On 13 March 2019, the Basel Committee on Banking Supervision published a statement on crypto-assets with its minimum prudential expectations regarding banks which have exposures to crypto-assets or provide related services. One area of focus is governance and risk management: the Basel Committee calls for boards to be “provided with timely and relevant information related to the bank’s crypto-asset risk profile.” Boards should also ensure that risk exposures to crypto-assets are incorporated into banks’ internal capital and liquidity measurement processes. What does this mean for directors of bank boards in Luxembourg?

The EBA Guidelines on Internal Governance confer responsibility on the board of directors for setting, approving, and overseeing the implementation of the overall risk strategy, including the institution’s risk appetite and its risk management framework. Here are some practical steps boards can take to ensure they are fulfilling their duties:

  1. adapt the board agenda and include a report on where the institutions may have direct or indirect exposure to crypto-assets and set a regular review schedule (timely and relevant information related to the bank’s crypto-asset risk profile);
  2. adapt the board agenda to include crypto-asset exposures information to be submitted to the competent authorities;
  3. ensure new business procedures are designed to capture and measure crypto-asset risks;
  4. update existing risk management procedures taking into account crypto-asset exposures;
  5. ensure board members and senior management receive training about crypto-assets;
  6. assess whether the risk management function has appropriate staff and expertise to accommodate new initiatives in this growing area; and
  7. develop a plan to address regulatory inquiries regarding crypto-assets and related services.