On 28 June 2018, the PRA published a letter reminding CEOs of banks, insurance companies and designated investment firms of their obligations under PRA rules, and to communicate the PRA’s expectations regarding firms’ exposure to crypto-assets.


The PRA reminds firms of their responsibilities under the PRA’s Fundamental Rules 3, 5 and 7 to: (i) act in a prudent manner; (ii) have effective risk strategies and risk management systems; and (iii) deal with regulators in an open and co-operative way, and disclose appropriately anything relating to their firm of which the PRA would reasonably expect notice.

The risk strategies and risk management systems that the PRA considers most appropriate to crypto-assets include:

  • recognition by firms that crypto-assets represent a new, evolving asset class with risks which should be considered fully by the board and highest levels of executive management;
  • firms’ remuneration policies and practices should ensure that the incentives provided for engaging in this activity do not encourage excessive risk-taking; and
  • firms’ risk management approach is commensurate to the risks of crypto assets.


The PRA states that prudential classification will depend on the precise features of the assets although crypto-assets should not be considered as currency for prudential purposes. Where relevant, firms should set out their consideration of risks relating to crypto-exposures in their Internal Capital Adequacy Assessment Process or Own Risk and Solvency Assessment.