IOSCO Proposes Policy Recommendations for the Regulation of Crypto Markets

Skadden Publication / The Distributed Ledger: Blockchain, Digital Assets and Smart Contracts

Azad Ali Olivia Moul David Y. Wang

Key Points

  • Many of IOSCO’s recommendations mirror cryptoasset regulatory regimes in the EU and U.K., but they reflect a broader consensus among regulators, including the SEC and CFTC, which are members of IOSCO.
  • The recommendations focus on cryptoasset service providers, and cover issues such as conflicts of interest, market conduct and the protection of client assets.
  • The proposal for listing requirements leaves open who should be responsible for disclosures relating to cryptoassets where no issuer can be identified.

In May 2023, the board of the International Organization of Securities Commissions (IOSCO) published its Policy Recommendations for Crypto and Digital Asset Markets Consultation Report, which proposes 18 policies it plans to finalize in late 2023. Responses to the consultation are due by 31 July 2023.

IOSCO is comprised of securities and markets regulators from across the world, including the U.S. Commodity Futures Trading Commission and Securities and Exchange Commission. The organization’s purpose is to establish and maintain global standards for efficient, orderly and fair markets. IOSCO has issued various principles and recommendations addressing different aspects of securities and financial markets regulation.1

IOSCO’s work in the development of global standards for cryptoasset regulation is significant. It indicates a wider supervisory recognition of the need for legislators and policymakers in the crypto space to adhere to a minimum set of regulatory standards intended to protect customers and crypto markets and to mitigate the potential for regulatory arbitrage. IOSCO standards should be read alongside other work carried out by international standard-setting bodies in the crypto field, notably the Financial Stability Board, the Financial Action Task Force and the Basel Committee on Banking Supervision.2

The proposed recommendations are principles-based and are aimed at activities carried out by cryptoasset service providers (CASPs) involving all cryptoassets, including stablecoins, and seek to promote greater consistency in IOSCO members’ approach to the development of their own legal and regulatory frameworks for cryptoassets. More broadly, this aim supports IOSCO’s principle of “same activities, same risks, same regulatory outcomes.” The 18 policy recommendations address conflicts of interest, listing and trading, safeguards against market abusive behaviours, protection of client assets and cooperation between regulatory agencies, among other areas.

IOSCO’s proposed recommendations are similar to existing or proposed cryptoasset regulations in the EU and in the U.K.3 This is not surprising given that the EU Markets in Crypto-Assets Regulation (MiCA) draws significantly from existing EU financial services regulatory frameworks, which are themselves aligned with established IOSCO standards.

In summary, the following recommendations have been proposed:

  • Regulatory frameworks: Regulators should use existing or create new frameworks to achieve the same or consistent regulatory outcomes as required in traditional financial markets.
  • Conflicts of interest: The report addresses conflicts of interest that may arise, particularly for vertically-integrated cryptoasset businesses such as cryptoasset exchanges that provide more than trading functionality (e.g., brokerage, custody, settlement and staking services), whether under the umbrella of a single legal entity or through closely affiliated legal entities. IOSCO recommends that regulators consider whether disaggregation is appropriate in order to mitigate these potential conflicts. That could entail requiring functions to be split into separate legal entities with separate boards and management teams. Effective policies, procedures and controls could be published to address these concerns, which may include monitoring of independence and decoupling of functions. IOSCO also contemplates regulatory prohibitions on a CASP listing and trading the same cryptoassets in which it has a “material interest.”
  • Market conduct: Regulatory action against market abuse and fraud is recommended to prevent unlawful disclosure of material, non-public information, insider dealing and market manipulation. Market surveillance requirements should be instituted to detect and report suspicious transactions, whether these are “on-chain” or “off-chain.”
  • Regulatory cooperation: IOSCO’s call for codified cooperation arrangements between supervisory authorities is a significant contribution to the global regulation of cryptoassets. This would go beyond the existing Multilateral Memorandum of Understanding and Enhanced Memorandum of Understanding that promote information-sharing across jurisdictions.
  • Protection of client assets: Safeguarding of client assets, particularly when they are held in custody, is a key recommendation, but there are no specific expectations or thresholds regarding cryptoasset holdings in “hot” or “cold” wallets. Safety of assets held on private keys is crucial, notably where a CASP enters an insolvency process. If a CASP expressly takes legal or beneficial title of an asset (e.g., for lending, reuse or rehypothecation), the client’s explicit consent should be obtained, as their rights may be reduced to having an unsecured claim against the CASP in the event of insolvency. CASPs should adopt appropriate systems, policies and procedures to mitigate the risk of loss, theft or inaccessibility of client assets, and these should be sensitive to the risks associated with different wallet types (e.g., hot, cold or warm).
  • Technological resilience: Operational and technological risk and resilience requirements — particularly in decentralized finance (DeFi) — should be considered by regulators, as it is in traditional finance.
  • Listing requirements: Trading platforms should adopt substantive and procedural listing standards for cryptoassets and their issuers. Information about cryptoassets would include detail about their control and ownership, trading history and the protocol for transfers. IOSCO considers this to be “important, even where there is no clearly identifiable entity issuing a cryptoasset,” but does not specify where responsibility for admission documents falls in such circumstances. There are admittedly challenges that legislators need to navigate in determining the proper allocation of responsibility for information relating to non-issued cryptoassets.

IOSCO’s proposed recommendations present a welcome step in the development of common standards in cryptoasset regulatory regimes across the world. The consultation provides an opportunity to ensure consistent regulations across jurisdictions, moving away from what could otherwise be a fragmented and disjointed landscape of cryptoasset regulations.


1 For example, CPMI-IOSCO’s Principles for Financial Market Infrastructures and Principle’s for Financial Benchmarks.

2 The Financial Stability Board has published two consultation papers on the international regulation and oversight of cryptoasset activities: “Recommendations that promote the consistencies and comprehensiveness of regulatory, supervisory and oversight approaches to crypto-asset activities and market and strengthen international cooperation, coordination and information sharing,” and “Revised high-level recommendations for the regulation, supervision and oversight of ‘global stablecoin’ arrangements.” The Financial Action Task Force has published its Red Flag Indicators of Money Laundering and Terrorist Financing in relation to cryptoassets. The Basel Committee has also published its second consultation on “Prudential treatment of cryptoassets”.

3 See our November 23, 2022, client alert “EU’s Proposed Legislation Regulating Cryptoassets, MiCA, Heralds New Era of Regulatory Scrutiny” and our March 29, 2023, alert, “A Closer Look at the Proposed UK Cryptoassets Regulatory Regime.”

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.