2.3.1. Mandatory appointments

(1)            A Digital Asset Trading Facility Operator must make the following appointments:

(a)            Senior Executive Officer;

(b)            Finance Officer;

(c)            Compliance Officer; and

(d)            Money Laundering Reporting Officer.

(2)            A Digital Asset Trading Facility Operator must appoint a Chief Information Technology Officer, who is an individual responsible for its ongoing information technology (“IT”) operations, maintenance and security oversight, and for ensuring that the Digital Asset Trading Facility Operator’s IT systems are reliable and adequately protected from external attack or incident.

(3)            AFSA may direct a Digital Asset Trading Facility Operator to appoint a Risk Manager.

(4)            A person may not combine two roles specified in (1) unless the Digital Asset Trading Facility Operator obtains the AFSA’s written approval.

2.3.2. Board of Directors of a Digital Asset Trading Facility Operator

(1) A Digital Asset Trading Facility Operator must have an effective Board of Directors which is collectively accountable for ensuring that the Digital Asset Trading Facility Operator’s business is managed prudently and soundly. At least one-third of the Board of Directors should comprise independent Directors.

Note: Rule 2.3.2(1) will come into force 12 months after the commencement of these Rules.

(2) The AFSA may issue guidance on the requirements relating to Board composition, structure, duties and powers as well as skills, experience and qualifications of Directors, and other relevant requirements.

(3) The Board must ensure that there is a clear division between its responsibility for setting the strategic aims and undertaking the oversight of the Digital Asset Trading Facility Operator and the senior management’s responsibility for managing the Digital Asset Trading Facility Operator’s business in accordance with the strategic aims and risk parameters set by the Board.

(4) The Board and its committees must have an appropriate balance of skills, experience, independence, and knowledge of the Digital Asset Trading Facility Operator’s business, and adequate resources, including access to expertise as required and timely and comprehensive information relating to the affairs of the Digital Asset Trading Facility Operator.

(5) The Board must ensure that the Digital Asset Trading Facility Operator has an adequate, effective, well-defined and well-integrated risk management, internal control and compliance framework.

(6) The Board must ensure that the rights of shareholders are properly safeguarded through appropriate measures that enable the shareholders to exercise their rights effectively, promote effective dialogue with shareholders and other key stakeholders as appropriate, and prevent any abuse or oppression of minority shareholders.

(7) The Board must ensure that the Digital Asset Trading Facility Operator’s financial and other reports present an accurate, balanced and understandable assessment of the Digital Asset Trading Facility Operator’s financial position and prospects by ensuring that there are effective internal risk control and reporting requirements.

(8) A Director of the Digital Asset Trading Facility Operator must act:

(a)  on a fully informed basis;

(b) in good faith;

(c) honestly;

(d) with due skill, care and diligence; and

(e) in the best interests of the Digital Asset Trading Facility Operator and its shareholders and Clients. 

2.4.1. Sufficient resources

In addition to appropriate systems, resources and controls, a Digital Asset Trading Facility Operator must have sufficient technology resources to continually operate, maintain, and supervise its facility.

2.4.2. Confidentiality

A Digital Asset Trading Facility Operator must take reasonable steps to ensure that its information, records and data are secure, and the confidentiality is maintained.

2.4.3. Cyber-security

A Digital Asset Trading Facility Operator must take reasonable steps to ensure that its IT systems are reliable and adequately protected from external attack or incident, as well as from risks that can arise from inadequacies or failures in the Digital Asset Trading Facility Operator’s processes and systems and, as appropriate, the systems of third-party suppliers, agents and others. This includes the fact that a Digital Asset Trading Facility Operator must ensure there are the necessary resources in place to manage these risks.

2.4.4. Cyber-security policy

(1) A Digital Asset Trading Facility Operator must implement a written cyber-security policy setting forth its policies and procedures for the protection of its electronic systems, Members and counterparty data stored on those systems, which must be reviewed and approved by the Digital Asset Trading Facility Operator’s Board of Directors at least on an annual basis.

(2) The cyber-security policy must, as a minimum, address the following areas:

(a) information security;

(b) data governance and classification;

(c) access controls;

(d) business continuity and disaster recovery planning and resources;

(e) capacity and performance planning;

(f) appropriateness of systems (including the allocation of responsibilities between internal IT functions and reliance on third party systems);

(g) systems operations and availability concerns;

(h) systems and network security;

(i) systems and application development and quality assurance;

(j) physical security and environmental controls;

(k) customer data privacy;

(l) vendor and third-party service provider management;

(m) incident response; and

(n) arrangements and methods for periodically reviewing and evaluating the effectiveness of the systems.

(3) A Digital Asset Trading Facility Operator must inform the AFSA immediately if it becomes aware, or has reasonable grounds to believe, that a significant breach by any Person of its cyber-security policy may have occurred or may be about to occur.

(4) A Digital Asset Trading Facility Operator must consider the impact of any outsourcing arrangements, as well as the interoperability risks when dealing with systems and software provided by third parties.

(5) A Digital Asset Trading Facility Operator must ensure all staff receive appropriate training in relation to cybersecurity.

2.4.5. On-going monitoring

For the purposes of meeting the requirement in DAA 2.4.1, a Digital Asset Trading Facility Operator must have adequate procedures and arrangements for the evaluation, selection and on-going maintenance and monitoring of IT systems. Such procedures and arrangements must, at a minimum, provide for:

(a) incident and problem management and system change;

(b) testing IT systems before live operations in accordance with the requirements in DAA 2.4.6. and 2.4.7;

(c) real time monitoring and reporting on system performance, availability and integrity; and

(d) adequate measures to ensure:

(i) the IT systems are resilient and not prone to failure;

(ii) business continuity in the event that an IT system fails;

(iii) protection of the IT systems from damage, tampering, misuse or unauthorised access; and

(iv)  the integrity of data forming part of, or being processed through, IT systems.

2.4.6. Testing of technology systems

A Digital Asset Trading Facility Operator must, before commencing live operation of its IT systems or any updates thereto, use development and testing methodologies in line with internationally accepted testing standards in order to test the viability and effectiveness of such systems. For this purpose, the testing must be adequate for the Digital Asset Trading Facility Operator to obtain reasonable assurance that, as a minimum, the systems:

(a)  enable it to comply with all the applicable requirements on an on-going basis;

(b)  can continue to operate effectively in stressed market conditions;

(c)  have sufficient electronic capacity to accommodate reasonably foreseeable volumes of messaging and orders;

(d) are adequately scalable in emergency conditions that might threaten the orderly and proper operations of its facility; and

(e)  embed any risk management controls, such as generating automatic error reports, which work as intended.

2.4.7. Testing relating to Members’ technology systems

(1) A Digital Asset Trading Facility Operator must implement standardised conformance testing procedures. A Digital Asset Trading Facility Operator must ensure that the systems which its Members are using to access facilities operated by it have a minimum level of functionality that is compatible with its IT systems and will not pose any threat to fair and orderly conduct of its facility.

(2) A Digital Asset Trading Facility Operator must also require its Members, before commencing live operation of any electronic trading system, user interface or a trading algorithm, including any updates to such arrangements, to use adequate development and testing methodologies to test the viability and effectiveness of their systems, to include system resilience and security.

(3) The requirements in (1) and (2) do not apply to the Member of a Digital Asset Trading Facility Operator if the Member is a Body Corporate or an individual (natural person) that carries out the activity solely as principal.

2.4.8. Regular review of systems and controls

(1) A Digital Asset Trading Facility Operator must undertake at least an annual review of its IT systems and controls as appropriate to the nature, scale and complexity of its operations, the diversity of its operations, the volume and size of transactions, and the level of risk inherent with its business

(2)  For the purposes of (1), a Digital Asset Trading Facility Operator must adopt well defined and clearly documented development and testing methodologies which are in line with internationally accepted testing standards.

(3) After the review is complete, a Digital Asset Trading Facility Operator must promptly remedy any deficiencies discovered during the review and keep a record of the review and its findings for a period of 6 years from the review. This record must be provided promptly to the AFSA on request.

