The recommendations are addressed to financial regulatory, supervisory and oversight authorities at a jurisdictional level. They set out the key objectives that an effective regulatory and supervisory framework should achieve but are high-level and flexible so that they can be incorporated into a wide variety of regulatory frameworks. The recommendations establish a global regulatory baseline and some jurisdictions may also decide to take more restrictive regulatory measures. Their aim is to promote a regulatory, supervisory and oversight framework that is technology-neutral and focuses on underlying activities and risks.

These final recommendations take into account feedback from the public consultation and stakeholder outreach. In light of the events that took place in crypto-asset markets in 2022 and early 2023 and the potential threat to the wider financial system, the recommendations also reflect enhancements of key areas.

In line with the mandate of the FSB, the recommendations focus on regulatory, supervisory and oversight issues relating to crypto-assets to help foster safe innovation. The recommendations therefore do not comprehensively address all specific risk categories related to crypto-asset activities, such as: Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT); data privacy; cyber security; consumer and investor protection; market integrity; competition policy; taxation; monetary policy; monetary sovereignty; and other macroeconomic concerns.

The FSB has been working closely with the International Monetary Fund, World Bank, the Organization for Economic Cooperation and Development (OECD), the Basel Committee on Banking Supervision, the Bank for International Settlements’ Committee on Payments and Market Infrastructures, the International Organization of Securities Commissions (IOSCO), and the Financial Action Task force to ensure that the work underway regarding the monitoring and regulation of crypto-asset activities and markets is coordinated and mutually supportive.

Final recommendations

Recommendation 1: Regulatory powers and tools
Authorities should have and utilise the appropriate powers and tools, and adequate resources to regulate, supervise, and oversee crypto-asset activities and markets, and enforce relevant laws and regulations effectively, as appropriate.

Recommendation 2: General regulatory framework
Authorities should apply comprehensive and effective regulation, supervision, and oversight to crypto-asset activities and markets – including crypto-asset issuers and service providers – on a functional basis and proportionate to the financial stability risk they pose, or potentially pose, and consistent with authorities’ respective mandates in line with the principle “same activity, same risk, same regulation”.

Recommendation 3: Cross-border cooperation, coordination and information sharing
Authorities should cooperate and coordinate with each other, both domestically and internationally, to foster efficient and effective communication, information sharing and consultation in order to support each other as appropriate in fulfilling their respective mandates and to encourage consistency of regulatory and supervisory outcomes.

Recommendation 4: Governance
Authorities, as appropriate, should require that crypto-asset issuers and service providers have in place and disclose a comprehensive governance framework with clear and direct lines of responsibility and accountability for all functions and activities they are conducting. The governance framework should be proportionate to their risk, size, complexity and systemic importance, and to the financial stability risk that may be posed by activity or market in which the crypto-asset issuers and service providers are participating. It should provide for clear and direct lines of responsibility and accountability for the functions and activities they are conducting.

Recommendation 5: Risk management
Authorities, as appropriate, should require crypto-asset service providers to have an effective risk management framework in place that comprehensively addresses all material risks associated with their activities. The framework should be proportionate to the risk, size, complexity, and systemic importance, and to the financial stability risk that may be posed by the activity or market in which they are participating. Authorities should, to the extent necessary to achieve regulatory outcomes comparable to those in traditional finance, require crypto-asset issuers to address the financial stability risk that may be posed by the activity or market in which they are participating.

Recommendation 6: Data collection, recording and reporting
Authorities, as appropriate, should require that crypto-asset issuers and service providers have in place robust frameworks, including systems and processes, for collecting, storing, safeguarding, and the timely and accurate reporting of data, including relevant policies, procedures and infrastructures needed, in each case proportionate to their risk, size, complexity and systemic importance. Authorities should have access to the data as necessary and appropriate to fulfil their regulatory, supervisory and oversight mandates.

Recommendation 7: Disclosures
Authorities should require that crypto-asset issuers and service providers disclose to users and relevant stakeholders comprehensive, clear and transparent information regarding their governance framework, operations, risk profiles and financial conditions, as well as the products they provide and activities they conduct.

Recommendation 8: Addressing financial stability risks arising from interconnections and interdependencies
Authorities should identify and monitor the relevant interconnections, both within the crypto-asset ecosystem, as well as between the crypto-asset ecosystem and the wider financial system. Authorities should address financial stability risks that arise from these interconnections and interdependencies.

Recommendation 9: Comprehensive regulation of crypto-asset service providers with multiple functions
Authorities should ensure that crypto-asset service providers and their affiliates that combine multiple functions and activities, where permissible, are subject to appropriate regulation, supervision and oversight that comprehensively address the risks associated with individual functions and the risks arising from the combination of functions, including but not limited to requirements regarding conflicts of interest and separation of certain functions, activities, or incorporation, as appropriate.