← Frameworks / Prudential Regulation

Basel Committee SCO60 — Prudential Treatment of Cryptoasset Exposures

Basel Committee standard for the prudential treatment of banks' cryptoasset exposures, effective January 2026. Covers classification of cryptoassets (Group 1a tokenised traditional assets, Group 1b stablecoins, Group 2 unbacked crypto), capital requirements, credit and market risk, operational risk including custody and key management requirements for DLT infrastructure, disclosure obligations, and exposure limits. Applies to all internationally active banks.

Clauses: 47

Avg Coverage: 37.1%

Publisher: Basel Committee on Banking Supervision (BCBS) Version: d545 (July 2024)

Basel SCO60 → SP 800-53 SP 800-53 → Basel SCO60 Coverage Analysis

Clause	Title	SP 800-53 Controls
SCO60.1	Scope — banks with cryptoasset exposures	PM-01 PM-09 PM-10 RA-01 RA-02 RA-03 PL-01 PL-02 CA-06
SCO60.2	Definitions — cryptoasset types and Group classification	PM-07 RA-02 SA-08 PL-08
SCO60.3	General provisions — governance and supervisory approval	PM-01 PM-02 PM-09 PM-10 PM-28 PL-01 PL-02 CA-01 CA-06 RA-01 RA-03 AT-01 AT-02
SCO60.4	Due diligence and risk assessment before exposure	RA-01 RA-02 RA-03 RA-05 RA-07 PM-09 SA-04 SA-09 SR-02 SR-03
SCO60.5	Pillar 2 integration — cryptoasset risks in ICAAP	PM-09 RA-01 RA-03 RA-07 PM-04 CA-02 CA-07
SCO60.10	Classification conditions — Group 1a tokenised traditional assets
SCO60.11	Classification conditions — Group 1b qualifying stablecoins	SC-12 SC-13 SC-17 AU-10 AU-11 SI-07
SCO60.12	Classification conditions — Group 2 unbacked cryptoassets
SCO60.13	Ongoing monitoring of classification conditions	CA-07 RA-03 RA-05 SI-04 AU-06 PM-09 PM-31
SCO60.14	Infrastructure assessment for classification eligibility	CA-02 RA-03 RA-05 SA-08 SA-11 CM-02 CM-08 SI-06 SI-07
SCO60.20	Group 1a capital requirements — credit risk and market risk
SCO60.21	Group 1a infrastructure risk add-on	SA-08 SA-11 RA-03 RA-05 CA-02 SC-07 SC-12 SC-13 SI-06 SI-07 CP-02 CP-09 CP-10
SCO60.22	Group 1b capital requirements — standardised approach for stablecoins
SCO60.23	Group 1b — operational risk for stabilisation mechanisms	IR-01 IR-04 IR-05 IR-06 CP-02 CP-04 CP-09 CP-10 SI-07 SC-12 SC-13 CA-07 RA-05 AU-06 AU-09
SCO60.24	Group 2a capital requirements — standard conservative treatment
SCO60.25	Group 2b capital requirements — full deduction for high-risk exposures
SCO60.26	Hedging recognition — Group 2 long/short offset rules
SCO60.27	Minimum capital floors and Pillar 1 capital ratios
SCO60.40	Credit risk treatment for cryptoasset exposures
SCO60.41	Counterparty credit risk — DeFi and settlement exposures	SA-09 SR-02 SR-03 SR-06 CA-02 RA-03 SC-07 SC-12
SCO60.42	Market risk — trading book treatment for cryptoassets
SCO60.43	CVA risk — credit valuation adjustment for cryptoasset derivatives
SCO60.44	Liquidity risk — cryptoassets in LCR and NSFR calculations
SCO60.50	Operational risk framework for cryptoasset activities	PM-01 PM-09 RA-01 RA-03 RA-07 IR-01 IR-04 IR-08 CP-01 CP-02 CA-01 CA-07 AU-01 AU-02
