IOSCO weighs in on the regulation of cryptoasset trading platforms


Our team: Tim Wright, David Lee


The Board of the International Organization of Securities Commissions (IOSCO) has published a report[1] identifying what it sees as the key issues and risks associated with cryptoasset trading platforms (CTPs). Running to some 50 pages, the report entitled “Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms” was released on 12 February 2020 following an earlier IOSCO consultation report and survey of the regulatory approaches to CTPs that member jurisdictions are currently applying or considering.

In 2019, IOSCO, the global cooperative of securities regulatory agencies with more than 218 members from over 100 countries, announced as a Board priority its concerns over the trading, custody and settlement, accounting, valuation, and intermediation of cryptoassets as well as the exposure of investment funds to cryptoassets. Following the publication of its report, IOSCO will continue to monitor the evolution of cryptoasset markets in order to ensure the issues, risks and key considerations identified in the report remain relevant.

In the press release[2] which accompanies the report, the Board says that whilst many of the regulatory issues identified are common to traditional securities trading venues, the issues may be heightened by the business models employed by CTPs since – unlike traditional trading venues – CTPs often hold participant assets and funds.

The key considerations identified in the Board’s report are:

    • Access to CTPs;
    • Safekeeping of participant assets, including custody arrangements;
    • Identification and management of conflicts of interest;
    • Transparency of operations;
    • Market integrity, including CTP trading rules, monitoring and enforcement;
    • Price discovery mechanisms; and
    • Technology, including resiliency and cyber security.

With regards to technology, the report says that “system resiliency, reliability and integrity as well as cyber resilience and security of their trading systems are [all] critical components in managing trading risks, facilitating investor protection, and fostering fair and efficient markets” since a failure of a CTP’s technology could lead to participant assets becoming inaccessible or even lost.

The Board says that reliance on third party systems will be an important consideration for regulators, citing Key Issue 3 of Principle 33[3] on outsourcing by trading venues:

“When functions are outsourced, such outsourcing does not negate the liability of the outsourcing market for any and all functions that the market may outsource to a service provider. The outsourcing market must retain the competence and ability to be able to ensure that it complies with all regulatory requirements. Accordingly, with respect to the outsourcing of key regulatory functions, markets should consider how and whether such functions may be outsourced. Outsourcing should not be permitted if it impairs the market authority’s ability to exercise its statutory responsibilities, such as proper supervision and audit of the market.”

With the introduction of the Fifth Money Laundering Directive, CTPs are now within the established KYC/AML framework and will have to comply with regulatory requirements already established in the traditional financial services sector.  In the UK at least, the FCA has been appointed the AML and CTF supervisor under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).  The FCA became the supervisor on 10 January 2020, and has the ability to exercise its powers from that date.  CTPs, among other businesses engaging with cyptoassets, will need to register with the FCA to be able to continue to carry on business in the UK.  Existing businesses (being those carrying on business prior to 10 January 2020) will have until 30 June 2020 to submit their application for a priority review, and if not registered by 10 January 2020 will have to cease trading.  New business will be required to register before commencing operations.

Part of the FCA’s application process requires the submission of a business plan, and that the business demonstrates it has the necessary policies, controls and procedures to effectively manage money laundering and terrorist financing risks, proportionate to the size and nature of its business’ activities.

The IOSCO Report provides an insight into the key areas of concern and consideration for registrars, and therefore they key areas to be addressed in the development of a CTP’s business and operations.  With the FCA and other European regulators taking a greater interest in the sector and, in many cases, current and future regulation of it, businesses looking to operate in the sector should be alive to and prepared for the issues identified in IOSCO’s report.

[1] https://www.iosco.org/library/pubdocs/pdf/IOSCOPD649.pdf

[2] https://www.iosco.org/news/pdf/IOSCONEWS556.pdf

[3] https://www.iosco.org/library/pubdocs/pdf/IOSCOPD562.pdf

View by date:


View by author:


Would you like to hear more?