Introduction – New Laws
Malaysia’s Securities Commission (SC) has passed regulations for the issuance of ICOs and trading of digital assets at digital asset exchanges.
On 15 January 2019 the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 came into force.
In a recent interview, Finance Minister Lim Guan Eng said the offering of such instruments, and associated activities, requires authorisation from the SC, and needs to comply with securities law and regulations.
Chin Wei Min, SC’s Executive Director of Innovation, Digital and Strategy, was quoted in the same interview:
“Through the evolution of time, [digital assets] can take on many forms. It can start off as just a fundraising method, but later on the issuer can use it differently. Then, it can take on different meanings, and that’s why it’s activity-based. If it starts performing different activities, then it gets caught under different regulations.”
Malaysia’s SC’s takes an activity-based view, unlike the SEC in the USA. In Malaysia, a token that is traded is a security. A token used as a payment is not a security, and would be regulated by Bank Negara (BNM) instead.
Comparison with USA
In the USA, the SEC’s stand is that Bitcoin and Ethereum are not securities. The SEC regards many, but not all, ICOs as securities, coming under its regulatory control and the securities laws of USA.
In an interview with CNBC, SEC Chairman Jay Clayton clarified that Bitcoin is not a security. “Cryptocurrencies are replacements for sovereign currencies…[they] replace the yen, the dollar, the euro with bitcoin. That type of currency is not a security,” he said.
Objectives of the SC Guidelines
On the 17 January 2019, the SC press release stating that for existing exchange operators are now in transition period until 1st March 2019 where if they intend to continue to operate a market within Malaysia, will need to submit application to the SC. If the existing operators decide to exit the market, they will have until 15 March to cease operations.
It is obvious that the SC is giving the existing operators a reasonable amount of timeframe to consider that if these existing operators intend to operate exchange in Malaysia, they need to have the control measures in place to manage or mitigate the investment risk, custody risk, operational risk and governance risk through appropriate regulations.
SC’s guidelines establish the criteria for:
determining fit and properness of issuers and exchange operators,
disclosure standards and best practices in price discovery,
trading rules and
client asset protection.
Those dealing in digital assets need to put in place measures to ensure anti-money laundering and counter-terrorism financing (AML / CFT) compliance, cyber security and business continuity.
Bank Negara Malaysia (BNM), Malaysia’s central bank, previously stated that digital currencies and digital tokens (“digital assets”) are not legal tender in Malaysia. BNM advised the public to carefully evaluate the risks associated with dealings in digital assets.
BNM’s policies regarding digital assets require that effective measures are in place against money laundering and terrorism financing risks, and aim to increase the transparency of digital currency activities in Malaysia.
There are now laws related to payments and currencies that apply to ICO issuers and digital asset exchanges involved in issuance or dealing of digital assets with payment functions.
SC and BNM are expected to coordinate to ensure compliance with the regulatory framework on digital assets.
The new regulations from SC aim to bring digital assets within the remit of securities laws to promote fair and orderly trading and protect investors. Effective and robust AML/CFT control measures will mitigate risks that reporting institutions may be used as conduits for illegal activities.
Stock Market / Derivatives
On 1 February 2019, the SC issued a 43 page guideline to regulate offering and trading of digital assets.
Under the guidelines, a stock market or derivatives market is deemed to be operated, provided or maintained in Malaysia where the component parts of the stock market or derivatives market, taken together are physically located in Malaysia.
This applies even if any component parts are located outside Malaysia.
Stock markets or derivatives markets located outside Malaysia will be considered as actively targeting Malaysian investors if the operator, or the operator’s representative, promotes that market in Malaysia.
SC will regulate advertising the stock market or derivatives market, in any publication in Malaysia; or even sending direct mail or e-mail to Malaysian addresses which market or promote the stock market or derivatives market.
The regulator will assess all facts and circumstances when taking into account the protection of Malaysian investors and the integrity of Malaysian capital markets in fund raising activities targeted at Malaysian investors.
The existing digital asset platform operators are required to apply for the SC for authorisation if they intend to operate beyond the transitional period before 1 March 2019. The SC may register an applicant as a Recognized Market Operator ( RMO), if the applicant satisfies its criteria for registration.
SC specifically lay down the “fit and proper” criteria for the key responsible person Only suitably qualified individuals having the relevant experience and track record in managing a market can be appointed as “key responsible person”.
