Michelle Adcock, banking sector lead and Bronwyn Allan, assistant manager, KPMG Regulatory Insight Centre look at how crypto regulation is developing.
The potential benefits of cryptoassets and their associated technologies — to increase payment efficiency, reduce cost and expand financial inclusion — have been widely acknowledged by regulators. However, as momentum grows, regulators have also expressed concerns about potential risks to financial stability and have turned their attention to possible prudential treatments.
The global market cap for cryptoassets is now over a trillion US dollars and the crypto world is increasingly forging connections to the traditional financial system. Evolving regulatory approaches are tending to differentiate treatment based on the structure of the asset.
A Financial Stability Board (FSB) progress report published in October 2021 showed that the implementation of its recommendations for global stablecoin supervision remains at an early stage, leading to a call for international co-operation to accelerate efforts.
To date, the Basel Committee on Banking Supervision(BCBS) has issued two consultations on the prudential treatment of banks’ cryptoasset exposures.
In June 2021, BCBS proposed categorising assets into Group 1 (assets that fully meet a set of classification conditions), including tokenised traditional assets (Group 1a) and cryptoassets with effective stabilisation mechanisms, i.e. “stablecoins” (Group 1b), and Group 2 (assets that fail to meet any of the classification conditions i.e. unbacked cryptoassets). The BCBS proposed that Group 2 be subject to more conservative capital treatment – effectively requiring banks to hold capital equivalent to the full amount of the exposure.
The second consultation, issued in July 2022, updates this categorisation and further segments it to reflect additional nuances — including an infrastructure risk add-on, recognition of hedging, and the application of liquidity rules. However, the overall conservative capital treatment of cryptoassets remains, and the BCBS has introduced a further requirement limiting a bank's total exposures to Group 2 assets to 1% of Tier 1 capital.
In the UK, the PRA has set out its expectations around cryptoasset exposures for banks and investment firms.
Firms are expected to consider whether they are adequately capturing the characteristics of these largely new and untested markets in their risk frameworks. Methodologies and calibrations will likely need to be adjusted in the longer term (as international discussions progress), but the PRA considers that a combination of strong risk controls with ongoing monitoring, operational risk assessments, robust new product approval processes, and Pillar 1 and Pillar 2 considerations can provide an appropriate interim approach:
• An individual approved by the PRA to perform an appropriate Senior Management Function should be actively involved in signing off the risk assessment framework for any planned exposure to cryptoassets
• Financial, prudential, operational, and reputational frameworks may need adjustment to reflect crypto activity risks e.g., via increased monitoring, updated modelling, lower risk tolerances, and / or increased use of stress tests
• Firms should consider the full prudential framework when assessing cryptoasset risks, including the Fundamental Rules, Pillar 1, the ICAAP and related Pillar 2 considerations.
• In many cases, direct holdings of crypto assets will be classified as intangible assets under applicable accounting frameworks. In most cases, under the CRR, this is likely to result in a full deduction of any direct holdings from CET1
• Under market risk rules, where there are no other appropriate treatments, an appropriate capital requirement would be 100% of the current value of the firm's position, particularly for unbacked crypto. In estimating exposures, diversification and hedging frameworks should be conservative. Firms may also wish to look to existing structures, such as the commodity framework, to inform appropriate risk management techniques.
• Firms should consider whether the standardised approach to counterparty credit risk (SA-CCR) captures the full risks associated with many cryptoassets.
• Depending on activities, they should separately assess their activities for at least market risk, credit risk, counterparty credit risk and operational risk
• They should also consider the extent to which they are exposed to risks not generally considered in their existing Pillar 2 assessment — these could include operational risks (such as fraud, cyber or outsourcing risk) which are heightened through exposure to certain crypto-related activities
In July, HMT introduced the new Financial Services and Markets Bill, under which the government’s ‘staged and proportionate approach’ will begin by focusing on bringing stablecoins within the regulatory perimeter. A separate, broader consultation on crypto-assets will be launched later in 2022.
In short, much is changing, and both regulators and firms will need to adapt to the rapidly evolving crypto world to effectively manage prudential risk.
