Contacts
En
Ru Es
Regulation
 
25.02.2024

Establishing a regulatory framework in Hong Kong to govern banks' cryptocurrency exposures.

The Hong Kong Monetary Authority (HKMA) has published a consultation paper outlining a proposal to introduce new regulation to prudentially account for exposures to crypto-assets. The initiative reflects a desire to create a regulatory framework that addresses the unique risks associated with crypto-assets, while supporting the financial sector's engagement with this emerging asset class.

Hong Kong

Goal: To establish a robust and reasonable global regulatory framework for banks' exposures to cryptocurrencies.

Background: In December 2022, the Basel Committee on Banking Supervision (BCBS) issued a new standard on "Principled treatment of cryptocurrency exposures".

Scope: Regulation of banks' exposures to cryptocurrencies.

Classification Conditions

  • Establishes classification conditions for cryptocurrencies into groups 1a, 1b, 2a and 2b.

Capital requirements for cryptocurrencies

  • Defining the boundary between banking and trading book for cryptocurrencies.
  • Use of internal models and accounting categorisation for credit and market risk.
  • Infrastructure risk requirements for group 1 cryptocurrencies.
  • CVA risk requirements for group 1 and group 2 cryptocurrencies.
  • Operational risk.

Other requirements

  • Liquidity risk: Handling cryptocurrency exposures within the liquidity framework.
  • Large Exposures: Handling cryptocurrency exposures within large exposures.
  • Risk management systems and supervisory review: Risk assessment and supervisory measures for cryptocurrency exposures.
  • Disclosure Requirements: Additional disclosure requirements for cryptocurrency exposures.

Cryptoassets under the new standard are divided into two main groups. 

Group 1 
Tokenised qualifying assets and stablecoins. These will generally be subject to the risk-based capital requirements of the current Basel capital framework. 

Group 2 
Cryptoassets that do not fulfil all the conditions of the Group 1 classification. A more conservative approach to capital is provided for them.


Crypto-assets are defined as private digital assets that depend on cryptography and distributed ledger technologies (DLT) or similar technologies. 

Digital assets are a digital representation of value that can be used for payment or investment purposes or to obtain a good or service.

Dematerialised securities (securities converted from physical certificates to electronically maintained) issued through DLT or similar technologies are covered under prudential regulation and are referred to as tokenised traditional assets, while dematerialised securities using electronic versions of traditional registers and databases that are centrally administered do not fall within the scope. 

The prudential regulation of central bank digital currencies (CBDCs) is not covered by this new standard. For the purposes of this consultation note:

  • the term "exposure" includes amounts on assets and liabilities that give rise to credit, market, operational and/or liquidity risks;
  • while most of the new standard sets out capital and liquidity requirements for authorised institutions' (AIs) direct exposures to cryptoassets, certain parts of the standard, such as the operational risk requirements in section 16 and the risk management and supervisory review in section 21, also apply to an AI's activities with cryptoassets, such as custodial services involving the custody or administration of client cryptoassets on a segregated basis, which generally do not give rise to credit, market, or liquidity requirements

Authorised Institutions (AIs) are responsible for assessing whether the cryptoassets to which they have exposure meet the classification conditions and hedge recognition criteria. These assessments will determine whether cryptoassets are classified as Group 1a, Group 1b, Group 2a or Group 2b. To this end, AIs should have appropriate risk management policies, procedures, governance, human and IT resources to assess the risks associated with interactions with cryptoassets, and appropriately implement them on an ongoing basis in accordance with established standards. FMIs should fully document the information used to determine compliance with the classification conditions and make it available to the HKMA upon request. Prior to acquiring a new type of cryptoasset, AIs shall notify the HKMA of their classification assessment of cryptoassets.

The principle treatment of UU exposures to cryptoassets depends on the regulatory classification of the cryptoassets. To determine the regulatory classification, AIs must continuously monitor cryptoassets and classify them into two broad groups:

  • Group 1 is cryptoassets that fulfil all the classification conditions in this section. It consists of: 
    - Group 1a: tokenised traditional assets; and 
    - Group 1b: cryptoassets with an effective stabilisation mechanism. 
  • Group 2 is cryptoassets that do not fulfil any of the classification conditions in this section. It consists of: 
    - Group 2a: cryptoassets (including tokenised traditional assets, stablecoins and unsecured cryptoassets) that pass Group 2a insurance recognition; and 
    - Group 2b: all other cryptoassets (including tokenised traditional assets, stablecoins and unsecured cryptoassets) that do not pass the Group 2a insurance recognition criteria. To be classified as either Group 1a or Group 1b, cryptoassets must meet all four classification conditions at all times.
A cryptoasset is either a tokenised traditional asset or has a stabilisation mechanism that permanently links its value to a traditional asset or pool of traditional assets (i.e. the underlying assets).

