The International Organization of Securities Commissions (IOSCO) has released a set of policy recommendations to regulators across the world concerning the regulation of market integrity and investor protection issues in crypto markets.

IOSCO is a body that sets global standards for securities markets regulation, and its new consultation paper seeks to address key issues and risks associated with activities undertaken by crypto-asset service providers (CASPs) in the lifecycle of crypto products, including offering, admission to trading, ongoing trading, settlement, market surveillance, custody, and marketing and distribution to retail investors.

Australia’s financial services regulator, the Australian Securities & Investments Commission (ASIC) is a member of IOSCO. Therefore, we expect that these policy recommendations may shape future policy and enforcement of the financial services regime in Australia in relation to crypto products, especially to the extent that these recommendations are not already being carried out by ASIC through Australia’s financial services regime.

In this update, we provide a brief overview of each of IOSCO’s 18 recommendations made in its consultation paper.

IOSCO’s recommendations are open to responses from stakeholders until 31 July 2023, with a view to finalise the recommendations in early Q4 of this year.


Broadly, IOSCO’s recommendations cover six areas:

  • conflicts of interest arising from vertical integration of activities and functions;
  • market manipulation, insider trading and fraud;
  • cross-border risks and regulatory cooperation;
  • custody and client asset protection;
  • operational and technological risk; and
  • retail access, suitability and distribution.

Recommendation 1: leveling the playing field between crypto and traditional financial markets

IOSCO’s recommendations are based on its standards required in relation to traditional financial markets, and its approach is informed by a mapping of those standards onto the crypto market. As such, IOSCO’s first, overarching recommendation to regulators like ASIC is that it should seek regulatory outcomes commensurate with those required in traditional financial markets. This ensures a level playing field and helps to reduce regulatory arbitrage.

This approach is consistent with the approach taken so far in Australia, as seen in Treasury’s ‘Token Mapping’ consultation paper released earlier in the year, which set out a proposed approach to regulate crypto markets using the existing financial services regulatory framework. IOSCO’s approach is also consistent with the UK Treasury’s regulatory approach of ‘same risk, same regulatory outcome’, as set out in its own consultation paper – also released earlier in the year.

We provide a brief summary of each of IOSCO’s recommendations below.

Conflicts of interest

Recommendation 2: organisational governance

Regulators should require CASPs to have effective governance and organisational requirements to mitigate conflicts of interest where functions are vertically integrated. This means that where a CASP is vertically integrated and engages in multiple functions such as exchange trading, brokerage, market-making, margin trading, custody, and settlement, it should have effective governance and organisational requirements in place to mitigate conflicts of interest.

Recommendation 3: disclosure requirements for vertically integrated CASPs

Where a CASP is vertically integrated and provides multiple functions, regulators should require it to accurately disclose to its clients the precise activities and functions it provides and the capacity in which it carries out each activity.

Recommendation 4: order handling

Where a CASP is operating as a broker or dealer, regulators should require it to have systems, policies and procedures in place to address and mitigate conflicts of interests arising between clients’ orders and its own or related party transactions. Where a CASP is operating as a trading venue, it should have resilient systems to effectively support the operation of a central limit order book in a fair, orderly and transparent manner.

Recommendation 5: trade disclosures

Regulators should require CASPs to make transparent trade disclosures that promote price discovery and competition.

Recommendation 6: admission to trading

Regulators should require CASPs to disclose to the public its standards in relation to systems, policies, and procedures involved in the listing and delisting of crypto assets on the market.

Recommendation 7: conflicts in issuance, trading, and listing

Regulators should require CASPs to manage and mitigate conflicts around the issuance, trading and listing of crypto assets. This includes where the CASP or an affiliated entity has a material interest in the crypto asset. In such circumstances, the prohibition of trading these assets by the CASP may be required.

Market abuse

Recommendations 8-10 set out the requirements of establishing effective systems and controls to identify and monitor for manipulative market practices, such as pyramid and ‘pump and dump’ schemes, and wash-trading, front-running, and money laundering/terrorist financing activities.

Recommendation 8: enforcement action against market abuse

Regulators should bring enforcement actions against market abuse activity in crypto markets and consider the extent to which market abuse activities in crypto markets are not covered by existing regulatory frameworks.

Recommendation 9: market surveillance

Regulators should have market surveillance requirements applying to each CASP.

Recommendation 10: non-public information

Regulators should require CASPs to have systems, policies and procedures around the management of material non-public information.

Recommendation 11: enhanced cross-border corporation

Regulators across the world should have arrangements and systems in place to share information and co-operate with other regulators in relation to the supervision and regulation of CASPs, crypto-asset activities and enforcement investigations.


Recommendations 12-16 address custody-related risks in relation to crypto assets, including how client moneys and assets are held, transferred and mixed.

Recommendation 12: overarching custody recommendation

Regulators should apply the IOSCO Recommendations Regarding the Protection of Client Assets when considering the application of existing or new frameworks to regulate CASPs that hold client moneys and assets.

Recommendation 13: handling of client assets

Regulators should require CASPs to place client assets in trust, or otherwise segregate them from the CASP’s proprietary assets.

Recommendation 14: disclosure of custody arrangements

Regulators should require CASPs to disclose in clear, concise, and non-technical language to clients information relating to custody and safekeeping arrangements.

Recommendation 15: reconciliation of client assets

Regulators should require CASPs to have systems, policies and procedures in place to conduct regular and frequent reconciliation of client assets, including independent auditing.

Recommendation 16: securing client assets

Regulators should require CASPs to adopt appropriate systems, policies and procedures to mitigate the risk of loss, theft or inaccessibility of client assets.

Operational and technological risks, retail distribution and additional guidance

Recommendation 17: operational and technological risks

Under Recommendation 17, regulators should require CASPs to comply with requirements relating to operational and technology risk, including disclosure of all material sources of operational risks and having appropriate risk management frameworks in people, processes, systems and controls.

Recommendation 18: retail distribution

Under Recommendation 18, regulators should require CASPs to implement adequate systems, policies, procedures and disclosures in relation to marketing to and engaging retail clients. This includes assessing the appropriateness or suitability of particular crypto-asset products and services offered to retail clients.

Guidance on stablecoins

Finally, IOSCO also includes some additional guidance in chapter 10 of its paper, in relation to stablecoins. It includes additional guidance about the application of some of its recommendations outlined above to address the unique issues, risks and conflicts associated with stablecoins.

IOSCO’s recommendations do not cover activities, products, or services associated with decentralised finance (DeFi). IOSCO’s Fintech Task Force is planning to publish a separate consultation paper with proposed recommendations in relation to DeFi within the next few months.

IOSCO’s recommendations are open to responses from stakeholders until 31 July 2023.