Building on yesterday’s discussions of regulating, I got copied on a letter that’s doing the rounds from Sam Woods, Deputy Governor of the PRA (the Prudential Regulatory Authority). It lays out the official position and expectations of the regulator when financial insitutions are dealing with crypto-assets. It makes for interesting reading and you can read the original letter here.
Here’s the letter in full for those who need to know:
Existing or planned exposure to crypto-assets I am writing to the CEOs of banks, insurance companies and designated investment firms to remind them of the relevant obligations under PRA rules, and to communicate the PRA’s expectations regarding firms’
exposure to crypto-assets.
We acknowledge that firms may have taken limited exposure to crypto-assets to date, and hope this letter is helpful to firms in considering any existing exposures and/or plans for the future. We also recognise that the underlying distributed ledger or cryptographic technologies, on which many crypto-assets rely, have significant potential to benefit the efficiency and resilience of the financial system over time.
The range of products and market participants related to crypto-assets has grown quickly. In their short history, crypto-assets have exhibited high price volatility and relative illiquidity. Crypto-assets also raise concerns related to misconduct and market integrity – many appear vulnerable to fraud and manipulation, as well as money-laundering and terrorist financing risks. Entering into activity related to crypto-assets may give also rise to reputational risks. These risks are relevant to both the Financial Conduct Authority’s (FCA) and the PRA’s statutory objectives (see footnote 1).
I remind you of your firm’s responsibilities under the PRA’s Fundamental Rules 3, 5 and 7 to: (i) act in a prudent manner; (ii) have effective risk strategies and risk management systems; and (iii) deal with regulators in an open and co-operative way, and disclose appropriately anything relating to your firm of which we would reasonably expect notice (see footnote 2).
The risk strategies and risk management systems that the PRA considers most appropriate to cryptoassets include the following:
- First, recognition by firms that crypto-assets represent a new, evolving asset class with risks which should be considered fully by the board and highest levels of executive management. In particular, an individual approved by the PRA to perform an appropriate Senior (Insurance) Management Function (S(I)MF) should be involved actively in reviewing and signing off on the risk assessment framework for any planned business direct exposure to crypto-assets and/or entities heavily exposed to crypto-assets. Firms should make their usual supervisory contacts aware of the responsible individual.
- Second, firms’ remuneration policies and practices should ensure that the incentives provided for engaging in this activity do not encourage excessive risk-taking.
- Third, firms ensuring that their risk management approach is commensurate to the risks of cryptoassets. Given the technical complexity of crypto-assets, firms should ensure that they have access to appropriate, relevant expertise to assess any risks stemming from their exposure to these assets. Firms should conduct extensive due diligence before taking on any crypto-exposure and maintain appropriate safeguards against all the related risks. This includes not only financial risks, but also operational (including cyber) and reputational risks.
Classification of crypto-asset exposures for prudential purposes should reflect firms’ comprehensive assessment of the risks involved. Although classification will depend on the precise features of the asset, crypto-assets should not be considered as currency for prudential purposes.
Where relevant, firms should set out their consideration of risks relating to crypto-exposures in their Internal Capital Adequacy Assessment Process or Own Risk and Solvency Assessment. This should include: discussion of the major drivers of risk; sensitivity analysis to assess how changes in risk drivers might affect valuations and projections, and affect the firm’s capital/solvency ratios; and an assessment of risk mitigants and what capital should be held against this risk.
We also expect firms to inform their usual supervisory contact of any planned crypto-asset exposure or activity on an ad hoc basis, together with an assessment of the risks associated with the intended exposure.
Discussions are ongoing, including amongst authorities internationally, on the prudential treatment of crypto-assets. We will communicate any supervisory or policy updates on the prudential treatment of crypto-assets, including through Pillar 2 for banks if deemed necessary, in due course.
If you have any questions concerning the content of this letter, please get in touch with your usual supervisory contact.
Deputy Governor and CEO, Prudential Regulation Authority
I also refer you to the FCA’s recent letter of 11 June for further details on firms’ obligations as relates to financial crime:
As published in Policy Statement 5/14: www.bankofengland.co.uk/prudential-regulation/publication/2014/the-pra-rulebook.