Tokenised traditional assets can only meet classification condition 1 if they meet all of the following requirements: 

  • They are digital representations of traditional assets using cryptography, DLT or similar technology to register ownership. 
  • They present the same level of credit and market risk as a traditional (non-tokenised) asset form. 

In practice, this means the following for tokenised traditional assets:

  • Bonds, loans, claims on banks (including in the form of deposits), shares and derivatives: a crypto-asset must provide the same rights as a traditional asset form.
  • Ownership of these traditional forms of finance (e.g. rights to cash flows, claims in the event of bankruptcy, etc.). The crypto-asset must not have any features that could prevent the full performance of obligations to the bank compared to the traditional (non-tokenised) version of the asset. 
  • Commodities: the crypto-asset must grant the same rights as traditional ownership records of physical commodities. 
  • Cash in treasury: the cryptoasset must grant the same rights as cash held in treasury.

Cryptoassets do not fulfil the condition set out in paragraph 20 if they: 

  • must be redeemed or converted into traditional assets before receiving the same legal rights as direct ownership of traditional assets; or 
  • involve additional counterparty credit risk compared to traditional assets because of their particular structure.

Cryptoassets with a stabilisation mechanism will only meet classification condition 1 if they satisfy all of the following requirements.

  • A cryptoasset is designed to be redeemable for a specified amount of one or more underlying assets (e.g., 1 Hong Kong dollar or 1 ounce of gold) or cash equivalent to the current market value of the underlying assets. The value of the underlying assets for which one unit of cryptoasset must be redeemed is called the "peg value". 
  • The stabilisation mechanism aims to minimise fluctuations in the market value of cryptoassets relative to the peg value. To fulfil the condition of "efficiency at all times", an AI must have a monitoring system in place to verify that the stabilisation mechanism is working properly. 
  • The stabilisation mechanism provides risk management similar to that of traditional assets, based on sufficient data or experience.
  • There should be sufficient information that AIs use to verify ownership of the reserve assets on which the stable value of the cryptoasset depends. In the case of physical underlying assets, AIs should verify that these assets are stored and managed appropriately. This monitoring system should operate independently of the cryptoasset issuer. AIs may only use independent third party valuations to verify ownership if they are satisfied with the reliability of those valuations. 
  • The cryptoasset is subject to a redemption risk test and the issuer is supervised and regulated by a supervisory authority that applies prudential capital and liquidity requirements to the issuer.

To pass the redemption risk test, AIs must ensure that the cryptoasset agreement meets the following conditions. 

  • Value and composition of reserve assets: the value of the reserve assets (net of all non-cryptoasset claims on those assets) must at all times, including periods of extreme stress, equal or exceed the total peg value of all outstanding cryptoassets.
  • If the reserve assets expose the holder to risks in addition to those arising from the underlying assets, the value of the reserve assets must be sufficiently recollateralised to provide rights of redemption for all outstanding cryptoassets. The level of recollateralisation should be sufficient to ensure that, even after losses on reserve assets during periods of stress, their value exceeds the total peg value of all outstanding cryptoassets. 
  • Asset quality criteria for reserve assets: 
    For cryptoassets linked to one or more currencies, reserve assets must consist of assets with minimal market and credit risk. Assets should be capable of rapid liquidation with minimal negative price impact. In addition, reserve assets should be denominated in the same currency or currencies in the same proportions as the currencies used for the peg (unless explicitly authorised by the HKMA). Additionally, a small proportion of reserve assets may be held in a currency other than the currencies used for the peg value.
  • Management of reserve assets: 
    The organisational arrangements relating to the management of reserve assets shall ensure that the following requirements are met: 
    - Reserve assets are managed and invested with the explicit and legally binding objective of ensuring that all cryptoassets can be immediately redeemed at peg value, including periods of extreme stress.
    - There is a robust operational risk and resilience framework in place to ensure that reserve assets are available and safely held. 
    - A mandate describing the types of assets that can be included in the reserve should be publicly available and kept up to date. 
    - The composition and value of reserve assets should be publicised on a regular basis. The value should be publicised at least daily and the composition at least weekly. 
    - Reserve assets should be subject to an independent external audit at least annually to confirm their consistency with the publicised reserves and consistency with the mandate. 
    Stabilisation mechanisms that: 
    - refer to other cryptoassets as underlying assets (including those that refer to other cryptoassets that have traditional assets as underlying assets); or use protocols to increase or decrease the supply of a cryptoasset, do not meet classification condition 1.