2.4.9. Mandatory third-party audit of technology governance and IT systems

(1) A Digital Asset Trading Facility Operator is required to undergo a qualified independent third-party technology governance and IT audit to conduct vulnerability assessments and penetration testing at least on an annual basis.

(2) A Digital Asset Trading Facility Operator must provide the results of technology governance and IT assessments and tests to the AFSA on its request.

(3) The AFSA may publish a list of requirements that should be met by qualified auditors who conduct independent third-party technology governance and IT audit.

Guidance:

Credentials which indicate a qualified independent third-party auditor is suitable to conduct audit of technology governance and IT systems may include:

(1) designation as a Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) by the Information Systems Audit and Control Association (ISACA); or

(2) designation as a Certified Information Systems Security Professional (CISSP) by the International Information System Security Certification Consortium (ISC); or

(3) accreditation by a recognised and reputable body to certify compliance with relevant ISO/IEC 27000 series standards; or

(4) accreditation by the relevant body to certify compliance with the Kazakhstani standards in the area of information (cyber) security.

2.4.10. Systems and controls

(1) A Digital Asset Trading Facility Operator must ensure that it has appropriate systems and controls to address the risks to its business. Such systems and controls should be developed considering such factors as the nature, scale and complexity of the Digital Asset Trading Facility Operator’s business, the diversity of its operations, the volume and size of transactions, and the level of risk inherent with its business.

(2) A Digital Asset Trading Facility Operator must, as a minimum, have in place systems and controls with respect to the procedures describing the creation, management and control of Digital wallets and private keys, as well as the infrastructure to deal with updates and technological changes such as forks.

(3) A Digital Asset Trading Facility Operator must have adequate systems and controls to enable it to calculate and monitor its capital resources and its compliance with the requirements in DAA 2.2.(2). The systems and controls must be in writing and must be appropriate for the nature, scale and complexity of the Digital Asset Trading Facility Operator’s business and its risk profile.

(4) A Digital Asset Trading Facility Operator must have due regard to its obligations to keen data secure, including the safe storage and transmission of data in accordance with clear protocols.

2.4.11. Technology governance

A Digital Asset Trading Facility Operator must, as a minimum, have in place systems and controls with respect to the following:

(a) Procedures describing the creation, management and controls of Digital wallets, including:

(i) wallet setup/configuration/deployment/deletion/backup and recovery;

(ii) wallet access management;

(iii) wallet user management;

(iv) wallet rules and limit determination, review and update; and

(v) wallet audit and oversight.

(b) Procedures describing the creation, management and controls of private and public keys, including, as applicable:

(i) private key generation;

(ii) private key exchange;

(iii) private key storage;

(iv) private key backup;

(v) private key destruction;

(vi) private key access management;

(vii) public key sharing; and

(viii) public key re-use.

(c) Systems and controls to mitigate the risk of misuse of Digital Assets and money laundering and terrorist financing risks, setting out how:

(i) the origin of Digital Assets is determined, in case of an incoming transaction; and

(ii) the destination of Digital Assets is determined, in case of an outgoing transaction.

(d) A security plan describing the security arrangements relating to:

(i) the privacy of sensitive data;

(ii) networks and systems;

(iii) cloud based services;

(iv) physical facilities; and

(v) documents, and document storage.

(e) A risk management plan containing a detailed analysis of likely risks with both high and low impact, as well as mitigation strategies. The risk management plan must cover, but is not limited to:

(i) operational risks;

(ii) technology risks, including ‘hacking’ related risks;

(iii) market risk for each Digital Asset; and

(iv) risk of Financial Crime.

2.5.1. Business Rules, Membership Rules and Admission to Trading Rules

(1)            A Digital Asset Trading Facility Operator must prepare Business Rules, Admission to Trading Rules, and Membership Rules (the “DATF Operator’s Rules”).

(2)            A Digital Asset Trading Facility Operator must seek prior approval of any of the DATF Operator’s Rules and of amendments to any of its Rules by obtaining approval of the AFSA.

(3)            Members and Clients of a Digital Asset Trading Facility must be notified at least 10 days before approved by the AFSA amendments are introduced to the relevant rules of the DATF Operator.

2.5.2. Content of Business Rules

A Digital Asset Trading Facility Operator’s Business Rules must:

(a) be based on objective criteria;

(b) be non-discriminatory;

(c)  be clear, fair and not misleading;

(d)  set out the Members’ and other participants’ obligations:

(i)  arising from the Digital Asset Trading Facility Operator’s constitution and other administrative arrangements;

(ii)  when undertaking transactions on its facility; and

(iii)  relating to professional standards that must be imposed on staff and agents of the Members and other participants when undertaking transactions on its facility;

(e)  be made publicly available free of charge;

(f)  contain provisions for the resolution of Members’ and other participants’ disputes and an appeal process for the decisions of the Digital Asset Trading Facility Operator, whether by an independent internal body or otherwise; and

(g)  contain disciplinary procedures, including any sanctions that may be imposed by the Digital Asset Trading Facility Operator against its Members and other participants.

2.5.3. Monitoring and enforcing compliance with Business Rules

A Digital Asset Trading Facility Operator must have effective arrangements for monitoring and enforcing compliance with its Business Rules including procedures for:

(a)  prompt investigation of complaints made to the Digital Asset Trading Facility Operator about the conduct of Persons in the course of using the Digital Asset Trading Facility Operator’s facility; and

(b) where appropriate, disciplinary action resulting in financial and other types of penalties.

2.5.4. Financial penalties

If arrangements made pursuant to DAA 2.5.3. include provision for requiring the payment of financial penalties, they must include arrangements for ensuring that any amount so paid is applied only in one or more of the following ways:

(a) towards meeting expenses incurred by the Digital Asset Trading Facility Operator in the course of the investigation of the breach or course of conduct in respect of which the penalty is paid, or in the course of any appeal against the decision of the Digital Asset Trading Facility Operator in relation to that breach or course of conduct; or

(b) for the benefit of Members and Clients of the Digital Asset Trading Facility Operator's facility.

2.5.5. Appeals

Arrangements made pursuant to DAA 2.5.3. must include provision for fair, independent and impartial resolution of appeals against decisions of the Digital Asset Trading Facility Operator.

2.5.6. Membership Rules

The Membership Rules of a Digital Asset Trading Facility Operator must specify the obligations imposed on Members and Clients of its facility arising from:

(a) the constitution and administration of the facility;

(b) where appropriate rules relating to transactions using its facilities;

(c) admission criteria for Members, which must comply with DAA 2.6.2;

(d) where appropriate rules and procedures for clearing and settlement of transactions; and

(e) where appropriate rules and procedures for the prevention of Market Abuse, money laundering and Financial Crime.

2.5.7. Admission to Trading Rules

(1) A Digital Asset Trading Facility Operator must make clear and transparent rules concerning the admission of Digital Assets to trading on its facility.

(2) The Admission to Trading Rules of the Digital Asset Trading Facility Operator must ensure that Digital Assets admitted to trading on a facility of the Digital Asset Trading Facility Operator are:

(a) capable of being traded in a fair, orderly and efficient manner; and

(b) freely negotiable.

2.6.1. Persons eligible for Membership

A Digital Asset Trading Facility Operator may only admit as a Member a Person who satisfies the admission criteria set out in its Membership Rules and which is:

(a) an Authorised Firm whose Licence permits it to carry out the Regulated Activities of Dealing in Investments as Principal or Dealing in Investments as Agent;

(b) a Recognised Non-AIFC Member; or

(c) a Body Corporate or an individual (natural person) which carries out the activity solely for its own investment purposes, where such trading does not constitute Dealing in Investments as Principal by way of business.

2.6.2. Admission criteria

(1) A Digital Asset Trading Facility Operator must ensure that access to its facility is subject to criteria designed to protect the orderly functioning of the market and the interests of investors generally. 

