Josef Bergt
2023
Introduction
The realm of digital finance and its fast-paced developments have been remarkable over the past years. A particular aspect of note has been the rise of cryptocurrencies and their interaction with the conventional banking system. These novel, decentralized assets have been sources of both immense fascination and intense scrutiny from the financial world and its regulators. In the midst of these developments, the Basel Committee on Banking Supervision (BCBS) has taken a significant stride by publishing its finalized prudential standard for banks' exposure to cryptocurrencies.
The Committee released its second consultation paper on the prudential treatment of banks’ exposures to cryptocurrencies in June 2022. The input from various stakeholders guided the Committee to establish its finalized prudential framework, which received the approval of its supervisory body, the Group of Governors and Heads of Supervision. This paper is an in-depth examination of this final standard published in December 2022, set to be operationalized by 1 January 2025 and subsequently integrated into the consolidated Basel Framework. While the work of the BCBS is generally not legally binding per se, it is usually adopted by the Committee's members and implemented in corresponding national law.
The Architecture of the Prudential Standard
The final standard remains faithful to the structure originally outlined in the second consultation document. Its essence lies in a systematic classification of cryptocurrencies into two primary groups, where banks will be mandated to maintain an ongoing classification of cryptoassets under these two categories:
Moreover, several key components shape the prudential standard, including:
Changes in the Prudential Standard Post-Consultation
Based on feedback from stakeholders and evolving market trends in cryptoassets, the Committee incorporated several modifications in the final prudential standard compared to the second consultation proposal.
Infrastructure Risk Add-On
The second consultation suggested an add-on for infrastructure risk as a fixed add-on to RWA, set at 2.5% of the exposure value for all Group 1 cryptoassets. The Committee decided to replace this with a more dynamic approach that allows authorities to initiate and increase an add-on based on any detected weaknesses in the infrastructure underlying specific cryptoassets. This new approach is intended to motivate banks to proactively address infrastructure risks to evade the imposition of an add-on in the future.
Basis Risk Test, Redemption Risk Test and Supervision/Regulation Requirement
The second consultation included a condition in Group 1 classification that cryptocurrencies with stabilisation mechanisms must pass a redemption risk test and a basis risk test. The redemption risk test aimed to ensure the reserve assets were sufficient to redeem the cryptocurrencies at all times, including during extreme stress, for the peg value. Meanwhile, the basis risk test, a quantitative test based on the market value of the cryptocurrency, was designed to ensure the holder of a cryptocurrency can sell it in the market for an amount closely mirroring the peg value.
After evaluating these approaches, the Committee decided not to implement the basis risk test at this time. However, the Committee will further examine whether there are statistical tests that can reliably identify low-risk stablecoins. If identified, this could be considered an additional requirement for inclusion in Group 1b.
Moreover, the Committee agreed that the supervision/regulation requirement should apply in addition to the requirement to pass the redemption risk test. For cryptocurrencies pegged to one or more currencies, the redemption risk test now includes a requirement that the reserve assets must be composed of assets with minimal market risk and credit risk. The Committee will further examine the appropriate composition of reserve assets for the redemption risk test.
Group 2 Exposure Limit
The requirement for banks to keep their total exposure to Group 2 cryptoassets below a threshold of 1% of their Tier 1 capital has been maintained in the final standard, albeit with certain modifications. First, exposures will now be measured as the higher of the gross long and gross short position in each cryptoasset, rather than the aggregate of the absolute values of long and short exposures, as proposed in the second consultation. This change aims to ensure that banks that hedge their exposures are not penalised under the limit.
Second, to reduce the "cliff effects", the Committee has agreed that if the limit is breached, the more stringent Group 2b capital treatment will apply only to the amount by which the limit is exceeded, rather than all Group 2 exposures. However, to ensure that banks do not significantly exceed the 1% threshold, a new 2% limit has been introduced which, if breached, will result in all Group 2 exposures being subject to the Group 2b capital treatment.
