The FCA has issued various consumer warnings and statements on the regulatory position of ICOs. There is also an ongoing review of cryptocurrencies by the Treasury, Bank of England and FCA Taskforce, which forms an integral part of the FCA’s 2018/19 Business Plan.
But what about the regulatory issues for firms authorised by the PRA / FCA who currently invest in crypto-assets, or are planning to do so in the future? On 28 June 2018, the PRA issued a welcome reminder of its expectations and the regulatory responsibilities that should be at the forefront of investors’ minds in the form of this “Dear CEO” letter.
FCA Principles for Business and PRA Fundamental Rules
The UK’s financial regulators have been vocal about their concerns around the high price volatility and illiquidity of crypto-assets; the potential for misconduct (in particular, the risk of fraud, money laundering and terrorist financing); and associated reputational risks.
These risks are relevant to the regulators’ statutory objectives and also feed into the to FCA’s Principles for Business and the PRA’s Fundamental Rules, which require authorised firms to:
- act in a prudent manner / conduct their business with due skill, care and diligence;
- take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems; and
- deal with their regulator(s) in an open and cooperative way, and to disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice.
The PRA’s letter is an important reminder that these principles and rules are particularly pertinent to firms that are authorised by the FCA / PRA (as applicable) and have invested (or intend to invest) in crypto-assets.
The PRA’s expectations
From a risk strategies and risk management perspective, the PRA expects:
- a firm’s exposure to crypto-assets to be considered fully by the Board and highest levels of executive management. In particular, an individual approved by the PRA to perform an appropriate Senior (Insurance) Management Function should be involved actively in reviewing and signing off on the risk assessment framework for any planned business direct exposure to crypto-assets and/or entities heavily exposed to crypto-assets.
- a firm’s remuneration policies and practices not to provide incentives which encourage excessive risk-taking;
- a firm’s risk management approach to be commensurate to the risks of cryptoassets. In particular, firms should:
- ensure that they have access to appropriate, relevant expertise to assess any risks stemming from their exposure to these assets;
- conduct extensive due diligence before taking on any crypto-exposure; and
- maintain appropriate safeguards against all the related risks (including financial risks, operational (including cyber) and reputational risks); and
- a firm to inform its usual supervisory contact of any planned crypto-asset exposure or activity on an ad hoc basis, together with an assessment of the risks associated with the intended exposure.
Impact on ICAAP and Own Risk and Solvency Assessment
In the letter, the PRA states that (where relevant) firms should set out their consideration of risks relating to crypto-exposures in their Internal Capital Adequacy Assessment Process or Own Risk and Solvency Assessment. This should include:
- discussion of the major drivers of risk;
- sensitivity analysis to assess how changes in risk drivers might affect valuations and projections, and affect the firm’s capital/solvency ratios; and
- an assessment of risk mitigants and what capital should be held against this risk.
The letter also confirms that, depending on the precise features of the asset, crypto-assets should not be considered as currency for prudential purposes. This means that firms will not be able to rely on these assets as capital for the purposes of demonstrating financial soundness and solvency.
The future of prudential regulation governing crypto-assets
The message from the PRA is essentially ‘watch this space’. Discussions regarding the prudential treatment of crypto-assets continue amongst regulators at both a national and international level.
On 16 July 2018, the Financial Stability Board (FSB) published a report describing international work that has been carried out on crypto-assets. It is interesting to note that the Basel Committee on Banking Supervision (BCBS) is conducting a stocktake of how its members currently treat their exposures to crypto-assets as part of their domestic prudential rules. Based on the results of this review, the BCBS will consider whether to formally clarify the prudential treatment of crypto-assets across the set of risk categories (including credit risk, counterparty credit risk, market risk and liquidity risk, etc).