1. Home
  2. Insights
  3. Alerts
  4. May 2025

Securities Commission issues Consultation Paper for the Proposed Regulatory Framework for Offering and Dealing in Tokenised Capital Market Products

14 May 2025

On 6 May 2025, the Securities Commission Malaysia (“SC”) issued its Public Consultation Paper No. 1/2025 on the Proposed Regulatory Framework for Offering and Dealing In Tokenised Capital Market Products (“Consultation Paper”).
 
The SC has observed a growing interest among capital market participants who wish to offer tokenised capital market products or carry out regulated activities relating to tokenised capital market products due to the benefits that such technology brings, such as, asset programmability through automated processes, fractionalisation of assets, reduction in settlement time, increased operational efficiency, immutability of records and increased potential for innovation.
 
Key points
 
The key points in the Consultation Paper are as follows: 
  1. The SC proposes to adopt a regulatory neutrality approach that aims to create a level playing field where “like product and like services will be regulated similarly regardless of the underlying technology”; in other words, regulations should be designed and applied in a way that does not unfairly favour or disadvantage any particular technology, business model, or market participant. 

  2. A tokenised capital market product refers to a digital representation of any of the following capital market products, namely securities, derivatives, a private retirement scheme, a unit trust scheme, any product or arrangement based on securities or derivatives or a combination thereof (including the rights attached to it). 

  3. Tokenisation will involve the adoption of distributed ledger technology (“DLT”) to create a digital representation of the capital market product, usually in the form of a token. It will also create a digital record of the capital market products (digital twin) that is cryptographically secured, without the need for it to be managed by a central intermediary.1 

  4. According to the SC, capital market products may be represented digitally under two arrangements: 
  • Digital twin representation token
    This structure enables a capital market product in its traditional form to be represented as a digital copy on a distributed ledger thereby, allowing the digital twin to be recorded and managed on the blockchain. In essence, it is a capital market product that has a tokenisation wrapper. 
  • Native tokens
    This structure allows for more novel forms of tokens, whereby the token itself is the capital market product. Unlike digital twin representation tokens, native tokens are issued directly on a distributed ledger without an “off-chain” equivalent and exists solely on the blockchain. Regulation of such tokens would include the regulation of the DLT network.
Due to the added complexity and risk associated with native tokens, the SC has adopted a phased approach in facilitating the offering and dealing in tokenised capital market products. Hence, the CP sets out a framework for the offering and dealing of digital twin representation tokens only, with offerings and dealings to be considered at a later date. 
  1. The proposed framework under the CP (“Framework”) seeks to promote responsible innovation which ensures that investors’ interests are not compromised by the innovation. Hence the Framework will impose requirements relating to: 
  • Governance
  • Risk Management
  • Disclosure relating to the issuance of the tokenised capital market product
  • Conduct of regulatory activities relating to tokenised capital market products. 
  1. The Framework is to be read together with other relevant laws and guidelines such as the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, Guidelines on Recognized Markets, Guidelines on Unlisted Capital Market Products under the Lodge and Launch Framework and Guidelines on Collective Investment Scheme.
     
    As a tokenised capital market product is a digital copy of an existing capital market product on the blockchain, capital market participants who intend to offer or deal in any tokenised capital market product must also comply with the existing requirements relating to such products as specified under the relevant securities laws and SC’s guidelines.
     
    For example, where an issuer wishes to offer a tokenised bond, the issuer must first issue the bond traditionally in compliance with the requirements under the Guidelines on Unlisted Capital Market Products under the Lodge and Launch Framework. The issuer then needs to ensure, that the issuance of the bond token and the distribution are in compliance with the additional requirements relating to technology risk and disclosure as set out under the Framework.
Applicability
 
The Framework will apply to the following: 
  1. an issuer of a capital market product, e.g. a bond issuer, a unit trust management company issuing unit trusts, an Equity Crowdfunding (ECF) issuer, a peer-to-peer (P2P) issuer; 

  2. a recognized market operator (“RMO”); 

  3. a holder of a Capital Markets Services Licence (“CMSL holder”); and 

  4. a registered person, 
who wish to offer or carry out any regulated activity or capital market services relating to tokenised capital market products.
 
Part 1 of the Framework sets out the obligations of an issuer and an RMO and Part 2 sets out the obligations of licensed and registered persons carrying out regulated activities relating to tokenised capital market products.
 
