Entire Section

  • COB 14.3 COB 14.3 Requirements for Providing Custody of Investment Tokens

    • Interpretation

      • COB 14.3.1

        In this section:

        (a) “Digital Wallet Service Provider” means an Authorised Firm Providing Custody of Investment Tokens by holding and controlling the public and private cryptographic keys relating to the Investment Tokens;
        (b) “Third Party Digital Wallet Service Provider” means:
        (i) a Digital Wallet Service Provider other than an ATS Operator Providing Custody of Investment Tokens traded on its facility; or
        (ii) a Person in another jurisdiction Providing Custody of Investment Tokens by holding and controlling the public and private cryptographic keys relating to the Investment Tokens, who is authorised and supervised for that activity by a Financial Services Regulator; and
        (c) “Self-Custody of Investment Tokens” means the holding and controlling of Investment Tokens by their owner, through the owner holding and controlling the public and private cryptographic keys relating to the Investment Tokens.

         

        Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

    • Application

      • COB 14.3.2 COB 14.3.2

        This section applies to an Authorised Firm that is a Digital Wallet Service Provider.

         

        Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

        • COB 14.3.2 Guidance

          1. An Investment Token is an Investment, as defined in GEN Rule A2.1.1. The Financial Service of Providing Custody, as defined in GEN Rule 2.13.1, therefore includes Providing Custody of an Investment Token, and a Person carrying on that Financial Service will require a Licence to do so.
          2. An Authorised Firm which is Providing Custody of Investment Tokens is, in addition to the requirements in this section, subject to other relevant requirements that apply to a firm Providing Custody of Investments. Other requirements include the Client Asset requirements in section COB section 6.11, the Client Investment requirements in COB section 6.13 and the Safe Custody Provisions in COB App 6.
          3. The Rules in this section will not apply to a Person providing a Digital Wallet to a Person who uses it for Self Custody of Investment Tokens, as the Security Tokens in that Digital Wallet are then held and controlled by that Person at their own risk.
          4. Private and public keys, which correspond to an electronic address, provide the mechanism to own and control Investment Tokens, (and other crypto assets). A private key is generated first, with the public key derived from the private key using a known one-way algorithm which varies across protocols. The corresponding electronic address, which is used to send and receive crypto assets, is a cryptographic hash (i.e. a shorter representation created through a processing algorithm) of the public key (which is a longer string of characters). It is the private key that grants the user the right to dispose of the crypto asset at a given address. Losing the private key often results in the loss of ability to transfer the crypto asset.

           

          Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

    • Requirements

      • COB 14.3.3 COB 14.3.3

        (1) A Digital Wallet Service Provider must ensure that:
        (a) any DLT application it uses in Providing Custody of Investment Tokens is resilient, reliable and compatible with any relevant facility on which the Investment Tokens are traded or cleared;
        (b) it is able to clearly identify and segregate Investment Tokens belonging to different Clients; and
        (c) it has in place appropriate procedures to enable it to confirm Client instructions and transactions, maintain appropriate records and data relating to those instructions and transactions and to conduct a reconciliation of those transactions at appropriate intervals.
        (2) A Digital Wallet Service Provider must ensure that, in developing and using DLT applications and other technology to Provide Custody of Investment Tokens:
        (a) the architecture of any Digital Wallet used adequately addresses compatibility issues and associated risks;
        (b) the technology used and its associated procedures have adequate security measures (including cyber security) to enable the safe storage and transmission of data relating to the Investment Tokens;
        (c) the security and integrity of cryptographic keys are maintained through the use of that technology, taking into account the password protection and methods of encryption used;
        (d) there are adequate measures to address any risks specific to the methods of usage and storage of cryptographic keys (or their equivalent) available under the DLT application used; and
        (e) the technology is compatible with the procedures and protocols built into the Operating Rules, or equivalent procedures and protocols on any facility on which the Investment Tokens are traded or cleared or both traded and cleared.

         

        Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

        • COB 14.3.3 Guidance

          Where an Authorised Firm that is a Digital Wallet Service Provider delegates any function to a Third Party Digital Wallet Service Provider, it must ensure that the delegate fully complies with the requirements of COB Rule 14.3.3. The outsourcing and delegation requirements of GEN Rule 5.3.21 and 5.3.22 will also apply to the Authorised Firm in those circumstances.

           

          Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

      • COB 14.3.4 COB 14.3.4

        An ATS Operator that appoints a Third Party Digital Wallet Service Provider to Provide Custody of Investment Tokens traded on its facility, must ensure that the person is either:

        (a) an Authorised Firm appropriately authorised to be a Digital Wallet Service Provider; or
        (b) an entity that is regulated by a Financial Services Regulator to an equivalent level of regulation to that provided for under the DFSA regime for Providing Digital Wallet Services.

         

        Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

        • COB 14.3.4 Guidance

          Where an ATS Operator appoints a non-DIFC firm regulated by a Financial Services Regulator, it must undertake sufficient due diligence to establish that the non-DIFC firm is subject to an equivalent level of regulation as under the DFSA regime in respect of that service.

           

          Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]

      • COB 14.3.5

        A Digital Wallet Service Provider must ensure that the report required under COB Rule 14.5.1 includes confirmation as to whether it has complied with the requirements in COB Rule 14.3.3.

         

        Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]