The Canadian Web3 Council recently responded to the Office of the Superintendent of Financial Institutions (OSFI) consultation regarding the public disclosure of crypto-asset exposures. CW3, a non-profit organization advocating for responsible Web3 policy and innovation in Canada, represents a wide range of stakeholders, from investors to financial platforms and blockchain developers. This submission focuses on the limitations of current financial disclosures, particularly under OSFI’s Pillar 3 framework, and provides recommendations for improving transparency around operational risk management, especially in the context of crypto assets. You can read our full submission here.
Key Challenges in Current Disclosures
Current financial disclosures, as mandated by Pillar 3, often fall short in addressing the real operational risks within financial institutions (FIs). These gaps can lead to a disconnect between what is disclosed on paper and the actual decisions FIs make in managing underlying risks. This disconnect has been highlighted by several recent failures in traditional financial institutions, raising concerns about the effectiveness of existing risk management disclosures.
The Canadian Web3 Council questions whether the current Pillar 3 disclosure framework will achieve its intended goals of protecting stakeholders and ensuring the public has access to meaningful financial information about federally regulated financial institutions (FRFIs) and deposit-taking institutions.
The Importance of Materiality and Disclosure for Crypto Assets
CW3 emphasizes the need for better clarity and distinction between different types of crypto assets in financial disclosures. For instance, the risks associated with tokenized deposits (which are liabilities) differ from those of fiat-backed stablecoins (FBSCs), which are fully backed by high-quality, liquid assets and are considered safer. It’s critical to ensure that the reserves backing these stablecoins are consistently equal to the amount issued and that this is disclosed to the public through “proof of reserves.”
Moreover, CW3 highlights the need for materiality assessments to extend beyond on-balance sheet items. Some crypto-related risks, such as third-party partnerships and assets under custody, are off-balance sheet but still carry significant risk. Without proper disclosure, the public may not be aware of potential financial risks, leading to a loss of trust in financial institutions and regulators.
Operational Risk and Off-Balance Sheet Risks
Operational risks—such as failures in internal controls or breakdowns in relationships with third-party service providers—can lead to significant financial harm if not properly managed and disclosed. CW3 points out that traditional FIs have faced major operational failures, including lapses in anti-money laundering (AML) controls and errors in tracking customer funds. These failures highlight the importance of transparency in disclosing operational risks and related incidents before they escalate into larger issues.
These risks are not always reflected directly on financial institutions’ balance sheets, especially in areas like digital asset custody, where custodians manage private keys to access digital assets. This differs from traditional custody and presents unique risks, such as potential cyberattacks or mismanagement of keys. Digital asset custodians can mitigate such risks by providing, for example, ongoing proof of reserve attestations together with SOC II Type II reports and information security reviews.
Lack of Clear Regulatory Oversight
The CW3 also notes the lack of a clear, unified regulatory framework for crypto assets, particularly fiat-backed stablecoins, in Canada. While securities regulators have stepped in to fill gaps, no single agency currently has a comprehensive view of the risks associated with stablecoins and other crypto products. This fragmented regulatory oversight increases the likelihood of operational and regulatory failures. CW3 recommends that the oversight of stablecoins be handled by a federal agency for more effective supervision.
Recommendations
To address these gaps, the CW3 recommends:
- Improving transparency in disclosures: By making financial institutions disclose the specific risks and differences between various crypto products, such as tokenized deposits and stablecoins, Canadians can better understand their financial exposure.
- Creating a working group: CW3 proposes the establishment of a working group with representatives from relevant regulatory bodies, the fintech sector, and the crypto industry. This group would develop a risk management framework for crypto assets and stablecoins, focusing on operational risk and third-party liability.
- Enhancing financial literacy: Public-private initiatives should be developed to help Canadians improve their digital and financial literacy. Understanding the risks and benefits of digital assets is key to ensuring that consumers make informed decisions in an increasingly complex financial landscape.
Conclusion
Our submission stresses the importance of improving the disclosure of operational risks in financial services, especially in relation to crypto assets. As Canada seeks to position itself as a leader in Web3 innovation, ensuring transparency and proper risk management in both traditional and emerging financial services is essential to maintaining public trust and fostering growth in the digital economy. By adopting a more robust and comprehensive disclosure framework, OSFI can help mitigate the risks posed by digital assets and protect the interests of Canadian consumers.