Risk guidance takes shape from a series of the global oversight bodies' pronouncements
Thursday, April 18, 2019
By John Hintze
Despite fluctuations in cryptocurrency prices - or perhaps because of their ongoing volatility and uncertainty - global regulatory authorities continue to monitor and sound warnings on financial stability and banking risks.
The Basel Committee on Banking Supervision (BCBS), in a March 13 statement, said that as a volatile and immature asset class that lacks standardization, crypto‐assets “present a number of risks for banks, including liquidity risk; credit risk; market risk; operational risk (including fraud and cyber risks); money laundering and terrorist financing risk; and legal and reputation risks.”
Echoing dialogues among prominent central bankers on whether cryptocurrencies meet the definition of money (see, for example, Crypto Assets May Not Be 'Systemic', but Central Bankers Are On Alert), the statement said that they “do not reliably provide the standard functions of money and are unsafe to rely on as a medium of exchange or store of value.”
On April 5, 2019, FSB published a directory listing nearly 100 regulatory entities around the world, including eight in the U.S., overseeing crypto‐asset activity. The publication was presented as “part of ongoing work by the FSB and standard-setting bodies on crypto‐assets.”
“Possible Regulatory Gaps”
Crypto‐assets were mentioned in an April 4 letter to G‐20 finance ministers and central bankers from FSB chair Randal K. Quarles, who is also Federal Reserve vice chair for supervision, on the stability board's current agenda:
“The FSB continues to monitor the financial stability implications of crypto‐assets and is currently working to identify possible regulatory gaps in this area,” Quarles wrote. “In addition, we are analyzing broader financial stability implications of technological innovation, such as the entry of large technology firms into finance and the growth in decentralized financial technologies.”
He said that for the G-20 meeting in June, “the FSB will deliver a report on the financial stability implications of decentralized financial technologies for the governance of financial regulation.”
Aaron Bridgers, head of risk testing analytics and automation, and deputy head of model risk management and validation, at Regions Bank of Birmingham, Alabama, has been watching closely. He attributes the BIS‐level interest in crypto‐assets to their valuations. Bitcoin, for example, was worth less than $1,000 over the first eight years of its existence, until early 2017. It soared to more than $17,000 by the end of that year, then plummeted below $4,000 over the next year, before a recent comeback. There have been thousands of so‐called initial coin offerings (ICOs) over the past few years by both new and established entities.
Bridgers said trading volumes in the billions on some crypto exchanges caught the attention of the traditional banking system. Banco Santander, for one, is offering crypto‐asset-related services, and JPMorgan Chase & Co. has launched the JPM Coin digital token.
“These developments have created the impetus needed for [BCBS's] statement on [crypto‐assets] and other assets that use digital tokens,” Bridgers said.
Tom Kimner, director of global risk marketing and operations at SAS, said the increase in the supply of crypto‐assets and coins has prompted regulators to consider how they are going to determine and evaluate their supply and flow. “As more cryptocurrency is pushed into the markets, they'll need to look at systemic risk increases,” Kimner said.
In terms of due diligence, the BCBS statement says that before acquiring exposures to crypto‐assets or providing related services, banks should conduct comprehensive analyses of the potential risks and ensure they have the “relevant and requisite technical expertise to adequately assess the risks.”
Bridgers noted that no U.S. bank currently provides direct access to the crypto‐asset markets, and most have stopped allowing the assets to be purchased with bank-issued credit cards. Nevertheless, banks can acquire companies that provide access to or issue crypto‐assets, or they can partner, as Banco Santander did with Ripple in facilitating cross-border payments.
“JPMorgan created a [crypto‐asset] ledger backed by U.S. dollars to facilitate international payments, securities transactions, and intra-company payments for multinational enterprises,” Bridgers added.
Kimner said that the necessary expertise changes depending on the part of the value chain in question. Creating and mining crypto‐assets requires more advanced technical expertise, while pricing and valuing the assets calls for a strong financial background, even including financial engineering.
“People with solid modeling and quantification skills are helpful throughout the value chain,” the SAS executive said.
