On 28 June 2018, the Prudential Regulations Authority (“PRA”) published a Dear CEO letter (the “Letter”) sent by its CEO, Sam Woods, to the CEOs of banks, insurance companies and designated investment firms to remind them of the relevant obligations under PRA rules, and to communicate the PRA’s expectations regarding firms’ exposure to crypto-assets.


The PRA acknowledges that firms may have had limited exposure to crypto assets to date and that the underlying distributed ledger or cryptographic technologies on which the crypto-assets rely, have significant potential to benefit the efficiencies and resilience of the financial system. However, the PRA also acknowledges that there are significant risks involved with crypto-assets, as examined below and that firms should be mindful of their responsibilities.


Crypto-assets raise concerns related to misconduct and market integrity as many appear vulnerable to fraud and manipulation, as well as money-laundering and terrorist financing risks. Further, entering into activity related to crypto-assets may also give rise to reputational risks. The risks presented by crypto-assets are relevant to both the Financial Conduct Authority’s (“FCA”) and the PRA’s statutory objectives.

The risk strategies and risk management systems that the PRA considers most appropriate to crypto-assets include the following:

  • recognition by firms that crypto-assets represent a new, evolving asset class with risks which should be considered fully by the board and highest levels of executive management;
  • firms’ remuneration policies and practices should ensure that the incentives provided for engaging in this activity do not encourage excessive risk-taking; and
  • firms should ensure that their risk management approach is commensurate to the risks of crypto-assets. In light of the technical complexity of crypto-assets, firms should ensure that they have access to appropriate, relevant expertise to assess any risks stemming from their exposure to these assets. Moreover, firms should conduct extensive due diligence before taking on any crypto-exposure and maintain appropriate safeguards against all the related risks. This includes not only financial risks, but also operational (including cyber) and reputational risks.


The PRA expects firms to inform their usual supervisory contact of any planned crypto-asset exposure or activity on an ad hoc basis, together with an assessment of the risks associated with the intended exposure.

The Letter states that discussions are ongoing, including amongst authorities internationally, on the prudential treatment of crypto-assets. The PRA will communicate any supervisory or policy updates on the prudential treatment of crypto-assets for banks if deemed necessary, in due course.

To review the Letter please click here.

To review the Dear CEO letter issue by the FCA on crypto-assets and financial crime, please click here.

For more information, and any guidance or advice on cryptocurrencies Cleveland & Co External in-house counsel, your specialist outsourced legal team,are here to help.