54 total views
Text | Internal Reference King
The digital asset market has just started, and like many emerging technologies and markets, it is difficult to predict its evolution. For many jurisdictions that adopt a prescriptive regulatory approach, the initial costs of licensing and continued compliance can be high. On the one hand, new entrants can be discouraged by these obstacles and seek jurisdictions with less supervision. On the other hand, jurisdictions need to protect their reputation and market participants to promote their economic development.
So far, most jurisdictions have chosen prescriptive or principle-based digital asset supervision methods to provide greater flexibility to the digital asset market to allow it to continue to develop, and how to follow these principles to a large extent The problem is left to participants or future explanations, except where regulations overlap (ie securities, commodities and anti-money laundering).
Regardless of the regulations governing digital asset business, forward-looking companies should consider adopting their own principle-based codes of conduct and selectively draw on normative standards and frameworks to implement these principles. The reasons are as follows:
Attracting institutional business -As mature asset classes attract more institutional investment, it is shown that appropriately controlled companies will have an advantage over those that do not.
Mitigation of legal and regulatory risks -The lack of regulatory certainty in many jurisdictions such as the United States and Europe creates huge business risks. Adopting the correct self-regulatory framework will increase the confidence of regulators and reduce litigation risks.
Reduce regulatory uncertainty -early implementation of baseline control can better improve the ability of companies to respond to rapidly changing regulations.
Positioning market opportunities and options -as companies shift to new business lines, strong control will accelerate the implementation of support operations.
Improved organizational processes -normative supervisory guidance, when properly implemented, can strengthen and improve related operational processes.
The Code of Conduct issued by the Association for Digital Asset Markets (ADAM) in November last year contains many lessons for crypto companies.
ADAM’s Code of Conduct
ADAM is an alliance of leading digital asset companies dedicated to promoting “integrity, fairness and efficiency in the digital asset market”. ADAM’s “Specifications” represent their efforts to establish a framework to promote the institutionalization of the digital asset market and provide assurance to regulators. Each ADAM member agrees to make the code of conduct a condition of membership.
ADAM codes are developed based on eight main areas.
● Compliance and risk management
● Market Ethics
● Conflict of interest
● Transparency and fairness
● Market integrity
● Information security and business continuity
● Anti-money laundering and combating the financing of terrorism
Implementation of the framework and standards of the ADAM specification
Choosing a digital asset company that adopts best practice codes (such as ADAM’s code), the next step needs to be to solve how to realize the underlying support control. If this is not done, in addition to the potential legal impact, customers and regulatory agencies may regard the documented but ignored principles as red flags, thereby creating more risks.
For some people, the solution may be to simply hire a large legal, accounting or consulting firm with extensive experience. However, in addition to the possibility of lowering their sense of ownership, this has not taken into account the other freely available resources that the regulator itself has pooled. Utilizing normative regulatory rules and guidelines specific to digital asset businesses (even if they are not regulated) and other publicly available standards and frameworks (such as NIST and ISO/IEC 27001), these businesses can also be established or improved It is controlled by selectively drawing on the work done by highly credible regulatory agencies and experts.
Well-known jurisdictions for digital asset business standards
Bermuda has used its position as a leader in reinsurance to establish a digital asset regulatory framework that provides certainty through comprehensive normative guidance. In addition, the Bermuda Monetary Authority is an experienced and well-versed in risk management regulatory agency. When talking about this framework and Bermuda’s reputation, Prime Minister Burt said, “Bermuda is unique from a regulatory point of view. There are only two countries in the world whose risk regulation is comparable to that of the United States and the European Union, namely Switzerland and Bermuda. .”
In fact, this commitment is reflected in their digital asset regulatory framework, so it becomes an important reference. Even other regulatory agencies have set their sights on Bermuda.
Wyoming is the most advanced digital asset regulatory agency in the United States. It has formulated its own digital asset custody rules with reference to the draft of Bermuda’s Code of Practice for Digital Asset Custody (Code of Practice). So far, MU has approved five digital asset business licenses.
Malta is trying to use its position in the gaming industry to advance distributed ledger technology. In 2018, it adopted a digital innovation framework composed of three laws related to distributed ledger technology. Its Virtual Financial Assets Act stipulates licensing requirements and the formulation of normative rules to mature its rapidly growing digital asset or blockchain market. In a speech to the United Nations, the Prime Minister of Malta enthusiastically referred to Malta as the “blockchain island” and declared that Malta has enacted the world’s first comprehensive blockchain legislation. In February 2020, the Malta Financial Services Authority (Malta Financial Services Authority) subsequently issued the VFA rulebook, which greatly expanded the scope of supervision. Malta’s acceptance of blockchain has led to a large number of companies flocking to the “blockchain island”, many of which left because they were disappointed that Malta failed to manage the framework it had established. For example, of the 340 “service provider” license applications originally submitted under the Virtual Financial Assets Act, none of them were approved, and most of them have been abandoned. As of April 30, only 26 were still valid.
New York’s virtual currency rules were promulgated in 2015, providing useful normative value for business continuity planning and customer information disclosure. Some criticized its licensing burden. As of May 6, 2020, only 25 licenses have been issued.
