IOSCO releases global regulatory framework for crypto assets, SEC commits to adopt

I. Early Focus on Risks in the Development of Crypto Assets

In the early stages of the crypto asset industry, the market value and user base were relatively small, primarily involving tech enthusiasts and early adopters, which did not attract widespread attention. As an emerging industry, corresponding regulatory measures had not yet been established. It wasn't until the 2014 bankruptcy of the Mt. Gox exchange severely impacted the virtual asset industry, causing market panic and price volatility. On the other hand, the virtual asset industry has experienced rapid development and changes over the past few years, with the continuous rise in prices of virtual assets like Bitcoin attracting more investors and institutions, leading to calls for enhanced regulation of virtual asset trading platforms and investor protection.

In 2014, IOSCO published the "Risk Warning on Virtual Assets," which pointed out the following risks associated with virtual assets: virtual asset trading often occurs anonymously, making it difficult to trace the identities of trading participants, increasing the risk of money laundering and other illegal activities; the virtual asset market lacks a unified legal and regulatory framework, exposing investors to legal risks and regulatory uncertainty; the virtual asset market is characterized by significant price volatility, which may expose investors to substantial investment risks and losses; the storage and trading of virtual assets rely on blockchain technology and digital wallets, which pose technical vulnerabilities and security risks.

While reminding industry investors about the risks of virtual assets, IOSCO also called on regulatory agencies to strengthen oversight of the virtual asset market to protect investors' rights and market stability. Regulatory agencies in various countries responded positively to IOSCO's risk warning document, taking measures to enhance regulation of virtual currency trading platforms. The U.S. Securities and Exchange Commission's statement indicated that certain crypto assets may be considered securities and are subject to securities regulations; Canada's Financial Transactions and Reports Analysis Centre included cryptocurrency traders within the scope of anti-money laundering and anti-terrorism financing regulations, requiring compliance with these regulations and conducting customer due diligence and reporting; the Australian Taxation Office issued guidelines clarifying the tax treatment of crypto assets. Some countries also issued warning announcements regarding virtual currencies, reminding investors to be aware of investment risks.

II. Introduction and Improvement of Crypto Asset Regulatory Principles

(1) Principles for Crypto Asset Trading Platforms

In 2017, the Initial Coin Offering (ICO) model, where startups raise funds by issuing tokens, rapidly gained popularity. The rapid development of the ICO market triggered a series of risks and controversies, including issues of investor protection, market manipulation, and information disclosure. Numerous ICO projects were investigated and penalized by regulatory agencies due to fraudulent activities and illegal operations, such as the investigation by the U.S. Securities and Exchange Commission (SEC) into Diamond Reserve Club for unregistered securities issuance and fraud. These cases sparked calls for enhanced regulation of the ICO market and investor protection.

In 2018, IOSCO published the "Principles for Crypto Asset Trading Platforms," aiming to establish a set of global regulatory principles for crypto asset trading platforms, including compliance, transparency, security, and prevention of market manipulation. The document proposed a series of requirements: ICO projects should provide sufficient, accurate, and timely information disclosure, including the project's background, objectives, risk factors, token structure, and use of raised funds; regulatory agencies should ensure that ICO projects comply with applicable investor protection regulations, including anti-money laundering and anti-terrorism financing provisions; regulatory agencies encourage investors to fully understand the risks of ICO projects and remind them to be aware of investment risks and potential fraudulent activities; regulatory agencies should ensure that ICO projects comply with applicable securities laws and regulatory requirements, including registration, licensing, and regulatory disclosures; regulatory agencies should strengthen international cooperation, share information and experiences, and jointly address the regulatory challenges of the ICO market.

Although the document provided a basic regulatory framework for regulatory agencies in various countries, clarifying regulatory objectives, scope, and the responsibilities and powers of regulators, emphasizing the importance of risk management, requiring the effective protection of investor rights, and highlighting the significance of global cooperation and opposition to market manipulation, it only offered guiding principles without establishing specific standards and regulations, and lacked enforceability, presenting certain deficiencies in execution. While regulatory agencies in various countries issued warning announcements regarding ICO risks, some countries also formulated specific laws and regulations requiring ICO project parties to comply with securities laws and regulations, conduct information disclosure, and protect investors. However, due to the varying positions of regulatory agencies and differences in regulations among countries, these principles have not been fully implemented, and the global regulatory framework urgently needed for the development of the crypto asset industry has not been established.

