APRA outlines policy roadmap for crypto-assets
The Australian Prudential Regulation Authority (APRA) has outlined its initial risk management expectations for all regulated entities that engage in activities associated with crypto-assets, and a policy roadmap for the period ahead.
APRA expects that all regulated entities will adopt a prudent approach if they are undertaking activities associated with crypto-assets, and ensure that any risks are well understood and well managed before launching material new initiatives.
In particular, APRA expects that all regulated entities will:
- Conduct appropriate due diligence and a comprehensive risk assessment before engaging in activities associated with crypto-assets, and ensure that they understand, and have actions in place to mitigate, any risks that they may be taking on in doing so;
- Consider the principles and requirements of Prudential Standard CPS 231 Outsourcing or Prudential Standard SPS 231 Outsourcing when relying on a third party in conducting activities involving crypto-assets; and
- Apply robust risk management controls, with clear accountabilities and relevant reporting to the Board on the key risks associated with new ventures.
Entities also need to ensure they comply with all conduct and disclosure regulation administered by the Australian Securities and Investments Commission (ASIC). This will require robust conduct risk management and consideration of distribution practices and product design, as well as consideration of disclosure.
APRA is developing the longer-term prudential framework for crypto-assets and related activities in Australia in consultation with other regulators internationally, to ensure consistency in approach. For authorised deposit-taking institutions (ADIs), the Basel Committee is consulting on the prudential treatment for bank exposures to crypto-assets. This will provide the basis for internationally agreed minimum standards for ADIs, and a starting point for prudential expectations for other APRA-regulated industries.
In the period ahead, APRA plans to:
- crypto-activities: consult on requirements for the prudential treatment of crypto-asset exposures in Australia for ADIs, following the conclusion of the Basel Committee’s current consultation. The consultation in Australia is expected to be undertaken in 2023, and APRA will consider the need for initial prudential guidance in the interim;
- operational risk: progress new and revised requirements for operational risk management, covering control effectiveness, business continuity and service provider management. While these requirements will apply to the entirety of an entity’s operations, many will be directly relevant to the management of operational risks associated with crypto-asset activities. The draft prudential standard will be released for consultation in mid-2022; and
- stablecoins: consider possible approaches to the prudential regulation of payment stablecoins. These stablecoin arrangements bear similarities with Stored-value Facilities (SVFs) and APRA, in conjunction with peer agencies on the Council of Financial Regulators (CFR), is developing options for incorporating them into the proposed regulatory framework for SVFs. Subject to the development of the broader legislative and regulatory framework, APRA envisages consulting on prudential requirements for large SVFs in 2023.