(2) A Digital Asset Trading Facility Operator may only give access to or admit to membership a Person who:

(a) is fit and proper and of good repute;

(b) if applicable, has a sufficient level of ability, competence and experience, including appropriate standards of conduct for its staff; and

(c) if applicable, has adequate organisational arrangements, including financial and technological resources.

(3) In assessing whether access to a Digital Asset Trading Facility Operator’s facility is subject to criteria designed to protect the orderly functioning of the market and the interests of investors, the AFSA may have regard to whether:

(a) the Digital Asset Trading Facility Operator limits access as a Member to such Persons:

(i) over whom it can with reasonable certainty enforce its rules contractually;

(ii) who have sufficient technical competence to use its facilities; and

(iii) if appropriate, who have adequate financial resources in relation to their exposure to the Digital Asset Trading Facility Operator;

(b) indirect access to the Digital Asset Trading Facility Operator’s facility is subject to suitable criteria, remains the responsibility of a Member of the Digital Asset Trading Facility Operator and is subject to the Digital Asset Trading Facility Operator’s rules; and

(c) the Digital Asset Trading Facility Operator’s rules:

(i) set out the design and operation of the Digital Asset Trading Facility Operator’s relevant systems;

(ii) set out the risk for Members and Clients when accessing and using the Digital Asset Trading Facility Operator’s facilities;

(iii) contain provisions for the resolution of Members’ and Clients’ disputes and an appeal process for the decisions of the Digital Asset Trading Facility Operator;

(iv) contain disciplinary proceedings, including any sanctions that may be imposed by the Digital Asset Trading Facility Operator against its Members and Clients; and

(v) set out other matters necessary for the proper functioning of the Digital Asset Trading Facility Operator and the facilities operated by it.

2.6.3. List of Members and Clients

A Digital Asset Trading Facility Operator must be able to provide the AFSA with a list of Members and Clients of its facility on the AFSA’s request.

2.6.4. Undertaking to comply with AFSA rules

A Digital Asset Trading Facility Operator may not admit a Recognised Non-AIFC Member as a Member unless:

(a) the Recognised Non-AIFC Member agrees in writing to submit unconditionally to the jurisdiction of the AFSA in relation to any matters which arise out of or which relate to its use of the facility of the Digital Asset Trading Facility Operator; 

(b) the Recognised Non-AIFC Member agrees in writing to submit unconditionally to the jurisdiction of the AIFC Court in relation to any disputes, or other proceedings in the AIFC, which arise out of or relate to its use of the facility of the Digital Asset Trading Facility Operator;

(c) the Recognised Non-AIFC Member agrees in writing to subject itself to the Acting Law of the AIFC in relation to its use of the facility of the Digital Asset Trading Facility Operator; and

(d) where the Recognised Non-AIFC Member is incorporated outside the Republic of Kazakhstan, appoints and maintains at all times, an agent for service of process in the AIFC.

2.7.1. Direct Electronic Access to the facility

For the purposes of these Rules, Direct Electronic Access means any arrangement, such as the use of the Member's trading code, through which a Member or the Clients of that Member are able to transmit electronically orders relating to Digital Assets directly to the facility provided by the Digital Asset Trading Facility Operator and includes arrangements which involve the use by a Person of the infrastructure of the Digital Asset Trading Facility Operator or the Member or Client or any connecting system provided by the Digital Asset Trading Facility Operator or Member or Client, to transmit the orders and arrangements where such an infrastructure is not used by a Person.

Guidance:

A Person who is permitted to have Direct Electronic Access to a Digital Asset Trading Facility Operator's facility through a Member is not, by virtue of such permission, a Member of the Digital Asset Trading Facility Operator.

2.7.2. Permitting Members that are Body Corporates to provide Direct Electronic Access to Clients

(1) This rule applies if a Digital Asset Trading Facility Operator proposes to permit a Member that is a Body Corporate to provide its Clients Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility.

(2) A Digital Asset Trading Facility Operator may permit a Member to provide its Clients Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility only if:

(a) the Clients meet the suitability criteria established by the Member in order to meet the requirements in DAA 2.7.3;

(b) the Member retains responsibility for the orders and trades executed by its Clients who are using Direct Electronic Access; and

(c) the Member has adequate mechanisms to prevent its Clients placing or executing orders using Direct Electronic Access in a manner that would result in the Member exceeding its position or margin limits.

2.7.3. Criteria, standards and arrangements for providing Direct Electronic Access to Clients of Members that are Body Corporates

(1) A Digital Asset Trading Facility Operator which permits its Members to provide its Clients Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility under DAA 2.7.2. must:

(a) set appropriate standards regarding risk controls and thresholds on trading through Direct Electronic Access;

(b) be able to identify orders and trades made through Direct Electronic Access; and

(c) if necessary, be able to stop orders or trades made by a Client using Direct Electronic Access provided by the Member without affecting the other orders or trades made or executed by that Member.

(2) A Client who is permitted to have Direct Electronic Access to a Digital Asset Trading Facility Operator’s facility through a Member is not, by virtue of such permission, a Member of the Digital Asset Trading Facility Operator. However, such Client is subject to the jurisdiction of the Digital Asset Trading Facility Operator.

(3) In determining whether a Digital Asset Trading Facility Operator has adequate arrangements to permit Direct Electronic Access to its facility and to prevent and resolve problems likely to arise from the use of electronic systems to provide indirect access to its facility to Persons other than the Digital Asset Trading Facility Operator’s Members, the AFSA may have regard to:

(a) the rules and guidance governing Members’ procedures, controls and security arrangements for inputting instructions into the system;

(b) the rules and guidance governing the facilities that Members provide to their Clients to input instructions into the system and the restrictions placed on the use of those systems;

(c) the rules and practices to detect, identify, and halt or remove instructions breaching any relevant restrictions;

(d) the quality and completeness of the audit trail of a transaction processed through an electronic connection system;

(e) the systems and controls in place to monitor compliance with applicable law and regulation, cybersecurity requirements, as well as prevention of money laundering, Market Abuse and other Financial Crime; and

(f) the procedures in place to determine whether to suspend trading by Direct Electronic Access systems generally or access to those systems by or through individual Members.

2.7.4. Criteria, standards and arrangements for giving Direct Electronic Access to Members who are individuals (natural persons)

(1) This rule applies if a Digital Asset Trading Facility Operator proposes to give to a Member who is an individual (natural person) Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility.

(2) A Digital Asset Trading Facility Operator must ensure that:

(a) its rules clearly set out:

(i) the duties owed by the Digital Asset Trading Facility Operator to its Members with Direct Electronic Access, and how the Digital Asset Trading Facility Operator is held accountable for any failure to fulfil those duties; and

(ii) the duties owed by the Members with Direct Electronic Access to the Digital Asset Trading Facility Operator and how such Members are held accountable for any failure to fulfil those duties;

(b) appropriate investor redress mechanisms are available, in accordance with COB Chapter 15, and disclosed to Members permitted to trade Digital Assets on its facility; and

(c) its facility contains a prominent disclosure of the risks associated with trading and clearing Digital Assets.

(3) Without limiting the generality of the systems and controls obligations of the Digital Asset Trading Facility Operator, the Digital Asset Trading Facility Operator must have adequate systems and controls to address market integrity, AML and CTF, and investor protection risks in giving Direct Electronic Access to a Member, to trade on its facility, including procedures to:

(a) ensure that appropriate customer due diligence sufficient to address AML and CTF risks has been conducted on each Member, before permitting the Member to trade on its facility, and that such due diligence is updated periodically on an ongoing basis, and at least quarterly, after the establishment of relations with a Member;

(b) detect and address potential market manipulation and abuse; and

(c) ensure that there is adequate disclosure relating to the Digital Assets that are traded on the facility, including as regards any particular risks in relation to such. 

(4) A Digital Asset Trading Facility Operator must maintain written policies and procedures to evidence compliance with the requirements of DAA 2.7.4(3).

