Banks with either direct or indirect exposures or those that offer related services to any form of cryptoasset must establish robust policies and procedures to consistently identify, assess, and mitigate these risks. These risks include, but are not limited to, operational risks, credit risks, liquidity risks, including funding concentration risk, and market risks. The guidelines for managing these risks must be informed by the existing Basel Committee's statements on operational risk management in general and cryptoassets in particular.

Banks' risk management practices should comprise assessments of these risks and include relevant mitigation measures aimed at enhancing their operational resilience capabilities, with specific regard to information, communication, and technology (ICT) and cyber risks. Any decision to hold cryptoassets and provide services to cryptoasset operators must be in complete alignment with the bank's risk appetite, strategic objectives, and senior management's evaluation of the bank’s risk management capabilities.

Special Considerations for Cryptoassets

Given the distinct characteristics of cryptoassets and their markets, banks must undertake a careful evaluation of any cryptoasset exposures they plan to take on. They must ensure that existing processes and procedures are sufficient and that there is a comprehensive risk management approach in place to manage these risks, including exposure limits and hedging strategies.

Banks must also inform their supervisory authorities about their policies and procedures, assessment results, and current and planned cryptoasset exposures or activities in a timely manner. They should be able to demonstrate that they have fully evaluated the permissibility of such activities, the related risks, and the measures undertaken to mitigate such risks.

Mapping Cryptoasset Risks to Basel Risk Categories

The mapping of risks related to cryptoasset activities to Basel risk categories such as credit risk, market risk, and operational risk, will depend on how these risks manifest. A large portion of the risks brought about by or increased by cryptoasset activities are covered by the operational risk framework, such as ICT and cyber risks, legal risks, and risks related to money laundering and financing of terrorism.

The categorization of technological risks of cryptoassets would depend on the circumstances. For instance, if a loss-triggering event is due to processes or systems outside of the bank's control and the loss manifests through the value of a bank position in cryptoassets, these losses would be covered by the credit risk framework (for banking book positions) or the market risk framework (for trading book positions). However, losses that arise from inadequate or failed processes, people, or systems of the bank, such as the loss of a private cryptographic key, would be classified as operational losses.

Risk Management Considerations for Cryptoasset Activities

Banks need to consider several specific risks in their management of cryptoasset activities:

• Cryptoasset technology risk: Banks must closely monitor the risks inherent to the supporting technology, whether cryptoasset activities are conducted directly or through third parties. This includes the stability of the Distributed Ledger Technology (DLT) or similar technology network, the design of the DLT, service accessibility, and the trustworthiness of node operators and operator diversity.
• General information, communication, and technology (ICT) and cyber risks: A bank holding cryptoassets may be exposed to additional ICT and cyber risks including cryptographic key theft, compromise of login credentials, and distributed denial-of-service (DDoS) attacks.
• Legal risks: Given the evolving nature of cryptoasset activities, their legal framework remains uncertain and banks’ legal exposure is heightened. This can be seen in areas such as accounting, control/ownership, disclosure and consumer protection, and uncertain legal status.
• Money laundering and financing of terrorism: Banks providing banking services to Virtual Asset Service Providers (VASPs) or to customers involved in Virtual Asset activities, or through engaging in VASP activities themselves need to apply the risk-based approach set out by the Financial Action Task Force (FATF) for Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT).
• Valuation: Many cryptoassets pose valuation challenges due to their volatility and variable pricing on different exchanges, especially as most cryptoassets are currently traded on unregulated marketplaces.

Interim Summary

• Banks' total exposure to Group 2 cryptoassets should generally not exceed 1% of the bank's Tier 1 capital, with a hard limit of 2%.
• Breaches of the Group 2 exposure limit threshold of 1% should be rare and swiftly rectified, with immediate notification to the supervisor.
• The risk management approach banks adopt for managing cryptoasset risks must be consistent with their risk appetite, strategic objectives, and senior management's assessment of their risk management capabilities.
• Banks must inform their supervisory authorities of their actual and planned cryptoasset exposures or activities and demonstrate that they have fully evaluated the permissibility of such

Supervisory Review of Bank Risk Identification and Assessment

The supervision of bank risk identification and assessment takes on new dimensions when considered in the context of emerging technologies, such as cryptoassets. Banks are required under Pillar 2 to evaluate their capital requirements vis-a-vis the risks they undertake, necessitating the intervention of regulators and supervisors. The relatively recent arrival of cryptoasset activities, coupled with their constant evolution, warrants a particular focus on these activities from supervisory bodies.

Thus, a thorough review of banks’ risk identification and assessment processes related to cryptoassets by supervisors becomes highly relevant. Supervisors should carefully evaluate the appropriateness and adequacy of banks' policies, procedures, and outcomes related to the identification and assessment of cryptoasset risks. In instances where gaps or deficiencies are noted, supervisors are well within their authority to require banks to address these issues. They may also recommend or require banks to carry out stress testing or scenario analyses to better assess risks arising from cryptoasset exposures, contributing further to the assessments of a bank’s overall capital adequacy.

