Search
Choose a style
Dark
Light
Time to read: 5 min

Why are EU regulators being asked to rethink crypto rules?

The Bank for International Settlements ( BIS ) building in Basel, has been asked to revise cryptoasset rules for banks
Image: Shutterstock

GFMA urges Basel to make cryptoasset rules tech neutral, recognise hedging and regulated stablecoins, and adopt principles-based finality to scale tokenisation.

The Global Financial Markets Association (GFMA) has written to the Basel Committee on Banking Supervision (BCBS) at the Bank for International Settlements (BIS) urging changes to the prudential standard for banks’ cryptoasset exposures. 

In the letter published August 19, the association argues the current approach (the SC60 framework) will fragment markets and constrain tokenisation unless the BCBS revises how banks classify, hedge and capitalise digital-asset exposures.

The association frames the problem as a departure from “same activity, same risk, same regulatory outcome,” urging Basel to focus on risk controls and legal enforceability rather than whether a network is private, public-permissioned or public-permissionless.

Alongside the letter, the GFMA has published a lengthy report which maps the implications of distributed ledger technology across capital markets and sets near-term actions for regulators and firms. 

The report stresses technology-neutral supervision and shows how controls such as programmable compliance, decentralised identity and zero-knowledge proofs can mitigate risks on different network types when applied at the right layer. 

Payment Expert has broken down what all this means, and analysed the report recommendations.


What GFMA wants Basel to change

1) Fix the binary treatment of ledger tech. 

The GFMA argues high-quality tokenised assets issued on public chains are unlikely to meet Group 1 tests today and therefore drop into Group 2b’s 1,250% risk weight, even when the underlying instrument is a conventional government bond. It also asks supervisors to scrap the “infrastructure risk add-on” for Group 1 assets, calling it redundant with existing operational and third-party risk frameworks.

2) Make settlement finality principles-based. 

The letter proposes revising “classification condition 2,” replacing prescriptive ledger-level finality with a documented, legally assessed settlement process. Banks should be able to demonstrate finality via contracts, exchange rules or technical conventions that stand up under applicable law, reflecting the way legal frameworks are evolving in key markets.

3) Rework the Group 2 exposure limit and recognise hedging. 

GFMA says today’s gross exposure cap is unlike other Basel limits, fails to allow netting, and creates punitive cliff effects at 1% and 2% that could force disorderly position unwinds and deter regulated participation. It calls for netting and hedging recognition consistent with broader market-risk standards.

4) Differentiate and recognise regulated stablecoins.

 The letter urges Basel to distinguish regulated stablecoins from unregulated tokens and to permit eligible, regulated stablecoins to count as financial collateral with conservative haircuts, given their redeemability and reserve backing under applicable regimes. 

How to make tokenisation work in practice

GFMA’s analysis paper sits alongside the letter as a proposed roadmap for getting tokenisation out of pilots and into production. It starts with the legal plumbing. The authors argue that consistent rules on what a tokenised instrument is, when settlement is legally final, and how smart-contract terms are enforced are the preconditions for scale. 

They call for jurisdiction-by-jurisdiction legal mapping, standard documentation for tokenised bonds, funds and structured products, and a baseline set of principles to guide courts and supervisors across borders.

From there, it moves to the market’s wiring. Without interoperability, liquidity splinters. The paper urges common data models and contract interfaces so platforms can talk to each other and to today’s market infrastructure. It points to concrete standards – ISO 20022 for messaging, ERC-3643 and ERC-1400 for on-chain lifecycle controls, and the Common Domain Model to align trade events across chains – and recommends regulated bridges with clear governance so value can move safely between networks. 

Risk management is treated as an outcomes problem, not an architecture problem. The report sets out how the same supervisory objectives can be met on private, public-permissioned and public-permissionless rails when controls are applied at the right layer. 

Programmable compliance, decentralised identity and zero-knowledge proofs are cited as practical mitigants that let institutions meet KYC, market integrity and privacy obligations on open networks, while permissioned systems lean on contractual rulebooks and deterministic finality. In short, both models can work if safeguards are engineered thoughtfully.

Crucially, the paper links securities lifecycles to digital money. To unlock atomic delivery-versus-payment and intraday use cases, tokenised assets need reliable cash legs. The authors sketch a path that combines tokenised deposits and regulated stablecoins so settlement can complete on-chain with proper controls. 

The association cites recent institutional deployments, such as regulated euro stablecoins used to settle digital bonds and tokenised fund workflows that already lean on stablecoins for fast cash movements.

Why does any of this matter?

Taken together, the letter and the report ask supervisors to align prudential outcomes with real risk management rather than architectural labels

This means calibrating SCO60 so banks can support tokenisation and on-chain settlement safely, while industry and policymakers push through legal clarity and interoperability standards to prevent liquidity from splintering across walled gardens.

What to watch: whether Basel revisits classification condition 2 and the Group 2 exposure framework; how quickly jurisdictions codify settlement finality for DLT systems; and if interoperable standards like the Common Domain Model, ERC-3643 and ERC-1400 gain regulatory backing to stitch together platforms at scale. 

Subscribe to our newsletter