IOSCO has recently published a consultation focusing on how platforms which trade crypto-assets are regulated. The global standards setting body considers that promoting innovation must be balanced with appropriate regulatory oversight. For these purposes IOSCO defines crypto-assets broadly as “a type of private asset that depends primarily on cryptography and DLT or similar technology as part of its perceived or inherent value, and can represent an asset such as a currency, commodity or security, or be a derivative on a commodity.” Crucially though, it does not analyse which crypto-assets constitutes a security, understandably deferring to regulators in their own jurisdictions.

IOSCO considers that if crypto-asset trading platforms (or CTPs) trade a crypto-asset that is a security and it falls within a regulator’s jurisdiction, then standard regulatory principles should apply (i.e. in terms of investor protection, fair, efficient and transparent markets and investor confidence).

More specifically a CTP is “a facility or system that brings together multiple buyers and sellers of crypto-assets for the purpose of completing transactions or trades.” IOSCO explains that although they are like traditional trading venues, they can also perform roles more usually undertaken by intermediaries, custodians, transfer agents and clearing houses – and this fact can increase the potential risks. An analysis of CTP operational models by regulators is therefore important.

Some of the risks and issues of trading on a CTP include:

  • Access – where investors, particularly retail investors, have non-intermediated access to a CTP, an important consideration for regulatory authorities centres on who performs the customer on-boarding process. Intermediaries usually carry out such steps and without on-boarding there will be concerns over conduct of business (KYC) and AML due diligence.
  • Safeguarding participant assets – customers’ crypto-assets can be held in wallets where the CTP controls the private key giving it sole control over them. At the very least, this can give rise to the sort of governance issues experience by investors in Quadriga, whose founder apparently died, taking with him the encrypted access keys to US $143 million of cryptocurrencies held by the exchange in offline storage.
  • Price discovery – additional challenges in looking to ensure efficient price formation may arise where a crypto-asset trades on various CTPs or jurisdictions making price discovery complex and fragmented.

IOSCO also discusses the cross-border sharing of information between regulators. As CTPs operate across multiple jurisdictions, it is vital that member states cooperate in implementing consistent standards of regulation e.g. on enhancing investor protection and exchanging information. Feedback may be provided until 29 July.


Mark Simpson is a partner in the Financial Services & Regulatory Group in the London office where he practices in the areas of financial regulation, financial crime, and regulatory investigations. He is a member of the Firm's EMEA Financial Services & Insurance Steering Committee, as well as its Global Funds and FinTech Groups.

Sue McLean

Sue McLean is a partner in Baker McKenzie's Technology practice in London. Sue advises clients on a wide range of technology matters, including outsourcing, cloud computing, technology procurement, licensing and distribution, digital and disruptive technologies including AI and blockchain. Sue has significant experience in advising clients in the financial services sector and is a member of the firm's FinTech group.