Introduction

Why are we issuing this Consultation Paper (CP)?

1.The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to seek suggestions from the market on the amendments to the AIFC Rules and regulations to enhance the AIFC Digital Asset Trading Facility Framework.

Who should read this CP?

2.The proposals in this paper will be of interest to current and potential AIFC participants dealing with digital assets as well as the market and other stakeholders.

Terminology

3.Defined terms have the initial letter of the word capitalised, or of each word in a phrase. Definitions are set out in the Glossary Rules (GLO). Unless the context otherwise requires, where capitalisation of the initial letter is not used, the expression has its natural meaning.

What are the next steps?

4.We invite comments from interested stakeholders on the proposed framework. All commentsshould be in writing and sent to the addressor email specified below. If sending your comments by email, please use “Consultation Paper AFSA-L-CE-2023-0001” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

5.The deadline for providing comments on the proposed framework is 2 July 2023. Once we receive your comments, we shall consider if any refinements are required to this proposal.

6.AFSA prefers to receive comments by email at consultation@afsa.kz or posted to:

Policy and Strategy Division

Astana Financial Services Authority (AFSA)

55/17 Mangilik El, building C3.2, Astana, Kazakhstan

Structure of this CP

Part I – Background;

Part II – Issues; 

Part III – Best Practice;

Part IV – Proposals;

Part V – Public Consultation Questions;

Part VI – Outcomes.

Annex 1 - Draft AIFC Rules on Digital Asset Activities (Digital Asset Trading Facility framework);

Annex 2 – Consequential amendments to AIFC Regulations and Rules.

Background

1.Regulatory authorities globally are examining the issues surrounding trading of digital assets. The International Organization of Securities Commissions’ (“IOSCO”) in its March 2022 Decentralized Finance Report have raised concerns about key risks including market integrity, illicit activity and operational and technological risks. There are also other issues such as safekeeping and segregation of client assets, liquidity (or insolvency) risk, lack of disclosure and skills (experience, culture) on market surveillance function, risk of improper investor assessment, business continuity risk (prudential risk), pre- and post-trade processes, risk of arbitrage and inefficient price formation which regulators seek to address. The AFSA also examined its legal and regulatory framework based on risks and issues that were raised by jurisdictions around the world.

Based on our analysis, it is believed that the below factors require further enhancements of the framework:

1.  i.Market specifics and consequential risks; and
2. ii.Concerns of the current Digital Asset Trading Facility (“DATF”) framework structure.

2.Following the review of the AIFC DATF framework, AFSA issued a Consultation Paper on “Enhancements to Digital Asset Trading Facility framework” on 27 January 2023 to address the existing risks in the digital asset industry and consider options for restructuring the DATF framework.

3.Feedback received during the public consultation as well as initial examination of the DATF framework by AFSA were used to prepare this Consultation Paper on “Amendments to the AIFC Digital Asset Trading Facility framework”.

Issues

In light of the recent developments and reported failures of some cryptoexchanges, the AFSA considers taking measures in order to pursue its regulatory objectives. The absence of a clear legal and regulatory framework for digital assets may lead to a lack of investors’ confidence in those digital assets, which could significantly hinder the development of a market and could lead to missed opportunities in terms of innovative digital services or new funding sources for AIFC companies.

Regulatory authorities globally are examining the issues surrounding trading of digital assets. International Organization of Securities Commissions’ (“IOSCO”) in its March 2022 Decentralized Finance Report have raised concerns about key risks including market integrity, illicit activity and operational and technological risks. There are also other issues such as safekeeping and segregation of client assets, liquidity (or insolvency) risk, lack of disclosure and skills (experience, culture) on market surveillance function, risk of improper investor assessment, business continuity risk (prudential risk), pre- and post-trade processes, risk of arbitrage and inefficient price formation which regulators seek to address. The AFSA also examined its legal and regulatory framework based on risks and issues that were raised by jurisdictions around the world.

Based on our analysis, it is believed that the below factors require further enhancements of the framework:

(1)Market specifics and consequential risks; and

(2)Concerns of the current DATF framework structure.

Market specifics and consequential risks

There is a number of market factors that influence the level of risks originating from DATFs:

·Market capitalisation hit 2.6 trln. USD (2021) with subsequent fall to one third of value (to approximately one 1 trln. USD);

·A large number of Retail Investors (e.g., 6.2% of British citizens own cryptoassets);

·Increasing level of adoption of cryptocurrencies by traditional finance intermediaries. Many online retailers and some brick-and-mortar stores accept payment in crypto through payment service gateways and providers.

·Collapse of Luna and Terra (USD pegged algorithmic stablecoin) in Q2 2022 and FTX in Q4, demonstrating the high volatility of the asset class.

The above factors demonstrate the risks for consumer protection and financial stability from illicit activities, cyber threats and market abuse. These risks are only partially addressed by the existing mitigants or lack the appropriate and adequate measures, including

(1)money laundering and terrorist financing risks;

(2)risk of operational failure and cyber risk;

(3)conflict of interest risk;

(4)market abuse risk (market manipulation, misleading or other fraudulent and deceptive conduct);

(5)insufficient information available to the investors on trading rules;

(6)lack of information describing all relevant types of Digital Assets;

(7)insufficient knowledge by DATFs;

(8)counterparty risk and settlement finality risk;

(9)problems within DATF framework, i.e., inefficient structure of the framework, inefficient provisions, deficiencies revealed as a result of day-to-day supervision processes;

(10)structural issues with the DATF framework.

Concerns of current DATF framework’s structure

The ongoing supervision of cryptoexchanges revealed contradictions, inefficient provisions, and uncertain definitions within the regime. The AIFC DATF regime does not address all required risks that would be caused if/when FinTech Lab cryptoexchanges start operating under full authorisation regime. Another deficiency of the framework is its form, where DATF related rules are spread across various AIFC rules. This is known to be inconvenient to technology driven cryptoexchanges that do not have a regulatory compliance skillset and culture and prefer to have all requirements in one place.

Best Practice

The AIFC’s legal framework was assessed against the issues and risks specified in the IOSCO’s Final Report “Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms”. Guidance of other global standard setting bodies (e.g., the FATF and Financial Stability Board) has also been taken into account, and relevant suggestions / recommendations have been developed based on such guidance and best international practice. The Policy Paper mainly focuses on the analysis of regimes in such financial centres and jurisdictions as the Abu-Dhabi Global Market (“ADGM”), Dubai International Financial Centre (“DIFC”), and Bahrain that have comprehensive cryptoexchange regulatory frameworks. In addition, in some instances, references to best practices of other jurisdictions (Malaysia, the European Union, United States, and Japan) have been given.

Primarily, the legal framework of the ADGM is selected as a primary benchmark due to various common features such as:

(1)Similar status of international financial centre with risk-based regulation;

(2)Regulatory framework is generally based on the UK financial legal framework, principles and rules;

(3)Comprehensive regulatory framework for DATFs embracing many aspects of their activities (e.g., authorisation, fitness and propriety, conduct of business, anti-money laundering, prudential requirements and guidance);

(4)Previously AIFC followed the ADGM approach for DATF and DA regulations;

(5)Relatively mature DATFs regulatory framework that was implemented in 2018 and was subject to revisions;

(6)Relatively developed cryptomarket (multiple DATFs have been licenced by the ADGM’s Financial Services Regulatory Authority);

The other two benchmark jurisdictions are the DIFC and Bahrain. The DIFC introduced its Investment Token framework recently in October 2022 and its Crypto Token Framework in November 2022. The Bahraini framework has also the common financial center feature and is based on the UK financial legal framework. Bahrain adopted its DASPs and DA regulatory framework in 2019. Bahrain established a standalone crypto framework that is comprehensive, convenient in terms of navigation, has some commonalities with ADGM, but at the same time provides for many specific and tailored measures that address the risks of the DASP-related activities.

Unlike AIFC, where DATF is treated as an Authorised Market Institution, cryptoexchanges provide services under the Multilateral Trading Facility regime in the ADGM.

Proposals

1.    Risk mitigation measures

1.1. Governance

Digital Asset Service Providers should have internal controls in place with a view to establish risk management across its operations, departments, branches, and subsidiaries, both domestically and where relevant abroad. Those internal controls should include appropriate governance arrangements to establish clear responsibilities for the management of risks. These arrangements are scalable depending on the nature and size of the business, but for a cryptoexchange or large broker should include a board of directors, board committees and an executive team with a Chief Executive Officer, Chief Financial Officer, Chief Compliance Officer, Chief Risk Officer, Chief Technology Officer, and external/internal independent audit function. Some of these requirements are already set by the AIFC General Rules.

1.2.Risk of illicit activity

Following the analysis of AIFC AML regime, it was concluded that it has to be strengthened by a Travel Rule requirement, Guidance on AML aspects of DATF operations (e.g., setting criteria for Digital Assets admission to trading) and imposing bans on privacy tokens (fully anonymous digital assets).  

The rule, formally known as FATF Recommendation #16, requires DASPs to obtain, hold, and submit required originator and beneficiary information associated with Digital Asset transfers in order to identify and report suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities. Besides, AFSA proposed its approach to the transactions of DASPs with unhosted wallets and sunrise issue that follows FATF recommendations.

Finally, AFSA set a requirement on conducting due diligence by VASPs of its counterparties as per FATF recommendation #13.

1.3. Operational resilience and cyber security

Overall, the regulatory measures under the AIFC Rules are aimed at ensuring basic standards for technology governance to prevent operational disruptions and cyber threats within cryptoexchanges (systems and controls, outsourcing requirements, requirements for testing etc.). However, given the high cyber risks in the cryptosphere, the regulatory protections have some deficiencies. Therefore, the following measures are suggested:

(1)  impose mandatory independent third-party audit of technology governance and IT systems of all DASPs; set a criteria for the independent third-party auditors and define scope of the audit;

(2)  requirement to make a mandatory appointment of Chief Information Technology Officer;

(3) regulate the types of wallet solutions (hot vs cold wallet) for Digital Asset custody through a guidance; the Paper suggests setting expectations under the Guidance for storage of DAs in cold wallet or using other alternative solutions that ensure high standards of security and resilience.

(4)  extend the COB Chapter 4 on Client agreement and Key Information on DATF regime;

(5)  impose additional obligations for providing DA custody services (e.g., informing client on confirmation of successful transfer of DA, on final fees and charges, set out in Client agreement the legal grounds for cryptoexchange to stop and restrict client access to its services). 

1.4. Safekeeping and segregation of client assets

There is a high risk of co-mingling of cryptoexchanges’ DAs with those of their clients and there are concerns with proper record-keeping procedures in cryptoexchanges. Measures proposed below will enhance segregation, reconciliation and accurate accounting requirements:

(1)  application of COB 8 Client investment rules on DATF (proposal considered when a problem of treatment of cryptoexchanges as Regulated or Market activity is analyzed below);

(2)  substitute the term “Digital Asset Depository” with the term “Providing (Digital Asset) Custody” services; and

(3)  daily reconciliation of Digital Asset balances requirements.

1.5. Conflict of interests

Existing cryptoexchanges’ business models that combine custody, market making, settling and clearing services are highly exposed to conflicts of interest risk. The current regulatory measures against this risk are not efficient since conflict of interests rules under COB are not applicable to DATF activity. Hence, this Paper proposes to extend existing conflicts of interests Rules under COB on DATF.

Additionally, AFSA suggests to allow proprietary trading for DATF on its own platform. Proprietary trading by cryptoexchanges is a prevailing practice in many markets abroad, used for creating liquidity on its own platform. Given that the AIFC cryptoexchange market is at the early stage of development, this approach may have positive effects such as decreased price volatility and attraction of investors. Furthermore, to avoid the comingling of the traditional finance activities with activities of DASPs, AFSA proposes a prohibition for traditional services Operating an Exchange to admit and trade Digital Assets.  

1.6. Market Abuse

Trading on cryptoexchanges globally has attracted various market abuse practices, whereas the measures are generic and lack the clarity on applicability of the separate and comprehensive rules against market abuse on DATF and Digital Assets. Thus, the applicability of Market Abuse provisions under AIFC Market Rules to DATF and Digital Assets is clearly defined. Additional mitigants concern imposing requirement on DATF to monitor its own forums to avoid market manipulation.

1.7. Disclosures to investors

The process of admission to trading would require the DATF to prepare a report on Digital Asset in the form of a white paper but additionally with non-technical details for AFSA’s approval.

In regard to the lack of specific rules on disclosures of data on specific features of Digital Assets (e.g., hacking vulnerabilities, traceability of Digital Assets), that is mitigated by imposing a requirement on DASPs to disclose a Key Features Document (KFD or “Digital Asset Prospectus”) prior to providing services to clients. KFD may provide data on key issuers, design team of the Digital Assets, underlying technology, valuation of the Digital Assets, volatility, fraud, hacking risks, and other relevant topics.

1.8.Pre- and post-trade processes

In addition to the existing requirements on cryptoexchanges to disclose trade data prior to and after the trades, it is proposed that DATFs have to disclose additional pre-trade data, in the form of volume of bid and offer, and the depth of trading interest shown at the prices and volumes advertised to participants.

Further, the proposed amendments is also aimed at providing an exemption from pre-trade transparency for participants that intend to enter into large trades (e.g., large orders of institutional investors that do not wish such orders to be displayed) that will benefit the certain large players.

1.9. Retail Clients protections

Retail clients have a direct access to the DATF platform. Therefore, direct investing in digital assets that are risky and volatile, exposes the retail consumers to the high risks and losses. Existing measures to protect Retail clients under AIFC DATF framework will be complemented by:

·retaining investment limits to digital assets on retail clients – residents of Kazakhstan, whereas no investment limits will be applicable on non-residents of Kazakhstan. However, non-residents of Kazakhstan will be subject to appropriateness assessment by the DATF Operator prior to allowing access to trading.

·Prohibition to use the Digital Asset Derivative products, unless Retail Clients residents of Kazakhstan successfully pass appropriateness assessment by the DATF Operator.

2.    Further enhancement of the existing DATF framework

During our analysis, several policy matters were identified that are suggested to be changed. 

2.1.Regulated vs Market activity

The fundamental aspect of the regulatory regime is treatment of the cryptoexchange either as a market or regulated activity. Currently, cryptoexchanges are considered an Authorised Market Institution, however direct access of investors to a cryptoexchange without traditional brokers weakens its market infrastructure features. The business practices of cryptoexchanges require them to combine additional custody and proprietary trading services (meaning direct interaction with clients), therefore, it is concluded that qualifying the cryptoexchange as a regulated firm is more appropriate.

2.2. Net asset test

It is proposed to allow investors to provide evidence of owning Digital Assets as part of their net assets for the professional investor eligibility test. Specifically, it is proposed to recognise Approved Digital Assets in the net asset test with 70% haircut for unbacked Digital Assets (e.g., Bitcoin) or without a haircut for regulated fiat stablecoins (e.g., USD Coin or Tether).

2.3.“Green list”

The existing DATF regulatory regime requires the approval of Digital Assets for trading on cryptoexchange by the AFSA. To increase efficiency in the course of assessment, the Paper proposes a criteria-based process that leads to the inclusion of Digital Asset on a “green list”. These criteria may include maturity / market capitalisation, security, traceability of the Digital Asset, support of Digital Assets by other cryptoexchnages, security and usability of distributed ledger technology, innovation / efficiency, and practical application/functionality. AFSA may publish the so-called green list of the Approved Digital Assets on its website, and regularly review it.

This Paper proposes to impose a requirement on DATFs to notify the AFSA 10 days before admission of a Digital Asset to trading and confirm that it has available tools to trace the specific Digital Asset transaction on its underlying blockchain. In addition, the Paper proposes to impose a requirement on DATFs to notify the AFSA if DATFs become aware of significant developments that may result in the Digital Asset no longer qualifying as an Approved Digital Asset (e.g., cyber risks, or privacy features making the Digital Asset transaction non-traceable or fully-anonymous).

2.4. Considering DATF framework restructuring

One of the deficiencies of the existing framework is its form, where DATF related rules are spread across various AIFC Rules. This is known to be inconvenient to technology driven cryptoexchanges that do not have a high-level regulatory compliance skillset and culture and prefer to have all requirements in one place.

Therefore, analysis suggested three options for the restructuring of the existing DAFT Framework:

Option 1 – Keeping the existing framework form; or

Option 2 – Developing a standalone DATF framework; or

Option 3 – Treatment of cryptoexchanges as an MTF.

As a result of review of the options, it is proposed to select the most user-friendly and comprehensive approach - option 2, where a single Rulebook brings together all provisions from other rulebooks with necessary adjustments for Digital Asset and DATF activity.