The applicant’s director, chief executive, controller must not been convicted, whether within or outside Malaysia, of any offence involving fraud or dishonesty or violence or the conviction of which involved a finding that he acted fraudulently or dishonestly; or been convicted of an offence under the securities laws or any law within or outside Malaysia relating to capital market.
The regulator also spelled out the terms and conditions explicitly and directions in registering a RMO. The SC may direct the RMO to remove the director or chief executive within such period as may be specified in such direction. The SC may conduct periodic assessment of a RMO’s compliance with any or all of its regulatory obligations and request documents or other assistance as required.
With regards with the internal policy if the RMO obligations, SC required the RMO to monitor and ensure compliance of its rules; ensure fair treatment of its users and provide fair and accurate disclosures. The RMO is expected to obtain and retain self-declared risk acknowledgement forms from its users prior to them investing in a recognized market and to provide prior disclosure to investors that any loss resulting from the investors trading or investment through the recognized market is not covered by the Capital Market Compensation Fund.
SC also emphasised that the RMO have in place processes to monitor anti-money laundering and terrorism financing requirements, including having adequate investor on-boarding arrangements and processes; and disclose and display prominently on its platform, any relevant information relating to the recognized market. The Chief Compliance Officer with the RMO should reflect all the KYC and AMLA mitigation steps in the compliance policy and ongoing monitoring steps and effective escalation channels. (6.01)
RMO is required to monitor trading and other market activity to detect non-compliance with the securities laws or its rules and ensure compliance with all relevant laws, regulations and guidelines including Personal Data Protection Act 2010. Any irregularity or breach of any provision of the securities laws, these Guidelines or its rules, including any alleged or suspected violations of any law or guidelines in relation to money laundering and terrorism financing by its participants, RMO’s top management needs to inform the SC (6.02)
RMO’s board remains accountable for all outsourced functions. The RMO’s board must establish effective policies and procedures for its outsourcing arrangement including a monitoring framework to monitor the service delivery and performance reliability of the service provider and perform an assessment on a service provider on a periodic basis, as part of its monitoring mechanism under paragraph 6.05 and submit a report of the assessment to its board of directors and senior management.
The guidelines on recognised market articulated the Eligibility and financial requirements for registration of a Digital Asset Exchange Operator (DAX) that all DAX operators must be locally incorporated and have a minimum paid-up capital of RM5 million. (15.03) This is a reasonable requirement for DAX operators who wish to obtain the registration of a Digital Asset Exchange Operator.
No DAX Operator shall facilitate the trading of any Digital Asset unless the SC has approved the trading of the said Digital Asset. (15.15) The nature of the project, the profile of its founders and management team if the Digital Asset “ICO” must submit application to the SC to be approved by the SC (15.16 A)
SC affirms the security of the underlying distributed ledger, the number of nodes, any history of hacks and other form of attacks; and any known security vulnerabilities. (5.16 f). The regulator required the DAX Operator must only allow investors to invest or trade in Digital Assets hosted on its platform using Ringgit Malaysia or any foreign currency which is recognised as legal tender, subject to Bank Negara Malaysia’s requirements relating to international and domestic transactions.
Under the Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) – Digital Currencies (Sector 6), Since BNM had reiterated that digital currencies are not recognised as legal tender in Malaysia, members of the public are therefore advised to undertake the necessary due diligence and assessment of risks involved in dealing in digital currencies or with entities providing services associated with digital currencies. (1.6) The dealings in digital currencies are not covered by prudential and market conduct requirements applicable to licensed and authorised activities, or by established avenues for redress in the event of complaints or losses and damages incurred by parties dealing in digital currencies.
DAX Operator must establish systems and controls for maintaining accurate and up to date records of investors and to ensure investors monies and digital assets are properly safeguarded from conversion or inappropriate use by any person, including but not limited to implementing multi-signature arrangements. DAX operator must establish and maintain in a licensed Malaysian financial institution, one or more trust accounts, designated for the monies received from investors and relation to investors’ Digital Assets, have arrangements and processes in place to protect against the risk of loss, theft or hacking. (15.20)
The SC may impose a fee or levy on all transactions conducted on the Digital Asset Exchange. DAX Operator must have adequate arrangements and processes to manage excessive volatility of its market which may include circuit breakers, price limits and trading halts. DAX operator may provide or carry out market making activities and must ensure sufficient disclosure of all market making arrangements to its investors.
The requirements set by SC seem fairly reasonable, compared to neighbouring countries like Indonesia. Regardless of the lengthy process for all the applicants to fill in the forty over pages on the application form, all applicants to have until 1st of March 2019 to apply for registration with the SC.