Computers and money: the work of the Basel Committee on cryptoassets

Keynote speech by Pablo Hernández de Cos, Chair of the Basel Committee on Banking Supervision and Governor of the Bank of Spain, at the 36th Annual General Meeting of the International Swaps and Derivatives Association, Madrid, 12 May 2022.

BCBS speech  | 
12 May 2022


Good morning, and thank you for inviting me to speak at your 36th Annual General Meeting (AGM). On a personal level, let me welcome all of you to Madrid. I hope that you will have the time to visit and enjoy all that it has to offer. It's great to see meetings and events slowly taking place in-person once again.

I understand that the last time ISDA held an in-person AGM was in April 2019. I don't think it's an understatement to say that the world has changed profoundly since then. A global pandemic, heightened geopolitical tensions and rising stagflationary pressures, to name just a few developments, will continue to shape the risk environment for the banking system over the coming months and years. Vigilance continues to be the watchword for both banks and their supervisors.

But there are also medium-term structural trends and developments that have continued to grow in importance. Most notably, the twin forces of digitalisation and climate-related financial risks will be at the centre of the Basel Committee's priorities over the coming years. Add to this the growing interconnections between banks and non-bank financial intermediation (NBFI) and rising debt (both public and private), and you have no shortage of vulnerabilities that need careful monitoring and management.

I will focus my remarks today on a subset of these structural trends, namely, the Committee's work on digitalisation, with a particular emphasis on cryptoassets. But before I do so, let me first mention another pivotal element of the Basel Committee's work over the coming years.

As just discussed in the previous session, implementing all aspects of the Basel III framework in a full, timely and consistent manner is an imperative for our member jurisdictions.1 Events over the past two years, including the pandemic and the Ukraine conflict, have once again highlighted the importance of having a prudent and robust global regulatory framework in place.2

These events have also underlined how we cannot afford to leave unaddressed the remaining fault-lines in the regulatory framework. We may not always have as much fiscal and monetary space available to respond to future crises as was the case over the past two years. Banks' self-resilience will therefore depend even more critically on their own capital and liquidity resources.

A key aspect of the outstanding Basel III reforms is the revised market risk framework.3 As you know, the revised framework seeks to address a number of shortcomings related to banks' trading books that were painfully exposed during the Great Financial Crisis, including:

  • A porous boundary between the trading and banking book, resulting in exploitative regulatory arbitrage. The gravity of this behaviour during the GFC made it the textbook example for regulatory arbitrage. The revised framework introduces more prescriptive requirements when it comes to the scope of instruments that may, or may not, be included in the trading book.
  • Internal models that lacked robustness and could not account for the magnitude of extreme financial shocks. More than a decade since the GFC, we continue to see how existing value-at-risk (VaR) models are incapable of capitalising against such events: the number of VaR breaches by major internationally active banks in response to market volatility over the past two years exceeded pre-pandemic breaches by an order of magnitude.4 This time is certainly not different. The revised framework replaces VaR with an expected shortfall model that better captures tail risks and limits the discretion available for banks to determine capital requirements.
  • The lack of an appropriate standardised approach to serve as a credible fallback to internal models, thus increasing the incentives for aggressive modelling behaviour and lowballing modelled capital requirements. A fundamentally redesigned standardised approach will bring greater risk sensitivity and serve as the basis for calculating market risk requirements for the "output floor". This, in turn, will help ensure that banks' modelled capital requirements do not fall below a certain level. It will also facilitate the comparability of banks' market risk profiles within and across jurisdictions.

It is in our collective interests to see the Basel III reforms implemented in full and consistently. ISDA and its members can contribute to locking in these financial stability benefits by doubling down their efforts and focus towards implementing these standards. In that regard, allow me to be somewhat blunt: the time for negotiations and lobbying is over. The Committee will in due course evaluate the impact of all of its reforms after they are implemented.5

Cryptoassets and DeFi: some progress, but much more work needed

There was a quip about three years ago that described cryptoassets as "everything you don't understand about money combined with everything you don't understand about computers".6 I think it's fair to say that, since then, our understanding of both the economic and technological dimensions of cryptoassets has deepened.7  

Despite our better understanding of cryptoassets and DeFi, the jury is still out when it comes to ascertaining how best to harness their oft-cited promises and benefits, while mitigating their risks and safeguarding financial stability. The shortcomings of the existing financial architecture are well known, including at times high costs, low speed, limited access and insufficient transparency.8 The purported aims of DeFi and cryptoassets of a seamless, open, inclusive and transparent financial system are certainly noble. Some might also sympathise with the idea of a robust network characterised by its "unstructured simplicity", as originally envisioned by Satoshi Nakamoto.9

