Skip to main content

OSFI Releases Advisory on Cryptoasset Exposures

Reading Time 5 minute read


Financial Services Bulletin


The Office of the Superintendent of Financial Institutions (OSFI) has released an Advisory setting out new rules for deposit taking institutions (DTIs) and insurers when dealing with cryptoasset exposures. The Advisory applies to all federally regulated financial institutions (FRFIs) and will become effective Q2 2023. These rules reflect OSFI’s interim approach and will be updated as needed, including to reflect the government’s legislative review of the digitalization of money, ongoing work by the Basel Committee on Banking Supervision, and developments in the cryptoasset market.

What Are Cryptoasset Exposures?

Cryptoassets are digital assets that depend primarily on cryptography (secure communication mediums, often using encryption and algorithms) and distributed ledgers (a database that is synchronized and accessible across different sites and geographies by multiple participants) or similar technology.

Cryptoasset exposures involve either (a) direct exposure to cryptoassets; or (b) indirect exposure whose value or risk is determined by the value of one or more cryptoasset using a variety of instruments referencing cryptoassets (e.g., mutual funds and exchange-traded funds (ETFs)).

Categorization of Cryptoassets

The Advisory categorizes cryptoassets into two groups:

Group 1 cryptoassets must meet all of the following criteria:

  1. They are digital representations of traditional assets.
  2. A legal opinion has been obtained that confirms that all rights, obligations and interests are clearly defined, legally enforceable, and are consistent with comparable traditional assets.
  3. A legal opinion has been obtained confirming settlement finality of the cryptoasset.
  4. All significant risks are accounted for using robust risk governance and control policies by entities performing the transfer, settlement or redeemability functions of the cryptoasset.
  5. All entities that execute redemptions, transfers, storage or settlement finality, or manage or invest reserve assets, are regulated and supervised, or subject to appropriate risk management standards. In the case of stablecoins, the issuer must be prudentially regulated and subject to capital and liquidity requirements that are comparable to those of OSFI. 

Group 2 consists of cryptoassets that fail to meet any of the Group 1 criteria.

Treatment of DTI Cryptoasset Exposures

Credit Risk: Group 1 cryptoasset exposures should receive credit risk capital treatment consistent with that of comparable traditional assets. Group 2 cryptoasset exposures in the banking book should be deducted from Common Equity Tier 1 (CET1) capital. Short positions in cryptoasset exposures are not permitted in the banking book, consistent with the treatment of other short positions. As well, no collateral value may be ascribed to Group 2 cryptoassets.

Counterparty Credit Risk: All derivatives are treated as Group 2 cryptoassets unless written agreement is provided by OFSI, after which the now Group 1 cryptoassets can be subject to the same rules as non-tokenised traditional assets to determine counterparty credit risk exposures.

Derivatives referencing Group 2 cryptoassets should be placed into their own netting set.

The Advisory addresses the calculation of the potential future exposure (PFE) for derivatives referencing indirect cryptoasset exposures as well as for derivatives directly references Group 2 cryptoassets.

Leverage Requirements: Cryptoasset exposures are treated consistent with other leverage exposures, where the exposure measure for the leverage ratio generally follows gross accounting values, with separate treatments defined in the Leverage Requirements Guideline for derivatives, securities financing transactions, and other off-balance sheet items.

Market Risk: Institutions should treat cryptoasset exposures as banking book exposures until they are approved by OSFI to apply the market risk framework and have notified OSFI about how cryptoasset exposures will be treated within the framework.

Diversification benefits should only be considered between instruments referencing the same cryptoasset. Open unhedged exposures which are outside of any hedging relationship with offsetting transactions should receive a 100% capital charge under the market risk framework. Basis risk that results from different forms of the same cryptoasset being referenced in a hedging relationship should be captured, tracked, and capitalized by institutions.

Liquidity Treatment of Cryptoasset Exposures (LAR Guideline): If Group 1 cryptoassets are i) tokenized versions of traditional assets that would qualify as High Quality Liquid Assets (HQLA) or Eligible Unencumbered Liquid Assets (EULA)  and ii) the tokenized asset itself meets the HQLA/EULA eligibility criteria then it may qualify for liquidity treatment that is equivalent to their non-tokenized asset as set out in the LAR Guidelines. All other funding from the issuance of cryptoassets should not contribute any stable funding credit in the net stable funding ratio (NSFR) and, under the liquidity coverage ratio (LCR) and net cumulative cash flow (NCCF), should be subject to 100% run-off factors.

Funding received from Group 1 cryptoassets can qualify for liquidity treatment equivalent to its non-tokenized liability. Group 1 cryptoassets are not permitted to be recognized as a stable retail deposit. Funding received from cryptoasset issuers, or any other exposures associated with the reserve assets of a stablecoin, should be treated as an exposure to a financial institution.

Treatment of Insurer Cryptoasset Exposures

Group 1 cryptoasset exposures should receive a capital treatment consistent with that of comparable traditional assets, including credit, market and/or other risks.

Group 2 cryptoasset exposures, including the absolute value of short positions, the full notional amount of long option positions and the full notional amount of long forward contracts, should be deducted from capital available (for property and casualty and mortgage insurers) and Tier 1 capital (for life insurers).

Collateral used to reduce capital requirements cannot include Group 2 cryptoasset exposures (e.g., collateral for unregistered reinsurance).

Group 2 Cryptoasset Exposure Limits

Group 2 cryptoasset exposures are subject to two limits expressed as a percentage of Tier 1 capital (for DTIs and life insurers) or as a percentage of capital available (for property and casualty and mortgage insurers). OSFI should be notified in writing by FRFIs if:

  1. All Group 2 exposures total gross positions exceed 1% of the above capital amount, or
  2. All Group 2 exposures total net short positions exceed 0.1% of the above capital amount.

Contact the Authors

For more information or to discuss a particular matter please contact us.

Contact the Authors



    Receive email updates from our team