In order to fulfil classification condition 2, the following requirements must be met: 

  • Full transferability and finality of settlement of cryptoasset agreements must be ensured at all times. In addition, cryptoassets with stabilisation mechanisms must provide a credible legal claim against the issuer and/or the underlying reserve assets and must guarantee full redeemability at any time and at their peg value. In order to be considered fully redeemable, a cryptoasset agreement must allow for redemption to be completed within five calendar days of a request for redemption at any time.
  • For cryptoassets with stabilisation mechanisms, cryptoasset agreements should clearly define which parties have the right to redeem; the obligation of the redeeming party to perform the agreement; the timeframe for effecting that redemption; the traditional assets in exchange; and how the redemption value is determined. These agreements should also be valid in cases where the parties to the agreements may not be located in the same jurisdiction where the cryptoasset is issued and redeemed. At all times, the finality of settlement in cryptoasset agreements should be properly documented so that it is clear when a cryptoasset becomes irrevocably and unconditionally transferred, transferring key financial risks from one party to the other. The documentation described in this paragraph must be publicly released by the issuer of the cryptoasset. If the cryptoasset's offering to the public has been approved by the relevant regulator based on this public disclosure, the condition in this subparagraph will be deemed fulfilled. Otherwise, an independent legal opinion will be required to confirm that the requirements mentioned in this paragraph have been met.
  • The features of the cryptoasset and the network on which it operates, including the distributed ledger or similar technology on which it is based, are designed and operated to sufficiently mitigate and manage any material risks.
  • In order to fulfil classification condition 3, the following requirements must be met: 
    Cryptoasset functions, such as the issuance, validation, redemption and transfer of cryptoassets, and the network on which it operates, must not create any significant risks that could impair the transferability, finality of settlement or, where applicable, redeemability of the cryptoasset. To this end, persons performing activities related to these functions must follow robust risk management policies and risk control practices to manage risks including, but not limited to, credit, market and liquidity risks; operational (including outsourcing, fraud and cyber risks) and data loss risks; various non-financial risks such as data integrity; operational resilience (i.e. reliability and capacity of operations); risk management from third parties; and anti-money laundering (AML/CFT).
  • All key elements of the network should be clearly defined so that all transactions and participants are traceable. Key elements include: the operational structure (i.e., whether there is one or more persons performing core network functions); the level of access (i.e., whether the network is restricted or not); the technical roles of nodes (including whether there are differentiated roles and responsibilities among nodes); and (the validation and consensus mechanism of the network (i.e., whether transaction validation is performed by one or more participants).
  • All entities that redeem, transfer, hold or settle cryptoassets, or manage or invest reserve assets, must be regulated and supervised by, or comply with, appropriate risk management standards and have and disclose a comprehensive governance framework. Entities subject to condition 4 include transmission and settlement system operators for cryptoassets, wallet providers and, for cryptoassets with stabilisation mechanisms, stabilisation mechanism administrators and custodians of reserve assets. Node validators may be subject to appropriate risk management standards as an alternative to regulation and supervision.

CAPITAL REQUIREMENTS FOR CRYPTOASSETS 

AIs must follow sections 281A to 281D of the BCR to determine the allocation of cryptoassets between the banking book and trading book, subject to the following specifications and exceptions: 

  • Group 1a cryptoassets should be allocated to the banking book or trading book based on the application of the boundary criteria to non-tokenised equivalent traditional assets. 
  • Group 1b cryptoassets should be classified to the banking book or trading book based on the application of the boundary criteria to reference assets. 
  • Group 2a cryptoassets should be treated in accordance with the proposed market risk rules, regardless of whether they originate from trading or banking instruments (i.e., similar to currency and commodity risk). 
  • Group 2b cryptoassets should be treated in accordance with the standardised conservative prudential approach.

Application of internal models and accounting classification

AIs must follow the relevant sections of the BCR to determine whether Group 1 cryptoasset exposures can be treated in accordance with standardised or model-based approaches to credit and market risk. Model-based approaches cannot be applied to Group 2 cryptoassets. Exposures of cryptoassets are not subject to the deduction requirement applicable to intangible assets set out in section 43 of the BCR, even where the cryptoasset is classified as an intangible asset under the applicable accounting standard.

Credit risk

For group 1a cryptoassets, credit risk is calculated subject to the same rules as for traditional assets, including risk assessment and consideration of risk-weighted amounts for credit risk.

For group 1b cryptoassets, which include cryptoassets with stabilisation mechanisms, credit risk is analysed taking into account the risks associated with the stabilisation mechanisms, the possibility of issuer default and risks associated with the redemption process. These risks should be taken into account in the credit risk calculation for this category of cryptoassets.

