Looking, but not touching
Question: What risk management frameworks do you expect to put in place as and when cryptocurrencies become legal and start gaining traction?
Large parts of the world at showing a lot of interest in crypto currencies. Bitcoin and others have been rising despite some drops. The financial sector however has only a little to say on the subject. Here are responses from 13 of our participants.
ABHILASH BALAN, CISO at Digit Insurance
Currently the same is not legal in India and have much less data to comment on the risks associated with it.
ANIL PINAPALA, CEO at Vivifi India Finance
We have a strong regulator in India - Reserve Bank of India - and I am sure that the regulatory framework for cryptocurrencies set up by them will be the driving force for all processes of transacting with them. We are strongly guided by the central bank’s guidance in managing the risks associated here.
AVNEESH TRIVEDI, CRO at Moneyboxx Finance
We need to wait for RBI guidelines on this. Fintech in blockchain space is going to be fiercely competitive. The big push will be for startups who want to raise funds through Initial Coin Offerings.
BIKASH CHOUDHARY, Appointed Actuary & Chief Risk Officer at Future Generali India Life Insurance
Cryptocurrencies are in a very nascent stage and regulators are yet to decipher their adoption. While not illegal, they are not regulated. In India, we do not have a regulatory framework to govern its functioning till date, but the Indian government is exploring crypto regulation in consultation with industry experts and regulators. As cryptocurrency is still an exploratory phase in India defining a risk management framework around cryptocurrencies will not be appropriate at this stage.
DAMODARAN C, Vice President & Chief Risk Officer at Federal Bank
Cryptocurrencies carry high risk, as evidenced by the huge volatility in value. RBI and the Central Government have often alerted the public about the high risk involved. The debate as to whether these are currencies or assets is still on. Against this background, it is too early to have an opinion on the cryptocurrency-related risk management framework. The evolution of legal, regulatory and risk management frameworks for dealing in cryptocurrencies in the country is expected to be accelerated, with the verdict of the Supreme Court and the subsequent clarification from RBI enabling customers to avail banking services in connection with their dealing in virtual currencies. RBI has recently advised regulated entities to carry out customer due diligence in line with the existing regulations like KYC, AML, CFT and obligations under PMLA, in addition to ensuring compliance with FEMA for overseas remittances.
Cryptocurrencies may not easily gain acceptance as a medium of exchange and may remain a speculative asset in the near to medium term in future. A few central banks are designing their own digital currencies, which are naturally expected to gain traction and acceptance as a medium of payment. As Central Bank Digital Currencies gain traction, central banks are expected to come out with regulations for cross border transactions as well as domestic holdings in digital currencies providing the platform for banks to build their risk management systems.
Given the high-risk nature of cryptocurrency as an asset class, banks may tread very cautiously in assuming exposures. Cryptocurrencies are susceptible to technology and cybersecurity related risks, given that blockchain technology is their operating platform. We have already identified blockchain as a fast-emerging technology with wider scope for application in the domain of banking and finance and put in place security standards for its use in line with the prevailing best practices.
Bank will tread with caution as far as assuming exposure to cryptocurrencies are concerned and tighten the risk management framework on use of blockchain technology to address technological and other associated risks. Vulnerabilities of blockchain to technological and operational failures will be addressed by building robust governance framework and business continuity measures, inter alia, including appropriate incident response and recovery time.
Though the distributed database and the cryptographically sealed ledger reasonably mitigate corruption of data, the value stored in customer wallet is susceptible to theft. Confidentiality of data stored is also exposed to risk, as transactions appended to the ledger can be accessed by all the participants. Even in a permissioned network where data could be stored in a hashed format, metadata available to the participants can be monitored to get information on the type of activity and the volume associated with the activity.
A robust technological framework needs to be evolved to mitigate the risks involved. Creating technological as well as cybersecurity awareness associated with the underlying technology among the staff and customers would be one of the challenges that needs to be addressed from a risk management perspective. Appropriate monitoring mechanisms and exposure limits will have to be put in place to manage the risks. Legal and regulatory risks around smart contracts involving blockchain technology also will have to be carefully evaluated
and mitigated.
More clarity needs to emerge on regulatory and legal framework around enforceability and governance of smart contracts within a network, inter alia, covering interactions between such contracts as well as with the external legal and regulatory framework. The developments in the domain of cryptocurrencies and blockchain technology will be keenly watched going forward and appropriate stand will be taken at the right time, duly upholding business prudence.
K R MOHANACHANDRAN, Chief Risk Officer at ESAF Small Finance Bank
The BCBS’ March 2019 statement on cryptoassets articulates its minimum expectations for banks’ exposures to crypto-assets and related services. These expectations apply to jurisdictions that do not prohibit such exposures and services, and may be further augmented by additional country-specific requirements. In December 2019, the committee said in a statement that the immature nature of the asset class meant there were still significant challenges for regulators to deal with.
Due to the volatility of cryptocurrencies, banks will have to impose restrictions and stringent margins where the bank accepts cryptocurrency as value rather than as a medium of exchange. A secondary concern would be increased scrutiny of transactions in cryptocurrencies from AML/CFT perspective given the fact that cryptocurrencies are the preferred medium of payments on the dark web.
PRITHVI CHANDRASEKHAR, President Risk & Analytics at InCred
We don’t deal with cryptocurrencies right now. We look forward to the technology and regulatory environment for crypto becoming more stable, so we can weave these emerging technologies into our business model.
RAKESH BANSAL, Chief Risk Officer at Hero Housing Finance
I will avoid cryptocurrency players as lot of money laundering and terrorist funding exists through digital currencies. We have defined this as negative segment in our credit policy.
ROOPAM ASTHANA,
CEO & WTD, Liberty General Insurance
Cryptos are still unregulated and there is no framework to govern. It will not become a legitimate investment horizon, till it is approved by the regulator (RBI). Further, insurance regulator (IRDAI) and Insurance
Council will have to take further cognisance. At present, it is only speculative and highly volatile.
SADAF SAYEED, CEO at Muthoot Microfin
There will be huge risk arising from the use of cryptocurrencies. These may be in the form of wallet vulnerability, double spending, risk of rogue miners, volatility and liquidity risk and reputational risk for the organization. There will be requirement of the multi-fold risk management strategy. This will be in the form of automated monitoring as well as tracking of incidence as well as alerts.
SUJAY DAS, Chief Risk Officer at MoneyTap
It is difficult to c o mment a b o u t cryptocurrencies at this point. It has to be seen how the central bank rules and regulations come in for cryptocurrencies and their acceptance. Then risk management strategies and frameworks can be built around that.
SUNDER NATARAJAN, Chief Compliance & Risk Officer at IndiaFirst Life Insurance
Avoid is the mantra for now. This is a domain where we have limited expertise and we would not want to venture into it unless it stabilizes and we have stronger legislation and controls.
VENKATA JAYARAMAN M., Chief Risk Officer at Fincare Small Finance Bank
On the radar are NIST 800-53, ISO 27001, RBI cybersecurity frameworks and any other relevant advisories received from regulatory bodies, industry associations or best practices.
SUMMARY
No one wants to touch the crypto currency business until the regulator or the government lays a roadmap. The risk officers prefer to apply their mind only when they get this clarity. What this also implies is that none of the financial organizations (or perhaps a very small number) are really interested in making an early move to grab the opportunity.