ASIC releases guidance on crypto-assets

16 December 2021

Amidst the rise of crypto-assets and new market entrants, ASIC has released guidance on the regulatory implications for industry participants. What do you need to know about Information Sheet 225?

ASIC recently published Information Sheet 225 Crypto-assets (INFO 225) to provide guidance on the regulatory implications for various stakeholders involved with dealings in crypto-assets.

In addition to this guidance, ASIC has also recently published good practice principles for licensed Australian exchanges that admit exchange traded funds and other structured products: Information Sheet 230 Exchange traded products: Admission guidelines (INFO 230). INFO 230 includes ASIC’s views on the principles that licensed Australian exchanges should have regard to in determining whether certain crypto-assets can be permissible underlying assets for exchange traded products (ETP) that have been admitted to quotation on their market.

Given the growing prevalence of crypto-assets in financial services, ASIC’s guidance is timely. The focus of this article is on INFO 225.

Who is affected by the guidance in INFO 225?

The guidance in INFO 225 will be relevant to a wide range of direct and indirect participants in the crypto-assets industry. This includes initial coin offering (ICO) issuers, payments system intermediaries, crypto-currency miners and transaction processors, exchanges and trading platforms, payment and merchant service providers, and wallet and custody service providers.

What types of assets does the guidance in INFO 225 apply to?

ASIC considers that crypto-assets are not part of a homogenous asset class. ASIC’s reference to ‘crypto-assets’ is intended to include cryptocurrency (such as bitcoin), tokens (typically issued during ICOs) and stablecoins (which typically have their value connected to another cryptocurrency, a fiat currency or other structured products).

ASIC defines a ‘crypto-asset’ as:

'a digital representation of value or rights (including rights to property), the ownership of which is evidenced cryptographically and that is held and transferred electronically by:

a type of distributed ledger technology; or
another distributed cryptographically verifiable data structure.'

This definition is useful, and ASIC intends to use it to administer the new specific ‘crypto-asset’ class of financial product when granting authorisations to registered managed investment schemes holding crypto-assets. However, ASIC makes it clear that this definition is not to be used for other purposes.

What do industry participants need to do?

Assess their current arrangements relating to crypto-assets against what ASIC has outlined as its expectations for crypto-assets in INFO 225 and INFO 230.
Map out and document the characteristics of each of the products they issue or distribute that are within the scope of the obligations.
Consider if any changes should be made to the features of the relevant products (or how they operate) to continue to meet the applicable obligations.

When is a crypto-asset a “financial product”?

A key regulatory consideration for crypto-asset stakeholders is whether the relevant crypto-assets are, or involve, a financial product within the meaning of Chapter 7 of the Corporations Act 2001 (Cth) (Corporations Act). If the asset is a financial product, activities in relation to that asset are being conducted as a business, and an exemption does not apply, then the entity which is conducting those activities must obtain an Australian financial services licence (AFSL) and comply with a range of obligations such as disclosure requirements if retail clients are involved.

INFO 225 provides a non-exhaustive checklist tailored for crypto-assets for considering whether a crypto-asset could constitute a financial product or whether an ICO involves a financial product:

All rights and features are relevant: To determine whether a crypto-asset or an ICO is, or involves, a financial product, ASIC indicates that entities need to consider all of the rights and features of the proposed crypto-asset or ICO and the way in which it will be offered.

ASIC indicates that the concept of a ‘right’ should be interpreted broadly.
Conclusions should be substantiated: Entities are expected to clearly substantiate their conclusions where they do not consider a crypto-asset to be a financial product.
Interests in a managed investment scheme: Issuers are likely to be offering interests in a managed investment scheme (being a financial product) if the rights and value of the crypto-asset are related to an arrangement which has the three key elements of a managed investment scheme. These features are where:

1) people contribute money or assets (such as cryptocurrency or other crypto-assets) to acquire interests in the scheme;

2) contributions are pooled or used in a common enterprise to produce benefits (eg, using funds to develop a platform) for purposes that include producing a financial benefit for contributors (eg, from an increase in the value of their tokens); and

3) contributors do not have day-to-day control over the operation of the scheme.
Security: ASIC indicates that crypto-assets issued through an ICO will likely constitute ‘securities’ for Corporations Act purposes where the rights attaching to the crypto-assets are similar to those commonly attached to a share – such as where there appears to be ownership, voting or some right to participate in profits of the body. Crypto-assets that provide the right to purchase shares in a company at a future time such as when it is listed on the ASX may also constitute a security in the form of an option to acquire a share.
Derivative: A crypto-asset or an ICO may involve a derivative if its price is based on the value or amount of something else such as the price of another financial product, underlying market index or an asset price movement. ASIC gives an example of a crypto-asset which is a derivative because it contains a self-executing contract involving payment arrangements that are triggered by changes in the relevant price of the underlying product, index, or asset.
Non-cash payment (NCP) facility: ASIC says a crypto-asset is not necessarily an NCP facility merely because it is a form of value that is used to complete a transaction. Whether or not a crypto-asset constitutes an NCP facility will depend on the individual rights and obligations associated with the asset. If the holder has a right to use the asset to make a payment then it is likely to be an NCP facility.

