Skip to content.

A Global Review of the Regulatory Considerations Relating to Crypto-Asset Trading Platforms

In May 2019, the International Organization of Securities Commissions (IOSCO) published a consultation paper entitled Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms (the “Consultation Paper”) on the issues and regulatory considerations regarding crypto-asset trading platforms. The Consultation Paper follows a similar paper published by the Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC) in March 2019, covered in our earlier post.  IOSCO is the global international policy forum for securities regulators and is comprised of securities regulators from more than 115 jurisdictions, including Ontario, Quebec, British Columbia and Alberta. The purpose of the Consultation Paper is to identity the novel issues, risks and key considerations associated with crypto-asset trading platforms (“CTPs”). The Consultation Paper also provides frameworks to assist regulatory authorities when addressing the key issues and considerations. In preparing this report, IOSCO conducted a survey (the “Survey”) of various CTP operational models and the regulatory approaches currently applied or being considered in IOSCO member jurisdictions.


The Consultation Paper does not provide guidance to help determine if a crypto-asset is a security or whether it falls within a regulatory authority’s jurisdiction. When a regulatory authority determines that a crypto-asset is a security, the basic principles and objectives of securities regulation are meant to apply. The focus of the report is on the secondary market trading – as opposed to initial coin offerings – of crypto-assets on CTPs, assuming that the regulatory authority has the legal authority to regulate those assets.

What Are CTPs?

The Consultation Paper defines a crypto-asset trading platform as “a facility or system that brings together multiple buyers and sellers of crypto-assets for the purpose of completing transactions or trades.” CTPs perform a function comparable to traditional trading venues. Therefore, some of the issues and risks associated with trading on CTPs are similar to those with trading securities on regulated trading venues generally. Accordingly, most jurisdictions indicated that their existing regulatory frameworks may be applicable to CTPs and crypto-assets. However, the Consultation Paper notes that CTPs may perform many additional functions that are typically conducted by intermediaries, custodians, transfer agents and clearinghouses. The Survey indicated that only a small number of jurisdictions have proposed or introduced frameworks specific to crypto-assets and CTPs. However, the CSA Business Plan 2019-2022 published on June 13, 2019 mentions that the CSA is considering developing a regulatory regime for CTPs.

The Consultation Paper sets out the following seven key considerations for regulators to review when evaluating a CTP.

Key Consideration #1: How Access is Provided to CTPs

Typically, intermediaries that are approved participants of the trading venue access such venue on behalf of their clients. These intermediaries are responsible for the on-boarding process, which includes complying with suitability and know-your-client (KYC) requirements. The Survey revealed that most CTPs tend to provide non-intermediated and direct access to retail investors, meaning that the CTP is responsible for the on-boarding process. Most jurisdictions indicated that current on-boarding processes used by CTPs are limited compared to the requirements imposed on intermediaries that traditionally perform this function. This raises further concerns regarding anonymous trading of crypto-assets and investors accessing a CTP from prohibited jurisdictions, as the on-boarding process is crucial in preventing prohibited trading activity on CTPs and limiting participation to eligible investors. The Survey responses indicated that most jurisdictions believe it might be necessary to impose requirements typically applicable to intermediaries on CTPs, especially if the CTP allows for direct access to retail investors.

Recommended IOSCO Framework

A regulatory authority may want to consider an assessment of the access criteria and on-boarding process used by CTPs by:

  • Reviewing the CTP’s policies and procedures regarding access criteria and the on-boarding process to ensure KYC, anti-money laundering, anti-terrorism and product suitability requirements are met;
  • Allowing only intermediated access to CTPs; and
  • Considering whether CTPs should provide risk disclosure.

Key Consideration #2: Custody and Safeguarding of Participant Assets

Custody functions of participant assets are typically performed by parties other than trading venues, such as by intermediaries, custodians, transfer agents and clearing houses. The Survey revealed that many CTPs tend to provide the custody of participant assets by providing the service themselves. Some CTPs may outsource custody services to a third-party or allow participants to self-custody their crypto-assets in their own wallets using private keys.

Risks associated with a CTP providing custody services include:

  • Operational failure (e.g. a cyber-attack) and insufficient technology governance arrangements, causing assets to be lost or inaccessible;
  • Theft, loss or inaccessibility of private keys;
  • Assets of the CTP may be co-mingled with participant assets which may cause participant assets to not be fully protected in the event of a default;
  • The CTP may have inaccurate record-keeping; and
  • The CTP may not have sufficient financial assets to cover participants’ claims in the event of financial difficulties or assets being lost due to technological failures.

Recommended IOSCO Framework

A regulatory authority may want to assess the process used by a CTP to safeguard and maintain accurate records of participant assets by requiring the following:

  • Disclosure of participant ownership rights and claims;
  • Arrangements by the CTP to secure participant assets in the event of theft or loss;
  • Segregation of participant assets from the CTP and/or other participant assets;
  • Accurate and reliable records of participant assets and positions;
  • An audit trail of the movement of crypto assets between the participant, the CTP, and any third parties.
  • Determining who has access to the private keys for all CTP wallets and whether there are any backup arrangements to prevent a single point of access;
  • If the CTP uses a third party for its custody services, ensuring the adequacy of measures taken by the CTP relating to the security of the assets held by the third party;
  • Financial arrangements to compensate investors in the event of a loss of assets (e.g. insurance policies, compensation funds); and
  • Capital requirements on CTPs to protect against bankruptcy or insolvency, especially if the CTP is performing intermediary functions such as custody of assets.

