In a communication dated 15 June 2022 (the “Communication”), the Bank of Italy has highlighted the relevant aspects of the increasing digitalisation in the Italian financial system and the role played by crypto-assets, while providing for some guidance to intermediaries, operators and technology providers and a greater protection to investors in a developing regulatory framework.
In doing so, the Bank of Italy has been the first national supervisory authority in Europe and among the first central banks world-wide to issue supervisory guidance on crypto-assets, while waiting for the issuance of the Market in Crypto Assets Regulation (MiCAR) in the next few months (whose entry into force could now be in 2025).
Despite helping to reduce regulatory uncertainty, MiCAR will not however govern the entire crypto-asset’s ecosystem. As, non-fungible tokens (NFTs) and unhosted wallets are excluded from its objective scope, as well as programmers and DAO token holders from its subjective scope.
This explains the Bank of Italy’s initiative, which is also calling for the other EU NCAs to take similar steps so as to ensure the integrity of the EU financial ecosystem.
The underlying rationale being to draw the attention of financial institutions and investors on opportunities and risks associated with the use of technology in finance and crypto-assets.
The Communication’s main contents
DLT-based solutions differ from the traditional ones for they are designed to implement the so-called algorithmic governance, which is realised when components such as tools and infrastructures are technologically connected to a variety of operators who collaborate to each-others in different roles to ensure the proper functioning of the distributed ledger.
Such system makes it difficult to frame crypto-assets in the existing regulatory landscape and explains law-makers’ and supervisory authorities’ difficulties and delays in intervening therein.
In particular, according to the Bank of Italy, unbacked crypto-assets (i.e., crypto-assets without a stabilisation mechanism that anchor their value to a reference asset) are suitable neither for payment nor for investment purposes, and need to be handled with caution, as they can be very risky for investors.
Indeed, crypto-assets are focused upon by inter-governmental bodies and NCAs world-wide, in the attempt to understand whether and how to regulate them, as some recent legislative initiatives seem to confirm.
Therefore, in order to tackle the (financial and non-financial) risks that can undermine the stability of the financial system, the Bank of Italy provides for some guidance to financial intermediaries, operators and providers of technological solutions on crypto-assets.
Banks and financial intermediaries
Sound and prudent management must be ensured by banks and intermediaries dealing with the issuance and redemption of crypto-assets, custody and reserve management of asset-linked stablecoins, as well as with other crypto-assets related services, such as digital wallets, trading platforms, orders execution and exchange activities.
The Bank of Italy reserves the right to carry out an in-depth investigation in this sector in order to verify compliance with the proportionality principle between the activities actually carried out and the intermediaries’ operational and organisational structure.
Moreover, the Bank of Italy recommends to involve intermediaries’ corporate bodies and internal control functions so as to ensure adequate information flows and safeguards against money laundering and terrorist financing and cyber-security risks.
To this end, corporate officers must have an adequate expertise so as to understand opportunities and, above all, risks associated with the use of crypto-assets.
Adequate safeguarding measures must be adopted to protect clients when selecting third party service providers, who need to be highly competent and able to ensure compliance with the applicable supervisory rules.
Furthermore, clients should be selected having regard to their income and assets, while a suitable disclosure of risks and information related to crypto-assets must be provided to them beforehand. Likewise, the use of crypto-assets’ platforms whose security cannot be verified should be avoided altogether.
Operators and technology providers
Given the important role played by operators and technology providers (such as program developers and DLT managers), they must observe the principle of oversight of payment systems by providing information on transactions made against unhosted wallets. Likewise, crypto-assets’ trading platforms and payment services providers must have a clearly defined governance, which includes also program developers that are often difficult to locate. In addition, when management activities are outsourced to an automated entity, this results in a greater risk of undermining supervisory activities, as well as, in turn, investors’ protection.
To sum up, according to the Bank of Italy, crypto-assets are highly risky and speculative instruments, unsuitable for most investors, even as a means of payment or exchange. Therefore, the Bank of Italy recommends operators and intermediaries to extensively inform their clients on the risks associated with the use thereof.
Going forward, the Bank of Italy, in agreement with the European Central Bank and other NCAs, will continue to monitor the trends of the crypto-assets market, as well as the evolution in the use of DLT in finance, in order to assess their risks for the EU financial stability. In addition, the Bank of Italy commits itself to offer support to stakeholders in the definition of best practices for the purpose of ensuring the development of DLT-based services that are safe, efficient, inclusive and sustainable.
 Pursuant to Art. 3, paragraph. 1, no. 2 of MICAR’s proposal, “crypto-asset is a digital representation of value or rights issued, transferred and stored electronically, using distributed ledger technology or similar technology”.
 Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, amending Directive (EU) 2019/1937, Brussels 24 September 2020 COM(2020) 593 final. (https://eur-lex.europa.eu/legal- content/EN/TXT/HTML/?uri=CELEX:52020PC0593&from=IT).
 In 2020, the European Commission adopted the Digital finance package, which includes, among others, two legislative proposals, MiCAR and DORA (Digital Operational Resilience Act), which will introduce a surveillance regime on ICT service providers. Such Regulations are still in a consultation phase. Yet, MiCAR will not apply to financial instruments under MIFID, which are instead included and regulated by the DLT pilot regime Regulation no. 858/2022/EU as tokenized financial instruments. In July 2021, the European Commission also approved the Anti-money laundering package, which applies also to service providers in crypto-assets that are obliged to transmit information on executed transactions.