The UK Prudential Regulatory Authority has written to the CEOs of financial institutions highlighting concerns about crypto-assets and highlighting their risk management regulatory obligations should they have relevant exposure.
In a recent “Dear CEO” letter from PRA prudential regulation CEO deputy governor Sam Woods addressed to banks, insurance companies and designated investment firms, PRA noted that crypto-assets have exhibited high price volatility and relative illiquidity in their short history and also raise concerns related to misconduct and market integrity.
“Many appear vulnerable to fraud and manipulation, as well as money-laundering and terrorist financing risks. Entering into activity related to crypto-assets may give also rise to reputational risks. These risks are relevant to both the Financial Conduct Authority’s (FCA) and the PRA’s statutory objectives,” said the note.
However, the PRA also acknowledged that “the underlying distributed ledger or cryptographic technologies, on which many crypto-assets rely, have significant potential to benefit the efficiency and resilience of the financial system over time”.
The note proposed risk management strategies that the PRA considers most appropriate to cryptoassets:
- First, recognition by firms that crypto-assets represent a new, evolving asset class with risks which should be considered fully by the board and highest levels of executive management. In particular, a PRA-approved senior management representative should be involved actively in reviewing and signing off on the risk assessment framework for any planned business direct exposure to crypto-assets and/or entities heavily exposed to crypto-assets. Firms should make their usual supervisory contacts aware of the responsible individual.
- Second, firms’ remuneration policies and practices should ensure that the incentives provided for engaging in this activity do not encourage excessive risk-taking.
- Third, firms ensuring that their risk management approach is commensurate to the risks of cryptoassets. Given the technical complexity of crypto-assets, firms should ensure that they have access to appropriate, relevant expertise to assess any risks stemming from their exposure to these assets. Firms should conduct extensive due diligence before taking on any crypto-exposure and maintain appropriate safeguards against all the related risks. This includes not only financial risks, but also operational (including cyber) and reputational risks.
The note also stated that while classification of crypto-asset exposures for prudential purposes will depend on the precise features of the asset, crypto-assets should not be considered as currency for prudential purposes. Where relevant, firms should set out their consideration of risks relating to crypto-exposures in their Internal Capital Adequacy Assessment Process or Own Risk and Solvency Assessment.
Firms are also expected to inform the regulator of any planned crypto-asset exposure or activity on an ad hoc basis, together with an assessment of the risks associated with the intended exposure.