- SUPERVISION NEWSLETTER
Licensing of crypto-asset activities
17 August 2022
Licensing of credit institutions is essential for the public regulation and supervision of the European financial system. Indeed, confidence in the financial system depends upon public awareness that only licensed institutions are operating within it. At the same time, licensing should not stifle competition, financial innovation or technological progress. Crypto-asset markets are developing apace, with banks considering whether to get involved, and it is the role of the European Central Bank – as the authority in charge of banking authorisations in European banking supervision – to ensure they do so safely and soundly, while respecting the above principles. In this the ECB works closely with the national supervisors to ensure a consistent approach and high standards across countries.
There is currently no harmonised regulatory framework governing crypto-asset activities and services in the EU. This will change with the finalisation of several regulatory initiatives at European and international level that will lay down the broader regulatory framework under which crypto activities are allowed, and how banks should manage the risks they pose. Within the EU, the Council presidency and European Parliament recently reached a provisional agreement on the markets in crypto-assets (MiCA) proposal, which will bring crypto-assets under a regulatory framework. And internationally, the Basel Committee on Banking Supervision is monitoring banks’ exposures to crypto-assets and will issue its detailed rules on the prudential treatment of such exposures in due course. In the meantime, national frameworks governing crypto-assets diverge quite extensively. In Germany, certain crypto activities are subject to a banking licence requirement and to date, several banks have requested to be authorised to conduct these licensed activities. It is in this context that the ECB is taking steps to harmonise the assessment of licensing requests.
Like for any other licensing procedure, the ECB and the relevant national competent authority apply the Capital Requirements Directive (CRD) criteria when assessing licensing requests covering crypto-asset activities and services. In doing so, the ECB pays particular attention to the following:
- business models: how the proposed activity matches the overall activity and risk profile of the institution;
- internal governance: whether the institution’s policies and procedures are adequate to identify and assess risks unique to crypto-assets; and
- fit and proper assessments: here the same general fit and proper criteria apply as in any licensing procedure, including IT competence. The higher the complexity or relevance of the crypto business, the higher the level of knowledge and experience in the field of crypto should be. Senior managers or board members with relevant IT knowledge and chief risk officers with robust experience in this area are important safeguards.
Of course, crypto-assets put the spotlight on certain types of risk, starting with operational and cyber risks, and the ECB is also working to assess these. They include, for instance, cryptographic key theft or compromise of login credentials, as well as risks linked to the use of special technology and outsourcing arrangements to third-party providers. Likewise, as crypto-assets are considered prone to risks associated with anti-money laundering/combating the financing of terrorism (AML/CFT), internal governance arrangements and processes need to take account of the crypto-asset AML/CFT risk profile of the institution. Here the ECB relies on input from national anti-money laundering authorities and Financial Intelligence Units. For liquidity and capital, no specific own funds requirements are defined yet, given the ongoing work by the Basel Committee on Banking Supervision to address risks posed by crypto-assets.
Importantly, working closely with national supervisors, the ECB will strive towards greater consistency in prudential assessments across national regimes.
So where do we go from here? There is work ongoing within the Single Supervisory Mechanism (SSM) on banks’ digital transformation, including the role of crypto technologies, that will result in horizontal analysis by the end of 2022. And this fast-developing activity will, in any event, remain an area of focus for European banking supervision in years to come.