The Bank of Italy issues first set of guidelines on DLT and crypto assets

A promising step towards embracing digital innovation

On 15 June 2022, the Bank of Italy issued a communication containing guidelines addressed to firms supervised by it (including credit institutions, investment firms, asset managers and financial intermediaries) as well as more broadly to operators, service providers and users in the crypto-assets space.


The purpose of the communication is twofold: 

(i) to draw the attention of these entities to both the opportunities and risks connected with the use of such technologies in finance and with activities and services related to crypto-assets and 

(ii) to guide regulated firms in identifying safeguards to mitigate risks associated with the use of decentralised technologies and/or with crypto-assets.

What does the Communication say?

In the aftermath of the recent collapse of TerraUSD, a prominent USD-pegged “algorithmic stablecoin”, after weeks of turmoil in the crypto-assets space, and one month after the regime for VASP registration has eventually kicked off also in Italy, the Bank of Italy has basically for the first time issued a Communication addressing the approach of the Italian regulator to DLT and crypto-assets.

The Communication summarises the main uses of DLT in the financial sector, also analysing the decentralised finance (DeFi) phenomenon, the status of the international cooperation and of the applicable regulatory regime. In such context, the Bank of Italy, in addition to the VASP registration regime recently implemented in Italy, demands for the release of a comprehensive set of tax rules applicable to crypto-assets. In addition, the Bank of Italy recalls that the proposal presented by the European Commission as part of its Digital Finance Package for the Markets in Crypto Assets Regulation (MiCAR) currently does not purport to regulate non-fungible tokens (NFT) as well as entities who play a role in DeFi initiatives (such as, for instance, the holders of governance tokens related to the so-called Decentralised Autonomous Organisations (DAO), and concludes that the regulators shall take a proactive approach so that any market development could be framed into safety features. 

On this basis, the Communication provides guidelines addressed to the various entities involved.

Banks and financial intermediaries 

With regard to regulated firms, the Bank of Italy: 

  • identifies the risks that may affect banks and financial intermediaries having a role in respect of crypto-assets;
  • clarifies the steps such entities are expected to take focusing on governance aspects (early involvement of management and controls functions; enhanced information flow; need of adequate knowledge of the sector to address risks and opportunities; adequacy of the business set-up and policies);
  • recommends correct application of product governance, cybersecurity risks monitoring, prudential treatment and other risks management tools to mitigate and address risks associated with operating in the crypto-assets space.

Operators and tech service providers 

Bank of Italy acknowledges that operators and tech service providers are not necessarily within its remit but emphasise they might be attracted to supervision due to the role they play as outsources or in connection with the activities they provide in respect payment infrastructures. 

The regulator also emphasises the key role of governance arrangements for the use of DLT and hints to the possibility of intervening in the development of technological standards also through public-private initiatives. 

With regard to stablecoins used as a means of payment, and the functionalities that support their offer and use (e.g. wallets) the Bank of Italy recommends that they comply with the principles of supervision of instruments, schemes and arrangements and that the reserves of such stablecoins should reflect as closely as possible the composition and value of the basket or of the individual asset to which they relate. 

Finally, the Bank of Italy suggests it might resort to its powers under art. 146 TUB where the activity in crypto-assets could be material for the regular functioning of payments systems or part thereof. 


The Bank of Italy recalls the recent ESAs warnings and stresses the importance that regulated firms appropriately disclose risks to their clients where granting them access to crypto-assets. 

The closing part of the Communication identifies next steps which include monitoring the evolution of the sector, cooperating in regulating it at EU and international level and also promoting and offering support to initiatives aimed at defining standards and best practices that may constitute a shared benchmark enhancing the attractiveness of the Italian financial centre.

Our thoughts 

Upon a first reading, we do have some questions including: 

  • Does the fact that the Communication opens to all regulated firms having a role in the crypto-assets space means that, insofar as risks are duly monitored and mitigated, there are no restrictions for such entities to offer crypto-assets related services?
  • Which risk monitoring and management tools should regulated firms apply when relying on decentralised initiatives (to which the outsourcing regime cannot be applied)?
  • How does the Bank of Italy intend to make use of its art. 146 TUB supervisory powers in respect of crypto-assets infrastructures? Will this be coordinated with the requirements imposed by the new VASPs regime including reporting requirements towards the OAM?

On balance, though, we think the Communication testifies a more positive attitude of the Italian regulators towards DLT and crypto-assets and a real effort to regulate innovation without stifling it.

Eventually the Communication does set the framework for a more structured dialogue between the players involved and the regulators and clears the way for incumbents to embrace innovation and for fintechs to support them.