News

Code of Practice Proposed for Digital Asset Industry

Aug 16 2019 | by OrionW

The Association of Cryptocurrency Enterprises and Start-Ups, Singapore (ACCESS) recently sought public feedback on a draft Code of Practice for the digital asset industry (Code).  ACCESS prepared the Code in consultation with the Association of Banks in Singapore under the Standardisation of Practice in Crypto Entities initiative facilitated by the Monetary Authority of Singapore.

Scope of the Code

The Code provides broad guidance that is intended to complement the Payment Services Act by standardising approaches to anti-money laundering and counter financing of terrorism (AML/CFT) and Know Your Customer (KYC) issues.  The aim is to promote best practices and strengthen regulatory compliance for cryptocurrency industry participants (crypto-firms) within the digital asset industry.  The Code is not intended to replace other legislation, regulations or guidelines.

The Code does not apply to businesses that merely utilise blockchain technology and are not otherwise involved with cryptocurrency or customer funds.  Crypto-firms adopting the Code should be guided by the leading principle of proportionality and strike an appropriate balance between risks posed and AML/CFT measures.  The Code suggests identifying and assessing the respective money laundering or terrorism financing (ML/TF) risks according to qualitative and quantitative analyses and considering the risk criteria set out in the Code in order to determine the appropriate level of stringency for the required measures.  In that regard, the Code is not meant to be a “one size fits all” approach and seeks to establish a common set of practical AML/CFT measures that crypto-firms may implement.

Companies are encouraged to approach the Code in the following steps:

  • assess if they are a crypto-firm covered by the Code;
  • assess their ML/TF risks based on criteria set out in the Code; and
  • implement appropriate AML/CFT measures based on the risk assessment.

Assessment of Crypto-Firm Status

The Code sets out a guide on the scope of activities or operations conducted by crypto-firms for or on behalf of another natural or legal person:

  • exchange between cryptocurrency and fiat currencies;
  • exchange between one or more forms of cryptocurrency;
  • transfer of cryptocurrency;
  • safekeeping and/or administration of cryptocurrency or instruments enabling control over cryptocurrency; or
  • participation in and provision of financial services related to an issuer’s offer and/or sale of cryptocurrency.

Businesses above generally includes cryptocurrency exchanges, payment and remittance services firms, custodians, issuers, dealers, cryptocurrency fund investment firms, and blockchain network infrastructure service providers.

Additionally, the Code sets out three key categories of crypto-assets or digital tokens under the ambit of “cryptocurrency”:

  • payment tokens as means of payment for goods or services, money, or value transfer;
  • asset tokens representing financial assets such as debt or equity claim on the issuers; and
  • utility or consumer tokens designed for usage or consumption.

The Code is expected to be applicable to a diverse range of crypto-firms regardless of whether they provide products and services to businesses or consumers.    The Code encourages crypto-firms, regardless of licensing status under any other legislation, to assess the ML/TF risks arising from the dealings in the categories above and to apply AML/CFT measures accordingly.

Risk Assessment and Implementation of Appropriate Measures

The Code recommends that crypto-firms identify, assess and understand their own ML/TF risks on an enterprise-level.  Crypto-firms should review their assessments periodically and when material trigger events occur such as the launch of a new product or service or an acquisition or merger with another crypto-firm.  Quantitative and qualitative data should be used when considering the risk criteria in the context of the business, including factors such as size, scale and nature of the business.  The Code details various risk factors for assessment such as customer risk, geographical risk, and risks under products, services, transactions and delivery channels.

Thereafter, a crypto-firm may implement measures listed within the Code, where appropriate, based on the risk assessment.  Measures detailed within the Code include:

  • internal governance;
  • customer due diligence measures;
  • screening of all customers before establishing business relationships;
  • transaction monitoring system;
  • requirements on record keeping;
  • implementing a suspicious transaction reporting framework;
  • due diligence requirements in Correspondent accounts;
  • reliance on third parties to carry out KYC measures; and/or
  • outsourcing of AML/CFT measures.