(2) Issues, Risks, and Regulatory Considerations Relating to Crypto Asset Trading Platforms

In 2019, the sudden death of the founder of the crypto asset management platform QuadrigaCX resulted in billions of dollars in crypto assets being unrecoverable, further revealing the risks and regulatory shortcomings in the crypto asset management industry. Against the backdrop of the rapid development of the crypto asset management industry and the challenges faced by regulatory agencies in formulating appropriate regulatory policies and frameworks, IOSCO published the "Issues, Risks, and Regulatory Considerations Relating to Crypto Asset Trading Platforms," identifying current issues with crypto asset trading platforms, including market risk, operational risk, money laundering and terrorism financing risks, investor protection issues, and cross-border regulatory challenges. The report proposed regulatory recommendations covering the need to ensure the transparency, stability, and investor protection of crypto asset management activities:

Regulatory Applicability: Regulatory agencies should assess the risks and impacts of crypto asset management activities, clarify whether these activities fall under existing regulatory frameworks, and formulate corresponding regulatory policies.

Investor Protection: The report emphasizes that protecting investor rights is a key task for regulatory agencies. Regulatory agencies should ensure that crypto asset management institutions comply with appropriate disclosure requirements, providing accurate, comprehensive, and timely information to prevent fraud and manipulation, effectively safeguarding investor rights.

Risk Management: The report outlines risk management measures that crypto asset management institutions should adopt, including risk assessment, risk monitoring, and risk management policies. Regulatory agencies should require crypto asset management institutions to establish sound risk management frameworks to ensure the safety of investors' funds and market stability.

Transparency and Disclosure: The report emphasizes that regulatory agencies should establish appropriate transparency and disclosure requirements to ensure that investors can access information regarding investment strategies, risk management, and performance.

Cross-Border Cooperation: The report calls for enhanced cross-border cooperation and information sharing among countries, as well as the establishment of unified regulatory standards and policies to address cross-border risks and regulatory challenges in crypto asset management.

The publication of this report provides important references and guidance for global crypto asset regulatory agencies, emphasizing the importance of compliance, transparency, and risk control for crypto asset trading platforms, promoting the formulation of regulatory policies and frameworks, and facilitating the healthy development of crypto asset management and investor protection. At the same time, the report also reminds crypto asset management institutions and investors to pay attention to risks and compliance, strengthen risk management and transparency, and ensure market stability and investor interests.

III. Globalization and Systematization of Crypto Asset Regulation

(1) Crypto Roadmap for 2022-2023

In 2022, IOSCO released the "Crypto Roadmap for 2022-2023," outlining a blueprint for the globalization and systematization of crypto asset industry regulation. According to the IOSCO Board's resolution, a Financial Technology Task Force (FTF) at the board level was established, chaired by the Monetary Authority of Singapore (MAS), responsible for developing, overseeing, delivering, and implementing IOSCO's regulatory agenda on financial technology and crypto assets, and coordinating IOSCO's cooperation with the Financial Stability Board (FSB) and other standard-setting bodies on fintech and crypto-related matters.

(2) Policy Recommendations for Crypto and Digital Asset Markets Consultation Report

In May 2023, IOSCO officially released the "Policy Recommendations for Crypto and Digital Asset Markets Consultation Report," marking significant progress in global crypto asset regulation. The report presents a general recommendation to all regulatory bodies, suggesting that regulators should not create any differences in regulating crypto assets and traditional finance, aiming to eliminate regulatory disparities between crypto assets and traditional finance, promote a fairer competitive environment between the two, and reduce the risk of regulatory arbitrage. Based on the principle of "same activity, same risk, same regulatory outcome," the report specifically proposes policy recommendations covering conflicts of interest, market manipulation, cross-border risks, asset protection, and more, to standardize the global crypto asset industry, strengthen consistency and applicability in crypto asset regulation, protect investors' legitimate rights and interests, enhance market confidence, and maintain a healthy market environment. The main policy recommendations are as follows:

Regulatory agencies should adopt a regulatory and supervisory approach to crypto asset trading, other crypto asset services, and the issuance, marketing, and sale (including investment) of crypto assets that aligns with IOSCO's securities regulatory objectives and principles, as well as relevant supporting standards, recommendations, and best practices. The regulatory approach should strive to achieve regulatory outcomes for investor protection and market integrity that are the same as or consistent with those required in traditional financial markets.

Regulatory agencies should require crypto asset service providers to have effective governance and organizational arrangements commensurate with their activities, including systems, policies, and procedures. Regulatory agencies should require crypto asset service providers to have systems and procedures in place and disclose relevant systems and procedures to clients and potential clients. In the trading process, fair and prompt execution of all client orders should be provided on a non-discriminatory basis, with accurate recording of order information, while limiting the pre-execution of client orders.

Regulatory agencies should require crypto asset service providers operating markets or acting as intermediaries (directly or indirectly representing clients) to provide pre-trade and post-trade disclosures in the same form and manner as required in traditional financial markets or achieve similar regulatory outcomes consistent with those required in traditional financial markets. Regulatory agencies should require crypto asset service providers to establish, maintain, and appropriately disclose to the public the standards used for their systems and procedures for the issuance, trading, and clearing of crypto assets, especially the substantive and procedural standards for making such decisions. Regulatory agencies should require crypto asset service providers to manage and mitigate conflicts of interest surrounding the issuance, trading, and listing of crypto assets. Regulatory agencies should take enforcement actions against illegal activities involving fraud and market abuse in the crypto asset market, while considering the extent to which these activities are not covered by existing regulatory frameworks. These illegal activities should encompass all relevant fraudulent and abusive behaviors, such as market manipulation, insider trading, illegal disclosure of insider information, making false or misleading statements, misappropriation of funds, money laundering, and terrorism financing.

