COB 14.1.1

Without limiting the generality of the technology resources requirements in COB section 9.5, an Authorised Firm Operating a Facility for Investment Tokens must:

(a) ensure that any DLT application used by the facility operates on the basis of ‘permissioned’ access, so that it allows the operator to have and maintain adequate control over the Persons who are permitted to access and update records held on that DLT application;
(b) establish and maintain adequate measures to ensure that the DLT application used by the facility, and the associated rules and protocols, contain:
(i) clear criteria governing Persons who are permitted to access and update records for the purposes of trading or clearing Investment Tokens on the facility, including criteria about the integrity, credentials and competencies appropriate to the roles played by such persons;
(ii) measures to address risks, including to network security and network compatibility, that may arise through systems used by Persons permitted to update the records on the DLT application; and
(iii) processes to ensure that the Authorised Firm undertakes sufficient due diligence and adequate monitoring of ongoing compliance, relating to the matters referred to in (i) and (ii);
(3) ensure any DLT application used by its facility is fit for purpose; and
(4) have regard to industry best practices in developing its technology design and technology governance relating to DLT that is used by the facility.


Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]