Introduction
The realm of digital finance and its fast-paced developments
have been remarkable over the past years. A particular aspect of
note has been the rise of cryptocurrencies and their interaction
with the conventional banking system. These novel, decentralized
assets have been sources of both immense fascination and intense
scrutiny from the financial world and its regulators. In the midst
of these developments, the Basel Committee on Banking Supervision
(BCBS) has taken a significant stride by publishing its finalized
prudential standard for banks’ exposure to
cryptocurrencies.
The Committee released its second consultation paper on the
prudential treatment of banks’ exposures to cryptocurrencies in
June 2022. The input from various stakeholders guided the Committee
to establish its finalized prudential framework, which received the
approval of its supervisory body, the Group of Governors and Heads
of Supervision. This paper is an in-depth examination of this final
standard published in December 2022, set to be operationalized by 1
January 2025 and subsequently integrated into the consolidated
Basel Framework. While the work of the BCBS is generally not
legally binding per se, it is usually adopted by the
Committee’s members and implemented in corresponding national
law.
The Architecture of the Prudential Standard
The final standard remains faithful to the structure originally
outlined in the second consultation document. Its essence lies in a
systematic classification of cryptocurrencies into two primary
groups, where banks will be mandated to maintain an ongoing
classification of cryptoassets under these two categories:
- Group 1 cryptoassets: These cryptocurrencies meet the entirety
of a specific set of classification conditions. The Group 1 assets
can be further divided into tokenized traditional assets (Group 1a)
and cryptocurrencies with effective stabilization mechanisms (Group
1b). The capital requirements for Group 1 cryptoassets align with
the risk weights associated with the underlying exposures as
detailed in the Basel Framework. - Group 2 cryptoassets: This group includes the cryptocurrencies
that do not satisfy any classification conditions. Consequently,
these cryptocurrencies pose increased and additional risks relative
to Group 1 cryptoassets and are thus subject to a more stringent
capital treatment. This group includes tokenized traditional assets
and stablecoins failing the classification conditions as well as
unbacked cryptocurrencies. Further, Group 2 is divided into assets
for which a limited amount of hedging is permissible (Group 2a) and
those where no hedging is acknowledged (Group 2b).
Moreover, several key components shape the prudential standard,
including:
- Infrastructure risk add-on: An add-on to risk-weighted assets
(RWA) is implemented to cover infrastructure risk for all Group 1
cryptoassets. This add-on can be activated by the authorities based
on any observable weaknesses in the infrastructure underlying
cryptoassets. - Redemption risk test and supervision/regulation requirement:
These criteria must be fulfilled for stablecoins to be classified
under Group 1. They aim to ensure that only stablecoins released by
supervised and regulated entities with robust redemption rights and
governance are eligible for inclusion. - Group 2 exposure limit: A bank’s total exposure to Group 2
cryptoassets must not surpass 2% of the bank’s Tier 1 capital
and should generally be below 1%. Any breach of these limits would
lead to stricter capital treatments. - Other elements: The standard also outlines how the operational
risk, liquidity, leverage ratio, and large exposure requirements
should be applied to banks’ cryptocurrency exposures. Further,
the supervisory review process and a specific set of disclosure
requirements are also prescribed.
Changes in the Prudential Standard Post-Consultation
Based on feedback from stakeholders and evolving market trends
in cryptoassets, the Committee incorporated several modifications
in the final prudential standard compared to the second
consultation proposal.
Infrastructure Risk Add-On
The second consultation suggested an add-on for infrastructure
risk as a fixed add-on to RWA, set at 2.5% of the exposure value
for all Group 1 cryptoassets. The Committee decided to replace this
with a more dynamic approach that allows authorities to initiate
and increase an add-on based on any detected weaknesses in the
infrastructure underlying specific cryptoassets. This new approach
is intended to motivate banks to proactively address infrastructure
risks to evade the imposition of an add-on in the future.
Basis Risk Test, Redemption Risk Test and
Supervision/Regulation Requirement
The second consultation included a condition in Group 1
classification that cryptocurrencies with stabilisation mechanisms
must pass a redemption risk test and a basis risk test. The
redemption risk test aimed to ensure the reserve assets were
sufficient to redeem the cryptocurrencies at all times, including
during extreme stress, for the peg value. Meanwhile, the basis risk
test, a quantitative test based on the market value of the
cryptocurrency, was designed to ensure the holder of a
cryptocurrency can sell it in the market for an amount closely
mirroring the peg value.
After evaluating these approaches, the Committee decided not to
implement the basis risk test at this time. However, the Committee
will further examine whether there are statistical tests that can
reliably identify low-risk stablecoins. If identified, this could
be considered an additional requirement for inclusion in Group
1b.
Moreover, the Committee agreed that the supervision/regulation
requirement should apply in addition to the requirement to pass the
redemption risk test. For cryptocurrencies pegged to one or more
currencies, the redemption risk test now includes a requirement
that the reserve assets must be composed of assets with minimal
market risk and credit risk. The Committee will further examine the
appropriate composition of reserve assets for the redemption risk
test.
Group 2 Exposure Limit
The requirement for banks to keep their total exposure to Group
2 cryptoassets below a threshold of 1% of their Tier 1 capital has
been maintained in the final standard, albeit with certain
modifications. First, exposures will now be measured as the higher
of the gross long and gross short position in each cryptoasset,
rather than the aggregate of the absolute values of long and short
exposures, as proposed in the second consultation. This change aims
to ensure that banks that hedge their exposures are not penalised
under the limit.
Second, to reduce the “cliff effects”, the Committee
has agreed that if the limit is breached, the more stringent Group
2b capital treatment will apply only to the amount by which the
limit is exceeded, rather than all Group 2 exposures. However, to
ensure that banks do not significantly exceed the 1% threshold, a
new 2% limit has been introduced which, if breached, will result in
all Group 2 exposures being subject to the Group 2b capital
treatment.
Responsibility for Assessing the Classification Conditions
The second consultation required banks to assess their
cryptoassets against the classification conditions and seek prior
supervisory approval to finalize the classification. The Committee
acknowledged that this process could be excessively burdensome,
especially in cases where the compliance or violation of the
conditions is evident. As a result, the final standard has been
altered to remove the supervisory pre-approval element. Instead,
banks are now required to inform supervisors of classification
decisions, with supervisors having the power to override these
decisions if they disagree with a bank’s assessment.
Interim Summary
- The Basel Committee’s prudential framework sets out the
standards for the treatment of banks’ cryptoasset exposures,
dividing cryptoassets into two primary groups: Group 1 (meeting all
classification conditions, including tokenized traditional assets
and cryptocurrencies with effective stabilization mechanisms) and
Group 2 (failing to meet classification conditions like stablecoins
and unbacked cryptocurrencies for example). - The infrastructure risk add-on has been revised from a fixed
add-on to a dynamic add-on, allowing authorities to increase the
add-on based on observed weaknesses in a cryptoasset’s
underlying infrastructure. - The Committee has decided not to implement the basis risk test
at this time. - Prior supervisory approval to finalize the classification of
cryptoassets is no longer required.
Custodial Assets
In the recent past, the regulatory terrain regarding the
treatment of custodial assets in banks’ cryptoasset exposures
has been a subject of spirited deliberation. Participants in the
second consultative process voiced apprehension over the potential
interpretation of the standard as pertaining to the application of
credit, market, and liquidity risk prerequisites to customers’
assets where banks operate in a custodial capacity. These concerns
revolved around the potential misunderstanding that such assets
would be subject to the aforementioned risk requirements – a notion
that was not the intent of the standard. As such, the standard has
been subsequently revised to elucidate those elements that apply
specifically to the custodial services provided by banking
institutions.
The Basel Committee on Banking Supervision is set to play a
crucial role in monitoring the execution and consequences of the
cryptoasset standard. Considering the swift and often unpredictable
transformations within the cryptoasset market, the Committee
anticipates that further adjustments and elucidations will be
necessary over time. These are essential to ascertain consistent
comprehension and execution of the standard, as well as to respond
to emergent risks. To complement these efforts, the Committee will
persistently gather data from banking institutions as an integral
component of its customary Basel III monitoring endeavor. The
Committee will also keep a close eye on and exchange information
concerning the application of the standard and market developments,
and will maintain active engagement with other standard setting
entities.
Ongoing Review
In a bid to enhance oversight, the Committee has concurred on a
group of issues that will undergo particular monitoring and review.
One such issue is the exploration of statistical tests and
redemption risk tests. The Committee has expressed a desire to
investigate further whether reliable statistical tests that can
identify low-risk stablecoins exist. Should such a test be
unearthed, the Committee will contemplate its addition as a
supplementary prerequisite for inclusion in Group 1b. Concurrently,
there is a push to examine further the suitable composition of
reserve assets for the redemption risk test.
Furthermore, the Committee is set to dedicate time to ponder on
the potential risks presented by cryptoassets that utilize
permissionless blockchains. The focus is to determine if these
risks can be sufficiently mitigated to permit their inclusion in
Group 1 and what adjustments to the classification conditions would
be required if so.
Equally, there are intentions to monitor how Group 1b
cryptoassets, which a bank receives as collateral, are treated. As
per the final standard, these cryptoassets are not allowed to be
acknowledged as eligible collateral for the computation of
regulatory capital requirements. The Committee aims to evaluate
continually whether any Group 1b cryptoassets possess the necessary
characteristics to be recognized as collateral for capital
requirements purposes.
Group 2a crypto assets and hedging
Further attention will be paid to the Group 2a criteria and the
degree of hedge recognition. The criteria for hedging recognition
in the final standard echo the proposals delineated in the second
consultation proposal. Cryptoassets that fulfill these criteria
will be assigned to Group 2a and will be eligible for limited
recognition. The Committee intends to closely monitor the
specification of these thresholds and the degree of hedge
recognition that the Group 2a classification allows.
Lastly, the calibration of the Group 2 exposure limit will be
under scrutiny. Currently, this limit is premised on thresholds
established at 1% and 2% of banks’ Tier 1 capital. These
thresholds are designed to protect the banking sector from the
potentially significant risks presented by Group 2 cryptoassets.
The Committee will reassess these thresholds’ appropriateness
as the cryptoasset market evolves.
In addition to this, the text of the standard on banks’
exposures to cryptoassets has been laid out in a new chapter of the
Basel Framework (SCO60). This new chapter defines the prudential
treatment of banks’ cryptoasset exposures, with the enforcement
date set as 1 January 2025. The chapter includes the term
“exposure”, which entails on- or off-balance sheet
amounts that give rise to credit, market, operational, and/or
liquidity risks. Parts of the chapter are applicable to banks’
cryptoasset activities, such as custodial services involving the
safekeeping or administration of client cryptoassets on a
segregated basis, that do not typically give rise to credit,
market, or liquidity requirements.
Interim Summary
- The revised standard clarifies elements applicable to custodial
services provided by banks, addressing concerns raised in the
second consultation. - The Basel Committee on Banking Supervision plans to closely
monitor the implementation and effects of the cryptoasset
standard. - The Committee will conduct specific monitoring and review on
various aspects such as statistical tests, redemption risk test,
permissionless blockchains, Group 1b cryptoassets as collateral,
Group 2a criteria, and calibration of the Group 2 exposure
limit. - A new chapter (SCO60 – Scope and Definitions: Cryptoasset
Exposures) of the Basel Framework has been introduced that outlines
the prudential treatment of banks’ cryptoasset exposures,
effective from 1 January 2025. - The term “exposure” is defined within this new
chapter, and requirements for different risk types and management
processes are outlined.
Stabilisation Mechanisms
The increasingly complex landscape of cryptoassets requires
robust regulatory mechanisms to manage and mitigate potential
risks. This chapter explores the intricacies of such regulatory
measures and aims to shed light on the classification conditions
which are crucial to understanding the nature of cryptoassets.
Cryptoassets can be subject to several risks depending on the
nature of their backing, thus necessitating the use of
stabilisation mechanisms. For instance, a cryptoasset redeemable
for a fixed currency amount, while supported by bonds denominated
in the same currency, may be exposed to credit, market and
liquidity risks that could result in losses when compared to the
value of the referenced currency. Furthermore, stabilisation
mechanisms that rely on other cryptoassets or protocols that
manipulate the supply of the cryptoasset fail to meet the first
classification condition.
Clasification condition refers to cryptoassets comprising of
tokenized conventional assets that conform to the classification
criteria and cryptoassets that maintain reliable stabilization
mechanisms and align with the classification standards. The second
classification condition demands that all rights, responsibilities,
and interests stemming from the cryptoasset arrangement be lucidly
defined and enforceable in all jurisdictions where the asset is
issued and redeemed. Furthermore, banks must ensure that these
arrangements guarantee settlement finality and that they are
subject to a legal review which must be available to the respective
supervisory bodies upon request. An example of this can be seen in
a cryptoasset arrangement that allows for the completion of
redemption within five calendar days of the redemption request.
This also requires that the legal documentation clearly delineates
the rights and obligations of all parties involved, including those
related to redemption, the traditional assets involved, and the
determination of redemption value. Additionally, the terms of
settlement finality must be explicitly documented, defining when
and how financial risks are transferred from one party to another.
This documentation must be made publicly available, with any
offerings to the public being approved by the relevant regulatory
body.
The third classification condition relates to the design and
operation of the cryptoasset and the network it operates on. This
condition ensures that the functions of the cryptoasset such as
issuance, validation, redemption, and transfer, as well as the
network it operates on, do not present any material risks that
could compromise the transferability, settlement finality, or,
where applicable, redeemability of the cryptoasset. This
necessitates robust risk management strategies that address
potential threats including credit, market, and liquidity risks,
operational risks, risks of data loss, and Anti-Money
Laundering/Countering the Financing of Terrorism (AML/CFT). In
addition, all significant elements of the network must be clearly
defined to ensure the traceability of all transactions and
participants.
The fourth classification condition requires that entities
involved in the redemption, transfer, storage or settlement of the
cryptoasset, or those that manage or invest reserve assets, must be
regulated and supervised, or at the very least, be subject to
appropriate risk management standards. They are also expected to
have a comprehensive governance framework in place.
Responsibilities for determining and monitoring compliance with
the classification conditions are vested in banks. They are
required to assess, on an ongoing basis, whether the cryptoassets
they are exposed to comply with these conditions. Additionally,
banks must have the necessary risk management policies, procedures,
governance, and IT capacities to assess and manage the risks
associated with engaging in cryptoassets. Banks are also
responsible for documenting this information for review by
supervisory authorities. Moreover, they are expected to inform
their supervisors about their classification decisions for each
cryptoasset, ideally before the implementation date of the
pertinent regulations. For any cryptoassets that a bank may wish to
acquire after the implementation date, the bank must inform their
supervisor of their classification assessment in advance of the
acquisition.
Supervisory authorities, on the other hand, are responsible for
reviewing and assessing banks’ analysis, risk management and
measurement approaches, as well as their classification decisions.
These authorities may rely on other regulators, supervisors, or
independent third-party assessors to evaluate the specific risk
characteristics of cryptoasset arrangements. They also reserve the
right to override banks’ classification decisions if they do
not concur with the assessments carried out by the banks.
For consistent application across jurisdictions, authorities are
expected to routinely compare and share their supervisory
information on banks’ assessments of cryptoassets against the
classification conditions.
Interim Summary
- Cryptoassets can be exposed to various risks depending on the
nature of their backing, and stabilisation mechanisms that
reference other cryptoassets or manipulate the supply of the
cryptoasset fail to meet the first classification condition. - The second classification condition demands that all rights,
responsibilities, and interests from the cryptoasset arrangement be
clearly defined and enforceable, and the arrangements should ensure
settlement finality. - The third classification condition relates to the design and
operation of the cryptoasset and its network, which must not
present any material risks that could compromise transferability,
settlement finality, or redeemability. - The fourth classification condition requires that entities
involved in various operations of the cryptoasset be regulated and
supervised, or at least be subject to appropriate risk management
standards. - Banks have a responsibility to assess and document compliance
with the classification conditions and to communicate their
classification decisions to their supervisors. - Supervisory authorities review and assess banks’ decisions
and risk management measures and have the power to override
banks’ classification decisions. - Consistent application across jurisdictions requires
authorities to routinely compare and share supervisory
information.
Banking / Trading Book and Risk Manifestation and Capital
Requirements
The complexities of the cryptoasset market, with its diverse
assortment of tokens, require nuanced approaches to ensure legal
and regulatory compliance. Amid this evolving landscape, regulatory
bodies around the globe have had to adapt, create, and implement
detailed provisions that can effectively capture and address the
unique risks associated with these assets.
In terms of distinguishing between the banking book and the
trading book, serves as the primary guide for assigning
cryptoassets. However, the specific classifications of these assets
determine their assignment. Group 1a cryptoassets, mirroring
traditional non-tokenised assets, are allocated based on the
boundary criteria applied to their non-tokenised equivalents.
Likewise, Group 1b cryptoassets follow the same process, but the
allocation is based on their reference assets.
For Group 2a and Group 2b cryptoassets, the approach diverges.
Group 2a cryptoassets are treated in line with the proposed market
risk rules, irrespective of their origin, either from the banking
book or trading book instruments. This approach aligns with the
treatment of foreign exchange (FX) and commodities risk. Group 2b
cryptoassets, on the other hand, must adhere to the standardised
conservative prudential treatment outlined in SCO 60.83 to SCO
60.86 of the BCBS Prudential treatment of cryptoasset
exposures.
The BCBS standards CRE (Credit Risk Exposure / Calculcation of
RWA for credit risk) and MAR (Minimum capital requirements for
Market risk / Calculation of RWA for market risk) determine if
Group 1 cryptoasset exposures are treated according to standardised
or internal model-based approaches concerning credit and market
risk, respectively. Yet, it is crucial to note that these
models-based approaches cannot be applied to Group 2 cryptoassets.
Interestingly, the deductions that apply to intangible assets do
not affect cryptoasset exposures, even when a cryptoasset is
considered an intangible under the applicable accounting
standard.
When considering the minimum capital requirements for credit
risk for Group 1 cryptoassets, Group 1a cryptoassets held in the
banking book generally abide by the same rules for determining
credit risk-weighted assets (RWA) as non-tokenised traditional
assets. For instance, a tokenised corporate bond in the banking
book would possess the same risk weight as a non-tokenised
corporate bond in the banking book.
This is premised on the understanding that if two exposures
offer the same level of legal rights and have the same likelihood
of timely payment, they would probably pose similar credit loss
risks and hold comparable values. Nevertheless, aspects of the
credit standards, not directly linked to an asset’s legal
rights held by a bank or timely payment likelihood, require a
separate assessment of the tokenised traditional asset. This
implies that a tokenised asset may possess different market
liquidity characteristics compared to a non-tokenised asset,
primarily due to variations in the potential investor pool.
The differential market liquidity characteristics and market
values of tokenised assets compared to non-tokenised ones become
critical when assessing whether Group 1a cryptoassets meet credit
risk mitigation requirements. Additionally, the timeframe for a
secured creditor to seize cryptoasset collateral may vary from
traditional assets. Hence, banks are required to independently
assess the eligibility of such assets for collateral recognition.
Factors considered include the speed of liquidation, legal
certainty requirements, and market liquidity depth during a
downturn. Furthermore, cryptoassets can only be recognised as
collateral when confirmed that their volatility and holding periods
under stressed market conditions are not materially increased
compared to the traditional asset or pool of traditional assets. In
any other scenario, the cryptoasset shall not be considered
eligible for credit risk mitigation, unless the bank has received
permission from its supervisor to reflect any significant increase
in relevant parameters as part of its own Loss Given Default (LGD)
estimates under the Internal Ratings-Based (IRB) approach.
Eligible forms of financial collateral are outlined in CRE22 for
credit risk mitigation recognition under the standardised approach
to credit risk. Group 1a cryptoassets that are tokenised versions
of the instruments listed as eligible financial collateral under
CRE22 could qualify for recognition as eligible collateral, subject
to meeting the requirements described earlier.
Group 1b cryptoassets, due to their classification conditions,
must be designed to be redeemable for a pre-set amount of a
reference asset or assets, or cash equivalent to the value of the
reference asset(s). The cryptoasset arrangement must also contain a
substantial reserve asset pool to satisfy the redemption claims of
cryptoasset holders. Even though these are common features, Group
1b cryptoassets may have varied structures. Banks that have banking
book exposures to Group 1b cryptoassets must dissect their specific
structures to identify all possible risks that could result in a
loss. Each credit risk must be independently capitalised by banks
using the credit risk standards set out in CRE.
Potential risks and corresponding capital requirements from
banks’ exposures to Group 1b cryptoassets may manifest in
several ways. For instance, the risk may come from the reference
asset itself. If the reference asset for a Group 1b cryptoasset
gives rise to credit risk (e.g., a bond), banks may suffer a loss
from the default of the reference asset’s issuer. Therefore,
banks are required to include in credit RWA, the RWA that would
apply under CRE to a direct holding of the reference asset. If the
reference asset gives rise to foreign exchange or commodities risk
(e.g., foreign currency denominated financial assets or physical
commodities), banks must calculate market RWA for the exposure
equivalent to the market RWA that would apply under RBC 20.9
(Risk-based Capital Requirements) to a direct holding of the
underlying traditional asset.
For Group 1b cryptoassets referencing a pool of traditional
assets, banks must apply the requirements relevant to equity
investments in funds to determine the applicable RWA for a direct
holding of the referenced pool of traditional assets. Both the
look-through approach and the mandate-based approach of CRE60 are
available for cryptoassets that fulfil all requirements for these
approaches. Otherwise, the fallback approach (i.e., a 1250%
risk weight) must be applied.
Another risk may arise from the redeemer’s default. If the
redeemer entity fails, the cryptoassets may become worthless. The
capital treatment of banks’ exposures to the redeemer depends
on the nature of the exposures. If the bank holding the cryptoasset
has an unsecured claim on the redeemer in case of default, the bank
must calculate credit RWA for its exposure to the redeemer. The
credit RWA in this case must be equal to the RWA that would apply
under CRE to a direct unsecured loan to the redeemer, with the loan
amount equalling the redemption claim (i.e., peg value) of the
cryptoasset. If the bank holding the cryptoasset has a secured
claim on the redeemer in case of default, the bank must calculate
credit RWA for its exposure to the redeemer, equalling the RWA that
would apply under CRE to a direct secured loan to the redeemer. The
loan amount, before any recognition of credit risk mitigation,
should equal the redemption claim (i.e., peg value) of the
cryptoasset. All conditions on the eligibility of collateral for
the purposes of recognising credit risk mitigation set out in CRE
apply.
Interim Summary
- Cryptoassets’ allocation between banking and trading books
is dictated by RBC25, taking into account each asset’s specific
classification. - Group 1a cryptoassets mirror traditional non-tokenised assets,
while Group 1b cryptoassets are allocated based on their reference
assets. - Group 2a cryptoassets align with the treatment of FX and
commodities risk, while Group 2b cryptoassets must adhere to
standardised conservative prudential treatment.
Minimum Capital Requirements for Counterparty Credit Risk (CCR)
-Comprehensive Approach for Securities Financing Transactions
(SFTs)
The established comprehensive approach for SFTs requires banks
to leverage the formula delineated in the credit risk mitigation
section of the standardised approach to credit risk. Group 1a
cryptoassets that manifest as tokenised versions of the instruments
on the list of eligible financial collateral are recognized as
eligible collateral. However, Group 1b, Group 2a, and Group 2b
cryptoassets, do not fall under the eligible forms of collateral
under this approach. Therefore, banks receiving them as collateral
will not receive any recognition for the net exposure calculation
to the counterparty. This implies that banks loaning these groups
of cryptoassets as part of an SFT need to implement the same
haircut used for equities that are not traded on a recognized
exchange, which equates to a haircut of 25%.
CCR Application for Group 1a Cryptoassets
Group 1a cryptoassets, essentially tokenised traditional assets,
when used in derivatives, are generally subjected to the same rules
determining CCR as non-tokenised traditional assets. These rules
include the application of the Internal Models Method (IMM), which
sets identical requirements for both tokenised and traditional
assets. However, in scenarios where significant valuation
differences exist between the traditional and tokenised asset, or
when substantial basis risk is present, limitations may occur in
the application of the IMM, particularly in the presence of missing
data, short history, or data quality issues. In these instances,
the Standardised Approach for Counterparty Credit Risk (SA-CCR)
needs to be applied as described for Group 2a cryptoassets.
CCR Application for Group 1b and 2a Cryptoassets
Group 1b cryptoassets, known as cryptoassets with stabilisation
mechanisms, are subjected to the same CCR RWA determination rules
as non-tokenised traditional assets. Derivatives on Group 2a
cryptoassets, on the other hand, are subjected to the SA-CCR. The
SA-CCR process takes into account the replacement cost, considering
legally enforceable netting of all transaction types in the netting
set, including derivatives on Group 2a cryptoassets. Moreover, a
new asset class “crypto” is created in the SA-CCR to
calculate the potential future exposure (PFE) add-on. The SA-CCR
for Group 2a cryptoassets incorporates various factors like
supervisory factor, adjusted notional, supervisory delta
adjustment, and maturity factor calculations.
CCR Application for Group 2b Cryptoassets
In calculating counterparty credit risk for derivative exposures
that involve Group 2b cryptoassets, the exposure will be defined by
the Replacement Cost (RC) plus the Potential Future Exposure (PFE),
both multiplied by the alpha factor. For calculating the PFE for
Group 2b cryptoassets, 50% of the gross notional amount must be
applied per transaction, and they must not form part of any hedging
set.
Minimum Capital Requirements for Operational Risk
The operational risk emanating from cryptoasset activities
should typically be covered by the operational risk standardised
approach. This includes income and expenses derived from
cryptoasset-related activities. If the operational risks related to
cryptoassets are not sufficiently captured by the minimum capital
requirements for operational risk or the bank’s internal risk
management processes, banks and supervisors should take suitable
measures to ensure capital adequacy and sufficient resilience
within the supervisory review process.
Minimum Liquidity Risk Requirements
For liquidity coverage ratio (LCR) and net stable funding ratio
(NSFR) requirements, cryptoasset exposures, which include assets,
liabilities, and contingent exposures, must generally follow a
treatment consistent with existing approaches for traditional
exposures with economically equivalent risks. However, the relative
novelty and unique risks associated with cryptoassets necessitate
additional clarifications and modifications to these standards.
Treatment as High-Quality Liquid Assets (HQLA)
Group 1a cryptoassets can be considered as HQLA to the extent
both the underlying assets in their traditional form and the
tokenised form of the assets satisfy the characteristics of HQLA.
For instance, a tokenised bond that meets these HQLA eligibility
criteria and temporarily resides on a distributed ledger to
facilitate transfer could be considered as a Group 1a cryptoasset.
Conversely, Group 1b and Group 2 cryptoassets are excluded from
being considered as HQLA.
Application of the LCR and NSFR Frameworks
The classification and calibration of LCR outflow and inflow
rates and NSFR available stable funding (ASF) and required stable
funding (RSF) factors for cryptoassets and crypto liabilities
depend on multiple factors, including the structure of the
cryptoasset or crypto liability, its commercial function in
practice, and the nature of a bank’s exposure to the
cryptoasset or crypto liability.
Interim Summary
- The comprehensive approach for SFTs requires banks to apply the
formula from the credit risk mitigation section of the standardised
approach to credit risk. - Group 1a cryptoassets qualify as eligible collateral, but Group
1b, Group 2a, and Group 2b cryptoassets are not recognized as
eligible forms of collateral in this approach. - Group 1a cryptoassets are generally subject to the same rules
determining CCR as non-tokenised traditional assets. - Group 1b and 2a cryptoassets follow the same CCR RWA
determination rules as non-tokenised traditional assets and are
subjected to the SA-CCR, respectively. - For Group 2b cryptoassets, the exposure in calculating CCR is
defined by the RC plus the PFE, both multiplied by the alpha
factor. - The operational risk from cryptoasset activities should
generally be covered by the operational risk standardised
approach. - For LCR and NSFR requirements, cryptoasset exposures should
follow a treatment that aligns with existing approaches for
traditional exposures with economically equivalent risks. - Group 1a cryptoassets can be considered as HQLA, but Group 1b
and Group 2 cryptoassets must not be considered as HQLA. - The classification and calibration of LCR outflow and inflow
rates and NSFR ASF and RSF factors for cryptoassets and crypto
liabilities depend on the structure of the asset or liability, its
commercial function, and the bank’s exposure to it.
Cryptoasset Exposures: Analogous to Traditional Asset and
Liability Exposures
In the financial world, Group 1a cryptoassets and
cryptoliabilities are typically viewed with parity to their
non-tokenised traditional counterparts. This view is held in terms
of assignment of inflows, outflows, RSF (Required Stable Funding)
factors, and ASF (Available Stable Funding) factors. However, the
LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio)
treatment of such exposures is highly dependent on their specific
categorization, which includes:
- Tokenised claims on a bank
- Stablecoins
- Other cryptoassets
Tokenised Claims on a Bank: Treatment as Unsecured Funding
Instruments
Group 1a tokenised claims on a bank are usually treated as an
unsecured funding instrument. This holds true when these claims are
issued by a regulated and supervised bank, represent a legally
binding claim on the bank, are redeemable in fiat currency at par
value, and maintain a stable value backed by the issuing bank’s
creditworthiness and asset-liability profile rather than a
segregated pool of assets.
For these tokenised claims, the maturity date is determined
based on the holder’s contractual redemption rights.
Liabilities from self-issued tokenised claims must follow specific
regulations regarding LCR outflow rates and NSFR ASF factors,
counterparty classification, and treatment as stable retail
deposits. Tokenised claims used primarily as a payment method
should follow the categorisation methodology as specified in the
appropriate regulations.
Stablecoins: Treated Similar to Securities
Stablecoins, specifically Group 1b cryptoassets and certain
Group 2 cryptoassets, that are fully collateralised by a segregated
pool of underlying assets which do not count toward the bank’s
stock of HQLA (High-Quality Liquid Assets), are treated similarly
to securities. When a bank is the issuer of a stablecoin and the
issuance represents a legally binding claim on the bank, specific
considerations must be made for LCR outflows, ASF factors, and
asset segregation.
When a bank holds such a stablecoin, it must be subject to at
least an 85% RSF in the NSFR and not result in inflows under the
LCR. However, a holder may recognise inflows in the LCR or a
reduced RSF factor in the NSFR under certain conditions.
Other Cryptoassets: Treatment Consistent with Non-HQLA
Group 2 cryptoassets that do not qualify for the treatment
outlined above for tokenised claims and stablecoins must be treated
similarly to non-HQLA as per the LCR and NSFR standards. Specific
considerations must be given for banks that hold these types of
cryptoassets or loans denominated in them.
Additional Considerations
Other key factors to be considered include outflow rates, stable
funding requirements, and risks associated with a bank’s role
in issuing or transacting in cryptoassets. The treatment of
specific types of transactions such as derivatives, secured
funding, collateral swaps, and commitments to lend cryptoassets
must be in line with the existing framework.
Leverage Ratio Requirements
The leverage ratio requirements for cryptoassets are treated
consistent with the leverage ratio standard. The value for
financial reporting purposes is determined based on applicable
accounting treatment for exposures with similar characteristics.
Derivative exposures for cryptoassets should follow the treatment
of the risk-based capital framework.
Large Exposures Requirements
Large exposure requirements for cryptoassets follow the same
principles as for other exposures. The treatment is consistent with
requirements set out in existing frameworks, taking into account
the bank’s credit risk exposure and default risk.
Interim Summary
- Group 1a cryptoassets and cryptoliabilities are to be treated
the same as their non-tokenised traditional assets and liabilities
counterparts. - Group 1a tokenised claims on a bank are generally treated as an
unsecured funding instrument under specific conditions. - Stablecoins are treated similarly to securities.
- Group 2 cryptoassets that do not qualify for the treatment as
tokenised claims and stablecoins must be treated similar to
non-HQLA. - Specific considerations must be made for banks holding these
types of cryptoassets or loans denominated in them. - Other key factors include outflow rates, stable funding
requirements, and risks associated with a bank’s role in
issuing or transacting in cryptoassets. - Leverage ratio requirements for cryptoassets are treated in
line with the leverage ratio standard. - Large exposure requirements for cryptoassets follow the same
principles as for other exposures.
Setting Boundaries: Group 2 Cryptoasset Exposure Limit
One significant regulatory step proposed is placing an exposure
limit on banks’ relationship with Group 2 cryptoassets. It has
been determined that banks must ensure the aggregate of their
direct and indirect exposures to these digital assets, including
cash, derivatives, and holdings through vehicles like investment
funds, ETF/ETN, or any legally formulated arrangements, does not
exceed a specific threshold.
To bring precision to these limits, it has been suggested that a
bank’s total exposure to Group 2 cryptoassets should, under
ordinary circumstances, not exceed 1% of the bank’s Tier 1
capital. The absolute upper limit has been defined at 2% of the
bank’s Tier 1 capital, signifying a boundary that must not be
crossed.
For situations where the 1% limit is breached, robust
contingency measures have been proposed. Banks must adopt
strategies to ensure that such situations are more the exception
rather than the rule, and if a breach does occur, immediate
notification of the supervisor is compulsory, followed by quick
remedial action. In case the bank’s exposure exceeds the 1%
threshold, the excess will be subject to the capital requirements
of Group 2b cryptoasset exposures. Moreover, if the exposure
overshoots the 2% limit, all Group 2 cryptoasset exposures will be
subject to the capital requirements that apply to Group 2b
cryptoasset exposures.