Responsibility for Assessing the Classification Conditions
The second consultation required banks to assess their cryptoassets against the classification conditions and seek prior supervisory approval to finalize the classification. The Committee acknowledged that this process could be excessively burdensome, especially in cases where the compliance or violation of the conditions is evident. As a result, the final standard has been altered to remove the supervisory pre-approval element. Instead, banks are now required to inform supervisors of classification decisions, with supervisors having the power to override these decisions if they disagree with a bank's assessment.
Interim Summary
Custodial Assets
In the recent past, the regulatory terrain regarding the treatment of custodial assets in banks' cryptoasset exposures has been a subject of spirited deliberation. Participants in the second consultative process voiced apprehension over the potential interpretation of the standard as pertaining to the application of credit, market, and liquidity risk prerequisites to customers' assets where banks operate in a custodial capacity. These concerns revolved around the potential misunderstanding that such assets would be subject to the aforementioned risk requirements - a notion that was not the intent of the standard. As such, the standard has been subsequently revised to elucidate those elements that apply specifically to the custodial services provided by banking institutions.
The Basel Committee on Banking Supervision is set to play a crucial role in monitoring the execution and consequences of the cryptoasset standard. Considering the swift and often unpredictable transformations within the cryptoasset market, the Committee anticipates that further adjustments and elucidations will be necessary over time. These are essential to ascertain consistent comprehension and execution of the standard, as well as to respond to emergent risks. To complement these efforts, the Committee will persistently gather data from banking institutions as an integral component of its customary Basel III monitoring endeavor. The Committee will also keep a close eye on and exchange information concerning the application of the standard and market developments, and will maintain active engagement with other standard setting entities.
Ongoing Review
In a bid to enhance oversight, the Committee has concurred on a group of issues that will undergo particular monitoring and review. One such issue is the exploration of statistical tests and redemption risk tests. The Committee has expressed a desire to investigate further whether reliable statistical tests that can identify low-risk stablecoins exist. Should such a test be unearthed, the Committee will contemplate its addition as a supplementary prerequisite for inclusion in Group 1b. Concurrently, there is a push to examine further the suitable composition of reserve assets for the redemption risk test.
Furthermore, the Committee is set to dedicate time to ponder on the potential risks presented by cryptoassets that utilize permissionless blockchains. The focus is to determine if these risks can be sufficiently mitigated to permit their inclusion in Group 1 and what adjustments to the classification conditions would be required if so.
Equally, there are intentions to monitor how Group 1b cryptoassets, which a bank receives as collateral, are treated. As per the final standard, these cryptoassets are not allowed to be acknowledged as eligible collateral for the computation of regulatory capital requirements. The Committee aims to evaluate continually whether any Group 1b cryptoassets possess the necessary characteristics to be recognized as collateral for capital requirements purposes.
Group 2a crypto assets and hedging
Further attention will be paid to the Group 2a criteria and the degree of hedge recognition. The criteria for hedging recognition in the final standard echo the proposals delineated in the second consultation proposal. Cryptoassets that fulfill these criteria will be assigned to Group 2a and will be eligible for limited recognition. The Committee intends to closely monitor the specification of these thresholds and the degree of hedge recognition that the Group 2a classification allows.
Lastly, the calibration of the Group 2 exposure limit will be under scrutiny. Currently, this limit is premised on thresholds established at 1% and 2% of banks' Tier 1 capital. These thresholds are designed to protect the banking sector from the potentially significant risks presented by Group 2 cryptoassets. The Committee will reassess these thresholds' appropriateness as the cryptoasset market evolves.
In addition to this, the text of the standard on banks' exposures to cryptoassets has been laid out in a new chapter of the Basel Framework (SCO60). This new chapter defines the prudential treatment of banks' cryptoasset exposures, with the enforcement date set as 1 January 2025. The chapter includes the term "exposure", which entails on- or off-balance sheet amounts that give rise to credit, market, operational, and/or liquidity risks. Parts of the chapter are applicable to banks' cryptoasset activities, such as custodial services involving the safekeeping or administration of client cryptoassets on a segregated basis, that do not typically give rise to credit, market, or liquidity requirements.