Public consultation questions

In the course of public consultation, existing and potential market participants will be invited to comment on the following questions:

(1)AFSA invites comments on the draft Rules on Digital Asset Activities and consequential amendments set out in the paper.

(2)Are there any new provisions or amendments that are not clear? What are they and what is your interpretation of them? How would you recommend addressing the lack of clarity?

(3)How much time will your business need to make itself compliant with the proposed amendments?

(4)AFSA invites comments on the proposed DATF rulebook restructuring.

(5)What is your view on the proposed capital requirements?

(6)Do you agree with our proposal to insert provisions in the Rules which will outline requirements in relation to the composition, structure, duties, and powers as well as skills, experience and qualifications of the members of the Board of Directors? Do you think there is a need to add provisions which will specify the minimum number of independent directors? If so, how many independent directors you think will be the optimal number?

(7)What do you think about the proposed requirements in relation to the IT systems and technology governance?

(8)What is your view on the approval process of the Digital Assets to trading? Do you agree that DATF Operators should analyse and decide themselves whether to admit Digital Assets to trading?

(9)Do you agree with the proposed restrictions and prohibitions?

(10)Do you agree with our proposal to specify in the Rules the residency requirement (i.e. to be residents in the Republic of Kazakhstan) for certain Approved Individuals?

Outcomes

It is expected that the implementation of the Amendments to the AIFC Digital Asset Trading Facility framework by the AFSA will help:

1) address and mitigate risks originating from cryptoexchanges’ operations and cryptoasset industry in general;

2) address contradictions, inefficient requirements, unclear provisions of the existing framework;

3) create favorable regime for cryptoexchange business in the AIFC, encouraging innovation in digital assets and contributing to the development of crypto-asset ecosystem in Kazakhstan.

This will collectively help to create a clear, convenient, efficient, detailed and balanced AIFC DATF framework with high standards for consumer protection, without hindering development of cryptoexchanges.

Annex 1

1.GENERAL

1.1.Application of these Rules

These Rules, which may be cited as the AIFC Rules on Digital Asset Activities (“DAA”), apply to a Person carrying on, in or from the AIFC, the following Regulated Activities in relation to Digital Assets:

(a)Dealing in Investments as Principal;

(b)Dealing in Investments as Agent;

(c)Managing Investments;

(d)Managing a Collective Investment Scheme;

(e)Providing Custody;

(f)Arranging Custody;

(g)Advising on Investments;

(h)Arranging Deals in Investments;

(i)Providing Money Services; and

(j)Operating a Digital Asset Trading Facility.

Guidance:

The following activities do not constitute Operating a Digital Asset Business:

(a) trading of Digital Assets for the Person’s own investment purposes; or

(b) any other activity or arrangement that is deemed by the AFSA to not constitute Operating a Digital Asset business, where necessary and appropriate in order for the AFSA to pursue its objectives.

2.RULES APPLICABLE TO DIGITAL ASSET TRADING FACILITY OPERATORS

This Chapter 2 applies to all Digital Asset Trading Facility Operators.

Guidance

A Digital Asset Trading Facility Operator is an Authorised Firm to which the following provisions of the Constitutional Statute, GEN, COB, AML, MAR are applicable either directly or in respect of its officers and Employees who are Approved Individuals or Designated Individuals:

Article 4-1 of the Constitutional Statute;

AML (in whole);

Chapter 2 (Client classification) of the COB;

Chapter 3 (Communications with Clients and Financial Promotions) of the COB;

Chapter 4 (Key information and client agreement) of the COB;

Chapter 7 (Conflicts of interest) of the COB;

Chapter 8 (Client Assets) of the COB;

Chapter 9 (Reporting to Clients) of the COB;

Chapter 15 (Complaints handling and dispute resolution) of the COB;

Chapter 5 (Market Abuse) of the MAR;

Chapter 2 (Controlled and Designated Functions) of the GEN;

Chapter 3 (Control of Authorised Persons) of the GEN;

Chapter 4 (Core Principles) of the GEN;

Chapter 5 (Systems and Controls) of the GEN;

Chapter 6 (Supervision) of the GEN; and

Rules on Currency Regulation and Provision of Information on Currency Transactions in the AIFC.

2.1.Authorisation

(1) A Person wishing to carry on the Regulated Activity of Operating a Digital Asset Trading Facility must be an Authorised Firm licensed by the AFSA.

(2) A Person wishing to carry on the Regulated Activity of Operating a Digital Asset Trading Facility must submit to the AFSA relevant policies and controls.

2.2.Requirements for Digital Asset Trading Facility Operator authorisation

The AFSA may not grant authorisation or variation to operate a Digital Asset Trading Facility unless the applicant satisfies all of the following requirements:

(1)general authorisation requirements applicable to the applicant under the Framework Regulations and other applicable rules, and

(2)the applicant must ensure that it maintains at all times capital resources in the amount specified in Table 1 by reference to the activity that the Authorised Firm is licensed to conduct or, if it is authorised to conduct more than one such activity, the amount that is the higher or highest of the relevant amounts in Table 1.

Table 1

2.3.Governance

2.3.1.     Mandatory appointments

A Digital Asset Trading Facility Operator must make the following appointments and ensure they are held by the relevant Approved or Designated Individuals at all times:

(1)the Senior Executive Officer;

(2)Finance Officer;

(3)Compliance Officer;

(4)Risk Manager; and

(5)Money Laundering Reporting Officer.

In addition, a Digital Asset Trading Facility Operator must appoint a Chief Information Technology Officer, who is an individual responsible for its ongoing information technology (“IT”) operations, maintenance and security oversight to ensure that the Digital Asset Trading Facility Operator’s IT systems are reliable and adequately protected from external attack or incident.

2.3.2.     Board of Directors of a Digital Asset Trading Facility Operator

(1) A Digital Asset Trading Facility Operator must have an effective Board of Directors which is collectively accountable for ensuring that the Digital Asset Trading Facility Operator’s business is managed prudently and soundly.

(2) The AFSA may issue guidance on the requirements relating to Board composition, structure, duties and powers as well as skills, experience and qualifications of Directors, and other relevant requirements.

(3) The Board must ensure that there is a clear division between its responsibility for setting the strategic aims and undertaking the oversight of the Digital Asset Trading Facility Operator and the senior management’s responsibility for managing the Digital Asset Trading Facility Operator’s business in accordance with the strategic aims and risk parameters set by the Board.

(4) The Board and its committees must have an appropriate balance of skills, experience, independence, and knowledge of the Digital Asset Trading Facility Operator’s business, and adequate resources, including access to expertise as required and timely and comprehensive information relating to the affairs of the Digital Asset Trading Facility Operator.

(5) The Board must ensure that the Digital Asset Trading Facility Operator has an adequate, effective, well-defined and well-integrated risk management, internal control and compliance framework.

(6) The Board must ensure that the rights of shareholders are properly safeguarded through appropriate measures that enable the shareholders to exercise their rights effectively, promote effective dialogue with shareholders and other key stakeholders as appropriate, and prevent any abuse or oppression of minority shareholders.

(7) The Board must ensure that the Digital Asset Trading Facility Operator’s financial and other reports present an accurate, balanced and understandable assessment of the Digital Asset Trading Facility Operator’s financial position and prospects by ensuring that there are effective internal risk control and reporting requirements.

(8) A Director of the Digital Asset Trading Facility Operator must act:

(a)on a fully informed basis;

(b) in good faith;

(c) honestly;

(d) with due skill, care and diligence; and

(e) in the best interests of the Digital Asset Trading Facility Operator and its shareholders and Clients. 

2.4.Technology resources

2.4.1.     Sufficient resources

A Digital Asset Trading Facility Operator must have sufficient technology resources to continually operate, maintain, and supervise its facility.

2.4.2.     Confidentiality

A Digital Asset Trading Facility Operator must take reasonable steps to ensure that its information, records and data are secure, and the confidentiality is maintained.

2.4.3.     Cyber-security

A Digital Asset Trading Facility Operator must take reasonable steps to ensure that its IT systems are reliable and adequately protected from external attack or incident.

2.4.4.     Cyber-security policy

(1) A Digital Asset Trading Facility Operator must implement a written cyber-security policy setting forth its policies and procedures for the protection of its electronic systems and Members and counterparty data stored on those systems, which shall be reviewed and approved by the Digital Asset Trading Facility Operator’s Governing Body at least on an annual basis.

(2) The cyber-security policy must, as a minimum, address the following areas:

(a) information security;

(b) data governance and classification;

(c) access controls;

(d) business continuity and disaster recovery planning and resources;

(e) capacity and performance planning;

(f) systems operations and availability concerns;

(g) systems and network security;

(h) systems and application development and quality assurance;

(i) physical security and environmental controls;

(j) customer data privacy;

(k) vendor and third-party service provider management; and

(l) incident response.

(3) A Digital Asset Trading Facility Operator must inform the AFSA immediately if it becomes aware, or has reasonable grounds to believe, that a significant breach by any Person of its cyber-security policy may have occurred or may be about to occur.

2.4.5.     On-going monitoring

For the purposes of meeting the requirement in DAA 2.4.1, a Digital Asset Trading Facility Operator must have adequate procedures and arrangements for the evaluation, selection and on-going maintenance and monitoring of IT systems. Such procedures and arrangements must, at a minimum, provide for:

(a) incident and problem management and system change;

(b) testing IT systems before live operations in accordance with the requirements in DAA 2.4.6. and 2.4.7;

(c) real time monitoring and reporting on system performance, availability and integrity; and

(d) adequate measures to ensure:

(i) the IT systems are resilient and not prone to failure;

(ii) business continuity in the event that an IT system fails;

(iii) protection of the IT systems from damage, tampering, misuse or unauthorised access; and

(iv)the integrity of data forming part of, or being processed through, IT systems.

2.4.6.     Testing of technology systems

A Digital Asset Trading Facility Operator must, before commencing live operation of its IT systems or any updates thereto, use development and testing methodologies in line with internationally accepted testing standards in order to test the viability and effectiveness of such systems. For this purpose, the testing must be adequate for the Digital Asset Trading Facility Operator to obtain reasonable assurance that, among other things the systems:

(a)enable it to comply with all the applicable requirements on an on-going basis;

(b)can continue to operate effectively in stressed market conditions;

(c)have sufficient electronic capacity to accommodate reasonably foreseeable volumes of messaging and orders;

(d) are adequately scalable in emergency conditions that might threaten the orderly and proper operations of its facility; and

(e)embed any risk management controls, such as generating automatic error reports, work as intended.

2.4.7.     Testing relating to Members’ technology systems

(1) A Digital Asset Trading Facility Operator must implement standardised conformance testing procedures. A Digital Asset Trading Facility Operator must ensure that the systems which its Members are using to access facilities operated by it have a minimum level of functionality that is compatible with its IT systems and will not pose any threat to fair and orderly conduct of its facility.

(2) A Digital Asset Trading Facility Operator must also require its Members, before commencing live operation of any electronic trading system, user interface or a trading algorithm, including any updates to such arrangements, to use adequate development and testing methodologies to test the viability and effectiveness of their systems, to include system resilience and security.

(3) For the purposes of (2), a Digital Asset Trading Facility Operator must require its Members:

(a) to adopt trading algorithm tests, including tests in a simulation environment which are commensurate with the risks that such a strategy may pose to itself and to the fair and orderly functioning of the facility operated by the Digital Asset Trading Facility Operator; and

(b)not to deploy trading algorithms in a live environment except in a controlled and cautious manner.

(4) The requirements in (1)-(3) do not apply to the Member of a Digital Asset Trading Facility Operator if the Member is a Body Corporate or an individual (natural person) that carries on the activity solely as principal.

2.4.8.     Regular review of systems and controls

(1) A Digital Asset Trading Facility Operator must undertake annual review and updates of its IT systems and controls as appropriate to the nature, scale and complexity of its operations, the diversity of its operations, the volume and size of transactions, and the level of risk inherent with its business

(2)For the purposes of (1), a Digital Asset Trading Facility Operator must adopt well defined and clearly documented development and testing methodologies which are in line with internationally accepted testing standards.

2.4.9.     Mandatory third-party audit of technology governance and IT systems

(1) A Digital Asset Trading Facility Operator is required to undergo a qualified independent third-party technology governance and IT audit to conduct vulnerability assessments and penetration testing at least on an annual basis.

(2) A Digital Asset Trading Facility Operator must provide the results of technology governance and IT assessments and tests to the AFSA upon its request.

(3) The AFSA may publish a list of requirements that should be met by qualified auditors who conduct independent third-party technology governance and IT audit.

Guidance:

Credentials which indicate a qualified independent third-party auditor is suitable to conduct audit of technology governance and IT systems may include:

(1) designation as a Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) by the Information Systems Audit and Control Association (ISACA); or

(2) designation as a Certified Information Systems Security Professional (CISSP) by the International Information System Security Certification Consortium (ISC); or

(3) accreditation by a recognised and reputable body to certify compliance with relevant ISO/IEC 27000 series standards; or

(4) accreditation by the relevant body to certify compliance with the Kazakhstani standards in the area of information (cyber) security.

2.4.10. Systems and controls

(1) A Digital Asset Trading Facility Operator must ensure that it has appropriate systems and controls to address the risks to their business. Such systems and controls should be developed considering such factors as the nature, scale and complexity of the Digital Asset Trading Facility Operator’s business, the diversity of its operations, the volume and size of transactions, and the level of risk inherent with its business.

(2) A Digital Asset Trading Facility Operator must, as a minimum, have in place systems and controls with respect to the procedures describing the creation, management and control of Digital wallets and private keys.

(3) A Digital Asset Trading Facility Operator must have adequate systems and controls to enable it to calculate and monitor its capital resources and its compliance with the requirements in DAA 2.2.(2). The systems and controls must be in writing and must be appropriate for the nature, scale and complexity of the Digital Asset Trading Facility Operator’s business and its risk profile.

2.4.11. Technology governance

A Digital Asset Trading Facility Operator must, as a minimum, have in place systems and controls with respect to the following:

(a) Procedures describing the creation, management and controls of Digital Asset wallets, including:

(i) wallet setup/configuration/deployment/deletion/backup and recovery;

(ii) wallet access management;

(iii) wallet user management;

(iv) wallet rules and limit determination, review and update; and

(v) wallet audit and oversight.

(b) Procedures describing the creation, management and controls of private and public keys, including, as applicable:

(i) private key generation;

(ii) private key exchange;

(iii) private key storage;

(iv) private key backup;

(v) private key destruction;

(vi) private key access management;

(vii) public key sharing; and

(viii) public key re-use.

(c) Systems and controls to mitigate the risk of misuse of Digital Assets, setting out how

(i) the origin of Digital Assets is determined, in case of an incoming transaction; and

(ii) the destination of Digital Assets is determined, in case of an outgoing transaction.

(d) A security plan describing the security arrangements relating to:

(i) the privacy of sensitive data;

(ii) networks and systems;

(iii) cloud based services;

(iv) physical facilities; and

(v) documents, and document storage.

(e) A risk management plan containing a detailed analysis of likely risks with both high and low impact, as well as mitigation strategies. The risk management plan must cover, but is not limited to:

(i) operational risks;

(ii) technology risks, including ‘hacking’ related risks;

(iii) market risk for each Digital Asset admitted to trading; and

(iv) risk of Financial Crime.

2.5.Requirements applicable to a Digital Asset Trading Facility Operator

2.5.1.     Business Rules, Membership Rules and Admission to Trading Rules

A Digital Asset Trading Facility Operator must prepare Business Rules, Admission to Trading Rules, and Membership Rules (the “DATF Operator’s Rules”).

2.5.2.Content of Business Rules

A Digital Asset Trading Facility Operator’s Business Rules must:

(a) be based on objective criteria;

(b) be non-discriminatory;

(c) be clear and fair;

(d) set out the Members’ and other participants’ obligations:

(i) arising from the Digital Asset Trading Facility Operator’s constitution and other administrative arrangements;

(ii) when undertaking transactions on its facility; and

(iii) relating to professional standards that must be imposed on staff and agents of the Members and other participants when undertaking transactions on its facility;

(e) be made publicly available free of charge;

(f) contain provisions for the resolution of Members’ and other participants’ disputes and an appeal process from the decisions of the Digital Asset Trading Facility Operator, whether by an internal but independent body or otherwise; and

(g) contain disciplinary procedures, including any sanctions that may be imposed by the Digital Asset Trading Facility Operator against its Members and other participants.

