IOSCO consults on crypto and digital asset markets CeFi regulation



On 23 May 2023, the International Organisation of Securities Commissions (IOSCO) released a consultation report on crypto and digital asset markets regulation. The Report contains 18 recommendations that cover six key areas in line with IOSCO Standards, namely governance and conflict of interest, market abuse, cross-border risk and regulatory cooperation, custody and client asset protection, operational and technological risk as well as retail access, suitability and distribution. The Report also discusses specific risks attached to stablecoins.

The recommendations set out in the Report have been developed under the intendance of the IOSCO Board’s Fintech Task Force (FTF) pursuant to the IOSCO’s Crypto-Asset Roadmap published in June 2022. The IOSCO consultation will last until the 31 July 2023. The Report focuses on centralised crypto asset market activities (CeFi) by opposition to decentralised finance (DeFi) for which IOSCO will conduct a separate consultation.

Governance and conflicts of interests

IOSCO is of the view that crypto asset service providers (CASPs) should be subject to effective governance and organisational requirements for the purpose of effectively addressing and mitigating issues on conflicts of interests, in particular when a CASP engages in various types of activities. The provision of each service and the respective roles of the CASPs in that respect should be defined and disclosed to regulators for assessment and authorisation and to clients for transparency and protection.

Market abuse

The Report recommends the implementation of several measures in order to prevent and detect market manipulation, insider trading and generally fraud. These recommendations are generally in line with traditional financial markets requirements.

Among these measures, IOSCO considers that CASPs should implement adequate procedures and policies to ensure fair and equitable execution of client's orders, restrict any "front-running" and adopt systems to manage material non-public information (MNPI). The Report also recommends increased transparency to combat conflicts of interest. This includes pre- and post-trade disclosures from CASPs operating markets as well as from intermediaries and the establishment of listing and delisting standards for crypto-assets.

Regulators are encouraged to pursue enforcement actions in case of abuses in crypto-assets markets and to ensure that a market surveillance for each CASPs is in place. In that perspective, one may question whether the Circular 2013/8 "Market conduct rules" issued by the Swiss Financial Market Supervisory Authority (FINMA) is an adequate tool, in particular for non-regulated CASPs.

Cross-border risk and regulatory cooperation

Given the global nature of crypto-asset markets and activities carried out by CASPs, the Report advocates the adoption of best practices in international cooperation to help ensure effective supervision and enforcement. This cooperation is required to reduce the risk of money laundering, (abusive) regulatory arbitrage and at the same time ensure investor protection and improve market integrity.

Custody and client asset protection

The Report makes clear that efficient on-chain and off-chain custody methods and protection of clients' assets are key to prevent and mitigate risks relating to the absence of asset segregation, liability in case of assets re-use, and more general ownership considerations. The IOSCO recommends using its "Report Recommendations Regarding the Protection of Client Assets" as guidance and requesting from relevant CASPs regular and frequent reconciliation subject to appropriate independent assurance (i.e. independent audit).

Considerations on custody and clients' asset protection are also pivotal for a widespread adoption of crypto-assets as well as for institutional investors who need clear rules to gain confidence in the crypto ecosystem. On a side note, Switzerland has adopted a robust framework in that respect with the enactment of the DLT Act and the corresponding adaptation of its bankruptcy and banking regulations. Swiss rules now recognise unambiguously crypto-assets ownership and their transfer as well as segregation in case of bankruptcy of a custodian.

Operational and technological risk

The Report recommends a transparent (clear, concise and jargon-free) disclosure of the CASPs' material sources of operational and technological risks as well as the implementation of a clear risk-management framework covering the usual suspects, such as persons, processes, systems and controls. In doing so, the Report refers to its Standards applicable to traditional financial institutions, such as the IOSCO Cyber Task Force Final Report. However, the Report states that CASPs face idiosyncratic risks arising out of distributed ledger technology, smart contracts, forks and cross-chain bridges that need to be factored as such in designing efficient risk management.

Retail access, suitability and distribution

The Report mentions the importance of the implementation of adequate systems and procedures to assess the appropriateness and/or the suitability of crypto-assets as well as clear, concise, and non-technical accurate disclosure to clients on risks and remunerations at the point of sale. CASPs are also expected to implement effective mechanisms to address client complaints. All these recommendations will sound familiar to Swiss traditional financial service providers subject to the Financial Services Act.

Focus on Stablecoin

In addition to the recommendations outlined above that also apply to stablecoins mutatis mutandis, the Report stresses that this category of crypto-assets involves specific risks that need to be considered. Among these inherent risks, it is possible to identify increased risks of inside information misuse, market manipulation as well as credit risk. Importance of reserve assets, which need to be sufficient to cover redemption of all outstanding stablecoins is also highlighted by the Report. In that context, the European Union Markets in Cryptoassets (MiCA) Regulation regime provides a first regulatory response. In Switzerland, the absence of specific legal regime governing stablecoins is not a blank check and stablecoins are strictly supervised. The FINMA Stablecoin Guidelines provide a solid overview of the applicable Swiss regulatory regime.


The IOSCO insists on the fact there is a need to develop a globally consistent and coordinated approach to crypto-asset regulation for CeFi. In this context, the EU with MiCA is at the forefront of this regulatory trend. The impact of the IOSCO consultation and MiCA should be followed up by Swiss market participants. In particular, a revision of existing Swiss rules cannot be excluded for CASPs, which remain largely unregulated when the relevant crypto-assets are not qualified as financial instruments.

For more information on DeFi, FinTech and crypto-based projects, contact your CMS client partner or local CMS expert: