The past few years have seen a growth in crypto-assets. While the crypto-asset market remains small relative to that of the global financial system, and banks currently have very limited direct exposures, the Committee is of the view that the continued growth of crypto-asset trading platforms and new financial products related to crypto-assets has the potential to raise financial stability concerns and increase risks faced by banks.
While crypto-assets are at times referred to as “crypto-currencies”, the Committee is of the view that such assets do not reliably provide the standard functions of money and are unsafe to rely on as a medium of exchange or store of value. Crypto-assets are not legal tender, and are not backed by any government or public authority. Through this newsletter, the Basel Committee is setting out its prudential expectations related to banks’ exposures to crypto-assets and related services, for those jurisdictions that do not prohibit such exposures and services.
Crypto-assets have exhibited a high degree of volatility and are considered an immature asset class given the lack of standardisation and constant evolution.
They present a number of risks for banks, including liquidity risk; credit risk; market risk; operational risk (including fraud and cyber risks); money laundering and terrorist financing risk; and legal and reputation risks. Accordingly, the Committee expects that if a bank is authorised and decides to acquire crypto-asset exposures or provide related services, the following should be adopted at a minimum:
- Due diligence: Before acquiring exposures to crypto-assets or providing related services, a bank should conduct comprehensive analyses of the risks noted above. The bank should ensure that it has the relevant and requisite technical expertise to adequately assess the risks stemming from crypto-assets.
- Governance and risk management: The bank should have a clear and robust risk management framework that is appropriate for the risks of its crypto-asset exposures and related services. Given the anonymity and limited regulatory oversight of many crypto-assets, a bank’s risk management framework for crypto-assets should be fully integrated into the overall risk management processes, including those related to anti-money laundering and combating the financing of terrorism and the evasion of sanctions, and heightened fraud monitoring. Given the risk associated with such exposures and services, banks are expected to implement risk management processes that are consistent with the high degree of risk of crypto-assets. Its relevant senior management functions are expected to be involved in overseeing the risk assessment framework. Board and senior management should be provided with timely and relevant information related to the bank’s crypto-asset risk profile. An assessment of the risks described above related to direct and indirect crypto-asset exposures and other services should be incorporated into the bank’s internal capital and liquidity adequacy assessment processes.
- Disclosure: A bank should publicly disclose any material crypto-asset exposures or related services as part of its regular financial disclosures and specify the accounting treatment for such exposures, consistent with domestic laws and regulations.
- Supervisory dialogue: The bank should inform its supervisory authority of actual and planned crypto-asset exposure or activity in a timely manner and provide assurance that it has fully assessed the permissibility of the activity and the risks associated with the intended exposures and services, and how it has mitigated these risks.
The Committee continues to monitor developments in crypto-assets, including banks’ direct and indirect exposures to such assets. The Committee will in due course clarify the prudential treatment of such exposures to appropriately reflect the high degree of risk of crypto-assets. It is coordinating its work with other global standard setting bodies and the Financial Stability Board. bis.org