2.5.3.Monitoring and enforcing compliance with Business Rules

The Digital Asset Trading Facility Operator must have effective arrangements for monitoring and enforcing compliance with its Business Rules including procedures for:

(a) prompt investigation of complaints made to the Digital Asset Trading Facility Operator about the conduct of Persons in the course of using the Digital Asset Trading Facility Operator’s facility; and

(b) where appropriate, disciplinary action resulting in financial and other types of penalties.

2.5.4.Financial penalties

Where arrangements made pursuant to DAA 2.5.3. include provision for requiring the payment of financial penalties, they must include arrangements for ensuring that any amount so paid is applied only in one or more of the following ways:

(a) towards meeting expenses incurred by the Digital Asset Trading Facility Operator in the course of the investigation of the breach or course of conduct in respect of which the penalty is paid, or in the course of any appeal against the decision of the Digital Asset Trading Facility Operator in relation to that breach or course of conduct; or

(b) for the benefit of users of the Digital Asset Trading Facility Operator's facility.

2.5.5.Appeals

Arrangements made pursuant to DAA 2.5.3. must include provision for fair, independent and impartial resolution of appeals against decisions of the Digital Asset Trading Facility Operator.

2.5.6.Membership Rules

The Membership Rules of a Digital Asset Trading Facility Operator must specify the obligations imposed on users or Members of its facility arising from:

(a) the constitution and administration of the Digital Asset Trading Facility Operator;

(b) where appropriate rules relating to transactions on its trading venues;

(c) admission criteria for Members;

(d) where appropriate rules and procedures for clearing and settlement of transactions; and

(e) where appropriate rules and procedures for the prevention of Market Abuse, money laundering and Financial Crime.

2.5.7.Admission to Trading Rules

(1) A Digital Asset Trading Facility Operator must make clear and transparent rules concerning the admission of Digital Assets to trading on its facility.

(2) The Admission to Trading Rules of the Digital Asset Trading Facility Operator must ensure that:

(a) Digital Assets admitted to trading on a facility of the Digital Asset Trading Facility Operator are capable of being traded in a fair, orderly and efficient manner; and

(b) Digital Assets admitted to trading on a facility of the Digital Asset Trading Facility Operator are freely negotiable.

2.5.8.     Consultation

(1) A Digital Asset Trading Facility Operator must seek prior approval of any of the DATF Operator’s Rules and of amendments to any of its Rules by:

(a) making such Rules available to public for consultation for no less than 30 days; and

(b) obtaining approval of the AFSA.

(2) For these purposes, a Digital Asset Trading Facility Operator must publish a consultation paper setting out:

(a) the text of both the proposed amendment and the current version of the rules that are to be amended;

(b) the reasons for proposing the amendment; and

(c) a reasonable consultation period, which must not be less than thirty calendar days after the date of publication, within which Members and other stakeholders may provide comments.

The Digital Asset Trading Facility Operator must lodge with the AFSA the consultation paper no later than the time when it is released for public comment.

(3) The AFSA may, if it considers on reasonable grounds that it is appropriate to do so, require the Digital Asset Trading Facility Operator to extend its proposed period of public consultation specified in the consultation paper.

(4) A Digital Asset Trading Facility Operator must:

(a) facilitate, as appropriate, informal discussions on the proposed amendment with Members and other stakeholders including any appropriate representative bodies of such Persons; 

(b) consider the impact the proposed amendment has on the interests of its Members and other stakeholders; and

(c) have proper regard to any public comments received.

(5) Following public consultation, a Digital Asset Trading Facility Operator must publish the final version of any of the DATF Operator’s Rules and consider whether it would be appropriate to discuss the comments received and any amendments made before publication.

(6) A Digital Asset Trading Facility Operator must have procedures in place to ensure that the relevant of its Rules are monitored and enforced.

2.5.9.     Waiver of consultation requirement

The AFSA may dispense with the requirement in DAA 2.5.2(2)(a) in cases of emergency, force majeure, typographical errors, minor administrative matters, or to comply with applicable laws. A Digital Asset Trading Facility Operator must have procedures for notifying users of these amendments for which the ASFA has dispensed with public consultation.

2.5.10. Review of Rules

In determining whether a Digital Asset Trading Facility Operator’s procedures for consulting Members and other users of its facilities are appropriate, the AFSA may have regard to:

(a) the range of Persons to be consulted by the Digital Asset Trading Facility Operator under those procedures; and

(b) the extent to which the procedures include:

(i) informal discussions at an early stage with users of the Digital Asset Trading Facility Operator’s facility or appropriate representative bodies;

(ii) publication to users of the Digital Asset Trading Facility Operator’s facility of a formal consultation paper which includes clearly expressed reasons for the proposed changes and an appropriately detailed assessment of the likely costs and benefits;

(iii) adequate time for users of its facility to respond to the consultation paper and for the Digital Asset Trading Facility Operator to take their responses properly into account;

(iv) adequate arrangements for making responses to consultation available for inspection by users of its facility, unless the respondent requests otherwise; and

(v) adequate arrangements for ensuring that the Digital Asset Trading Facility Operator has proper regard to the representations received.

2.6.Membership

2.6.1.     Persons eligible for Membership

A Digital Asset Trading Facility Operator may only admit as a Member a Person who satisfies admission criteria set out in its Membership Rules and which is:

(a) an Authorised Firm whose Licence permits it to carry on the Regulated Activities of Dealing in Investments as Principal and Dealing in Investments as Agent;

(b) a Recognised Non-AIFC Member; or

(c) a Body Corporate or an individual (natural person) which carries on the activity solely as principal.

2.6.2.     Admission criteria

(1) A Digital Asset Trading Facility Operator must ensure that access to its facility is subject to criteria designed to protect the orderly functioning of the market and the interests of investors. 

(2) A Digital Asset Trading Facility Operator may only give access to or admit to membership a Person who:

(a) is fit and proper and of good repute;

(b) if applicable, has a sufficient level of ability, competence and experience, including appropriate standards of conduct for its staff; and

(c) if applicable, has adequate organisational arrangements, including financial and technological resources.

(3) In assessing whether access to a Digital Asset Trading Facility Operator’s facility is subject to criteria designed to protect the orderly functioning of the market or of those facilities and the interests of investors, the AFSA may have regard to whether:

(a) the Digital Asset Trading Facility Operator limits access as a Member to such Persons:

(i) over whom it can with reasonable certainty enforce its rules contractually;

(ii) who have sufficient technical competence to use its facilities; and

(iii) if appropriate, who have adequate financial resources in relation to their exposure to the Digital Asset Trading Facility Operator;

(b) indirect access to the Digital Asset Trading Facility Operator’s facility is subject to suitable criteria, remains the responsibility of a Member of the Digital Asset Trading Facility Operator and is subject to the Digital Asset Trading Facility Operator’s rules; and

(c) the Operator’s rules:

(i) set out the design and operation of the Digital Asset Trading Facility Operator’s relevant systems;

(ii) set out the risk for Members and other users when accessing and using the Operator’s facilities;

(iii) contain provisions for the resolution of Members’ and other users’ disputes and an appeal process for the decisions of the Digital Asset Trading Facility Operator;

(iv) contain disciplinary proceedings, including any sanctions that may be imposed by the Digital Asset Trading Facility Operator against its Members and other users; and

(v) set out other matters necessary for the proper functioning of the Digital Asset Trading Facility Operator and the facilities operated by it.

2.6.3.     Lists of users or Members

A Digital Asset Trading Facility Operator must make arrangements to provide the AFSA quarterly with a list of users or Members of its facility.

2.6.4.     Undertaking to comply with AFSA rules

A Digital Asset Trading Facility Operator may not admit a Recognised Non-AIFC Member as a Member unless it:

(a) agrees in writing to submit unconditionally to the jurisdiction of the AFSA in relation to any matters which arise out of or which relate to its use of the facility of the Digital Asset Trading Facility Operator; 

(b) agrees in writing to submit unconditionally to the jurisdiction of the AIFC Court in relation to any disputes, or other proceedings in the AIFC, which arise out of or relate to its use of the facility of the Digital Asset Trading Facility Operator;

(c) agrees in writing to subject itself to the Acting Law of the AIFC in relation to its use of the facility of the Digital Asset Trading Facility Operator; and

(d) where the Recognised Non-AIFC Member is incorporated outside the Republic of Kazakhstan, appoints and maintains at all times, an agent for service of process in the AIFC.

2.7.Direct Electronic Access

2.7.1.Direct Electronic Access to the facility

For the purposes of these Rules, Direct Electronic Access means any arrangement, such as the use of the Member's trading code, through which a Member or the Clients of that Member are able to transmit electronically orders relating to Digital Assets directly to the facility provided by the Digital Asset Trading Facility Operator and includes arrangements which involve the use by a Person of the infrastructure of the Digital Asset Trading Facility Operator or the Member or Client or any connecting system provided by the Digital Asset Trading Facility Operator or Member or Client, to transmit the orders and arrangements where such an infrastructure is not used by a Person.

Guidance:

A Person who is permitted to have Direct Electronic Access to a Digital Asset Trading Facility Operator's facility through a Member is not, by virtue of such permission, a Member of the Digital Asset Trading Facility Operator.

2.7.2.Permitting Members that are Body Corporates to provide Direct Electronic Access to clients

(1) This rule applies if a Digital Asset Trading Facility Operator proposes to permit a Member that is a Body Corporate to provide its clients Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility.

(2) A Digital Asset Trading Facility Operator may permit a Member to provide its clients Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility only if:

(a) the clients meet the suitability criteria established by the Member in order to meet the requirements in DAA 2.7.3;

(b) the Member retains responsibility for the orders and trades executed by its clients who are using Direct Electronic Access; and

(c) the Member has adequate mechanisms to prevent its clients placing or executing orders using Direct Electronic Access in a manner that would result in the Member exceeding its position or margin limits.

2.7.3.     Criteria, standards and arrangements for providing Direct Electronic Access to clients of Members that are Body Corporates

(1) A Digital Asset Trading Facility Operator which permits its Members to provide its clients Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility under DAA 2.7.2. must:

(a) set appropriate standards regarding risk controls and thresholds on trading through Direct Electronic Access;

(b) be able to identify orders and trades made through Direct Electronic Access; and

(c) if necessary, be able to stop orders or trades made by a client using Direct Electronic Access provided by the Member without affecting the other orders or trades made or executed by that Member.

(2) A client who is permitted to have Direct Electronic Access to a Digital Asset Trading Facility Operator’s facility through a Member is not, by virtue of such permission, a Member of the Digital Asset Trading Facility Operator. However, such client is subject to the jurisdiction of the Digital Asset Trading Facility Operator.

(3) In determining whether a Digital Asset Trading Facility Operator has adequate arrangements to permit Direct Electronic Access to its facility and to prevent and resolve problems likely to arise from the use of electronic systems to provide indirect access to its facility to Persons other than the Digital Asset Trading Facility Operator’s Members, the AFSA may have regard to:

(a) the rules and guidance governing Members’ procedures, controls and security arrangements for inputting instructions into the system;

(b) the rules and guidance governing the facilities that Members provide to its clients to input instructions into the system and the restrictions placed on the use of those systems;

(c) the rules and practices to detect, identify, and halt or remove instructions breaching any relevant restrictions;

(d) the quality and completeness of the audit trail of a transaction processed through an electronic connection system; and

(e) procedures to determine whether to suspend trading by those systems or access to them by or through individual Members.

2.7.4.     Criteria, standards and arrangements for giving Direct Electronic Access to Members who are individuals (natural persons)

(1) This rule applies if a Digital Asset Trading Facility Operator proposes to give to a Member who is an individual (natural person) Direct Electronic Access to the Digital Asset Trading Facility Operator’s facility.

(2) A Digital Asset Trading Facility Operator must ensure that:

(a) its rules clearly set out:

(i) the duties owed by the Digital Asset Trading Facility Operator to its Members with Direct Electronic Access, and how the Digital Asset Trading Facility Operator is held accountable for any failure to fulfil those duties; and

(ii) the duties owed by the Members with Direct Electronic Access to the Digital Asset Trading Facility Operator and how such Members are held accountable for any failure to fulfil those duties;

(b) appropriate investor redress mechanisms are available, in accordance with COB Chapter 15, and disclosed to Members permitted to trade Digital Assets on its facility; and

(c) its facility contains a prominent disclosure of the risks associated with trading and clearing Digital Assets.

(3) Without limiting the generality of the systems and controls obligations of the Digital Asset Trading Facility Operator, the Digital Asset Trading Facility Operator must have adequate systems and controls to address market integrity, AML and CTF, and investor protection risks in giving Direct Electronic Access to a Member, to trade on its facility, including procedures to:

(a) ensure that appropriate customer due diligence sufficient to address AML and CTF risks has been conducted on each Member, before permitting the Member to trade on its facility and periodically on an ongoing basis after the establishment of relations with a Member;

(b) detect and address market manipulation and abuse; and

(c) ensure that there is adequate disclosure relating to the Digital Assets that are traded on the facility. 

(4) A Digital Asset Trading Facility Operator must have adequate controls and procedures to ensure that trading Digital Assets by Members with Direct Electronic Access does not pose any risks to the orderly and efficient functioning of the facility’s trading system, including controls and procedures to:

(a) mitigate counterparty risks that may arise from defaults by such Members through adequate collateral management measures, such as margin requirements, based on the settlement cycle adopted by the Digital Asset Trading Facility Operator;

(b) identify and distinguish orders that are placed by such Members, and, if necessary, enable the Digital Asset Trading Facility Operator to stop orders of, or trading by, such Members;

(c) prevent such Members from allowing access to other Persons to trade on the trading facility; and

(d) ensure that such Members fully comply with the rules of the facility and promptly address any gaps and deficiencies that are identified.

(5) A Digital Asset Trading Facility Operator must have adequate resources and systems to carry out frontline monitoring of the trading activities of Members with Direct Electronic Access. 

2.8.Admission of Digital Assets to trading

2.8.1.     Application for admission of Digital Assets to Trading

(1) Applications for the admission of a Digital Asset to trading can be made to a Digital Asset Trading Facility Operator by:

(a) the issuer of the Digital Asset; or

(b) a third party on behalf of and with the consent of the issuer of the Digital Asset; or

(c) a Member of the Digital Asset Trading Facility Operator.

(2) A Digital Asset can also be admitted to trading on the Digital Asset Trading Facility Operator’s own initiative.

(3) A Digital Asset Trading Facility Operator must, before admitting any Digital Asset to trading:

(a) be satisfied that the applicable requirements, including those in its Admission to Trading Rules, have been or will be fully complied with in respect of such Digital Asset; and

(b) obtain approval of the AFSA in respect of such Digital Asset.

(4) For the purposes of (1), a Digital Asset Trading Facility Operator must notify an applicant in writing of its decision in relation to the application for admission of the Digital Asset to trading. In the case that such decision is to reject the application, the written notice should indicate (i) whether the application has been considered by the AFSA, and if so, (ii) the AFSA’s determination in respect thereof.

(5) For the purposes of 3(b), an application to the AFSA by a Digital Asset Trading Facility Operator must include:

(a) a copy of the admission application; and

(b) any other information requested by the AFSA.

(6) In assessing an application, the AFSA may:

(a) require the applicant to provide additional information reasonably required for the AFSA to be able to decide the application;

(b) require the applicant to provide information on how the applicant intends to ensure compliance with any criterion;

(c) require the applicant to verify information it provides to the AFSA in any way that the AFSA specifies;

(d) make any enquiries which it may consider appropriate; and

(e) take into account any information which it considers to be relevant in making a suitability assessment.

2.8.2.     Admission criteria

(1) For the purposes of 2.8.2(3)(b), a Digital Asset can be admitted to trading on the Operator’s facility if the AFSA is satisfied that:

(a) having considered the matters in (2), the Digital Asset is suitable for use in the AIFC;

(b) is not prohibited for use in the AIFC; and

(c) for a Fiat or Commodity stablecoin, all of the requirements in (4) are met in respect of that Fiat or Commodity stablecoin (and conditions (a) and (b) above are met).

(2) The matters referred to in (1)(a), which the AFSA considers, are:

(a) the regulatory status of the relevant Digital Asset in other jurisdictions, including whether it has been assessed or approved for use in another jurisdiction;

(b) whether there is adequate transparency relating to the Digital Asset and underlying blockchain, including sufficient detail about its purpose, protocols, consensus mechanism, governance arrangements, founders, key persons, miners and significant holders;

(c) the size (the market capitalisation), liquidity and volatility of the market for the Digital Asset globally;

(d) whether there is a total limit (cap) for the issuance of Digital Asset; the controls/processes to manage volatility of a particular Digital Asset (tokenomics);

(e) the adequacy and suitability of the technology used in connection with the Digital Asset; and

(f) whether risks associated with the Digital Asset are adequately mitigated, including risks relating to governance, legal and regulatory issues, cybersecurity, money laundering, Market Abuse and other

Financial Crime;

(g) whether a Digital Asset is traceable;

(h) whether there are any issues relatingto the security and/or usability of a DLT used for the purposes of a Digital Asset; and

(i) whether a DLT and smart contract (if any) have stress tested or subject to independent audit.

