The U.K. Prudential Regulation Authority has published a "Dear CEO" letter, addressed to the Chief Executive Officers of banks, insurance companies and designated investment firms. The purpose of the letter is to remind firms of their relevant obligations under the PRA rules and to communicate the PRA's expectations regarding firms' exposures to crypto-assets.
Crypto-assets have exhibited high price volatility and relative illiquidity and may also be vulnerable to fraud and manipulation, which raises concerns about potential misconduct and poses issues for market integrity. The PRA's letter does not define crypto-assets, but the Financial Conduct Authority uses this term to refer to any publicly available electronic medium of exchange that features a distributed ledger and a decentralized system for exchange. The FCA recently published a "Dear CEO" letter outlining best practice for firms in handling the financial crime risks that crypto-assets can pose.
The PRA letter reminds firms that they have responsibilities under the PRA's Fundamental Rules. Particularly relevant in the context of crypto-assets are FR 3 (to act in a prudent manner), FR 5 (to have effective risk strategies and risk management systems) and FR 7 (to deal with regulators in an open and co-operative way, and disclose appropriately anything relating to your firm of which the PRA would reasonably expect notice). The letter then goes on to outline risk strategies and risk management systems that the PRA considers most appropriate for crypto-assets. These are:
(i) The risks of this new, evolving asset class should be considered at the level of the board and the highest levels of executive management. In the case of insurance firms, this should also include an individual appointed to an appropriate Senior (Insurance) Management Function, who should be involved in review and sign-off on the risk assessment framework for any planned exposure to crypto-assets.
(ii) Firms should ensure, within their remuneration policies and practices, that incentives for engaging in crypto-assets-related activity do not encourage excessive risk-taking.
(iii) Firms' risk management approach - which includes not only financial risk but also cyber risk, wider operational risk and reputational risk - should be commensurate to the risks of crypto-assets. The approach should include ensuring the firm has access to appropriate, relevant expertise to assess any risks stemming from exposure to these technically complex assets. Extensive due diligence should be conducted before taking on any crypto-asset exposure and appropriate safeguards should be maintained against the related risks.
The letter confirms the PRA's expectations around classifying crypto-assets for prudential purposes. The PRA explains that, although classification will depend on the precise features of the assets, it does not generally expect crypto-assets to be classified as currency for prudential purposes.
The letter requests that, where relevant, firms set out their consideration of risks relating to crypto-asset exposures in their internal capital adequacy assessment process or their own risk and solvency assessment. The letter also requests that firms keep their PRA supervisory contact informed of any planned crypto-asset exposure or activity, together with an assessment of the associated risks.
Finally the PRA states that it will communicate any supervisory or policy updates on the prudential treatment of crypto-assets, including through Pillar 2 for banks, if it deems it necessary as a result of ongoing discussions among authorities internationally.
View the PRA's Dear CEO letter.
View the FCA's Dear CEO letter.