Each of these jurisdictions has invested a lot of resources in formulating normative digital asset regulations. One view is that the scope of these regulations and the challenges of the licensing process may inhibit the growth of a growing emerging market. Given the anticipated adjustments, this view is inferior to Malta in any jurisdiction today. On the other hand, the initial slowdown in licensing approvals may reflect a more sensible approach by regulators and may eventually prove to be a way to lay the foundation for the digital asset market. Although the facts are undoubtedly somewhere in between, these legal systems and related guidelines provide useful standards for forward-looking digital asset companies considering sustainable control.
Assist in the implementation of the standards of the ADAM Code of Conduct
The following is a mapping of the Adam Guidelines with the most helpful rules and guidance from these jurisdictions, as well as some other helpful rules and standards to help digital asset companies develop their own self-regulatory framework and internal controls. Market ethics is not depicted, because it is usually expressed as a principle without further normative guidance (this is also confirmed in the normative regulatory framework).
Governance, compliance and risk management
Best-Bermuda’s Code of Practice. With the thoughtful coverage of a sound corporate governance foundation for digital asset adjustments, companies may consider reducing these needs and pasting them into their policies and procedures.
Runner-up-Malta VFA Rulebook. The wide range of requirements makes these standards more expensive to implement than the Bermuda Standards and more suitable for more mature organizations.
Broader coverage-neither the ISO 31000 series nor the COSO ERM framework are free, nor are they resource-intensive implementations.
Conflict of interest
Best-Malta’s VFA rule book. As it covers business independence, incentives and personal transactions, Malta’s rulebook is recognized by Bermuda’s principle-based conflict rules.
More in-depth reporting-FINRA’s 013 report on conflicts of interest is a pioneering reference for best practices in conflict of interest management in financial services companies
Transparency and fairness
Best overall-Bermuda’s client disclosure rules. These rules are a well-organized list of factors that affect customer relationships.
Most suitable for customer risk disclosure-New York’s virtual currency rules. These disclosures have long become standards, and these disclosures represent the minimum that digital asset companies should include in their customer risk disclosure documents.
Good-two members of ADAM, ITBit (Paxos) and BlockFi’s public customer disclosure information are very helpful reference materials. These two members are subject to the New York BitLicense regulatory framework.
Best-CBOE Futures Exchange (CFE) Rulebook. In view of ADAM’s deliberate reference to “disruptive trading practices” (prohibited under Section 6c(a)(5) of the Commodity Exchange Act) and the lack of immediate digital asset supervision guidelines, the applicable rules of the U.S. Commodity Exchange were reviewed , To adapt to the digital asset market.
It is most suitable to build your own washing trade prevention system function-ICE’s trade prevention function policy. Useful resources to formulate the requirements of the washing trade system.
Very good-Paxos’ market manipulation standards provide a relaxed atmosphere and can be used as a starting point with reports in CFE’s Rulebook.
Best-Bermuda Code of Conduct for Guardianship. Bermuda’s escrow code defines standards for custodians of digital asset private keys in custody, custody transaction processing and custody operations. As mentioned above, Wyoming’s digital asset custody rules are largely incorporated into Bermuda’s regulations.
US regulatory methods-customer protection rules and customer funds isolation rules (promulgated according to the Securities Exchange Act and the Commodity Exchange Act (CEA) respectively). In these two aspects, CEA’s customer fund isolation rules are easier to adapt to digital assets than the “customer protection rules”, the latter did not say much. Both the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (“SEC”) have pointed out the challenges faced in applying customer protection rules to digital assets. The SEC continues to study how to apply the existing non-DVP custodian framework to digital assets.
Information security and business continuity
Most suitable for establishing a cyber security plan-the New York Department of Financial Services (NYS DFS) network security requirements for financial services companies. These rules apply to financial service providers registered with the New York State Department of Financial Services and provide a comprehensive list of financial services companies that wish to establish cybersecurity programs.
Best for hosting related security-Bermuda Regulatory Code of Practice. Technical control of supervision is closely related to network security control.
Conducive to business continuity-New York’s virtual currency rules. As a checklist for key components.
Business Continuity Beginner-FINRA’s small company business continuity planning template.
NIST’s security and privacy control of information systems and organizations
Password key generation
NIST’s Cybersecurity Incident Recovery Guide
NIST provides a wealth of comprehensive network security guidelines for building and maintaining network security procedures, recovering from security incidents, and protecting digital assets.
Anti-money laundering and combating terrorist financing
Bermuda’s prudential standards.
Bermuda’s industry-specific guidance on digital asset business.
Bermuda’s well-thought-out anti-money laundering guidelines are comprehensive, and its prudential standards even provide templates, but they cannot replace major institutions, such as the Financial Crime Enforcement Network (FinCen) guidelines related to convertible virtual currencies.
Most suitable for AML risk assessment-BSA / AML exam manual for money service business. Regardless of whether the digital asset business is required to be registered as a “money service business” in the United States, the guidelines in the BSA manual are the authoritative source for initial and ongoing AML risk assessments.
ADAM’s Code of Conduct is a useful resource for industries dealing with an uncertain regulatory environment. The leader of its members shows another positive step in the development of the digital asset market and reflects the desire of responsible market participants to conduct self-regulation. However, adopting the aspirational principle alone will not increase market confidence or protect market participants. ADAM members and other participants who have adopted similar principles have established many control measures related to these principles, but the good work done by regulators and other institutions should be considered to define or determine appropriate control measures to implement these principles. Selective execution draws inspiration from them to create or build your own controls.