The partner of GLT Law gives a local rundown to Visio Bloc (May 2019 issue).

by Edwin Lee

This is the unredacted version of the article that first appeared in Visio Bloc (May 2019:02) by RegTech Cube, the Centre of Excellence for Regulatory Technology (RegTech) at the Faculty of Law of the University of Malaya. It is a joint venture research project between the University of Malaya (UM), Quanta RegTech Capital (QRC) and Infinity Blockchain Holdings (IBH).

You can click on the link here to view the original article. Alternatively you can view it at the Asia Blockchain Review.

KPMG, one of the big four accounting firms, released a 42-page report in November 2018 where it identified the key challenges to the adoption of blockchain-powered crypto assets in the global financial services ecosystem.[1] While KPMG noted that “crypto-assets are now impossible to ignore”, they need institutionalization in order for crypto-assets to create trust and scale. Amongst the key challenges listed are regulatory compliance, forks, custody, accounting and tax implications.

2017 was the year where cryptocurrencies seemed to be moving towards becoming mainstream. More cryptocurrency exchanges are being set up to facilitate trading of cryptocurrencies and more projects are going for initial coin offerings (ICOs) to raise funds for their blockchain related projects. Following this, regulators around the world are finding ways to respond to the emergence of this new innovation. Some regulators had resorted to banning it altogether, while some had decided to put in regulations to strike a balance between protecting their monetary sovereignty, consumer protection and encouraging the development of such innovation.

Cryptocurrency exchanges are an important component of the cryptocurrency market. Without it, most people would not have a platform to trade in cryptocurrencies. In this article, we will examine the regulatory issues surrounding cryptocurrency exchanges, with a particular focus on how Malaysian regulator deals with it.

In Asia, Japan was the first country to regulate cryptocurrency exchanges. Under Japan’s Payment Services Act, cryptocurrency exchanges are legal if they are registered with the Financial Services Agency.[2] In South Korea, cryptocurrency exchanges are regulated by the Financial Supervisory Service and they are treated like banks in which they have to adhere to some of the strictest crypto laws in Asia.[3]

In Singapore, cryptocurrency exchanges will be regulated under the new Payment Services Act[4] once the new law is passed by the Parliament. The Hong Kong Securities and Futures Commission had also proposed a regulatory framework for cryptocurrency exchanges, requiring them to follow the same legal frameworks that apply to traditional financial services.[5]

In Malaysia, the Securities Commission (“SC”) had introduced a new legal framework to facilitate trading of cryptocurrencies (in the SC’s Guidelines on Recognized Markets (“Guidelines”), it is called “Digital Assets”) on electronic platforms (in the Guidelines, it is called “Digital Asset Exchange” (DAX)).[6]

If a DAX is operated, provided or maintained in Malaysia OR is located outside Malaysia but actively targets Malaysian investors, then such DAX is subject to the Guidelines and must apply to the SC for approval in order to operate in Malaysia by 1 March 2019. Since the application window has closed, anyone who wishes to operate a DAX that falls under this definition will have to wait for the next round of application (if any).

The SC has attempted to tackle the following regulatory issues through the Guidelines:

Local incorporation

In order for the SC to have jurisdictional power over a DAX, the SC requires all DAX operators to be locally incorporated and have a minimum paid up capital of RM 5 million. This is so as to ensure that the company will have sufficient funds to pay compensation (if they are sued by their users) or penalty (if they are fined by the regulator).

Fair trading

A DAX operator must:

  • ensure its DAX is operating in an orderly, fair and transparent manner;
  • have in place rules and procedures for the trading, clearing and settlement of Digital Assets on the DAX;
  • ensure that all disclosures are fair, clear and not misleading including risk warning statements and other qualifications to enable investors to have an accurate understanding of the associated risks; and
  • conduct real-time market surveillance.

Compliance as a key element 

The SC requires all DAX operators to put compliance as a core element in their business. Some of the compliance measures that a DAX operator should take would include having policies to deal with conflict of interest; trading operations; market transparency; market making and proprietary trading for liquidity.

Risk management

All DAX operators should put in place a risk management policy which covers IT systems, main business risks as well as cyber security management. In view of the large number of high-profile hacking incidents involving cryptocurrency exchanges, regulators also require cryptocurrency exchanges to build framework to identify and protect against hacking risks, and to detect, respond to and recover from such incidents. DAX operators must also put in a business continuity plan and internal audit policy.

Protection for investors’ monies

All DAX operators must also prepare a client’s asset protection policy and settlement and custody policy which set out transparent framework on monies handling arrangements, secure storage medium as well as processes to protect against risk of loss, theft or hacking.

Transparent and fair customer-facing process

All DAX operators must put in place clear and fair terms and conditions with investors and customers and publish risk warning statement that outlines the level of risk of the Digital Assets to users so that they are made aware of the risks involved.

Personal data and anti-money laundering protection

An important element of trading on cryptocurrency exchanges is whether users will be allowed to create anonymous accounts on their exchanges. Most regulators require that cryptocurrency exchanges to collect real identities of their users so as to comply with the data protection law. Regulators also note that there are significant money laundering and terrorism financing risks associated with trading of cryptocurrencies and as such, exchanges are required to develop and maintain a strong anti-money laundering and counter financing of terrorism (AML/CFT) program as part of their customer due diligence exercise.