Authors

Daniel Hirschfield

Senior Counsel – Knowledge

London

Mila Pencheva

Senior Counsel

London

Authors

Daniel Hirschfield

Senior Counsel – Knowledge

London

Mila Pencheva

Senior Counsel

London

5 June 2023

June 2023 – 4 of 6 Insights

IOSCO consults on a global blueprint for crypto regulation

Briefing

On 23 May 2023, the International Organization of Securities Commissions (IOSCO), the global standard setter for securities markets, published a consultation paper on its detailed proposals for the global regulation of crypto and digital assets (Consultation Paper). Its proposed framework aims to achieve outcomes for investor protection and market integrity that are the same or analogous to the outcomes required in traditional financial markets. This will, in turn, help to achieve a level-playing field between cryptoassets and traditional financial markets thereby reducing the risk of regulatory arbitrage.

Introduction

IOSCO has been exploring issues arising out of cryptoassets markets for some time – back in 2019, for example, it launched a discussion paper on initial coin offerings and cryptoassets exchanges. The need for developing a worldwide approach to the regulation of cryptoassets has been accentuated by the exponential increase in retail exposure to cryptoassets, which have seen ever growing retail investor losses caused by financial crime, fraud, money laundering, other illegal market practices and, of course, market events such as "shock events" including Terra/Luna, Celsius, Voyager, Three Arrows Capital, and FTX.

The Consultation Paper sets out 18 "principles-based and outcomes-focused" recommendations, which have been developed under the supervision of IOSCO Board's Fintech Task Force following IOSCO's cryptoasset roadmap, which was published in June 2022. The proposed recommendations cover:

conflicts of interest arising from vertical integration of activities and functions
market manipulation, insider trading and fraud
cross-border risks and regulatory cooperation
custody and client asset protection
operational and technological risk
retail access, suitability, and distribution.

The recommendations are grouped into nine categories and are targeted at the activities carried out by cryptoasset service providers (CASPs). While the recommendations apply to all types of cryptoassets, additional commentary is provided to explain how the recommendations capture the features and risks of stablecoins. The Consultation Paper contains a series of questions relating to the recommendations, with one question dedicated to stablecoins.

At a glance

We have picked out the headline points from each of the 18 recommendations.

Overarching recommendation addressed to all regulators

Recommendation 1: Common standards of regulatory outcomes

Regulators are called on to use their existing regulatory framework or to develop new frameworks to regulate and oversee cryptoassets trading, other cryptoassets services and the issuing, marketing and selling of cryptoassets in line with IOSCO's objectives and principles of securities regulation and relevant supporting materials, seeking to achieve regulatory outcomes for investor protection and market integrity that are the same or aligned to those that are required in traditional financial markets.

Recommendations on governance and disclosure of conflicts

Recommendation 2: Organisational governance

Regulators should require CASPs to have effective governance and organisational arrangements including systems, policies and procedures to address conflicts of interests, including those arising from different activities undertaken, and services provided by a CASP or its affiliated entities. Regulators should consider having the tools to require legal disaggregation and separate registration and regulation of certain activities and functions if conflicts cannot be effectively mitigated.

Recommendation 3: Disclosure of role, capacity and trading conflicts

Regulators should require a CASP to disclose each role and capacity in which it acts.

Recommendations on order handling and trade disclosures (trading intermediaries vs market operators)

Recommendation 4: Client order handling

Regulators should require CASPs, when acting as an agent, to handle all client orders fairly and equitably and should have in place systems, policies and procedures to ensure the fair and expeditious execution of client orders and restrictions on front running client orders. Clients and prospective clients should receive details of systems, policies and procedures as relevant.

Recommendation 5: Market operation requirements

Regulators should require a CASP that operates a market or acts as an intermediary to provide pre- and post-trade disclosures.

Recommendations in relation to listing of cryptoassets and certain primary market activities

Recommendation 6: Admission to trading

Regulators should require CASPs to establish, maintain and appropriately disclose to the public their standards for listing and admitting cryptoassets to trading on their markets (and their standards for removing cryptoassets from trading).

Recommendation 7: Management of primary markets conflicts

Regulators should require a CASP to manage and mitigate conflicts of interest relating to the issuance, trading and listing of cryptoassets.

Recommendations to address abusive behaviours

Recommendation 8: Fraud and market abuse

Regulators should take enforcement action against offences involving fraud and market abuse in cryptoasset markets.

Recommendation 9: Market surveillance

Regulators should apply market surveillance requirements to each CASP to mitigate market abuse risks.

Recommendation 10: Management of material non-public information

Regulators should require a CASP to have systems, policies and procedures in place regarding the management of material non-public information.

Recommendation on cross-border cooperation

Recommendation 11: Enhanced regulatory cooperation

In recognition of the cross-border nature of cryptoassets issuance, trading and other activities, regulators should be able to share information and cooperate with regulators and relevant authorities in other jurisdiction in relation to such activities.

Recommendations on custody of client monies and assets

Recommendation 12: Overarching custody recommendation

Regulators should apply IOSCO's recommendations regarding the protection of client assets when considering the application of existing or new frameworks to CASPs that undertake custody activities.

Recommendation 13: Segregation and handling of client monies and assets

Regulators should require a CASP to place client assets in trust, or to otherwise segregate them from the CASP's proprietary assets.

Recommendation 14: Disclosure of custody and safekeeping arrangements

Regulators should require a CASP to disclose to a client how client assets are held and arrangements for safeguarding assets and/or private keys, the use of other custodians, the use of aggregation or pooling and risks attached, the CASP's obligations and responsibilities relating to the use of client assets as well as private keys and terms for their restitution and the risks involved.

Recommendation 15: Client asset reconciliation and independent assurance

Regulators should require a CASP to have systems, policies and procedures to undertake regular and frequent reconciliations of client assets subject to appropriate independent assurance.

Recommendation 16: Securing client money and assets

Regulators should require a CASP to adopt appropriate systems, policies and procedures to mitigate the risk of loss, theft or inaccessibility of client assets.

Recommendation to address operational and technological risks

Recommendation 17: Management and disclosure of operational and technological risks

Regulators should require a CASP to comply with operational and technology risk and resilience requirements in accordance with IOSCO's recommendations and standards. CASPs should be required to disclose all material sources of operational and technological risks and have appropriate risk management frameworks to manage and mitigate such risks.

Recommendation for retail distribution

Recommendation 18: Retail client appropriateness and disclosure

Regulators should require a CASP to operate in way that is consistent with IOSCO's standards when interacting and dealing with retail clients. CASPs should be required to implement adequate systems, policies and procedures and disclosure in relation to onboarding new clients and as part of their ongoing business with existing clients. This should include an assessment of the appropriateness and/or suitability of particular cryptoasset products and services offered to each retail client.

Next steps

Responses to the Consultation Paper must be submitted by 31 July 2023. IOSCO aims to finalise its policy recommendations relating to crypto and digital assets in early Q4 2023. It is also engaged with the work of the Financial Stability Board (FSB). In October 2022, the FSB published two consultation papers on the supervision and oversight of cryptoassets activities and markets from a financial stability perspective and is aiming to finalise its recommendations by July 2023.

IOSCO also notes that later this summer it intends to publish a separate consultation paper with proposed recommendations on regulating decentralised finance.

Services and Groups Financial services regulatory