Yesterday the UK regulators set out their expectations of how existing regulatory frameworks apply to regulated firms’ crypto activities.

  • The PRA issued a letter to the CEOs of banks and designated investment firms highlighting areas of existing frameworks that firms should consider when building their crypto activities. It also launched a survey of firms’ current and planned crypto exposures in 2022.                                   
  • The FCA published a notice reminding firms it oversees of their existing obligations when interacting with crypto.

The expectations come as traditional regulated financial services (FS) firms explore opportunities to expand into crypto markets alongside traditional offerings. At the same time, policymakers are developing the UK’s long-term crypto regulatory framework to ensure that market integrity, financial stability and consumer protection are maintained. As this article explores, the PRA’s and FCA’s expectations will help traditional FS firms build their crypto strategy with a degree of regulatory clarity in the interim.

Firms should consider key areas of focus – especially prudential considerations – in their overall crypto strategy and implementation. They will need to consider additional requirements as details of the UK’s long-term crypto regulatory framework emerges. We expect any future policy positions to build on these interim expectations.

The PRA’s crypto expectations

The PRA’s letter sets out how the prudential framework applies to banks’ and designated investment firms’ crypto activity. Its expectations aim to ensure that firms manage their crypto risks in a way that supports the firm’s safety and soundness.

1. Strong risk controls

An appropriate Senior Management Function should be active in reviewing and signing off risk assessment frameworks for any direct crypto exposures, and/or firms heavily exposed to crypto. Firms also need to adapt existing risk management strategies and systems to the different risk profile of crypto activities.

2. Prudential framework

Firms need to consider the full prudential framework [1] when managing their crypto exposures and discuss their proposed prudential treatment with their supervisors. The PRA has set out Pillar 1 and Pillar 2 considerations to guide firms:

Pillar 1 

Firms’ crypto exposures, particularly market-making or direct holdings, can expose them to market and counterparty credit risks. But prudential risks can arise from other crypto activity too such as custody services, which may result in greater operational risk.

The PRA proposes that firms should apply a punitive treatment to cryptoassets under the Pillar 1 framework. For the “vast majority” of cryptoassets (particularly unbacked ones), the PRA's view is that exposures should be effectively 100% equity financed – i.e. with banks holding capital equivalent to 100% of the value of the exposure. Direct holdings will be treated as intangible assets and deducted from capital. In addition, under the standardised approach to counterparty credit risk (SA-CCR), banks are unlikely to be able to use crypto for diversification or hedging purposes.

Pillar 2

Firms need to include their assessment of how crypto risks affect prudential risk categories in their Internal Capital Adequacy Assessment Process (ICAAP). They should particularly consider the extent to which products, market participants, or legal structures expose the firm to risks not generally considered in existing Pillar 2 assessments.

With these expectations, the PRA has set out its intent to consider the prudential impact of holding or offering crypto assets or services with immediate effect and not wait for crypto-specific rules.

The FCA’s crypto expectations

Guided by its objectives to ensure that consumer protection and market integrity are maintained, the FCA’s notice focusses on four key areas. 

1. Being clear with customers

When assessing crypto risks, firms should use a similar approach to that for their regulated activity. The FCA expects firms to make sure that consumers understand the extent of business that is regulated and distinguish unregulated parts clearly. 

2. Financial crime and registration of crypto businesses

All authorised and registered firms should have appropriate financial crime systems and controls in place. This includes reviewing whether the crypto firms they interact with are listed on the FCA’s unregistered crypto businesses list [2].

3. Prudential considerations

Firms subject to the Investment Firm Prudential Regime (IFPR) are required to manage potential harm to clients, the markets in which it operates and itself, that could arise from all their business – including crypto. Other FCA-solo regulated firms subject to threshold conditions and/or the Principles for Businesses should consider the guidance on assessing adequate financial resources when managing their crypto exposures. Where a firm accounts a cryptoasset as an intangible asset, it will likely need to deduct this asset from its regulatory capital.  

4. Custody

The FCA reiterates that firms providing custody services for regulated cryptoassets (security tokens) will likely be subject to the FCA’s Client Assets Sourcebook.

Implications for traditional FS firms’ crypto strategies

The two publications demonstrate the PRA’s and FCA’s willingness to engage with firms on their crypto plans. As the UK’s long-term crypto regulatory framework still takes shape, they will fall back on ensuring regulatory objectives are delivered and existing frameworks are used to probe firms’ crypto activity in the interim.

These publications will provide a degree of short to medium-term regulatory clarity for firms building their crypto strategy now. Firms should embed the PRA’s and FCA’s expectations into their crypto risk and compliance approaches. Both regulators are clear that firms need to manage the prudential risks from their crypto exposures appropriately. Supervisors will probe firms to ensure they have thought carefully about the impact of their crypto exposures on their prudential health and have set aside appropriate capital.

But as we have highlighted already [3], applying analogue frameworks not designed with crypto in mind is challenging. To build a crypto strategy that is sustainable in the long-term, UK firms still await regulatory clarity in three key areas.

Firstly, the Government’s position on the UK regulatory approach to stablecoins. If progressed by Government, the BoE confirmed [4] yesterday that it will consult on its proposed framework for systemic stablecoins and systemic wallets in 2023.

Secondly, the Basel Committee on Banking Supervision’s (BCBS) framework on the prudential treatment of cryptoassets, expected in H1 2022. It is especially important given the PRA’s acknowledgement that the long-term treatment will “likely” differ from under the current framework. The long-term framework will help banks to determine if and how to increase their crypto exposures. 

Lastly, more clarity on how to practically apply the full suite of applicable regulation to regulated or unregulated crypto activities, for example MIFID and CSDR to crypto trading and settlement. 

Until the details of these three areas are set out, regulated firms are likely to progress their crypto plans cautiously. For international firms, the evolving fragmented international frameworks will also be key to developing a cross-border strategy.

Overall these publications signal the regulators’ commitment to support crypto growth and regulated firms will welcome the clarity around regulatory expectations.



[1] This includes the PRA Fundamental Rules, Pillar 1, the ICAAP and Pillar 2 capital considerations.