Interim Summary
Stabilisation Mechanisms
The increasingly complex landscape of cryptoassets requires robust regulatory mechanisms to manage and mitigate potential risks. This chapter explores the intricacies of such regulatory measures and aims to shed light on the classification conditions which are crucial to understanding the nature of cryptoassets. Cryptoassets can be subject to several risks depending on the nature of their backing, thus necessitating the use of stabilisation mechanisms. For instance, a cryptoasset redeemable for a fixed currency amount, while supported by bonds denominated in the same currency, may be exposed to credit, market and liquidity risks that could result in losses when compared to the value of the referenced currency. Furthermore, stabilisation mechanisms that rely on other cryptoassets or protocols that manipulate the supply of the cryptoasset fail to meet the first classification condition.
Clasification condition refers to cryptoassets comprising of tokenized conventional assets that conform to the classification criteria and cryptoassets that maintain reliable stabilization mechanisms and align with the classification standards. The second classification condition demands that all rights, responsibilities, and interests stemming from the cryptoasset arrangement be lucidly defined and enforceable in all jurisdictions where the asset is issued and redeemed. Furthermore, banks must ensure that these arrangements guarantee settlement finality and that they are subject to a legal review which must be available to the respective supervisory bodies upon request. An example of this can be seen in a cryptoasset arrangement that allows for the completion of redemption within five calendar days of the redemption request. This also requires that the legal documentation clearly delineates the rights and obligations of all parties involved, including those related to redemption, the traditional assets involved, and the determination of redemption value. Additionally, the terms of settlement finality must be explicitly documented, defining when and how financial risks are transferred from one party to another. This documentation must be made publicly available, with any offerings to the public being approved by the relevant regulatory body.
The third classification condition relates to the design and operation of the cryptoasset and the network it operates on. This condition ensures that the functions of the cryptoasset such as issuance, validation, redemption, and transfer, as well as the network it operates on, do not present any material risks that could compromise the transferability, settlement finality, or, where applicable, redeemability of the cryptoasset. This necessitates robust risk management strategies that address potential threats including credit, market, and liquidity risks, operational risks, risks of data loss, and Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT). In addition, all significant elements of the network must be clearly defined to ensure the traceability of all transactions and participants.
The fourth classification condition requires that entities involved in the redemption, transfer, storage or settlement of the cryptoasset, or those that manage or invest reserve assets, must be regulated and supervised, or at the very least, be subject to appropriate risk management standards. They are also expected to have a comprehensive governance framework in place.
Responsibilities for determining and monitoring compliance with the classification conditions are vested in banks. They are required to assess, on an ongoing basis, whether the cryptoassets they are exposed to comply with these conditions. Additionally, banks must have the necessary risk management policies, procedures, governance, and IT capacities to assess and manage the risks associated with engaging in cryptoassets. Banks are also responsible for documenting this information for review by supervisory authorities. Moreover, they are expected to inform their supervisors about their classification decisions for each cryptoasset, ideally before the implementation date of the pertinent regulations. For any cryptoassets that a bank may wish to acquire after the implementation date, the bank must inform their supervisor of their classification assessment in advance of the acquisition.
Supervisory authorities, on the other hand, are responsible for reviewing and assessing banks' analysis, risk management and measurement approaches, as well as their classification decisions. These authorities may rely on other regulators, supervisors, or independent third-party assessors to evaluate the specific risk characteristics of cryptoasset arrangements. They also reserve the right to override banks' classification decisions if they do not concur with the assessments carried out by the banks.
For consistent application across jurisdictions, authorities are expected to routinely compare and share their supervisory information on banks' assessments of cryptoassets against the classification conditions.
Interim Summary
Banking / Trading Book and Risk Manifestation and Capital Requirements
The complexities of the cryptoasset market, with its diverse assortment of tokens, require nuanced approaches to ensure legal and regulatory compliance. Amid this evolving landscape, regulatory bodies around the globe have had to adapt, create, and implement detailed provisions that can effectively capture and address the unique risks associated with these assets.
In terms of distinguishing between the banking book and the trading book, serves as the primary guide for assigning cryptoassets. However, the specific classifications of these assets determine their assignment. Group 1a cryptoassets, mirroring traditional non-tokenised assets, are allocated based on the boundary criteria applied to their non-tokenised equivalents. Likewise, Group 1b cryptoassets follow the same process, but the allocation is based on their reference assets.
