The Financial Services Regulatory Authority (FSRA), the financial regulator of Abu Dhabi Global Markets (a financial freezone in Abu Dhabi) (ADGM) published on 25th June, 2018, the Regulation of Crypto Asset Activities (the Regulations) under section 15(2) of the Financial Services and Market Regulations, 2015 (FSMR). These Regulations introduce a new regulated activity, namely ‘Operating a Crypto Asset Business’ (the Regulated Activity) pursuant to which, an entity may set up Crypto Asset Exchanges, act as Crypto Asset Custodians or intermediaries engaged in Crypto Asset activities in or from ADGM. It is important to note that the Regulations do not apply to Initial Coin Offerings and mining of crypto assets. To understand the formalities governing the Regulated Activity, it is important to read the Regulations together with the existing ADGM legal framework including, but not limited to the FSMR and the FSRA Conduct of Business Rules (COBS).
This article provides a summary of the procedures required in order to obtain a license to carry out the Regulated Activity.
The Regulations refer to the existing procedure set out under the FSMR. Pursuant to the FSMR, an entity must obtain a Financial Services Permission (FSP) from the FSRA in order to carry out the Regulated activity in ADGM (the Authorised Person). Alternatively, if an existing Authorised Person is desirous to carry out the Regulated Activity, such Authorised Person may apply to the FSRA to extend the scope of its FSP to include the carrying out of the Regulated Activity. When deciding on whether or not to grant the FSP to carry out the Regulated Activity, the FSRA will consider if the crypto assets that will be transacted in the proposed businesses are ‘Accepted Crypto Assets’. A decision on whether a crypto asset will be an ‘Accepted Crypto Asset’ will be determined by the FSRA in its discretion. In making such determination, the FSRA bears in mind various factors such as the market capitalisation threshold in respect of a crypto asset (which must be in excess of USD 4billion). Other factors include: security risks associated with the crypto assets, traceability and monitoring and market demand.
The Regulations also highlight capital requirements that need to be met in order to carry out the Regulated Activity. Given the risks and volatility in the crypto asset sector (as discussed below), an Authorised Person must meet the strict capital requirements which are set out in the Market Infrastructure Rules (MIR). In accordance with the MIR, an Authorised Person must hold an amount equal to twelve (12) months’ operational expenses (including a buffer based on six (6) months operational expenses unless the FSRA directs otherwise). It is common for the FSRA to only require Crypto Asset Exchanges to hold the said buffer. In other words, the riskier the FSRA considers an Authorised Person’s business to be, the higher the capital requirements will be prescribed for such Authorised Person.
Risks associated with Crypto Asset Activities
A person who is granted a FSP to carry out the Regulated Activity or a person who amends their FSP to be able to carry out the Regulated Activity will be classified in the Regulations as an OCAB Holder. An OCAB Holder is required to comply with the existing guidance set out by the FSRA in order to combat various risks and threats that FSRA associates with the crypto asset ecosystem. Unlike fiat currency, crypto assets can be created, stored and transferred without the need of a third party and as such, they are vulnerable to financial crime and other risks.
Regulatory Requirements relating to Anti-Money Laundering (AML) Compliance
In particular, due to the greater anonymity and segmentation through a decentralised system together with its global reach, the FSRA is of the view that crypto assets require a more robust regulatory framework to ensure compliance with AML and combating financial terrorism requirements. In doing so, the FSRA has recommended that OCAB Holders adopt a risk-based approach whereby they understand the general risks associated with their activities and allocate appropriate resources to mitigate those risks. OCAB Holders are encouraged to carry out a proper risk-based assessment on a periodic basis to ensure their protective measures and policies are monitored and updated regularly. OCAB Holders are required to have in place written procedures and policies evidencing their efforts to comply with the regulatory framework. Further, in the event that OCAB Holders have relationships with foreign correspondent financial institutions, such OCAB Holders are required to satisfy the regulations set out in the jurisdictions from which such foreign institutions operate. These requirements under the Regulations will practically result in the extensive due diligence being carried out on clients (including ultimate beneficial owners). In addition to extensive client due diligence, OCAB Holders are required to have in place proper KYC procedures to enable them to: (a) rate their clients, (b) identify risk levels associated with such clients; and (c) adopt appropriate preventive measures. To this end, the FSRA acknowledges that OCAB Holders may have to adopt advanced technologies such as, biometric scans to mitigate identified risks. However, in doing so, it is recommended that caution is exercised to ensure that implementation of such procedures does not compromise compliance with the regulatory requirements in any way. Related to this, OCAB Holders are also required to implement an appropriate governance structure especially in relation to information technology being used to ensure the same is maintained and updated regularly. As part of its governance structure, OCAB Holders must appoint a Money Laundering Reporting Officer who will be responsible for implementing overviewing the OCAB Holder’s compliance with AML rules. Such an officer must be independent and have a senior position with the OCAB Holder to ensure he/she completes the task effectively.
Another important requirement is related to reporting obligations. OCAB Holders must familiarise themselves with reporting requirements set out under the existing AML rules. In particular, OCAB Holders are encouraged to report suspicious activities or transactions to the FSRA. Further to this, record keeping is key in ensuring compliance. A welcome development is that OCAB Holders are allowed to use blockchain technology to store data and provide the same to the FSRA whenever required. Where transactions of OCAB Holders involve cash (fiat currency), higher reporting and recording standards are expected.
