Skip to main content

Clifford Chance

Clifford Chance
All
Fintech<br />

Fintech

Talking Tech

Treasury consultation on proposed licensing and custody requirements for crypto asset secondary service providers

Crypto Banking & Finance 11 April 2022

Background

On 21 March 2022, the Australian Government Treasury (Treasury) released its consultation paper on "Crypto asset secondary service providers: licensing and custody requirements" (the Consultation Paper), available online here. It proposes a regulatory framework for crypto asset secondary service providers (CASSPrs). The Consultation Paper proposes a licensing regime and minimum standards of conduct, including for custody of private keys and the suitability of key persons to be operating secondary service provider businesses (through fit and proper person tests). The Consultation Paper also covers the first stage of a broader token mapping exercise to be completed by the end of 2022 (Token Mapping). Treasury is seeking input and feedback on a range of questions during the consultation period which is open now until 27 May 2022.

Existing regulatory framework

Although to date cryptocurrency and other crypto assets have generally not been subject to specific regulation in Australia, it is expected that Australia’s financial services regulatory framework (including as it relates to crypto assets) will continue to be under review and reformed by multiple government bodies and agencies (see Appendix 1 of Consultation Paper for overview of Australia's existing crypto asset regulation).

The Consultation Paper notes that the absence of specific regulation for crypto assets and their associated service providers has led to actual and perceived regulatory gaps – for example:

  • challenges classifying crypto assets as financial products or non-financial products;
  • counterparty risks associated with using crypto as a store of value or investment;
  • perception that similar services are regulated in a similar way (that being, digital currency exchanges can operate in a similar way to regulated financial markets); and
  • protecting the community from criminal enterprises and fraud.

Proposed definition of crypto asset secondary service providers

Crypto asset secondary service provider” is defined in the Consultation Paper as: any natural or legal person who, as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

  1. exchange between crypto assets and fiat currencies;
  2. exchange between one or more forms of crypto assets;
  3. transfer of crypto assets;
  4. safekeeping and/or administration of virtual assets or instruments enabling control over crypto assets; and
  5. participation in and provision of financial services related to an issuer’s offer and/or sale of a crypto asset.

The Australian Securities & Investment Commission (ASIC) defines a “crypto asset” being “…a digital representation of value or contractual rights that can be transferred, stored or traded electronically, and whose ownership is either determined or otherwise substantially affected by a cryptographic proof” and this was adopted in the Consultation Paper.

Proposed regulatory obligations

Licensing and obligations on CASSPrs

The Consultation Paper proposes a single CASSPr licensing regime separate from the existing Australian financial services licensees (AFSL) regime with varying obligations imposed depending on the number and type of services offered by the CASSPrs.  The proposed obligations on CASSPrs under this licensing regime is summarised in the table below.  

AFSL obligations similar to existing regime

Additional AFSL obligations applicable to CASSPrs
  • do all things necessary to ensure that: the services covered by the licence are provided efficiently, honestly and fairly; and any market for crypto assets is operated in a fair, transparent and orderly manner;
  • maintain adequate technological, and financial resources to provide services and manage risks, including by complying with the custody standards proposed in the Consultation Paper;
  • have adequate dispute resolution arrangements in place, including internal and external dispute resolution arrangements;
  • ensure directors and key persons responsible for operations are fit and proper persons and are clearly identified;
  • maintain minimum financial requirements including capital requirements;
  • comply with client money obligations; and
  • comply with all relevant Australian laws.
  • take reasonable steps to ensure that the crypto assets it provides access to are “true to label” e.g. that a product is not falsely described as a crypto asset, or that crypto assets are not misrepresented or described in a way that is intended to mislead;
  • respond in a timely manner to ensure scams are not sold through their platform;
  • not hawk specific crypto assets;
  • be regularly audited by independent auditors;
  • comply with anti-money laundering and counter terrorism financing (AML/CTF) provisions (including a breach of these provisions being grounds for a licence cancellation); and
  • maintain adequate custody arrangements.

 

It is proposed that ASIC would have powers to grant relief from some or all the obligations if warranted, on a case-by-case basis, to ensure the regime remains agile and flexible. The intention is that providers will not be subject to multiple regulatory regimes.

Custody obligations

The Consultation Paper proposes to apply mandatory, principles-based obligations to CASSPrs who maintain custody (either themselves or via third parties) of crypto assets on behalf of consumers. These proposed obligations are summarised in the table below, and will be applied in a manner that is proportionate to the nature, scale, and complexity of each custodian’s operations.

Summary of Proposed Custody Obligations to Safeguard Private Keys
  • holding assets on trust for the consumer;
  • ensuring that consumers’ assets are appropriately segregated;
  • maintain minimum financial requirements including capital requirements;
  • ensuring that the custodian of private keys has the requisite expertise and infrastructure;
  • private keys used to access the consumer's crypto assets are generated and stored in a way that minimises the risk of loss and unauthorised access;
  • adopt signing approaches that minimise ‘single point of failure’ risk;
  • robust cyber and independent verification of cybersecurity practices;
  • processes for redress and compensation in the event that crypto assets held in custody are lost;
  • when a third-party custodian is used, that CASSPrs have the appropriate competencies to assess the custodian’s compliance with necessary requirements; and
  • any third-party custodians have robust systems and practices for the receipt, validation, review, reporting and execution of instructions from the CASSPr.

 

Other obligations

The Consultation Paper also proposes to introduce:

  • financial requirements on CASSPrs to be specified by ASIC; and
  • a prohibition on hawking or pressure selling crypto assets.

Adequate financial requirements would be applied based on the services provided and volume of transactions.  Further, under the proposed hawking prohibition, a CASSPr must not, in the course of an unsolicited contact with a retail consumer offer specific crypto assets for sale, or request or invite a consumer to ask for crypto assets offered through the service. The objective of this proposed prohibition is for consumers to have control over their decisions to purchase crypto assets.

Alternative regimes considered

The Consultation Paper proposes two alternative regulatory options for consideration:

  1. that all crypto assets could be brought into the existing financial services regime by defining crypto assets as financial products under section 764A of the Corporations Act 2001 (Cth) (Corporations Act) and tailoring the AFSL regime to achieve appropriate outcomes for crypto assets; and
  2. a self-regulation model under which industry would develop a code of conduct for crypto asset services that is approved by a regulator and meets minimum regulatory policy goals.  The Consultation Paper notes that this is closer to the current approach in the U.S. and U.K., where crypto assets (other than AML/CTF) are not specifically regulated unless they are securities or financial products. The Consultation Paper notes that both jurisdictions are currently considering additional obligations for crypto assets.

Early views sought on token mapping

In addition to the proposed obligations outlined above, Treasury is also seeking early views on the various types of crypto assets to inform the Token Mapping exercise to be completed by the end of 2022. 

The Token Mapping exercise is important to provide further clarity as to how crypto assets are categorised and classified on a risk-based and technology agnostic basis, to provide more certainty to CASSPrs, consumers, and regulators. The relevant consultation questions are:

  • Do you have any views on how the non-exhaustive list of crypto asset categories described ought to be classified as (1) crypto assets, (2) financial products or (3) other product services or asset type?
  • Are there any other descriptions of crypto assets that Treasury should consider as part of the classification exercise?
  • Are there other examples of crypto asset that are financial products?
  • Are there any crypto assets that ought to be banned in Australia? 

Toolkits & Client Log-in