Supervisory Actions for Capital Inadequacy or Risk Management Shortcomings

Identifying capital inadequacy or risk management issues in banking institutions might lead supervisors to take varied actions depending on the specifics of the situation. The possible responses could include the following:

• Additional capital charges: In cases where a bank's risk management regarding cryptoassets is considered insufficient, supervisors might impose additional capital charges on individual banks. These charges could be levied for risks not fully captured under the minimum capital requirements for operational risk, credit risk, or market risk.
• Provisioning: Supervisors might require banks to provision for losses related to cryptoassets where such losses are foreseeable and quantifiable.
• Supervisory limits or other mitigation measures: Supervisors might impose mitigation measures on banks to contain risks inadequately identified or assessed within the bank's risk management framework. Such measures could include, for example, requiring a bank to establish an internal limit.

Disclosure Requirements for Banks’ Exposures to Cryptoassets

The principles guiding banks' disclosure of their exposures to cryptoassets or related activities follow five general principles as set out in DIS10 (Disclosure Requirements). These requirements oblige banks to provide both quantitative and qualitative information on their cryptoasset activities and related risks. Banks are expected to provide an overview of:

• Their business activities relating to cryptoassets and the subsequent translation into components of the bank's risk profile.
• The risk management policies related to cryptoasset exposures.
• The scope and primary content of the bank's reporting on cryptoassets.
• The most significant current and emerging risks relating to cryptoassets and the strategies employed to manage these risks.

In accordance with these guiding principles, banks are required to regularly disclose information regarding any significant Group 1a, Group 1b, Group 2a, and Group 2b cryptoasset exposures. This information should include details on direct and indirect exposure amounts, capital requirements, and the accounting classification for each specific type of cryptoasset exposure. In addition, banks must include exposures to Group 1 cryptoassets in the existing disclosure templates that apply to traditional assets, for instance, for credit risk and market risk.

Definitions of Key Terms

Understanding the terminology associated with cryptoassets is crucial to grasp the nuances of the banking regulations and procedures surrounding these digital assets. Here are the definitions of several key terms pursuant to the BCSB Prudential treatment of cryptoasset exposures docment:

• Cryptoassets: Private digital assets primarily dependent on cryptography and distributed ledger technology or similar technologies.
• Digital Assets: Digital representations of value that can be utilized for payment, investment, or to access a good or service. This definition does not include digital representations of fiat currencies.
• Nodes: Participants, including entities or individuals, in distributed ledger networks that record and share data across multiple data stores or ledgers.
• Operators: Generally, a single administrative authority managing a cryptoasset arrangement. The operators' roles may include issuing a centralized cryptoasset, establishing usage rules, maintaining a central payment ledger, and redeeming the cryptoasset.
• Stablecoins: A type of cryptoasset designed to maintain a stable value relative to a specific asset, or a pool or basket of assets.
• Redeemers: Entities responsible for exchanging the cryptoasset for the traditional asset. The redeemer does not necessarily have to be the same entity responsible for organizing the issuance of the cryptoasset.
• Validators: Entities that commit transaction blocks to the distributed ledger network.

Interim Summary

This chapter explored the supervisory review of bank risk identification and assessment processes, especially concerning cryptoassets. Key points discussed include:

• The need for thorough supervisory review of banks’ risk identification and assessment related to cryptoassets due to the evolving nature of these digital assets.
• The potential supervisory responses to issues of capital inadequacy or risk management shortcomings, such as imposing additional capital charges, requiring provisioning for foreseeable losses, or enforcing risk mitigation measures.
• The disclosure requirements for banks' exposures to cryptoassets, including the need for both qualitative and quantitative information on their cryptoasset activities and related risks.
• Definitions of key terms in the realm of cryptoassets, providing a foundation for understanding the complexities of banking regulations and procedures surrounding these digital assets.

In conclusion, this article aimed to provide a comprehensive overview of the supervisory review of banks' risk identification and assessment in relation to cryptoassets under the new BCBS framework on cryptoasset exposures. This comprehensive discourse underscores the necessity for effective regulatory oversight and transparency in the ever-evolving world of cryptoassets. Moreover, it illustrates the need for banks to stay updated and robust in their risk management strategies when engaging with these novel assets.

Source: Basel Committee on Banking Supervision. (2022). Prudential treatment of cryptoasset exposures.

Executive Summary

To encapsulate the comprehensive discussion on the banking industry's interplay with cryptoassets, key takeaways are:

• Importance of Supervisory Review: Given the novel and evolving nature of cryptoassets, a rigorous supervisory review of banks' risk identification, assessment, and management related to these assets is indispensable.
• Potential Supervisory Responses: In situations of risk management deficiencies or capital inadequacy, supervisory bodies may resort to a variety of measures. These include imposing additional capital charges, requesting loss provisioning, or introducing mitigation measures.
• Disclosure Requirements: Banks dealing with cryptoassets must adhere to stringent disclosure requirements. These involve offering both quantitative and qualitative information to ensure transparency and proper risk comprehension by all stakeholders.
• Definitions of Key Terms: A clear understanding of key cryptoasset-related terminologies forms the bedrock for comprehending the regulatory framework and procedures enveloping these digital assets.