Bridgers said that as crypto‐assets are quickly evolving, so, too, are their range of risks, which include:
- Technology's impact on valuations. Traditional or fiat currencies are supported by nation-states and are independent of any technology used to facilitate them. Crypto‐asset values are closely tied to their technologies and market-participant consensus.
- Crypto‐assets' transfer risk. The assets can become locked up and their values inaccessible if keys to open digital wallets are lost. Best practices have yet to be established for inheriting or passing on crypto‐assets.
- Consensus attacks. Crypto‐assets are vulnerable to attacks by malign parties, potentially nation-states, that control at least 51% of the nodes providing distributed‐ledger consensus. Thinly traded crypto‐assets are especially vulnerable.
- Compliance risk. The anonymity of participants in a crypto‐asset network complicate compliance with know-your-customer and anti‐money‐laundering rules.
- Obsolescence risk. Rapidly improving methods to provide consensus will force existing crypto‐assets to adapt quickly or be replaced.
- Emergent risks - Unforeseen risks can arise in a new asset class, as in a 2017 exploit of security vulnerabilities that led to the theft of $32 million of Ethereum.
Integration in Risk Processes
On the risk management front, and given the crypto markets' anonymity and limited regulatory oversight, BCBS said banks' risk frameworks should be “fully integrated into the overall risk management processes, including those related to anti‐money‐laundering and combating the financing of terrorism and the evasion of sanctions, and heightened fraud monitoring.”
Traditional frameworks may be too highly focused and insufficiently robust to adapt to the unique risks of crypto‐assets, Bridgers cautioned. He recommended a framework applying cross‐functional experience, leveraging across technology, cybersecurity, economics, commodities, legal, and compliance.
Although robust risk management is still a work in progress, the FSB, Federal Reserve and others “are sending a message that the time for discussion and consideration of these frameworks is important today,” Bridgers said.
Given the array of new risks, and even the uncertainty about whether crypto‐assets will persist, boards of directors must be informed as soon as a financial institution begins to examine the business, Kimner said: “Financial institutions need to have complete internal transparency throughout the ranks of management, including the board.”
The BCBS says: “A bank should publicly disclose any material crypto‐asset exposures or related services as part of its regular financial disclosures and specify the accounting treatment for such exposures, consistent with domestic laws and regulations.”
And it should “inform its supervisory authority of actual and planned crypto‐asset exposure or activity in a timely manner and provide assurance that it has fully assessed the permissibility of the activity and the risks associated with the intended exposures and services, and how it has mitigated these risks.”
Glossary and Terminology
The FSB appended to its October 2018 report on stability implications a one‐page, “non-exhaustive” list of terms and definitions, ranging from blockchain to digital token to mining. A Global Crypto‐asset Regulatory Landscape Study published April 16 by the Cambridge Centre for Alternative Finance (CCAF) at University of Cambridge Judge Business School in the U.K. finds that the lack of standard terminology around crypto‐assets and blockchain has been a “major impediment” to clear and consistent policies.
“Even the term 'crypto‐asset' can have different meanings depending on context,” says the Cambridge research, which was supported by Nomura Research Institute. The lack of consensus is said to cause the scope of different regulatory authorities to overlap, with multiple agencies issuing official statements and warnings in some jurisdictions.
(The FSB definition of crypto‐asset: “a type of private asset that depends primarily on cryptography and distributed ledger or similar technology as part of their perceived or inherent value.”)
The CCAF, which closely analyzed 23 jurisdictions, points out that the term “virtual currency” has been used most frequently in official documents, while often interchangeably with “cryptocurrency” and “digital currency.”
According to the executive summary, “Unclear terminology and classification, inherent limitations to regulatory principles, and regulatory arbitrage are factors that challenge regulators' ability to robustly define their regulatory perimeter and implement regulations.
“In many of the jurisdictions studied, regulators have addressed key risks related to financial integrity and systemic issues as well as investor and consumer protection. Additional risks may warrant further regulatory attention.”