ASIC’s expectation is that crypto-assets such as tokens offered under an ICO are unlikely to be NCP facilities. However, an ICO may involve an NCP facility if the arrangement under it allows:
- payments to be made in this form of value to a number of payees; or
- payments to be started in this form and converted to fiat currency to enable completion of the payment.

Guidance on offering retail investors exposure to crypto-assets via regulated investment vehicles

This section of the guidance is relevant to ETPs, listed investment companies, listed investment trusts and unlisted investment funds which are provided to retail investors. Specific guidance for issuers of ETPs in admitting crypto-assets as underlying assets is provided in INFO 230.

INFO 225 sets out various matters which it expects responsible entities (RE) for registered managed investment schemes to have regard to. A brief summary of this guidance is set out below.

Key matters	ASIC Guidance
Custody	For the purposes of REs and custodians meeting their minimum asset holding and financial requirements, ASIC considers it good practice that: Crypto-asset holders possess specialist expertise and infrastructure relating to crypto-asset custody. There is segregation of crypto-assets on the blockchain to prevent intermingling with other crypto-asset holdings by having unique public and private keys maintained on behalf of the RE. Private keys are generated and stored in a way that minimises risk of loss and unauthorised access. ASIC highlights that security of private keys is of critical importance which are necessary to sign transactions to implement transfer of crypto-assets. ASIC’s expectation is that multi-signature or sharding-based signing approaches (such as splitting a single key into multiple shards or pieces) should be preferred over a single private key to sign the transactions. Crypto-asset holders adopt robust cyber and physical security practices including for receipt, validation, review, reporting and execution of instructions from REs and appropriate internal governance, risk management and business continuity practices. REs should have access to compensation systems so that scheme members can be compensated if crypto-assets are lost.
Risk Management and AML/CTF	AFSL holders must do all things necessary to ensure that the financial services are provided efficiently, honestly and fairly (s 912A(1)(a) of the Corporations Act) and have adequate risk management systems (s 912A(1)(h) of the Corporations Act). To meet these obligations, ASIC considers that it is good practice for REs to carefully consider the crypto-asset trading platforms they or their service providers use. REs should be satisfied, based on reasonable due diligence, that the crypto-asset trading platforms they or their service providers use: are digital currency exchange providers registered with AUSTRAC or that are subject to laws giving effect to the Financial Action Task Force recommendations relating to customer due diligence and record-keeping; and implement risk-based anti-money laundering/counter terrorism systems and controls which are supervised and monitored by an appropriate regulatory body.
Disclosure	Sufficient information about crypto-asset characteristics and risks should be included in disclosure documents for products that invest in, or provide exposure to, certain crypto-assets. ASIC provides various crypto asset-specific examples of the types of matters that may be relevant to meeting these minimum disclosure requirements.

Misleading and deceptive conduct

ASIC notes in INFO 225 that prohibitions under the Australian Consumer Law on engaging in misleading or deceptive conduct will apply in relation to crypto-assets or ICOs that are not, or do not involve, financial products. For crypto-assets or ICOs that are, or involve, financial products, the Corporations Act and the Australian Securities and Investments Commission Act 2001 (Cth) each impose a prohibition on engaging in misleading and deceptive conduct.

ASIC provides the following examples of the types of conduct that may be misleading or deceptive:

stating or conveying the impression that the crypto-assets (such as coins or tokens) or ICO offered are not a financial product if that is not the case;
stating or conveying the impression that a crypto-asset trading platform does not quote or trade financial products if that is not the case;
using social media to generate the appearance of a greater level of public interest in a crypto-asset or ICO;
undertaking or arranging for a group to engage in trading strategies to generate the appearance of a greater level of buying and selling activity for an ICO or crypto-asset;
failing to disclose adequate information about the ICO or crypto-asset; and
suggesting that the ICO or crypto-asset is a regulated product or the regulator has approved the ICO or crypto-asset if that is not the case.

Categorisations of crypto-assets by foreign regulators in the Australian context

ASIC makes it clear that Australian laws, including those which prohibit misleading and deceptive conduct, may continue to apply even where offshore or decentralised structures are used to issue, trade or sell crypto-assets in Australia.

There is also an acknowledgement that the definition of financial product is often broader in Australia that in other jurisdictions. For this reason, the particular rights and features of individual crypto-assets and individual ICOs need to be considered independently with the Australian context.

Authors