Initial Exchange Offering (IEO) and Digital Asset Custody (DAC) are now regulated by the securities commission Malaysia

With the advent of innovation in technology, the Securities Commission Malaysia (“SC”) notes a growing interest in the use cases of blockchain, blockchain-based digital assets and investing in such digital assets, both domestically and globally. In line with the SC’s mandate to promote the development of the capital markets, the SC seeks to develop a regulatory framework that will balance promoting innovation with ensuring proper safeguards to protect the integrity of the capital markets and investors’ interest. Further to the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 which came into force on 15 January 2019 and the revised Guidelines on Recognised Markets to incorporate a new chapter setting out the requirements for electronic platforms that facilitate the trading of digital assets on 31 January 2019, the SC has on 28 October 2020 issued the Guidelines on Digital Assets (“GoDA”) pursuant to section 377 of the Capital Markets and Services Act 2007 (“CMSA”). Any issuance or offerings of digital tokens in Malaysia shall be registered with the SC and shall comply with amongst others, the GoDA and other relevant laws and guidelines including payment services and foreign exchange administration laws administered by the Bank Negara Malaysia (“BNM”). In line with digital currencies and digital tokens being prescribed as securities, the GoDA sets out the requirements relating to fundraising activity through digital token offering, operationalisation of initial exchange offering (“IEO”) platform and provision of digital asset custody. Notwithstanding anything in the GoDA, digital currencies and digital tokens are not recognised as a legal tender nor as a form of payment instrument that is regulated by BNM. The GoDA will apply to: (i) all issuers seeking to raise funds through digital token offering (“Issuer”); (ii) all persons intending to operate an IEO platform (“IEO Operator”); and (iii) digital asset custodian, who provides safekeeping, storing, holding or maintaining custody of digital assets for the account of another person (“DAC”). We set out below the sub-headings of the contents for your reference: 1. Eligibility, Requirement and Criteria for Application 2. Safeguard Measures to Protect Investors’ Interest 3. Limitation of Initial Exchange Offering 4. Conclusion © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. ELIGIBILITY, REQUIREMENT AND CRITERIA FOR APPLICATION DESCRIPTION ELIGIBILITY FINANCIAL REQUIREMENT IEO OPERATOR ISSUER DAC Must be a Malaysian-incorporated company. Minimum paid-up capital of RM5,000,000. Issuer (other than an LLP) – (i) minimum paid-up capital of RM500,000; and (ii) shareholders' fund of RM500,000 maintained at all times. Issuer (a LLP) – (i) minimum capital of RM500,000 maintained at all times. Minimum paid-up capital of RM500,000 and shareholders' fund of RM500,000 maintained at all times. Must: (i) be a Malaysian-incorporated company or a limited liability partnership (“LLP”) (excluding exempt private and public listed companies); (ii) have its main business operations carried out in Malaysia; and (iii) only raise fund through IEO and not through other means. A DAC can be either local or foreign custodian. For foreign DAC, the applicant must also satisfy the SC that: (i) the applicant is authorized to operate or carry out an activity of a similar nature in the foreign jurisdiction; (ii) the applicant is from a comparable jurisdiction; and (iii) it is in the best interest of Malaysia to register the foreign digital asset custodian. © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. REQUIREMENTS IN RELATION TO DIRECTORS, SENIOR MANAGEMENT AND RESPONSIBLE PERSON Criteria for registration Satisfaction to the SC that: (i) the applicant can carry out its obligations as set out in GoDA; (ii) the appointment of at least one (1) responsible person; (iii) the applicant will be able to manage risks associated with its business and operation; (iv) the applicant has sufficient financial, human and other resources for its operation at all times; and (v) the applicant has appropriate security arrangements. Independent Director For public companies, the applicant must have at least one (1) independent director. Directors and Senior Management All members of the board of directors and senior management must be fit and proper and are suitably qualified. Responsible Person (i) The applicant must have at least one Directors and Senior Management (i) The Issuers’ board of directors must at all times have at least two (2) directors whose principal or only place of residence is in Malaysia; and (ii) The directors and senior management are fit and proper. Criteria for registration Satisfaction to the SC that: (i) the applicant will be able to carry out its obligations as set out in GoDA; (ii) the appointment of at least one (1) responsible person; (iii) the applicant will be able to manage risks associated with its business and operation; (iv) the applicant has sufficient financial, human and other resources for its operation at all times; and (v) the applicant has appropriate security arrangements. Directors and Senior Management All members of the board of directors and senior management must be fit and proper and are suitably qualified. Responsible Person (i) The applicant must have at least one (1) responsible person whom shall: a) be appointed from the applicant’s senior management; DESCRIPTION IEO OPERATOR ISSUER DAC © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. ELIGIBILITY, REQUIREMENT AND CRITERIA FOR APPLICATION APPLICATION Submission of Application To submit the relevant forms and documents to the SC. In compliance with obligations imposed by GoDA and SC The applicant and the applicant’s senior management and board of directors shall comply with the obligations imposed by GoDA and the SC. Submission