PRA demands crypto data

Firms face new compliance challenge

The Prudential Regulation Authority (PRA) has announced that it is undertaking a data request to discern firms' current and expected future crypto asset exposures. The request also asks for information on the firms' application of the Basel framework for the Prudential Treatment of Crypto Assets Exposures, that was published in December 2022, following its second consultation on banks' exposures to crypto assets. The PRA has stated that this data will help "calibrate our prudential treatment of cryptoasset exposures, analyse the relative costs and benefits of different policy options and providing [sic] an updated view of firms’ current and intended cryptoasset-related business activities as a base from which to monitor the financial stability implications of these assets." Firms have until 24 March 2025 to comply with the PRA request.

The impact of this request means that firms must now, if they haven't already, ensure that their cryptoasset related risks have been, and are, effectively managed, and have the requisite Basel management frameworks in place. These frameworks are essential for those firms to be able to navigate the potential volatility and regulatory implications that cryptoassets bring. The PRA questionnaire also requests information regarding firms' use of permissionless blockchains. It states, "the Basel prudential framework for holding cryptoassets notes that the risks posed by cryptoassets that use permissionless blockchains cannot be sufficiently mitigated at present". The reasons given for this relate to the fact that the link between the intended owner of the asset with the controlling entity of the authentication/validation mechanism cannot be guaranteed.

The PRA request comes at a time when the emphasis on regulation and the impact on consumers is at an all-time high. There is an increase in focus on regulators in respect of the duties of firms and their responsibilities to consumers, resulting in it being paramount for firms to stay abreast of the ever-changing regulatory landscape.  

This latest request from the PRA reinforces the digital transformation of the financial sector, emphasising the need for clear regulation for firms involved in cryptoassets to assist them to understand their complexities and mitigating/managing their associated risks, particularly in respect of cybersecurity. The balance between innovation and risk management is a fine one, so we will wait to see what conclusions the PRA makes, together with any associated regulatory changes.

We expect Financial Institutions (FI) insurers concerned about clients' cryptoasset exposures will be asking for similar disclosures to understand their clients' potential exposures and to determine whether to provide cover for such risks.

For more information on the issues raised please contact James Wickes.