(5) A Digital Asset Trading Facility Operator must have adequate controls and procedures to ensure that trading Digital Assets by Members with Direct Electronic Access does not pose any risks to the orderly and efficient functioning of the facility’s trading system, including controls and procedures to:

(a) mitigate counterparty risks that may arise from defaults by such Members through adequate collateral management measures, such as margin requirements, based on the settlement cycle adopted by the Digital Asset Trading Facility Operator;

(b) identify and distinguish orders that are placed by such Members, and, if necessary, enable the Digital Asset Trading Facility Operator to stop orders of, or trading by, such Members;

(c) prevent such Members from allowing access to unauthorised Persons to trade on the trading facility; and

(d) ensure that such Members fully comply with the rules of the facility and promptly address any gaps and deficiencies that are identified.

(6) A Digital Asset Trading Facility Operator must have adequate resources and systems to carry out frontline monitoring of the trading activities of Members with Direct Electronic Access. 

2.8.1. Application for admission of Digital Assets to trading

(1) Applications for the admission of a Digital Asset to trading can be made to a Digital Asset Trading Facility Operator by:

(a) an issuer of a Digital Asset;

(b) a third party on behalf of and with the consent of an issuer of a Digital Asset; or

(c) a Member of the Digital Asset Trading Facility Operator.

(2) A Digital Asset can be admitted to trading on the Digital Asset Trading Facility Operator’s own initiative.

(3) A Digital Asset Trading Facility Operator must, before admitting any Digital Asset to trading:

(a) be satisfied that the applicable requirements, including those in its Admission to Trading Rules, have been or will be fully complied with in respect of such Digital Asset; and

(b) obtain approval of the AFSA in respect of Fiat and Commodity stablecoins, except for stablecoins issued by the Digital Asset Service Providers holding the relevant Licence.

(4) For the purposes of (1), a Digital Asset Trading Facility Operator must notify an applicant in writing of its decision in relation to the application for admission of the Digital Asset to trading.

(5) For the purposes of 3(b), an application to the AFSA by a Digital Asset Trading Facility Operator must include:

(a) a copy of the admission application; and

(b) any other information requested by the AFSA.

2.8.2. Admission criteria

(1) For the purposes of 2.8.1(3)(b), a Digital Asset can be admitted to trading on the Operator’s facility if the Digital Asset Trading Facility Operator is satisfied that:

(a) having considered the matters in (2), the Digital Asset is suitable for use in the AIFC;

(b) the Digital Asset is not prohibited for use in the AIFC; and

(c) for a Fiat or Commodity stablecoin, all of the requirements in (4) or (5) as applicable are met in respect of that Fiat or Commodity stablecoin (and conditions (a) and (b) above are met).

(2) The matters referred to in (1)(a), which the Digital Asset Trading Facility Operator considers, are:

(a) the regulatory status of the relevant Digital Asset in other jurisdictions, including whether it has been assessed or approved for use in another jurisdiction, and the extent to which the laws and regulations of that jurisdiction are equivalent to the requirements of the AFSA;

(b) whether there is adequate transparency relating to the Digital Asset and underlying blockchain, including sufficient detail about its purpose, protocols, consensus mechanism, governance arrangements, founders, key persons, miners and significant holders;

(c) the size (the market capitalisation), liquidity and volatility of the market for the Digital Asset globally;

(d) whether there is a total limit (cap) for the issuance of Digital Asset;

(e) the controls/processes to manage volatility of a particular Digital Asset (tokenomics);

(f) the adequacy and suitability of the technology used in connection with the Digital Asset; and

(g) whether risks associated with the Digital Asset are adequately mitigated, including risks relating to governance, legal and regulatory issues, cybersecurity, money laundering, Market Abuse and other

Financial Crime;

(h) whether a Digital Asset is traceable;

(i) whether there are any issues relating to the security or usability of a DLT used for the purposes of a Digital Asset; and

(j) whether a DLT and smart contract (if any) have been stress tested or subject to independent audit.

(3) In assessing the matters in (2), the AFSA may consider the cumulative effect of factors which, if taken individually, may be regarded as insufficient to give reasonable cause to doubt that the criteria in (1)(a) is satisfied.

(4) In the case of a Fiat stablecoin or Commodity stablecoin backed by a reserve, the additional criteria referred to in (1)(c) are that:

(a) information is published at least quarterly on the value and composition of the reserves backing the Fiat stablecoin or Commodity stablecoin;

(b) the published information referred to in (4)(a) is verified by a suitably qualified third-party professional who is independent of the issuer of the Digital Asset and any persons responsible for the Digital Asset;

(c) the published information referred to in (4)(a) demonstrates that the reserves in respect of Fiat stablecoins:

(i) are at least equal in value to the notional value of outstanding Digital Assets in circulation (that value being calculated by multiplying the number of Digital Assets in circulation by the purported pegged Fiat Currency value);

(ii) are denominated in the reference currency; and

(iii) are held in segregated accounts with properly regulated banks or custodians in jurisdictions with regulation that is equivalent to the AFSA’s regime and AML regulation that is equivalent to the

standards set out in the FATF Recommendations;

(d) the Digital Asset is able to maintain a stable price relative to the Fiat Currency or Commodity stablecoin it references; and

(e) a Person is clearly responsible and liable to investors for the Digital Asset.

(5) If a Digital Asset Trading Facility Operator decides to admit a Digital Asset to trading, the Digital Asset Trading Facility Operator is required to notify the AFSA 10 days prior to the date of the admission of the Digital Asset to trading. 

2.8.3. Events or developments affecting the Digital Asset

(1) If a Digital Asset Trading Facility Operator becomes aware of any significant event or development that reasonably suggests that the Digital Asset no longer meets the criteria in DAA 2.8.2 for it to be admitted to trading, it must immediately suspend or withdraw a Digital Asset from trading.

(2) A Digital Asset Trading Facility Operator must ensure that, where it seeks to offer services in relation to the Digital Asset associated with the new version of an underlying protocol (“hard fork”), this new Digital Asset meets the requirements in DAA 2.8.2.

2.8.4. Publication of key features document

(1) A Digital Asset Trading Facility Operator may permit a Digital Asset to trading only if it has published a key features document on its website about the Digital Asset.

(2) The key features document must include the following if known (or, if not known, after having taken reasonable steps to determine this information, a clear statement must be provided that such information is not known):

(a) information about the issuer and the individuals responsible for designing the Digital Asset;

(b) characteristics of the Digital Asset, including rights attaching to the Digital Asset and any project or venture to be funded in connection with the Digital Asset (if relevant);

(c) details of Persons responsible for performing obligations associated with the Digital Asset and details of where and against whom rights conferred by the Digital Asset may be exercised;

(d) information on the underlying DLT or similar technology used for the Digital Asset, including details of the technology that is used to issue, store or transfer the Digital Asset and any interoperability with other DLT;

(e) information on the underlying technology used by the Digital Asset Trading Facility Operator,  as relevant to making a decision to participate in the Digital Asset, including information on relevant protocols and technical standards adhered to;

(f) details about how ownership of the Digital Asset is established, certified or otherwise evidenced (to the extent relevant);

(g) how the Digital Asset will be valued by the Digital Asset Trading Facility Operator, and an explanation of how this is carried out and what benchmarks, indices or third parties relied on;

(h) the risks relating to the volatility and unpredictability of the price of the Digital Asset;

(i) in the case of a Fiat stablecoin or Commodity stablecoin based on reserves, details about the reserves backing that Fiat stablecoin or Commodity stablecoin and the stabilisation and redemption mechanisms;

(j) cyber-security risks associated with the Digital Asset or its underlying technology, including whether there is a risk of loss of the Digital Asset in the event of a cyberattack, and details of steps that have been taken, or can be taken, to mitigate those risks;

(k) the risks relating to fraud, hacking and Financial Crime;

(l) any other information relevant to the Digital Asset that would reasonably assist the Client to understand the Digital Asset and whether to participate in the Digital Asset, or otherwise use the service(s) being offered to the Client.

