Risk Management and Crisis Response Blog

IOSCO unveils consultation report on global crypto regulation

Jun 2, 2023 5 MIN READ
Laure Fouin

Partner, Corporate, Montréal

Lawrence E. Ritchie

Partner, Disputes, Toronto

Matthew T. Burgoyne

Partner, Corporate, Calgary

Asad Akhtar

Associate, Corporate, Toronto

Simon Cameron

Associate, Litigation, Toronto

Ankita Gupta

Associate, Litigation, Toronto


Given that the purchase and sale of digital assets transcends borders (national as well as jurisdictional), many voices have long called for a global response to the approach taken to regulation in that space.

On May 23, 2023, the International Organization of Securities Commissions (IOSCO) — the global association of securities regulators — published a consultation report [PDF] entitled “Policy Recommendations for Crypto and Digital Asset Markets” (the Report), seemingly responding to those voices.

The Report aims to address what IOSCO considers to be market integrity and investor protection concerns arising from crypto-asset activities and, in particular, to address the risk of “regulatory arbitrage” by promoting consistency among IOSCO’s member jurisdictions.

The Report makes and seeks input on 18 policy recommendations in six key areas: (i) dealing with conflicts of interest (ii) market manipulation (iii) cross-border regulatory cooperation (iv) custody of crypto-assets (v) operational risks, and (vi) treatment of retail customers. While these recommendations apply to crypto-assets generally, the Report also includes specific commentary on stablecoins.

As crypto markets grapple with complex jurisdictional and characterization questions, this Report is notable in that it signals a high level of collaboration amongst global securities regulators in developing a harmonized principles-based and outcomes-focused regulatory framework for crypto-assets.

The recommendations

The first, and overarching, recommendation in the Report is t regulators should aim to establish a level playing field between cryptoassets and traditional financial markets through the application of existing or new regulatory frameworks to crypto-assets. The Report recommends that these regulatory frameworks should seek to achieve regulatory outcomes for investor protection and market integrity that are the same as, or consistent with, those that are required in traditional financial markets.

The 68 page Report also makes a number of specific recommendations, some of which are summarized below:

  • Governance and conflicts of interest: The Report recommends that regulators assess the specific risks arising from Crypto Asset Service Providers (CASPs) that engage in multiple functions and activities e.g., exchange trading, brokerage, market-making and other proprietary trading, offering margin trading, custody, settlement, and re-use of assets — whether as a single entity or within a corporate group — and adapt governance requirements and conflicts of interest disclosure, eventually requiring legal disaggregation and separate registration and regulation. The Report also recommends that regulators require CASPS to disclose every role and capacity in which they are acting at all times.
  • Market manipulation, insider trading and fraud: The Report recommends that:
  1. CASPs should be required to handle all client orders fairly and equitably and to adopt systems, policies and procedures for fair and expeditious execution of client orders and to adopt restrictions on “front running.”
  2. CASPs operating markets or operating as intermediaries should provide pre- and post-trade disclosure consistent with those required in traditional financial markets.
  3. CASPs should be required to establish and disclose their standards for listing and de-listing crypto-assets.
  4. CASPs should manage any conflicts of interest arising from listing crypto-assets, including a potential prohibition against listing their own proprietary crypto-assets.
  5. Regulators must continue to bring enforcement actions against offences involving fraud and market abuse (including tipping, insider dealing, and market manipulation) in crypto-asset markets, and
  6. CASPs should be be required to put in place systems for managing material non-public information and that regulators establish market surveillance requirements for each CASP.
  • Cross-border risks and regulatory cooperation: The Report recommends that, in recognition of the cross-border nature of crypto-asset issuance, regulators should have the ability to share information and cooperate with regulators in other jurisdictions.
  • Custody of crypto-assets and client asset protection: The Report recommends that the IOSCO Recommendations Regarding the Protection of Client Assets [PDF] should be applied to CASPs holding client assets. The Report also recommends that CASPs be required to place client assets in trust or to otherwise keep them segregated from the CASPs’ own assets, to adequately disclose the custody arrangements adopted, and to establish systems to manage the risk of loss or inaccessibility of client assets. In addition, the Report recommends that CASPs be required to conduct regular and frequent reconciliations of client assets subject to “appropriate independent assurance”, potentially including an independent audit requirement.
  • Operational and technological risk: The Report recommends that CASPs should be required to comply with the requirements pertaining to operational technology risk and resilience in accordance with IOSCO’s recommendations and standards and to disclose their risk management frameworks.
  • Retail access, suitability and distribution: The Report recommends that CASPs should be required to implement adequate systems to assess the appropriateness of particular crypto-asset protects and services offered to each retail client and should prohibit prospective clients who do not demonstrate sufficient knowledge from trading crypto-assets.

Comments on stablecoins

In addition to the recommendations outlined above, which apply to all crypto-assets, the Report makes specific recommendations for stablecoins. These recommendations are intended to address what the Report describes as stablecoin specific risks, such as those potentially flowing from a lack of transparency, lack of verification of underlying reserve assets, and the potential for a “bank run” on the stablecoins. We have previously reported on preliminary guidance issued by IOSCO and the Committee on Payments and Market Infrastructures with respect to systematically important stablecoins. We have also previously reported on guidance issued by the Canadian Securities Administrators concerning their expectations for the trading of stablecoins in Canada.

The Report recommends that CASPs be required to disclose particular information regarding stablecoins, including information with respect to the legal rights of stablecoin holders and the stablecoin’s reserve assets and their custody, segregation, and verification.

Next steps

IOSCO is seeking input on the report from all stakeholders until July 31, 2023, and aims to finalize its policy recommendations in early Q4 2023. As IOSCO’s member regulators include the Ontario, Alberta, and British Columbia Securities Commissions and the Québec Autorité des Marchés Financiers, the policy recommendations ultimately made could prove influential for the development of Canadian securities regulation.

The recommendations in the Report are focused on centralized crypto-asset market activities. IOSCO has indicated that it will separately consult on issues related to decentralized finance. The Report also does not address financial stability concerns arising from crypto-assets, which the Report indicates are being considered in parallel by the Financial Stability Board. 

We will continue to monitor and provide updates regarding the evolving regulatory landscape.