OSFI Publishes First Interim Framework for Cryptoassets held by Federally Regulated Financial Institutions
On August 18, 2022, the Office of the Superintendent of Financial Institutions (“OSFI”) issued an advisory (the “Advisory”) setting out its interim approach for cryptoassets held by federally regulated financial institutions (“FRFIs”). The Advisory applies to banks, federal trust and loan companies, federally-regulated life insurance companies and fraternals and federally-regulated property and casualty companies.
The Advisory builds on the consultation letter OSFI published in July 2021 (which we previously discussed in a separate blog post) following the Basel Committee on Banking Supervision (the “Basel Committee”) consultation paper on the prudential treatment of cryptoasset exposures (which we also previously discussed in a separate blog post). The Basel Committee subsequently issued a second consultation paper on the same topic in June 2022 (the “Second Consultation Report”).
The Advisory outlines OSFI’s expectations with respect to prudential treatment of cryptoasset exposures, guided by the view that FRFIs should apply a conservative treatment and set prudent limits in relation to such exposures. The Advisory also provides further guidance on how FRFIs should approach the capital and liquidity treatment of cryptoasset holdings.
According to OSFI’s press release, the interim approach outlined in the Advisory is intended to help ensure that FRFIs adopt a cautious approach to using cryptocurrencies and develop sound risk management policies and practices concerning their cryptoasset holdings, helping to further safeguard the resiliency and stability of the Canadian financial system.
While OSFI is encouraging early adoption of the guidance, the interim approach will be officially effective at the beginning of a FRFI’s Q2 2023 reporting period.
The Advisory concludes with a list of ten consultation questions, the responses to which should help to inform the next iteration of the Advisory (the “Consultation Questions”).
Cryptoassets and Cryptoasset Exposures
The Advisory defines cryptoassets as “digital assets that depend primarily on cryptography and distributed ledger or similar technology”, which OSFI has stated includes cryptocurrencies such as bitcoin and ethereum, stablecoins, and non-fungible tokens (“NFTs”). The Advisory defines cryptoasset exposures as including both direct and indirect exposures to cryptoassets, where “indirect exposures include all instruments referencing cryptoassets, such as (but not limited to) derivatives, mutual funds, exchange traded funds (“ETFs”), units of trusts and partnerships, or shares in a corporation.”
The Advisory states that OSFI “expects FRFIs to take a prudent approach to the interpretation of what constitutes a cryptoasset exposure.”
The Advisory groups cryptoassets into the following two groups, utilizing a simplified version of the categorization method used in the Second Consultation Report:
- Group 1 Cryptoassets (Tokenized Cryptoassets and Stablecoins) must meet a series of conditions intended to identify tokenized traditional cryptoassets and stablecoins.
- Tokenized traditional cryptoassets are defined as “digital representations of traditional assets[1] using cryptography, distributed ledger technology or similar technology to record ownership.”
- Cryptoassets that reference other cryptocurrencies as the underlying asset or use protocols to control the supply of the cryptoasset (algorithm-based stablecoins) would not fall in this group.
- To fall under Group 1, assets are also required to meet all of the following conditions:
- A legal opinion must be obtained confirming that all rights, obligations and interests arising from the cryptoasset are: clearly defined, legally enforceable in all relevant jurisdictions, and consistent with the rights, obligations, and interests (i.e. the risks) associated with comparable traditional assets.
- A legal opinion must be obtained confirming settlement finality of the cryptoasset.
- All entities performing transfer, settlement or redeemability functions of the cryptoasset must follow robust risk governance and risk control policies and practices to address all significant risks.
- All entities that execute redemptions, transfers, storage, or settlement finality of the cryptoasset, or manage or invest reserve assets, must be regulated and supervised, or subject to appropriate risk management standards.
- For a stablecoin to receive Group 1 treatment, the issuer must be prudentially regulated and subject to capital and liquidity requirements that are comparable to those of OSFI.
- Group 2 Cryptoassets (Other Cryptoassets) are a residual category that captures all cryptoassets not in Group 1 (i.e. that they fail to meet one or more of the above criteria) and would include most cryptocurrencies, including bitcoin.
A cryptoasset exposure would be classified as a Group 1 exposure if its value or risk is “substantially determined” by the value of a cryptoasset that is part of Group 1. Otherwise, it would be classified as a Group 2 exposure.
Overall, the Advisory provides that that Group 1 cryptoassets are generally to receive similar prudential treatment as comparable traditional assets (although in some cases notification to OSFI and a written agreement with OSFI may be required (see below under Counterparty Risk)), while Group 2 cryptoassets are subject to specific and more conservative prudential treatment.
To our knowledge, none of the stablecoins which are currently available in Canada would satisfy the criteria for Group 1 inclusion under the Advisory. In particular, the requirement for a legal opinion regarding settlement finality may exclude from Group 1 asset catagorization any stablecoin (or other crypto asset) that trades on a proof of work network. For example, the Bank of Canada in 2017 published a report regarding Project Jasper in which it found that “the analysis thus far is suggestive that [distributed ledger technology] platforms that employ a “proof-of-work” consensus protocol, as was built in Phase 1, do not deliver the necessary settlement finality and low operational risk expected of core settlement systems.” In the Consultation Questions, OSFI seeks alternatives to this requirement which, “would achieve a similar risk mitigation outcome without being as exclusionary.”
