First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

CSA and IIROC propose regulatory framework for cryptoasset trading platforms

cryptoasset

On March 14, 2019, the Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC) published Consultation Paper 21-402 Proposed Framework for Crypto-Asset Trading Platforms [PDF]  (the Consultation Paper) proposing a regulatory framework for platforms (Platforms) that trade cryptoassets (the Framework). The Consultation Paper notes that over 200 Platforms currently offer trading of over 2,000 cryptoassets for fiat currency, many of which operate globally and without any regulatory oversight.

The Framework proposes to establish a regulatory regime for Platforms which draws upon the requirements applicable to securities and commodity futures exchanges, alternative trading systems (ATSs), clearing agencies, custodians and dealers. The requirements applicable to a particular Platform will depend on the role of the Platform and on the nature of the cryptoassets traded, including whether such cryptoassets are securities or derivatives.

The Framework will apply to Platforms located in Canada, as well as foreign Platforms with Canadian participants, which might be eligible for exemptions if they are appropriately regulated in their home jurisdiction.

CSA jurisdiction to regulate platforms

The key threshold issue that the CSA attempts to tackle in the Consultation Paper relates to how Canadian securities regulators assert jurisdiction over Platforms that trade cryptoassets that function as a form of payment or means of exchange on a decentralized network, such as bitcoin, and are not in and of themselves, securities or derivatives. The CSA acknowledges that these types of cryptoassets are analogous to fiat currency and precious metals and are more appropriately characterized as commodities. Nonetheless, the CSA proposes to apply securities legislation to Platforms that offer trading in these cryptoassets where the legal arrangement between the Platform and its users may itself be a security or derivative. When determining whether a Platform should be subject to the Framework, the CSA proposes to consider who has custody and control over the cryptoasset, who has legal ownership, and what rights users will have in the event of a Platform’s insolvency.

This analysis suggests that securities regulators may take the position that where a Platform user does not take delivery of cryptoassets purchased on the Platform (i.e., the Platform retains custody), the Platform pools cryptoassets of all participants in common wallets and/or the Platform may make use of the cryptoassets it holds for its users, that is evidence of a contract that is a security or derivative.

The Consultation Paper also communicates the CSA’s intention to regulate non-custodial (decentralized) services where the transfer of crypto-assets that are securities or derivatives occurs between the two parties of a trade through a smart contract/decentralized application. These types of Platforms will be required to have controls in place to address “specific technology and operational risks,” but the CSA gives no indication of its expectations for such controls.

To ensure that the CSA does not exceed its jurisdiction over the cryptoasset industry, we are hopeful that Platform regulation will provide further clarity regarding types of cryptoassets and related services that are not subject to securities regulation, such as tokens that are not investment contracts or derivatives and non-custodial cryptocurrency wallets.

Potential benefits of the framework

The Framework potentially opens the door for Platforms that transact in cryptoassets that are securities or derivatives to operate within Canada in a compliant manner. Examples may include Platforms dealing in security tokens or tokenized assets, decentralized prediction markets or other so-called “decentralized finance” (DeFi) activities.

In addition, by establishing a regulatory regime for Platforms, the Framework may make it easier for Platforms to obtain and maintain commercial relationships with banks and other financial institutions, which remains an ongoing challenge for certain Platforms.

Operational challenges for platforms

The Framework contemplates various operational requirements intended to protect participants from the counterparty and other risks associated with Platforms, most recently exemplified by the collapse of QuadrigaCX, such as requirements for market integrity, market surveillance, fair pricing, custody, clearing and settlement, disclosure of conflicts of interest, and systems and business continuity planning.

Some of the operational requirements that apply to traditional securities and derivatives dealers and markets will present particular operational challenges for Platforms, such as:

  • Insurance: Platforms will be required to maintain bonding or insurance against specific risks in specified amounts. The CSA acknowledges that it has been very difficult for Platforms to obtain insurance due to lack of cryptoasset insurers and the perceived high risk of cyberattacks. The Framework starts from the premise that insurance requirements for Platforms should be identical to those applicable to securities dealers and marketplaces, but CSA invites comment on appropriate insurance requirements for cryptoassets and seems to indicate a willingness to distinguish between appropriate insurance requirements for assets held in online “hot wallets” versus assets held offline in “cold storage.”
  • Custody and verification of assets: The Framework proposes to require custodial Platforms to “satisfy existing custody requirements…and…other yet-to-be-determined standards specific to the custody of crypto-assets.” The CSA notes that custodians of cash and traditional securities typically test their custody risk management policies and procedures by completing independent audits of their System Organization Controls (SOC) Type 1 and SOC Type 2 reports. However, preparing for and obtaining SOC reports will be a costly process for most Platforms and could take over a year to complete. Platforms that seek to push back against a requirement to produce reports of SOC Type 1 and SOC Type 2 audits will need to present reasonable alternatives for assuring regulators that their custody controls provide sufficient investor protection.
  • Proficiency requirements: The securities regulatory framework for dealers and marketplaces imposes requirements on the Chief Compliance Officer, supervisors of dealing activities and dealing representatives to have completed certain courses and exams and have relevant industry experience. These proficiency requirements are grounded in the securities and derivatives industry, and we expect that many capable individuals who have expertise in the cryptoassets industry will not meet these requirements. As well, almost all transactions on Platforms are automated, without involvement of individuals, so it is unclear which individuals employed by Platforms will be required to meet proficiency requirements. It might be appropriate for the Framework to accept alternative proficiency for certain categories of registered individuals sponsored by Platforms and/or to develop an industry course specific to the cryptoasset sector. Such a course could also be valuable for securities industry professionals seeking to integrate cryptoassets into their clients’ portfolios.

Public consultation should have meaningful impact

The CSA and IIROC have raised 22 questions for public comment, which provides Platforms and other industry participants with the opportunity to influence the outcome of this regulatory initiative. In order to influence the development of certain standards that may be applied, industry participants should suggest innovative ways for managing the investor risks identified in the Consultation Paper.

In addition, commenters should scrutinize the CSA’s apparent position regarding its jurisdiction over Platforms on the basis that the arrangements between the Platform and its users, or between two users, are derivatives or investment contracts. It is imperative for the scope of the Framework to be restricted to activities that are already subject to oversight by Canadian securities regulators, specifically dealing in, advising in or providing a marketplace for cryptoassets that are appropriately characterized as securities or derivatives.

By Lawrence E. Ritchie, Lori Stein and Evan Thomas, Osler

Occasional Contributors

In addition to our regular guest bloggers, Inside Internal Controls blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of risk management and best practices in finance and accounting, information technology, environmental issues, corporate governance, sales/marketing and operations, not-for-profits and business related issues in Canada. If you are a subject matter expert and would like to become an occasional blogger, please contact Yosie Saint-Cyr at editor@firstreference.com. If you liked this post and would like to subscribe to Inside Internal Controls blog click here.
Send to Kindle

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.