Part 1 : Offering of tokenised capital market products
 
Obligations of Issuer and RMO
 
Issuers and RMOs seeking to adopt DLT to tokenise or facilitate the tokenisation of capital market products are required to understand and be proficient in utilising DLT, as well as implement appropriate safeguards and measures to manage the risks associated with the use of such technology.
 
General obligations
 
The SC had proposed that an issuer who wishes to offer a tokenised capital market product or an RMO who wishes to facilitate the offering of a tokenised capital market product on its platform must: 
  1. ensure compliance with existing requirements relating to the underlying capital market product as set out in the relevant laws, rules and guidelines in addition to complying with the requirements relating to tokenisation as set out in the Framework; 

  2. put in place mechanisms to ensure consistency in the legal and beneficial title of the tokens with the underlying capital market product; and 

  3. demonstrate sufficient understanding and proficiency in utilising DLT, implementing the relevant governance measures and safeguards to ensure operational soundness of the tokenisation process, including the management of minting and burning of tokens during subscription and redemption. 
Choice of DLT
 
An issuer and an RMO must assess the blockchain network used (i.e. private network or public network) in light of the intended use, compliance requirements and ensure there are proper controls in place to address the risks that may arise from the network used.
 
Record and Register
 
As tokenised capital market products under digital twin representation model will have both off-chain and on-chain records, the issuer and RMO must ensure compliance with the requirements relating to records and register as provided under the relevant laws, rules and guidelines relating to the underlying capital market product. Among others, the issuer and RMO must: 
  1. establish systems and controls for the maintenance of accurate and up to date records of tokens representing capital market products held in relation to the investor; 

  2. develop and implement policies and procedures to ensure robust management and operational soundness of the record keeping system for ownership including reconciling the on-chain and off-chain record to ensure consistency and finality; 

  3. ensure that records of the token holders’ ownership interests in the capital market product are accurate, properly secured and maintained; and 

  4. ensure the adoption of DLT complies with the requirement to maintain a record or register of shareholders, bondholders or unit holders, as the case may be, under the Capital Markets and Services Act 2007 (“CMSA”) and the relevant guidelines. 
Disclosure requirements relating to tokenised capital market products
 
In addition to existing disclosure requirements relating to the underlying capital market product, an issuer who offers tokenised capital market products must include the following information in the relevant disclosure document: 
  1. how the tokenised capital market product derives its value; 

  2. the representation of ownership of the tokenised capital market product; 

  3. the tokenisation arrangement including whether the off-chain or on-chain record and settlement are taken to be final and official (including how the underlying capital market product will be immobilised);

  4. where any benefit (e.g. dividends, bonus units, or any other benefits related to the tokenised capital market product) is accredited through the tokenised capital market product, the value and how it would be valued or redeemed; 

  5. business continuity plans for events concerning DLT such as cyber security attacks; 

  6. the type of blockchain network and the characteristics of the same; and 

  7. associated risks in relation to the tokenisation process and technology being used for example, cyber security risk, system outage, possibility of undiscovered technical flaws, etc. 
Obligations of RMO
 
An RMO2 intending to facilitate the offering of tokenised capital market products on its platform, remains responsible for the overall operation of the tokenisation arrangement notwithstanding any outsourcing to third-party vendors or service providers.
 
In addition to complying with the existing requirements, RMOs who wish to facilitate the offering of tokenised capital market products on their platform must: 
  1. ensure that its issuer’s disclosure document lodged with the RMO includes the additional disclosures set out under the Framework; 

  2. in the case where an RMO is required to maintain a register, the RMO must develop and implement policies and procedures to ensure robust management and operational soundness of the record keeping system for ownership including reconciling the on-chain and the off-chain record and whether the off-chain or on-chain record and settlement are taken to be final and official; 

  3. take into account the features and risks of the tokenised capital market product in considering the most appropriate custodial arrangement for the tokenised capital market product to manage ownership and technology risks as well as ensuring compliance with existing regulatory requirements; and 

  4. implement adequate key administrative controls and business continuity plans for DLT-related events such as cyber security attacks and technology incidents. 
Technology risk management
 
Issuers and RMOs must ensure that their Technology Risk Management Framework encapsulates considerations of blockchain technology across its governance, technology risk management, technology operations management, technology service provider management and cyber security management. Such considerations may include but is not limited to: 
  1. security of the DLT network and node management; 

  2. robustness and integrity of smart contract deployed; 

  3. interoperability of tokenisation arrangement with back-end systems and third-party service providers; and 

  4. data privacy. 
The SC has proposed that issuers who wish to offer tokenised capital market products must also ensure compliance with the relevant requirements as set out under the SC’s Guidelines for Technology Risk Management.
 