We also note that OSFI did not incorporate the Basel Committee’s subcategories for Group 1 assets into the Advisory. The Second Consultation Report suggested that tokenized traditional assets fall into Group 1a while cryptoassets with effective stabilisation mechanism (stablecoins) would fall under Group 1b.
Group 2 Cryptoasset Exposure Limits for all FRFIs
- All FRFIs will be subject to the following limits with regards to their Group 2 cryptoasset exposures, and will need to notify OSFI in writing if they exceed these limits:
- Total gross positions across all Group 2 cryptoasset exposures exceeding 1% of Tier 1 capital (for deposit taking institutions (“DTIs”) and life insurers) or capital available (for P&C and mortgage insurers).
- Total net short positions across all Group 2 cryptoasset exposures exceeding 0.1% of Tier 1 capital (for DTIs and life insurers) or capital available (for P&C and mortgage insurers).
If a FRFI exceeds either or both of the above limits, their written notification to OSFI should include the size of the positions, the cryptoasset exposures in question and the amount of capital held for the positions.
Currently, the capital requirements for Group 2 cryptoassets do not differentiate among the various types of cryptoassets prevalent in the global markets today. Consequently, under the Advisory, the same capital treatment would apply to a FRFI’s exposure to (for example) bitcoin, USD Coin and Shiba Inu, notwithstanding what many would consider to be material differences among the risk profiles of these assets. In the Consultation Questions, OSFI seeks suggestions for criteria that could help identify stablecoins that would warrant a differential capital treatment, including criteria to address counterparty and liquidity risks, as well as reasonable disclosure requirements.
Treatment of FRFI Cryptoasset Exposures
FRFIs are required to maintain adequate capital in accordance with the Capital Adequacy Requirements (CAR), Life Insurance Capital Adequacy Test (LICAT), Minimum Capital Test (MCT) and Mortgage Insurer Capital Adequacy Test (MICAT) guidelines and to maintain appropriate forms of liquidity. The Advisory contains guidance on the treatment of cryptoasset exposure under each guideline.
Capital Adequacy Requirements (CAR)
FRFIs must meet certain minimum ratios of the FRFI’s capital divided by risk-weighted assets (RWA).
The Advisory provides further guidance on determining RWA for credit risk, counterparty credit risk (a component of credit risk) and market risk in respect of cryptoasset exposure.
Credit Risk
Group 1 cryptoassets and cryptoasset exposures would be eligible to count towards certain FRFI capital and collateralization requirements, subject to a haircut similar to that of traditional assets, while Group 2 cryptoassets and cryptoasset exposures would not make any contribution to FRFI capital or collateralization requirements and would be subject to a 100% haircut.
Short positions in Group 2 cryptoasset exposures are not permitted in a DTI’s banking book, as these positions have unlimited risk.
In the Consultation Questions, OSFI notes that the treatment of Group 2 cryptoassets held as collateral is consistent with the capital treatment for unhedged positions in the trading book for DTIs. OSFI seeks input regarding hedging practices that appropriately mitigate the volatility of the collateral and could warrant a lower haircut (i.e. some capital / collateralization credit).
Deposit-Taking Institutions
DTI Counterparty Credit Risk
Counterparty credit risk is the risk that the counterparty to a transaction could default before the final settlement of the transaction's cash flows. Counterparty credit risk from banking book exposures and trading book exposures is one of the components of the credit risk RWA calculation outlined above. This applies to long settlement transactions, securities financing transactions and margin lending transactions.
- The Advisory notes that derivatives referencing Group 1 cryptoassets may be subject to the same rules to determine counterparty credit risk exposures as comparable traditional assets only after a FRFI notifies and receives a written agreement from OSFI. Until a written agreement is provided by OSFI, such derivatives should be treated as Group 2 cryptoassets and be placed into their own netting set.[2]
- The Advisory notes that a new asset class called “Group 2 Crypto” has been created to calculate the potential future exposure (“PFE”) for derivatives directly referencing Group 2 cryptoassets. A perfect correlation to all other asset classes is assumed, with the Group 2 Crypto asset class possessing certain characteristics outlined in the Advisory.
- The calculation of the PFE for derivatives referencing indirect cryptoasset exposures should follow the treatment under the equity derivatives section of chapter 7 of the 2023 CAR Guideline, and a supervisory factor of 40% should be used for these derivatives with the correlation and options volatility amounts set at 50% and 150%, respectively. This is equivalent to the supervisory factor and supervisory option volatility of electricity as a commodity, which are both currently the highest under the asset classes listed under the CAR guideline[3]. In contrast, single name equity has a supervisory factor of 32% and a supervisory option volatility of 120%.
