ECB strives towards greater consistency in approach to licensing of crypto-asset activities
21 September 2022
Markets in crypto-assets have developed at a rapid pace over the past decade. They are no longer the exclusive domain of specialised fintech companies but traditional banks have started, or are contemplating whether, to get involved.
Against this background, the ECB (as the authority exclusively competent to grant banking licences in the Euro Area) seeks to ensure a consistent approach towards licensing of crypto-asset activities across participating Member States. The ECB regards a robust licensing regime as the foundation for continued confidence in the financial system while conscious that such a regime should not stifle competition or innovation.
Initiatives on the regulation of crypto-asset activities
With regulation generally lagging behind financial and technological progress there is still no harmonised EU regulatory framework for crypto-asset activities and services in the EU, let alone general rules on their prudential treatment.
However, there are two key regulatory initiatives close to finalisation:
- At the EU level political agreement was reached on the markets in crypto-asset regulation (MiCA) that establishes a comprehensive framework for crypto-asset service providers (CASPs) including authorisation and disclosure.
- At international level, the Basel Committee on Banking Supervision (BCBS) has recently published its second consultation paper on the prudential treatment of banks’ exposures to crypto-assets and is expected to publish detailed prudential rules toward the end of 2022. These will – in time – translate into harmonised capital requirements in the EU.
Current approach of ECB towards the licensing of crypto-asset activities
Member States participating in the SSM regulate crypto-assets vastly differently and in Germany, for example, crypto-asset activities are subject to authorisation. The ECB has thus already dealt with a number of licensing applications, even though there are no EU-wide licensing rules for crypto-asset activities yet in place.
In the absence of a specific European regime, the ECB applies the standard criteria of the Capital Requirements Directive (CRD), as translated into national legislation, while taking into account the specific risks associated with crypto-asset activities. Particular focus is on:
- Business models: Fit between the proposed activity and the institution’s overall activity and risk profile
- Internal governance: Adequacy of institution’s policies and procedures to handle risks unique to crypto-assets
- Fit and proper assessments: While the same fit and proper criteria apply as in any licensing procedure, a particular focus is on IT competence. The higher the complexity or relevance of the crypto business, the higher the level of knowledge and experience in the field of crypto should be.
Additional risks considered by the ECB
Crypto-asset activities highlight particular types of risk that the ECB is working on to assess:
- Operational and cyber risk: The ECB is looking closely at outsourcing arrangements to third-party providers, cryptographic key theft or compromise of login credentials, as well as risks linked to the use of special technology.
- AML/CFT risk: Crypto-assets are seen as vulnerable to risks associated with anti-money laundering/combating the financing of terrorism (AML/CFT), and institutions need to take into account their specific AML/CFT risk profile in internal governance arrangements and processes. In its assessment, the ECB relies on input from national AML authorities and financial intelligence units. The ECB also intends to cooperate with the new EU Anti-Money Laundering Authority to be established in 2023 as part of the Commission’s AML package that is currently underway.
- No own fund requirements (yet): Given the ongoing work by the BCBS, the ECB has not yet set specific capital requirements to address specific crypto-risks.
In light of the upcoming regulatory developments, the ECB wants to work closely with national supervisors in order achieve a more consistent approach in prudential assessments across the SSM.
Additionally, there is an ongoing benchmarking exercise on banks’ progress in digital transformation (including the role of crypto technologies) that forms part of the Supervisory Priorities 2022-24 and will result in a horizontal analysis by the end of 2022.
Overall, crypto-asset activities will remain a key area of focus in European banking supervision in the coming years. In particular, European banks can expect that crypto-asset activities will in due course also feature in capital requirements.