Third Party Service Providers
 
An issuer or an RMO who engages a third-party service provider to manage and maintain the DLT network must: 
  1. conduct a due diligence on the third-party service provider involved in the tokenisation of the capital market product to ensure that they are competent and are able to carry out their functions as a third-party service provider; and 

  2. assess the features and manage any risk that may arise from the tokenisation process adopted by the third-party service provider. 
The SC has proposed that an issuer or RMO intending to facilitate the offering of tokenised capital market products on their platform shall remain responsible for the overall operation of the tokenisation arrangement, including being responsible for the management and operational soundness of the record-keeping of ownership regardless of their outsourcing arrangements.
 
Consultation with the SC
 
The SC has proposed to impose a requirement for issuers and RMOs to consult the SC before offering or facilitating an offer of a tokenised capital market product. Among others, an issuer or RMO will be required to demonstrate to the SC’s satisfaction its compliance with the requirements under the Framework.
 
Part 2 : Carrying out regulated activities relating to tokenised capital market products
 
Obligations of CMSL Holders and Registered Persons
 
A CMSL holder or registered person intending to carry out regulated activities relating to tokenised capital market products must have the necessary manpower and expertise to understand the nature of such business, especially the risks relating to ownership and technology, and shall manage such risks appropriately. This includes understanding and being satisfied with the controls implemented by the issuers and their third-party service providers to manage ownership and technology risks of the tokenised capital market product before engaging in the regulated activity.
 
A CMSL holder or registered person intending to deal in, advise on or manage portfolios relating to tokenised capital market products, must conduct due diligence on the tokenised capital market product, its issuer and the third-party service providers involved in the tokenisation process of the product to ensure that that they are able to make an informed investment decision and to ensure that investors’ interests are protected.
 
A CMSL holder or registered person must make adequate disclosure of relevant material information relating to the tokenised capital market product and communicate such information in a clear and easily comprehensible manner to their clients, which, among others, shall include: 
  1. whether the off-chain or on-chain settlement of record is final and official, where applicable; 

  2. the limitations imposed on transfers of the tokenised capital market product (if any); 

  3. whether a smart contract audit has been conducted before the deployment of the smart contract (if any); 

  4. the key administrative controls and business continuity plans for DLT related events such as cyber security attacks; and 

  5. the custodial arrangement (if applicable). 
Dealings in tokenised capital market products
 
A CMSL holder and registered person for dealing in securities or fund management may only deal in tokenised capital market products offered on: 
  1. a stock market or derivatives market as set out under section 7 of the CMSA; or 

  2. trading platform or counterparty outside of Malaysia: 
  • that is registered with, or is regulated by one or more laws of a foreign country giving effect to the Financial Action Task Force recommendations relating to customer due diligence and recordkeeping; and 

  • has risk-based AML/CFT systems and controls that are supervised or monitored by a body empowered by law to supervise and enforce the customer due diligence and record-keeping obligations. 
Closing of consultation period
 
Comments on the Framework are to be submitted by email to the SC at aFINity@seccom.com.my by 16 June 2025.
 
 
Article by Lee Ai Hsian (Partner) of the Fintech Practice of Skrine,
 
 
1 Tokenised capital market products are to be distinguished from digital tokens and digital currencies (e.g. $BID, $FRAC, Bitcoin and Ethereum) which are prescribed as securities under the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 and are subject to a separate existing framework.
2 An existing RMO may facilitate the offering of tokenised capital market products on its platform, but only for tokenising the product for which the platform is registered for.

This article/alert contains general information only. It does not constitute legal advice nor an expression of legal opinion and should not be relied upon as such. For further information, kindly contact skrine@skrine.com.

  • Proud to be a member of
  • Lex_Mundi_3-line_Strap_White_RGB.png
  • connect with us
  •  
  •