DTI Market Risk
Market risk requirements under the CAR Guideline apply to internationally active institutions and institutions designated by OSFI as domestic systemically important banks (D-SIBs). Generally, derivative, repurchase/reverse repurchase, securities lending and other transactions booked in the trading book of such institutions are subject to both the market risk and the counterparty credit risk capital requirements. Other assets of the institution are to be treated under one of the credit risk approaches.
- DTIs may only apply the market risk framework under the CAR Guideline to cryptoasset exposures if they are approved by OSFI to apply the market risk framework and have notified OSFI about how cryptoasset exposures will be treated within the framework.
- Until approval is received by OSFI, cryptoasset exposures are to be treated exclusively under the credit risk framework as banking book exposures (discussed above).
OSFI has outlined certain factors in the Advisory which it expects DTIs intending to trade cryptoassets take into account as part of their decision-making process and risk management of exposures.
In the Consultation Questions, OSFI seeks input on “aspects that should be kept in mind with respect to cryptoasset exposures with embedded derivatives”. The Basel Committee defines an embedded derivative to mean “a component of a financial instrument that includes a non-derivative host contract. For example, the conversion option in a convertible bond is an embedded derivative.” Embedded derivatives are essentially non-derivative contracts with a derivative feature.
Liquidity Adequacy Requirements (LAR)
Leverage Limits
- The Advisory notes that cryptoasset exposures are to be treated consistent with other leverage exposures.
Liquidity Treatment
- The Advisory notes that Group 1 cryptoasset exposures are to receive liquidity treatment that is consistent with comparable traditional assets (as set out in the LAR guideline), whereas Group 2 cryptoasset exposures should not contribute any liquidity value.
- The Advisory also notes that funding from Group 1 cryptoassets should qualify for a liquidity treatment with comparable traditional assets and that Group 1 cryptoassets are not permitted to be recognized as a stable retail deposit.
- All other funding from the issuance of cryptoassets should be subject to 100% run-off factors. Funding received from cryptoasset issuers, or any other exposures associated with the reserve assets of a stablecoin, should be treated as an exposure to a financial institution.
Consequently, the Advisory generally indicates that a FRFI which holds reserve assets on behalf of a stablecoin issuer would treat the amount on deposit as debt owed by an financial institution. Pursuant to the CAR Guideline, under the Standardized Approach, exposures to deposit taking institutions and banks are subject to risk weights ranging from 20% to 150% (with 100% applicable to unrated entities) depending on their credit rating, the same as exposures to corporate issuers.
Foreign Bank Branch Deposit Requirement
- The Advisory notes that cryptoasset exposures in either group should not be considered qualifying assets under the Foreign Bank Branch Deposit Requirement (A-10) guideline, and therefore cannot be included in the calculation of the foreign bank branch deposit.
Treatment of Insurer Cryptoasset Exposures
In the Consultation Questions, OSFI seeks input on whether it would be appropriate to incorporate the calculation of an exposure amount under the current exposure method for derivatives referencing cryptoassets by insurance companies, which are currently required to deduct the full notional amount of any derivative referencing a cryptoasset. OSFI also asks whether the deduction should apply to derivatives referencing a portfolio with only partial cryptoasset exposure (e.g., 25% cryptoasset and 75% other assets).
Next Steps
FRFIs with exposure to cryptoasset activities or intending to gain exposure to such activities can send any questions related to the interim approach to OSFI. OSFI is also encouraging all FRFIs to provide comments to the Basel Committee on the Second Consultation Paper.
OSFI also notes that it will update this interim approach as needed to reflect new developments in areas, such as (i) the Government of Canada’s legislative review of the digitalization of money as outlined in Budget 2022 (which we previously discussed in a separate blog post), (ii) responses to OSFI’s consultation questions (outlined below), (iii) the Basel Committee final guidance on cryptoasset exposures and (iv) developments in the cryptoasset market.
Consultation Questions
Lastly, OSFI is seeking feedback on ten consultation questions to help it update this guidance (please see here for a full list of the questions). We have referenced many of OSFI’s questions within this article. The last question is open-ended, welcoming comments on “any other elements that OSFI should consider for the next iteration” of the Advisory. FRFIs and crypto asset market participants are encouraged to provide feedback to OSFI by email at [email protected] by October 14, 2022.
For more information about our firm’s Fintech expertise, please see our Fintech group’s page.
[1] The Advisory notes that traditional assets are assets that are captured within the relevant capital framework and are not classified as cryptoassets. Examples of tokenized traditional cryptoassets include tokenised corporate bonds and tokenized bank deposits.
[2] Paragraph 3 of chapter 7 of the 2023 CAR Guideline defines a netting set as a group of transactions with a single counterparty that are subject to a legally enforceable bilateral netting arrangement and for which netting is recognized for regulatory capital purposes under chapter 4 or the Cross-Product Netting Rules set forth in chapter 7 of the 2023 CAR Guideline. Each transaction that is not subject to a legally enforceable bilateral netting arrangement that is recognized for regulatory capital purposes should be interpreted as its own netting set for the purpose of these rules.
[3] See Table at para. 162 of https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/CAR22_chpt7.aspx#7.1.7.10 for the full list.