of White paper To furnish the white paper to the IEO Operator for approval and furnish it to the SC in the manner and form as specified by the SC. The white paper shall contain such information that would enable an investor to make an informed assessment of the digital token before subscribing, including amongst others, the material information of the Issuer, the underlying business or project referred for which the Issuer seeks to raise fund (“IEO Project”), key Submission of Application To submit the relevant forms and documents to the SC. In compliance with obligations imposed by GoDA and SC The applicant and the applicant’s senior management, board of directors and chief executive shall comply with the obligations imposed by GoDA and the SC. DESCRIPTION IEO OPERATOR ISSUER DAC © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. (1) responsible person whom shall: a) be appointed from the applicant’s senior management; b) have a minimum of five (5) years’ experience in carrying out due diligence, assessment on business proposals and fundraising or any other relevant experience; and c) be a fit and proper person. (ii) The responsible person shall undertake the role of the main contact person to liaise and perform any duty as may be directed by the SC. b) have a minimum of five (5) years’ of relevant industry experience or expertise; and c) be a fit and proper person. ELIGIBILITY, REQUIREMENT AND CRITERIA FOR APPLICATION DESCRIPTION IEO OPERATOR ISSUER DAC ELIGIBILITY, REQUIREMENT AND CRITERIA FOR APPLICATION © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. characteristics of the digital token, business plan, targeted amount to raised and information on the utilization of proceeds. Innovative Solution or Meaningful Digital Value Proposition The IEO Project is required to provide an innovative solution or a meaningful digital value proposition for Malaysia, i.e. (i) provides a solution or addresses an existing market need or problem; or (ii) improves the efficiency of an existing process or service undertaken by the Issuer or the industry. DESCRIPTION IEO OPERATOR ISSUER SAFEGUARD MEASURES TO PROTECT INVESTORS’ INTEREST © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. SAFEGUARD MEASURES Evaluation of digital token offering by the Issuer For proper evaluation of the IEO Project by the Issuer, the IEO Operator is required: (i) to carry out due diligence and critical assessment on an Issuer, including the business, fit and properness of the Issuer’s directors and senior management and the features of the digital tokens to be issued; (ii) to exercise its own judgment and critical assessment on the Issuer’s compliance with the requirements under GoDA, including as to whether the Issuer will be able to provide an innovative solution or meaningful digital value proposition for Malaysia; and (iii) to assess the Issuer’s white paper to ensure the contents meet the requirements under the GoDA. Risk Management The IEO Operator must identify and manage any risks associated with its business and operations and to put in place a business continuity plan that addresses events posing a Cooling-off right An Issuer shall provide to the investors a cooling-off right where the investor shall be entitled to a refund of the investment made in respect of an Issuer’s digital tokens. The cooling off period must not be fewer than six (6) business days commencing from the closing date of the offer period. White paper An Issuer shall furnish a white paper for IEO Operator’s approval and furnish it to the SC and this shall serve as a disclosure document to the investors to assess the merits of the digital token before subscribing for the same. This is akin to the prospectus/information memorandum in a traditional security offering. Utilisation of the proceeds All monies collected from the investor in respect of an Issuer’s IEO Project will subject to the purposes and utilisation stated in the white paper. There shall be no changes to the utilization of proceeds post issuance of Conduct requirements A DAC will be required to: (i) to establish and maintain a sufficiently and verifiably secured storage medium designated to store its clients’ digital tokens; (ii) to put in place effective policies and procedure to safeguard key generation and management; (iii) to put in place an effective security mechanism for the digital tokens; (iv) to ensure proper segregation of clients’ digital tokens; and (v) to ensure all transactional records of clients’ digital tokens are up-to- date at all times. Risk management A DAC must establish a risk management framework to identify, assess, monitor, control and report all material risks to which the DAC could be exposed to and to carry out periodic reviews, audits and testing on systems, operational policies, procedures, and controls relating to risk DAC © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. significant risk of disrupting operations and to carry out periodic reviews, audits and testing on its systems, operational policies, procedures and controls relating to risk management and its business continuity plan. Internal Audit An IEO Operator must establish an internal audit function to develop, implement and maintain an appropriate internal audit framework which commensurate with its business Conflict of Interest Management An IEO Operator is subject to disclosure requirements and prohibitions in the GoDA in relation to conflict of interest management. Trust account Any investment in respect of an Issuer’s digital tokens on the IEO platform will be placed directly into a separate trust account and such funds shall continue to be placed in the trust account pending completion of the Issuer’s IEO project. digital tokens unless prior approval of the token holders representing 75% of the total amount of tokens held by all token holders present and voting has been obtained. Reporting and Audit Requirement An Issuer shall prepare