Guidance:

The Digital Asset white paper is a document outlining the main economic and technical aspects of a specific Digital Asset. The key features document is a document outlining the main characteristics of the Digital Asset in a simple format to provide potential investors with the aims and benefits of the Digital Asset, along with the relevant risks and limitations. The content of the Digital Asset white paper and key features document should not conflict each other.

2.8.5. Risk warnings

(1) A Digital Asset Trading Facility Operator must display prominently on its website the following risk warnings relating to Digital Assets:

(a) (except in the case of a Central Bank Digital Currency) that Digital Assets are not legal tender or backed by a government;

(b) that Digital Assets are subject to extreme volatility and the value of the Digital Asset can fall quickly (including, in respect of a stablecoin, if it loses its stability peg);

(c) that an investor in Digital Assets may lose all, or part, of the value of their investment;

(d) that Digital Assets may not always be liquid or transferable;

(e) that investments in Digital Assets may be complex making it hard to understand the risks associated with participating in them;

(f) that Digital Assets can be stolen because of cyber attacks;

(g) that trading in Digital Assets is susceptible to irrational market forces;

(h) there being limited or, in some cases, no mechanisms for the recovery of lost or stolen Digital Assets;

(i) the risks of Digital Assets with regard to anonymity, irreversibility of transactions, accidental transactions, transaction recording, and settlement;

(j) that the nature of Digital Assets means that technological difficulties experienced by the Digital Asset Trading Facility Operator or relevant Member may prevent access to or use of a Client’s Digital Assets;

(k) that participating in Digital Assets is not comparable to participating in traditional investments such as Securities; and

(l) that there is no recognised compensation scheme to provide an avenue of redress for aggrieved participants.

(2) Where a Digital Asset Trading Facility Operator presents any marketing or educational materials and other communications relating to a Digital Asset on a website, in the general media or as part of a distribution made to existing or potential new Clients, it must include the risk warning referred to in DAA 2.8.5 (1) in a prominent place at or near the top of each page of the materials or communication.

(3) If the material referred to in DAA 2.8.5 (1) is provided on a website or an application that can be downloaded to a mobile device, the warning must be:

(a) statically fixed and visible at the top of the screen even when a person scrolls up or down the webpage; and

(b) included on each linked webpage on the website.

2.8.6. Undertaking to comply with the Acting Law of the AIFC

A Digital Asset Trading Facility Operator may not admit a Digital Asset to trading unless the Person who seeks to have Digital Assets admitted to trading:

(a) gives an enforceable undertaking to the AFSA to submit unconditionally to the jurisdiction of the AIFC in relation to any matters which arise out of or which relate to its use of the facilities of the Digital Asset Trading Facility Operator;

(b) agrees in writing to submit unconditionally to the jurisdiction of the AIFC Court in relation to any disputes, or other proceedings in the AIFC, which arise out of or relate to its use of the facilities of the Digital Asset Trading Facility Operator; and

(c) agrees in writing to subject itself to the Acting Law of the AIFC in relation to its use of the facilities of the Digital Asset Trading Facility Operator.

2.8.7. Review of compliance

The Digital Asset Trading Facility Operator must maintain arrangements to semi-annually review whether the Digital Assets admitted to trading on its facilities comply with the Admission to Trading Rules.

2.8.8. Admission of Digital Asset Derivatives

(1) A Digital Asset Trading Facility Operator may admit Digital Asset Derivatives to trading if it has obtained the AFSA’s approval to do so.

(2) The AFSA may grant its approval under (1) only if it is satisfied that a Digital Asset Trading Facility Operator has appropriate systems and controls and policies and procedures to determine the appropriateness of Retail Clients to be offered Digital Asset Derivatives.

(3) A Digital Asset Trading Facility Operator that intends to offer Digital Asset Derivatives to Retail Clients must carry out an appropriateness test of a Retail Client and form a reasonable view that the Retail Client has:

(a) adequate skills and expertise to understand the risks involved in trading Digital Asset Derivatives; and

(b) the ability to absorb potentially significant losses resulting from trading in Digital Asset Derivatives.

(4) A Digital Asset Trading Facility Operator must maintain records of the appropriateness test that it carries out in respect of each Retail Client and make such records available to the AFSA on request.

(5) If it considers appropriate, the AFSA may restrict or prohibit the trading of Digital Asset Derivatives for certain types of Clients.

Guidance:

(1) To form a reasonable view referred to in DAA 2.8.8.(3) in relation to a Person, a Digital Asset Trading Facility Operator should consider issues such as whether the Person:

(a) has sufficient knowledge and experience relating to the type of a Digital Asset Derivative offered, having regard to such factors as:

(i) how often and in what volumes that Person has traded in the relevant type of a Digital Asset Derivative; and

(ii) the Person’s relevant qualifications, profession or former profession;

(b) understands the characteristics and risks relating to Digital Asset Derivatives, and the volatility of the prices of Digital Asset Derivatives;

(c) understands the potential impact of leverage, due to which, there is potential to make significant losses in trading in Digital Asset Derivatives; and

(d) has the ability, particularly in terms of net assets and liquidity available to the Person, to absorb and manage any losses that may result from trading in the Digital Asset Derivatives offered.

(2) To be able to demonstrate to the AFSA that it complies with DAA 2.8.8.(3), a Digital Asset Trading Facility Operator should have in place systems and controls that include:

(a) pre-determined and clear criteria against which a Retail Client’s ability to trade in Digital Asset Derivatives can be assessed;

(b) adequate records to demonstrate that the Digital Asset Trading Facility Operator has undertaken the appropriateness test for each Retail Client; and

(c) in the case of an existing Retail Client with whom the Digital Asset Trading Facility Operator has previously traded in Digital Asset Derivatives, procedures to undertake a fresh appropriateness test on at least an annual basis, and if:

(i) a new Digital Asset Derivative with a materially different risk profile is offered to the Retail Client; or

(ii) there has been a material change in the Retail Client’s circumstances.

(3) If a Digital Asset Trading Facility Operator forms the view that it is not appropriate for a Person to trade in Digital Asset Derivatives, the Digital Asset Trading Facility Operator should refrain from offering that service to the Person. As a matter of good practice, the Digital Asset Trading Facility Operator should inform the Person of such decision.

2.9.1. Power to suspend or remove a Digital Asset from trading

(1) The rules of a Digital Asset Trading Facility Operator must provide that it has the power to suspend or remove from trading on its facility any Digital Assets with immediate effect or from such date and time as may be specified where it is satisfied that there are circumstances that warrant such action, or it is in the interests of the AIFC.

(2) The AFSA may direct a Digital Asset Trading Facility Operator to suspend or remove Digital Assets from trading with immediate effect or from such date and time as may be specified by the AFSA if it is satisfied there are circumstances that:

(a) warrant such action, or

(b) it is in the interests of the AIFC.

(3) The AFSA may withdraw a direction made under (2) at any time.

(4) Digital Assets that are suspended from trading must remain admitted to trading for the purposes of this Chapter.

(5) The AFSA may prescribe any additional requirements or procedures relating to the removal or suspension of Digital Assets from or restoration of Digital Assets to trading.

2.9.2. Limitation on power to suspend or remove Digital Assets from trading

The rules of a Digital Asset Trading Facility Operator must contain provisions for orderly suspension and removal from trading on its facility of any Digital Asset which no longer complies with its rules, considering the interests of investors and the orderly functioning of the financial market of the AIFC.

2.9.3. Publication of decision

(1) Where the Digital Asset Trading Facility Operator suspends or removes any Digital Asset from trading on its facility, it must notify the AFSA in advance and make that decision public by issuing a public notice on its website.

(2) Where the Digital Asset Trading Facility Operator lifts a suspension or re-admits any Digital Asset to trading on its facility, it must notify the AFSA in advance and make that decision public by issuing a public notice on its website.

(3) Where a Digital Asset Trading Facility Operator has made any decisions on admission, suspension, or removal of Digital Assets from trading on its facility, it must have adequate procedures for notifying Members and Clients of such decisions.