For Group 2a and Group 2b cryptoassets, the approach diverges. Group 2a cryptoassets are treated in line with the proposed market risk rules, irrespective of their origin, either from the banking book or trading book instruments. This approach aligns with the treatment of foreign exchange (FX) and commodities risk. Group 2b cryptoassets, on the other hand, must adhere to the standardised conservative prudential treatment outlined in SCO 60.83 to SCO 60.86 of the BCBS Prudential treatment of cryptoasset exposures.
The BCBS standards CRE (Credit Risk Exposure / Calculcation of RWA for credit risk) and MAR (Minimum capital requirements for Market risk / Calculation of RWA for market risk) determine if Group 1 cryptoasset exposures are treated according to standardised or internal model-based approaches concerning credit and market risk, respectively. Yet, it is crucial to note that these models-based approaches cannot be applied to Group 2 cryptoassets. Interestingly, the deductions that apply to intangible assets do not affect cryptoasset exposures, even when a cryptoasset is considered an intangible under the applicable accounting standard.
When considering the minimum capital requirements for credit risk for Group 1 cryptoassets, Group 1a cryptoassets held in the banking book generally abide by the same rules for determining credit risk-weighted assets (RWA) as non-tokenised traditional assets. For instance, a tokenised corporate bond in the banking book would possess the same risk weight as a non-tokenised corporate bond in the banking book.
This is premised on the understanding that if two exposures offer the same level of legal rights and have the same likelihood of timely payment, they would probably pose similar credit loss risks and hold comparable values. Nevertheless, aspects of the credit standards, not directly linked to an asset's legal rights held by a bank or timely payment likelihood, require a separate assessment of the tokenised traditional asset. This implies that a tokenised asset may possess different market liquidity characteristics compared to a non-tokenised asset, primarily due to variations in the potential investor pool.
The differential market liquidity characteristics and market values of tokenised assets compared to non-tokenised ones become critical when assessing whether Group 1a cryptoassets meet credit risk mitigation requirements. Additionally, the timeframe for a secured creditor to seize cryptoasset collateral may vary from traditional assets. Hence, banks are required to independently assess the eligibility of such assets for collateral recognition. Factors considered include the speed of liquidation, legal certainty requirements, and market liquidity depth during a downturn. Furthermore, cryptoassets can only be recognised as collateral when confirmed that their volatility and holding periods under stressed market conditions are not materially increased compared to the traditional asset or pool of traditional assets. In any other scenario, the cryptoasset shall not be considered eligible for credit risk mitigation, unless the bank has received permission from its supervisor to reflect any significant increase in relevant parameters as part of its own Loss Given Default (LGD) estimates under the Internal Ratings-Based (IRB) approach.
Eligible forms of financial collateral are outlined in CRE22 for credit risk mitigation recognition under the standardised approach to credit risk. Group 1a cryptoassets that are tokenised versions of the instruments listed as eligible financial collateral under CRE22 could qualify for recognition as eligible collateral, subject to meeting the requirements described earlier.
Group 1b cryptoassets, due to their classification conditions, must be designed to be redeemable for a pre-set amount of a reference asset or assets, or cash equivalent to the value of the reference asset(s). The cryptoasset arrangement must also contain a substantial reserve asset pool to satisfy the redemption claims of cryptoasset holders. Even though these are common features, Group 1b cryptoassets may have varied structures. Banks that have banking book exposures to Group 1b cryptoassets must dissect their specific structures to identify all possible risks that could result in a loss. Each credit risk must be independently capitalised by banks using the credit risk standards set out in CRE.
Potential risks and corresponding capital requirements from banks' exposures to Group 1b cryptoassets may manifest in several ways. For instance, the risk may come from the reference asset itself. If the reference asset for a Group 1b cryptoasset gives rise to credit risk (e.g., a bond), banks may suffer a loss from the default of the reference asset's issuer. Therefore, banks are required to include in credit RWA, the RWA that would apply under CRE to a direct holding of the reference asset. If the reference asset gives rise to foreign exchange or commodities risk (e.g., foreign currency denominated financial assets or physical commodities), banks must calculate market RWA for the exposure equivalent to the market RWA that would apply under RBC 20.9 (Risk-based Capital Requirements) to a direct holding of the underlying traditional asset.