Yet we are still some way from such a financial nirvana, as many unanswered questions and challenges remain. First, how many of the existing shortcomings can be better addressed within the existing financial architecture? Do we really need to throw out the baby with the bathwater? For example, the G20 roadmap for enhancing cross-border payments sets out a series of building blocks to improve and develop better payment systems and arrangements, drawing on the work of both public authorities and the private sector.10   

Second, can a truly decentralised financial system ever be achieved in practice? A growing literature has highlighted the "paradox" and "illusion" of today's DeFi setup, where, despite its name, some level of centralisation is inevitable, and where structural aspects could lead to a concentration of power.11 Such criticisms are not limited to stakeholders with vested interests: key proponents of DeFi have also recognised the "trilemma" of having a secure, scalable and decentralised financial system.12

Third, how can we best filter the "noise" from cryptoassets from their proclaimed uses and benefits? How many $3 trillion asset classes exhibit wild swings in valuations based on seemingly odd events, such as tweets published on 20 April or Saturday Night Live skits? How many asset classes market themselves as being "stable" and "currencies" while often failing on both counts?13 How many asset classes can single-handedly cause global shortages in seemingly obscure commodities like tungsten, just because crypto traders "like the pleasing feeling" of holding a tungsten cube?14 To be clear, these are anecdotal examples, but the cumulative nature of such incidents suggests that most cryptoassets today cannot be associated with terms such as "robustness" or "stability". When seen in this light, it's not surprising to see that most central banks are exploring central bank digital currencies (CBDCs) as a potentially more promising route.15

In short, we still do not know if today's DeFi and crypto ecosystem will deliver net benefits to society or not. The much-cited mantra of the usefulness of the underlying distributed ledger technology now needs to be backed up by compelling real use cases that will benefit society as a whole. So, while it's important to keep an open mind, in the meantime more work is needed to answer some of the questions I have outlined.

Cryptoassets and DeFi: the work of the Basel Committee

What does that backdrop mean for the Basel Committee and our mandate to strengthen the regulation, supervision and practices of banks worldwide?

            As a general principle, we know from the history of financial crises that rapid growth in largely unregulated asset classes requires proactive actions by authorities.16 Cryptoassets clearly fit this description: the market grew from about $16 billion five years ago to nearly $3 trillion towards the end of last year. The number of cryptoassets now exceed 6,000.

Some perspective is needed, however. Despite this phenomenal growth, cryptoassets still represent only about 1% of total global financial assets, and banks' direct exposures are relatively limited to date.17

Yet we know that such markets have the potential to scale up rapidly and pose risks to individual banks and overall financial stability. Banks' direct and indirect exposures to cryptoasset markets can in principle arise through a wide range of channels. Indeed, the Committee has identified no fewer than 20 potential such channels for banks, including in their capacity as lenders, issuers, providers of custody services or as market-makers.18 This calls for a forward-looking approach to regulation and supervision to ensure that we continue to meet our mandate today and in the future as technology and market developments continue to evolve.

This is exactly the approach that we are pursuing when it comes to specifying a prudential treatment for banks' exposures to cryptoassets. We set out our initial thinking in this area in 2019 with a discussion paper that included three high-level guiding principles that continue to remain relevant today, namely:

  • Simplicity and caution; the design of the prudential treatment of cryptoassets should be simple and cautious in nature at this stage, in the light of banks' relatively immaterial exposures. We should avoid the illusory quest for "perfect" risk sensitivity.19 As the market, technologies and related services of cryptoassets evolve, the treatment could in principle be revisited.
  • Same risk, same activity, same treatment: a cryptoasset that provides equivalent economic functions and poses the same risks as a "traditional asset" should be subject to the same capital, liquidity and other requirements as the traditional asset. The prudential treatment should, however, account for any additional risks arising from cryptoasset exposures relative to traditional assets.
  • Minimum standards: Any prudential treatment of cryptoassets set by the Basel Committee would constitute a minimum standard for internationally active banks. Jurisdictions would be free to apply additional and/or more conservative measures if deemed warranted, including prohibiting banks from having any cryptoasset exposures.20

Since then, we published an initial consultation paper last year that proposed a regulatory approach that differentiates among three broad types of cryptoasset: tokenised versions of traditional assets, stablecoins and all other cryptoassets.21 We also proposed additional supervisory guidance to ensure that risks from cryptoassets not captured under minimum (Pillar 1) requirements are assessed, managed and appropriately mitigated. And we consulted on new disclosure requirements related to banks' cryptoasset exposures.  