(3) In assessing the matters in (2), the AFSA may consider the cumulative effect of factors which, if taken individually, may be regarded as insufficient to give reasonable cause to doubt that the criteria in (1)(a) is satisfied.

(4) In the case of a Fiat stablecoin or Commodity stablecoin, the additional criteria referred to in (1)(c) are that:

(a) information is published at least once in a quarter on the value and composition of the reserves backing the Fiat stablecoin or Commodity stablecoin;

(b) the published information referred to in (4)(a) is verified by a suitably qualified third-party professional who is independent of the issuer of the Digital Asset and any persons responsible for the Digital Asset;

(c) the published information referred to in (4)(a) demonstrates that the reserves:

(i) at least equal in value to the notional value of outstanding Digital Assets in circulation (that value being calculated by multiplying the number of Digital Assets in circulation by the purported pegged Fiat Currency value);

(ii) include not more than 10% in high quality liquid assets other than cash;

(iii) are denominated in the reference currency; and

(iv) are held in segregated accounts with properly regulated banks or custodians in jurisdictions with regulation that is equivalent to the AFSA’s regime and AML regulation that is equivalent to the

standards set out in the FATF Recommendations;

(d) the Digital Asset is able to maintain a stable price relative to the Fiat Currency it references; and

(e) a Person is clearly responsible and liable to investors for the Digital Asset.

2.8.3.     Decision-making procedures for the AFSA in relation to applications for approval of the admission of Digital Assets to trading

(1) Where a Digital Asset Trading Facility Operator applies for approval of the admission of a Digital Asset to trading, the AFSA may:

(a) approve the application;

(b) reject the application; or

(c) approve the application subject to conditions or restrictions.

(2) The AFSA may exercise its powers under (1)(b) where the AFSA reasonably considers that:

(a) granting the Digital Assets admission to trading of Digital Assets would be detrimental to the interests of Persons dealing in the relevant Digital Assets using the facilities of a Digital Asset Trading Facility Operator or otherwise; or

(b) any requirements imposed by the AFSA or in the Admission to Trading Rules of a Digital Asset Trading Facility Operator as are applicable have not been or will not be complied with; or

(c) the issuer of the Digital Assets has failed or will fail to comply with any obligations applying to it including those relating to having its Digital Assets admitted to trading or traded in another jurisdiction.

(3) Where the AFSA rejects an application for approval of admission of a Digital Asset to trading pursuant to (2), such Digital Assets must not be admitted by a Digital Asset Trading Facility Operator to its facility.

(4) Where the AFSA approves an application for approval of admission of a Digital Asset to trading subject to conditions or restrictions, the A Digital Asset Trading Facility Operator is responsible for implanting such conditions and restrictions in admitting the Digital Asset to trading, and such conditions or restrictions may not be varied or removed without the approval of the AFSA.

2.8.4.     Withdrawal of a Digital Asset from the List of Digital Assets admitted to trading

The AFSA may withdraw a Digital Asset from the List of Digital Assets admitted to trading if it is no longer satisfied of the matters specified in DAA 2.8.2. in respect of the Digital Asset.

2.8.5.     Events or developments affecting the Digital Asset

(1) If a Digital Asset Trading Facility Operator becomes aware of any significant event or development that reasonably suggests that the Digital Asset no longer meets the criteria in DAA 2.8.2 for it to be admitted to trading, it must immediately notify the AFSA of such event or development.

(2) A notification under (1) is not required if the Digital Asset Trading Facility Operator reasonably believes that the information is already generally available to the public.

(3) A Digital Asset Trading Facility Operator must ensure that, where it seeks to offer services in relation to the Digital Asset associated with the new version of the underlying protocol (“hard fork”), this new Digital Asset meets the requirements for an Approved Digital Asset and that it obtains approval of the AFSA in respect of such Digital Asset.

2.8.6.     List of Digital Assets admitted to trading

(1) The AFSA may publish on its website a List of Digital Assets admitted and approved by the AFSA to trading which can be traded on the trading facility of any Digital Asset Trading Facility Operator without obtaining the AFSA’s approval.

(2) Where a Digital Asset Trading Facility Operator decides to admit a Digital Asset under (1) to trading, the Digital Asset Trading Facility Operator is required to notify the AFSA 10 days prior to the date of the admission of the Digital Asset to trading. 

(3) Where a Digital Asset Trading Facility Operator admits a Digital Asset to trading under (1), it is still required to publish a key features document under DAA 2.8.8.

2.8.7.     Digital Asset white paper

(1) A Person seeking admission of a Digital Asset to trading a Digital Asset Trading Facility Operator’s facility must prepare, submit to the AFSA and publish on its website the Digital Asset white paper.

(2) A Digital Asset white paper must contain:

(a) information about:

(i) the offeror or the Person seeking admission to trading; or

(ii) the issuer, if different from the offeror or Person seeking admission to trading; or

(iii) the Member of an Authorised Digital Asset Trading Facility seeking admission to trading; or

(iv) the Digital Asset Trading Facility Operator when it is seeking admission on its own initiative;

(b) information about the admission to trading on a Digital Asset Trading Facility Operator’s facility;

(c) information on the rights and obligations attached to a Digital Asset;

(d) information on the underlying technology, including details of the technology that is used to issue, store or transfer the Digital Asset;

(e) information on the valuation of a Digital Asset;

(f) information on how ownership of the Digital Asset is established, certified, or otherwise evidenced;

(g) risks related to fraud, hacking, and Financial Crime;

(h) risks related to the volatility and unpredictability of price of the Digital Asset relative to Fiat Currency, which may result in significant losses over a short period of time;

(i) any other information relevant to the relevant Digital Asset that may assist the Client to understand the product and technology better and to make an informed decision; and

(j) any other information that the AFSA may request to add.

(3) All information referred to DAA 2.7.3. (2) must be clear, fair, and not misleading. The Digital Asset white paper should not contain materials omissions and should be presented in a concise and comprehensible form.

(4) The Digital Asset white paper must contain a summary which should be written in brief and non-technical language to provide key information about the offer to the public of a Digital Asset or about the intended admission of a Digital Asset to trading on the Digital Asset Trading Facility Operator’s facility. The format and content of the summary of a Digital Asset white paper should provide, in conjunction with the Digital Asset white paper, appropriate information about the characteristics of a Digital Asset concerned to assist potential holders of a Digital Asset to make an informed decision.

2.8.8.     Publication of key features document

(1) A Digital Asset Trading Facility Operator may permit a Digital Asset to trading only if it published a key features document on its website about the Digital Asset.

(2) The key features document must include the following:

(a) information about the issuer (if any) and the individuals responsible for designing the Digital Asset;

(b) characteristics of the Digital Asset, including rights attaching to the Digital Asset and any project or venture to be funded (if relevant);

(c) the regulatory status of the Digital Asset in other jurisdictions;

(d) details of Persons responsible for performing obligations associated with the Digital Asset and details of where and against whom rights conferred by the Digital Asset may be exercised;

(e) information on the underlying DLT or similar technology used for the Digital Asset, including details of the technology that is used to issue, store or transfer the Digital Asset and any interoperability with other DLT;

(f) information on the underlying technology used by the Digital Asset Trading Facility Operator, including protocols and technical standards adhered to;

(g) details about how ownership of the Digital Asset is established, certified or otherwise evidenced;

(h) how the Digital Asset will be valued, and an explanation of how this is carried out and what benchmarks, indices or third parties are relied on;

(i) details of any other facility on which the Digital Asset is traded;

(j) the risks relating to the volatility and unpredictability of the price of the Digital Asset;

(k) in the case of a Fiat stablecoin or Commodity stablecoin, details about the reserves backing that Fiat stablecoin or Commodity stablecoin and the stabilisation and redemption mechanisms;

(l) cyber-security risks associated with the Digital Asset or its underlying technology, including whether there is a risk of loss of the Digital Asset in the event of a cyberattack, and details of steps that have been, or can be taken to mitigate those risks;

(m) the risks relating to fraud, hacking and Financial Crime; and

(n) information related to the principal adverse environmental and climate-related impacts of the consensus mechanism used to issue each Digital Asset; any

(o) other information relevant to the Digital Asset that would reasonably assist the Client to understand the Digital Asset and whether to invest in the Digital Asset, or use the service being offered to the Client.

Guidance:

The Digital Asset white paper is a document outlining the main economic and technical aspects of a specific Digital Asset. The key features document is a document outlining the main characteristics of the Digital Asset in a simple format to provide potential investors with the aims and benefits of the Digital Asset, along with the relevant risks and limitations. The content of the Digital Asset white paper and key features document should not conflict each other.

2.8.9.     Ongoing information

(1) A Digital Asset Trading Facility Operator must take reasonable steps to ensure that accurate and up-to-date information is made available about Digital Assets traded on its facility so that users of the facility are able to make informed decisions about trading in the Digital Assets.

(2) Without limiting the generality of (1), the Digital Asset Trading Facility Operator must as a minimum ensure the following information is readily available for each Digital Asset:

(a) the total number, and market capitalisation, of the Digital Assets traded globally;

(b) whether the supply of the Digital Assets is set to increase or decrease according to a pre-defined path;

(c) details of any inflationary or deflationary mechanisms that are to be used, such as the issuing or burning of the Digital Assets (other than through the normal mining process);

(d) the total number of the Digital Assets held by the developers or issuer of the Digital Asset, held in reserve for rewards or other promotional purposes or otherwise locked away from the total supply of the Digital Assets;

(e) a breakdown of the largest holders of the Digital Assets, in particular holders of 10% or more of the total supply of the Digital Assets; and

(f) in the case of a Fiat stablecoin or Commodity stablecoin, details about the reserves backing that Fiat stablecoin or Commodity stablecoin and the stabilisation and redemption mechanisms.

(3) Under (2)(e), a Digital Asset Trading Facility Operator is not required to disclose the identity of the holder if it has identified that a Person holds 10% or more of the Digital Assets but after taking reasonable steps has not been able to establish the holder’s identity.

2.8.10. Risk warnings

(1) A Digital Asset Trading Facility Operator must display prominently on its website the following risk warnings relating to Digital Assets:

(a) that Digital Assets are not legal tender or backed by a government;

(b) that Digital Assets are subject to extreme volatility and the value of the Digital Asset can fall as quickly as it can rise;

(c) that an investor in Digital Assets may lose all, or part, of their money;

(d) that Digital Assets may not always be liquid or transferable;

(e) that investments in Digital Assets may be complex making it hard to understand the risks with buying, selling, holding or lending them;

(f) that Digital Assets can be stolen because of cyber attacks;

(g) that trading in Digital Assets is susceptible to irrational market forces;

(h) that the nature of Digital Assets may lead to an increased risk of Financial Crime;

(i) there being limited or, in some cases, no mechanisms for the recovery of lost or stolen Digital Assets;

(j) the risks of Digital Assets with regard to anonymity, irreversibility of transactions, accidental transactions, transaction recording, and settlement;

(k) that the nature of Digital Assets means that technological difficulties experienced by the Authorised Firm may prevent the access or use of a Client’s Digital Assets; and

(l) that investing in, and holding, Digital Assets is not comparable to investing in traditional investments such as Securities.

(2) Where a Digital Asset Trading Facility Operator presents any marketing or educational materials and other communications relating to a Digital Asset on a website, in the general media or as part of a distribution made to existing or potential new Clients, it must include the risk warning referred to in (1) in a prominent place at or near the top of each page of the materials or communication.

(3) If the material referred to in (1) is provided on a website or an application that can be downloaded to a mobile device, the warning must be:

(a) statically fixed and visible at the top of the screen even when a person scrolls up or down the webpage; and

(b) included on each linked webpage on the website.

2.8.11. Forums

If a Digital Asset trading Facility Operator provides a means of communication (a “forum”) for users to discuss Digital Assets, it must:

(a) include a clear and prominent warning on the forum informing users that the Digital Asset Trading Facility Operator does not conduct due diligence on information on the forum;

(b) restrict the posting of comments on the forum to Digital Asset Trading Facility members;

(c) ensure that all users of the forum have equal access to information posted on the forum;

(d) require a person posting a comment on the forum to disclose clearly if he is affiliated in any way with a Digital Asset or is being compensated, directly or indirectly, to promote a Digital Asset;

(e) take reasonable steps to monitor and prevent posts on the forum that are potentially misleading or fraudulent or may contravene the Market Abuse provisions (Chapter 5 of the MAR);

(f) immediately take steps to remove a post, or to require a post to be deleted or amended, if the Digital Asset Trading Facility Operator becomes aware that (d) or (e) have not been complied with; and

(g) not participate in discussions on the forum except to moderate posts or to take steps referred to in (f).

2.8.12. Undertaking to comply with the Acting Law of the AIFC

A Digital Asset Trading Facility Operator may not admit a Digital Asset to trading unless the Person who seeks to have Digital Assets admitted to trading:

(a) gives an enforceable undertaking to the AFSA to submit unconditionally to the jurisdiction of the AIFC in relation to any matters which arise out of or which relate to its use of the facilities of the Digital Asset Trading Facility Operator;

(b) agrees in writing to submit unconditionally to the jurisdiction of the AIFC Court in relation to any disputes, or other proceedings in the AIFC, which arise out of or relate to its use of the facilities of the Digital Asset Trading Facility Operator; and

(c) agrees in writing to subject itself to the Acting Law of the AIFC in relation to its use of the facilities of the Digital Asset Trading Facility Operator.

2.8.13. Review of compliance

The Digital Asset Trading Facility Operator must maintain arrangements regularly to review whether the Digital Assets admitted to trading on its facilities comply with the Admission to Trading Rules.

2.9.Suspending or removing Digital Assets from trading

2.9.1.     Power to suspend or remove a Digital Asset from trading

(1) The rules of a Digital Asset Trading Facility Operator must provide that it has the power to suspend or remove from trading on its facility any Digital Assets with immediate effect or from such date and time as may be specified where it is satisfied that there are circumstances that warrant such action, or it is in the interests of the AIFC.

(2) The AFSA may direct a Digital Asset Trading Facility Operator to suspend or remove Digital Assets from trading with immediate effect or from such date and time as may be specified if it is satisfied there are circumstances that:

(a) warrant such action, or

(b) it is in the interests of the AIFC.

(3) The AFSA may withdraw a direction made under (2) at any time.

(4) Digital Assets that are suspended from trading of Digital Assets remain admitted to trading for the purposes of this Chapter.

(5) The AFSA may prescribe any additional requirements or procedures relating to the removal or suspension of Digital Assets from or restoration of Digital Assets to trading.

2.9.2.     Limitation on power to suspend or remove Digital Assets from trading

The rules of a Digital Asset Trading Facility Operator must contain provisions for orderly suspension and removal from trading on its facility any Digital Asset which no longer complies with its rules considering the interests of investors and the orderly functioning of the financial market of the AIFC.

2.9.3.     Publication of decision

(1) Where the Digital Asset Trading Facility Operator suspends or removes any Digital Asset from trading on its facility, it must notify the AFSA in advance and make that decision public by issuing a public notice on its website.

(2) Where the Digital Asset Trading Facility Operator lifts a suspension or re-admits any Digital Asset to trading on its facility, it must notify the AFSA in advance and make that decision public by issuing a public notice on its website.

(3) Where a Digital Asset Trading Facility Operator has made any decisions on admission, suspension, or removal of Digital Assets from trading on its facility, it must have adequate procedures for notifying users of such decisions.

2.10.Transparency obligations

2.10.1. Pre-trade disclosure

(1) A Digital Asset Trading Facility Operator must disclose to its users the following information relating to trading of Digital Assets on its facility:

(a) the current bid, offer prices and volume of Digital Assets traded on its systems on a continuous basis during normal trading hours;

(b) the depth of trading interest shown at the prices and volumes advertised through its systems for the Digital Assets; and

(c) any other information relating to Digital Assets which would promote transparency relating to trading.

(2) The AFSA may waive or modify the disclosure requirement in DAA 2.10.1 in relation to certain transactions where the order size is predetermined, exceeds a pre-set and published threshold level and details of the exemption are made available to the Digital Asset Trading Facility Operator’s Members and the public.

