The Department of Treasury has kicked off an inquiry into regulating cryptocurrency exchange businesses.
The consultation was foreshadowed by minister for superannuation, financial services and the digital economy Jane Hume in her address to the Blockchain Australia conference.
The government first said it would consult on regulating cryptocurrency exchanges – or, as the consultation paper [pdf] identifies them, “crypto asset secondary service providers (CASSPrs)" – in December last year.
The aim of regulation is to minimise consumer risks using CASSPrs by making them subject minimum standards of conduct, and by preventing criminals and their associates from “owning or controlling” them.
The government also wants to provide “regulatory certainty about the policy treatment of crypto assets and CASSPrs, and provide a signal to consumers to differentiate between high quality, operationally sound businesses, and those who are not.”
The consultation paper suggests explicit obligations be placed on cryptocurrency exchanges, similar to those that apply to financial institutions.
These would cover their behaviour, their technical and financial risk management, and legal compliance.
CASSPrs would also have to describe their assets honestly, avoid scammers using their platforms, undergo regular audits, and maintain “adequate custody arrangements”.
The consultation paper offers as regulatory options either regulation under the financial service regime, or industry self regulation.
Custody
The other key aspect of the consultation, mentioned by both Senator Hume and in an earlier speech to the same conference by Senator Andrew Bragg, covers custody requirements for CASSPrs.
Under the proposal, the CASSPr that has the customer relationship should be liable for safekeeping of “all crypto asset private keys in its care”, even if it outsources storage to a third party.
There are 11 obligations the consultation considers, covering segregation between consumers’ assets, financial and capital requirements, technical expertise, protection of customers’ keys from loss and unauthorised access, minimising risk in signing processes, both physical and cyber security practises (with independent verification of cyber security practices), redress and compensation schemes, and the use of third party custodians.
Responses are being sought until May 27.
.png&h=140&w=231&c=1&s=0)
Forrester Technology & Innovation APAC 2023
