Hot on the heels of the FCA’s recent “Dear CEO” letter, the PRA has sent its own reminder to regulated firms considering, or already holding, crypto-assets.
Whilst the FCA focussed on mitigating the financial crime risks faced from use of crypto-assets, the PRA focussed on the risk of exposure to these developing assets which (in the words of the PRA) “have exhibited high price volatility and relative illiquidity” and in the view of the FCA carry the potential for abuse.
PRA’s expectations regarding exposure to crypto-assets
The PRA has stated:
- The risks of crypto-assets should be subject to full consideration by the board and highest levels of management.
- Where any planned business involves direct exposure to crypto-assets or to entities heavily exposed to crypto-assets, an approved, appropriate, individual with a Senior (Insurance) Management Function should be directly involved in the review, and should sign off on the risk assessment framework. Firms should notify the PRA of that responsible individual.
- Incentives provided for involvement in crypto-assets should not encourage excessive risk-taking.
- Firms should ensure they have appropriate expertise to assess their risks of crypto-asset exposure.
- Extensive due diligence should be undertaken before taking on an exposure to crypto-assets.
- Safeguards against all related risks need to be maintained. The perceived risks of crypto-assets encompass not just financial risks, but also operational risks (including cyber risks) and reputational damage. However firms should assess and set out their own consideration of the risks.
The PRA expects firms to inform their supervisory contact of any planned crypto-asset exposure or activity. The PRA acknowledges in the letter that classification of a crypto-asset will depend on the precise feature of the asset, though confirm that crypto-assets “should not be considered as currency for prudential purposes.”
FCA’s good practice for handling financial crime risks posed by crypto-assets
The FCA’s reminders were:
- Enhanced scrutiny of clients/prospective clients and their activities may be required when these involve significant business or revenues derived from crypto-related activities.
- It may be appropriate to consider:
- Developing staff knowledge and expertise on crypto-assets to ensure clients/activities with a higher risk of financial crime can be identified.
- Financial crime frameworks that keep pace with the fast-moving developments and which should adequately cater for relevant crypto-related activities.
- Client engagement to understand the nature of their crypto-asset business.
- Due diligence on key individuals.
- Considering clients’ own due diligence processes where those clients offer forms of crypto-exchange services.
- When looking at an Initial Coin Offering (ICO), the issuance’s investor base, organisers, the intended use and functionality of the token, and jurisdiction.
- The risks associated with different businesses involved in crypto-assets will differ. It will not be appropriate to approach all clients involved with crypto-assets in the same way.
- Where customers hold crypto-assets, or these will be the source of funds, the same risk criteria should be used as applied to other sources of wealth/funds. Although the evidential trail for crypto-assets may be weaker, the evidential test to be satisfied does not change.
- There may be heightened risk of investment fraud where retail clients are contributing substantial sums to ICOs.
Crypto-assets remain a developing area, both in respect of the products and services on offer, and the regulatory landscape that applies. The guidance and/or requirements emanating from both the FCA and PRA are likely to change as the benefits, risks and types of crypto-assets continue to develop. Indeed, the PRA’s letter anticipates that supervisory or policy updates may be required in due course.
Future developments will include the outcome of the Treasury Committee’s inquiry into digital currencies, which has the potential to result in further regulation. Firms either involved in, with customers involved in, or with exposure to entities involved in, crypto-assets will need to stay abreast if the FCA and/or PRA’s approach to crypto-assets as these develop.