Technological Governance and Controls
As mentioned above, OCAB Holders are required to ensure technology governance and controls. To this end, the Regulations impose an obligation on OCAB Holders to establish and maintain systems and controls to ensure that the affairs of OCAB Holders are properly monitored and are compliant with existing regulations. When establishing its systems and controls, OCAB Holders should focus on crypto asset wallets, private keys, origin and destination of crypto asset funds, security and risk management. Additionally, regular maintenance and development of systems is crucial and OCAB Holders are advised to conduct an external audit of their core systems annually. Amongst other recommendations, the implementation of strong layers of security have been recommended to avoid ‘single points of failure’.
Another key recommendation in the Regulations is the requirement of crypto asset risk disclosures. In essence, OCAB Holders are required to, prior to entering into transactions, disclose all material risks to their clients in a clear and effective manner. A non-exhaustive list of risks are set out in the COBS, however, these risks relate to OCAB Holders’ products, services and activities thus OCAB Holders are expected to prepare and provide to their clients, detailed material risks with respect to crypto assets.
Additional Requirements applicable to Crypto Asset Exchanges
Although the above requirements are applicable to all activities that fall under the umbrella of the Regulated Activity, due to the high level of risks and volatility associated with Crypto Asset Exchanges, the Regulations impose the same high level of regulatory standard on Crypto Asset Exchanges as it does on Recognised Investments Exchanges. As such, certain provisions set out in the MIR are also applicable to Crypto Asset Exchanges. An important requirement in this case is the reporting of transaction details on their platforms to the FSRA on a real-time and batch basis.
Moreover, the FSRA requires a Crypto Asset Exchange to employ an expert who is capable of undertaking extensive due diligence and testing of its operational systems with the results of such due diligences to be submitted to the FSRA for their review. This report must identify potential areas of failure and accordingly, the Crypto Asset Exchange is expected to implement policies and procedures to evidence how it will effectively address the identified failures. Other salient requirements relate to surveillance to market misconduct and financial crime to identify significant risks relating to market misconduct and financial crime. Crypto Asset Exchanges are also required to promote fair and orderly trading across the market and in doing so, must make relevant information, such as trading information, available to the public.
Additional Requirements applicable to Crypto Asset Custodians
Another interesting activity that has been introduced as part of the Regulated Activity is Crypto Asset Custodians. These entities hold crypto assets on behalf of clients through a crypto asset wallet. In this regard, it is important to note that Crypto Asset Exchanges can also be Crypto Asset Custodians if client’s wallets are held by them provided always that the FSP also allows them to act as Crypto Asset Custodians. An alternative structure could be where Crypto Asset Exchanges employ third party Crypto Asset Custodians to hold the aforesaid wallets.
With a focus on protection of client money (this refers to fiat currency), Crypto Asset Custodians must comply with relevant Client Money Rules established under the COBS and in particular, are required to reconcile client money at least once every week. Similarly, Crypto Asset Custodians are also expected to comply with the requirements set out under the COBS relating to Client Investments and Safe Custody. This is applicable to holding of crypto assets in a client’s wallet either on the Crypto Asset Exchange itself or with a third party Crypto Asset Custodian. As a result of this, Crypto Asset Custodians are required to send out monthly statements to retail clients as well as reconcile crypto asset holdings weekly.
International Tax Compliance
The Regulations also highlight international tax obligations that OCAB Holders should be aware of. The COBS require OCAB Holders to comply with applicable tax reporting obligations under Foreign Account Tax Compliance Act and the ADGM Common Reporting Standards Regulations 2017.
Lastly, the Regulations provide a summary of fees payable to the FSRA for applying and operating with a Regulated Activity license in ADGM. The fees are dependent on the form of crypto asset activity that an entity proposes to carry out. In the case of a Crypto Asset Exchange, the initial authorisation fee is USD 125,000 together with an annual supervision fee of USD 60,000 whereas in the case of all other activities forming part of the Regulated Activity, the fees are USD 20,000 and USD 15,000, respectively. It should also be noted that in the event that an OCAB Holder is carrying out more than one crypto asset activity such as an exchange as well as a custodian, fees for both activities will be calculated on a cumulative basis. Similar to increased regulatory control, Crypto Asset Exchanges are also required to pay higher fees. Crypto Asset Exchanges must pay a monthly trading levy (in USD) which is calculated on a sliding scale based on average daily value.
The ADGM has been quick to identify the growing trend of crypto assets. The Regulations introduce the Regulated Activity and help to widen the scope of existing ADGM regulations to create a robust framework. The FSRA has identified key risks and areas of concern in relation to crypto assets and recommended appropriate preventive measures. Not only has this provided clarification on the status of crypto assets in ADGM, but this has also shown ADGM’s attempt to boost the economy. Having said that, since the Regulations have been published so recently, we cannot comment on how the Regulations will be used and implemented. Nevertheless, with the FSRA being the first regulator to formally introduce detailed regulations in this sector, it is clear that ADGM is using all its efforts to create a booming crypto asset eco-system.