Following the recommendations of the Senate Select Committee on Australia as a Financial and Technology Centre, Treasury has released a consultation paper on licensing and custody requirements for Crypto Asset Secondary Service Providers (CASSPrs). Consultation is currently open and will close on 27 May 2022.
What is the consultation about?
The consultation relates to approaches to licensing digital currency exchanges and custody requirements for crypto assets. Treasury will communicate the outcome to government by mid‑2022 with a view of implementing a licensing regime by the end of the year. Crypto assets subject to the proposed regulation will include crypto currencies and non‑fungible tokens (NFTs).
The aim of the proposed regulation is to meet the challenge of implementing appropriate consumer safeguards while preserving innovation, growth and competition in the industry. The government wants to position Australia as a reliable and trustworthy crypto market.
What is a CASSPr?
Treasury is proposing to use the term Crypto Asset Secondary Service Provider (CASSPr) instead of the term “digital currency exchange”. The proposed definition of a CASSPr is:
Any natural or legal person who, as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
i. exchange between crypto assets and fiat currencies;
ii. exchange between one or more forms of crypto assets;
iii. transfer of crypto assets;
iv. safekeeping and/or administration of virtual assets or instruments enabling control over crypto assets; and
v. participation in and provision of financial services related to an issuer’s offer and/or sale of a crypto assets.
A “crypto asset” is defined by ASIC as “… a digital representation of value or contractual rights that can be transferred, stored or traded electronically, and whose ownership is either determined or otherwise substantially affected by a crypto graphic proof.”
How is the proposed regulation different to regulation already in place in Australia?
At the moment, financial services laws may not apply to some CASSPRs. For example, the Australian Financial Services Licence (AFSL) regime only applies to financial products, and many crypto assets are not financial products. In the area of anti‑money laundering and counter‑terrorism financing (AML/CTF), the AML/CTF regime already applies to digital currency exchanges. However, AML/CTF regulation is not intended to directly protect consumers. The proposed regulation is focused on protection of consumers.
What is the proposed licensing regime?
The proposed licensing regime will apply to all secondary service providers such as brokers, dealers or those who operate and market for crypto assets, as well as secondary service providers who offer custodial services in relation to crypto assets. The regime will not apply to decentralised platforms or protocols.
The regime proposes imposing obligations on CASSPrs similar to those obligations currently applying to AFSL holders. These include the requirement to provide services efficiently, honestly and fairly, maintain adequate resources to provide the services, having appropriate dispute resolution arrangements in place, and ensuring directors and key persons are fit and proper people.
The regime also imposes minimum financial requirements, including capital requirements, on CASSPrs as well as client money obligations. CASSPrs would also need to maintain adequate custody arrangements (see below).
Treasury is seeking feedback on whether the licensing regime should be implemented using the force of law or whether the crypto industry should self‑regulate through an industry‑adopted code of conduct. The latter approach is similar to that in the US and UK, although both jurisdictions are considering additional obligations for crypto assets.
What about custody?
The proposal also involves mandatory minimum principle‑based custody obligations for private keys held or stored by CASSPrs on behalf of consumers. The security of private keys to prevent unauthorised access to crypto assets is of critical importance. Accordingly, Treasury is proposing that mandatory obligations should apply, including that the assets are held on trust for the consumer. This is to ensure appropriate segregation of assets and that the custodian of the private keys has the required expertise and infrastructure, including having appropriate processes to minimise the risk of loss of unauthorised access, and processes for compensation in the event the crypto assets held in custody are lost.
The proposed obligations will also include minimum financial requirements, including capital requirements.
What impact may the proposed regime have on insurance?
Assuming these proposals become law, it will be interesting to see whether CCASPrs will seek to obtain insurance to assist with some of these obligations. In particular, the processes for redress and compensation in the event the crypto assets held in custody are lost.
Insurance companies are no doubt watching this space closely, noting that very few insurance policies currently cover crypto. Where it is available, cover is generally limited to theft of private keys while in cold storage (ie. offline).
If CCASPrs are regulated, this may result in increased demand for insurance of private keys in custody. Insurance can play a role to ensure there is the capacity to provide compensation in the event that private keys, for example, are lost due to negligence of the custody provider.
Insurers undertake due diligence of prospective insureds to analyse their security procedures as part of the underwriting process. The team at Norton Rose Fulbright advised on the first crypto insurance policy in the UK and has also assisted insurers with undertaking due diligence on prospective insureds.
Consultation ends on 27 May 2022. You can access the consultation paper here.
 Australian Securities and Investment Commission, Consultation Paper 343 – Crypto-assets as underlying assets for ETPs and other investment products.