In the context of assessing compliance with the Group 2 exposure
limit threshold, exposures need to be measured using the same
methodology for determining the Group 2b capital treatment. This
means that all Group 2 cryptoasset exposures should be measured
using the higher of the absolute value of the long and short
exposures in each individual cryptoasset that the bank is exposed
to, and derivatives need to be measured using a delta-equivalent
methodology. Additionally, the definition of Tier 1 capital remains
the same as specified in CAP10.2 (Definition of Capital).
Reinforcing Risk Management and Supervisory Review
The supervisory review process plays a critical role when it
comes to managing exposures to cryptoassets. The proposal outlines
the shared responsibilities of banks and supervisors, and
delineates possible supervisory actions in cases where the minimum
requirements are not met or the risk management is found
lacking.
Bank Risk Management
Cryptoasset activities introduce new types of risks and amplify
certain existing ones. Banks with either direct or indirect
exposures or those that offer related services to any form of
cryptoasset must establish robust policies and procedures to
consistently identify, assess, and mitigate these risks. These
risks include, but are not limited to, operational risks, credit
risks, liquidity risks, including funding concentration risk, and
market risks. The guidelines for managing these risks must be
informed by the existing Basel Committee’s statements on
operational risk management in general and cryptoassets in
particular.
Banks’ risk management practices should comprise assessments
of these risks and include relevant mitigation measures aimed at
enhancing their operational resilience capabilities, with specific
regard to information, communication, and technology (ICT) and
cyber risks. Any decision to hold cryptoassets and provide services
to cryptoasset operators must be in complete alignment with the
bank’s risk appetite, strategic objectives, and senior
management’s evaluation of the bank’s risk management
capabilities.
Special Considerations for Cryptoassets
Given the distinct characteristics of cryptoassets and their
markets, banks must undertake a careful evaluation of any
cryptoasset exposures they plan to take on. They must ensure that
existing processes and procedures are sufficient and that there is
a comprehensive risk management approach in place to manage these
risks, including exposure limits and hedging strategies.
Banks must also inform their supervisory authorities about their
policies and procedures, assessment results, and current and
planned cryptoasset exposures or activities in a timely manner.
They should be able to demonstrate that they have fully evaluated
the permissibility of such activities, the related risks, and the
measures undertaken to mitigate such risks.
Mapping Cryptoasset Risks to Basel Risk Categories
The mapping of risks related to cryptoasset activities to Basel
risk categories such as credit risk, market risk, and operational
risk, will depend on how these risks manifest. A large portion of
the risks brought about by or increased by cryptoasset activities
are covered by the operational risk framework, such as ICT and
cyber risks, legal risks, and risks related to money laundering and
financing of terrorism.
The categorization of technological risks of cryptoassets would
depend on the circumstances. For instance, if a loss-triggering
event is due to processes or systems outside of the bank’s
control and the loss manifests through the value of a bank position
in cryptoassets, these losses would be covered by the credit risk
framework (for banking book positions) or the market risk framework
(for trading book positions). However, losses that arise from
inadequate or failed processes, people, or systems of the bank,
such as the loss of a private cryptographic key, would be
classified as operational losses.
Risk Management Considerations for Cryptoasset Activities
Banks need to consider several specific risks in their
management of cryptoasset activities:
- Cryptoasset technology risk: Banks must closely monitor the
risks inherent to the supporting technology, whether cryptoasset
activities are conducted directly or through third parties. This
includes the stability of the Distributed Ledger Technology (DLT)
or similar technology network, the design of the DLT, service
accessibility, and the trustworthiness of node operators and
operator diversity. - General information, communication, and technology (ICT) and
cyber risks: A bank holding cryptoassets may be exposed to
additional ICT and cyber risks including cryptographic key theft,
compromise of login credentials, and distributed denial-of-service
(DDoS) attacks. - Legal risks: Given the evolving nature of cryptoasset
activities, their legal framework remains uncertain and banks’
legal exposure is heightened. This can be seen in areas such as
accounting, control/ownership, disclosure and consumer protection,
and uncertain legal status. - Money laundering and financing of terrorism: Banks providing
banking services to Virtual Asset Service Providers (VASPs) or to
customers involved in Virtual Asset activities, or through engaging
in VASP activities themselves need to apply the risk-based approach
set out by the Financial Action Task Force (FATF) for Anti-Money
Laundering (AML) and Countering the Financing of Terrorism
(CFT). - Valuation: Many cryptoassets pose valuation challenges due to
their volatility and variable pricing on different exchanges,
especially as most cryptoassets are currently traded on unregulated
marketplaces.
Interim Summary
- Banks’ total exposure to Group 2 cryptoassets should
generally not exceed 1% of the bank’s Tier 1 capital, with a
hard limit of 2%. - Breaches of the Group 2 exposure limit threshold of 1% should
be rare and swiftly rectified, with immediate notification to the
supervisor. - The risk management approach banks adopt for managing
cryptoasset risks must be consistent with their risk appetite,
strategic objectives, and senior management’s assessment of
their risk management capabilities. - Banks must inform their supervisory authorities of their actual
and planned cryptoasset exposures or activities and demonstrate
that they have fully evaluated the permissibility of such
Supervisory Review of Bank Risk Identification and
Assessment
The supervision of bank risk identification and assessment takes
on new dimensions when considered in the context of emerging
technologies, such as cryptoassets. Banks are required under Pillar
2 to evaluate their capital requirements vis-a-vis the risks they
undertake, necessitating the intervention of regulators and
supervisors. The relatively recent arrival of cryptoasset
activities, coupled with their constant evolution, warrants a
particular focus on these activities from supervisory bodies.
