5 June 2023
June 2023 – 4 of 6 Insights
On 23 May 2023, the International Organization of Securities Commissions (IOSCO), the global standard setter for securities markets, published a consultation paper on its detailed proposals for the global regulation of crypto and digital assets (Consultation Paper). Its proposed framework aims to achieve outcomes for investor protection and market integrity that are the same or analogous to the outcomes required in traditional financial markets. This will, in turn, help to achieve a level-playing field between cryptoassets and traditional financial markets thereby reducing the risk of regulatory arbitrage.
IOSCO has been exploring issues arising out of cryptoassets markets for some time – back in 2019, for example, it launched a discussion paper on initial coin offerings and cryptoassets exchanges. The need for developing a worldwide approach to the regulation of cryptoassets has been accentuated by the exponential increase in retail exposure to cryptoassets, which have seen ever growing retail investor losses caused by financial crime, fraud, money laundering, other illegal market practices and, of course, market events such as "shock events" including Terra/Luna, Celsius, Voyager, Three Arrows Capital, and FTX.
The Consultation Paper sets out 18 "principles-based and outcomes-focused" recommendations, which have been developed under the supervision of IOSCO Board's Fintech Task Force following IOSCO's cryptoasset roadmap, which was published in June 2022. The proposed recommendations cover:
The recommendations are grouped into nine categories and are targeted at the activities carried out by cryptoasset service providers (CASPs). While the recommendations apply to all types of cryptoassets, additional commentary is provided to explain how the recommendations capture the features and risks of stablecoins. The Consultation Paper contains a series of questions relating to the recommendations, with one question dedicated to stablecoins.
We have picked out the headline points from each of the 18 recommendations.
Recommendation 1: Common standards of regulatory outcomes
Regulators are called on to use their existing regulatory framework or to develop new frameworks to regulate and oversee cryptoassets trading, other cryptoassets services and the issuing, marketing and selling of cryptoassets in line with IOSCO's objectives and principles of securities regulation and relevant supporting materials, seeking to achieve regulatory outcomes for investor protection and market integrity that are the same or aligned to those that are required in traditional financial markets.
Recommendation 2: Organisational governance
Regulators should require CASPs to have effective governance and organisational arrangements including systems, policies and procedures to address conflicts of interests, including those arising from different activities undertaken, and services provided by a CASP or its affiliated entities. Regulators should consider having the tools to require legal disaggregation and separate registration and regulation of certain activities and functions if conflicts cannot be effectively mitigated.
Recommendation 3: Disclosure of role, capacity and trading conflicts
Regulators should require a CASP to disclose each role and capacity in which it acts.
Recommendation 4: Client order handling
Regulators should require CASPs, when acting as an agent, to handle all client orders fairly and equitably and should have in place systems, policies and procedures to ensure the fair and expeditious execution of client orders and restrictions on front running client orders. Clients and prospective clients should receive details of systems, policies and procedures as relevant.
Recommendation 5: Market operation requirements
Regulators should require a CASP that operates a market or acts as an intermediary to provide pre- and post-trade disclosures.
Recommendation 6: Admission to trading
Regulators should require CASPs to establish, maintain and appropriately disclose to the public their standards for listing and admitting cryptoassets to trading on their markets (and their standards for removing cryptoassets from trading).
Recommendation 7: Management of primary markets conflicts
Regulators should require a CASP to manage and mitigate conflicts of interest relating to the issuance, trading and listing of cryptoassets.
Recommendation 8: Fraud and market abuse
Regulators should take enforcement action against offences involving fraud and market abuse in cryptoasset markets.
Recommendation 9: Market surveillance
Regulators should apply market surveillance requirements to each CASP to mitigate market abuse risks.
Recommendation 10: Management of material non-public information
Regulators should require a CASP to have systems, policies and procedures in place regarding the management of material non-public information.
Recommendation 11: Enhanced regulatory cooperation
In recognition of the cross-border nature of cryptoassets issuance, trading and other activities, regulators should be able to share information and cooperate with regulators and relevant authorities in other jurisdiction in relation to such activities.
Recommendation 12: Overarching custody recommendation
Regulators should apply IOSCO's recommendations regarding the protection of client assets when considering the application of existing or new frameworks to CASPs that undertake custody activities.
Recommendation 13: Segregation and handling of client monies and assets
Regulators should require a CASP to place client assets in trust, or to otherwise segregate them from the CASP's proprietary assets.
Recommendation 14: Disclosure of custody and safekeeping arrangements
Regulators should require a CASP to disclose to a client how client assets are held and arrangements for safeguarding assets and/or private keys, the use of other custodians, the use of aggregation or pooling and risks attached, the CASP's obligations and responsibilities relating to the use of client assets as well as private keys and terms for their restitution and the risks involved.
Recommendation 15: Client asset reconciliation and independent assurance
Regulators should require a CASP to have systems, policies and procedures to undertake regular and frequent reconciliations of client assets subject to appropriate independent assurance.
Recommendation 16: Securing client money and assets
Regulators should require a CASP to adopt appropriate systems, policies and procedures to mitigate the risk of loss, theft or inaccessibility of client assets.
Recommendation 17: Management and disclosure of operational and technological risks
Regulators should require a CASP to comply with operational and technology risk and resilience requirements in accordance with IOSCO's recommendations and standards. CASPs should be required to disclose all material sources of operational and technological risks and have appropriate risk management frameworks to manage and mitigate such risks.
Recommendation 18: Retail client appropriateness and disclosure
Regulators should require a CASP to operate in way that is consistent with IOSCO's standards when interacting and dealing with retail clients. CASPs should be required to implement adequate systems, policies and procedures and disclosure in relation to onboarding new clients and as part of their ongoing business with existing clients. This should include an assessment of the appropriateness and/or suitability of particular cryptoasset products and services offered to each retail client.
Responses to the Consultation Paper must be submitted by 31 July 2023. IOSCO aims to finalise its policy recommendations relating to crypto and digital assets in early Q4 2023. It is also engaged with the work of the Financial Stability Board (FSB). In October 2022, the FSB published two consultation papers on the supervision and oversight of cryptoassets activities and markets from a financial stability perspective and is aiming to finalise its recommendations by July 2023.
IOSCO also notes that later this summer it intends to publish a separate consultation paper with proposed recommendations on regulating decentralised finance.
30 June 2023
30 June 2023
by Multiple authors
3 July 2023
5 June 2023
by Multiple authors
6 June 2023
Erik Steiner looks at the opportunities in the games industry offered by AI, and at how to manage the associated legal risks.
9 May 2023
by multiple authors
by multiple authors
by multiple authors