Entire Act

3.5. Policies, procedures, and public disclosures

3.5.1. Policies and procedures required for Digital Asset Service Providers

(1) A Digital Asset Service Provider carrying out a Regulated Activity of Advising on Investments must establish, implement and enforce appropriate written internal policies and procedures relating to the following:

(a) how it ensures the independent basis of its advice;

(b) how it explains the range of Digital Assets considered in providing its advice;

(c) how it ensures all Directors and Employees providing the relevant advice are sufficiently competent; and

(d) such other policies and procedures as the AFSA may require from time to time.

(2) A Digital Asset Service Provider carrying out Regulated Activities of Dealing in Investments as Principal or Agent must establish, implement and enforce appropriate written internal policies and procedures relating to the following:

(a) the prohibition, detection, prevention or deterrence of market offences and any other abusive practices within their business or using their services including, but not limited to, relevant internal rules, compliance programmes, sanctioning policies and powers;

(b) Execution and routing of Client orders;

(c) the ability of Clients to have access to and withdraw their Digital Assets including, but not limited to, during periods of high uncertainty or extreme volatility; and

(d) such other policies and procedures as the AFSA may require from time to time.

(3) A Digital Asset Service Provider carrying out a Regulated Activity of Providing Custody must establish, implement and enforce appropriate written internal policies and procedures relating to the following:

(a) the ability of Clients to have access to and withdraw their Digital Assets including, but not limited to, during periods of high uncertainty or extreme volatility; and

(b) such other policies and procedures as the AFSA may require from time to time.

(4) A Digital Asset Service Provider carrying on a Regulated Activity of Managing Investments must establish, implement and enforce appropriate written internal policies and procedures relating to the following:

(a) the ability of Clients to have access to and withdraw their Digital Assets including, but not limited to, during periods of high uncertainty or extreme volatility;

(b) their assessment of Client suitability for relevant products or services, including but not limited to the nature, features, costs, complexity and risks of investment services, Digital Assets or other financial instruments selected for their Clients;

(c) how they ensure all Directors and Employees Managing Investments to Clients are sufficiently competent;

(d) the nature and frequency of reports to be provided to Clients; and

(e) such other policies and procedures as the AFSA may require from time to time.

(5) All Digital Asset Service Providers specified in (1) to (4) must assess and, in any case, at least yearly review the effectiveness of their policies and procedures and take appropriate measures to address any deficiencies.

3.5.2. Public disclosures

(1) All Digital Asset Service Providers specified in (1) to (4) in DAA 3.5.1. must publish on their website in a prominent place or make available by other publicly accessible means:

(a) a detailed description of any actual or potential conflicts of interest arising out of their activities, and how these are managed; and

(b) their policies and procedures relating to data privacy, whistleblowing and handling of Client complaints.

(2) In addition to (1), a Digital Asset Service Provider carrying out a Regulated Activity of Advising on Investments must publish on their website in a prominent place or make available by other publicly accessible means:

(a) a statement of whether the Digital Asset Service Provider refers or introduces Clients to other Persons including, but not limited to, other Digital Asset Service Providers, and if so, a description of the terms of such arrangements, and the monetary or non-monetary benefits received by the Digital Asset Service Provider, including by way of reciprocation for any service or business; and

(b) a statement of whether the Digital Asset Service Provider has accounts, funds or Digital Assets maintained by a third party and if so, provide the identity of that third party.

(3) In addition to (1), a Digital Asset Service Provider carrying out Regulated Activities of Dealing in Investments as Principal or Agent must publish on their website in a prominent place or make available by other publicly accessible means:

(a) a statement as to the Digital Asset Service Provider’s arrangements for the protection of Clients’ ownership of assets held by the Digital Asset Service Provider;

(b) a statement of whether the Digital Asset Service Provider refers or introduces Clients to other Persons including, but not limited to, other Digital Asset Service Providers and, if so, a description of the terms of such arrangements and the monetary or non-monetary benefits received by the Digital Asset Service Provider, including by way of reciprocation for any service or business; and

(c) a statement of whether the Digital Asset Service Provider has accounts, funds or Digital Assets maintained by a third party and if so, provide the identity of that third party.

(4) In addition to (1), a Digital Asset Service Provider carrying out a Regulated Activity of Providing Custody must publish on its website in a prominent place or make available by other publicly accessible means a statement of whether the Digital Asset Service Provider has accounts, funds or Digital Assets maintained by a third party and if so, provide the identity of that third party.

(5) In addition to (1), a Digital Asset Service Provider carrying out a Regulated Activity of Managing Investments must publish on its website in a prominent place or make available by other publicly accessible means:

(a) a statement as to the ability of Clients to have access to and withdraw their Digital Assets, particularly in times of extreme volatility;

(b) a statement as to the Digital Asset Service Provider’s arrangements for the protection of Clients’ assets held by the Digital Asset Service Provider;

(c) a statement as to how it protects Client Digital Assets from a counterparty risk;

(d) a statement as to how in the course of Managing Investments, Client Digital Assets are used and how Clients’ interests in relation to those Digital Assets are thereby respected;

(e) a statement explaining that Client Digital Assets used by the Digital Asset Service Provider in the course of Managing Investments may be at risk, including the types and nature of such risks, and a statement on the likelihood and severity of any losses which may be suffered;

(f) a statement in relation to order execution by the Digital Asset Service Provider, which includes an explanation of how orders will be executed;

(g) a statement as to how liquidity risk is managed; and

(h) such other information as the AFSA may require from time to time.