On 17 July 2024, the Basel Committee on Banking Supervision (BCBS) finalized revisions to the prudential framework for banks’ exposures to cryptoassets.1 The revisions largely introduced additional requirements relating to the preferential treatment of stablecoin exposures — specifically addressing the quality and liquidity of reserve assets backing a stablecoin — as well as diligence obligations and a more granular template for disclosure of cryptoasset exposures.
Below, we summarize the BCBS standards as amended by the July 2024 revisions (the Standards). The implementation date for the standards is 1 January 2026 (extended recently by the BCBS from 2025).
Importantly, the Standards set out minimum requirements, which means implementation by BCBS members may result in stricter standards that may include outright prohibition in bank dealings in certain cryptoassets.
Banks and other participants in the cryptoasset markets are keenly anticipating the details of the implementation of the Standards at the BCBS member level.
In the UK, the Prudential Regulation Authority (PRA) has committed to implement the Standards and to continue to monitor and review various aspects of the cryptoasset ecosystem alongside the BCBS and others. The focus will be on bank-related developments in cryptoasset markets, the role of banks as custodians and stablecoins issuers, and their role within the cryptoassets ecosystem.2
In the European Union, the European Central Bank (ECB) has made it clear that it expects banks to take the Standards into account in their business and capital planning pending transposition of the Standards into EU law as part of the EU’s bank prudential legislation.
Background
Capital and liquidity requirements for cryptoassets are significant factors in a bank’s decision to acquire and deal in cryptoassets. Tokenized versions of traditional securities, for example, will not be attractive relative to familiar nontokenized versions if there are added capital and liquidity surcharges associated with holding the tokenized exposures.
Similarly, the extent of stablecoin holdings could be limited by the extent of any additional capital and/or liquidity requirement relative to holdings of the cash equivalent or the underlying reserve asset.
The BCBS3 developed an additional new chapter in the Basel Framework setting out bespoke treatment of cryptoasset exposures given the novelty of the asset class and the additional risks associated with bank cryptoasset holdings. The BCBS issued its finalized Standards in December 20224 and revised them in July 2024.
The revisions detail further requirements to be met in order for banks to benefit from a preferential treatment for stablecoin exposures and set out new disclosure templates for cryptoasset holdings and liabilities (as well as certain other discrete changes).
The Standards reflect a very cautious approach to bank cryptoasset exposures, and for many cryptoassets and cryptocurrencies, they impose a capital requirement matching at least the absolute exposure value of the cryptoasset. Bank dealings in many cryptoasset types will therefore come with significant capital costs that may act as a barrier to bank participation in these cryptoasset markets.
Compliance with the Standards would be subject to the customary range of supervisory responses including the imposition of capital add-ons, provisions and internal limits.
Scope of Cryptoasset Exposures
Under the Standards, “cryptoassets” are broadly defined as “private digital assets that depend primarily on cryptography and distributed ledger or similar technology.” A “digital asset” is defined as a “digital representation of value which can be used for payment or investment purposes or to access a good or service.”
Central bank digital currencies (CBDCs) are expressly outside the scope of the Standards, but tokenized securities, stablecoins and other cryptocurrencies, utility and other governance or functional tokens, and NFTs fall within the scope. Equivalent definitions in nascent cryptoasset regulatory regimes (such as MiCA5 in the EU) tend to use a narrower definition of “cryptoasset” that excludes certain NFTs, for example. The definition used in the Standards is therefore likely to be adjusted on implementation to align with existing local crypto legislation.
An “exposure” includes all on or off balance sheet amounts that give rise to credit, market, operational and/or liquidity risks. It would include:
- Direct and indirect exposures that can arise from products whose underlying is a cryptoasset.
- Lending to customers to facilitate investment in cryptoassets.
- Dealings with cryptoassets as collateral.
Grouping of Cryptoassets
The Standards require that cryptoasset exposures be categorized within groups that determine the appropriate prudential treatment for a particular cryptoasset exposure.
Group 1 cryptoassets receive preferential treatment. Two types of cryptoassets fall within this group:
- Group 1a: Tokenized versions of traditional financial instruments or assets (e.g., securities, loans).
- Group 1b: Stablecoins satisfying certain conditions.
Group 2 cryptoassets are subject to a conservative approach. They include all cryptoassets that fall outside Group 1, including tokenized securities and stablecoins that do not qualify for inclusion in Group 1. There is a further subdivision within Group 2:
- Group 2a: Cryptoassets that meet the hedging recognition criteria.
- Group 2b: Cryptoassets that do not meet the hedging
recognition criteria.