For group 2 cryptoassets, standardised conservative approaches to credit risk are applied, including calculations of risks associated with different types of cryptoassets and their characteristics.

Market risks

For group 1 cryptoassets (tokenised traditional assets and stable coins), a simplified standardised approach and internal models are used to calculate capital requirements for market risk.

For group 2 cryptoassets (cryptoassets that do not meet all conditions of the group 1 classification), a standardised approach is used to determine capital requirements for market risk.

  • Simplified Standardised Approach: This approach includes accounting for all instruments, including derivatives and off-balance sheet positions exposed to changes in cryptoasset prices. Each cryptoasset position is expressed in quantitative terms and converted to local currency at the current price. Interest rate, equity, currency and commodity risk are accounted for according to established rules.
  • Internal models: The internal models approach is used to calculate aggregate capital for market risk. This is done by calculating default risk and aggregate capital for modelled and unmodelled risks.
  • Standardised approach: the standardised market risk approach involves dividing cryptoassets into separate risk classes and determining their capital requirements based on established specifications.

Additive infrastructure risk for group 1

The technological infrastructure underlying all crypto-assets, such as DLT, is still relatively new and may pose various additional risks even where crypto-assets meet the conditions for Group 1 classification. Therefore, the HKMA may apply an additive capital requirement for exposures to group 1 cryptoassets. 

The added infrastructure risk described above is initially set as zero, but will be increased by the HKMA based on any potentially identified weaknesses in the infrastructure used for group 1 cryptoassets.

Credit Default Risk (CVA) 

For group 1 cryptoassets, including tokenised traditional assets, the rules for determining the capital charge for credit default risk apply similar to those that apply to non-tokenised traditional assets. For group 2 cryptoassets, including stable coins, the relevant rules for determining the capital charge for credit default risk apply.

Operational risk

Operational risk associated with crypto-assets should be accounted for using a standardised approach to operational risk through a business indicator, which should include revenues and expenses, and through an internal loss multiplier, which should include operational losses arising from crypto-asset activities. If the operational risks associated with crypto-assets are not sufficiently addressed by banks' minimum operational risk capital requirements and internal risk management process, banks should take appropriate measures to ensure capital adequacy and sufficient resilience. The HKMA will also take appropriate measures in the context of the supervisory review process.

Liquidity risks

Exposures to crypto-assets should be treated in a manner consistent with existing liquidity requirements for traditional exposures that carry equivalent economic risks. However, crypto-assets may involve additional risks compared to traditional assets and there is relatively little historical data on crypto-assets available in the market. 

  • A cryptoasset may be recognised by a Category 1 institution as a high quality liquid asset (HQLA). To be recognised as an HQLA, a crypto asset is required to be a Group 1a crypto asset, which is a tokenised version of a traditional asset within the asset class specified in Schedule 2 of the Bank Liquidity Rules (BLR). It is also required that both the traditional asset form and the tokenised asset form meet all applicable characteristics and operational requirements specified in Annexes 3 and 4 to BLR 21. Finally, a Category 1 institution must meet all relevant operational requirements specified in Annex 4 to the BLR.
  • The proper determination and adjustment of the liquidity outflow and inflow ratios under the Liquidity Coverage Ratio (LCR), as well as the Available Stable Funding (ASF) and Required Stable Funding (RSF) ratios for cryptoassets and crypto-indebtedness depend on factors such as the structure of the cryptoasset or crypto-indebtedness, its practical business purpose and the nature of the institution's Category 1 exposure to the cryptoasset or crypto-indebtedness. In general, the treatment of cryptoasset exposures under the LCR and NSFR depends on whether they are: tokenised claims on a regulated and supervised bank, stablecoins or other cryptoassets.

The specific requirements for processing crypto-asset claims depend on how they are used and whether the issuing institution can identify the holders of the crypto-assets.

  1. Tokenised regulated and supervised bank requirements:
  • If the issuing institution can identify holders of cryptoassets at any time: 
    - May apply appropriate LCR outflow factors and NSFR available stable funding factors for crypto debt.

2. If the issuing institution cannot identify the holders of crypto-assets at any time:

  • Must treat crypto debt as unsecured wholesale funding provided by other entities.
    - Cryptoassets used as a means of payment and created as part of an operational relationship:
  • Should be subject to the LCR and NSFR methods of processing and categorising transaction deposits. However, the lower outflow ratio provided for in paragraph 7(1)(a) of the Code on the calculation of total net cash outflow under the liquid asset ratio does not apply.

The document can be found at the following link: Cryptoasset Exposures Consultation paper | CP 24.01 February 2024