EU Capital Requirements Regime and cryptoassets

The EU Capital Requirements Regime introduces a variety of definitions, as well as governance and disclosure measures for firms in relation to the management of exposures to cryptoassets. This regime has been developed in light the EU Markets in Cryptoassets regulation (MiCA) - which introduces a regulatory regime for cryptoasset services, cryptoasset service providers, issuers of asset-referenced tokens and issuers of electronic money tokens (for more information, see our briefing here). The regime has also been developed in response to the BCBS standard for the prudential treatment of cryptoasset exposures, which was finalised in 2022 (see our briefings here and here for more information). This proposal classifies cryptoassets into two groups: cryptoassets meeting the full set of classification conditions subject to capital requirements based on risk weights of underlying exposures set out in the existing Basel framework (Group 1); and cryptoassets failing to meet any of the classification condition and therefore subject to a more conservative capital treatment (Group 2).

CRR III

• Definitions: "Cryptoasset” is a cryptoasset as defined in Article 3(1) of MiCA that is not a central bank digital currency. "Cryptoasset exposure" means an asset or an off-balance-sheet item related to a cryptoasset that gives rise to credit risk, counterparty credit risk, market risk, operational risk or liquidity risk. “Tokenised traditional asset” is to mean a type of cryptoasset that represents a traditional asset, including an e-money token. Other definitions relevant for the regime include "traditional assets" (i.e. any asset other than a cryptoasset including deposits and financial instruments).
• Reporting requirement: Article 430 is amended to require institutions to disclose their exposures to cryptoassets.
• Disclosure of exposures to cryptoassets and related activities: New article Article 451b requires disclosure of exposures to cryptoassets and related activities. This includes: the direct and indirect exposure amounts in relation to cryptoassets (including the gross long and short components of net exposures); the total risk exposure amount for operational risk; the accounting classification for cryptoasset exposures; and a description of business activities related to crypto-assets, and their impact on the risk profile of the institution. In relation to the requirement concerning the description of the business activities related to crypto-assets, institutions will be required to provide more detailed information on material business activities, including on the issuance of significant asset-referenced tokens and of significant e-money tokens and on the provision of cryptoasset services under Articles 60 and 61 of MiCA
• Legislative proposal for prudential treatment: The recitals refer to the BCBS standard for the prudential treatment of cryptoasset exposures (see our briefings here and here), noting that the application date for the standard is 1 January 2025 (this has since been pushed back to January 2026). The European Commission is to submit a legislative proposal to introduce a dedicated prudential treatment for exposures to crypotassets, taking into account international standards. The proposal is to include: criteria for assigning cryptoassets to different cryptoasset categories based on their risk characteristics and compliance with specific conditions; specific own funds requirements for all the risks entailed by different cryptoassets; an aggregate limit for exposures to specific types of cryptoassets; specific leverage ratio requirements for cryptoassets exposures; specific supervisory powers as regards crypto-asset exposure assignment, monitoring and calculation of the own funds requirements; specific liquidity requirements for cryptoasset exposures; and disclosure and reporting requirements.
• Transitional regime for prudential treatment of cryptoasset exposures: Until entry into application of the legislative proposal, institutions are to calculate own funds requirements for exposures to cryptoassets as follows: cryptoasset exposures to tokenised traditional assets are to be treated as exposures to the traditional assets that they represent; exposures to asset-referenced tokens whose issuers comply with MiCA and that reference one or more traditional assets are to be assigned a 250 % risk weight; other types of exposures to cryptoassets are to be assigned a 1250% risk weight and are not to exceed 1% of the institution's Tier 1 capital. Cryptoasset exposures to tokenised traditional assets whose values depend on any other cryptoassets are to be assigned a 1250% risk weight. The EBA is to prepare RTS setting how institutions calculate their own funds requirements, including calculating the value of the exposures and aggregating short and long exposures. EBA is to take into consideration the BCBS standards as well as existing authorisations in the EU under MiCA. The EBA is to submit the draft RTS to the European Commission by 10 July 2025.

CRD VI

• Risk management: Requiring institutions with direct or indirect exposures to cryptoassets/providing related services to any form of cryptoasset to have risk management policies, processes and practices in place to appropriately manage risks caused by their exposure to cryptoassets. Risk management activities of institutions to consider cryptoasset technology risks.
• Counterparty risk: Institutions to carry out ex-ante assessments of any cryptoasset exposures they intend to take on and of the adequacy of existing processes and procedures to manage counterparty risks.
• Concentration risks: Details on how to characterise concentration risks (for cryptoassets without issuers, the concentration risk will be considered in terms of exposure to the cryptoassets with similar features cryptoassets).
• Market risk: Competent authorities to ensure that institutions conduct ex-ante assessments of any cryptoasset exposures they intend to take on and of the adequateness of existing processes and procedures to manage market risks, and report on those assessments to their competent authority.
• Operational risk: Institutions are to implement policies and processes to evaluate and manage the exposures to operational risk, including risks arising from direct and indirect exposures to cryptoassets and CASPs.
• SREP: Review to include the assessment of institutions’ governance and risk management processes for exposures to cryptoassets and the provision of services related to cryptoassets (to include institutions’ policies and procedures for identifying risk).
• Supervisory powers: Supervisors can require institutions to carry out stress testing or scenario analysis to assess risks arising from cryptoasset exposures and from the provision of cryptoasset services.