(1) This Rule applies to an Authorised Firm that:
(a) is Operating a Facility for Investment Tokens;
(b) holds or controls Client Investments that include Investment Tokens;
(c) relies on DLT or similar technology to carry on one or more of the Financial Services specified in COB Rule 14.4.1
relating to Investment Tokens; or
(d) is Managing a Collective Investment Fund where:
(i) Units of the Fund are Security Tokens; or
(ii) 10% or more of the gross asset value of the Fund Property of the Fund consists of Investment Tokens.
(2) The Authorised Firm must:
(a) appoint a suitably qualified independent third party professional to:
(i) carry out an annual audit of the Authorised Firm’s compliance with the technology resources and governance requirements that apply to it, including those specified in this chapter; and
(ii) produce a written report which sets out the methodology and results of that annual audit, confirms whether the requirements referred to in (i) have been met and lists any recommendations or areas of concern;
(b) submit to the DFSA a copy of the report referred to in (a)(ii) within 4 months of the Authorised Firm’s financial year end; and
(c) be able to satisfy the DFSA that the independent third party professional appointed to carry out the annual audit has the relevant expertise to do so, and that the Authorised Firm has done proper due diligence to satisfy itself of that fact.