(3) In assessing whether an exemption from pre-trade disclosure is allowed, the AFSA would regard to such factors as:

(a) the level of an order threshold compared with the normal market size for the Digital Asset;

(b) the impact such an exemption would have on price discovery, fragmentation, fairness and overall market quality;

(c) whether there is sufficient transparency relating to trades executed without pre-trade disclosure (as a result of orders executed on execution platforms without pre-trade transparency), whether or not they are entered in transparent markets;

(d) whether the Digital Asset Trading Facility Operator supports transparent orders by giving a priority to transparent orders over dark orders, for example, by executing such orders at the same price as transparent orders; and

(e) whether there is adequate disclosure of details relating to dark orders available to Members and other participants on the Digital Asset Trading Facility to enable them to understand the manner in which their orders are handled and executed on the Digital Asset Trading Facility.

(4) When making disclosure, a Digital Asset Trading Facility Operator must adopt a technical mechanism showing differentiations between transactions that have been recorded in the central order book and transactions that have been reported to the Digital Asset Trading Facility as off-order book transactions. Any transactions that have been cancelled pursuant to its rules must also be identifiable.

(5) A Digital Asset Trading Facility Operator must use appropriate mechanisms to enable pre-trade information to be made available to users in an easy to access and uninterrupted manner at least during normal trading hours.

2.10.2.Post-Trade Disclosure

(1) A Digital Asset Trading Facility Operator must disclose the price, volume and time of the transactions effected in respect of Digital Assets to users as close to real-time as is technically possible on a non-discretionary basis. The Digital Asset Trading Facility Operator must use adequate mechanisms to enable post-trade information to be made available to users in an easy to access and uninterrupted manner at least during business hours.

(2) A Digital Asset Trading Facility Operator must provide price, volume, time and counterparty details to the AFSA within 24 hours of the close of each trading day via a secure electronic feed.

2.10.3. Public notice of suspended or terminated Membership

The Digital Asset Trading Facility Operator must promptly issue a public notice on its website in respect of any Member that has a Licence to carry on the Regulated Activities whose Membership is suspended or terminated.

2.10.4. Cooperation with office-holder

The Digital Asset Trading Facility Operator must cooperate, by the sharing of information and otherwise, with the AFSA, any relevant office-holder and any other authority or body having responsibility for any matter arising out of, or connected with, the default of a Member of the Digital Asset Trading Facility Operator.

2.11.Clients

2.11.1. Clients of a Digital Asset Trading Facility Operator

Members of a Digital Asset Trading Facility Operator and their clients are Clients of a Digital Asset Trading Facility Operator.

2.11.2. Investment limits

A Digital Asset Trading Facility Operator must maintain effective systems and controls to ensure that a Retail Client, who is a resident of the Republic of Kazakhstan, complies with any requirements and limits imposed by the Rules on Currency Regulation and Provision of Information on Currency Transactions in the AIFC.

2.11.3. Calculation of an individual Client’s net assets

(1) For the purposes of calculating an individual Client’s net assets to treat him as an Assessed Professional Client under Rule 2.5.1(a) of the COB, the Digital Asset Trading Facility Operator:

(a) must exclude the value of the primary residence of the Client;

(b) must exclude Digital Assets belonging to the Client that are not on the List of Digital Assets admitted to trading;

(c) must include only 30% of the market value of a Digital Asset admitted to trading, which belongs to the Client, but must include 100% of the market value of a Fiat stablecoin and Commodity stablecoin, which belongs to the Client; and

(e) may include any other assets held directly or indirectly by that Client.

2.11.4. Additional information for Providing Custody of Digital Assets

A Digital Asset Trading Facility Operator Providing Custody of Digital Assets must include in the Client Agreement:

(a) a breakdown of all fees and charges payable for a transfer of Digital Assets (a “transfer”) and when they are charged;

(b) the information required to carry out a transfer;

(c) the form and procedures for giving consent to a transfer;

(d) an indication of the time it will normally take to carry out a transfer;

(e) details of when a transfer will be considered to be complete;

(f) how, and in what form, information and communications relating to transfer services will be provided to the Client, including the timing and frequency of communications and the language used and technical requirements for the Client’s equipment and software to receive the communications;

(g) clear policies and procedures relating to unauthorised or incorrectly executed transfers, including when the Client is and is not entitled to redress;

(h) clear policies and procedures relating to situations where the holding or transfer of Digital Assets may have been compromised, such as if there has been hacking, theft or fraud; and

(i) details of the procedures the Digital Asset will follow to contact the Client if there has been suspected or actual hacking, theft or fraud.

2.11.5. Provision of prompt confirmation to Clients

(1) Prior to execution of each transaction in Digital Assets, a Digital Asset Trading Facility Operator must confirm with its Clients the following terms:

(a) name of the Digital Asset in the proposed transaction;

(b) amount or value of the proposed transaction;

(c) fees and charges to be borne by the Client including applicable exchange rates; and

(d) a warning that once executed the transaction may not be undone.

(2) After a Digital Asset Trading Facility Operator has effected a transaction for a Client, it must confirm promptly with the Client the essential features of the transaction. The following information should be included:

(a) name of the Digital Asset in the transaction;

(b) amount or value of the transaction; and

(c) fees and charges borne by the Client including applicable exchange rates.

2.11.6. Provision of statements of account upon request

Where a Digital Asset Trading Facility Operator receives a request from a Client for a statement of account as of the date of the request, it must:

(a) prepare a statement of account in respect of the Client which includes the following information:

(i) the name, address and account number of the Client to whom the Digital Asset Trading Facility Operator is required to provide the statement of account;

(ii) the date on which the statement of account is prepared;

(iii) the outstanding balance of that account; and

(iv) the quantity, and, in so far as readily ascertainable, the market price and market value of each Client Digital Asset, held for that account.

(b) prepare the requested statement of account to the Client as soon as practicable after the date of the request.

2.11.7. Appropriateness test

A Digital Asset Trading Facility Operator must not carry on a Regulated Activity with or for a Retail Client, who is a non-resident of the Republic of Kazakhstan, unless the Digital Asset Trading Facility Operator has carried out an appropriateness test of the Person and formed a reasonable view that the Person has:

(a) adequate skills and expertise to understand the risks involved in trading in Digital Assets or Digital Asset Derivatives (as the case may be); and

(b) the ability to absorb potentially significant losses resulting from trading in Digital Assets or Digital Asset Derivatives (as the case may be).

Guidance:

(1) To form a reasonable view referred to in DAA 2.11.7. in relation to a Person, a Digital Asset Trading Facility Operator should consider issues such as whether the Person:

(a) has sufficient knowledge and experience relating to the type of a Digital Asset or Digital Asset Derivative offered, having regard to such factors as:

(i) how often and in what volumes that Person has traded in the relevant type of a Digital Asset or Digital Asset Derivative; and

(ii) the Person’s relevant qualifications, profession or former profession;

(b) understands the characteristics and risks relating to Digital Assets or Digital Asset Derivatives, and the volatility of their prices;

(c) understands the impact of leverage, due to which, there is potential to make significant losses in trading in Digital Assets or Digital Asset Derivatives; and

(d) has the ability, particularly in terms of net assets and liquidity available to the Person, to absorb and manage any losses that may result from trading in the Digital Assets or Digital Asset Derivatives offered.

(2) To be able to demonstrate to the AFSA that it complies with DAA 2.11.7., a Digital Asset Trading Facility Operator should have in place systems and controls that include:

(a) pre-determined and clear criteria against which a Retail Client’s ability to trade in Digital Assets or Digital Asset Derivatives can be assessed;

(b) adequate records to demonstrate that the Digital Asset Trading Facility Operator has undertaken the appropriateness test for each Retail Client; and

(c) in the case of an existing Retail Client with whom the Digital Asset Trading Facility Operator has previously traded in Digital Assets or Digital Asset Derivatives, procedures to undertake a fresh appropriateness test if:

(i) a new Digital Asset or Digital Asset Derivative with a materially different risk profile is offered to the Retail Client; or

(ii) there has been a material change in the Retail Client’s circumstances.

(3) If a Digital Asset Trading Facility Operator forms the view that it is not appropriate for a Person to trade in Digital Assets or Digital Asset Derivatives, the Digital Asset Trading Facility Operator should refrain from offering that service to the Person. As a matter of good practice, the Digital Asset Trading Facility Operator should inform the Person of its decision.

2.12.Conflicts of interest

2.12.1. Conflicts of interest – core obligation

A Digital Asset Trading Facility Operator must take reasonable steps, including the maintenance of adequate systems and controls, governance and internal policies and procedures, to ensure that the performance of its regulatory functions and obligations is not adversely affected by its commercial interests.

Guidance: regulatory functions of a Digital Asset Trading Facility Operator

The regulatory functions of a Digital Asset Trading Facility Operator include, as appropriate:

• its obligations to monitor and enforce compliance with its Business Rules, Admission to Trading Rules, and Membership Rules;

• its obligation to prevent, detect and report Market Abuse or Financial Crime; and

• its obligations in respect of admission of Digital Assets to trading or to clearing.

2.12.2. Conflicts of interest – identification and management

For the purposes of compliance with DAA 2.12.1, a Digital Asset Trading Facility Operator must:

(a)identify conflicts between the interests of the Digital Asset Trading Facility Operator, its shareholders, owners and operators and the interests of the Persons who make use of its facility or the interests of the trading venues operated by it; and

(b)manage or disclose such conflicts so as to avoid adverse consequences for the sound functioning and operation of the trading venues operated by the Digital Asset Trading Facility Operator and for the Persons who make use of its facility.

2.12.3. Conflicts of interest – personal account transactions

A Digital Asset Trading Facility Operator must establish and maintain adequate policies and procedures to ensure that its Employees do not undertake personal account transactions in Digital Assets in a manner that creates or has the potential to create conflicts of interest.

2.12.4. Conflicts of interest – code of conduct

A Digital Asset Trading Facility Operator must establish a code of conduct that sets out the expected standards of behaviour for its Employees, including clear procedures for addressing conflicts of interest. Such a code must be binding on all of its Employees.

2.13.      Other requirements

2.13.1.Measures to prevent, detect and report Market Abuse or Financial Crime

A Digital Asset Trading Facility Operator must:

(a) ensure that appropriate measures (including the monitoring of transactions effected on or through the Digital Asset Trading Facility Operator’s facility) are adopted to reduce the extent to which the Digital Asset Trading Facility Operator’s facility can be used for a purpose connected with Market Abuse, Financial Crime or money laundering, and to facilitate their detection and monitor their incidence; and

(b) immediately report to the AFSA any suspected Market Abuse, Financial Crime or money laundering, along with full details of that information in writing.

2.13.2.Whistleblowing

A Digital Asset Trading Facility Operator must have appropriate procedures and protections for requiring its Employees to disclose any information to the AFSA in a manner which does not expose them to any disadvantage or discrimination as a result of so doing.

2.13.3.Lending and staking

(1)A Digital Asset Trading Facility Operator must not offer or provide any facility or service that allows a Member or another user of its facility to lend a Digital Asset to another Person unless it is reasonably satisfied that:

(a)the Member or user is a Professional Client; and

(b)the lending is solely for the purpose of the borrower participating in the proof-of-stake consensus mechanism on the DLT or another similar technology that hosts the relevant Digital Asset.

(2)The prohibition in (1) does not apply to the provision of any Digital Asset to an Authorised Firm as Collateral.

2.13.4.Trading of Digital Assets

(1) A Digital Asset Trading Facility Operator must establish and maintain policies and procedures relating to the trading process to prevent or detect errors, omissions, fraud, and other unauthorised or improper activities.

(2) A Digital Asset Trading Facility Operator must execute a trade for a Client only if there are sufficient Fiat Currencies or Fiat stablecoins, which are on the List of Digital Assets admitted to trading, in the Client’s account with the Digital Asset Trading Facility Operator to cover that trade except for any off-platform transactions to be conducted by institutional investors which are settled intra-day.

(3) A Digital Asset Trading Facility Operator should not provide any financial assistance for its Clients to acquire Digital Assets. It should ensure, to the extent possible, that no Person within the same Group as the Digital Asset Trading Facility Operator does so unless for exceptional circumstances which should be approved by the AFSA on a case-by-case basis.

2.13.5. Trading controls

(1) A Digital Asset Trading Facility Operator must put in place risk management and supervisory controls for the operation of its trading platform. These controls should include:

(a) automated pre-trade controls that are reasonably designed to:

(i) prevent the entry of any orders that would exceed appropriate position limits prescribed for each Client;

(ii) alert the user to the entry of potential erroneous orders and prevent the entry of erroneous orders;

(iii) prevent the entry of order which are not in compliance with regulatory requirements; and

(b) post-trade monitoring to reasonably identify any:

(i) suspicious market manipulative or abusive activities; and

(ii) market events or system deficiencies, such as unintended impact on the market, which call for further risk control measures.

(2) A Digital Asset Trading Facility Operator must be able to:

(a) reject orders that exceed its pre-determined volume and price thresholds, or that are clearly erroneous;

(b) temporarily halt or constrain trading on its facility if necessary or desirable to maintain an orderly market; and

(c) cancel, vary, or correct any order resulting from an erroneous order entry and/or the malfunctioning of the system of a Member.

2.13.6. Settlement and clearing arrangements

(1) A Digital Asset Trading Facility Operator must ensure that satisfactory arrangements are made for securing the timely discharge (whether by performance, compromise or otherwise), clearing and settlement of the rights and liabilities of the parties to transactions effected on the Digital Asset trading facility (being rights and liabilities in relation to those transactions).

(2) A Digital Asset Trading Facility Operator must ensure that clearing and settlement of transactions on its facility take place only by means of Fiat Currencies or Fiat stablecoin which are on the List of Digital Assets admitted to trading.

(3) A Digital Asset Trading Facility Operator acting as a Digital Asset Custodian must:

(a) have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of Digital Assets issuers and holders, prevent the unauthorised creation or deletion of Digital Assets, and conduct daily reconciliation of each Digital Asset balance it maintains for issuers and holders;

(b) prohibit overdrafts and debit balances in Digital Assets account;

(c) maintain Digital Assets in an immobilised or dematerialised form for their transfer by book entry;

(d) protect assets against custody risk through appropriate rules and procedures consistent with its legal framework;

(e) ensure segregation between the Digital Asset Custodian’s own assets and the Digital Assets of its participants and segregation among the Digital Assets of participants; and

(f) identify, measure, monitor, and manage its risks from other custody related activities that it may perform.

2.13.7.Digital Asset Trading Facility Operator Providing Custody of Digital Assets

(1) A Digital Asset Trading Facility Operator which is a Digital wallet Service Provider must ensure that:

(a) any DLT application it uses in Providing Custody of Digital Assets is resilient, reliable and compatible with any relevant facility on which the Digital Assets are traded or cleared;

(b) it is able to clearly identify and segregate the Digital Assets belonging to different Clients;

(c) it has in place appropriate procedures to enable it to confirm Client instructions and transactions, maintain appropriate records and data relating to those instructions and transactions and to conduct a reconciliation of those transactions at appropriate intervals.

(2) A Digital Asset Trading Facility Operator which is a Digital wallet Service Provider must ensure that, in developing and using DLT applications and other technology to Provide Custody of Digital Assets:

(a) the architecture of any Digital wallet used adequately addresses compatibility issued and associated risks;

(b) the technology used and its associated procedures have adequate security measures (including cyber security) to enable the safe storage and transmission of data relating to the Digital Assets;

(c) the security and integrity of cryptographic keys are maintained through the use of that technology, taking into account the password protection and methods of encryption used;

(d) there are adequate measures to address any risks specific to the methods of usage and storage of cryptographic keys (or their equivalent) available under the DLT application used; and

(e) the technology is compatible with the procedures and protocols on any facility on which the Digital Assets are traded or cleared or both traded and cleared.

2.13.8.Requirements for a Digital Asset Trading Facility Operator appointing a Third Party Digital wallet Service Provider

A Digital Asset Trading Facility Operator which appoints a Third Party Digital wallet Service Provider to Provide Custody of Digital Assets traded on its facility, must ensure that the Person is:

(1) an Authorised Firm appropriately authorised to be a Digital wallet Service Provider; or

(2) a Person which is appropriately regulated by a Financial Services Regulator to an equivalent level of regulation to that provided for under the AFSA regime for Providing Digital wallet Services.

Guidance:

If a Digital Asset Trading Facility Operator appoints a non-AIFC firm regulated by a Financial Services Regulator, it must undertake sufficient due diligence to establish that the non-AIFC firm is subject to an equivalent level of regulation as under the AFSA regime in respect of that service.

2.13.9.Requirements in relation to Hot and Cold Digital wallets

A Digital Asset Trading Facility Operator must ensure that not more than 30 % of the Client Digital Assets are stored in Hot Digital wallets.

