Cryptoassets Standard: SPM Modules, Code of Practice, Disclosure Templates and Tables, and Banking Returns Annex 2(d): SPM: CR-G-8 Large Exposures and Risk Concentrations

Regulatory Framework for Large Exposures and Risk Concentrations

On 27 Nov 2025, the Hong Kong Monetary Authority (HKMA) issued the Supervisory Policy Manual (SPM) CR-G-8, Version 5, which replaces previous guidelines (V.1-V.4) and establishes updated requirements for controlling large exposures and risk concentrations for Authorized Institutions (Als) in Hong Kong. The document codifies statutory limits under the Banking (Exposure Limits) Rules (BELR), including a 25% limit on exposures to any single counterparty or linked counterparty group (LC group), with a reduced 15% limit for global systemically important banks (G-SIBs). It also clarifies exemptions for sovereign exposures (exempt from limits but subject to additional capital requirements beyond 100% Tier 1 capital) and intragroup exposures, while mandating internal limits for risk concentration management.

Risk Mitigation and Exposure Valuation

The SPM details the treatment of credit risk transfer (CRT) for exposures, distinguishing between Category A (internationally active/systemically important) and Category B institutions. Category A institutions must apply comprehensive CRT frameworks, while Category B institutions may opt for simplified treatment under strict criteria. For cryptoasset-related exposures, Division 5A of Part 7 mandates specific valuation methodologies, requiring Als to identify counterparties and apply rules based on cryptoasset classification (Group 1a/1b/2a/2b) and booking location (banking vs. trading book). The document also specifies that recognized collateral for CRT must be valued using the simple approach (reducing exposure by collateral value) rather than risk-weight substitution, with constraints on maturity matching.

Grouping Requirements and Exemptions

The SPM provides detailed guidance on forming LC groups, requiring Als to link counterparties via control (per Rule 41) or economic dependence (per Code Paragraph 6(4)). Key clarifications include: (i) the 5% Tier 1 capital threshold for excluding entities from LC groups; (ii) de-grouping of entities controlled by exempted sovereign entities (e.g., China Investment Corporation) under Rule 41(5); and (iii) exclusion of intraday exposures to banks (Rule 48(1)(k)). Exemptions from statutory limits include sovereign exposures (Rule 48(1)(c)), intragroup exposures (Rule 48(1)(a)), and certain collateralized exposures (Rule 48(1)(d)), though the latter requires HKMA approval for new letters of comfort.

New Prudential Clustering Limit

The SPM introduces a mandatory clustering limit for Als incorporated in Hong Kong, requiring internal limits on aggregate non-exempt large exposures (≥10% of Tier 1 capital) excluding exposures to banks. The benchmark is set at 200% of Tier 1 capital, with the HKMA assessing reasonableness based on capital adequacy, business model, and risk management capabilities. Als must approve this limit at the Board level, monitor compliance via automated systems, and report it to the HKMA. The limit excludes exposures covered by MA-approved letters of comfort (Rule 57(1)(d)).

Oversight, Breach Consequences, and Reporting

Board-level oversight is mandated for large exposure controls, including policy approval, limit setting, and regular reporting. Als must maintain independent audits and compliance functions to verify adherence to internal policies and BELR. Breaches of statutory or prudential limits require immediate HKMA notification (Rule 7(1)), remedial action plans, and potential consequences including increased capital requirements, business restrictions, or authorization revocation. Regulatory reporting via the Return of Large Exposures (MA(BS)28) and Certificate of Compliance (MA(BS)1F) is reinforced, with enhanced data aggregation requirements for timely stress-testing and ad hoc reporting.