Office of the Superintendent of Financial Institutions
This advisory clarifies the interim regulatory capital and liquidity treatment of Deposit Taking Institutions’ (DTIs) and Insurers’ exposures to cryptoassetsFootnote 1. It applies to all Federally Regulated Financial Institutions (FRFIs) and complements the following OSFI guidelines: Capital Adequacy Requirements (CAR), Leverage Requirements (LR), Liquidity Adequacy Requirements (LAR), Foreign Bank Branch Deposit Requirement (A-10), Life Insurance Capital Adequacy Test (LICAT), Minimum Capital Test (MCT), and Mortgage Insurer Capital Adequacy Test (MICAT).
The advisory defines and categorizes cryptoasset exposures, then it outlines DTI credit risk, counterparty credit risk, leverage, market risk, liquidity risk, and the foreign bank branch deposit treatments. The capital requirements for insurer cryptoasset exposures are then clarified, including collateral recognition, and considerations for foreign insurance branches. The last section defines exposure limits for all FRFIs.
The scope of this advisory is limited to the capital and liquidity treatment of a FRFI’s exposures to cryptoassets. The advisory does not address other issues, including whether a FRFI is permitted under the Bank Act, Insurance Companies Act, or Trust and Loan Companies Act to issue any particular cryptoasset, or to acquire or hold a controlling or substantial investment in entities that engage in this activity. This advisory sets out OSFI’s expectations as to when FRFIs should notify their lead supervisor if they intend to have exposures to cryptoassets. Where a FRFI intends to engage (directly or via a subsidiary) in other cryptoasset activities, OSFI’s expectation is that the FRFI will notify its lead supervisor and provide any information requested by OSFI that will allow OSFI to assess the safety and soundness, and risk implications of such activities.
Cryptoassets are digital assets that depend primarily on cryptography and distributed ledger or similar technology.Footnote 2
Cryptoasset exposures include direct exposures to cryptoassets, as well as any indirect exposures whose value or risk is substantially determined by the value of one or more cryptoassets. These indirect exposures include all instruments referencing cryptoassets, such as (but not limited to) derivatives, mutual funds, exchange traded funds (ETFs), units of trusts and partnerships, or shares in a corporation. OSFI expects FRFIs to take a prudent approach to the interpretation of what constitutes a cryptoasset exposure.
Cryptoassets are broadly categorized into two groups – Group 1 and Group 2. Group 1 cryptoassets are those that meet the following set of criteriaFootnote 3:
Group 2 cryptoassets are those that fail to meet one or more of the above criteria.
A cryptoasset exposure is a Group 1 exposure if its value or risk is substantially determined by the value of a Group 1 cryptoasset. Otherwise, it is a Group 2 cryptoasset exposure.
The above constitutes a simplified categorization relative to the second consultation paper on the prudential treatment of cryptoassets published by the Basel Committee on Banking Supervision (BCBS) in June 2022.Footnote 6
Group 1 cryptoasset exposures should receive a credit risk capital treatment consistent with that of comparable traditional assets.Footnote 7
Group 2 cryptoasset exposures in the banking book should be deducted from Common Equity Tier 1 (CET1) capital. As short positions have unlimited risk, short positions in cryptoasset exposures are not permitted in the banking book, consistent with the treatment of other short positions. The treatment of Group 2 cryptoasset exposures in the trading book is outlined in Section 4.4 below.
No collateral value may be ascribed to Group 2 cryptoassets (i.e. such cryptoasset collateral is subject to a 100% haircut). Collateralized transactions (such as securities financing transactions) secured by cryptoasset exposures should be capitalized as a direct unsecured exposure to the counterparty.
Counterparty credit risk exposure amounts for derivative transactions should be computed in accordance with Chapter 7 of the 2023 CAR Guideline (effective Q2/2023), unless otherwise specified below.
Derivatives referencing Group 1 cryptoassets may be subject to the same rules to determine counterparty credit risk exposures as non-tokenised traditional assets only after an institution notifies and receives written agreement from OSFIFootnote 8. Until such written agreement is provided by OSFI, such derivatives should be treated as Group 2 cryptoassets.
Derivatives referencing Group 2 cryptoassets should be placed into their own netting set (a netting set is defined in paragraph 3 of Chapter 7 of the 2023 CAR Guideline).
The calculation of the potential future exposure (PFE) for derivatives referencing indirect cryptoasset exposures should follow the treatment under the equity derivatives section of Chapter 7 of the 2023 CAR Guideline. In addition, a supervisory factor of 40% should be used for these derivatives. The correlation and options volatility amounts should be set at 50% and 150%Footnote 9, respectively.
To calculate the PFE add-on for derivatives directly referencing Group 2 cryptoassets, a new asset class has been created called “Group 2 Crypto”. A perfect correlation to all other asset classes is assumed, with the Group 2 Crypto asset class possessing the following characteristics:
Cryptoasset exposures are treated consistent with other leverage exposures, where the exposure measure for the leverage ratio generally follows gross accounting values, with separate treatments defined in the Leverage Requirements Guideline for derivatives, securities financing transactions, and other off-balance sheet items.
Institutions may only apply the market risk framework to cryptoasset exposures if they are approved by OSFI to apply the market risk framework and have notified OSFI about how cryptoasset exposures will be treated within the framework (e.g., standardized approach vs. internal model approach, equity vs. commodity risk factor, etc.). Until such time, cryptoasset exposures should be treated under the credit risk framework (Section 4.1 above) as banking book exposures.