2.13.10.Obligation to report transactions

(1) A Digital Asset Trading Facility Operator must report to the AFSA details of transactions in Digital Assets traded on its facility which are executed, or reported, through its systems.

(2) The AFSA may, by written notice or guidance, specify:

(a) the information to be included in reports made under the preceding paragraph; and

(b) the manner in which such reports are to be made.

2.13.11.Obligation to report to the AFSA

(1) A Digital Asset Trading Facility Operator must submit on a quarterly basis report that should include a financial statement, income statement and calculation of the relevant capital resources and its compliance with these Rules.

(2) The AFSA may request a Digital Asset Trading Facility to submit other returns. The list of returns required to be submitted and returns templates may be prescribed by the AFSA from time to time.

(3) Returns submitted to the AFSA must be signed by two (2) Approved Individuals and one of them must be approved to exercise the Finance Officer function.

2.13.12.Obligation to notify the AFSA

If a Digital Asset Trading Facility Operator becomes aware, or has a reasonable ground to believe, that it is or may be (or may be about to be) in breach of any of these Rules, that applies to it, it must:

(a) notify the AFSA in writing about the breach and the relevant circumstances immediately and not later than within 1 business day; and

(b) not make any cash transfers or payments or transfers of liquid assets to its Affiliates or Related Persons, whether by way of dividends or otherwise, without the AFSA’s written consent. 

Guidance:

In dealing with a breach, or possible breach, of this part, the AFSA’s primary concern will be the interests of existing and prospective Clients and potential adverse impact on market participants as well as market stability. The AFSA recognises that there will be circumstances in which a problem may be resolved quickly, for example, by support from a parent entity, without jeopardising the interests of Clients and stakeholders. In such circumstances, it will be in the interests of all parties to minimise the disruption to the firm’s business. The AFSA's will normally seek to work cooperatively with the Digital Asset Trading Facility Operator in such stressed situations to deal with any problems. There will, however, be circumstances in which it is necessary to take regulatory action to avoid exposing market participants, stakeholders and Clients to the potential adverse consequences of the firm’s Failure, and the AFSA will not hesitate to take appropriate action if it considers this necessary.

2.14.      Restrictions

2.14.1. Restriction on own account transactions

(1) A Digital Asset Trading Facility Operator or any of its Associate may execute an Own Account Transaction in a Digital Asset unless it is not expected to materially affect the price of the Digital Asset.

(2) For the purposes of this Rule:

(a) “Own Account Transaction” means a transaction Executed by the Digital Asset Trading Facility Operator for its own benefit or for the benefit of its Associate; and

(b) “Execute”, in relation to a transaction, means carrying into effect or performing the transaction, whether as principal or as agent, including instructing another Person to execute the transaction. 

2.14.2. Offer of incentives

If a Digital Asset Trading Facility Operator offers or provides to a Retail Client any incentive that influences, or is reasonably likely to influence, the Retail Client to trade in a Digital Asset or Digital Asset Derivative, it must comply with the requirements set out in Chapter 3 of the COB.

2.15.      Prohibitions

2.15.1.Use of only those Digital Assets which are admitted to trading

(1) If a Person is not admitted to trading, it must not engage in any of the following activities in or from the AIFC relating to Digital Assets:

(a)carrying on a Regulated Activity in relation to the Digital Asset;

(b)making or approving a Financial Promotion relating to the Digital Asset;

(c)carrying on an activity specified in (a) or (b) above in relation to a Fund that invests in the Digital Asset; or

(d)carrying on an activity specified in (a) or (b) in respect of a Derivative or instrument relating to the Digital Asset.

(2) Digital Asset Trading Facility Operator is prohibited to conduct transactions with Digital Asset associated with the new version of the underlying protocol (“hard fork”), except for custody of it, unless it obtains the approval of the AFSA.

2.15.2.Prohibition on use of Privacy Tokens and Privacy Devices

A Person must not in or from the AIFC:

(a)carry on a Regulated Activity relating to a Privacy Token or that involves the use of a Privacy Device;

(b)make or approve a Financial Promotion relating to a Privacy Token; or

(c)offer to the public a Privacy Token.

2.15.3.Prohibition of Digital Asset Derivatives for Retail Clients who are residents of the Republic of Kazakhstan

A Retail Client, who is a resident of the Republic of Kazakhstan, is prohibited to trade Digital Asset Derivatives unless a Digital Asset Trading Facility Operator carried out an appropriateness test of the Person and formed a reasonable view that the Person has:

(a) adequate skills and expertise to understand the risks involved in trading Digital Asset Derivatives; and

(b) the ability to absorb potentially significant losses resulting from trading in Digital Asset Derivatives.

Guidance:

(1) To form a reasonable view referred to in DAA 2.15.3. in relation to a Person, a Digital Asset Trading Facility Operator should consider issues such as whether the Person:

(a) has sufficient knowledge and experience relating to the type of a Digital Asset Derivative offered, having regard to such factors as:

(i) how often and in what volumes that Person has traded in the relevant type of a Digital Asset Derivative; and

(ii) the Person’s relevant qualifications, profession or former profession;

(b) understands the characteristics and risks relating to Digital Asset Derivatives, and the volatility of its prices;

(c) understands the impact of leverage, due to which, there is potential to make significant losses in trading in Digital Asset Derivatives; and

(d) has the ability, particularly in terms of net assets and liquidity available to the Person, to absorb and manage any losses that may result from trading in the Digital Asset Derivatives offered.

(2) To be able to demonstrate to the AFSA that it complies with DAA 2.15.3., a Digital Asset Trading Facility Operator should have in place systems and controls that include:

(a) pre-determined and clear criteria against which a Retail Client’s ability to trade in Digital Asset Derivatives can be assessed;

(b) adequate records to demonstrate that the Digital Asset Trading Facility Operator has undertaken the appropriateness test for each Retail Client, who is a resident of the Republic of Kazakhstan; and

(c) in the case of an existing Retail Client with whom the Digital Asset Trading Facility Operator has previously traded in Digital Asset Derivatives, procedures to undertake a fresh appropriateness test if:

(i) a new Digital Asset Derivative with a materially different risk profile is offered to the Retail Client; or

(ii) there has been a material change in the Retail Client’s circumstances.

(3) If a Digital Asset Trading Facility Operator forms the view that it is not appropriate for a Person to trade in Digital Asset Derivatives, the Digital Asset Trading Facility Operator should refrain from offering that service to the Person. As a matter of good practice, the Digital Asset Trading Facility Operator should inform the Person of such decision.

2.16.      AFSA power to impose requirements

Without limiting the powers available to the AFSA under Part 8 of the Framework Regulations, the AFSA may direct an Authorised Market Institution to do or not do specified things that the AFSA considers are necessary or desirable or to ensure the integrity of the AIFC financial markets, including but not limited to directions imposing on a Digital Asset Trading Facility Operator any additional requirements that the AFSA considers appropriate.

Annex 2

FINANCIAL SERVCES FRAMEWORK REGULATIONS

In these Regulations, underlining indicates a new text and strikethrough indicates a removed text

39. Exemption for Authorised Market Institutions

(…)

(3) An Authorised Digital Asset Trading Facility is exempt from the General Prohibition in respect of any Regulated Activity: [intentionally omitted]

(a) which is carried on as a part of the Authorised Digital Asset Trading Facility's business as a Digital Asset trading facility; or [intentionally omitted]

(b) which is carried on for the purposes of, or in connection with, the provision by the Authorised Digital Asset Trading Facility of services designed to facilitate the provision of clearing services by another Person. [intentionally omitted]

57. AFSA power to impose requirements on an Authorised Market Institution

Without limiting the powers available to the AFSA under Part 8 (Supervision of Authorised Persons), the AFSA may direct an Authorised Market Institution to do or not do specified things that the AFSA considers are necessary or desirable or to ensure the integrity of the AIFC financial markets, including but not limited to directions:

(a) requiring compliance with any duty, requirement, prohibition, obligation or responsibility applicable to an Authorised Market Institution; or

(b) requiring an Authorised Market Institution to act in a specified manner in relation to a transaction conducted on or through the facilities operated by an Authorised Market Institution, or in relation to a specified class of transactions; or

(c) requiring an Authorised Market Institution to act in a specified manner or to exercise its powers under any rules that the Authorised Market Institution has made.; or

(d) excluding the application of any requirements for engaging in the activity of Operating a Digital Asset Business imposed by the Rules; or [intentionally omitted]

(e) imposing on an Authorised Person engaged in the activity of Operating a Digital Asset Business any additional requirements that the AFSA considers appropriate.[intentionally omitted]

GENERAL RULES

In these Rules, underlining indicates a new text and strikethrough indicates a removed text

1.2. Authorised Market Institutions

Guidance: Definition of Market Activity

Market Activity is defined in the section 18 of the Framework Regulations as:

(a) Operating an Exchange;

(b) Operating a Clearing House;

(c) Operating a Digital Asset Trading Facility;[intentionally omitted]

(d) Operating a Loan Crowdfunding Platform;

(e) Operating an Investment Crowdfunding Platform.;

(f) Operating a Private Financing Platform.

(…)

1.2.6. Effective supervision

In assessing whether an applicant is capable of being effectively supervised by the AFSA for the purposes of section 37(1)(c) of the Framework Regulations, the AFSA will consider:

(a) the nature, including the complexity, of the Market Activities that the applicant will carry on;

(b) if the applicant seeks a licence to carry on the Market Activity of Operating an Exchange, a Digital Asset Trading Facility, a Loan Crowdfunding Platform or an Investment Crowdfunding Platform, the size, nature and complexity of any markets in respect of which the applicant will offer its facilities in carrying on that Market Activity;

(…)

1.2.7. Compliance arrangements

(…)

(c) effective arrangements for monitoring and enforcing compliance of its Members with its own rules and, if relevant, its clearing and settlement arrangements; and

(d) if the applicant seeks a licence to carry on the Market Activity of Operating an Exchange, effective arrangements to verify that issuers admitted to trading on its facilities comply with the Market Rules.; and

(e) if the applicant seeks a licence to carry on the Market Activity of Operating a Digital Asset Trading Facility, effective arrangements to verify that members admitted to trading on its facilities comply with the Conduct of Business Rules and the Authorised Market Institution Rules.

(…)

GENERAL RULES. SCHEDULE 1: REGULATED ACTIVITIES 

30. Operating a Digital Asset Trading Facility

Operating a Digital Asset Trading Facility means operating a facility which functions regularly and brings together multiple parties (whether as principal or agent) with a view to the entering into of contracts:

(a) to buy, sell or exchange Digital Assets for a Fiat currency; and/or

(b) to exchange one Digital Asset for another Digital Asset, in its Facility, in accordance with its non-discretionary rules.; and/or

(c) to buy, sell or exchange Digital Assets for a commodity.

GENERAL RULES. SCHEDULE 4: MARKET ACTIVITIES 

Schedule 4: Market Activities.

(…)

3. Operating a Digital Asset Trading Facility

Operating a Digital Asset Trading Facility means operating a facility which functions regularly and brings together multiple parties (whether as principal or agent) with a view to the entering into of contracts:

(a) to buy, sell or exchange Digital Assets for a Fiat currency; and/or

(b) to exchange one Digital Asset for another Digital Asset, in its Facility, in accordance with its non-discretionary rules. [intentionally omitted]

GLOSSARY

In these Rules, underlining indicates a new text and strikethrough indicates a removed text

GLOSSARY. 1. Application. (t) AIFC Rules on Regulation of Digital Asset Activities (DAA).

(…)

AUTHORISED MARKET INSTITUTION RULES

In these Rules, underlining indicates a new text and strikethrough indicates a removed text

6. RULES APPLICABLE TO AN AUTHORISED DIGITAL ASSET TRADING FACILITY…........... 39

6.1. Main requirements relating to trading on the facility ........................................................... 39

6.2. Requirement to prepare Rules ............................................................................................... 39

6.3. Admission of Digital Assets to trading ...................................................................................40

6.4. Suspending or removing Digital Assets from trading ..........................................................42 6.5. Transparency obligations ....................................................................................................... 42 6.6. Additional requirements on technology resources .............................................................. 43 6.7. Clients of an Authorised Digital Asset Trading Facility and Investment limits ..................45 [intentionally omitted]

(…)

Guidance: Purpose and application of AMI

·the licensing requirements, or standards, which an applicant must satisfy to be granted a Licence to carry on either of the Market Activities of Operating an Investment Exchange, Operating Digital Assets Trading Facility and Operating a Clearing House;

(…)

·Chapter 6 contains additional rules and guidance applicable to Authorised Digital Assets Trading Facility.

(…)

1. INTRODUCTION

1.1. Introduction

1.1.1. Definitions

(1) An Authorised Market Institution is a Centre Participant which has been licensed by the AFSA to carry on one or more Market Activities. An Authorised Market Institution can be an Authorised Investment Exchange, an Authorised Digital Asset Trading Facility, an Authorised Clearing House and/or an Authorised Crowdfunding Platform.

(7) An Authorised Digital Asset Trading Facility is a Centre Participant which has been licensed by the AFSA to carry on the Market Activity of Operating a Digital Asset Trading Facility.[intentionally omitted]

(…)

2.4.4. Resources of Members

(…)

(2) The requirements in (1) do not apply to:

(a) an Authorised Crowdfunding Platform (or its Clients).; or

(b) the Member of an Authorised Digital Asset Trading Facility if the Member is a body corporate or an individual (natural person) that carries on the activity solely as principal. [intentionally omitted]

(…)

2.4.7. Testing relating to Members’ technology systems

(…)

(4) The requirements in (1)-(3) do not apply to:

(a) an Authorised Crowdfunding Platform (or its Clients).; or

(b) the Member of an Authorised Digital Asset Trading Facility if the Member is a body corporate or an individual (natural person) that carries on the activity solely as principal.

2.5. Business Rules

2.5.1. Requirement to prepare Business Rules

(…)

(d) Admission to Trading Rules, prepared in accordance with AMI 3.2 or AMI 6.3, or Admission to Clearing Rules, prepared in accordance with AMI 4.1, governing the admission of Securities,or Units in a Listed Fund or Digital Assets to trading, or clearing and settlement, as appropriate to its facilities;

(e) Listing Rules, prepared in accordance with AMI 3.6, setting out the rules and conditions applicable to a Person who wishes to have Securities or Units in a Listed Fund included in an Official List; and

(f) any other matters necessary for the proper functioning of the Authorised Market Institution and the facilities operated by it.

The requirements in (c) and (e) do not apply to the Authorised Digital Asset Trading Facility.

2.6. Membership 

2.6.1. Persons eligible for Membership

(1) An Authorised Market Institution, except an Authorised Digital Asset Trading Facility, may only admit as a Member a Person who satisfies admission criteria set out in its Membership Rules and who is either:

(a) an Authorised Firm whose Licence permits it to carry on the Regulated Activities of Dealing in Investments; or

(b) a Recognised Non-AIFC Member.

(2) An Authorised Digital Asset Trading Facility may only admit as a Member a Person who satisfies admission criteria set out in its Membership Rules and which is: [intentionally omitted]

(a) an Authorised Firm whose Licence permits it to carry on the Regulated Activities of Dealing in Investments; [intentionally omitted]

(b) a Recognised Non-AIFC Member; or [intentionally omitted]

(c) a body corporate or an individual (natural person) which carries on the activity solely as principal. [intentionally omitted]

2.7. Direct Electronic Access

2.7.1. Direct Electronic Access

Direct Electronic Access means any arrangement, such as the use of the Member's trading code, through which a Member or the clients of that Member are able to transmit electronically orders relating to Securities, or Units in a Listed Fund or Digital Asset directly to the facility provided by the Authorised Market Institution and includes arrangements which involve the use by a Person of the infrastructure of the Authorised Digital Asset Trading Facility or the Member or participant or client or any connecting system provided by the Authorised Digital Asset Trading Facility or Member or participant or client, to transmit the orders and arrangements where such an infrastructure is not used by a Person.

(…)

2.9.2. Custody and investment risk

(1) An Authorised Market Institution must have effective means to address risks relating to:

(a) custody of its own assets, in accordance with (2), if it is an Authorised Clearing House; or

(b)investments, in accordance with (3), if it is an Authorised Investment Exchange.; or

(c) Digital Assets, if it is an Authorised Digital Asset Trading Facility. [intentionally omitted]

(…)

6. RULES APPLICABLE TO AN AUTHORISED DIGITAL ASSET TRADING FACILITY

6.1. Main requirements relating to trading on the facility

(1) An Authorised Digital Asset Trading Facility must, at the time a Licence is granted and at all times thereafter, have:

(a) transparent and non-discriminatory rules and procedures to ensure fair and orderly trading of Digital Assets on its facility;

(b) objective criteria governing access to its facility;

(c) objective and transparent criteria for determining the Investments that can be traded on its facility; and

(d) adequate technology resources.

