APRA details crypto-asset expectations – Fin Tech

In its 21 April letter to all APRA-regulated entities,
APRA has set out its risk management expectations and policy
roadmap for entities engaging in activities associated with
crypto-assets. This includes its intention to develop a new and
dedicated framework for the prudential regulation of
crypto-assets.

This letter sets out the first set of details of APRA’s
intention to set expectations and standards relating to
crypto-assets and associated activities.

It is relevant to all APRA-regulated entities and their
directors, financial services providers which engage in activities
associated with crypto-assets. It is also relevant to current and
future ‘accountable persons’ under the Banking Executive
Accountability Regime (BEAR) and Financial Accountability Regime
(FAR).

Some noteworthy APRA expectations are:

• Authorised deposit-taking institutions (ADIs) and insurers:
  investments in crypto-assets will need to be consistent with
  obligations to hold an appropriate level of regulatory capital, and
  any exposures must be factored into internal capital adequacy
  assessment (ICAAP) process and stress testing where relevant.
• RSE licensees: licensees considering investments in
  crypto-assets as part of their investment strategy must ensure they
  can demonstrate how the investment is consistent with the duty to
  act in the best financial interests of beneficiaries, meets the
  investment strategy covenants, and complies with existing
  prudential requirements for investment governance.
• BEAR regulation and future FAR regulation: Accountabilities for
  crypto-asset activities should be assigned to BEAR Accountable
  Persons, with adjustments to accountability statements. Our view is
  that this expectation will also apply on implementation of FAR, as
  we will discuss below.
• Crypto-related lending: the capital, funding and liquidity
  treatment for loans secured by crypto-assets will need to be
  confirmed with APRA.
• Superannuation fund allocation: by mentioning compliance with
  Prudential Standard SPS 231Outsourcing(SPS
  231), APRA is highlighting its likely strict enforcement of
  existing policy position in SPS 231. This has a material flow on
  consequence for super funds delegating to an investment manager and
  in custodial arrangements for crypto-assets. This will impact, and
  likely slow, the speed of super fund allocation to this emerging
  asset class.

Two significant areas of prudential regulation are flagged for
2022 and 2023. APRA intends to consult on:

• mid-2022: a prudential standard for the management of
  operational risks related to crypto-asset activities, covering
  control effectiveness, business continuity and service provider
  management; and
• 2023: prudential treatment of crypto-asset exposures in
  Australia for ADIs, and the prudential regulation of payment
  stablecoins and large Stored Value Facilities.

What are APRA’s crypto asset-related risk management
expectations?

APRA generally expects entities to adopt a prudent approach and
ensure any risks are well-understood and well-managed before
engaging in crypto-asset activities. Specifically, APRA expects
regulated entities to:

• Conduct appropriate due diligence and a comprehensive risk
  assessment before engaging in crypto-asset activities and ensure
  they understand and adopt measures to mitigate any risks related to
  their crypto-asset activities.
• Comply with prudential standards governing outsourcing
  (Prudential Standard CPS 231Outsourcing, or SPS 231
  for RSE licensees) where engaging third parties to assist with
  their crypto-asset activities.
  • Importantly, for ADIs, APRA expects that accountabilities for
    crypto-asset activities would be assigned to BEAR Accountable
    Persons, with adjustments to their accountability statements where
    appropriate, and that APRA-regulated entities should also consider
    the impact of all new products on their operational risk profile,
    and implement any chances required to internal controls.
  • Given the similarities between BEAR and the proposed FAR, our
    view is that APRA-regulated entities preparing for FAR should
    reflect this BEAR expectation in FAR planning.
• Comply with all conduct and disclosure regulation administered
  by ASIC and consult with APRA and ASIC where there is any
  uncertainty on prudential, conduct or disclosure requirements and
  expectations when undertaking crypto-asset activities.

What activities do APRA’s expectations apply to?

APRA’s risk management expectations apply to any
APRA-regulated entities engaging in both direct and indirect
activities associated with crypto-assets as follows:

APRA’s policy roadmap

The APRA letter notes they are developing a long-term prudential
framework for the regulation of crypto-assets. This is to be
developed in consultation with international regulators to ensure
consistency in approach.

APRA expects that international minimum standards for prudential
treatment of bank exposures to crypto-assets, once agreed by the
Basel Committee on Banking Supervision, will be the starting point
for setting its own prudential standards. In the period ahead, APRA
intends to take the following steps:

_{*following the conclusion of the Basel Committee’s
consultation}

In addition, APRA foreshadows the possibility of broader
regulatory developments relating to crypto-assets. This is in light
of a similar focus on crypto-assets by ASIC, the Treasury and
various parliamentary bodies.

APRA will continue to monitor industry trends and emerging
risks, engage with other regulators and provide updated guidance as
required.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Lawyers Weekly Law firm of the year 2021	Employer of Choice for Gender Equality (WGEA)