SCO60.51	Technology and cyber risk — DLT infrastructure	SA-08 SA-11 SA-15 SA-17 CM-01 CM-02 CM-06 CM-07 CM-08 SC-05 SC-07 SC-12 SC-13 SI-02 SI-03 SI-04 SI-07 RA-05 CA-02 CA-07
SCO60.52	Smart contract risk management	SA-03 SA-08 SA-10 SA-11 SA-15 CM-03 CM-04 CM-05 SI-06 SI-07 RA-05 CA-02
SCO60.53	Operational resilience for cryptoasset services	CP-01 CP-02 CP-03 CP-04 CP-07 CP-08 CP-09 CP-10 IR-01 IR-04 SC-05 SC-06 PE-11 PE-12 PE-14 SA-09
SCO60.54	Third-party and vendor risk for cryptoasset infrastructure	SA-09 SA-04 SR-01 SR-02 SR-03 SR-04 SR-05 SR-06 SR-07 SR-08 SR-09 SR-10 SR-11 SR-12 CA-03 RA-03 PM-09
SCO60.55	Fraud risk and market manipulation controls	AC-02 AC-05 AC-06 AU-02 AU-03 AU-06 AU-10 IR-04 IR-05 SI-04 PS-03 PS-06 PS-07 PM-12
SCO60.60	Custody governance — policies and accountability	PM-01 PM-02 PM-09 PM-10 PL-01 PL-02 PL-04 AC-01 AC-05 PS-01 PS-02 PS-06 CA-01 CA-06 AT-01 AT-02 AT-03
SCO60.61	Cryptographic key management — generation and storage	SC-12 SC-13 SC-17 IA-03 IA-05 IA-07 AC-03 AC-05 AC-06 MP-02 MP-04 MP-05 PE-02 PE-03 PE-05
SCO60.62	Key management — access controls and ceremony procedures	AC-02 AC-03 AC-05 AC-06 AC-17 IA-02 IA-04 IA-05 AU-02 AU-03 AU-09 AU-10 AU-11 PE-02 PE-03 PE-06 PE-08 PS-03 PS-06 PS-07
SCO60.63	Key management — backup, recovery, and continuity	CP-02 CP-06 CP-09 CP-10 SC-12 SC-13 MP-04 MP-05 MP-06 PE-02 PE-04 AC-05 AU-10 AU-11 IR-04
SCO60.64	Wallet security — hot, warm, and cold storage architecture	SC-02 SC-03 SC-04 SC-07 SC-12 SC-13 AC-04 AC-06 CM-06 CM-07 SA-08 PE-02 PE-03 PE-05 PE-18 SI-03 SI-04 CA-02 RA-05
SCO60.65	DLT node infrastructure security and governance	CM-01 CM-02 CM-06 CM-07 CM-08 SA-08 SA-09 SC-05 SC-07 SC-12 SI-02 SI-03 SI-04 SI-07 CA-02 CA-07 RA-05 CP-07 CP-09 PE-02 PE-11
SCO60.66	Transaction authorisation and signing controls	AC-03 AC-05 AC-06 IA-02 IA-05 IA-07 AU-02 AU-03 AU-09 AU-10 AU-11 SC-12 SC-13 SI-10 CM-05
SCO60.70	Pillar 3 disclosure — cryptoasset exposures and capital	AC-22 AC-16 SI-12 AU-10 AU-11 PM-06 SI-15 PT-05
SCO60.71	Regulatory reporting — supervisory data submissions	PM-06 AU-10 AU-11 SI-07 SI-12 AC-22 SC-08 SC-13 IA-02 CA-07
SCO60.72	Internal reporting — board and management information	PM-06 PM-09 PM-14 CA-07 SI-04 AU-06 AC-06 AC-22 SI-15
SCO60.73	Incident reporting — material operational and security events	IR-01 IR-04 IR-05 IR-06 IR-07 IR-08 AU-02 AU-03 AU-06 AU-10 AU-11 CA-07 PM-16
SCO60.74	Audit and assurance — internal audit of cryptoasset activities	CA-01 CA-02 CA-05 CA-07 PM-10 PM-14 AU-01 AU-06 AU-11 RA-03 RA-05 AT-03
SCO60.80	Aggregate exposure limit — 1% of Tier 1 capital cap
SCO60.81	Aggregate exposure limit — Group 1 exposures
SCO60.82	Supervisory reporting of exposure limit breaches	CA-05 IR-06 PM-06 AU-10 AU-11 IR-04 PM-04
SCO60.83	Large exposure rules for cryptoasset counterparties	SA-09 SR-02 SR-06 RA-03 PM-09
SCO60.84	Cross-border and jurisdictional exposure considerations	PM-15 PM-16 SA-09 SR-02 RA-03 CA-03
SCO60.85	Supervisory discretion — additional requirements and restrictions	CA-02 CA-05 CA-06 PM-09 PM-10 RA-03 RA-07