(2) An Authorised Digital Asset Trading Facility must maintain effective arrangements to verify that its members comply with requirements set out in COB, AML.

(3) An Authorised Digital Asset Trading Facility must not introduce a liquidity incentive scheme other scheme for encouraging bids on a trading venue or to increase the volume of business transacted unless it has obtained the prior approval of the AFSA.

(4) For the purposes of (1), an Authorised Digital Asset Trading Facility must make available to the public, without any charges, data relating to the quality of execution of transactions on the Authorised Digital Asset Trading Facility on at least an annual basis. Reports must include details about price, costs, speed and likelihood of execution for individual Digital Assets.

6.2. Requirement to prepare Rules

(1) An Authorised Digital Asset Trading Facility’s Rules must:

(a) be based on objective criteria;

(b) be non-discriminatory;

(c) be clear and fair;

(d) be made publicly available free of charge;

(e) contain provisions for the resolution of Members’ and other participants’ disputes;

(f) contain provisions for penalties or sanctions which may be imposed by the Authorised Digital Asset Trading Facility for a breach of the Rules; and

(g) contain provisions for an appeal process from the decisions of the Authorised Digital Asset Trading Facility.

(2) An Authorised Digital Asset Trading Facility must seek prior approval of its Rules (Business Rules, Admission to Trading Rules, Membership Rules) and of amendments to its Rules by:

(a) making its Rules available for market consultation for no less than 30 days; and

(b) obtaining approval of the AFSA.

(3) Where an Authorised Digital Asset Trading Facility has made any amendments to its Rules, it must have adequate procedures for notifying users and the AFSA of such amendments with a notice period of at least 30 days prior to making any amendments to its Rules available for market consultation.

(4) An Authorised Digital Asset Trading Facility must have procedures in place to ensure that its Rules are monitored and enforced.

6.3. Admission of Digital Assets to trading

6.3.1. Admission to Trading Rules

(1) An Authorised Digital Asset Trading Facility must make clear and transparent rules concerning the admission of Digital Assets to trading on its facilities.

(2) The rules of the Authorised Digital Asset Trading Facility must ensure that:

(a) Digital Assets admitted to trading on an Authorised Digital Asset Trading Facility’s facilities are capable of being traded in a fair, orderly and efficient manner; and

(b) Digital Assets admitted to trading on an Authorised Digital Asset Trading Facility’s facilities are freely negotiable.

6.3.2. Application for admission of Digital Assets to Trading

(1) Applications for the admission of a Digital Asset to trading can be made to an Authorised Digital Asset Trading Facility by the issuer of the Digital Asset, by a third party on behalf of and with the consent of the issuer of the Digital Asset, or by a Member of an Authorised Digital Asset Trading Facility.

(2) A Digital Asset can also be admitted to trading on the Authorised Digital Asset Trading Facility’s own initiative.

(3) An Authorised Digital Asset Trading Facility must, before admitting any Digital Asset to trading:

(a) be satisfied that the applicable requirements, including those in its Admission to Trading Rules, have been or will be fully complied with in respect of such Digital Asset and

(b) obtain approval of the AFSA in respect of such Digital Asset.

(4) For the purposes of (1), an Authorised Digital Asset Trading Facility must notify an applicant in writing of its decision in relation to the application for admission of the Digital Asset to trading. In the case that such decision is to deny the application, the written notice should indicate (i) whether the application has been considered by the AFSA, and if so, (ii) the AFSA’s determination in respect thereof.

(5) For purposes of 3(b), an application to AFSA by Authorised Digital Asset Trading Facility shall include:

(a) a copy of the admission application; and

(b) any other information requested by the AFSA.

6.3.3. Decision-making procedures for the AFSA in relation to applications for approval of the admission of Digital Assets to trading

(1) Where an Authorised Person Operating a Digital Asset Trading Facility applies for approval of the admission of a Digital Asset to trading, the AFSA may:

(a) approve the application;

(b) deny the application; or

(c) approve the application subject to conditions or restrictions.

(2) The AFSA may exercise its powers under (1)(b) where the AFSA reasonably considers that:

(a) granting the Digital Assets admission to trading of Digital Assets would be detrimental to the interests of Persons dealing in the relevant Digital Assets using the facilities of an Authorised Person Operating a Digital Asset Trading Facility or otherwise; or

(b) any requirements imposed by the AFSA or in the Rules of an Authorised Digital Asset Trading Facility as are applicable have not been or will not be complied with; or

(c) the Issuer of the Digital Assets has failed or will fail to comply with any obligations applying to it including those relating to having its Digital Assets admitted to trading or traded in another jurisdiction.

(3) Where the AFSA denies an application for approval of admission of a Digital Asset to trading pursuant to (2), such Digital Assets must not be admitted by an Authorised Person Operating a Digital Asset Trading Facility to its facility.

(4) Where the AFSA approves an application for approval of admission of a Digital Asset to trading subject to conditions or restrictions, the Authorised Person Operating a Digital Asset Trading Facility is responsible for implanting such conditions and restrictions in admitting the Digital Asset to trading, and such conditions or restrictions may not be varied or removed without the approval of the AFSA.

6.3.4. Undertaking to comply with the acting law of the AIFC

An Authorised Digital Asset Trading Facility may not admit Digital Asset to trading unless the person who seeks to have Digital Assets admitted to trading:

(a) gives an enforceable undertaking to the AFSA to submit unconditionally to the jurisdiction of the AIFC in relation to any matters which arise out of or which relate to its use of the facilities of the Authorised Market Institution;

(b) agrees in writing to submit unconditionally to the jurisdiction of the AIFC Courts in relation to any disputes, or other proceedings in the AIFC, which arise out of or relate to its use of the facilities of the Authorised Market Institution; and

(c) agrees in writing to subject itself to the acting law of the AIFC in relation to its use of the facilities of the Authorised Market Institution.

6.3.5. Review of compliance

The Authorised Digital Asset Trading Facility must maintain arrangements regularly to review whether the Digital Assets admitted to trading on its facilities comply with the Admission to Trading Rules.

6.4. Suspending or removing Digital Assets from trading

6.4.1. Power to suspend

(1) The rules of an Authorised Digital Asset Trading Facility must provide that the Authorised Digital Asset Trading Facility have the power to suspend or remove from trading on its facilities any Digital Assets with immediate effect or from such date and time as may be specified where it is satisfied that there are circumstances that warrant such action or it is in the interests of the AIFC.

(2) The AFSA may direct an Authorised Person Operating a Digital Asset Trading Facility to suspend or remove Digital Assets from trading with immediate effect or from such date and time as may be specified if it is satisfied there are circumstances that warrant such action or it is in the interests of the AIFC.

(3) The AFSA may withdraw a direction made under (2) at any time.

(4) Digital Assets that are suspended from trading of Digital Assets remain admitted to trading for the purposes of this Chapter.

(5) The AFSA may prescribe any additional requirements or procedures relating to the removal or suspension of Digital Assets from or restoration of Digital Assets to trading.

6.4.2. Limitation on power to suspend or remove Digital Assets from trading

The rules of an Authorised Digital Asset Trading Facility must contain provisions for orderly suspension and removal from trading on its facilities any Digital Asset which no longer complies with its rules taking into account the interests of investors and the orderly functioning of the financial markets of the AIFC.

6.4.3. Publication of decision

(1) Where the Authorised Digital Asset Trading Facility suspends or removes any Digital Asset from trading on its facilities, it must notify the AFSA in advance and make that decision public by issuing a public notice on its website.

(2) Where the Authorised Digital Asset Trading Facility lifts a suspension or re-admits any Digital Asset to trading on its facilities, it must notify the AFSA in advance and make that decision public by issuing a public notice on its website.

(3) Where an Authorised Digital Asset Trading Facility has made any decisions on admission, suspension, or removal of Digital Assets from trading on its facilities, it must have adequate procedures for notifying users of such decisions.

6.5. Transparency obligations

6.5.1. Trading transparency obligation

An Authorised Digital Asset Trading Facility must make available to the public:

(a) the current bid and offer prices of Digital Assets traded on its systems on a continuous basis during normal trading hours;

(b) the price, volume and time of the transactions executed in respect of Digital Assets traded on its facilities in as close to real-time as technically possible; and

(c) provide price, volume, time and counterparty details to the AFSA within 24 hours of the close of each trading day via a secure electronic feed.

6.5.2. Public notice of suspended or terminated Membership

The Authorised Digital Asset Trading Facility must promptly issue a public notice on its website in respect of any Member that has a Licence to carry on Market Activities or Regulated Activities whose Membership is suspended or terminated.

6.5.3. Cooperation with office-holder

The Authorised Digital Asset Trading Facility must cooperate, by the sharing of information and otherwise, with the AFSA, any relevant office-holder and any other authority or body having responsibility for any matter arising out of, or connected with, the default of a Member of the Digital Asset Trading Facility.

6.6. Additional requirements on technology resources

6.6.1. Cyber-security policy

(1) An Authorised Digital Asset Trading Facility shall implement a written cyber security policy setting forth its policies and procedures for the protection of its electronic systems and members and counterparty data stored on those systems, which shall be reviewed and approved by the Authorised Digital Asset Trading Facility’s governing body at least annually.

(2) The cyber security policy must, as a minimum, address the following areas:

(a) information security;

(b) data governance and classification;

(c) access controls;

(d) business continuity and disaster recovery planning and resources;

(e) capacity and performance planning;

(f) systems operations and availability concerns;

(g) systems and network security;

(h) systems and application development and quality assurance;

(i) physical security and environmental controls;

(j) customer data privacy;

(k) vendor and third-party service provider management; and 

(l) incident response.

(3) An Authorised Digital Asset Trading Facility must advise the AFSA immediately if it becomes aware, or has reasonable grounds to believe, that a significant breach by any Person of its cyber security policy may have occurred or may be about to occur.

6.6.2. Technology governance

An Authorised Digital Asset Trading Facility must, as a minimum, have in place systems and controls with respect to the procedures describing the creation, management and control of digital wallets and private keys. 

6.6.3. Trading controls

An Authorised Digital Asset Trading Facility must be able to:

(a) reject orders that exceed its pre-determined volume and price thresholds, or that are clearly erroneous;

(b) temporarily halt or constrain trading on its facilities if necessary or desirable to maintain an orderly market; and

(c) cancel, vary, or correct any order resulting from an erroneous order entry and/or the malfunctioning of the system of a Member.

6.6.4. Settlement and Clearing facilitation services

(1) An Authorised Digital Asset Trading Facility must ensure that satisfactory arrangements are made for securing the timely discharge (whether by performance, compromise or otherwise), clearing and settlement of the rights and liabilities of the parties to transactions effected on the Authorised Digital Asset Trading Facility (being rights and liabilities in relation to those transactions).

(2) An Authorised Digital Asset Trading Facility acting as a Digital Asset Depository must:

(a) have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of Digital Assets issuers and holders, prevent the unauthorised creation or deletion of Digital Assets, and conduct periodic and at least daily reconciliation of each Digital Asset balance it maintains for issuers and holders;

(b) prohibit overdrafts and debit balances in Digital Assets accounts;

(c) maintain Digital Assets in an immobilised or dematerialised form for their transfer by book entry;

(d) protect assets against custody risk through appropriate rules and procedures consistent with its legal framework;

(e) ensure segregation between the Digital Asset Depository’s own assets and the Digital Assets of its participants and segregation among the Digital Assets of participants; and

(f) identify, measure, monitor, and manage its risks from other custody related activities that it may perform. 

6.7. Clients of an Authorised Digital Asset Trading Facility and Investment limits

(1) Members of an Authorised Digital Asset Trading Facility and their clients will be Clients of an Authorised Digital Asset Trading Facility.

(2) An Authorised Digital Asset Trading Facility must maintain effective systems and controls to ensure that a Retail Client using its service does not invest, in respect of all Digital Assets in aggregate calculated over a period of one month, an amount which exceeds the greater of:

(a) USD 1,000; or

(b) the lesser of (i) 10 percent of the annual income; or (ii) 5 percent of the net worth of such Retail Client (excluding the value of the primary residence), up to a maximum aggregate amount of USD100,000.

CONDUCT OF BUSINESS RULES

In these Rules, underlining indicates a new text and strikethrough indicates a removed text

CONTENTS

(…)

1.2.2. Exclusions in relation to certain categories of Centre Participant

For the avoidance of doubt, the requirements in COB do not apply to:

(a) a Representative Office;

(b) an Authorised Market Institution (other than an Authorised Crowdfunding Platform and an Authorised Digital Asset Trading Facility), except for COB 3 (Communications with Clients and Financial Promotions); or

(c) an Authorised Crowdfunding Platform, except for COB 3 (Communications with Clients and Financial Promotions), COB 4 (Key Information and Client Agreement), COB 7 (Conflicts of Interest), COB 8 (Client Assets) and COB Schedule 2 (Key Information and Content of Client Agreement); or

(d) an Authorised Digital Asset Trading Facility, except for COB 2 (Client Classification) and COB 3 (Communications with Clients and Financial Promotions).

(…)

For the purposes of 1.2.2(d), references in COB 2 and COB 3 to:

(a) "Authorised Firms" shall be read as if it were a reference to "an Authorised Digital Asset Trading Facility "; and

(b) "Regulated Activities" shall be read as if it were a reference to "Market Activities".

(…)

17. OPERATORS OF A DIGITAL ASSET BUSINESS 

17.1. Application

This chapter applies to an Authorised Person engaged in the activity of Operating a Digital Asset Business.

Guidance

The following activities do not constitute Operating a Digital Asset Business:

trading of Digital Assets for the Person’s own investment purpose;

the issuance of Digital Assets by a Person and their administration (including sale, redemption);

any other activity or arrangement that is deemed by the AFSA to not constitute Operating a Digital Asset Business, where necessary and appropriate in order for the AFSA to pursue its objectives.

17.2. Rules Applicable to an Authorised Digital Asset Trading Facility Operator

In addition to all requirements applicable to Authorised Persons in these rules, GEN, and AML, an Authorised Person carrying on the Market Activity of Operating a Digital Asset Trading Facility must comply with the applicable requirements set out in the AMI, unless the requirements in this chapter expressly provide otherwise.

17.3. Admission of Digital Assets to trading

An Authorised Person Operating a Digital Asset Trading Facility may grant admission of Digital Assets to trading only where it is satisfied that such admission is in accordance with the AMI and an Authorised Digital Asset Trading Facility’s Admission to Trading Rules.

An Authorised Person Operating a Digital Asset Trading Facility must not permit trading of Digital Assets on its facilities unless those Digital Assets are admitted to, and not suspended from, trading by the Authorised Person Operating a Digital Asset Trading Facility pursuant to Chapter 6 of AMI. [intentionally omitted]

17.4. Additional disclosure requirements

Prior to entering into an initial transaction for, on behalf of, or with a Client, an Authorised Person Operating a Digital Asset Business shall disclose in a clear, fair and not misleading manner:

(a) all terms, conditions and risks relating to the Digital Assets that have been admitted to trading and/or is the subject of the transaction;

(b) all material risks associated with its products, services and activities; and

(c) all details on the amount and the purpose of any premiums, fees, charges or taxes payable by the Client, whether or not these are payable to the Operating a Digital Asset Business. [intentionally omitted]

17.5. The risks to be disclosed pursuant to COB 17.4

The risks to be disclosed pursuant to COB 17.4. include, but are not limited to, the following:

(a) Digital Assets not being legal tender or backed by a government;

(b) the value, or process for valuation, of Digital Assets, including the risk of a Digital Assets having no value;

(c) the volatility and unpredictability of the price of Digital Assets relative to Fiat Currencies;

(d) that trading in Digital Assets is susceptible to irrational market forces;

(e) that the nature of Digital Assets may lead to an increased risk of Financial Crime;

(f) that the nature of Digital Assets may lead to an increased risk of cyber-attack;

(g) there being limited or, in some cases, no mechanism for the recovery of lost or stolen Digital Assets;

(h) the risks of Digital Assets with regard to anonymity, irreversibility of transactions, accidental transactions, transaction recording, and settlement;

(i) that there is no assurance that a Person who accepts a Digital Asset as payment today will continue to do so in the future;

(j) that the nature of Digital Assets means that technological difficulties experienced by the Authorised Person may prevent the access or use of a Client’s Digital Assets;

(k) any links to Digital Assets related activity outside the AIFC, which may be unregulated or subject to limited regulation; and

(l) any regulatory changes or actions by the AFSA or Non-AIFC Regulator that may adversely affect the use, transfer, exchange, and value of a Digital Asset. [intentionally omitted]

17.6. Complaints

An Authorised Person Operating a Digital Asset Business shall establish and maintain written policies and procedures to fairly and timely resolve complaints made against it or other parties (including members).