Key Consideration #3: Conflicts Of Interest

The full-service function provided by CTPs may result in additional conflicts unique to CTPs over and above those applicable to traditional trading venues, such as:

  • Trading on the CTP by the CTP itself can result in conflicts related to information asymmetry, market abuse and unfair pricing to participants.
  • CTPs may provide advisory services resulting in potential conflicts when the CTP has a direct or indirect interest in a crypto-asset traded on the CTP.
  • Conflicts can arise when the system design of a CTP gives preferential treatment to a subset of participants or to the operators of the CTP.

Recommended IOSCO Framework

A regulatory authority may want to assess any potential conflicts of interest in a CTP by considering the following:

  • An evaluation of any policies and procedures established by the CTP to manage conflicts of interest;
  • Procedures regarding access to confidential information about participants on the CTP;
  • If a CTP allows its employees, operators or directors to engage in trading on the platform, a review of their trading activities and financial interest in the crypto-assets;
  • Transparency of policies and procedures that address fair pricing and execution of trades with participants; and
  • Disclosure of whether an issuer of a crypto-asset is a participant on the CTP.

Key Consideration #4: Information Regarding a CTP’s Operations

Because many CTPs provide direct and non-intermediated access to retail investors, the transparency of a CTPs’ operations is important to facilitate fair trading and investor protection. Crypto-assets depend on cryptography and distributed ledger technologies (DLT). A DLT may limit the ability to cancel or modify trades once they are verified on the distributed ledger. Accordingly, a key consideration is how a CTP would handle trade errors, cancellations and modifications if it uses a DLT. Lack of sufficient understanding by a CTP of its underlying technology may cause exploitation of vulnerabilities in the system, resulting in risks associated with hacking and alteration of transaction records. Furthermore, a crypto-asset provided by a CTP that is less traceable may be used to facilitate criminal activities. The Survey indicated that some jurisdictions suggested that CTPs should publish information regarding their operations online.

Recommended IOSCO Framework

A regulatory authority may want to assess the transparency of CTP operations by reviewing the following:

  • The underlying technology of the CTP, any hacking vulnerabilities, the traceability of the crypto-assets, and the issuers behind the crypto-assets;
  • Deposit and withdrawal procedures, volatility control mechanisms, custodial arrangements, dispute resolution mechanisms;
  • Order types, fees charged by the CTP, price discovery and transparency of orders and trades on the CTP; and
  • Procedures relating to trade errors, cancellations and modifications, including the treatment of assets where the distributed ledger makes an irreversible change.

Key Consideration #5: Rules Governing Market Integrity

The transfer of beneficial ownership of assets on CTPs differs from that on trading venues. As well, crypto-assets undergo high price volatility and can be traded on a 24/7 basis. These factors create unique challenges to effectively monitor trading on CTPs in order to detect and prevent fraud or market manipulation.

Recommended IOSCO Framework

A regulatory authority may want to assess market integrity issues regarding CTPs by reviewing the following:

  • Applicability of traditional market integrity rules to crypto-asset trading; and
  • The availability of updated information that may impact a crypto-asset and its value or the technology underlying the asset.

Key Consideration #6: Price Discovery

The Survey indicated that the primary risk with price discovery on CTPs is insufficient pre- and post-trade transparency. The Consultation Paper acknowledges that due to the early stage development of the crypto-asset market, the appropriate level of transparency and price discovery may be difficult to determine, but is an important issue to monitor.

Recommended IOSCO Framework

A regulatory authority may want to assess price discovery issues regarding CTPs by reviewing:

  • Whether any pre- or post-trade information is made available to participants or the public;
  • The market microstructure of the CTP (continuous action, call market, reference price model); and
  • The liquidity and characteristics of the crypto-assets.

Key Consideration #7: Technology

Since CTPs provide custody services and hold participant assets and funds, the technological infrastructure and process for safeguarding the assets is an important consideration. As CTPs use novel technology, hold participant assets and store personal information of retail investors through the on-boarding process, measures to protect against cyber-attacks are even more important than with traditional trading venues.

Recommended IOSCO Framework

A regulatory authority may want to review whether the CTP has:

  • Business continuity recovery plans and incident response policies to ensure uninterrupted services;
  • Measures to assess, control and protect against cyber risks;
  • Quality assurance and performance monitoring procedures of any parts of the CTP system that have been outsourced and developed by third-parties; and
  • Independent system reviews to ensure technology standards are being met.


The trading of crypto-assets can span geographical borders resulting in issues where a CTP provides access to participants in a jurisdiction in which the trading is not permitted or unregulated. The Consultation Paper notes that this risk of regulatory arbitrage demonstrates the importance of global cooperation and effective information sharing among regulatory authorities.

The public is encouraged to make comments on the various issues, risks, key considerations and frameworks proposed by IOSCO in this Consultation Paper. Comment letters must be submitted by July 29, 2019. Details regarding how to submit comments can be found on here.

For more information about our firm’s Fintech expertise, please see our Fintech groups page.

crypto-asset trading platforms Fintech



Stay Connected

Get the latest posts from this blog

Please enter a valid email address