A communication on decentralised technologies has been published. The aim is to draw the attention of supervised intermediaries, supervised entities and operators working with solutions based on opportunities and associated risks 16 Jun 2022
The Bank of Italy has published a communication that aims to draw the attention of supervised intermediaries, supervised subjects and those operating in various capacities within the decentralized ecosystems dedicated to finance and crypto-assets. The document aims to highlight the risks of using a range of tools (especially Distributed Ledger Technologies, DLT) that is experiencing an increasing diffusion on the market, also highlighting a series of recommendations to mitigate the possible negative effects.
Index of topics • The benefits and risks of crypto-assets • The regulatory scenario and the reference of the MiCar • Proposals for the regulation of operators The benefits and risks of crypto-assets In particular, notes the Bank of Italy, the stability of the financial system could be compromised "due to the interdependence of the subjects who participate in it, regulated and not, as well as the lack of controls and tools that can limit the effects of unfavorable events. The world of crypto-assets is in fact still largely deregulated. Work is underway at international and European level to design a new set of rules and controls for these products and their "ecosystems" but their entry into force will still take time".
The Bank of Italy is therefore "interested in crypto-assets in the exercise of its multiple functions: prudential control over supervised intermediaries; monitoring the smooth functioning of the payment system; safeguarding monetary and financial stability; combating money laundering and terrorist financing; of customer protection". In principle, " TTTs can bring benefits for users, linked to improvements in efficiency in the provision of financial services, extension of system operating hours, reduction of costs and time for cross-border transactions, increased speed in transfers of financial assets and advancement of the technological frontier, including through enhanced competition", but for this to happen these solutions "must have the characteristics of the most mature technologies", that is, be reliable in the continuity of the service and, in general, resilient to cyber attacks, scalable, efficient from an economic and environmental point of view, with finally a robust and identifiable governance. The regulatory scenario and the reference of micar On the regulatory level, the Bank of Italy underlines how the approval of the Markets in Crypto-assets Regulation (MiCar) will help reduce regulatory uncertainty and favor an orderly development of the crypto-asset market, while not addressing all the different components of crypto-asset ecosystems and their application in decentralized finance. For example, with reference to the objective scope, unique and non-fungible tokens, such as works of digital art, are excluded from MiCar, at the state of the negotiations underway at the EU institutions . From a subjective point of view, the regulation then introduces rules applicable to clearly identifiable entities, which do not exhaust the number of subjects involved in decentralized finance systems. Therefore, the programmers (of smart contracts) and the holders of governance tokens of the so-called "Decentralised Autonomous Organization" (Dao) will not be regulated; the so-called unhosted wallets, software that enable peer-to-peer exchange between addresses on Dlt, will also remain outside the scope of application. This justifies the need for the Authorities to adopt a proactive attitude, aimed at ensuring that market developments are immediately based on safety features In introducing a discipline of the crypto-asset market, which will also supervise new categories of subjects, MiCar will recognize an important role for banks and other supervised financial intermediaries; the latter can perform a variety of possible functions within the ecosystems of crypto-assets, contributing to their operation, supporting and facilitating the transfer of tokens, custody, interactions with owners and movements in and out of the ecosystem. Pending the definition of the indications being developed at international and European level, regardless of the specific type of operations in the crypto-asset sector, the current prudential regimes contain principles to which banks and other supervised intermediaries can immediately refer to assess and monitor the risks associated with the possible start of operations in crypto-assets. The Bank of Italy speaks, for example, of the issuance and/or redemption of crypto-assets (where applicable); custody and management of the reserve in the case of asset-linked stablecoins; management of infrastructures and validation of transactions; provision of services related to crypto-assets such as: digital wallet (wallet), exchanger, trading platform, execution of orders, placement, receipt and transmission of orders on behalf of third parties, advice. Intermediaries, on the other hand, on the basis of the rules and good practices already applicable today, are called upon to ensure: the timely involvement of corporate governance bodies and second and third level control functions, from the initial phase of study of the initiatives, to assess their compliance with current regulations, consistency with strategic guidelines, risk governance objectives and policies, as well as their economic and financial sustainability. But there is also a need for adequate information flows to corporate bodies and internal control functions regarding the level and trend of their exposure, direct or indirect, to all types of risk related to operations in the crypto-asset sector. Particular attention should be paid to the adequate monitoring of the risks of money laundering and terrorist financing related to operations in crypto-assets – including the risk of circumvention of international sanctions – as well as reputational and legal risks, also taking into account the evolving regulatory framework. The same applies to the adequacy of processes and procedures aimed at ensuring the identification, assessment and mitigation of risks (reputational or otherwise) deriving from outsourcing or the use of services provided by third parties, even if they cannot be qualified as outsourcing (e.g. operators specialized in the custody of digital assets, wallets, trading platforms). Proposals for operator regulation Entities providing technology to support banking, financial and payment services are already subject, under certain conditions, to prudential provisions for outsourcing and supervisory controls. With specific regard to operations in crypto-assets and the use of decentralized technologies in finance, also in relation to the monitoring of systemic risk and the proper functioning of the payment system, the Bank of Italy invites operators and technology suppliers, as appropriate, to take into account that: "it is essential that the management of technology is based as much as possible on a clear and defined governance as well as on management requirements for the various risks (eg operational, cyber, information and data protection) to which the developers of the programs that determine the functioning of the DLT or the subjects on which the powers of management of the operation of the DLT are concentrated should refer. "Technology service providers, where clearly identifiable, may fall within the scope of supervisory rules as outsourcee of supervised intermediaries and/or be subject to supervisory controls by virtue of the application, under certain conditions, of the principles of oversight of the payment system," the document explains. "Controls on these subjects could extend to monitoring peer-to-peer transactions, enabled by software; in this sense, the providers of the technologies used and the supporting functionalities should ensure the availability of adequate. Infrastructures that enable the function of transferring crypto-assets, with particular regard to those pegged to a single fiat currency and that constitute a component of the trading platforms on which they are traded, should comply with the supervisory principles applicable to financial infrastructures, with particular reference to those related to governance and integrated risk management". Finally, crypto-assets with a payment function and the functionalities that support their offer and use should comply with the principles of oversight of instruments, schemes, arrangements, with particular reference to those relating to the soundness of the legal basis, governance, as well as credit and liquidity risk. In particular, in order to ensure reimbursement and be "safer" for users and issuers, the reserves of asset-based stablecoins should reflect as closely as possible the composition and value of the basket or individual asset to which they relate.