IOSCO Recommendations: A Storm Brewing for Crypto Exchanges?

Meanwhile, IOSCO underlines its intention not to craft a mandatory rulebook, but to foster a universal approach to mitigating risks. As such, its initial overarching recommendation suggests regulating certain sectors with existing laws, while other sectors receive more tailored proposals aligned with their distinct characteristics.

Often, Crypto Asset Service Providers (CASP) operate across multiple domains (spot trading, staking, lending, futures). Consequently, they need to have effective management mechanisms in place to prevent conflicts of interest between their various services. In some instances, it might require partitioning the organization into separate projects with a detailed and non-technical description of each one's activities.

Many believe that CASPs employ robust trading systems ensuring swift and accurate order execution. However, under heavy loads, they frequently encounter problems, which is unacceptable in the finance sector. Therefore, regulators and providers need to refine their trading mechanisms and the information provided to traders (bid and ask prices, market depth, etc.), akin to traditional markets.

All CASPs are required to disclose standards of specific systems, such as listing and delisting procedures, as this information has long raised questions among users and regulators. It should include a thorough evaluation of digital assets, trading history (if available), team data, and much more, including issuer information. Industry representatives have long criticized such a requirement, especially concerning platform-specific tokens, as it introduces an additional conflict of interest.

Regulators should take a stricter approach towards market crimes (fraud, manipulation, insider trading, false reports) despite the lack of a comprehensive regulatory framework, as the cryptocurrency market is rife with such issues. Moreover, every CASP should have measures in place to prevent fraudulent activities (monitoring transactions, swift response measures), and manage non-public information (listing, delisting, customer orders) but only with limited access.

Due to the expansive reach of cryptocurrencies, they're now globally utilized. Some Crypto-Asset Service Providers (CASPs) operate from offshore jurisdictions or forgo a specific company registration locale altogether. This creates hurdles for regulatory bodies, indicating that the sharing of information related to digital assets or the operations of providers should be conducted irrespective of jurisdictional boundaries.

The topic of fund security has come under intense discussion following the insolvency of several cryptocurrency companies. Consequently, the International Organization of Securities Commissions (IOSCO) insists on implementing stringent norms that compel regulatory authorities to keep a close eye on fund safety measures. At the same time, providers are obligated to adhere to deposit storage protocols, including maintaining accurate user account records.

On occasion, asset reserves can be entrusted to qualified third parties or distinctly separated from corporate resources, providing not just technical protection but legal safeguards too. Customers should be supplied with comprehensive information about the storage or utilization of assets (such as the terms of fund placement, the presence of a trusted entity, potential risks, etc.).

Of course, all financial and technical systems that ensure the security of deposits must be subjected to public and routine audits. This includes aspects like cybersecurity, private key management, the mix of hot and cold wallets, as well as compensation procedures for unforeseen circumstances.

Given the potential for various operational and technical issues within crypto assets (forks, bridges, and smart contracts), it is incumbent upon CASPs to promptly inform their clients about these risks and ensure sufficient systemic resilience to mitigate any harm.

The aforementioned recommendation (IOSCO standards) should primarily serve as foundational guidelines for regulators and providers when interacting with retail customers, both new and existing. The need for this stems from the fact that numerous crypto users may lack the necessary knowledge and expertise, thereby requiring a higher level of protection.

While many of the recommendations are indeed apt for creating a healthy market environment, they also present several challenges for crypto exchanges. Other recommendations, such as cross-border collaboration or data collection about issuers, could be difficult to implement. Although the IOSCO categorizes this report as consultative, they believe that the final version could potentially be the basis for worldwide regulations governing the crypto realm. Therefore, if the organization genuinely seeks to foster industry growth, it needs to spend more time consulting with industry representatives to adjust and refine any questionable proposals.