New rules on cryptoasset exposures of EU banks
The new EU banking package (CRR3/CRD6) amending the Capital Requirements Regulation and Directive (CRR/CRD) includes a transitional regime for the risk-weighting of EU banks' exposures to cryptoassets that will apply until new legislation implements the Basel Committee's standard on cryptoassets, as well as new provisions on the reporting, disclosure, governance and supervisory review of cryptoasset exposures.
The texts of CRR3 and CRD6 have been adopted by resolutions of the European Parliament. The texts will be published in the Official Journal after endorsement by the Council of the EU and revision and translation into the EU's official languages. CRR3 and CRD6 will then enter into force 20 days after publication. The transitional regime for the risk-weighting of cryptoasset exposures applies from entry into force (which could be in the next few months, depending on when CRR3 and CRD6 are published in the Official Journal) but other new requirements will apply later.
New definitions
CRR3 adds new definitions of 'cryptoasset' and 'crypto asset service' to CRR based on the corresponding definitions in the Markets in CryptoAssets Regulation (MICA) but excluding central bank digital currencies from the definition of a cryptoasset. It also defines a 'cryptoasset exposure' as an asset or an off-balance-sheet item related to a cryptoasset that gives rise to credit risk, counterparty credit risk, market risk, operational risk or liquidity risk.
Risk-weighting of cryptoasset exposures
The Basel Committee on Banking Supervision published its standard for the prudential treatment of cryptoassets in 2022 but this is still subject to possible further technical revision and its implementation deadline has now been deferred until 1 January 2026.
CRR3 envisages that the European Commission will, by 1 July 2025, submit a new legislative proposal for a dedicated prudential treatment for cryptoasset exposures, taking into account MICA and international standards. It envisages that the eventual legislative proposal should include provisions on categorisation of cryptoassets, own funds requirements for cryptoasset risks, limits on cryptoasset exposures, and specific leverage, liquidity, disclosure and reporting requirements and supervisory powers in relation to cryptoasset exposures.
However, CRR3 creates a transitional regime for cryptoasset exposures which applies from entry into force of CRR3 until the application of the new dedicated prudential treatment. The transitional regime categorises cryptoassets differently from the Basel standard and imposes some requirements that are more burdensome than the Basel standard:
- cryptoasset exposures to tokenised traditional assets, including e-money tokens, will be treated as exposures to the traditional assets that they represent, unless their value depends on other cryptoassets (under the Basel standard, this treatment applies to a potentially wider group of tokenised traditional assets and stablecoins, including stablecoins that may be assigned a 250% risk-weighting under the CRR3 transitional regime, but only if they meet specified classification conditions)
- exposures to stablecoins that qualify as asset-referenced tokens as defined in MICA, whose issuers comply with MICA and that reference one or more traditional assets will be assigned a risk weight of 250 % (as mentioned above, the Basel standard envisages that stablecoins meeting the specified classification conditions will be treated in the same way as tokenised traditional assets)
- other cryptoasset exposures will be assigned a risk weight of 1,250 % and must be limited to 1% of the bank's Tier 1 capital (under the Basel standard, other cryptoassets will also be assigned a risk weight of 1,250% weight but the Basel standard sets a 2% upper limit and explicitly envisages the application of adapted market risk rules with netting and a 100% capital charge where hedge recognition conditions are satisfied, unless exposures to other cryptoasset exceed 1% of Tier 1 capital).
For these purposes, traditional assets are assets other than cryptoassets, including financial instruments, deposits and insurance products. In line with the Basel standard, CRR3 also specifies that exposures to cryptoassets are not to be treated as intangible assets deducted from core equity Tier 1 capital.
The European Banking Authority (EBA) will be required to draft regulatory technical standards (RTS) on the calculation of the new requirements, taking into account international prudential standards and existing authorisations under MICA, including the calculation of the value of exposures and how to aggregate short and long exposures. The EBA is required to send its draft RTS to the Commission for adoption within 12 months of entry into force of CRR3. However, CRR3 envisages that banks will be required to comply with the transitional regime from the date of entry into force of CRR3 even though the RTS are not yet available.
