The IOSCO’s 18 Recommendations for Crypto and Digital Asset Markets

The crypto-assets landscape is evolving at lightning speed. With every leap forward, it becomes increasingly evident that regulatory intervention to maintain market integrity and protect investors is not just necessary but critical. This urgency becomes apparent in light of several incidents within the Crypto Asset Service Providers (CASPs) space. Responding to the call for action, the International Organization of Securities Commissions (IOSCO) made 18 crucial recommendations in their May 2023 Consultation Report.

The Wake-Up Call: Market Disruptions & Regulatory Response

A series of recent happenings within the crypto market has served as a stark reminder of the relevance and necessity of IOSCO's recommendations. Terra Luna's $60 billion collapse and the subsequent fallout emphasise the critical need for regulations and transparent disclosures regarding stablecoins. The downfall of FTX spotlights the importance of CASPs adhering to regulatory rules, particularly those concerning custody services. Meanwhile, the ongoing legal proceedings against Bitzlato for alleged money laundering activities underline the crucial role of stringent Know Your Customer (KYC) procedures in preventing criminal misuse of crypto-assets.

Other cases, such as insider trading allegations against a former product manager at Coinbase, highlight the urgent need for CASPs to establish mechanisms to prevent the mishandling of non-public, sensitive information. Finally, legal charges filed against Beaxy and Bittrex by the Securities and Exchange Commission (SEC) for breaching the US's securities laws reaffirm the vital role of regulatory oversight and compliance.

Collectively, these incidents illustrate the value of IOSCO's recommendations. They are a blueprint for creating a robust regulatory structure that balances innovation with investor protection.

Decoding IOSCO's Recommendations: Key Takeaways & Implications

Recommendation 1: Common Standards of Regulatory Outcomes

• Advocates for standardised outcomes similar to traditional financial markets.
• Encourages regulators to follow IOSCO's standards and stresses the need for international cooperation to deter regulatory arbitrage.?

Recommendation 2: Organisational Governance

• Highlights the importance of strong governance in CASPs, particularly those with vertically integrated operations.?
• Advises regulators to mandate sound governance structures, including systems and policies to identify, manage, and mitigate conflict of interests.?
• In cases where CASPs cannot effectively mitigate conflicts, regulators may require legal disaggregation, separating conflicting functions into distinct entities.?

Recommendation 3: Disclosure of Role, Capacity and Trading Conflicts

• Urges CASPs to be clear about their roles and potential conflicts of interest.
• Calls for regulators to mandate disclosures of the CASPs' role in handling clients' orders and assets and any conflicts arising from their multiple roles to increase transparency.
• CASPs should make disclosures in clear, concise, and non-technical language.

Recommendation 4: Order Handling

• Urges fair and transparent procedures for handling orders.
• Suggests regulators mandate disclosure and maintenance of a transparent system for order execution along the lines of existing securities regulations.?
• Specific disclosure requirements may include details about the execution of client orders, order-routing procedures, and the CASPs' arrangements with third parties.?

Recommendation 5: Trade Disclosures

• Stresses the need for transparency in trading.
• Recommends regulators to require CASPs to provide thorough pre- and post-trade disclosures, including information on bids, offers, prices, trade times, and transaction volumes.?

Recommendation 6: Admission to Trading

• Demands strict listing standards for crypto-assets.
• Urges regulators to enforce detailed listing standards, including approval, maintenance, and delisting procedures.
• CASPs should make initial and ongoing disclosures about the assets, issuers, trading history, operational details, token ownership concentration, transfer protocols, and treatment of events like hard forks and airdrops.

Recommendation 7: Management of Primary Markets Conflicts

• Emphasises the need to manage potential conflicts of interest in issuing, trading, and listing crypto-assets.
• Regulators may need to prohibit CASPs from listing and trading assets in which they have a significant interest.
• Further, regulators may need to mandate measures to manage conflicts related to the issuance, trading, and listing via disclosure requirements or prohibitions on proprietary crypto-assets trading.?

Recommendation 8: Fraud and Market Abuse

• Underlines the importance of fighting fraud, insider trading and market manipulation.?
• Regulators should close regulatory gaps, enforce actions against fraudulent practices, and ensure regulatory consistency across traditional and crypto-asset markets.
• Advises regulators to update offence provisions as needed to address market developments.?