The Committee is now finalising the process of reviewing the comments received on this consultation and plans to issue a further consultation paper in the coming months. As ever, we actively encourage responses from a wide range of stakeholders.

I won't pre-empt the outcome of this work, but let me offer some personal reflections at this stage.

The design and calibration of prudential regulation should reflect our level of knowledge when it comes to new asset classes, including the lack of historical data and our ability to measure and mitigate risks. In this regard, diluting bank capital requirements because of a fear that cryptoasset activities will migrate outside the regulated banking system is not a convincing argument.

I say this for two reasons. First, as mentioned earlier, banks' cryptoasset exposures are currently limited. So we are starting from a low base, which means that there is currently very little activity that could even be shifted.

Second, and looking ahead, if there are unregulated areas of the financial system, including the emergence of a "shadow" crypto financial system, then the appropriate response is to bring these areas within the relevant regulatory perimeter.22 This could in principle be done in various ways, including by regulating such markets directly and/or by requiring cryptoasset activities to be subject to existing regulatory standards, including bank prudential standards where appropriate. This is precisely why the ongoing work by the Financial Stability Board (FSB) to enhance the resilience of NBFI is so critical.23 As agreed by the Group of Governors and Heads of Supervision, the oversight body of the Basel Committee, NBFI-related regulatory and supervisory initiatives "should also safeguard the resilience and agreed prudential standards of the global banking system".24

More generally, the cross-sectional nature of cryptoassets and its public policy questions – including those related to prudential regulation, accounting, taxation, AML/CFT compliance and data privacy – require close and effective collaboration across global standard-setting bodies and international forums. The Committee is actively engaged in related initiatives on cryptoassets, stablecoins and DeFi, including at the G20/FSB level and across the BIS-hosted committees.

Before I end, let me also mention briefly our analytical and supervisory work on the digitalisation of finance. This includes a series of deep-dive thematic assessments on the impact of these trends on banks' business models and strategic responses, the use of artificial intelligence/machine learning (AI/ML) in bank supervision and risk management, and data governance arrangements. The Committee is also carefully monitoring banks' cyber risk management and reliance on third- and fourth-party service providers. In the case of AI/ML, the Committee recently published a newsletter outlining several areas for continued analysis by supervisors.25 We also recently published observations on banks' reliance and risk management of service providers and concentration risk.26 We will continue to discuss and exchange supervisory experiences on all of these topics and stand ready to pursue additional measures if necessary.


In conclusion, fast-paced developments in DeFi and cryptoassets necessitate a proactive and forward-looking regulatory and supervisory approach. Collaboration among authorities and global bodies is key. In deciding how best to harness the potential benefits from such developments while mitigating their risks in a world of uncertainty, it makes sense to err on the side of caution and prudence.27 The Basel Committee's work in this area will be guided by its mandate to strengthen the regulation, supervision and practices of banks worldwide with the purpose of enhancing financial stability. And we will continue to actively seek the views of a wide range of stakeholders, including yourselves.

Thank you.

1 BCBS (2022a).

2 See Hernández de Cos (2022a, 2022b) for more on Basel III implementation. See Borio et al (2020) for a primer on the Basel III reforms.

3 BCBS (2019a).

4 See, for example, Aimone (2022) and Migliorato (2022).

5 Hernández de Cos (2022b).

6 Hernández de Cos (2019). The quip was from Last Week Tonight with John Oliver (2018).

7 See, for example, Aramonte et al (2021), BIS (2020, 2021) and IMF (2021).

8 FSB (2020).

9 Nakamoto (2008).

10 FSB (2021a).

11 See, for example, Carter and Jeng (2021) and Aramonte et al (2021).

12 Buterin (2021).

13 See, for example, Gorton and Zhang (2022) and CFTC (2021).

14 Weisenthal (2021).

15 Kosse and Mattei (2022).

16 Cunliffe (2021).

17 Auer et al (2022).

18 BCBS (2019b).

19 Coen (2018).

20 BCBS (2019b).

21 BCBS (2021b). CBDCs are out of scope of the Committee's current work on specifying a prudential treatment for cryptoassets.

22 Auer et al (2022).

23 FSB (2021b).

24 BCBS (2021a).

25 BCBS (2022d).

26 BCBS (2022c).

27 A principle long recognised in monetary policy (eg Brainard (1967)) and which applies equally to financial stability (eg Bahaj and Foulis (2017)).