Updated: Oct 16
Application for Registration to Operate a Digital Asset Exchange in Malaysia
Requirements for a Digital Asset Exchange (DAX)
All DAX operators must—
(a) be locally incorporated; and
(b) have a minimum—
(i) paid-up capital of RM5 million; and
(ii) in the case of a DAX operator operating a Digital Broker model, an additional RM 5 million in shareholders’ funds maintained at all times.
DAX means an electronic platform which facilitates the trading of a Digital Asset. Digital Asset refers to a Digital Currency or Digital Token, as the case may be. Digital Broker model refers to where a DAX Operator acts as the counterparty to an investor for every buy or sell order on or through the platform.
Copies of the following documents required:
For Individual Shareholders: Certified true copy of the National registration identity card (NRIC) for Malaysian citizen or passport details (for non-Malaysian citizen)
CVs, qualifications and experience of the individual Shareholder(s).
For Corporate Shareholders: Certified true copy of the certificate of incorporation/ registration
An organisation chart showing the Applicant and its relationship with its shareholder/ partner and up to its ultimate shareholder(s)/partner(s)
Certified true copies of the following documents required:
Certificate of incorporation/ registration
Memorandum or articles of association
Most recent annual audited financial statements/ Balance sheet and profit and loss account
Return of allotment of shares form (Section 78)
Return giving particulars in Register of Directors, Managers and Secretaries, and Changes of Particulars (Section 58)
Application for Registration as a DAX Operators
An applicant is required to submit to the SC the relevant forms and documents as specified in Appendix and any other information as may be required by the SC.
In the case where an applicant is regulated by another sectorial regulator, the applicant must also submit to the SC a no objection or approval letter from the relevant sectorial regulator when making the application to the SC.
Requirements / [Criteria] for Registration
The SC may register an applicant as a DAX Operator, if the applicant satisfies the SC that—
(a) the applicant will be able to operate an orderly, fair and transparent market in relation to the Digital Currencies or Digital Tokens that are offered or traded, on or through its platform;
(b) the applicant will be able to carry out its obligations;
(g) the applicant, applicant’s directors, chief executive officer (CEO), controller, and any person who is primarily responsible for its operations or financial management are fit and proper, taking into account the following:
(i) That they are suitably qualified to assume the position including having the relevant experience and track record in managing a market;
(ii) That they have not within the past 10 years—
been charged with or convicted of in Malaysia or overseas, any civil and/or criminal offence relating to dishonesty, fraud, misleading or deceptive conduct;
been charged with or convicted of in Malaysia or overseas, of any offence for which they were sentenced to, or liable to be sentenced to, a term of imprisonment (even if they were not imprisoned);
been charged with or convicted of an offence or subject to a proceeding under the securities laws or any law within or outside Malaysia relating to capital market;
been banned in Malaysia or overseas from providing financial and/or capital market services or acting as a director of a body incorporate or being involved in the management of a body incorporate or unincorporated entity;
been subject to any form of disciplinary proceedings or actions by any professional or regulatory body;
entered into a compromise or arrangement with creditors or members, or a petition presented in a court for bankruptcy or winding up;
had a receiver and manager been appointed in respect of any assets /property(ies) of the Applicant; or
(h) there are no other circumstances which are likely to—
(i) lead to the improper conduct of operations by the applicant or by any of its directors, chief executive, controller or any person who is primarily responsible for the operations or financial management of the applicant; or
(ii) reflect discredit in the manner it operates its market;
(i) the applicant’s business model has a clear or unique value proposition or will contribute to the overall development of the capital market;
(j) the applicant will appoint at least one responsible person as required;
(k) the rules of the market it seeks to operate make satisfactory provisions—
(i) for the protection of investors and public interest;
(ii) to ensure proper functioning of the market;
(iii) to promote fairness and transparency;
(iv) to manage any conflict of interest that may arise;
(v) to promote fair treatment of its users or any person who subscribe for its services;
(vi) to promote fair treatment of any person who is hosted, or applies to be hosted, on its platform;
(vii) to ensure proper regulation and supervision of its users, or any person utilising or accessing its platform, including suspension and expulsion of such users or persons; and
(viii) to provide an avenue of appeal against the decision of the DAX Operator;
(l) the applicant will be able to take appropriate action against a person in breach including directing the person in breach to take any necessary remedial measure;
(m) the applicant will be able to manage risks associated with its business and operation including demonstrating the processes and contingency arrangement in the event the applicant is unable to carry out its operations;
(n) the applicant has sufficient financial, human and other resources for the operation of the recognized market, at all times; and
(o) the applicant has appropriate security arrangements which include maintaining a secured environment pursuant to the Guidelines on Management of Cyber Risk and other relevant guidelines.
