COB 14.1.1 Guidance

1. To be fit for purpose, the technology design of the DLT application used by an Authorised Firm Operating a Facility for Investment Tokens should be able to address how the rights and obligations relating to the Investment Tokens traded on that facility are properly managed and are capable of being exercised or performed. For example, where a Security Token confers rights and obligations substantially similar to those conferred by a Share in a company, the DLT application would generally need to enable the management and exercise of the shareholder’s rights. This may, for example, include the right to receive notice of, and vote in, shareholder meetings, receive any declared dividends and participate in the assets of the company in a winding up.
2. To ensure the technology governance of any DLT application used by its facility is fit for purpose, an Authorised Firm should, as a minimum, have regard to the following:
a. careful maintenance and development of the relevant systems and architecture in terms of its code version control, implementation of updates, issue resolution, and regular internal and third party testing;
b. security measures and procedures for the safe storage and transmission of data in accordance with agreed protocols;
c. procedures to address changes in the protocol which result in the splitting of the underlying distributed ledger into two or more separate ledgers (often referred to as a ‘fork’). These procedures should be effective whether or not the new protocol is backwards compatible with the previous version (soft fork), or not (hard fork), and should address access to information where such a fork is created;
d. procedures to deal with system outages, whether planned or not;
e. decision-making protocols and accountability for decisions;
f. procedures for establishing and managing interfaces with providers of Digital Wallets; and
g. whether the protocols, smart contracts and other inbuilt features of the DLT application meet at least a minimum acceptable level of reliability and safety requirements, including to deal with a cyber or hacking attack, and determine how any resulting disruptions would be resolved.
3. Some parts of trading Investment Tokens, for example, order matching, may take place ‘off-chain’ (i.e. not using DLT). In those circumstances, the operator should still maintain adequate control over Persons who are undertaking those activities, as they are agents or delegates of the operator.


Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]