The Australian Securities and Investments Commission (ASIC) has recently introduced updated guidelines for financial services firms holding client assets, focusing on cryptocurrency custody and strengthening oversight of asset holders. The revamped Regulatory Guide 133 (RG 133) expands asset-holding requirements to address emerging risks in digital assets while reinforcing traditional custody standards. Key changes include enhanced information security controls for crypto-asset custodians, stricter risk management processes for digital asset custody, updated financial requirements for asset holders, and expanded oversight of sub-custodial arrangements. These guidelines apply to various financial services providers such as registered scheme operators, licensed custodians, managed discretionary account providers, and operators of investor-directed portfolio services.
Australia’s regulator gained new powers at the end of September to oversee financial market infrastructure, aiming to enhance the stability and efficiency of the country’s financial system. The Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024 introduces measures to strengthen oversight of key entities facilitating trading in Australia’s capital markets. For cryptocurrency custody, ASIC now requires providers to implement strong security protocols, maintain comprehensive risk management frameworks, and use cold storage systems with limited connectivity to computing networks. They must also establish strong physical security for hardware devices storing private keys and have geographically distributed backup locations for key recovery systems.
Transaction security requirements mandate multi-signature or sharding-based signing approaches over single private key systems. Asset holders must implement permissioning processes to prevent single-party control over transactions, and for products with limited interaction needs, whitelisting predefined addresses is recommended for enhanced security. Asset holders must conduct thorough evaluations of any crypto exchanges used, ensuring they are registered with AUSTRAC or equivalent foreign authorities and implement risk-based systems under AML/CTF Act requirements. ASIC released a consultation paper earlier this month highlighting 13 practical examples for determining cryptocurrency services and is seeking public feedback on its proposals.
In conclusion, ASIC’s updated guidelines for financial services firms holding client assets focus on cryptocurrency custody and strengthening oversight of asset holders. The Regulatory Guide 133 (RG 133) expands asset-holding requirements to address emerging risks in digital assets while reinforcing traditional custody standards. The guidelines apply to a range of financial services providers, including registered scheme operators, licensed custodians, managed discretionary account providers, and operators of investor-directed portfolio services. Australia’s regulator has gained new powers to oversee financial market infrastructure, aiming to enhance the stability and efficiency of the country’s financial system through measures such as strengthened oversight of key entities facilitating trading in Australia’s capital markets.
