Neo Hwee Yong discusses the Malaysian framework for digital asset exchanges.

In January 2019, Malaysia took two leaps forward in the digital currency space. First, by recognising digital assets as securities under the Capital Markets and Services (Prescription of Securities)(Digital Currency and Digital Token) Order 2019 (“Prescription Order”) that came into effect on 15 January 2019.
 
Second, the Securities Commission Malaysia (“SC”) issued the revised Guidelines on Recognised Markets (“Guidelines”) on 31 January 2019 to introduce provisions to facilitate the registration of operators of digital asset exchanges in Malaysia. By doing so, an operator of a digital asset exchange is to be registered as a Recognised Market Operator (“RMO”) under section 34 of the Capital Markets and Services Act 2007 (“CMSA”) and the Guidelines.
 
The Guidelines set out the registration and on-going requirements that apply to a person who applies to be and is registered as an RMO.
 
This article will first briefly discuss the requirements for the registration of an operator of a digital asset exchange and delve in greater detail on the ongoing requirements that apply to such an operator and a digital asset exchange under the Guidelines.
 
THE REQUIREMENT TO REGISTER
 
A person or entity that operates a digital asset exchange must be registered as an RMO under section 34 of the CMSA and the Guidelines. A digital asset exchange operator (“DAX Operator”) is an RMO who operates an electronic platform which facilitates the trading of a digital asset (“DAX Exchange”). A digital asset refers collectively to a digital currency or digital token, each as defined in the Prescription Order (collectively “Digital Asset”).
 
CRITERIA FOR REGISTRATION
 
An applicant to be a DAX Operator must be incorporated in Malaysia and have a minimum paid-up capital of RM5 million. The applicant must, among other criteria, satisfy the SC that: (i) it is able to operate an orderly, fair and transparent market in relation to the securities or derivatives that are traded through its platform; (ii) it and its directors, chief executive, controller and certain senior management staff are fit and proper persons taking into account the factors set out in paragraph 3.01(f) of the Guidelines; and (iii) its business model has a clear or unique value proposition or will contribute to the overall development of the Malaysian capital market.
 
The applicant must also satisfy the SC that the rules of the market it seeks to operate make satisfactory provision to: (i) protect investors and public interest; (ii) promote fairness and transparency; (iii) manage conflicts of interest; (iv) promote fair treatment of its users; (v) ensure proper regulation and supervision of its users or any person using and accessing its platform (including taking appropriate action against a person who breaches its rules). The applicant must have appropriate security arrangements, including maintaining a secured environment pursuant to the Guidelines on Management of Cyber Risk and other relevant guidelines.
 
The SC may impose terms and conditions in its approval for the registration of a DAX Operator, and may, at any time vary, add to or remove any term and condition. It may also issue directions to the DAX Operator, its board, controller or any other person with regard to the matters set out in paragraphs 5.02 (e.g. conduct of business or operations, fees payable, record keeping etc.) and 5.03 (removal of director or chief executive) of the Guidelines.
 
ONGOING OBLIGATIONS
 
Obligations of a DAX Operator
 
A DAX Operator must, among others: (i) monitor and ensure compliance with its rules; (ii) ensure fair treatment of its users; (iii) obtain and retain self-declared risk acknowledgment forms from its users before they invest in the DAX Exchange; (iv) ensure that all fees and charges payable are fair, reasonable and transparent; (v) refrain from engaging in any deceitful, oppressive or improper practices or practices that discredit its method of conducting business; and (vi) have appropriate processes to monitor anti-money laundering and terrorism financing requirements.
 
In relation to its DAX Exchange, a DAX Operator must: (i) ensure that its DAX Exchange is operating in an orderly, fair and transparent manner; (ii) have in place rules and procedures for the trading, clearing and settlement of Digital Assets traded on its DAX Exchange; and (iii) conduct real-time market surveillance.
 
Obligations of the Board
 
The Guidelines also impose specific obligations on the board of a DAX Operator. The board must, among others: (i) ensure that the DAX Operator complies with all relevant requirements under the Guidelines and any direction issued or term or condition imposed by the SC; (ii) identify and manage risks associated with the business and operations of the DAX Operator, including having a business continuity plan; (iii) establish and maintain policies and procedures to (a) manage actual and potential conflicts of interest; and (b) monitor trading and other market activity to detect non-compliance with securities laws or the rules of the DAX Exchange.
 
The board must also immediately notify the SC: (i) of any irregularity or breach of any provision of the securities laws, the Guidelines or the rules of the DAX Exchange or suspected violation by its participants of money laundering and terrorism financing laws or guidelines; or (ii) if it becomes aware of any matter which adversely affects or is likely to adversely affect the ability of the DAX Operator to meet its obligations or to carry out its functions under the Guidelines.
 
Rules of the DAX Operator
 
A DAX Operator must submit to the SC, any proposed rules or any proposed amendments to existing rules. The SC may at any time, direct a DAX Operator to vary or amend any rule submitted.
 