An Authorised Person Operating a Digital Asset Business must provide, in a clear and conspicuous manner: on its website or websites; in all physical locations; and in any other location as the AFSA may prescribe, the following disclosures:

(a) the mailing address, email address, and telephone number for the receipt of complaints;

(b) a statement that the complainant may also bring his or her complaint to the attention of the AFSA;

(c) the AFSA’s mailing address, website, and telephone number; and

(d) such other information as the AFSA may require.

An Authorised Person Operating a Digital Asset Business shall report to the AFSA any change in its complaint policies or procedures within ten days.

An Authorised Person Operating a Digital Asset Business must maintain a record of any complaint made against it or other parties (including members) for a minimum period of six years from the date of receipt of the complaint. [intentionally omitted]

17.7. Obligation to report transactions

An Authorised Person Operating a Digital Asset Business shall report to the AFSA details of transactions in Digital Assets traded on its facility which are executed, or reported, through its systems.

The AFSA may, by written notice or Guidance, specify:

(a) the information to be included in reports made under the preceding paragraph; and

(b) the manner in which such reports are to be made. [intentionally omitted]

17.8. AFSA power to impose a prohibition or requirement

The AFSA may prohibit an Authorised Person Operating a Digital Asset Business from:

(a) entering into certain specified transactions or types of transactions; or

(b) outsourcing any of its functions or activities to a third party.

The AFSA may, by written notice or guidance, set fees payable by an Authorised Person Operating a Digital Asset Business to the AFSA on certain specified transactions or types of transactions. [intentionally omitted]

SCHEDULE 2: KEY INFORMATION AND CONTENT OF CLIENT AGREEMENT

AIFC FEES RULES

In these Rules, underlining indicates a new text and strikethrough indicates a removed text

SCHEDULE 1: APPLICATION FEES PAYABLE TO THE AFSA FOR REGULATED ACTIVITIES

1.1Application fees for applying for Licence to carry on Regulated Activities

(…)

SCHEDULE 2: APPLICATION FEES PAYABLE TO THE AFSA FOR MARKET ACTIVITIES

1.2Application fees for applying for Licence to carry on Market Activities

(…)

SCHEDULE 6: ANNUAL SUPERVISION FEES PAYABLE TO THE AFSA

6.1 Annual supervision fees for Regulated Activities

Annual supervision fees for Regulated Activities are determined by the activities the Authorised Firm conducts as set out below:

(…)

6.2 Annual supervision fees for Market Activities

Annual supervision fees for Market Activities are determined by the activities the Authorised Market Institution conducts as set out below:

(…)

AIFC ANTI-MONEY LAUNDERING, COUNTER-TERRORIST FINANCING AND SANCTIONS RULES

In these Rules, underlining indicates a new text and strikethrough indicates a removed text

6. CUSTOMER DUE DILIGENCE

6.1. Conducting Customer Due Diligence

6.1.1. Obligation to conduct Customer Due Diligence

A Relevant Person must:

(a) conduct CDD under AML 6.3.1 for each of its customers including when the customer is

carrying out occasional transactions the value of which singularly or in several linked operations (whether at the time or later), equal or exceed USD 15,000; and

(a-a) conduct CDD under AML 6.3.1 for each of its customers including when the customer is

carrying out occasional transactions with Digital Assets the value of which singularly or in several linked operations (whether at the time or later), equal or exceed USD 1,000; and

(b) in addition to (a) and (a-a), conduct EDD under AML 7.1.1 in respect of:

(i) each customer it has assigned as high risk;

(ii) business relationships and transactions with persons from countries with high geographical risk factors.

(…)

11-1. DIGITAL ASSET TRANSFER (the “Travel Rule”)

11-1.1. Digital Asset transfer definition

(1) A Digital Asset transfer is a transaction carried out:

(a) by a Digital Asset Trading Facility Operator or Digital Asset Service Provider (an “ordering institution”) on behalf of an originator by transferring any Digital Assets; and

(b) with a view to making the Digital Assets available

(i) to that Person or another Person (a “beneficiary”); and

(ii) at an institution (a “beneficiary institution”) which may be the ordering institution or another institution, whether or not one or more other institutions (“intermediary institutions”) participate in completion of the transfer of the Digital Assets.

11-1.2. Obligations of Ordering Institution

(1) Before carrying out both a cross-border or domestic Digital Asset transfer of the amount equal to or above USD 1,000, an ordering institution must obtain, record and ensure that the transfers are accompanied by the following information:

(a) the name of the originator;

(b) the number of the originator’s account maintained with the ordering institution and from which the Digital Assets are transferred or, in the absence of such an account, a unique reference number assigned to the Digital Asset transfer by the ordering institution;

(c) the originator’s address, or national identity number, or customer identification number, or date and place of birth;

(d) the name of the beneficiary (recipient); and

(e) the number of the recipient’s account maintained with the beneficiary institution and to which the Digital Assets are transferred or, in the absence of an account number, a unique transaction number assigned to the Digital Asset transfer by the beneficiary institution.

(2) Before carrying out both a cross-border or domestic Digital Asset transfer of the amount below USD 1,000, an ordering institution must obtain, record and ensure that the transfers are accompanied by the following information:

(a) the name of the originator;

(b) the number of the originator’s account maintained with the ordering institution and from which the Digital Assets are transferred or, in the absence of such an account, a unique reference number assigned to the Digital Asset transfer by the ordering institution;

(c) the name of the beneficiary (recipient); and

(d) the number of the recipient’s account maintained with the beneficiary institution and to which the Digital Assets are transferred, or, in the absence of an account number, a unique transaction number assigned to the Digital Asset transfer by the beneficiary institution.

(3) Before transferring Digital Assets, an ordering institution must verify the accuracy of the information referred to in (1) (a) to (c) on the basis of documents, data or information obtained from a reliable and independent sources.

(4) If several individual domestic or cross-border Digital Asset transfers from a single originating institution are bundled in a batch file for te transmission to recipient(s), then a Digital Asset Trading Facility Operator or Digital Asset Service Provider that is an ordering institution must ensure that:

(i) the batch file contains the originator information required in (1) and/or (2) respectively;

(ii) it has verified the originator information referred to in (1); and

(iii) the batch file contains the recipient information required under (1) and/or (2) for each recipient and

that information is fully traceable in each recipient’s jurisdiction.

(5) The information referred to in (1), (2), (4) must be submitted in advance of, or simultaneously or concurrently with, the transfer of Digital Assets and in a secure manner and in line

with the requirements of the AIFC rules and regulations on data protection.

Guidance:

(1) The number of the account maintained with the ordering institution or

beneficiary institution from or to which the Digital Assets are transferred referred to in 11-1.2.(1)(b) to (e) and 11-1.2.(2)(b) to (d) could mean:

(a) the originator’s or recipients’ Digital wallet (address), where a transfer of Digital Assets is registered on a network using distributed ledger technology or similar technology or,

(b) the originator’s or beneficiary's account number, where such an account exists and is used to process the Digital Asset transaction if a transfer of Digital Asset is not registered on a network using distributed ledger technology or similar technology;

(b) Where information both in (1) (a) and (b) exists, ordering or beneficiary institutions should obtain, hold and/or send all information.

11-1.3. Obligations of Beneficiary Institution

(1) A Digital Asset Trading Facility Operator or Digital Asset Service Provider, which acts as a beneficiary institution in a Digital Asset transfer must obtain, record and implement effective procedures, including, where appropriate, monitoring during or after the transfer, in order to detect whether the referred to in 11-1.1(1) and (2) respectively, on the originator and the beneficiary is included in, or follows, the transfer of Digital Assets or batch file transfer.

(2) Before making the Digital Assets available to the beneficiary, for a Digital Asset transfer of amount equal to or above USD 1,000, a beneficiary institution must verify the accuracy of information of the recipient referred to in 11-1.1.(1)(d), on the basis of documents, data or information obtained from a reliable and independent sources.

11-1.4. Transfers of Digital Assets with missing or incomplete information on the originator or the beneficiary

(1) A Digital Asset Trading Facility Operator or Digital Asset Service Provider of the beneficiary must implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject or suspend a transfer of Digital Asset that is not accompanied with a required complete originator and beneficiary information and for taking the appropriate follow-up action.

(2) Where the Digital Asset Trading Facility Operator or Digital Asset Service Provider of the beneficiary becomes aware that the information referred to in 11-1.1(1) and (2) is missing or incomplete, the Digital Asset Trading Facility Operator or Digital Asset Service Provider must before making the Digital Assets available to the beneficiary, on a risk-sensitive basis and without undue delay:

(a) reject the transfer or return the transferred Digital Assets to the originator’s account; or

(b) ask for the required information on the originator and the beneficiary before making the Digital Assets available to the beneficiary.

(2) Where a Digital Asset Trading Facility Operator or Digital Asset Service Provider repeatedly fails to provide the required information on the originator or the beneficiary, the Digital Asset Trading Facility Operator or Digital Asset Service Provider of the beneficiary must:

(a) take steps, which may initially include the issuing of warnings and setting of deadlines; or

(b) reject any future transfers of Digital Assets from or to, or restrict or terminate its business relationship with, a provider of Digital Assets transfers that fails to provide the required information. The Digital Asset Trading Facility Operator or Digital Asset Service Provider of the beneficiary must report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with these Rules.

11-1.5. Digital Asset Transfers to or from self-hosted digital wallets

(1) In the case of a transfer of Digital Assets made to or received from on behalf of its a self-hosted digital wallet(s), the Digital Asset Service Provider of the originator or beneficiary must obtain and hold information referred to in in (1) or (2) from clients and ensure that the transfer of Digital Assets can be individually identified.

(2) In case of a Digital Asset transfer whose amount exceeds USD 1,000 or there is a suspicion of money laundering of a transfer to a self-hosted digital wallet Digital Asset Service Provider of the originator or beneficiary must take adequate measures on a risk-sensitive basis to mitigate and manage the ML/TF risks associated with the transfers.

Guidance on risk mitigating measures on transfers to or from self-hosted digital wallets

Digital Asset Service Provider should undertake following measures (non-exhaustive) to ensure compliance with (2):

(a) conduct enhanced monitoring of Digital Asset transfers with self-hosted digital wallets;

(b) accept Digital Asset transfers only from or to self-hosted digital wallets that the Digital Asset Service Provider has assessed to be reliable, having regard to the screening results of the Digital Asset transactions and the associated digital wallets and the assessment results on the ownership or control of the self-hosted digital wallet by the originator or beneficiary; and

(c) impose transaction limits or prohibition.

11-1.6. Rules in Chapter 11-1. comes into operation 12 months after the adoption of the AIFC Rules on Regulation of Digital Asset Activities.

11-2. DIGITAL ASSET TRANSFER COUNTERPARTY DUE DILIGENCE AND ADDITIONAL MEASURES.

11-2.1. General requirements Digital Asset transfer counterparty due diligence

(1) When an Authorised Person conducts a Digital Asset transfer referred to in Chapter 11-1, the Authorised Person will be exposed to money laundering and terrorist financing risks associated with the institution which may be the ordering institution, intermediary institution or beneficiary institution involved in the Digital asset transfer (“Digital Asset transfer counterparty”).

(2) To avoid sending or receiving Digital Assets to or from illicit actors or designated parties that had not been subject to appropriate CDD and screening measures of a Digital Asset transfer counterparty and to ensure compliance with the Travel Rule, an Authorised Person must conduct due diligence on the Digital Asset transfer counterparty to identify and assess the money laundering and terrorist financing risks associated with the Digital Asset transfers to or from the Digital Asset transfer counterparty and apply appropriate risk-based anti-money laundering and countering financing terrorism measures.

(3) An Authorised Person should conduct due diligence measures on a Digital Asset transfer counterparty before conducting a Digital Asset transfer, or making the transferred Digital Assets available to the recipient.

(4) An Authorised Person does not need to undertake the Digital Asset transfer counterparty due diligence process for every individual Digital Asset transfer when dealing with Digital Asset transfer counterparties that it has already conducted counterparty due diligence on previously, unless when there is a suspicion of money laundering and terrorist financing.

(5) An Authorised Person undertakes reviews of the Digital Asset transfer counterparty due diligence records on a regular basis or upon trigger events (e.g., when it becomes aware of a suspicious transaction or other information such as negative news from credible media, public information that the counterparty has been subject to any targeted financial sanction, money laundering and terrorist financing investigation or regulatory action).

(6) Based on the Digital Asset transfer counterparty due diligence results, the Authorised Person determines if it should continue to conduct Digital Asset transfers with, and submit the required information to, a Digital Asset transfer counterparty, and the extent of anti-money laundering and countering financing terrorism measures that it should apply in relation to Digital Asset transfers with the Digital Asset transfer counterparty on a risk-sensitive basis.

11-2.2. Digital Asset transfer counterparty due diligence procedures

Digital Asset transfer counterparty due diligence typically involves the following procedures:

(a) determining whether the Digital Asset transfer is or will be with a Digital Asset transfer counterparty or a Self-Hosted Digital wallet;

(b) where applicable, identifying the Digital Asset transfer counterparty (e.g., by making a reference to lists of licensed or registered Digital Asset Service Providers or financial institutions in different jurisdictions); and

(c) assessing whether the Digital Asset transfer counterparty is an eligible counterparty to deal with and to send the required information to.

11-2.3. Digital Asset transfer counterparty due diligence measures

An Authorised Person applies the following Digital Asset transfer counterparty due diligence measures before it conducts a Digital Asset transfer with a Digital Asset transfer counterparty:

(a) determines if the respondent entity is licensed or registered;

(b) collects sufficient information about the Digital Asset transfer counterparty to enable it to understand fully the nature of the Digital Asset transfer counterparty’s business;

(c) understands the nature and expected volume and value of Digital Asset transfers with the Digital Asset transfer counterparty;

(d) determines from publicly available information the reputation of the Digital Asset transfer counterparty and the quality and effectiveness of the anti-money laundering and countering financing terrorism regulation and supervision over the Digital Asset transfer counterparty by authorities in the jurisdictions in which it operates and/or is incorporated which perform functions similar to those of the competent authorities;

(e) assesses the anti-money laundering and countering financing terrorism controls of the Digital Asset transfer counterparty and ensures that the anti-money laundering and countering financing terrorism controls of the Digital Asset transfer counterparty are adequate and effective;

(f) assesses whether the Digital Asset transfer counterparty is subject to the Travel Rule similar to that imposed under Chapter 11-1 in the jurisdictions in which the Digital Asset transfer counterparty operates and/or is incorporated;

(g) assesses the adequacy and effectiveness of the anti-money laundering and countering financing terrorism controls that the Digital Asset transfer counterparty has put in place for ensuring compliance with the Travel Rule;

(h) assesses whether the Digital Asset transfer counterparty can protect the confidentiality and integrity of personal data (e.g., the required originator and recipient information), taking into account the adequacy and robustness of data privacy and security controls of the Digital Asset transfer counterparty; and

(j) obtains approval from its senior management.

Guidance:

(1) While a relationship with a Digital Asset transfer counterparty is different from a cross-border correspondent relationship referred to in Chapter 10, there are similarities in the due diligence approach which can be of assistance to an Authorised Person. By virtue of this, the Authorised Person should conduct the due diligence measures in Chapter 10, with reference to the requirements set out in AML 10.2.

(2) When assessing money laundering and financing terrorism risks posed by a Digital Asset transfer counterparty, an Authorised Person should take into account relevant factors that may indicate a higher money laundering and financing terrorism risk. Examples of such risk is where a Digital Asset transfer counterparty:

(i) operates or is incorporated in a jurisdiction posing a higher risk or with a weak anti-money laundering and countering financing terrorism regime;

(ii) is not (or yet to be) licensed or registered and supervised for anti-money laundering and countering financing terrorism purposes in the jurisdictions in which it operates and/or is incorporated by authorities which perform functions similar to those of the competent authorities;

(iii) does not have in place adequate and effective anti-money laundering and countering financing terrorism systems, including measures for ensuring compliance with the Travel Rule;

(iv) does not implement adequate measures or safeguards for protecting the confidentiality and integrity of personal data; or

(v) is associated with money laundering and financing terrorism or other illicit activities.