APRA Sets Out Risk Management and Policy Roadmap for Crypto-Assets

APRA expects all regulated entities to adopt a prudent approach while undertaking activities associated with crypto-assets and ensure that any risks are well-understood and well-managed before launching material new initiatives. The key expectations from all regulated entities are to:

• Conduct appropriate due diligence and comprehensive risk assessment before engaging in activities associated with crypto-assets and ensure to have actions in place to mitigate any associated risks including credit risk, investment risk, operational risk, cyber risk, anti-money laundering/combating the financing of terrorism (AML/CFT) and technology risks.
• Consider the principles and requirements of Prudential Standard CPS 231 Outsourcing or Prudential Standard SPS 231 Outsourcing when relying on a third party in conducting activities involving crypto-assets.
• Apply robust risk management controls, with clear accountabilities and relevant reporting to the Board on the key risks associated with new ventures.
• Consider potential prudential risks formulated by APRA while undertaking crypto-asset activities.
• Comply with all conduct and disclosure regulation administered by Australian Securities and Investments Commission (ASIC), including risk management, consideration of distribution practices, disclosure, and product design.
• Consult with APRA and ASIC on prudential, disclosure, or conduct requirements and expectations when undertaking activities associated with crypto-assets.

Policy Roadmap—In addition, APRA plans to develop long-term prudential framework for crypto-assets and related activities in consultation with other international regulators, to ensure consistency in approach. In the period ahead, APRA plans to:

• Consult on requirements for the prudential treatment of crypto-asset exposures in Australia for authorized deposit-taking institutions, following the conclusion of the Basel Committee’s current consultation. The consultation is expected to be undertaken in 2023.
• Progress new and revised requirements for operational risk management, covering control effectiveness, business continuity, and service provider management. The draft prudential standard will be released for consultation by mid-2022.
• Develop regulatory framework for Stored-value Facilities (SVFs) and consult on prudential requirements for large SVFs by 2023.

Related Links

• Press Release
• Letter on Crypto-Assets (PDF)

Keywords: Asia Pacific, Australia, Banking, Crypto-Assets, Operational Risk, Credit Risk, Cyber Risk, AML CFT, CPS 231, SPS 231, Disclosures, Business Continuity, ASIC, Stablecoins, Outsourcing Arrangements, APRA