2.10.1. Pre-trade disclosure

(1) A Digital Asset Trading Facility Operator must disclose to its Members and Clients the following information relating to trading of Digital Assets on its facility:
(a) the current bid and offer prices, and volume of Digital Assets traded on its systems on a continuous basis during normal trading hours;
(b) the depth of trading interest shown at the prices and volumes advertised through its systems for the Digital Assets;
(c)  the methods of communication to be used between the Digital Asset Trading Facility Operator and its Members and Clients;

(d) the languages in which the Digital Asset Trading Facility Operator and its Members and Clients may communicate;

(e) a statement that the Digital Asset Trading Facility Operator has the appropriate Licence to operate, and the details of that Licence;

(f) a description, which may be in summary form, of any conflicts of interest which may arise in relation to potential transaction, and how the Digital Asset Trading Facility Operator will manage these to ensure the fair treatment of Members and Clients;

(g) any cancellation or withdrawal rights that Members and Clients may have;

(h) any rights of Members and Clients may or may not have to terminate a trade early or unilaterally under the terms of the Digital Asset Trading Facility Operator’s facilities, including whether any fees or costs may be imposed in connection with exercising such a right;

(i) any specific technological requirements that the Members and Clients must have in place in order to use the Digital Asset Trading Facility; and
(j) any other information relating to Digital Assets which would materially promote transparency for Members and Clients relating to trading.

(2) The AFSA may waive or modify the disclosure requirement in DAA 2.10.1 (a) and (b) in relation to certain transactions where the order size is predetermined, exceeds a pre-set and published threshold level and details of the exemption are made available to the Digital Asset Trading Facility Operator’s Members and the public.

(3) In assessing whether an exemption from pre-trade disclosure is allowed in relation to in DAA 2.10.1 (a) and (b), the AFSA would regard to such factors as:

(a) the level of an order threshold compared with the normal market size for the Digital Asset;
(b) the impact such an exemption would have on price discovery, fragmentation, fairness and overall market quality;

(c) whether there is sufficient transparency relating to trades executed without pre-trade disclosure (as a result of orders executed on execution platforms without pre-trade transparency), whether or not they are entered in transparent markets;

(d) whether the Digital Asset Trading Facility Operator supports transparent orders by giving a priority to transparent orders over dark orders, for example, by executing such orders at the same price as transparent orders; and

(e) whether there is adequate disclosure of details relating to dark orders available to Members and other participants on the Digital Asset Trading Facility to enable them to understand the manner in which their orders are handled and executed on the Digital Asset Trading Facility.

(4) When making disclosure, a Digital Asset Trading Facility Operator must adopt a technical mechanism showing differentiations between transactions that have been recorded in the central order book and transactions that have been reported to the Digital Asset Trading Facility as off-order book transactions. Any transactions that have been cancelled pursuant to its rules must also be identifiable.

(5) A Digital Asset Trading Facility Operator must use appropriate mechanisms to enable pre-trade information to be made available to Members and Clients in an easy to access and uninterrupted manner at least during normal trading hours.

2.10.2. Post-Trade Disclosure

(1) A Digital Asset Trading Facility Operator must disclose the price, volume and time of the transactions effected in respect of Digital Assets to Members and Clients involved in the relevant transaction as close to real-time as is technically possible on a non-discretionary basis. The Digital Asset Trading Facility Operator must use adequate mechanisms to enable post-trade information to be made available to Members and Clients involved in the relevant transaction in an easy to access and uninterrupted manner at least during business hours.

(2) A Digital Asset Trading Facility Operator must provide price, volume, time and counterparty details to the AFSA within 24 hours of the close of each trading day via a secure electronic feed.

2.10.3. Public notice of suspended or terminated Membership

The Digital Asset Trading Facility Operator must promptly issue a public notice on its website in respect of any Member that has a Licence to carry out the Regulated Activities whose Membership is suspended or terminated.

2.10.4. Cooperation with office-holder

The Digital Asset Trading Facility Operator must cooperate, by the sharing of information and otherwise, with the AFSA, any relevant office-holder and any other authority or body having responsibility for any matter arising out of, or connected with, the default of a Member of the Digital Asset Trading Facility Operator.

2.10.5. Forums

If a Digital Asset trading Facility Operator provides a means of communication (a “forum”) for Members and Clients to discuss Digital Assets, it must:

(a) include a clear and prominent warning on the forum informing Members and Clients that the Digital Asset Trading Facility Operator does not conduct due diligence on information on the forum;

(b) restrict the posting of comments on the forum to Digital Asset Trading Facility Members and Clients;

(c) ensure that all Members and Clients of the forum have equal access to information posted on the forum;

(d) require a person posting a comment on the forum to disclose clearly if he is affiliated in any way with a Digital Asset or is being compensated, directly or indirectly, to promote a Digital Asset;

(e) take reasonable steps to monitor and prevent posts on the forum that are potentially misleading or fraudulent or may contravene the Market Abuse provisions (Chapter 5 of the MAR);

(f) immediately take steps to remove a post, or to require a post to be deleted or amended, if the Digital Asset Trading Facility Operator becomes aware that (d) or (e) have not been complied with; and

(g) not participate in discussions on the forum except to moderate posts or to take steps referred to in (f).

2.11.1. Clients of a Digital Asset Trading Facility Operator

Members of a Digital Asset Trading Facility Operator and their clients are Clients of a Digital Asset Trading Facility Operator.

2.11.2. Investment limits

A Digital Asset Trading Facility Operator must maintain effective systems and controls to ensure that a Retail Client, who is a resident of the Republic of Kazakhstan, complies with any requirements and limits imposed by the Rules on Currency Regulation and Provision of Information on Currency Transactions in the AIFC.

2.11.3. Calculation of an individual Client’s net assets

(1) For the purposes of calculating an individual Client’s net assets to treat him as an Assessed Professional Client under Rule 2.5.1(a) of the COB, the Digital Asset Trading Facility Operator:

(a) must exclude the value of the primary residence of the Client;

(b) must exclude Digital Assets belonging to the Client that are not admitted to trading;

(c) must include only 30% of the market value of a Digital Asset admitted to trading, which belongs to the Client, but must include 100% of the market value of Fiat and Commodity stablecoin backed by reserves, which belong to the Client; and

(d) may include any other assets held directly or indirectly by that Client.

2.11.4. Additional information for Providing Custody of Digital Assets

A Digital Asset Trading Facility Operator Providing Custody of Digital Assets must include in the Client Agreement:

(a) a breakdown of all fees and charges payable for a transfer of Digital Assets (a “transfer”) and when they are charged;

(b) the information required to carry out a transfer;

(c) the form and procedures for giving consent to a transfer;

(d) an indication of the time it will normally take to carry out a transfer;

(e) details of when a transfer will be considered to be complete;

(f) how, and in what form, information and communications relating to transfer services will be provided to the Client, including the timing and frequency of communications and the language used and technical requirements for the Client’s equipment and software to receive the communications;

(g) clear policies and procedures relating to unauthorised or incorrectly executed transfers, including when the Client is and is not entitled to redress;

(h) clear policies and procedures relating to situations where the holding or transfer of Digital Assets may have been compromised, such as if there has been hacking, theft or fraud; and

(i) details of the procedures the Digital Asset Trading Facility Operator will follow to contact the Client if there has been suspected or actual hacking, theft or fraud.

2.11.5. Provision of prompt confirmation to Clients

(1) Prior to execution of each transaction in Digital Assets, a Digital Asset Trading Facility Operator must confirm with its Clients the following terms:

(a) name of the Digital Asset in the proposed transaction, as well as any other identifying details required to be clear of the exact version of the Digital Asset subject to the proposed transaction;

(b) amount or value of the proposed transaction;

(c) fees and charges to be borne by the Client that are charged by or via the Digital Asset Trading Facility Operator, including applicable exchange rates; and

(d) a warning that once executed the transaction may not be undone.

