PRA ‘Dear CEO’ letter on existing or planned exposure to crypto-assets

On 28 June 2018, the Prudential Regulation Authority (“PRA“) published a ‘Dear CEO’ letter by Sam Woods, Deputy Governor and CEO of the PRA, with regards to existing or planned exposure to crypto-assets. The purpose of the letter was to remind PRA regulated entities of their obligations and communicate the PRA’s corresponding expectations.

Mr Woods mentioned that, even though exposure to crypto-assets may have been, to date, limited, it is worth noting that crypto-assets have exhibited high price volatility and relative liquidity and they raise concerns regarding misconduct and market integrity, as well as money laundering and terrorist financing. In light of these characteristics, firms should be reminded of their responsibilities as follows:

• PRA’s Fundamental Rule 3: act in a prudent manner;
• PRA’s Fundamental Rule 5: have effective risk strategies and risk management systems; and
• PRA’s Fundamental Rule 7: deal with regulators in an open and co-operative way.

The following risk strategies and risk managements systems are considered by the PRA as the most appropriate in the context of crypto-assets:

• Firms should recognise that crypto-assets are a new and evolving assets class whose risks must be fully considered by the board and high ranking executive officers. Consequently, an individual approved by the PRA to perform an appropriate Senior Management Function (SMF) should be involved actively in reviewing and signing off on the risk assessment framework for any planned direct exposure to crypto-assets and/or entities heavily exposed to crypto-assets.
• Firms’ remuneration policies and practices should ensure that the incentives provided for engaging with crypto-assets do not encourage excessive risk-taking.
• Firms, relying on appropriate and relevant expertise, must ensure that their risk management approach is commensurate to the risks of crypto-assets. They should, therefore, undertake extensive due diligence before taking on any crypto-exposure and maintain appropriate safeguards against all the related risks, including financial but also operational and reputational risks.

Mr Woods confirms that crypto-assets should not be considered as currency for prudential purposes and notes that their classification for prudential purposes should reflect firms’ comprehensive assessment of the risks involved. If relevant, firms should set out their consideration of risks relating to crypto-exposures in their Internal Capital Adequacy Assessment Process or Own Risk and Solvency Assessment. They should also inform their usual supervisory contact accordingly.