• COBS 17. COBS 17. ADDITIONAL RULES — AUTHORISED PERSONS CONDUCTING A REGULATED ACTIVITY IN RELATION TO VIRTUAL ASSETS

    • COBS 17.1. COBS 17.1. Application and Interpretation

      • COBS 17.1.1.

        This chapter applies to an Authorised Person conducting a Regulated Activity in relation to Virtual Assets.

        Amended on (24 February, 2020).

      • COBS 17.1.2.

        An Authorised Person conducting a Regulated Activity in relation to Virtual Assets must comply with all requirements applicable to Authorised Persons in the following Rulebooks, unless the requirements in this chapter expressly provide otherwise—

        (a) this Conduct of Business Rulebook (COBS);
        (b) the General Rulebook (GEN);
        (c) the Anti-Money Laundering and Sanctions Rules and Guidance (AML);
        (d) the Islamic Finance Rules (IFR); and
        (e) the Rules of Market Conduct (RMC), made by the Regulator in accordance with section 96 of the Financial Services and Markets Regulations 2015.
        Amended on (24 February, 2020).

      • COBS 17.1.3.

        For the purposes of an Authorised Person conducting a Regulated Activity in relation to Virtual Assets, all references to—

        (a) "Client Investments" in GEN shall be read as encompassing “Virtual Asset” or “Virtual Assets”, as applicable; and
        (c) "Financial Instruments" in RMC shall be read as references to “Virtual Asset” or “Virtual Assets”, as applicable.
        Amended on (24 February, 2020).

      • COBS 17.1.4.

        The following COBS Rules should be read as applying to all Transactions undertaken by an Authorised Person conducting a Regulated Activity in relation to Virtual Assets, irrespective of any restrictions on application or any exception to these Rules elsewhere in COBS—

        (a) Rule 3.4 (Suitability);
        (b) Rule 6.5 (Best Execution);
        (c) Rule 6.7 (Aggregation and Allocation);
        (d) Rule 6.10 (Confirmation Notes);
        (e) Rule 6.11 (Periodic Statements); and
        (f) Chapter 12 (Key Information and Client Agreement).
        Amended on (24 February, 2020).

    • COBS 17.2. COBS 17.2. Accepted Virtual Assets

      • COBS 17.2.1.

        An Authorised Person conducting a Regulated Activity in relation to Virtual Assets must only use Accepted Virtual Assets.

        Amended on (24 February, 2020).

      • COBS 17.2.2.

        For the purposes of determining whether, in its opinion, a Virtual Asset meets the requirements of being an Accepted Virtual Asset, the Regulator will consider—

        (a) a maturity/market capitalisation threshold in respect of a Virtual Asset; and
        (b) other factors that, in the opinion of the Regulator, are to be taken into account in determining whether or not a Virtual Asset meets the requirements to be considered appropriate for the purposes of an Authorised Person conducting a Regulated Activity in relation to Virtual Assets.
         
        Amended on (24 February, 2020).

      • COBS 17.2.3.

        For the purposes of Rule 17.2.1, the maturity/market capitalisation requirements are set out in Guidance to this chapter.

         

    • COBS 17.3. COBS 17.3. Capital Requirements

      • COBS 17.3.1.

        The capital requirements set out in MIR Rule 3.2 (Capital Requirements) shall apply to Authorised Person conducting a Regulated Activity in relation to Virtual Assets.

        Amended on (24 February, 2020).

      • COBS 17.3.2.

        For the purposes of this paragraph 17.3, all references in MIR Rule 3.2 to "Recognised Investment Exchange" shall be read as references to "Authorised Person".

        Amended on (24 February, 2020).

    • COBS 17.4. COBS 17.4. International Tax Reporting Obligations

      • COBS 17.4.1.

        An Authorised Person conducting a Regulated Activity in relation to Virtual Assets, where applicable, should consider any reporting obligations in relation to, among other things—

        (a) FATCA, as set out in the Guidance Notes on the requirements of the Intergovernmental Agreement between the United Arab Emirates and the United States, issued by the UAE Ministry of Finance in 2015 and as amended from time to time; and
        (b) Common Reporting Standards, set out in the ADGM Common Reporting Standard Regulations 2017.
        Amended on (24 February, 2020).