In the case of a foreign operator, the SC may register the foreign operator as a DAX Operator, if the applicant satisfies the SC that—
(a) the operator is authorised to operate a stock market or derivatives market, or carry out activity of a similar nature in a foreign jurisdiction;
(b) the operator is from a comparable jurisdiction with whom the SC has regulatory arrangements on enforcement and supervision; and
(c) it is in the best interest of Malaysia to register the foreign operator as a DAX Operator.
In determining the best interest of Malaysia, the SC will give regard to any one or more of the following:
(a) The area of specialisation and level of expertise that can be offered to the capital market including the effect on productivity, transference of skills and efficiency and quality of capital market services;
(b) The risk posed on the systemic stability of the capital market including activities and conduct that will likely impact the orderly functioning of the capital market;
(c) The contribution towards attracting investments, enhancing market linkages and promoting vibrancy in the capital market;
(d) The ability in developing strategic or nascent sectors in the capital market; or
(e) The degree and significance of participation of Malaysians in the capital market.
Before the DAX Operator is allowed to fully operationalise the recognized market, the SC may require among others—
(a) the DAX Operator to provide an IT assurance regarding the system readiness; and
(b) a written declaration by the RDAX Operator’s internal auditor or responsible person confirming that the DAX Operator has, in relation to the recognized market,—
(i) sufficient human, financial and other resources to carry out operations;
(ii) adequate securities measures, systems capacity, business continuity plan and procedures, risk management, data integrity and confidentiality, record keeping and audit trail, for daily operations and to meet emergencies; and
(iii) sufficient IT and technical support arrangements.
A DAX Operator must ensure that members of its board are fit and proper and are suitably qualified.
The application must be signed by at least two directors of the Applicant.
Copies of the following documents required:
Certified true copy of the National registration identity card (NRIC) for Malaysian citizen or passport details (for non-Malaysian citizen)
CVs, qualifications and experience of the individuals
Appointment of Responsible Person
The Applicant must appoint at least one (1) responsible person who is primarily responsible for the operations and financial management of the recognized market. At all times, the Responsible Person will be the main contact person for liaising with the SC and perform any duty as may be directed by the SC
A chief executive may be appointed as a responsible person of the DAX Operator.
Copies of the following documents required:
Certified true copy of the National registration identity card (NRIC) for Malaysian citizen or passport details (for non-Malaysian citizen)
CVs, qualifications and experience of the individual
DAX Operator’s Obligations
A DAX Operator must—
(a) monitor and ensure compliance of its rules;
(b) ensure fair treatment of its users;
(c) ensure that all disclosures are fair, accurate, clear and not misleading;
(d) obtain and retain self-declared risk acknowledgement forms from its users prior to them investing in a recognized market;
(e) provide prior disclosure to investors that any loss resulting from the investors’ trading or investment through the recognized market is not covered by the Capital Market Compensation Fund;
(f) ensure that all fees and charges payable are fair, reasonable and transparent;
(g) ensure that it does not engage in any business practices appearing to SC to be deceitful, oppressive or improper (whether unlawful or not) or which otherwise reflect discredit on his method of conducting business;
(h) carry out continuous awareness and education programmes;
(i) have in place processes to monitor anti-money laundering, counter terrorism financing and counter proliferation financing requirements, including having adequate investor on-boarding arrangements and processes;
(j) disclose and display prominently on its platform, any relevant information relating to the recognized market including—
(i) all necessary risk warning statements, including all risk factors that users may require in making a decision to participate on the platform;
(ii) information on rights of investors relating to investing or trading in a recognized market;
(iii) criteria for access to the recognized market;
(iv) education materials, including comparative information where necessary;
(v) fees, charges and other expenses that it may charge, impose on its users;
(vi) information about complaints handling or dispute resolution and its procedures;
(vii) information on processes and contingency arrangement in the event the DAX Operator is unable to carry out its operations or cessation of business; and
(viii) any other information as may be specified by the SC;
(k) provide to the SC access to any register required to be maintained and disclose any other information as the SC may require;
(l) must notify the SC of the occurrence of any event which would trigger the activation or execution of the business continuity plan, in such form and manner as may be specified by the SC; and
(m) in the event of any systems error, failure or malfunction—
(i) take all necessary and immediate appropriate actions to mitigate any potential losses; and (ii) immediately notify the SC of the systems error, failure or malfunction.