For Group 1b cryptoassets referencing a pool of traditional assets, banks must apply the requirements relevant to equity investments in funds to determine the applicable RWA for a direct holding of the referenced pool of traditional assets. Both the look-through approach and the mandate-based approach of CRE60 are available for cryptoassets that fulfil all requirements for these approaches. Otherwise, the fallback approach (i.e., a 1250% risk weight) must be applied.
Another risk may arise from the redeemer's default. If the redeemer entity fails, the cryptoassets may become worthless. The capital treatment of banks' exposures to the redeemer depends on the nature of the exposures. If the bank holding the cryptoasset has an unsecured claim on the redeemer in case of default, the bank must calculate credit RWA for its exposure to the redeemer. The credit RWA in this case must be equal to the RWA that would apply under CRE to a direct unsecured loan to the redeemer, with the loan amount equalling the redemption claim (i.e., peg value) of the cryptoasset. If the bank holding the cryptoasset has a secured claim on the redeemer in case of default, the bank must calculate credit RWA for its exposure to the redeemer, equalling the RWA that would apply under CRE to a direct secured loan to the redeemer. The loan amount, before any recognition of credit risk mitigation, should equal the redemption claim (i.e., peg value) of the cryptoasset. All conditions on the eligibility of collateral for the purposes of recognising credit risk mitigation set out in CRE apply.
Interim Summary
Minimum Capital Requirements for Counterparty Credit Risk (CCR) -Comprehensive Approach for Securities Financing Transactions (SFTs)
The established comprehensive approach for SFTs requires banks to leverage the formula delineated in the credit risk mitigation section of the standardised approach to credit risk. Group 1a cryptoassets that manifest as tokenised versions of the instruments on the list of eligible financial collateral are recognized as eligible collateral. However, Group 1b, Group 2a, and Group 2b cryptoassets, do not fall under the eligible forms of collateral under this approach. Therefore, banks receiving them as collateral will not receive any recognition for the net exposure calculation to the counterparty. This implies that banks loaning these groups of cryptoassets as part of an SFT need to implement the same haircut used for equities that are not traded on a recognized exchange, which equates to a haircut of 25%.
CCR Application for Group 1a Cryptoassets
Group 1a cryptoassets, essentially tokenised traditional assets, when used in derivatives, are generally subjected to the same rules determining CCR as non-tokenised traditional assets. These rules include the application of the Internal Models Method (IMM), which sets identical requirements for both tokenised and traditional assets. However, in scenarios where significant valuation differences exist between the traditional and tokenised asset, or when substantial basis risk is present, limitations may occur in the application of the IMM, particularly in the presence of missing data, short history, or data quality issues. In these instances, the Standardised Approach for Counterparty Credit Risk (SA-CCR) needs to be applied as described for Group 2a cryptoassets.
CCR Application for Group 1b and 2a Cryptoassets
Group 1b cryptoassets, known as cryptoassets with stabilisation mechanisms, are subjected to the same CCR RWA determination rules as non-tokenised traditional assets. Derivatives on Group 2a cryptoassets, on the other hand, are subjected to the SA-CCR. The SA-CCR process takes into account the replacement cost, considering legally enforceable netting of all transaction types in the netting set, including derivatives on Group 2a cryptoassets. Moreover, a new asset class "crypto" is created in the SA-CCR to calculate the potential future exposure (PFE) add-on. The SA-CCR for Group 2a cryptoassets incorporates various factors like supervisory factor, adjusted notional, supervisory delta adjustment, and maturity factor calculations.
CCR Application for Group 2b Cryptoassets
In calculating counterparty credit risk for derivative exposures that involve Group 2b cryptoassets, the exposure will be defined by the Replacement Cost (RC) plus the Potential Future Exposure (PFE), both multiplied by the alpha factor. For calculating the PFE for Group 2b cryptoassets, 50% of the gross notional amount must be applied per transaction, and they must not form part of any hedging set.
