Banking Frontiers

Looking, but not touching

Question: What risk management frameworks do you expect to put in place as and when cryptocurr­encies become legal and start gaining traction?

Large parts of the world at showing a lot of interest in crypto currencies. Bitcoin and others have been rising despite some drops. The financial sector however has only a little to say on the subject. Here are responses from 13 of our participan­ts.

ABHILASH BALAN, CISO at Digit Insurance

Currently the same is not legal in India and have much less data to comment on the risks associated with it.

ANIL PINAPALA, CEO at Vivifi India Finance

We have a strong regulator in India - Reserve Bank of India - and I am sure that the regulatory framework for cryptocurr­encies set up by them will be the driving force for all processes of transactin­g with them. We are strongly guided by the central bank’s guidance in managing the risks associated here.

AVNEESH TRIVEDI, CRO at Moneyboxx Finance

We need to wait for RBI guidelines on this. Fintech in blockchain space is going to be fiercely competitiv­e. The big push will be for startups who want to raise funds through Initial Coin Offerings.

BIKASH CHOUDHARY, Appointed Actuary & Chief Risk Officer at Future Generali India Life Insurance

Cryptocurr­encies are in a very nascent stage and regulators are yet to decipher their adoption. While not illegal, they are not regulated. In India, we do not have a regulatory framework to govern its functionin­g till date, but the Indian government is exploring crypto regulation in consultati­on with industry experts and regulators. As cryptocurr­ency is still an explorator­y phase in India defining a risk management framework around cryptocurr­encies will not be appropriat­e at this stage.

DAMODARAN C, Vice President & Chief Risk Officer at Federal Bank

Cryptocurr­encies carry high risk, as evidenced by the huge volatility in value. RBI and the Central Government have often alerted the public about the high risk involved. The debate as to whether these are currencies or assets is still on. Against this background, it is too early to have an opinion on the cryptocurr­ency-related risk management framework. The evolution of legal, regulatory and risk management frameworks for dealing in cryptocurr­encies in the country is expected to be accelerate­d, with the verdict of the Supreme Court and the subsequent clarificat­ion from RBI enabling customers to avail banking services in connection with their dealing in virtual currencies. RBI has recently advised regulated entities to carry out customer due diligence in line with the existing regulation­s like KYC, AML, CFT and obligation­s under PMLA, in addition to ensuring compliance with FEMA for overseas remittance­s.

Cryptocurr­encies may not easily gain acceptance as a medium of exchange and may remain a speculativ­e asset in the near to medium term in future. A few central banks are designing their own digital currencies, which are naturally expected to gain traction and acceptance as a medium of payment. As Central Bank Digital Currencies gain traction, central banks are expected to come out with regulation­s for cross border transactio­ns as well as domestic holdings in digital currencies providing the platform for banks to build their risk management systems.

Given the high-risk nature of cryptocurr­ency as an asset class, banks may tread very cautiously in assuming exposures. Cryptocurr­encies are susceptibl­e to technology and cybersecur­ity related risks, given that blockchain technology is their operating platform. We have already identified blockchain as a fast-emerging technology with wider scope for applicatio­n in the domain of banking and finance and put in place security standards for its use in line with the prevailing best practices.

Bank will tread with caution as far as assuming exposure to cryptocurr­encies are concerned and tighten the risk management framework on use of blockchain technology to address technologi­cal and other associated risks. Vulnerabil­ities of blockchain to technologi­cal and operationa­l failures will be addressed by building robust governance framework and business continuity measures, inter alia, including appropriat­e incident response and recovery time.

Though the distribute­d database and the cryptograp­hically sealed ledger reasonably mitigate corruption of data, the value stored in customer wallet is susceptibl­e to theft. Confidenti­ality of data stored is also exposed to risk, as transactio­ns appended to the ledger can be accessed by all the participan­ts. Even in a permission­ed network where data could be stored in a hashed format, metadata available to the participan­ts can be monitored to get informatio­n on the type of activity and the volume associated with the activity.

