The Securities and Exchange Commission (SEC) has issued regulations requiring digital asset business operators that provide custody of clients’ digital assets to establish a digital wallet management system to accommodate efficient custody of digital assets and keys* and ensure safety of clients’ assets.
The regulations cover the following requirements:
(1) Policy and guidelines for overseeing risk management and management of digital wallets and keys as well as communication to clarify such policy, action plans and procedures, work supervision and internal control to ensure compliance with the policy;
(2) Policy and procedures for designing, developing and managing digital wallets as well as creating, maintaining and accessing keys or other related information appropriately, securely and safely;
(3) Contingency plan in case of occurrence of any event that may affect the management system of digital wallets and keys. This includes laying out and testing action procedures, designating responsible persons and reporting the event. An audit of system security is also required as well as digital forensic investigation in case of any event affecting the security of systems related to digital asset custody, which could cause significant impacts on clients’ assets.
The regulations have taken effect since 16 January 2023. Pursuant to the transitional provisions, digital asset business operators who had provided custody of clients’ assets prior to the effective date of the regulations are required to fully comply within six months as from the effective date.