(2) After a Digital Asset Trading Facility Operator has effected a transaction for a Client, it must confirm promptly with the Client the essential features of the transaction. The following information should be included:

(a) name of the Digital Asset in the transaction, as well as any other identifying details required to be clear of the exact version of the Digital Asset;

(b) amount or value of the transaction; and

(c) fees and charges borne by the Client that are charged by or via the Digital Asset Trading Facility Operator, including applicable exchange rates.

2.11.6. Provision of statements of account on request

If a Digital Asset Trading Facility Operator receives a request from a Client for a statement of account it must:

(a) prepare a statement of account in respect of the Client which includes the following information:

(i) the name, address and account number of the Client to whom the Digital Asset Trading Facility Operator is required to provide the statement of account;

(ii) the date on which the statement of account is prepared;

(iii) the outstanding balance of that account; and

(iv) the quantity, and, in so far as readily ascertainable, the market price and market value of each Client Digital Asset, held for that account.

(b) prepare the requested statement of account to the Client as soon as practicable after the date of the request.

2.12.1. Conflicts of interest – core obligation

A Digital Asset Trading Facility Operator must take reasonable steps, including the maintenance of adequate systems and controls, governance and internal policies and procedures, to ensure that the performance of its regulatory functions and obligations is not adversely affected by its commercial interests.

Guidance: regulatory functions of a Digital Asset Trading Facility Operator

The regulatory functions of a Digital Asset Trading Facility Operator include, as appropriate:

• its obligations to monitor and enforce compliance with its Business Rules, Admission to Trading Rules, and Membership Rules;

• its obligation to prevent, detect and report Market Abuse or Financial Crime, as well as to comply with applicable laws and regulations generally; and

• its obligations in respect of admission of Digital Assets to trading or to clearing.

2.12.2. Conflicts of interest – identification and management

For the purposes of compliance with DAA 2.12.1, a Digital Asset Trading Facility Operator must:

(a)  identify conflicts between the interests of the Digital Asset Trading Facility Operator, its shareholders, owners and operators and the interests of the Persons who make use of its facilities operated by it; and

(b)  manage and disclose such conflicts so as to avoid adverse consequences for the sound functioning and operation of the facilities operated by the Digital Asset Trading Facility Operator and for the Persons who make use of its them.

2.12.3. Personal account transactions

A Digital Asset Trading Facility Operator must establish and maintain adequate policies and procedures to ensure that its Employees do not undertake personal account transactions in Digital Assets in a manner that creates or has the potential to create conflicts of interest or otherwise create a risk of Market Abuse or Financial Crime.

2.12.4. Conflicts of interest – code of conduct

A Digital Asset Trading Facility Operator must establish a code of conduct that sets out the expected standards of behaviour for its Employees, including clear procedures for addressing (potential) conflicts of interest. Such a code must be binding on all of its Employees.

2.13.1. Measures to prevent, detect and report Market Abuse or Financial Crime2.13.1. Measures to prevent, detect and report Market Abuse or Financial Crime

A Digital Asset Trading Facility Operator must:

(a)  ensure that appropriate measures (including the monitoring of transactions effected on or through the Digital Asset Trading Facility Operator’s facility) are adopted to reduce the extent to which the Digital Asset Trading Facility Operator’s facility can be used for a purpose connected with Market Abuse, Financial Crime or money laundering, and to facilitate their detection and monitor their incidence; and

(b) immediately report to the AFSA any suspected Market Abuse, Financial Crime or money laundering, along with full details of that information in writing.

2.13.2. Whistleblowing

A Digital Asset Trading Facility Operator must have appropriate procedures and protections for its Employees to disclose any information to the AFSA in a manner which does not expose them to any disadvantage or discrimination as a result of so doing.

2.13.3. Lending and staking

(1)            A Digital Asset Trading Facility Operator must not offer or provide any facility or service that allows a Member or another user of its facility to lend a Digital Asset to another Person unless it is reasonably satisfied that the Member or user is a Professional Client.

(2)            The prohibition in (1) does not apply to the provision of any Digital Asset to an Authorised Firm as Collateral.

2.13.4. Trading of Digital Assets

(1) A Digital Asset Trading Facility Operator must establish and maintain policies and procedures relating to the trading process to detect and prevent (potential) errors, omissions, fraud, and other unauthorised or improper activities.

(2) A Digital Asset Trading Facility Operator must execute a trade for a Client only if there are sufficient Fiat Currencies or Digital Assets, which are admitted to trading, in the Client’s account with the Digital Asset Trading Facility Operator to cover that trade. This requirement does not apply to any off-platform transactions to be conducted by institutional investors which are settled intra-day.

(3) A Digital Asset Trading Facility Operator should not provide any financial assistance for its Clients to acquire Digital Assets. It should ensure, to the extent possible, that no Person within the same Group as the Digital Asset Trading Facility Operator does so unless for exceptional circumstances which should be approved by the AFSA on a case-by-case basis.

2.13.5. Trading controls

(1) A Digital Asset Trading Facility Operator must put in place risk management and supervisory controls for the operation of its trading platform. These controls should include:

(a) automated pre-trade controls that are reasonably designed to:

(i) prevent the entry of any orders that would exceed appropriate position limits prescribed for each Member and Client;

(ii) alert the user to the entry of potential erroneous orders and prevent the entry of erroneous orders;

(iii) prevent the entry of orders which are not in compliance with regulatory requirements; and

(b) post-trade monitoring to reasonably identify any:

(i) suspicious market manipulative or abusive activities; and

(ii) market events or system deficiencies, such as unintended impact on the market, which call for further risk control measures.

(2) A Digital Asset Trading Facility Operator must be able to:

(a) reject orders that exceed its pre-determined volume and price thresholds, or that are clearly erroneous;

(b) temporarily halt or constrain trading on its facility if necessary or desirable to maintain an orderly market; and

(c) cancel, vary, or correct any order resulting from an erroneous order entry or the malfunctioning of the system of a Member.

2.13.6. Settlement and clearing arrangements

(1) A Digital Asset Trading Facility Operator must ensure that satisfactory arrangements are made for securing the timely discharge (whether by performance, compromise or otherwise), clearing and settlement of the rights and liabilities of the parties to transactions effected on the Digital Asset Trading Facility Operator’s facilities (being rights and liabilities in relation to those transactions).

(2) A Digital Asset Trading Facility Operator must ensure that clearing and settlement of transactions on its facilities takes place only by means of Fiat Currencies or Digital Assets which are admitted to trading.

(3) A Digital Asset Trading Facility Operator must take all reasonable steps to ensure that finality of settlement is achieved within 24 hours.

2.13.7. Digital Asset Trading Facility Operator Providing Custody of Digital Assets

(1) A Digital Asset Trading Facility Operator which also carries out the Regulated Activity of Providing Custody of Digital Assets or Arranging Custody of Digital Assets must ensure that it complies with the requirements applicable to those Regulated Activities in addition to the requirements that apply by virtue of being a Digital Asset Trading Facility Operator.

(2) Digital Assets held by a Digital Asset Trading Facility Operator Providing Custody are not depository liabilities or assets of the Digital Asset Trading Facility Operator and must be held on trust.

(3) A Digital Asset Trading Facility Providing Custody must segregate the Digital Assets of each Client in separate Digital wallets containing the Digital Assets of that Client only.

(4) A Digital Asset Trading Facility Providing Custody must maintain control of each Digital Asset at all times while Providing Custody.

(5) A Digital Asset Trading Facility Operator Providing Custody must:

(a) have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of Digital Assets issuers and holders, prevent the unauthorised creation or deletion of Digital Assets, and conduct daily reconciliation of each Digital Asset balance it maintains for issuers and holders;

(b) prohibit overdrafts and credit balances in Digital Assets account;

(c) maintain Digital Assets in an immobilised or dematerialised form for their transfer by book entry;

(d) protect assets against custody risk through appropriate rules and procedures consistent with its legal framework;

(e) ensure segregation between its own assets and the Digital Assets of its participants, as well as keeping clear records regarding which Digital Assets belong to which participant; and

(f) identify, measure, monitor, and manage its risks from other activities that it may perform.

