The Israeli Capital Market, Insurance and Savings Authority (CMISA) recently published drafts of two important circulars regulating financial asset service providers, including provisions regarding protection of virtual currencies. The first circular addresses the obligations imposed on financial service providers to protect customers’ assets, including virtual currencies. The second circular supplements the first circular regarding protection of financial assets and is likely to require financial asset service providers to significantly increase their equity for the purpose of protecting customers’ financial assets.
The circulars’ goal is to define standard asset protection measures to ensure that financial service providers operate properly and safeguard their customers’ assets. Following are the key provisions of the new circular regarding the protection of financial assets:
1. Corporate governance
Service providers must define a clear division of responsibilities, roles, and authorities among their various functionaries in order to contend with the variety of risks inherent in protecting customers’ assets. The purpose of these provisions is to underscore the board of directors’ responsibility for customers’ assets and to ensure that service providers take action in a systematic and orderly manner that involves all their organs in the process.
2. Policy for protecting customers’ assets
Service providers must set clear, detailed, and orderly policies addressing all activities being performed when protecting customers’ assets in general and according to type of financial asset.
3. Provisions regarding the protection of customers’ financial assets
Financial service providers must protect customers’ assets in compliance with the provisions of all statutes, including the Trust Law and the Bailees Law. This provision is especially significant in the event a service provider becomes insolvent, since customers’ assets will not be deemed the service provider’s assets for the purpose of paying off its debts. This provision also clarifies the responsibilities imposed on service providers in instances of loss and prohibits them from evading this responsibility through contractual terms and conditions. The circular also stipulates provisions regarding separation of customers’ assets from service providers’ assets, in order to prevent service providers from using their customers’ assets for their own needs and from performing other irregular actions with customers’ funds.
4. Documenting assets and actions performed with customers’ assets
Service providers must document customers’ assets and the actions performed with them.
5. Representations and notices to customers
To increase the level of transparency vis-à-vis customers, the circular proposes to determine that service providers must enable their customers to simply and conveniently obtain information about their assets, both in terms of the mode of access and the times when access to information will be given.
6. Asset protection via outsourcing
The circular proposes to enable financial service providers to protect their customers’ assets through a third party (outsourcing), which will actually hold customers’ assets. However, all obligations prescribed by law, including the circular’s provisions, will apply to the service provider itself, even if a third party is carrying out the activity. On the other hand, outsourcing is a means for service providers to reduce the equity they must retain.
7. Provisions regarding the protection of virtual currencies
Protection of virtual currencies differs from protection of conventional financial assets. Inter alia, protection of virtual currencies exposes service providers to increased risks, such as cyberattacks and technological failures. Therefore, the CMISA proposes to impose additional provisions on crypto custodians:
a. Service providers must possess the expertise and technological means needed to protect virtual currencies.
b. Transactions using virtual currencies or transfers of virtual currencies from cold wallets to hot wallets and vice versa will require the approval of at least one additional officer of the financial service provider and the receipt of additional approvals according to the set policy.
c. Financial service providers will be able to engage with a crypto custodian via outsourcing for the purpose of protecting their customers’ virtual currencies.
d. Service providers seeking to protect their customers’ virtual currencies other than via outsourcing must fulfill criteria pertaining to experience and the degree of supervision applying to them.
Please note that in addition to increasing the material obligations to be imposed on financial service providers, which includes guarding customers’ assets, the CMISA also intends to significantly increase the equity that service providers will be required to retain to at least ILS 2 million for the guarding of conventional financial assets and to at least ILS 5 million for the guarding of virtual currencies. These sums will increase in parallel to the increase in service providers’ volume of activity and also according to the risk involved.
The circulars will come into effect within six months of the date of their publication. The CMISA is currently inviting the public to submit comments. The backdrop to these two circulars is the ongoing investigation and insolvency actions of the crypto custodian of Celsius assets, which caused a shock in the crypto industry and triggered another push to tighten crypto industry regulation.
Since the circulars will have practical repercussions on those engaging in the provision of financial asset services upon their publication, and since the drafts raise complicated questions regarding the scope of their application, we recommend entities operating in this sector take advantage of this window of opportunity and forward their comments to the CMISA by November 16.