    • COBS 17.5. Technology Governance and Controls

      An Authorised Person conducting a Regulated Activity in relation to Virtual Assets must, as a minimum, have in place systems and controls with respect to the following:

      Virtual Asset Wallets

      (a) Procedures describing the creation, management and controls of Virtual Asset wallets, including:
      (i) wallet setup/configuration/deployment/deletion/backup and recovery;
      (ii) wallet access privilege management;
      (iii) wallet user management;
      (iv) wallet rules and limit determination, review and update; and
      (v) wallet audit and oversight.

      Private keys

      (b) Procedures describing the creation, management and controls of private keys, including:
      (i) private key generation;
      (ii) private key exchange;
      (iii) private key storage;
      (iv) private key backup;
      (v) private key destruction; and
      (vi) private key access management.

      Origin and destination of Virtual Asset funds

      (c) Systems and controls to mitigate the risk of misuse of Virtual Assets, setting out how—
      (i) the origin of Virtual Assets is determined, in case of an incoming transaction; and
      (ii) the destination of Virtual Assets is determined, in case of an outgoing transaction.

      Security

      (d) A security plan describing the security arrangements relating to:
      (i) the privacy of sensitive data;
      (ii) networks and systems;
      (iii) cloud based services;
      (iv) physical facilities; and
      (v) documents, and document storage.

      Risk management

      (e) A risk management plan containing a detailed analysis of likely risks with both high and low impact, as well as mitigation strategies. The risk management plan must cover, but is not limited to:
      (i) operational risks;
      (ii) technology risks, including 'hacking' related risks;
      (iii) market risk for each Accepted Virtual Asset; and
      (iv) risk of Financial Crime.
      Amended on (24 February, 2020).

    • COBS 17.6. COBS 17.6. Additional disclosure requirements

      • COBS 17.6.1.

        Prior to entering into an initial Transaction for, on behalf of, or with a Client, an Authorised Person conducting a Regulated Activity in relation to Virtual Assets shall disclose in a clear, fair and not misleading manner all material risks associated with (i) its products, services and activities (ii) Virtual Assets generally and (iii) the Accepted Virtual Asset that is the subject of the Transaction.

        Amended on (24 February, 2020).

      • COBS 17.6.2.

        The risks to be disclosed pursuant to Rule 17.6.1 include, but are not limited to, the following—

        (a) Virtual Assets not being legal tender or backed by a government;
        (b) the value, or process for valuation, of Virtual Assets, including the risk of a Virtual Asset having no value;
        (c) the volatility and unpredictability of the price of Virtual Asset relative to Fiat Currencies;
        (d) that trading in Virtual Assets may be susceptible to irrational market forces;
        (e) that the nature of Virtual Assets may lead to an increased risk of Financial Crime;
        (f) that the nature of Virtual Assets may lead to an increased risk of cyber-attack;
        (g) there being limited or, in some cases, no mechanism for the recovery of lost or stolen Virtual Assets;
        (h) the risks of Virtual Assets being transacted via new technologies, (including distributed ledger technologies ('DLT')) with regard to, among other things, anonymity, irreversibility of transactions, accidental transactions, transaction recording, and settlement;
        (i) that there is no assurance that a Person who accepts a Virtual Asset as payment today will continue to do so in the future;
        (j) that the nature of Virtual Assets means that technological difficulties experienced by the Authorised Person may prevent the access or use of a Client's Virtual Assets;
        (k) any links to Virtual Assets related activity outside ADGM, which may be unregulated or subject to limited regulation; and
        (l) any regulatory changes or actions by the Regulator or Non-ADGM Regulator that may adversely affect the use, transfer, exchange, and value of a Virtual Asset.
        Amended on (24 February, 2020).

    • COBS 17.7. COBS 17.7. Additional Rules Applicable to an Authorised Person Operating a Multilateral Trading Facility in relation to Virtual Assets

      • COBS 17.7.1.