Regulatory agencies should have market oversight requirements applicable to each crypto asset service provider to effectively mitigate the risk of market abuse. Regulatory agencies should require crypto asset service providers to establish management systems, policies, and procedures concerning significant non-public information, including information on whether relevant crypto assets are permitted to be listed or traded on their platforms, as well as information related to client orders, trade execution, and personal identity.

Regulatory agencies recognize the cross-border nature of crypto asset issuance, trading, and other activities and should be capable of sharing information and cooperating with regulatory agencies and relevant authorities in other jurisdictions regarding such activities. This includes establishing available cooperative arrangements and other mechanisms with regulatory agencies and relevant authorities in other jurisdictions. These measures should adapt to the authorization and ongoing supervision of regulated crypto asset service providers and provide extensive assistance in enforcement investigations and related litigation.

When considering the applicability of existing frameworks or new frameworks, regulatory agencies should apply IOSCO's recommendations on the protection of client assets, which apply to crypto asset service providers holding or safeguarding client assets. Regulatory agencies should require crypto asset service providers to place client assets in trust or otherwise segregate them from the proprietary assets of the crypto asset service provider.

Regulatory agencies should require crypto asset service providers to disclose to clients in clear, concise, and non-technical language the following: 1. The manner in which client assets are held and the arrangements for protecting those assets and their private keys; 2. The use (if any) of independent custodians, sub-custodians, or related party custodians; 3. The extent to which client assets are aggregated or pooled in omnibus client accounts, the rights of individual clients to aggregated or pooled assets, and the risk of loss arising from any aggregation or pooling activities; 4. The risks associated with the direct or indirect handling or transfer of client assets by the crypto asset service provider; 5. Complete and accurate information regarding the obligations and responsibilities of the crypto asset service provider in using client assets and private keys, including its return terms and the risks involved.

Regulatory agencies should require crypto asset service providers to have their own systems, policies, and procedures in place to conduct regular and frequent reconciliations of client assets under appropriate independent assurance. Regulatory agencies should require crypto asset service providers to adopt appropriate systems, policies, and procedures to reduce the risk of client assets being lost, stolen, or inaccessible.

Regulatory agencies should require crypto asset service providers to disclose all significant sources of operational and technical risks in a clear, concise, and non-technical manner and have an appropriate risk management framework (e.g., personnel, processes, systems, and controls) to manage and mitigate such risks. Regulatory agencies should require crypto asset service providers to implement appropriate systems, policies, and procedures to disclose information related to new clients and incorporate this as part of ongoing services to existing clients. This also includes assessing the appropriateness and suitability of specific crypto asset products and services provided to each retail client.

The report highlights the urgent need for the crypto policy industry to establish a global regulatory framework and the grand blueprint drawn by IOSCO. "IOSCO's new blueprint will drive global regulatory mechanisms towards a more coordinated system," "will promote the globalization and consistency of crypto asset regulation," and "stimulate investment and development in the crypto asset industry." However, the report ultimately represents only a step towards establishing a global regulatory framework and does not imply that the task is complete. Although IOSCO's report shares a certain degree of consistency with the crypto asset regulatory systems of the European Union and the United States, and these principles and recommendations were developed in consensus with member organizations such as the U.S. Securities and Exchange Commission and the Commodity Futures Trading Commission, the lack of authority for IOSCO to compel national regulatory agencies to adopt these rules and recommendations poses a significant challenge in achieving the leap from theory to practice.

References: [1] IOSCO. (2014). Securities Market Risk Outlook 2014-15 [2] IOSCO. (2013). Principles for Financial Benchmarks (Final Report) [3] IOSCO. (2013). Cyber-Crime, Securities Markets and Systemic Risk [4] IOSCO. (2018). Guidance Regulation of Crypto Asset Activities in ADGM [5] IOSCO. (2019). Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms [6] IOSCO. (2019). Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms (Consultation Report) [7] IOSCO. (2020). Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms (Final Report) [8] IOSCO. (2020). Investor Education on Crypto-Assets (Final Report) [9] IOSCO. (2022). Crypto-Asset Roadmap for 2022-2023 [10] IOSCO. (2023). Policy Recommendations for Crypto and Digital Asset Markets (Consultation Report)

Regulatory Dynamics at Home and Abroad

Record domestic and international blockchain regulatory provisions, track global regulatory trends.

Topic or theme

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.