and publish on the IEO Platform, an annual report and semiannual report which contain the necessary information that enables token holders to evaluate the performance of the Issuer which includes the following: (i) the total amount of digital tokens issued and in circulation; (ii) the status of the utilization of the digital token’s proceeds by the Issuer; (iii) the status of the IEO Project; and (iv) audited financial statements for the latest financial year. Marketing and Promotion Requirement All information disseminated for marketing or promotion shall be consistent with the contents of the Issuer’s white paper and appropriately displayed. An IEO Operator (and not any other third-party individual or management and its business continuity plan. Conflict of interest management A DAC must give priority to clients’ interest if there is a conflict of interest and establish policies and procedures to identify, monitor, mitigates and manages situations which may give rise to such situations as well as to disclose any conflict or potential conflict of interest. Internal Audit A DAC must perform internal audit checks on its operations regularly and put in place an internal audit framework. Outsourcing A DAC must select an appropriate and efficient service provider for its outsourcing arrangement. Functions that involves (i) the decision-making functions of the DAC; or (ii) any interaction or direct contact with the DAC or token holders are not allowed to be outsourced. SAFEGUARD MEASURES TO PROTECT INVESTORS’ INTEREST DESCRIPTION IEO OPERATOR ISSUER DAC © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. Besides, all funds collected will only be released to the Issuer if the targeted amount sought to be raised has been met and that there is no material change relating to the IEO or Issuer during the offer period. Register of initial token holders An IEO Operator is required to maintain a register of initial token holders who subscribed for digital tokens during the offer period. Outsourcing An IEO Operator must select an appropriate and efficient service provider for its outsourcing arrangement. Functions that involves (i) the decision-making functions of the IEO Operator; or (ii) any interaction or direct contact with the IEO Issuer or token holders are not allowed to be outsourced. entity) is allowed to enforce or represent the Issuer with the intended purpose of marketing, promoting, gaining publicity or soliciting funds for the Issuer’s IEO. SAFEGUARD MEASURES TO PROTECT INVESTORS’ INTEREST DESCRIPTION IEO OPERATOR ISSUER DAC Any IEO Operator who wishes to facilitate the trading of digital tokens on its platform must also be registered as a DAX operator under the Guidelines on Recognised Market. LIMITATION OF INITIAL EXCHANGE OFFERING Any Issuer who is interested to offer digital tokens via the IEO platform shall take note of the following restrictions: © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. (i) Sophisticated investors (as defined under Part I of Schedule 6 and 7 of the CMSA 2007) – no restriction on investment amount; (ii) Angel investors (i.e. high net worth individuals who are Malaysian tax residents) – a maximum sum of RM500,000 within any 12 months period; and (iii) Retail investors – RM2,000 per Issuer with a total investment limit of not exceeding RM20,000 within any 12 months period. A Investment Limits Upon issuance of the digital token: the Issuers’ directors and senior management must, in aggregate, own at least 50% equity holding in the Issuer. Post issuance of the digital token: the Issuers’ directors and senior management may sell, transfer or assign not more than 50% of their respective initial equity holding until the completion of the IEO Project. B Moratorium requirements The maximum fund that an Issuer is permitted to raise is twenty (20) times of its shareholders’ funds or capital funds (in the case of a LLP) in any 12-month period, subject to a ceiling of RM100 million. C Limit of Fund Raised All digital tokens which serve as a payment instrument may only be used in exchange of the Issuer’s goods and services as disclosed in the white paper approved by the IEO Operator. D Closed loop system All Issuers are not allowed to be hosted concurrently on multiple IEO platforms or an equity crowdfunding or P2P platform. E Hosting on other platforms Trading of digital tokens on a secondary market F © Gan, Lee & Tan. All rights reserved. DISCLAIMER: The view expressed in this article is intended to provide a general guide to the subject matter as at the date of publication and does not constitute professional legal advice nor do they give rise to any solicitor-client relationship between the reader and our Firm. If you require any legal advice, please seek professional help. CONCLUSION In contrast to initial coin offerings (ICO) where tokens are sold directly to investors which was largely unregulated in the past and causing undesired problems of scams and fraud, the GoDA facilitates the SC’s objectives in promoting responsible innovation in digital asset space while at the same time managing emerging risks and safeguarding the interests of Issuers and investors. “This initiative aligned with Malaysia’s Shared Prosperity Vision 2030 aspiration to create 30% high technology Malaysian companies” said Datuk Syed Zaid Albar, the chairman of the SC. The members of the public are reminded that operating, issuing or distributing digital tokens without obtaining registration or authorization from the SC is an offence and you may be liable, on conviction, to a fine not exceeding ten million-ringgit (RM10,000) or imprisonment for a term not exceeding ten (10) years or both. Any parties interested to be a registered IEO Operator or DAC may start applying to the SC before the deadline set on 15 February 2021. For more information about the IEO Operator or DAC, you may visit the SC website on www.sc.com.my/regulation/guidelines/digital-assets.