Minimum Capital Requirements for Operational Risk
The operational risk emanating from cryptoasset activities should typically be covered by the operational risk standardised approach. This includes income and expenses derived from cryptoasset-related activities. If the operational risks related to cryptoassets are not sufficiently captured by the minimum capital requirements for operational risk or the bank's internal risk management processes, banks and supervisors should take suitable measures to ensure capital adequacy and sufficient resilience within the supervisory review process.
Minimum Liquidity Risk Requirements
For liquidity coverage ratio (LCR) and net stable funding ratio (NSFR) requirements, cryptoasset exposures, which include assets, liabilities, and contingent exposures, must generally follow a treatment consistent with existing approaches for traditional exposures with economically equivalent risks. However, the relative novelty and unique risks associated with cryptoassets necessitate additional clarifications and modifications to these standards.
Treatment as High-Quality Liquid Assets (HQLA)
Group 1a cryptoassets can be considered as HQLA to the extent both the underlying assets in their traditional form and the tokenised form of the assets satisfy the characteristics of HQLA. For instance, a tokenised bond that meets these HQLA eligibility criteria and temporarily resides on a distributed ledger to facilitate transfer could be considered as a Group 1a cryptoasset. Conversely, Group 1b and Group 2 cryptoassets are excluded from being considered as HQLA.
Application of the LCR and NSFR Frameworks
The classification and calibration of LCR outflow and inflow rates and NSFR available stable funding (ASF) and required stable funding (RSF) factors for cryptoassets and crypto liabilities depend on multiple factors, including the structure of the cryptoasset or crypto liability, its commercial function in practice, and the nature of a bank's exposure to the cryptoasset or crypto liability.
Interim Summary
Cryptoasset Exposures: Analogous to Traditional Asset and Liability Exposures
In the financial world, Group 1a cryptoassets and cryptoliabilities are typically viewed with parity to their non-tokenised traditional counterparts. This view is held in terms of assignment of inflows, outflows, RSF (Required Stable Funding) factors, and ASF (Available Stable Funding) factors. However, the LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) treatment of such exposures is highly dependent on their specific categorization, which includes:
Tokenised Claims on a Bank: Treatment as Unsecured Funding Instruments
Group 1a tokenised claims on a bank are usually treated as an unsecured funding instrument. This holds true when these claims are issued by a regulated and supervised bank, represent a legally binding claim on the bank, are redeemable in fiat currency at par value, and maintain a stable value backed by the issuing bank's creditworthiness and asset-liability profile rather than a segregated pool of assets.
For these tokenised claims, the maturity date is determined based on the holder's contractual redemption rights. Liabilities from self-issued tokenised claims must follow specific regulations regarding LCR outflow rates and NSFR ASF factors, counterparty classification, and treatment as stable retail deposits. Tokenised claims used primarily as a payment method should follow the categorisation methodology as specified in the appropriate regulations.
Stablecoins: Treated Similar to Securities
Stablecoins, specifically Group 1b cryptoassets and certain Group 2 cryptoassets, that are fully collateralised by a segregated pool of underlying assets which do not count toward the bank’s stock of HQLA (High-Quality Liquid Assets), are treated similarly to securities. When a bank is the issuer of a stablecoin and the issuance represents a legally binding claim on the bank, specific considerations must be made for LCR outflows, ASF factors, and asset segregation.
When a bank holds such a stablecoin, it must be subject to at least an 85% RSF in the NSFR and not result in inflows under the LCR. However, a holder may recognise inflows in the LCR or a reduced RSF factor in the NSFR under certain conditions.
Other Cryptoassets: Treatment Consistent with Non-HQLA
Group 2 cryptoassets that do not qualify for the treatment outlined above for tokenised claims and stablecoins must be treated similarly to non-HQLA as per the LCR and NSFR standards. Specific considerations must be given for banks that hold these types of cryptoassets or loans denominated in them.
Additional Considerations
Other key factors to be considered include outflow rates, stable funding requirements, and risks associated with a bank's role in issuing or transacting in cryptoassets. The treatment of specific types of transactions such as derivatives, secured funding, collateral swaps, and commitments to lend cryptoassets must be in line with the existing framework.
