The Australian Securities and Investments Commission (ASIC) has recently issued updated guidelines for financial services firms that are responsible for holding client assets. These new guidelines, outlined in the revised Regulatory Guide 133 (RG 133), aim to address emerging risks in digital assets such as cryptocurrencies while also reinforcing traditional custody standards.
One of the key changes introduced in the updated guidelines is the requirement for enhanced information security controls for crypto-asset custodians. This includes implementing robust security protocols and maintaining comprehensive risk management frameworks when dealing with cryptocurrency exchanges. Asset holders are now required to use cold storage systems with limited connectivity to computing networks, ensure strong physical security for hardware devices storing private keys, and establish geographically distributed backup locations for key recovery systems.
In addition to information security controls, the new guidelines also mandate stricter risk management processes for digital asset custody. This includes implementing multi-signature or sharding-based signing approaches for transactions, as well as permissioning processes that prevent single-party control over transactions. Asset holders are also required to conduct thorough evaluations of any crypto exchanges used, ensuring that they are registered with AUSTRAC or equivalent foreign authorities and comply with AML/CTF Act requirements.
Furthermore, the updated guidelines introduce updated financial requirements for asset holders and expand oversight of sub-custodial arrangements. These requirements apply to a wide range of financial services providers, including registered scheme operators, licensed custodians, managed discretionary account providers, and operators of investor-directed portfolio services.
These new guidelines come as part of ASIC’s efforts to enhance oversight of key entities that facilitate trading in Australia’s capital markets. The regulator gained new powers at the end of September to oversee financial market infrastructure, with reforms aimed at improving the stability and efficiency of the country’s financial system. The Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024, which received Royal Assent on September 17, introduces a series of measures designed to strengthen oversight of financial market infrastructure.
Overall, the updated guidelines from ASIC represent a significant step towards ensuring the security and integrity of digital asset custody in the financial services industry. By implementing robust security protocols, conducting thorough due diligence on crypto exchanges, and maintaining strict risk management processes, asset holders can better protect client assets and mitigate potential risks associated with cryptocurrency custody.