Comparison of CRR3 transitional regime and Basel standard
|
CRR3 transitional regime* |
Basel standard |
Group 1 assets |
||
Capital treatment generally based on existing framework |
Tokenised traditional assets, including e-money tokens (unless their value depends on other cryptoassets). |
(meeting specified classification conditions).† |
250% risk-weight |
Asset-referenced tokens whose issuers comply with MICA and that reference one or more traditional assets. |
N/A |
Group 2 assets |
||
1,250% risk-weight |
Other cryptoassets. |
(not meeting specified classification conditions).‡ |
Exposure limit for group 2 assets |
1% of Tier 1 capital. |
2% of Tier 1 capital (but should generally be below 1%). |
Other |
||
Additional requirements |
Reporting, disclosure, governance and supervisory review requirements. |
Operational risk, adapted liquidity requirements, leverage ratio, large exposures, disclosure, risk management and supervisory review requirements. |
Timing |
Regime applies from entry into force of CRR3 but:
|
Implementation by 1 January 2026. |
* RTS will specify calculation of the new requirements, including the calculation of the exposures and how to aggregate short and long exposures. † Supervisors may apply an add-on for perceived infrastructure weakness. ‡ Adapted market risk rules apply with netting and 100% capital charge where hedge recognition conditions are satisfied (unless group 2 assets exceed 1% of Tier 1 capital). The CRR3 transitional regime and the Basel standard do not apply to central bank digital currencies. |
New reporting and disclosure rules
EU banks will also be subject to new requirements to report to supervisors on their cryptoasset exposures. The EBA will be required to draft implementing technical standards (ITS) for these requirements (and to develop IT solutions for this reporting). The new requirements apply from entry into force of CRR3 but any new reporting requirements set out in the ITS will not apply earlier than six months from the date of their entry into force.
CRR3 will also require banks categorised as large institutions to include information related to cryptoassets in their annual 'Pillar 3' disclosures. These disclosures will have to cover:
- the direct and indirect exposure amounts in relation to cryptoassets including the gross long and short components of net exposures
- the total risk exposure amount for operational risk
- the accounting classification for cryptoasset exposures
- a description of the business activities related to cryptoassets and their impact on the bank's risk profile
- a specific description of their risk management policies related to cryptoasset exposures and cryptoasset services.
Banks will have to provide more detailed information for material business activities, including the issuance of 'significant asset-referenced tokens' and 'significant e-money tokens' within the meaning of MICA. When complying with these requirements, banks will not be permitted to rely on the general exemption allowing the non-disclosure of immaterial, confidential or proprietary information. The new requirements apply from entry into force of CRR3 but the EBA will be required to draft ITS specifying uniform formats for these disclosures within 12 months of entry into force of CRR3 (as well as related IT solutions for reporting).
New governance and supervisory review requirements
CRD6 also includes new rules on bank governance and supervisory review specifically covering cryptoasset exposures. Member States will be required to adopt national implementing measures for these rules within 18 months of the entry into force of CRD6 and to apply those rules from the day after the end of the transposition period, meaning that they could apply by early 2026 (assuming that CRD6 is published in the Official Journal in the next few months).
Supervisors will be required to ensure that:
- banks conduct and report on ex-ante assessments of any proposed cryptoasset exposures and the adequacy of existing processes and procedures to manage counterparty risks
- banks' monitoring of concentration risks considers, for cryptoassets without an identifiable issuer, concentration risk in terms of exposure to cryptoassets with similar features
- banks' policies and processes for evaluating and managing exposures to operational risk cover direct and indirect exposures to cryptoassets and cryptoasset service providers
- their supervisory review and evaluation process includes an assessment of banks' governance and risk management processes for exposures to cryptoassets and the provision of services related to cryptoassets including banks' policies and procedures for identifying risks.
Member States will be obliged to ensure that supervisors have powers to require banks to undertake stress testing or scenario analysis to assess risks arising from cryptoasset exposures and from the provision of cryptoassets related services.