Leverage Ratio Requirements
The leverage ratio requirements for cryptoassets are treated consistent with the leverage ratio standard. The value for financial reporting purposes is determined based on applicable accounting treatment for exposures with similar characteristics. Derivative exposures for cryptoassets should follow the treatment of the risk-based capital framework.
Large Exposures Requirements
Large exposure requirements for cryptoassets follow the same principles as for other exposures. The treatment is consistent with requirements set out in existing frameworks, taking into account the bank's credit risk exposure and default risk.
Interim Summary
Setting Boundaries: Group 2 Cryptoasset Exposure Limit
One significant regulatory step proposed is placing an exposure limit on banks' relationship with Group 2 cryptoassets. It has been determined that banks must ensure the aggregate of their direct and indirect exposures to these digital assets, including cash, derivatives, and holdings through vehicles like investment funds, ETF/ETN, or any legally formulated arrangements, does not exceed a specific threshold.
To bring precision to these limits, it has been suggested that a bank's total exposure to Group 2 cryptoassets should, under ordinary circumstances, not exceed 1% of the bank's Tier 1 capital. The absolute upper limit has been defined at 2% of the bank's Tier 1 capital, signifying a boundary that must not be crossed.
For situations where the 1% limit is breached, robust contingency measures have been proposed. Banks must adopt strategies to ensure that such situations are more the exception rather than the rule, and if a breach does occur, immediate notification of the supervisor is compulsory, followed by quick remedial action. In case the bank's exposure exceeds the 1% threshold, the excess will be subject to the capital requirements of Group 2b cryptoasset exposures. Moreover, if the exposure overshoots the 2% limit, all Group 2 cryptoasset exposures will be subject to the capital requirements that apply to Group 2b cryptoasset exposures.
In the context of assessing compliance with the Group 2 exposure limit threshold, exposures need to be measured using the same methodology for determining the Group 2b capital treatment. This means that all Group 2 cryptoasset exposures should be measured using the higher of the absolute value of the long and short exposures in each individual cryptoasset that the bank is exposed to, and derivatives need to be measured using a delta-equivalent methodology. Additionally, the definition of Tier 1 capital remains the same as specified in CAP10.2 (Definition of Capital).
Reinforcing Risk Management and Supervisory Review
The supervisory review process plays a critical role when it comes to managing exposures to cryptoassets. The proposal outlines the shared responsibilities of banks and supervisors, and delineates possible supervisory actions in cases where the minimum requirements are not met or the risk management is found lacking.
Bank Risk Management
Cryptoasset activities introduce new types of risks and amplify certain existing ones. Banks with either direct or indirect exposures or those that offer related services to any form of cryptoasset must establish robust policies and procedures to consistently identify, assess, and mitigate these risks. These risks include, but are not limited to, operational risks, credit risks, liquidity risks, including funding concentration risk, and market risks. The guidelines for managing these risks must be informed by the existing Basel Committee's statements on operational risk management in general and cryptoassets in particular.
Banks' risk management practices should comprise assessments of these risks and include relevant mitigation measures aimed at enhancing their operational resilience capabilities, with specific regard to information, communication, and technology (ICT) and cyber risks. Any decision to hold cryptoassets and provide services to cryptoasset operators must be in complete alignment with the bank's risk appetite, strategic objectives, and senior management's evaluation of the bank’s risk management capabilities.
Special Considerations for Cryptoassets
Given the distinct characteristics of cryptoassets and their markets, banks must undertake a careful evaluation of any cryptoasset exposures they plan to take on. They must ensure that existing processes and procedures are sufficient and that there is a comprehensive risk management approach in place to manage these risks, including exposure limits and hedging strategies.
Banks must also inform their supervisory authorities about their policies and procedures, assessment results, and current and planned cryptoasset exposures or activities in a timely manner. They should be able to demonstrate that they have fully evaluated the permissibility of such activities, the related risks, and the measures undertaken to mitigate such risks.
