Published in June 2018, the ASIFMA Best Practices for Digital Asset Exchanges Guide was developed by Asia Securities Industry and Financial Markets Association (ASIFMA) members in consultation with various market participants. Aimed at the digital asset exchanges and industry practitioners, its goal is to guide digital asset exchanges towards international best practices and highlight points for consideration in several key areas.

  1. Background: Cryptocurrency and Digital Asset Exchanges

    While not the first virtual currency, Bitcoin is unique in that it was the first to receive widespread recognition without having a central governing authority. Instead, every transaction is recorded in code format which is then added to a ‘block’. Each Bitcoin transaction block records, inter alia, the sender, recipient and amount. This is publicly viewable on an electronic, decentralised, distributed and public ledger. This ledger is known as the ‘blockchain’, with values represented by ‘tokens’.

    Since its inception in 2008, thousands of other cryptocurrencies have been launched on the back of Bitcoin. These ‘altcoins’ vary in popularity, price, anonymity and technical details.

    Originally, bitcoin was exchanged for fiat currency bilaterally among enthusiasts. However, in the past decade, numerous exchanges have been launched and trade many of the thousands of digital currencies available. 

    Exchange platforms can take a number of forms. These include, centralised/decentralised systems, automated models, brokerage models, peer-to-peer/swap technology platforms, bulletin board-type communication portals and fiat/non-fiat gateways. The ASIFMA guide focuses on centralised digital asset exchanges, although a number of principles can be applied more broadly.

    Digital asset exchanges can act as a vehicle for a number of potential transactions such as primary sales, secondary sales, airdrops and earn drops. Airdrop occurs when the exchange allocates assets to users without payment, as part of incentive or community building programs. Earn drops similarly allocate assets in exchange for a task such as providing input to the exchange.

    It is noted that the exchanges often ‘wear multiple hats’ as they serve as marketplaces, brokers, custodians and proprietary holders of assets. This leads to the risk of conflict of interest. There have also been a number of cyberattacks on large crypto exchanges resulting in hundreds of millions of dollars in bitcoin being stolen. Moreover, there is often a lack of due diligence and independent insight on many new token sales that have led to failures caused by fraud, mismanagement and manipulation.

  2. Best Practice for Listing Process

    1. General

      Regulators around the world are still coming to grips with what ‘effective’ regulation of digital assets entails. Certain jurisdictions already regulate digital asset exchanges with the aim of balancing innovation with risk mitigations as well as sensitively navigating the individual nature of each asset and platform.

      Beyond sensible regulation, large market ‘infrastructure’ is needed. This includes systems relating to custody, screening and operational risk control. Market data aggregation systems and controls are required to address whether reported exchange figures are reliable. ASIFMA notes there are very few ‘institutional ready’ market data feeds in the market.

    2. Listing Process

      Listing process framework

      An exchange should make its listing process publicly available.

      Application form

      Exchanges should obtain information from the applicant to help it determine whether the token should be listed.

      Listing requirements and considerations

      ASIFMA consider it best practice for the exchange to set out any minimum listing requirements it has. There are also merits to setting out the factors an exchange will consider in a listing decision.

      Suggested factors include the token issuer’s business as well as the token applicant’s team and any governance considerations. Technology, including the token ecosystem, should also be considered. Token supply, demand, liquidity and sale structure are other factors. So too are regulatory and reputational risk considerations.

      Legal opinion

      Exchanges should consider obtaining written legal advice to confirm the legal and regulatory status of the tokens in the relevant jurisdictions and any implications.

      Issuer Due Diligence

      Exchanges are told to conduct reasonable due diligence and not fully rely on a legal opinion provided by the issuer.

      Listing fees

      Some digital asset exchanges do not accept payment for listing, while some may charge applicants a listing fee. While the level of fees to be charged is a commercial decision, it is best practice to charge a flat rate for all applications to avoid giving the impression that the exchange’s listing decisions are determined or influenced by the amount of money an issuer is willing to pay for listing a cryptographic token.  