Requirements Relating to Directors
 
A DAX Operator must notify the SC in writing of any appointment or reappointment of a director, within the time specified by the SC or prior to any public announcement on the appointment or reappointment of a director, whichever is earlier. It must also ensure that any member of its board vacates his office immediately if such member becomes subject to any disqualification or becomes otherwise unfit to hold office and immediately notify the SC of the disqualification and when the position is vacated. A DAX Operator which is a public company must have at least one independent director.
 
Responsible person
 
A DAX Operator must have at least one responsible person who must be a chief executive or a person who is primarily responsible for the operations and financial management of the DAX Operator. The responsible person is to be the main contact for liaising with the SC and to perform any duty as may be directed by the SC.
 
Reporting Requirements
 
A DAX Operator must submit to the SC: (i) an annual compliance report to demonstrate its compliance with any conditions imposed by the SC pursuant to the registration of the DAX Operator and the CMSA; and (ii) its latest audited financial statements within three months after the close of each financial year or such period as the SC may allow.
 
Managing Conflicts of Interest
 
The DAX Operator’s framework relating to conflict of interest must, among others, include policies and procedures relating to: (i) proprietary trading by the DAX Operator on its DAX Exchange; (ii) trading in Digital Assets by its officers and employees on its DAX Exchange or other platforms; (iii) the management of non-public material information; and (iv) the offering of any Digital Assets to be traded on its DAX Exchange.
 
Risk Management
 
A DAX Operator should identify the possible sources of operational risk and mitigate their impact through the use of appropriate systems, policies, procedures and controls. The Guidelines also require the systems to have a high degree of security, operational reliability and adequate capacity. 
 
A DAX Operator’s business continuity plan must: (i) address events that pose a significant risk of disruption to its operations; (ii) incorporate the use of a secondary site and be designed to ensure that critical information systems can resume operations within reasonable recovery time objectives following the occurrence of a disruptive event.
 
Trading of Digital Assets
 
All Digital Assets, including digital tokens, must be approved for trading by the SC before they can be traded on a DAX Exchange. The information to be provided to the SC is set out in paragraph 15.16 of the Guidelines.
 
Internal Audit
 
A DAX Operator is required to establish an internal audit framework that commensurate with its business and operations.
 
Market Integrity Provisions
 
To ensure the integrity of the operations of a DAX Exchange, a DAX Operator must comply with the requirements specified in the Guidelines in relation to its trading operations, market transparency and the protection of client’s assets.
 
Outsourcing
 
While outsourcing is permitted, the board of a DAX Operator remains accountable for all outsourced obligations. The board is required to establish effective policies and procedures for its outsourcing arrangements, including having a framework to monitor service delivery and performance reliability of the service provider.
 
A DAX Operator must ensure that the service provider has adequate policies and procedures to monitor the conduct of any appointed sub-contractor, including performing an assessment on a service provider periodically. The DAX Operator must notify the SC of any adverse development arising in relation to any outsourced function that could significantly affect the DAX Operator within two weeks from the occurrence of the event.
 
A DAX Operator is also required to procure a letter from a service provider or sub-contractor undertaking to give the SC access to all information, records and documents relating to material outsourced arrangements.
 
Prohibition of Financial Assistance
 
The Guidelines prohibit a DAX Operator from providing direct or indirect financial assistance to investors, including its officers and employees, for investing or trading in Digital Assets on its DAX Exchange.
 
OTHER MATTERS
 
Transaction Fee or Levy
 
The SC may impose a fee or levy on each transaction conducted on a DAX Exchange.
 
Cessation of business or operations
 
A DAX Operator shall not cease the business or operations of its DAX Exchange without prior engagement with the SC. The SC may issue a direction or impose any term and condition for the purpose of ensuring the orderly cessation of the business or operations of the DAX Exchange.
 
Withdrawal of Registration
 
The SC may withdraw the registration of a DAX Operator. A DAX Operator may also, by notice in writing, request the SC to withdraw its registration.
 
COMMENTS
 
DAX Exchanges are the third electronic trading initiative launched by the SC, after equity crowdfunding and peer-to-peer financing. The launch of the DAX Exchange framework has been much anticipated by operators and prospective operators of digital asset exchanges. The framework provides much needed clarity in the digital currency and digital asset exchange space, and the registration requirement is in line with other jurisdictions such as the United Kingdom, Switzerland, Luxembourg, Gibraltar and South Korea.
 
Whilst the framework is a welcomed approach intended to promote innovation, there continues to be reservations against the use of digital currency or cryptocurrency as a form of currency in transactions. Following on from the Central Bank of Malaysia’s official statement that Bitcoin is not legal tender in Malaysia, the Guidelines prohibit the use of digital currencies to invest or trade in Digital Assets, and only allow such investment or trading using Ringgit Malaysia or any foreign currency which is recognized as legal tender. This effectively prohibits “trading pairs” or “crypto-to-crypto pairs” (the trading of one type of cryptocurrency for another) on DAX Exchanges in Malaysia.
 
Another initiative that is eagerly anticipated by issuers of Digital Assets are the Guidelines on Initial Coin Offerings (“ICO”) which will be released before the end of March 2019. The SC proposes to leverage on the framework adopted for equity crowdfunding and peer-to-peer financing, and to require the ICO issuer to approach a third party (i.e. an RMO or SC recognized entity) to agree to “host” the ICO and assess its Whitepaper.