A robust technologi­cal framework needs to be evolved to mitigate the risks involved. Creating technologi­cal as well as cybersecur­ity awareness associated with the underlying technology among the staff and customers would be one of the challenges that needs to be addressed from a risk management perspectiv­e. Appropriat­e monitoring mechanisms and exposure limits will have to be put in place to manage the risks. Legal and regulatory risks around smart contracts involving blockchain technology also will have to be carefully evaluated

and mitigated.

More clarity needs to emerge on regulatory and legal framework around enforceabi­lity and governance of smart contracts within a network, inter alia, covering interactio­ns between such contracts as well as with the external legal and regulatory framework. The developmen­ts in the domain of cryptocurr­encies and blockchain technology will be keenly watched going forward and appropriat­e stand will be taken at the right time, duly upholding business prudence.

K R MOHANACHAN­DRAN, Chief Risk Officer at ESAF Small Finance Bank

The BCBS’ March 2019 statement on cryptoasse­ts articulate­s its minimum expectatio­ns for banks’ exposures to crypto-assets and related services. These expectatio­ns apply to jurisdicti­ons that do not prohibit such exposures and services, and may be further augmented by additional country-specific requiremen­ts. In December 2019, the committee said in a statement that the immature nature of the asset class meant there were still significan­t challenges for regulators to deal with.

Due to the volatility of cryptocurr­encies, banks will have to impose restrictio­ns and stringent margins where the bank accepts cryptocurr­ency as value rather than as a medium of exchange. A secondary concern would be increased scrutiny of transactio­ns in cryptocurr­encies from AML/CFT perspectiv­e given the fact that cryptocurr­encies are the preferred medium of payments on the dark web.

PRITHVI CHANDRASEK­HAR, President Risk & Analytics at InCred

We don’t deal with cryptocurr­encies right now. We look forward to the technology and regulatory environmen­t for crypto becoming more stable, so we can weave these emerging technologi­es into our business model.

RAKESH BANSAL, Chief Risk Officer at Hero Housing Finance

I will avoid cryptocurr­ency players as lot of money laundering and terrorist funding exists through digital currencies. We have defined this as negative segment in our credit policy.

ROOPAM ASTHANA,

CEO & WTD, Liberty General Insurance

Cryptos are still unregulate­d and there is no framework to govern. It will not become a legitimate investment horizon, till it is approved by the regulator (RBI). Further, insurance regulator (IRDAI) and Insurance

Council will have to take further cognisance. At present, it is only speculativ­e and highly volatile.

SADAF SAYEED, CEO at Muthoot Microfin

There will be huge risk arising from the use of cryptocurr­encies. These may be in the form of wallet vulnerabil­ity, double spending, risk of rogue miners, volatility and liquidity risk and reputation­al risk for the organizati­on. There will be requiremen­t of the multi-fold risk management strategy. This will be in the form of automated monitoring as well as tracking of incidence as well as alerts.

SUJAY DAS, Chief Risk Officer at MoneyTap

It is difficult to c o mment a b o u t cryptocurr­encies at this point. It has to be seen how the central bank rules and regulation­s come in for cryptocurr­encies and their acceptance. Then risk management strategies and frameworks can be built around that.

SUNDER NATARAJAN, Chief Compliance & Risk Officer at IndiaFirst Life Insurance

Avoid is the mantra for now. This is a domain where we have limited expertise and we would not want to venture into it unless it stabilizes and we have stronger legislatio­n and controls.

VENKATA JAYARAMAN M., Chief Risk Officer at Fincare Small Finance Bank

On the radar are NIST 800-53, ISO 27001, RBI cybersecur­ity frameworks and any other relevant advisories received from regulatory bodies, industry associatio­ns or best practices.

SUMMARY

No one wants to touch the crypto currency business until the regulator or the government lays a roadmap. The risk officers prefer to apply their mind only when they get this clarity. What this also implies is that none of the financial organizati­ons (or perhaps a very small number) are really interested in making an early move to grab the opportunit­y.