      Other internal controls

      Exchanges are told to implement internal controls such that decision makers in the listing process do not divulge or take advantage of confidential information.

      Listing rules

      Exchanges should ensure that there are arrangements in place that set out the responsibilities and continuing obligations of the applicant and the circumstances in which a token listing may be suspended or de-listed.

    3. Note on Stablecoins

      ASIFMA warns that extreme care is required in using stablecoins. Whilst they can serve a valuable purpose, offering a less volatile class of asset, many are likely to be regulated products. In certain jurisdictions, price stabilisation activity could also constitute unlawful asset price manipulation.

      Stablecoins should be subject to rigorous due diligence with audit and other mechanisms in place to ensure that mechanisms supporting the stablecoin do exist. Reasonable steps should be taken to ensure that customers are not confused as to the asset.

  3. Addressing Market Manipulation, Pricing and Liquidity

    Exchange regulation entered the spotlight in September 2017 with Japan officially regulating 11 exchange operators. Australia followed in December 2017 when it passed legislation requiring exchange registration with AUSTRAC. There are various levels of maturity across exchanges, both in terms of trading technology, broader market infrastructure linkages and embedded protections.

    Three areas which demand focus from digital asset exchanges to advance the industry are market manipulation, pricing and liquidity and trading measures.

    1. Market Manipulation

      As global regulators begin to weigh in on the evolving digital asset markets, it is highly likely that basic international anti-manipulation and market abuse standards may soon apply to digital asset exchanges.

      The ‘pump and dump’ scheme is offered as an example of typical fraudulent practice.  

      ASIFMA recommends that suspected fraud and price manipulation are monitored and enforced by:

      • setting clear trading rules;

      • periodically reviewing suspicious price spikes; and

      • applying terms of use controls (e.g. account freezes) where there is strong evidence of fraud.

      A similar challenge is preventing insider dealing, front-running and spoofing schemes. It is noted that exchanges can directly influence or prevent these schemes with technical solutions and market surveillance.

    2. Pricing and Liquidity

      Pricing variations for the same asset on global exchanges are primarily due to differences in liquidity, jurisdictional onboarding restrictions, and exchanges’ bank limits on wire transfers and capital controls, which tend to limit arbitrage opportunities. Standards that can be applied to promote accurate pricing are similar to dual listed companies.

      Exchanges can support asset liquidity monitoring and promotion of enhanced liquidity by measuring digital asset liquidity and enacting policies and procedures for review and assessing whether they can continue to adequately support trading assets which have fallen below baseline liquidity thresholds via OTC services or other methods.

      Broader market liquidity can be measured using a variety of indicators, including pre/post trade price transparency, volumes, open interest, breadth of investors, number of active market makers, relationship of price relative to volume, bid/ask spreads, etc. Liquidity is typically a symptom of both asset quality and market structure. Exchanges can play a role in supporting collaborative market-structure enhancements that can be made to broadly promote liquidity.

    3. Trading Measures

      Standard measures such as market-wide trading halts, Limit Up-Limit Down (LULD) rules or volatility circuit breakers are not yet widely used across digital asset exchanges. Exchange usage of circuit breakers prevents the market and/or single assets from trading outside specific price bands by setting static or dynamic price ceilings and floors above and below certain reference prices. However, while usage of circuit breakers is widely accepted in mature trading venues, there are a number of challenges to implementation of similar measures on new and emerging trading venues, including digital asset exchanges, due to the highly volatile and fragmented landscape of trading venues that exists today. As a result, implementation of circuit breakers currently appears to be impractical and detrimental to proper market functioning at this early point on the maturity curve.

  4. Regulatory Considerations: Licensing and Authorisation

    ASIFMA note that regulators are scrutinising exchanges on two fronts. Firstly, they are ensuring that exchanges are not facilitating trading in regulated financial products without the appropriate authorisation. Secondly, they want to understand how exchanges market their services to potential customers and whether such marketing activity itself constitutes some form of regulated financial activity for which a license or authorisation is required.