The global market cap for cryptoassets is now over a trillion US dollars and the crypto world is increasingly forging connections to the traditional financial system. Evolving regulatory approaches are tending to differentiate treatment based on the structure of the asset.
A Financial Stability Board (FSB) progress report published in October 2021 showed that the implementation of its recommendations for global stablecoin supervision remains at an early stage, leading to a call for international co-operation to accelerate efforts.
To date, the Basel Committee on Banking Supervision(BCBS) has issued two consultations on the prudential treatment of banks’ cryptoasset exposures.
In June 2021, BCBS proposed categorising assets into Group 1 (assets that fully meet a set of classification conditions), including tokenised traditional assets (Group 1a) and cryptoassets with effective stabilisation mechanisms, i.e. “stablecoins” (Group 1b), and Group 2 (assets that fail to meet any of the classification conditions i.e. unbacked cryptoassets). The BCBS proposed that Group 2 be subject to more conservative capital treatment – effectively requiring banks to hold capital equivalent to the full amount of the exposure.
The second consultation, issued in July 2022, updates this categorisation and further segments it to reflect additional nuances — including an infrastructure risk add-on, recognition of hedging, and the application of liquidity rules. However, the overall conservative capital treatment of cryptoassets remains, and the BCBS has introduced a further requirement limiting a bank's total exposures to Group 2 assets to 1% of Tier 1 capital.
In the UK, the PRA has set out its expectations around cryptoasset exposures for banks and investment firms.
Firms are expected to consider whether they are adequately capturing the characteristics of these largely new and untested markets in their risk frameworks. Methodologies and calibrations will likely need to be adjusted in the longer term (as international discussions progress), but the PRA considers that a combination of strong risk controls with ongoing monitoring, operational risk assessments, robust new product approval processes, and Pillar 1 and Pillar 2 considerations can provide an appropriate interim approach:
Strong risk controls
• Crypto risks should be considered fully by the board and highest levels of executive management• An individual approved by the PRA to perform an appropriate Senior Management Function should be actively involved in signing off the risk assessment framework for any planned exposure to cryptoassets
• Financial, prudential, operational, and reputational frameworks may need adjustment to reflect crypto activity risks e.g., via increased monitoring, updated modelling, lower risk tolerances, and / or increased use of stress tests
• Firms should consider the full prudential framework when assessing cryptoasset risks, including the Fundamental Rules, Pillar 1, the ICAAP and related Pillar 2 considerations.
Pillar 1
• The PRA recognises that the measures in the PRA Rulebook and CRR are not well calibrated to the risks of cryptoassets — this is being considered. Firms should be alert to specific risks related to crypto activities e.g., market, counterparty credit or operational risk and consider them under the Pillar 1 framework• In many cases, direct holdings of crypto assets will be classified as intangible assets under applicable accounting frameworks. In most cases, under the CRR, this is likely to result in a full deduction of any direct holdings from CET1
• Under market risk rules, where there are no other appropriate treatments, an appropriate capital requirement would be 100% of the current value of the firm's position, particularly for unbacked crypto. In estimating exposures, diversification and hedging frameworks should be conservative. Firms may also wish to look to existing structures, such as the commodity framework, to inform appropriate risk management techniques.
• Firms should consider whether the standardised approach to counterparty credit risk (SA-CCR) captures the full risks associated with many cryptoassets.
Pillar 2
• Firms should set out their risk considerations relating to crypto exposures in their ICAAP• Depending on activities, they should separately assess their activities for at least market risk, credit risk, counterparty credit risk and operational risk
• They should also consider the extent to which they are exposed to risks not generally considered in their existing Pillar 2 assessment — these could include operational risks (such as fraud, cyber or outsourcing risk) which are heightened through exposure to certain crypto-related activities
In July, HMT introduced the new Financial Services and Markets Bill, under which the government’s ‘staged and proportionate approach’ will begin by focusing on bringing stablecoins within the regulatory perimeter. A separate, broader consultation on crypto-assets will be launched later in 2022.
In short, much is changing, and both regulators and firms will need to adapt to the rapidly evolving crypto world to effectively manage prudential risk.