Recommendation 9: Market Surveillance

• Highlights the crucial role of effective market surveillance.
• Encourages regulators to establish comprehensive surveillance requirements for CASPs, including immediate transaction surveillance, quick remedial actions, information sharing, suspicious transaction reporting, cyber threat identification, and adherence to AML-CTF standards.?

Recommendation 10: Management of Material Non-Public Information

• Stresses the need to properly handle non-public, sensitive information (e.g. client orders and the planned listing of a particular crypto-asset).
• Suggests regulators require CASPs to set up systems for managing sensitive information, restricting access to authorised personnel, monitoring for breaches, and setting up whistleblowing procedures.?

Recommendation 11: Enhanced Regulatory Cooperation

• Underlines the necessity of increased cooperation between regulators due to the cross-border nature of CASPs' operations.
• Proposes the establishment of cooperative arrangements among regulators for adequate supervision.
• Advocates active information sharing within existing frameworks of the IOSCO and bilateral or multilateral arrangements to combat cross-border financial crimes.?

Recommendation 12: Overarching Custody Recommendation

• Accentuates the need for robust custody systems for client assets.
• Suggests regulators enforce safeguards to minimise the risk of client asset loss, maintain precise records, ensure asset safety, and inform clients about their asset rights, especially during insolvency, all in line with the IOSCO's Recommendations Regarding the Protection of Client Assets.?

Recommendation 13: Segregation and Handling of Client Monies and Assets

• Stresses the need for CASPs to separate and manage client assets properly.
• Recommends regulators to require CASPs to separate client assets from their own, using mechanisms like trust or segregated accounts.?
• CASPs should obtain express client consent and risk disclosure for asset lending and maintain accurate and precise client asset records to protect them from loss, misuse, and creditors.

Recommendation 14: Disclosure of Custody and Safekeeping Arrangements

• Highlights the importance of CASPs' revealing their custody and safekeeping arrangements, including the measures for client asset protection and any involvement of custodians.?
• Mandates CASPs to communicate to clients any associated risks and obligations unequivocably.

Recommendation 15: Client Asset Reconciliation and Independent Assurance

• Emphasises the significance of regular and frequent client asset reconciliation and independent assurance.
• Requires CASPs to keep accurate transaction records, obtain independent assurance for these reconciliations and provide client account statements.
• Mandates CASPs to engage an independent auditor annually to audit and review the CASPs' client asset environment, internal control (as to custodial services) and adequacy of CASPs' policies and procedures.

Recommendation 16: Securing Client Money and Assets

• Emphasises the need for strong measures to protect client assets.
• Regulators should require CASPs to have systems to mitigate the risks of loss, theft or inaccessibility of client assets (e.g. due to the loss of private keys) and other risks associated with using various wallet types (hot, warm or cold).?
• Suggests regulators consider legal frameworks to compensate clients in case of asset theft or loss, potentially requiring CASPs to hold additional funds or guarantees.

Recommendation 17: Management and Disclosure of Operational and Technological Risks

• Stresses the importance of managing and disclosing operational and technological risks.
• Regulators should require CASPs to adhere to IOSCO's resilience requirements and maintain robust risk management frameworks.?
• CASPs should conduct independent code audits regularly and maintain cyber and system resiliency, all while ensuring that these measures do not expose CASPs to increased cybersecurity vulnerabilities.

Recommendation 18: Retail Client Appropriateness and Disclosure

• Emphasises the need for suitable interactions and clear disclosures for retail clients.
• Regulators should require CASPs to assess product suitability for each retail client and provide comprehensive disclosures.
• Regulators should scrutinise CASPs' marketing materials for misinformation and require efficient complaint-handling mechanisms to be in place.

Special Recommendations about Stablecoins

Stablecoins, though typically stable, come with unique risks. These include unclear transparency, unverified reserve assets, the potential for sudden withdrawals, and use for illegal activities. Recommendations in the Consultation Report advise regulators to require CASPs to disclose terms and risks tied to the stablecoins they list for trading. Regulators should also ensure the issuer's reserve assets cover the redemption of all outstanding stablecoins.

Conclusion

In a nutshell, IOSCO's recommendations offer a solid framework to regulate CASPs. They seek to align crypto-asset regulations with traditional financial markets' standards. By balancing investor protection, market integrity, and innovation, these recommendations lay a firm groundwork for global regulatory systems. IOSCO has invited all stakeholders to contribute to the consultation by submitting responses on or before 31 July 2023. In doing so, we can work towards a strong, inclusive crypto-asset market.