        In addition to the general requirements applicable to an Authorised Person conducting a Regulated Activity in relation to Virtual Assets as set out in Rules 17.117.6 above, an Authorised Person Operating a Multilateral Trading Facility in relation to Virtual Assets must comply with the requirements set out in—

        (a) COBS, MIR and GEN, as set out in Rules 17.7.217.7.6 below; and
        (b) Rule 17.8 below if also Providing Custody in relation to Virtual Assets.
        Amended on (24 February, 2020).

      • COBS 17.7.2.

        An Authorised Person that is Operating a Multilateral Trading Facility in relation to Virtual Assets must comply with the requirements set out in COBS, Chapter 8, save for Rules 8.4.6 and 8.6.

        Amended on (24 February, 2020).

      • COBS 17.7.3.

        For the purposes of Rule 17.7.2, the following references in COBS, Chapter 8 should be read as follows:

        (a) references to "Investment" or "Investments" shall be read as references to "Virtual Asset" or "Virtual Assets", as applicable; and
        (b) references to "Financial Instrument" or "Financial Instruments" (including those in MIR as incorporated by virtue of COBS Rule 8.2.1) shall be read as references to "Virtual Asset" or "Virtual Assets", as applicable.
        Amended on (24 February, 2020).

      • COBS 17.7.4

        An Authorised Person that is Operating a Multilateral Trading Facility in relation to Virtual Assets must comply with the following requirements set out in MIR, Chapter 5

        (a) Rules 5.15.3; and
        (b) Rule 5.4.1, in the circumstances identified in Items 18, 19, 23 (a) and (b), 26, 27, 31, 32, 33, 34, 36, 37, 38, 39, 40, 42, 44, 45, 47, 48, 49, 51, 52, 53, 54, 56, 57, 58, 59, 60 and 61.
        Amended on (24 February, 2020).

      • COBS 17.7.5.

        For the purposes of Rule 17.7.4, all references in MIR to—

        (a) "Recognised Body" or "Recognised Bodies" shall be read as references to "Authorised Person"; and
        (b) "Financial Instrument" or "Financial Instruments" shall be read as references to "Virtual Asset" or "Virtual Assets", as applicable.
        Amended on (24 February, 2020).

      • COBS 17.7.6.

        GEN Rule 5.2.14 shall apply to an Authorised Person Operating a Multilateral Trading Facility in relation to Virtual Assets, and all references to "Investment" shall be read as references to "Virtual Asset".

        Amended on (24 February, 2020).

    • COBS 17.8. COBS 17.8. Additional Rules Applicable to an Authorised Person Providing Custody in relation to Virtual Assets

      • COBS 17.8.1.

        In addition to the general requirements applicable to an Authorised Person conducting a Regulated Activity in relation to Virtual Assets as set out in Rules 17.117.6 above, an Authorised Person that is Providing Custody in relation to Virtual Assets must comply with the requirements set out in COBS, Chapters 14, 15 and 16, as set out in Rules 17.8.217.8.3 below.

        Amended on (24 February, 2020).

      • COBS 17.8.2.

        For the purposes of Rule 17.8.1, the following references in Chapters 14, 15 and 16 should be read as follows—

        (a) references to "Client Assets" shall be read as encompassing "Virtual Assets"; and
        (b) references to "Investment" or "Investments", (and, a result, the corresponding references to "Client Investments") shall be read as encompassing "Virtual Asset" or "Virtual Assets", as applicable.
         
        Amended on (24 February, 2020).

      • COBS 17.8.3.

        For the purposes of an Authorised Person that is Providing Custody in relation to Virtual Assets, the following requirements in COBS, Chapters 14 and 15 shall be read as follows—

        (a) the reconciliations of the Client Accounts required under COBS Rule—
        (i) 14.2.12(a) shall be carried out at least every week; and
        (ii) 14.2.12(d) shall be carried out within 5 days of the date to which the reconciliation relates;
        (b) the statements required under COBS Rule 15.8.1(a) shall be sent to a Retail Client at least monthly; and
        (c) all reconciliations required under COBS Rule 15.9.1 shall be conducted at least every week.
        Amended on (24 February, 2020).