In a UM RegTech interview, Edwin Lee, Corporate, Commercial and Technology Partner at GLT Law examines regulatory issues surrounding cryptocurrency exchanges with a focus on the Malaysian market.

KPMG, one of the big four accounting firms, released a 42- page report in November 2018 where it identified the key challenges to the adoption of blockchain-powered crypto assets in the global financial services ecosystem. While PMG noted that “crypto-assets are now impossible to ignore”, they need institutionalisation in order for crypto-assets to create trust and scale. Amongst the key challenges listed are regulatory compliance, forks, custody, accounting, and tax implications.

2017 was the year where cryptocurrencies seemed to be moving towards becoming mainstream. More cryptocurrency exchanges are being set up to facilitate trading of cryptocurrencies, and more projects are going for initial coin offerings (ICOs) to raise funds for their blockchain-related projects. Following this, regulators around the world are finding ways to respond to the emergence of this new innovation. Some regulators had resorted to banning it altogether, while some had decided to put in regulations to strike a balance between protecting their monetary sovereignty and consumer protection and encouraging the development of such innovation.

Cryptocurrency exchanges are an important component of the cryptocurrency market. Without it, most people would not have a platform to trade in cryptocurrencies. In this article, we will examine the regulatory issues surrounding cryptocurrency exchanges, with a particular focus on how Malaysian regulators deal with it.

In Asia, Japan was the first country to regulate cryptocurrency exchanges. Under Japan’s Payment Services Act, cryptocurrency exchanges are legal if they are registered with the Financial Services Agency. In South Korea, cryptocurrency exchanges are regulated by the Financial Supervisory Service, and they are treated like banks in which they have to adhere to some of the strictest crypto laws in Asia.

In Singapore, cryptocurrency exchanges will be regulated under the new Payment Services Act once the new law is passed by the Parliament. The Hong Kong Securities and Futures Commission had also proposed a regulatory framework for cryptocurrency exchanges, requiring them to follow the same legal frameworks that apply to traditional financial services.

In Malaysia, the Securities Commission (SC) had introduced a new legal framework to facilitate trading of cryptocurrencies on electronic platforms. In the SC’s Guidelines on Recognized Markets (henceforth, the “Guidelines”), cryptocurrencies are called ‘digital assets’ and electronic platforms are ‘digital asset exchanges (DAXs)’. If a DAX is operated, provided, or maintained in Malaysia, or is located outside Malaysia but actively targets Malaysian investors, then such DAX is subject to the Guidelines and must apply to the SC for approval in order to operate in Malaysia by 1 March 2019. Since the application window has closed, anyone who wishes to operate a DAX that falls under this definition will have to wait for the next round of application (if any).

The SC has attempted to tackle the following regulatory issues through the guidelines:

LOCAL INCORPORATION

In order for the SC to have jurisdictional power over a DAX, the SC requires all DAX operators to be locally incorporated and have a minimum paid-up capital of RM5 million. This is to ensure that the company will have sufficient funds to pay compensation (if they are sued by their users) or penalty (if they are fined by the regulator).

FAIR TRADING

A DAX operator must:

• Ensure its DAX is operating in an orderly, fair, and transparent manner;
• Have in place rules and procedures for the trading, clearing, and settlement of Digital Assets on the DAX;
• Ensure that all disclosures are fair, clear, and not misleading including risk warning statements and other qualifications to enable investors to have an accurate understanding of the associated risks;
• Conduct real-time market surveillance.

COMPLIANCE AS A KEY ELEMENT

The SC requires all DAX operators to put compliance as a core element in their business. Some of the compliance measures that a DAX operator should take would include having policies to deal with:

• conflict of interest;
• trading operations;
• market transparency; and;
• market making and proprietary trading for liquidity.

RISK MANAGEMENT

All DAX operators should put in place a risk management policy which covers IT systems, main business risks, as well as cyber security management. In view of the large number of high-profile hacking incidents involving cryptocurrency exchanges, regulators also require cryptocurrency exchanges to build frameworks to identify and protect against hacking risks and to detect, respond to, and recover from such incidents. DAX operators must also put in a business continuity plan and internal audit policy.

PROTECTION FOR INVESTORS’ MONIES

All DAX operators must also prepare a client’s asset protection policy and settlement and custody policy which set out a transparent framework on money-handling arrangements, secure storage media as well as processes to protect against risk of loss, theft, or hacking.

TRANSPARENT AND FAIR CUSTOMER-FACING PROCESS

All DAX operators must put in place clear and fair terms and conditions, with investors and customers and publish risk warning statement that outlines the level of risk of the digital assets to users so that they are made aware of the risks involved.

PERSONAL DATA AND ANTI-MONEY LAUNDERING PROTECTION

An important element of trading on cryptocurrency exchanges is whether users will be allowed to create anonymous accounts on their exchanges. Most regulators require cryptocurrency exchanges to collect the real identities of their users so as to comply with data protection law. Regulators also note that there are significant money-laundering and terrorism-financing risks associated with trading of cryptocurrencies, and as such, exchanges are required to develop and maintain a strong anti-money laundering and counter-financing of terrorism (AML/CFT) program as part of their customer due diligence exercise.

For more of Edwin Lee’s insights into regulatory issues in digital asset exchanges, catch the full article in the second issue of UM RegTech’s VisioBloc report: The Crypto-Fundraising Landscape.

About Asia Blockchain Review

Asia Blockchain Review is the largest initiative for media and community building in Asia for blockchain technology. It aims to connect all blockchain enthusiasts on a regional scale and facilitate the technological foundation of blockchain through a range of group discussions, technical workshops, conferences, and consulting programs.

Our goal is to cultivate and encourage a collaborative community for our members to gather, share their experiences and endeavors in the blockchain space, and brainstorm the potential uses of blockchain technology.

Follow Asia Blockchain Review on:

• Telegram: https://t.me/asiablockchainreview
• Facebook: https://www.facebook.com/pg/asiablockchainreview
• Twitter: https://twitter.com/abr_blockchain
• LinkedIn: https://www.linkedin.com/company/asia-blockchain-review/
• Website: https://www.asiablockchainreview.com/
• Email: [email protected]
• Youtube: https://www.youtube.com/channel/UCMQ5CVu0c9-pMlwB8LUvkiA