The DAX Operator’s board must—
(a) ensure the DAX Operator complies with all the requirements including any direction issued or any term or condition imposed by the SC;
(b) ensure the responsible person carries out his responsibilities and duties;
(c) identify and manage risks associated with its business and operations, including having in place an effective business continuity plan;
(d) establish and maintain policies and procedures to—
(i) effectively and efficiently manage actual and potential conflicts of interest;
(ii) implement anti-corruption and whistleblowing measures that are appropriate to the nature, scale and complexity of its business;
(iii) monitor trading and other market activity to detect non-compliance with the securities laws or its rules;
(iv) deal with complaints relating to the operations of its market or the conduct of its participants; and
(v) ensure compliance with all relevant laws, regulations and guidelines including Personal Data Protection Act 2010;
(e) immediately notify the SC—
(i) of any irregularity or breach of any provision of the securities laws or its rules, including any alleged or suspected violations of any law or guidelines in relation to money laundering, terrorism financing and proliferation financing by its participants;
(ii) of any material change in the information submitted to the SC; or
(iii) if it becomes aware of any matter which adversely affects or is likely to adversely affect its ability to meet its obligations or to carry out its functions.
The DAX Operator’s board remains accountable for all outsourced functions.
The DAX Operator’s board must establish effective policies and procedures for its outsourcing arrangement including a monitoring framework to monitor the service delivery and performance reliability of the service provider.
A DAX Operator must ensure that the service provider has adequate policies and procedures to monitor the conduct of any appointed sub-contractor.
A DAX Operator must perform an assessment on a service provider on a periodic basis, as part of its monitoring mechanism and submit a report of the assessment to its board of directors and senior management.
A letter of undertaking is also required from the service provider or sub-contractor stating that the SC will have access to all information, records and documents relating to the material outsourced arrangements.
A DAX Operator must notify the SC of any adverse development arising in the outsourcing arrangement of any outsourced function that could significantly affect the DAX Operator, within two weeks from the occurrence of the event.
Submission of Rules
A DAX Operator must submit to the SC for its review, any proposed rules or any proposed amendments to existing rules. The submission shall include—
(a) the text of the proposed rules or amendments; and
(b) an explanation of the purpose of the proposed rules or amendments.
Where a DAX operator is a public company, at least one member of the board must be an independent director.
Managing Conflict of Interest
A DAX operator must use its best endeavours to identify and avoid any actual or potential conflict of interest.
Where a conflict of interest cannot be avoided, a DAX operator must have a framework in place to effectively manage or mitigate the conflict of interest.
The DAX operator’s conflict of interest framework must include policies and procedures relating to the offering of Digital Assets, among others—
(a) proprietary trading by the DAX operator on its platform;
(b) timely and accurate disclosure of any conflict of interest to a potential or existing investor or any material interest, including any fees, commission or benefit received by the DAX operator, which may affect the fair treatment of such investor;
(c) trading in any Digital Asset by its officers and employees on its own or other platforms; and
(d) the management of non-public material information.
Prohibition on Financial Assistance
A DAX operator is prohibited from providing direct or indirect financial assistance to investors, including its officers and employees, to invest or trade in any Digital Asset on its platform.
A DAX operator should identify possible sources of operational risk, both internal and external, and mitigate the impact of such risks through appropriate systems, policies, procedures and controls. Systems should be designed to ensure a high degree of security and operational reliability including having adequate capacity.
A DAX operator must, among others—
(a) establish a robust operational risk-management framework with appropriate systems, policies, procedures and controls to identify, monitor, mitigate and manage operational risks;
(b) have in place clearly defined roles and responsibilities for addressing operational risks;
(c) have in place clearly defined operational reliability objectives and policies that are designed to achieve those objectives;
(d) ensure that it has adequate capacity proportionate to stress volumes to achieve its service-level objectives; and
(e) have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats.
A DAX operator must have a business continuity plan that addresses events posing a significant risk of disrupting operations including events that could cause a wide-scale or major disruption.
The business continuity plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology systems can resume operations within reasonable recovery time objectives (RTO) following disruptive events.
A DAX operator must carry out periodic reviews, audits and testing on systems, operational policies, procedures and controls relating to risk management and its business continuity plan.
A DAX operator must establish an internal audit function to develop, implement and maintain an appropriate internal audit framework which commensurate with its business and operations.
Trading of Digital Assets
A DAX operator must establish and implement policies and procedures to assess any Digital Asset prior to offering the Digital Asset to be traded on its platform.
