EY Digital Assets Custody – End of Year 2023 Webinar – 13 December 2023
Firstly, credit due to EY for kindly hosting this very informative and insightful webinar to close out 2023. Ruby Bhavra from the FCA’s CASS & Resolution Policy and Strategy provided a regulator’s perspective on the digital asset landscape. I summarised key messages from her presentation as follows:
Context from the regulator
Recent firm failures around the world, such as FTX have shown how the lack of a clear regulatory framework could result in uncertainty that could cause harm to clients through delays in the return of assets, extra costs or, worst of all, loss of their assets. Without proportionate regulatory standards, digital assets may not be safeguarded adequately, which may lead to losses should the custodian become insolvent. Insolvency may also impact the confidence in the overall regulatory regime.
What direction is the FCA heading on regulating digital assets custody in the UK?
The UK government has announced plans to legislate for a future financial services regime for crypto assets (read my blog here). The UK is taking a phased approach, focusing initially on fiat-backed stablecoins followed by a wider crypto-asset regime.
Last month, the FCA published a discussion paper, DP23/4 (consultation closes on 6 February 2024), inviting views on the FCA’s thinking on how to design a regulatory regime for regulated stablecoins. Chapter 5 of DP23/4 contains the FCA’s approach to setting the standards that should apply to custody of crypto assets or the means of accessing them, such as private keys. The thinking here is relevant to both regulated stablecoins and digital assets that are already regulated, such as security tokens. And subject to feedback, the FCA will likely apply a similar approach to custody of other digital assets that come into future regulation.
As part of the FCA’s thinking, they also considered other relevant publications such as the IOSCO’s Crypto and Digital Assets Policy Recommendations, and the Law Commission’s final report on digital assets.
Four design principles for regulating custody of digital assets:
The FCA believes any future regime should be underpinned by four design principles.
1) Recognize that many of the risks and issues involved are not new and applies to existing assets and markets, for example, the need to protect ownership rights.
2) Outcomes-based with a clear and sufficient detailed guidance for legal clarity, for instance, as to what happens on insolvency.
3) Be technology agnostic and do not endorse any particular technology.
4) Aims to achieve a balance between allowing innovation while protecting consumers and market integrity.
The FCA’s future regime aims to mitigate the risks and harms that were observed in the digital assets market over the last few years and give a clear regulatory framework for custodians who want to provide services in the UK.
How does CASS fit into this?
The FCA’s overarching objective is to ensure adequate protection of clients’ digital assets while a firm is responsible for them and enable assets to be returned as quickly and as whole as possible if the firm enters an insolvency process.
As set out in DP23/4, the FCA is considering using existing custody provisions in CASS as a basis to design bespoke custody requirements for digital assets. Specifically, the FCA propose to apply four core components of the existing CASS regime:
1) Adequate arrangements to protect client’s rights to their digital assets. The key take-away here is segregation. This helps to ensure client assets are always adequately segregated and in the event of insolvency protected from other creditors claims to the failed custodians estate. The FCA is proposing custodians to segregate clients’ digital assets from their own through recording of ownership and wallet labelling.
2) Adequate organizational arrangements to minimize risk of loss or diminution of clients’ custody assets. This is about how a firm organizes its operations, systems and controls. It is particularly pertinent given the heightened risk of cyber attacks and hacks in the digital assets market, as illustrated in past events such as the 2014 hack of Mt.Gox.
3) Accurate books and records. This is essential for ensuring a custodian always holds the correct amount of custody assets for a client, helping to reduce opportunities for fraud and loss of assets, as well as facilitating the prompt return of assets if the firm fails. Reconciliations are a key part of this by enabling prompt identification and resolution of shortfalls and excesses. The FCA recognize that there may be differences and potential benefits of the DLT compared to traditional methods of record keeping, and is exploring the use of on and off-chain records as part of this.
4) The final core component is around adequate controls and governance, including auditing and reporting requirements that enable the FCA to supervise custodians effectively.
The potential for unforeseen risk in a previously largely unregulated market will be a key consideration of the FCA’s supervisory approach to digital assets custody. In summary, the FCA believes these core components will provide an effective approach towards protecting clients digital assets while aligning them with the principle of same risk, same regulatory outcome. The FCA believes the existing CASS provisions, if properly implemented, can give appropriate levels of protection and confidence to investors. The FCA will consider adjusting some elements of CASS to incorporate the unique characteristics of and risk associated with digital assets custody.
Next steps and other regulatory initiatives
The FCA will consider feedback to DP23/4 and consult on any proposals if the FCA propose to adopt them as part of its final rules. Alongside DP23/4, the FCA plans to engage with a wide range of stakeholders in forums and roundtables as well as individual meetings. As the FCA develops specific policy proposals, it may also convene groups or run policy sprints to help consider potential options and understand the consequences of different approaches.
The FCA is also actively engaged in related regulatory initiatives such as tokenization, Project Guardian (MAS) and the Digital Security Sandbox. Digital assets custody will be relevant to these initiatives where custody arises.
Final takeaways on the regulatory journey in the UK
Firstly, the importance of proportionate regulatory standards. Lessons in traditional finance have taught how harmful it can be to consumers and markets when custody assets are not adequately safeguarded. The FCA is therefore working on developing a proportionate custody regulatory framework for digital assets which supports innovation while also protecting consumers and markets.
Secondly, risks of harm for traditional finance and digital asset custody are similar. Custody is custody and therefore the FCA’s proposed approach is to use the fundamentals of the existing custody rules in CASS and is adjusted as appropriate when designing tailored custody protections for regulated digital asset.
And finally, the FCA is keen to continue engaging with the industry as they continue this journey to help establish a fit for purpose custody regulatory framework for digital assets.
-End of FCA’s presentation-