Through a newsletter, the Basel Committee set out its prudential expectations related to banks’ exposures to cryptoassets and related services, for those jurisdictions that do not prohibit such exposures and services.
Cryptoassets have exhibited a high degree of volatility and are considered an immature asset class given the lack of standardization and constant evolution. They present a number of risks for banks, including liquidity risk; credit risk; market risk; operational risk (including fraud and cyber risks); money laundering and terrorist financing risk; and legal and reputation risks. Accordingly, the Committee expects that if a bank is authorized and decides to acquire cryptoasset exposures or provide related services, the following should be adopted at a minimum:
Due diligence: Before acquiring exposures to cryptoassets or providing related services, a bank should conduct comprehensive analyses of the risks noted above. The bank should ensure that it has the relevant and requisite technical expertise to adequately assess the risks stemming from cryptoassets.
Governance and risk management: The bank should have a clear and robust risk management framework that is appropriate for the risks of its cryptoasset exposures and related services. Given the anonymity and limited regulatory oversight of many cryptoassets, a bank’s risk management framework for cryptoassets should be fully integrated into the overall risk management processes, including those related to anti-money laundering and combating the financing of terrorism and the evasion of sanctions, and heightened fraud monitoring. Given the risk associated with such exposures and services, banks are expected to implement risk management processes that are consistent with the high degree of risk of cryptoassets. Its relevant senior management functions are expected to be involved in overseeing the risk assessment framework. Board and senior management should be provided with timely and relevant information related to the bank’s cryptoasset risk profile. An assessment of the risks described above related to direct and indirect cryptoasset exposures and other services should be incorporated into the bank’s internal capital and liquidity adequacy assessment processes.
Disclosure: A bank should publicly disclose any material cryptoasset exposures or related services as part of its regular financial disclosures and specify the accounting treatment for such exposures, consistent with domestic laws and regulations.
Supervisory dialogue: The bank should inform its supervisory authority of actual and planned cryptoasset exposure or activity in a timely manner and provide assurance that it has fully assessed the permissibility of the activity and the risks associated with the intended exposures and services, and how it has mitigated these risks.
The Committee continues to monitor developments in cryptoassets, including banks’ direct and indirect exposures to such assets. The Committee will in due course clarify the prudential treatment of such exposures to appropriately reflect the high degree of risk of cryptoassets. It is coordinating its work with other global standard setting bodies and the Financial Stability Board.