Mapping Cryptoasset Risks to Basel Risk Categories
The mapping of risks related to cryptoasset activities to Basel risk categories such as credit risk, market risk, and operational risk, will depend on how these risks manifest. A large portion of the risks brought about by or increased by cryptoasset activities are covered by the operational risk framework, such as ICT and cyber risks, legal risks, and risks related to money laundering and financing of terrorism.
The categorization of technological risks of cryptoassets would depend on the circumstances. For instance, if a loss-triggering event is due to processes or systems outside of the bank's control and the loss manifests through the value of a bank position in cryptoassets, these losses would be covered by the credit risk framework (for banking book positions) or the market risk framework (for trading book positions). However, losses that arise from inadequate or failed processes, people, or systems of the bank, such as the loss of a private cryptographic key, would be classified as operational losses.
Risk Management Considerations for Cryptoasset Activities
Banks need to consider several specific risks in their management of cryptoasset activities:
Interim Summary
Supervisory Review of Bank Risk Identification and Assessment
The supervision of bank risk identification and assessment takes on new dimensions when considered in the context of emerging technologies, such as cryptoassets. Banks are required under Pillar 2 to evaluate their capital requirements vis-a-vis the risks they undertake, necessitating the intervention of regulators and supervisors. The relatively recent arrival of cryptoasset activities, coupled with their constant evolution, warrants a particular focus on these activities from supervisory bodies.
Thus, a thorough review of banks’ risk identification and assessment processes related to cryptoassets by supervisors becomes highly relevant. Supervisors should carefully evaluate the appropriateness and adequacy of banks' policies, procedures, and outcomes related to the identification and assessment of cryptoasset risks. In instances where gaps or deficiencies are noted, supervisors are well within their authority to require banks to address these issues. They may also recommend or require banks to carry out stress testing or scenario analyses to better assess risks arising from cryptoasset exposures, contributing further to the assessments of a bank’s overall capital adequacy.
Supervisory Actions for Capital Inadequacy or Risk Management Shortcomings
Identifying capital inadequacy or risk management issues in banking institutions might lead supervisors to take varied actions depending on the specifics of the situation. The possible responses could include the following:
Disclosure Requirements for Banks’ Exposures to Cryptoassets
The principles guiding banks' disclosure of their exposures to cryptoassets or related activities follow five general principles as set out in DIS10 (Disclosure Requirements). These requirements oblige banks to provide both quantitative and qualitative information on their cryptoasset activities and related risks. Banks are expected to provide an overview of:
In accordance with these guiding principles, banks are required to regularly disclose information regarding any significant Group 1a, Group 1b, Group 2a, and Group 2b cryptoasset exposures. This information should include details on direct and indirect exposure amounts, capital requirements, and the accounting classification for each specific type of cryptoasset exposure. In addition, banks must include exposures to Group 1 cryptoassets in the existing disclosure templates that apply to traditional assets, for instance, for credit risk and market risk.
Definitions of Key Terms
Understanding the terminology associated with cryptoassets is crucial to grasp the nuances of the banking regulations and procedures surrounding these digital assets. Here are the definitions of several key terms pursuant to the BCSB Prudential treatment of cryptoasset exposures docment:
Interim Summary
This chapter explored the supervisory review of bank risk identification and assessment processes, especially concerning cryptoassets. Key points discussed include:
In conclusion, this article aimed to provide a comprehensive overview of the supervisory review of banks' risk identification and assessment in relation to cryptoassets under the new BCBS framework on cryptoasset exposures. This comprehensive discourse underscores the necessity for effective regulatory oversight and transparency in the ever-evolving world of cryptoassets. Moreover, it illustrates the need for banks to stay updated and robust in their risk management strategies when engaging with these novel assets.
Source: Basel Committee on Banking Supervision. (2022). Prudential treatment of cryptoasset exposures.
Executive Summary
To encapsulate the comprehensive discussion on the banking industry's interplay with cryptoassets, key takeaways are:
Anschrift
Rechtsanwaltskanzlei Bergt & Partner AG
Buchenweg 6
Postfach 743
9490 Vaduz
Liechtenstein
Telefon
+423 235 40 15
office@bergt.law