    1. The ‘Switching Off’ Solution

      The most common solution to the issue of tokens having different classifications across jurisdictions is to ‘switch off’ customers in those jurisdictions pursuant to the exchange’s terms and conditions.

    2. Other Solutions

      In addition, exchanges may need to implement a number of measures to comply with relevant regulations. Suggestions include:

      • Incorporate a generic catch-all clause in the terms and conditions stating that services will not be provided where the use of such services would contravene applicable regulations;

      • Notify customers about tokens which are ‘switched off’ in relevant jurisdictions;

      • Implement systems so that persons cannot actually trade ‘switched off’ assets, including geoblocking and IP checks; and

      • Website and marketing materials should list the jurisdictions which are not ‘switched off’.

    3. Further best practice guidelines include regularly monitoring developments in jurisdictions where tokens are traded, require issuers to disclose to the exchange any material issues or changes, prohibit users in affected jurisdictions from buying relevant tokens and engaging in discussions with local regulators to help affected investors exit their position.

  5. AML/KYC Issues and Recommendations

    There is a great impetus for exchanges to develop anti-money laundering and counter-terrorist financing measures. The exchange should conduct its own risk assessment and in doing so consider: the type of exchange, jurisdictions serviced, customer base and target market and scope of business.

    1. Program

      Following the risk assessment, the exchange should develop a program to include:

      • Written policies and procedures around KYC and due diligence;

      • Enhanced due diligence program;

      • Policies on management, oversight and control;

      • Periodic independent testing to ensure efficacy; and

      • Record keeping policies.

  6. Custody Issues And Recommendations

    Custody models have so far been based around co-mingled omnibus-like accounts in which similar users’ assets are pooled in one account. Omnibus accounts and segregated user accounts are said to be the two main categories.

    General principles of custody include screening all employees appropriately, providing adequate training and supervision and establishing internal procedures. Exchanges that store, hold or maintain custody of digital assets must hold that same type and amount owed to the person. Customer terms and conditions should not only cover the products and services available, but also make clear the respective rights, obligations, responsibilities and risk allocation of the parties, plus appropriate dispute resolution mechanisms. Relevant books and records should be kept for at least seven years.

  7. Cybersecurity Issues And Recommendations

    Some of the best practices are to be implemented by the exchanges whilst others are driven by users. Recommendations include, having a dedicated team in charge of cybersecurity, performing staff background checks and patching security breaches in a timely manner. A number of far more technical suggestions, such as Distributed Denial of Service Protection, testing of code and multi-factor authentication are offered.

  8. Risk Mapping

    Risk mapping aims to identify, measure, manage and/or control the relevant risk that may have an impact on the exchange, including legal risks, credit risks, market risks and operational risks. Relevant considerations include risk culture, risk objectives, risk appetite and a risk management cycle. Exchanges are also told to adopt a ‘3 Lines of Defence’ model with the first line being managing risk, the second defining a risk management framework and the third being internal audit.

  9. Engagement With External Stakeholders

    Stakeholders include exchange participants, banks and other institutions, service providers as well as regulators and other authorities. The requirements for each stakeholder differ but generally they require engaging well, resolving issues, self-reporting as necessary and knowing your stakeholder.

    Key elements critical to the success of stakeholder relationships include risk management, internal controls, documentation with stakeholders, adequate resources, training and guidance and regulatory engagement.

ASIFMA Publishes Paper on Best Practices for Digital Asset Exchanges

Background: Cryptocurrency and Digital Asset Exchanges

Best Practice for Listing Process

Addressing Market Manipulation, Pricing and Liquidity

Regulatory Considerations: Licensing and Authorisation

AMl/KYC Issues and Recommendations

Custody Issues and Recommendations

Cybersecurity Issues and Recommendations

Risk Mapping

Engagement with External Stakeholders