(6) A Digital Asset Trading Facility Operator acting as a Digital Asset Custodian must have systems and procedures to enable segregation and portability of the Clients’ assets.

(7) A Digital Asset Trading Facility Operator must:

(a) have segregation and portability arrangements to effectively protect the Clients’ assets;

(b) structure portability arrangements in a way that ensures there is a high probability that the assets of one party will be transferred to another party; and

(c) disclose any constraints, including legal and operational constraints, that may impair its ability to segregate or port the Clients’ assets.

2.13.8. Requirements for a Digital Asset Trading Facility Operator appointing a Third Party Digital wallet Service Provider

A Digital Asset Trading Facility Operator which appoints a Third Party Digital wallet Service Provider to provide custody of Digital Assets traded on its facility, must ensure that the Person is:

(1) an Authorised Firm appropriately authorised to be a Digital wallet Service Provider; or

(2) a Person which is appropriately regulated by a Financial Services Regulator to an equivalent level of regulation to that provided for under the AFSA regime for providing digital wallet services.

(3) When determining whether a Third Party wallet Service Provider is appropriate, the Digital Asset Trading Facility Operator must take into account:

(a) the expertise and reputation of the Third Party wallet Service Provider;

(b) the Third Party wallet Service Provider’s performance of its services to the Digital Asset Trading Facility Operator;

(c) the arrangements the Third Party wallet Service Provider has in place for holding and safeguarding Digital Assets;

(d) the capital or financial resources of the Third Party wallet Service Provider;

(e) the credit-worthiness of the Third Party wallet Service Provider;

(f) any other activities carried out by the Third Party wallet Service Provider; and

(g) anything else that could adversely affect rights of Members and Clients.

(4) A Digital Asset Trading Facility Operator must conduct on a regular basis, and least once every 2 months, reconciliations between its internal records and accounts of Digital Assets and those held by the Third Party Digital wallet Service Provider.

(5) If a Digital Asset Trading Facility Operator appoints a Third Party Digital wallet Service Provider, the Digital Asset Trading Facility Operator must accept the same level of responsibility to its Members and Clients and AFSA as would be the case if the Digital Asset Trading Facility Operator were holding the relevant Digital Assets directly.

Guidance:

If a Digital Asset Trading Facility Operator appoints a non-AIFC firm regulated by a Financial Services Regulator, it must undertake sufficient due diligence to establish that the non-AIFC firm is subject to an equivalent level of regulation as under the AFSA regime in respect of that service.

2.13.9. Requirements in relation to Hot and Cold Digital wallets

A Digital Asset Trading Facility Operator must ensure that not more than 30 % of the Retail Client’s Digital Assets are stored in Hot Digital wallets.

2.13.10. Obligation to report transactions

(1) A Digital Asset Trading Facility Operator must report to the AFSA details of transactions in Digital Assets traded on its facility which are executed, or reported, through its systems.

(2) The AFSA may, by written notice or guidance, specify:

(a) the information to be included in reports made under the preceding paragraph; and

(b) the manner in which such reports are to be made.

2.13.11. Obligation to report to the AFSA

(1) A Digital Asset Trading Facility Operator must submit to the AFSA a quarterly report that should include its financial statement, its income statement, a calculation of its relevant capital resources and a statement of its compliance and any non-compliance with these Rules.

(2) A Digital Asset Trading Facility Operator must provide the following information to the AFSA within 6 months after financial year end:

(a) the number of prospective clients which the Digital Asset Trading Facility Operator rejected during the reporting period;

(b) the number of Clients which were offboarded during the reporting period;

(c) the number of Clients where enhanced due diligence was applied;

(d) the total number of the Digital Asset Trading Facility Operator’s Clients;

(e) the number of Clients originating from a high risk jurisdiction;

(f) the number of Clients on-boarded on a face-to-face basis;

(g) a description of any changes to the Client onboarding process;

(h) the number of suspicious transaction reports filed during the reporting period;

(i) the number of individuals supporting the MLRO;

(j) when the Digital Asset Trading Facility Operator’s risk assessment was last updated and if there were any additional risks;

(j) (if applicable) the number of private keys held;

(k) (if applicable) whether Client’s Digital Assets are held with a third party custodian;

(l) whether the Digital Asset Trading Facility Operator forms part of a Group, and if so, the Group structure;

(m) whether the Digital Asset Trading Facility Operator entered into any resource sharing agreements and, if so, the names of the counterparty/company;

(n) whether the Digital Asset Trading Facility Operator outsources any of its functions and, if so, any changes to the functions outsourced and to which companies;

(o) an overview of any involvement of the Digital Asset Trading Facility Operator’s shareholders in the day-to-day operations of the Digital Asset Trading Facility Operator during the reporting period; and

(p) an overview of any instances of market abuse encountered by the Digital Asset Trading Facility Operator during the reporting period.

(3) The AFSA may request a Digital Asset Trading Facility to submit other returns. The AFSA from time to time may prescribe the required list of returns to be submitted and the returns templates to be used.

(4) Returns submitted to the AFSA must be signed by two (2) Approved Individuals and one of them must be approved to exercise the Finance Officer function.

2.13.12. Obligation to notify the AFSA

If a Digital Asset Trading Facility Operator becomes aware, or has a reasonable ground to believe, that it is or may be (or may be about to be) in breach of any of these Rules, it must:

(a) notify the AFSA in writing about the breach and the relevant circumstances immediately and not later than within 1 business day of becoming aware of it. 

Guidance:

In dealing with a breach, or possible breach, of this part, the AFSA’s primary concern will be the interests of existing and prospective members and clients, the potential adverse impact on market participants, and market stability. The AFSA recognises that there will be circumstances in which a problem may be resolved quickly, for example, by support from a parent entity, without jeopardising the interests of Members, Clients and other stakeholders. In such circumstances, it will be in the interests of all parties to minimise the disruption to the Digital Asset Trading facility Operator’s business. The AFSA will normally seek to work cooperatively with the Digital Asset Trading Facility Operator in stressed situations to deal with any problems. There will, however, be circumstances in which it is necessary to take regulatory action to avoid exposing market participants, Members, Clients and other stakeholders to the potential adverse consequences of the Digital Asset Trading Facility Operator’s Failure, and the AFSA will not hesitate to take appropriate action if it considers this necessary.

2.14.1. Restriction on own account transactions

(1) A Digital Asset Trading Facility Operator or any of its Associates may not execute an Own Account Transaction in a Digital Asset if it is expected to materially affect the price of the Digital Asset.

(2) For the purposes of this Rule:

(a) “Own Account Transaction” means a transaction Executed for the Digital Asset Trading Facility Operator’s own benefit or for the benefit of its Associate; and

(b) “Execute”, in relation to a transaction, means carrying into effect or performing the transaction, whether as principal or as agent, including instructing another Person to execute the transaction. 

(3) A Digital Asset Trading Facility Operator or any of its Associate must not use the Client’s Digital Assets for their own account or the account of any other Person unless:

(a) the Client has given express prior consent to such use of the Digital Assets on specified terms; and

(b) the use of that Client’s Digital Assets is restricted to the specified terms to which the Client consents.

2.14.2. Offer of incentives

If a Digital Asset Trading Facility Operator offers or provides to a Retail Client any incentive that influences, or is reasonably likely to influence, the Retail Client to trade in a Digital Asset or Digital Asset Derivative, it must comply with the requirements set out in Chapter 3 of the COB.

2.15.1. Prohibition on use of Privacy Tokens and Privacy Devices

A Person must not in or from the AIFC:

(a)            carry out a Regulated Activity relating to a Privacy Token or that involves the use of a Privacy Device;

(b)            make or approve a Financial Promotion relating to a Privacy Token; or

(c)            offer to the public a Privacy Token.