- Hedging recognition criteria broadly only apply to direct holdings of Group 2 cryptoassets where there is a traded and centrally cleared derivative or an exchange-traded fund or note (ETF or ETN) that solely references the cryptoasset, or direct holdings in such derivatives or ETFs/ETNs. These cryptoassets, whether directly or indirectly held, must satisfy minimum requirements relating to market capitalization, daily trading volume and frequency of price observations.
Capital Requirements: Group 1 Cryptoassets
- Group 1a assets – tokenized assets (credit risk).
- The credit risk weighting is that which is applicable to the nontokenized asset under the existing standards for calculating credit risk capital.
- If the risk profile of the tokenized asset differs from the nontokenized asset, for instance in terms of lower market liquidity for the tokenized asset, banks would have to take that into account before treating the tokenized asset as eligible collateral for credit risk mitigation purposes. Added material volatility in the market for the tokenized asset should also render the tokenized asset ineligible as collateral. It is likely that any variance in collateral eligibility between the tokenized and traditional versions of an asset will affect the use of tokenized securities in the repo and securities lending markets.
- Group 1b assets – qualifying stablecoins (credit risk).
- Given that there may be a variety of structures underlying a stablecoin, there will be a credit risk exposure to one or more of the issuer or other entity satisfying a redemption request (the “redeemer”), to an intermediary carrying out a redemption function as well as to the reference asset (assuming it is not a fiat currency).
- If there is a credit exposure to the redeemer for the amount
of any unredeemed stablecoins, the exposure amount may be reduced if the
stablecoin structure grants security to holders. The collateral for the
security would have to satisfy the normal collateral eligibility criteria
in order to reduce the credit exposure.
- There will be no credit exposure to the redeemer if the stablecoin holder is granted a direct claim on the reserve assets and the assets are held in a special purpose vehicle in a way that is bankruptcy-remote from the redeemer.
- A reference asset may give rise to credit risk. If the
reference asset is a bond, for example, there will be a credit exposure to
the bond issuer that will have to be calculated using the risk weight
ascribed to the bond issuer under the existing Basel Framework.
- If the reference asset includes a foreign exchange market (FX) or commodities exposure, that exposure would have to be capitalized under the market risk framework instead.
- If the redemption function is carried out by an
intermediary (which may occur in structures where the issuer only deals
with bank intermediaries that in turn deal with holders), the intermediary
may be legally obligated to meet redemption requests at the peg value
(i.e., the par value or the value of the reference asset(s) to
which one stablecoin unit is redeemable at) or may otherwise be
incentivized to “step in” and satisfy the redemption for reputational or
other reasons. In such circumstances, credit risk capital will be required
against the exposure to the intermediary based on the risk weight
applicable to the intermediary. If there are several intermediaries, the
lowest risk weight among the intermediaries can be used.
- From the perspective of a bank intermediary, it will have credit risk exposure on its own stablecoin holdings as well as an exposure based on stablecoins it is obligated or incentivized to purchase from holders where it is not able to redeem them because of a redeemer failure.
- Group 1 assets (market risk).
- The Standards prescribe that the normal rules in the Basel Framework apply to calculate capital required to address market risks. For a tokenized asset, this would be by reference to the risk factors attaching to the traditional asset. Similarly, for a stablecoin that references a traditional asset.
- Infrastructure add-on for Group 1 assets.
- Noting the novelty of distributed ledger technology (DLT) and other relevant technologies, bank regulators are able to impose a capital add-on for Group 1 cryptoasset exposures. The add-on is set at zero but can be increased if the infrastructure on which a cryptoasset is based proves to have weaknesses.
Capital Requirements – Group 2 Cryptoassets
- Whether a Group 2a cryptoasset is recorded in the banking book (i.e., held to maturity) or in the trading book, only the market risk rules apply to Group 2 assets, similar to FX and commodities risks. The formulaic approaches to calculating market risk (under the Simplified Standardized Approach or Standardized Approach) have to be used, and models-based approaches are barred.
- Group 2b exposures are subject to a
risk weight of 1,250%, which applies to the greater of the absolute value
of the aggregate long position and the aggregate value of the absolute
short position in a Group 2b cryptoasset. Multiplied by the 8% minimum
capital requirement to risk-weighted assets, this results in a capital
requirement equaling the cryptoasset exposure. In practice, the required
capital is significantly higher given the absence of netting of long and
short positions, and the minimum risk capital requirement being much
higher than 8% for banks that are subject to buffer requirements and
Pillar 2 discretionary capital add-ons.
