Guidance on how UK firms should handle exposures to crypto-assets
Regulated firms are increasingly taking on – or planning to take on – exposure to crypto-assets. Recognising this, the UK Prudential Regulatory Authority has written to banks, insurance companies and PRA-regulated investment firms about handling crypto-exposures. Firms should adopt the latest guidance into their crypto strategy, including their governance, prudential and risk management models.
Senior Manager responsibility for crypto-assets
The PRA’s Dear CEO letter notes that crypto-assets have exhibited high price volatility and relative illiquidity. According to the PRA, firms’ boards must fully consider the risks of entering into crypto-asset activities. A Senior Manager should take responsibility for approving risk assessment framework for businesses and entities crypto-exposures.
Crypto is not a currency for prudential treatment
The PRA states the crypto-assets represent a new, evolving asset class. Firms should classify crypto-assets for prudential purposes but what that classification is for a crypto-asset will depend on its features. Presumably this is because crypto-assets cover a wide range of potential products including utility tokens, security tokens and cryptocurrencies. In any case, the PRA confirms that that crypto-assets should not be treated as currencies for these purposes.
The letter also requires firms to set out a consideration of risks relating to crypto-exposures in firms’ ICAAPs and ORSAs. The PRA’s position on the prudential regulation for crypto-assets is consistent with previous comments by Mark Carney on this subject.
Managing risks and personal incentives
The PRA also comments on the technical complexity of crypto-assets. As part of their risk management processes, firms engaging with crypto-assets should:
- have access to appropriate expertise
- undertake extensive due diligence
- safeguard against not only financial but also operational, cybersecurity and reputational risks
- ensure that employee incentives do not encourage excessive risk-taking in crypto-asset activities
The PRA letter follows the Dear CEO letter sent by the FCA to banks to highlight the risk of crypto-assets being used to further financial crime.
What happens next?
Firms that are have, or are considering, exposures to crypto-assets are expected to notify the regulator of:
- the identity of the responsible Senior Manager
- any planned crypto-asset activity
- the risk assessments of those crypto-exposures
According to evidence to the Digital Currencies Inquiry, the PRA is also assessing whether additional prudential regulations are needed to cover crypto-exposures. The PRA also indicates it will “where necessary” publish further updates on the prudential treatment of crypto-assets (including under Pillar 2).