Thus, a thorough review of banks’ risk identification and
assessment processes related to cryptoassets by supervisors becomes
highly relevant. Supervisors should carefully evaluate the
appropriateness and adequacy of banks’ policies, procedures,
and outcomes related to the identification and assessment of
cryptoasset risks. In instances where gaps or deficiencies are
noted, supervisors are well within their authority to require banks
to address these issues. They may also recommend or require banks
to carry out stress testing or scenario analyses to better assess
risks arising from cryptoasset exposures, contributing further to
the assessments of a bank’s overall capital adequacy.
Supervisory Actions for Capital Inadequacy or Risk Management
Shortcomings
Identifying capital inadequacy or risk management issues in
banking institutions might lead supervisors to take varied actions
depending on the specifics of the situation. The possible responses
could include the following:
- Additional capital charges: In cases where a bank’s risk
management regarding cryptoassets is considered insufficient,
supervisors might impose additional capital charges on individual
banks. These charges could be levied for risks not fully captured
under the minimum capital requirements for operational risk, credit
risk, or market risk. - Provisioning: Supervisors might require banks to provision for
losses related to cryptoassets where such losses are foreseeable
and quantifiable. - Supervisory limits or other mitigation measures: Supervisors
might impose mitigation measures on banks to contain risks
inadequately identified or assessed within the bank’s risk
management framework. Such measures could include, for example,
requiring a bank to establish an internal limit.
Disclosure Requirements for Banks’ Exposures to
Cryptoassets
The principles guiding banks’ disclosure of their exposures
to cryptoassets or related activities follow five general
principles as set out in DIS10 (Disclosure Requirements). These
requirements oblige banks to provide both quantitative and
qualitative information on their cryptoasset activities and related
risks. Banks are expected to provide an overview of:
- Their business activities relating to cryptoassets and the
subsequent translation into components of the bank’s risk
profile. - The risk management policies related to cryptoasset
exposures. - The scope and primary content of the bank’s reporting on
cryptoassets. - The most significant current and emerging risks relating to
cryptoassets and the strategies employed to manage these
risks.
In accordance with these guiding principles, banks are required
to regularly disclose information regarding any significant Group
1a, Group 1b, Group 2a, and Group 2b cryptoasset exposures. This
information should include details on direct and indirect exposure
amounts, capital requirements, and the accounting classification
for each specific type of cryptoasset exposure. In addition, banks
must include exposures to Group 1 cryptoassets in the existing
disclosure templates that apply to traditional assets, for
instance, for credit risk and market risk.
Definitions of Key Terms
Understanding the terminology associated with cryptoassets is
crucial to grasp the nuances of the banking regulations and
procedures surrounding these digital assets. Here are the
definitions of several key terms pursuant to the BCSB Prudential
treatment of cryptoasset exposures docment:
- Cryptoassets: Private digital assets primarily dependent on
cryptography and distributed ledger technology or similar
technologies. - Digital Assets: Digital representations of value that can be
utilized for payment, investment, or to access a good or service.
This definition does not include digital representations of fiat
currencies. - Nodes: Participants, including entities or individuals, in
distributed ledger networks that record and share data across
multiple data stores or ledgers. - Operators: Generally, a single administrative authority
managing a cryptoasset arrangement. The operators’ roles may
include issuing a centralized cryptoasset, establishing usage
rules, maintaining a central payment ledger, and redeeming the
cryptoasset. - Stablecoins: A type of cryptoasset designed to maintain a
stable value relative to a specific asset, or a pool or basket of
assets. - Redeemers: Entities responsible for exchanging the cryptoasset
for the traditional asset. The redeemer does not necessarily have
to be the same entity responsible for organizing the issuance of
the cryptoasset. - Validators: Entities that commit transaction blocks to the
distributed ledger network.
Interim Summary
This chapter explored the supervisory review of bank risk
identification and assessment processes, especially concerning
cryptoassets. Key points discussed include:
- The need for thorough supervisory review of banks’ risk
identification and assessment related to cryptoassets due to the
evolving nature of these digital assets. - The potential supervisory responses to issues of capital
inadequacy or risk management shortcomings, such as imposing
additional capital charges, requiring provisioning for foreseeable
losses, or enforcing risk mitigation measures. - The disclosure requirements for banks’ exposures to
cryptoassets, including the need for both qualitative and
quantitative information on their cryptoasset activities and
related risks. - Definitions of key terms in the realm of cryptoassets,
providing a foundation for understanding the complexities of
banking regulations and procedures surrounding these digital
assets.
In conclusion, this article aimed to provide a comprehensive
overview of the supervisory review of banks’ risk
identification and assessment in relation to cryptoassets under the
new BCBS framework on cryptoasset exposures. This comprehensive
discourse underscores the necessity for effective regulatory
oversight and transparency in the ever-evolving world of
cryptoassets. Moreover, it illustrates the need for banks to stay
updated and robust in their risk management strategies when
engaging with these novel assets.
Source: Basel Committee on Banking Supervision. (2022).
Prudential treatment of cryptoasset exposures.
Executive Summary
To encapsulate the comprehensive discussion on the banking
industry’s interplay with cryptoassets, key takeaways are:
- Importance of Supervisory Review: Given the novel and evolving
nature of cryptoassets, a rigorous supervisory review of banks’
risk identification, assessment, and management related to these
assets is indispensable. - Potential Supervisory Responses: In situations of risk
management deficiencies or capital inadequacy, supervisory bodies
may resort to a variety of measures. These include imposing
additional capital charges, requesting loss provisioning, or
introducing mitigation measures. - Disclosure Requirements: Banks dealing with cryptoassets must
adhere to stringent disclosure requirements. These involve offering
both quantitative and qualitative information to ensure
transparency and proper risk comprehension by all
stakeholders. - Definitions of Key Terms: A clear understanding of key
cryptoasset-related terminologies forms the bedrock for
comprehending the regulatory framework and procedures enveloping
these digital assets.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Credit: Source link