- If there are material exposures to short positions (which can in theory lead to unlimited losses), the required capital may be insufficient to cover losses. In this case, the bank regulator can impose a capital add-on based on the extent to which the capital requirement using the market risk framework exceeds that resulting from merely applying a 1,250% risk weight.
Derivatives and SFTs Relating to Cryptoassets
The Standards clarify that the existing standards to calculate capital for credit valuation adjustment (CVA) risk associated with derivatives and fair-valued securities financing transactions (SFTs) (i.e., certain repo/reverse-repo and securities lending transactions) also apply to derivatives and SFTs relating to cryptoassets.
Derivatives counterparty credit risk is to be calculated using either the standardized or models-based approaches for Group 1 cryptoassets. Only the standardized, formulaic approach can be used for Group 2 cryptoassets, with some inputs into the standardized approaches being set at conservative levels.
Liquidity Requirements
For the purposes of the liquidity coverage ratio (LCR) — which addresses short-term bank liquidity risks over a 30-day horizon — and the net stable funding ratio (NSFR) — which ensures sufficient stable and longer-term (exceeding a one-year maturity) funding — only Group 1A cryptoassets can potentially qualify as high-quality liquid assets (HQLA).
The LCR and NSFR standards are otherwise applied subject to certain changes. Notably, under the NSFR, holdings of Group 2 cryptoassets will require stable funding equal to the amount of such cryptoassets. Under the LCR, no inflows can be recognized with the liquidation or maturity of such cryptoassets.
Bank regulators are required to apply a more stringent treatment under the NSFR and the LCR where they consider that there are additional liquidity risks that could arise from aspects of the technological infrastructure or the characteristics of the relevant cryptoasset market.
Exposure Limits
The existing limits on large exposures will apply equally to all credit exposures arising from cryptoassets, including any exposures to reserve and reference assets.
There is an additional limit specific to holdings of Group 2 assets. A bank’s aggregate exposure to Group 2 cryptoassets should not exceed 1% of its Tier 1 capital, which is typically its equity capital, and is subject to a strict 2% limit.
Banks will be required to notify their regulator on breaching the 1% limit and to restore compliance with that limit. Any Group 2 holdings in excess of that limit will be subject to the capital treatment for Group 2b assets, i.e., a 1,250% risk weight and at least a dollar-for-dollar matching capital requirement. Exceeding the 2% limit results in the 1,250% risk weight applying to the entirety of a bank’s Group 2 cryptoasset holdings.
Conditions for Group 1 Categorization
To fall within Group 1, a tokenized asset would need to present the same level of risk as a nontokenized version of the asset. It cannot introduce any additional counterparty risks or have to be converted into the traditional asset in order to receive the rights associated with the traditional asset.
Group 1 cryptoassets are also subject to a requirement for the bank to carry out a legal review to ensure settlement finality in both primary and secondary markets (i.e., in-flight transactions can be settled notwithstanding a supervening insolvency or default of a market participant). The rights, obligations and interests arising from the cryptoasset must be clearly defined, documented and enforceable in the jurisdictions where the asset is issued or redeemed.
Further, the functions of the cryptoasset, such as the issuance validation, redemption and transfer, and the network on which it is based cannot give rise to any material risks that could impair the transferability, settlement finality or redeemability of the cryptoasset. Relevant entities such as the issuer, any administrator or custodian are required to be subject to robust risk management and control policies. Key elements of the network must be clearly set out so as to ensure that transactions and participants are traceable.
Entities that carry out certain functions (redemptions, transfers, storage, settlement or managing/investing reserve assets, for instance by wallet providers, validators administrators or custodians) are required to be regulated or subject to appropriate risk management standards and have in place a comprehensive governance framework.
Additional Conditions for Stablecoins (Group 1b)
The stabilization mechanism underlying the cryptoasset should be subject to a monitoring framework to ensure fluctuations in the market value relative to the peg value are minimized. Banks are required to verify the ownership rights of reserve assets and whether they are stored and managed appropriately.
The bank’s assessment of the effectiveness of the stabilization mechanism and the supporting evidence relied on must be documented and made available to the relevant regulator on request.
The stablecoin issuer must be regulated and is subject to capital and liquidity requirements.
Algorithm-based stablecoins and those that reference other cryptoassets (including other stablecoins) are not eligible to be categorized under Group 1b.
The stablecoin must pass the “redemption risk test,” which is designed to ensure the stablecoin can be redeemed at the peg value. This includes redemption in extremely stressful market conditions. The test requires that:
- The value of the reserve assets equal or exceed the outstanding peg value of issued stablecoins at all times. Reserve assets must overcollateralize where there are additional risks (e.g., reserve assets comprising bonds will present additional credit, market and liquidity risks).
