COB 14.3.3

(1) A Digital Wallet Service Provider must ensure that:
(a) any DLT application it uses in Providing Custody of Investment Tokens is resilient, reliable and compatible with any relevant facility on which the Investment Tokens are traded or cleared;
(b) it is able to clearly identify and segregate Investment Tokens belonging to different Clients; and
(c) it has in place appropriate procedures to enable it to confirm Client instructions and transactions, maintain appropriate records and data relating to those instructions and transactions and to conduct a reconciliation of those transactions at appropriate intervals.
(2) A Digital Wallet Service Provider must ensure that, in developing and using DLT applications and other technology to Provide Custody of Investment Tokens:
(a) the architecture of any Digital Wallet used adequately addresses compatibility issues and associated risks;
(b) the technology used and its associated procedures have adequate security measures (including cyber security) to enable the safe storage and transmission of data relating to the Investment Tokens;
(c) the security and integrity of cryptographic keys are maintained through the use of that technology, taking into account the password protection and methods of encryption used;
(d) there are adequate measures to address any risks specific to the methods of usage and storage of cryptographic keys (or their equivalent) available under the DLT application used; and
(e) the technology is compatible with the procedures and protocols built into the Operating Rules, or equivalent procedures and protocols on any facility on which the Investment Tokens are traded or cleared or both traded and cleared.


Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]