OSFI expects that institutions intending to trade cryptoassets take into account the following elements as part of their decision-making process and risk management of these exposures:
Institutions should only consider hedging or diversification benefits between instruments referencing the same cryptoasset. Open unhedged exposures which are outside of any hedging relationship with offsetting transactions should receive a 100% capital charge under the market risk framework. Basis risk resulting from different forms of the same cryptoasset being referenced in a hedging relationship (e.g., crypto ETF positions hedged with futures referencing the underlying) should be captured, tracked and capitalized by institutions.
The liquidity coverage ratio (LCR), net stable funding ratio (NSFR), and net cumulative cash flow (NCCF) requirements are set out below.
Group 1 cryptoasset exposures may qualify for liquidity treatment that is consistent with their equivalent non-tokenized asset as set out in the LAR Guideline (LCR, NCCF and NSFR) with a treatment that is based on the earliest possible maturity. Thus holdings of Group 1 cryptoassets will only be eligible as High Quality Liquid Assets (HQLA) or Eligible Unencumbered Liquid Assets (EULA) if both i) they are tokenized versions of a traditional asset that itself would qualify as HQLA or EULA and ii) the tokenized asset itself meets the HQLA/EULA eligibility criteria.
All other cryptoasset exposures should not contribute any liquidity value and should be subject to a 100% haircut in the LCR and NCCF, and 100% Required Stable Funding (RSF) factor under the NSFR.
Funding from Group 1 cryptoassets should qualify for a liquidity treatment that is consistent with its equivalent non-tokenized liability as set out in the LAR Guideline (LCR, NCCF and NSFR), with a treatment that is based on i) the earliest possible redemption, and ii) the identity of the holder (i.e. the issuing institution must at all times be able to identify the holder of the cryptoasset). In addition, Group 1 cryptoassets are not permitted to be recognized as a stable retail deposit.
All other funding from the issuance of cryptoassets (including liabilities where the ultimate holder is not identified) should not contribute any stable funding credit in the NSFR and, under the LCR and NCCF, should be subject to 100% run-off factors.
Funding received from cryptoasset issuers, or any other exposures associated with the reserve assets of a stablecoin, should be treated as an exposure to a financial institution (and so do not contribute any stable funding credit in the NSFR, and should be subject to 100% run-off factors in the LCR and NCCF).
Cryptoasset exposures should not be considered qualifying assets under Guideline A-10, and therefore cannot be included in the calculation of the foreign bank branch deposit.
Group 1 cryptoasset exposures should receive a capital treatment consistent with that of comparable traditional assets, including credit, market and/or other risks.Footnote 10
Group 2 cryptoasset exposures, including the absolute value of short positions, the full notional amount of long option positions and the full notional amount of long forward contracts should be deducted from capital available (for property and casualty, and mortgage insurers) and Tier 1 capital (for life insurers).Footnote 11
Collateral used as a financial resource to reduce capital requirements cannot include Group 2 cryptoasset exposures (e.g., collateral used for unregistered reinsurance).
Foreign insurance branches are not permitted to vest cryptoasset exposures.
Group 2 cryptoasset exposures are subject to two limits expressed as a percentage of Tier 1 capital (for DTIs and life insurers) or as a percentage of capital available (for property and casualty, and mortgage insurers). Specifically, FRFIs should notify OSFI in writing if:
The written notification to OSFI should include the size of the positions, the cryptoasset exposures in question, and the amount of capital held for the positions. OSFI may impose higher capital requirements for large positions.
Excluding exposures to central bank digital currencies (CBDCs), which are outside of the scope of this advisory.
Return to footnote 1
As defined in https://www.fsb.org/wp-content/uploads/P131020-3.pdf. For greater clarity, Bitcoin and Ether are the two most prominent cryptoassets as of this advisory’s publication date; however this definition also includes stablecoins, non-fungible-tokens (NFTs), and other distributed ledger platforms such as Cardano and Solana.
Return to footnote 2
OSFI reserves the ability to modify these criteria for any reason including but not limited to reflect ongoing developments in the cryptoassets market and to reflect evolving international standards. If warranted, OSFI may also apply an exposure limit to Group 1 cryptoassets.
Return to footnote 3
Traditional assets are those assets that are captured within the relevant capital framework and not classified as cryptoassets.
Return to footnote 4
Risks include, but are not limited to, credit, market, and liquidity risks; operational risk (including outsourcing, fraud, and cyber risk) and risk of loss of data; and various non-financial risks, such as data integrity, operational resilience (i.e., operational reliability and capacity), third-party risk management, and Anti Money Laundering/ Countering the Financing of Terrorism (AML/CFT).
Return to footnote 5
Prudential treatment of cryptoasset exposures - second consultation (https://www.bis.org/bcbs/publ/d533.htm)
Return to footnote 6
For example, a tokenised corporate bond will be subject to the same treatment as a comparable traditional corporate bond, and a tokenized bank deposit will be subject to the same treatment as a comparable traditional bank deposit.
Return to footnote 7
Where OSFI notification and/or approval is required in this document, institutions should understand these statements refer to notifying and/or receiving approval from the institution’s lead supervisor, including providing the lead supervisor with relevant supporting materials.
Return to footnote 8
For derivatives referencing derivatives of cryptoasset exposures, institutions require approval from OSFI on the appropriate treatment, which may be higher than the factors listed here.
Return to footnote 9
For example, a tokenised corporate bond will be subject to the same capital requirements as a comparable traditional corporate bond.
Return to footnote 10
Insurers should contact OSFI for the capital treatment of cryptoasset exposures arising in insurance products (e.g., embedded derivative or other exposures).
Return to footnote 11
For this purpose, gross positions are defined as the greater of the absolute value of long and short positions.
Return to footnote 12
Any hedging or diversification benefit should be considered only between instruments referencing the same cryptoasset according to Section 4.4 above.
Return to footnote 13