- Reserve assets backing stablecoins that reference fiat currencies should mainly consist of short-term assets with high credit quality and low volatility, such as deposits at high credit quality banks and zero risk-weighted claims on sovereigns.
- Generally eligible reserve assets can include (but are not
limited to):
- Central bank reserves to the extent they can be drawn down in times of stress.
- Sovereign/central bank-issued or guaranteed securities.
- Deposits at high credit quality banks with safeguards such as concentration limits and bankruptcy remoteness from entities involved in the stablecoin operation.
- Reserve assets must be capable of rapid liquidation with minimal adverse price effect, including sufficient daily liquidity to meet instant redemption requests.
- Reserve assets must be bankruptcy-remote from any entity issuing or performing another operational role, or managing or taking custody of the reserve assets.
- Reserve assets must be denominated in the same currency or currencies as used for the peg value (with a de minimis amount of assets allowed in a different currency if necessary for the cryptoasset arrangement).
- For stablecoins that are not pegged to currencies, the reserve assets should largely comprise the reference assets.
These requirements are similar to reserve asset quality requirements set out in emerging regulatory regimes governing cryptoassets or stablecoins such as in the EU (under MiCA) and the UK.
The management of the reserve assets should ensure:
- Prompt redemption at the peg value.
- Safe custody of the reserve assets.
- A risk management framework, including ongoing monitoring of counterparties and custodians, daily valuation of reserve assets and stress testing.
- Public disclosure of the composition and value of the reserve assets and outstanding issued amounts, all of which are required to be verified independently on at least a semiannual basis and are subject to an annual independent external audit.
Monitoring Compliance With Classification Conditions
Banks are responsible for monitoring and documenting compliance with the classification conditions as well as the hedging recognition criteria in respect of Group 2a assets. They are required to have adequate risk management policies and procedures, governance, and human and technological resources for this purpose.
Prior to the implementation date of the Standards (or following the implementation date and in advance of any acquisition of a cryptoasset exposure), banks must notify their regulator of the classification of their cryptoasset exposures, allowing sufficient time for the regulator to override the bank’s classification.
This is not a regulatory preapproval requirement but may in practice operate as such, depending on the approach of the relevant bank regulator.
In respect of Group 1b stablecoins, the bank must carry out due diligence on the stabilization mechanism, including carrying out a “basis risk test” (covering statistical and other tests) to ensure the stablecoin can be sold in the market closely tracking the peg value.
Disclosure Requirements
Banks will be subject to extensive disclosure obligations. The Standards as revised include a separate chapter6 prescribing templates for disclosures covering:
- Information on an annual basis on the bank’s cryptoasset activities and its approach to applying the classification conditions in grouping its cryptoasset holdings.
- Capital requirements for each group of cryptoasset, disclosable semiannually.
- Accounting classification and measurement of exposures and liabilities.
- Liquidity risk-related requirements.
Conclusion
The Standards represent a very cautious approach to bank dealings in cryptoassets and can be said to be prohibitive in many instances. The market for tokenized securities, deposits and other assets continues to evolve, and it remains to be seen whether the tokenized and nontokenized markets for the same asset will be aligned enough to ensure parity of treatment, or whether bank regulators will prefer a cautious prudential approach to tokenized assets, possibly applying an even stricter approach than required under the Standards.
Not all stablecoins will benefit from Group 1b classification, though the BCBS is open to statistical analysis and other methods of demonstrating the low risk profile of a stablecoin that may not otherwise meet the conditions for Group 1b classification.
We can expect the BCBS to further develop and iterate the Standards in response to increasing market and regulator familiarity with cryptoassets and how they function across a range of market conditions, as well as market developments and to address any emerging risks. The BCBS has specifically mentioned a number of areas for further monitoring and consideration, including bank cryptoasset custody activities.
We will issue further publications on any additional material changes to the Standards and their implementation in the UK and EU.
_______________
1 See the revisions and related disclosure standards.
2 The PRA’s existing approach to the expected prudential treatment and risk controls associated with cryptoassets is set out in this Dear CEO letter.
3 The BCBS is the primary global standard-setter for the prudential regulation of banks. It has 45 members comprising central banks and bank supervisors from 28 jurisdictions.
4 The December 2022 Standards, in the form of Chapter SCO60 of the Basel Framework.
5 Markets in Cryptoassets Regulation (EU) 2023/1114. See our 23 November 2022 client alert on MiCA and our 16 November 2023 client alert on the UK proposals to regulate stablecoins.
6 “DIS55 Cryptoasset exposures” in the Basel Framework.
This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.