20 November 2023

UK regulator addresses deposit-takers on innovations in deposits, e-money and stablecoins

On 6 November 2023, the Prudential Regulation Authority (PRA) published a Dear CEO Letter addressed to deposit-taking entities (e.g. banks) in relation to innovations in deposits, e-money and stablecoins. The Dear CEO Letter sets out how the PRA expects deposit-takers to address the risks that arise from issuing multiple forms of digital money, while welcoming the benefits that could come from innovation in this area. The PRA also discusses its broader expectations regarding the use of digital money for retail or wholesale innovations, in areas such as operational resilience, anti-money laundering, counter-terrorist financing, and liquidity and funding risks.

   

Background and summary

Currently, deposits form the vast majority of the digital money held and used by people and businesses in the UK – and in recent years, deposit-takers have been experimenting with the use of new technology in accepting deposits, such as the ‘tokenisation’ of deposits (e.g. deposit claims represented on programmable ledgers that enable novel techniques such as atomic settlement and smart contracts). Other non-deposit forms of digital money or money-like instruments have also become increasingly available, such as e-money and fiat-backed stablecoins. (See also our recent article on HM Treasury’s update on 30 October 2023 in relation to the regulation of fiat-backed stablecoin.)

Each form of digital money and money-like instrument is a distinct product, and the protections for retail holders of e-money and stablecoins differ from the protections offered to retail depositors. For example, deposit protection by the FSCS applies to eligible deposits, but not to e-money; and issuers of stablecoins used in systemic payment systems regulated by the Bank of England (BoE) will be subject to the modified Financial Market Infrastructure Special Administration Regime, but it will not offer the same range of tools to facilitate continuity of service in the way that resolution regimes offer for large deposit-takers. However, retail customers may not be aware of such differences in protections for different types of products.

In a ‘Dear CEO Letter’ published on 6 November 2023 addressed to deposit-taking entities (e.g. banks) in relation to innovations in deposits, e-money and stablecoins (the Letter), the Prudential Regulatory Authority (PRA) highlights the risks of ‘contagion’ that may arise in relation to the availability in parallel of deposits, e-money and regulated stablecoins (e.g. following any event that prompts retail customers’ loss of confidence in e-money or regulated stablecoins, retail customers may also lose confidence in deposits).

In particular, the Letter sets out:

  1. how the PRA expects deposit-takers to address the risks that arise from issuing multiple forms of digital money, such as by using separate non-deposit taking entities to issue e-money and stablecoins;
  2. the PRA’s broader expectations regarding the use of digital money for retail or wholesale innovations, in areas such as operational resilience, anti-money laundering, counter-terrorist financing, and liquidity and funding risks; and
  3. the expectation that deposit-takers should be considering the risks of such new innovations at a senior level within their organisations.

This article discusses the above in further detail.

The Letter is part of a joint publication package with the Financial Conduct Authority’s (FCA) Discussion Paper on regulating fiat-backed stablecoins, the Bank of England’s (BoE) Discussion Paper on systemic payment systems using stablecoins and related services providers, and a joint ‘Roadmap paper’ by the FCA, BoE and the PRA which aims to explain how the proposed regimes interact. For an overview of these publications, see our article. For more on the BoE's Discussion Paper, see our article.

PRA expectations

The Letter sets out a number of measures which the PRA expects deposit-takers to undertake, including:

  • Use of separate entities: Where deposit-takers or their groups also intend to issue e-money or regulated stablecoins to retail customers, the issuance of e-money or stablecoins should be done from separate, non-deposit-taking and insolvency-remote entities. The separate entities should have distinct branding to the deposit-taker, and the failure of the separate entities should not result in adverse impacts on the rest of the deposit-taking group and the continuity of its deposit-taking services.
  • Transitioning to deposits: Where a firm does not have deposit-taking permission and has previously issued e-money or regulated stablecoins to retail consumers, and now seeks a deposit-taking permission, the firm is expected to transition its UK customers to deposits at the new deposit-taking entity as soon as practicable.
  • Depositor protection: Deposit-takers considering innovations that involve taking deposits (e.g. by taking ‘tokenised’ deposits) should do so in a way that meets the PRA’s rules for eligibility for depositor protection under the FSCS, and should ensure that they meet the ‘single customer view’ and ‘exclusions view’ requirements in accordance with the Depositor Protection Part of the PRA Rulebook.
  • International deposit-takers: International deposit-takers with (or seeking to open) UK branches should also take into consideration the PRA’s expectations for international deposit-takers that engage in retail activities (e.g. in the PRA’s supervisory statement on international banks). However, the PRA expects international deposit-takers operating in the UK to follow the same approach as domestic deposit-takers for their UK operations.

The Letter also describes the PRA’s broader expectations regarding the use of digital money for retail or wholesale innovations:

  • AML/CTF: In relation to anti-money laundering and counter-terrorist financing risks, the PRA reminds deposit-takers of its obligations under (1) the PRA’s General Organisational Requirements to have effective processes for identifying, managing, monitoring and reporting ML/TF risks, (2) the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, and (3) the FCA’s SYSC provisions.
  • Risk controls: The PRA reminds deposit-takers of their responsibilities under its Fundamental Rules 3, 5 and 7 to: (i) act in a prudent manner; (ii) have effective risk strategies and risk management systems; and (iii) deal with regulators in an open and co-operative way.

    The PRA recognises that deposit-takers will need to adjust methodologies and calibrations for identifying and addressing relevant risks where novel digital money products are offered. For example, in relation to liquidity and funding risk, digital money may expose deposit-takers to a higher liquidity risk compared to traditional retail liabilities. In relation to operational risk and resilience, deposit-takers may need to rely on new and potentially untested payment rails with operational uncertainties.

    The Letter further highlights the emerging class of third-party wallet and deposit aggregation products, in part enabled by open banking – for example, deposit aggregators which sit between savings account providers and retail customers, holding deposit accounts on trust for customers who therefore do not become the firm’s direct customers (in contrast with establishing a direct-depositor relationship). The PRA cautions that deposit-takers should prudently manage the risks arising from using services provided by external parties through outsourcing and other third party arrangements.
  • Senior managers’ responsibilities: Novel challenges posed by innovations in digital money or money-like instruments should be considered and understood by boards and senior managers. Additionally, an individual approved by the PRA to perform an appropriate Senior Management Function should be actively involved in reviewing and signing off on the risk assessment framework for any planned use of new technology in the provision of important business services and critical functions.

Next steps

The PRA emphasises that deposit-takers should keep their supervisor(s) updated on any material developments in use of digital money or money-like instruments, in accordance with the expectations set out in the Letter. For example, the Letter notes that deposit-takers which have already issued e-money to retail customers from a deposit-taking entity (rather than a separate, insolvency-remote entity) should engage with the PRA on how they intend to restructure their activities as soon as practicable.

Additionally, this package of publications from the FCA, the BoE and the PRA in relation to digital money or money-like instruments should be considered in conjunction with HM Treasury’s recent publication of a set of policy documents on 30 October 2023, which aim to clarify the intended legislative approach to the financial services regulatory regime in relation to cryptoassets – take a look at our articles on the government’s plans on regulating fiat-backed stablecoins and managing the failure of systemic digital settlement asset firms, as well as regulating activities relating to cryptoassets beyond fiat-backed stablecoins

   

Authored by John Salmon, Christina Wu, and Virginia Montgomery.