4.6.1. Systems, controls and procedures

(1) A Digital Asset Service Provider must ensure that it implements systems and controls necessary to address the risks, including cybersecurity-related risks, to its business. The relevant systems and controls should take into account such factors that include the nature, scale and complexity of the Digital Asset Service Provider’s business, the diversity of its operations, the volume and size of its business and the level of risk inherent in its business.

(2) A Digital Asset Service Provider must have adequate systems and controls to enable it to calculate and monitor its capital resources and its compliance with the requirements in DAA 4.2. The systems and controls must be in writing and must be appropriate for the nature, scale and complexity of the Digital Asset Service Provider’s business and its risk profile.

(3) A Digital Asset Service Provider must employ appropriate and proportionate systems, resources, and procedures to ensure the continued and regular performance of its services and activities.

(4) If the issuer of a Fiat stablecoin or Commodity Stablecoin decides to discontinue providing services and activities, such as issuing the Fiat stablecoin or Commodity Stablecoin, the issuer of a Fiat stablecoin or Commodity Stablecoin must present a plan to the AFSA for such discontinuation, for the AFSA’s approval, and comply with any requirements imposed by the AFSA in relation to such discontinuation.

(5) Issuer of a Fiat stablecoin must identify sources of operational risks and minimise those risks through the development of appropriate systems, controls and procedures.

(6) Issuer of a Fiat stablecoin must have internal control mechanisms and effective procedures for risk management.