A DAX operator must obtain the SC’s concurrence prior to offering the Digital Asset to be traded on its platform. The SC’s concurrence is only required for the offering of any Digital Asset that is not already offered on any other DAX Operator.
Where the SC has provided its concurrence for the offering of a new Digital Asset by a DAX operator, any other DAX operator who wishes to offer the same Digital Asset on its platform must demonstrate its operational capabilities to the SC prior to offering the Digital Asset. The DAX operator must submit its amended rulebook to demonstrate its operational capabilities.
A DAX operator must submit to the SC—
(a) information relating to the Digital Asset including the nature of the Digital Asset and the profile of its founders and management team; and
(b) an assessment report as to whether the Digital Asset has met the following minimum criteria to be offered on its platform:
(i) The Digital Asset represents certain rights, benefits or utility;
(ii) The Digital Asset has sufficient liquidity, taking into account, among others—
(A) the amount of the Digital Asset in circulation;
(B) past trading volumes; and
(C) the demand for the Digital Asset in Malaysia;
(iii) The Digital Asset is well distributed and not over-concentrated, supported with, among others, the following indicators:
(A) The number of addresses created and active;
(B) Concentration of the Digital Asset in specific addresses; and
(C) Patterns and concentration of transactions;
(iv) Information relating to the Digital Asset is widely available and readily accessible including—
(A) the issuance of a whitepaper or any other disclosure document accompanying the Digital Asset; and
(B) information relating to the progress of the project including both business and technical aspects;
(v) Security feature of the underlying distributed ledger is sound, taking into account—
(A) the number of nodes;
(B) any history of hacks and other form of attacks; and
(C) any known security vulnerabilities;
(vi) The economics of the Digital Asset is viable and sustainable, including but not limited to—
(A) participants and their interactions within the Digital Asset’s ecosystem; and
(B) mechanism to regulate demand and supply (if any); and
(vii) The Digital Asset is in compliance with all other legal and regulatory frameworks in Malaysia and other jurisdictions which the project operates in.
The SC may refuse to provide concurrence where the SC considers necessary including for the protection of investors, public interest or the proper functioning of a recognized market.
Delisting of Digital Assets
A DAX operator must establish and implement policies and procedures to manage the delisting of any Digital Asset offered on its platform.
A DAX operator must notify the SC prior to delisting any Digital Asset from its platform.
The DAX operator must submit to the SC the following information:
(a) Detailed reasons for the delisting;
(b) Impact analysis and detailed roll-out plans including notification to affected investors;
(c) The DAX operator’s board resolution for the delisting; and
(d) Any other information or explanation as may be specified by the SC.
Obligations of the DAX Operator
A DAX operator must—
(a) ensure that its platform is operating in an orderly, fair and transparent manner;
(b) have in place policies and procedures for the trading, clearing and settlement of Digital Assets on the platform; and
(c) conduct real-time market surveillance.
Any proposed rules of a DAX operator or any proposed amendments to its existing rules shall not have effect unless it has been approved by the SC.
Where a DAX operator operates a Digital Broker model, the DAX operator must—
(a) ensure that the Digital Asset is sourced from a VASP that is—
(i) registered, authorised, licensed or regulated by a regulatory authority having similar regulatory authority or function as the SC; or
(ii) in compliance with the FATF Recommendations 2012 relating to the supervision or monitoring of a VASP;
(b) ensure that for any purchase of a Digital Asset by an investor, the Digital Asset must be transferred from the DAX operator’s wallet into the investor’s wallet; and
(c) carry out the necessary AML/TF screening on the Digital Asset that has been sourced prior to transferring the Digital Asset to an investor.
A DAX operator must seek the SC’s prior approval if it seeks to provide or carry out any other model other than the one it has been registered for to facilitate the trading of Digital Assets on its platform.
Client’s Asset Protection
A DAX operator must—
(a) establish systems and controls for maintaining accurate and up to date records of investors and any monies or Digital Assets held in relation thereto;
(b) establish and maintain a sufficiently and verifiably secured storage medium designated to store Digital Assets on behalf of its investors;
(c) ensure investors’ monies and Digital Assets are properly safeguarded from conversion or inappropriate use by any person, with the necessary governance and approval processes in place;
(d) ensure effective controls and risk management for Digital Assets held on behalf of investors in the event of liquidation of the DAX operator;
(e) segregate investors’ Digital Assets from its own inventory;
(f) establish and maintain in a licensed Malaysian financial institution one or more trust accounts, designated for the monies received from investors;
(g) ensure that the trust accounts are administered by an independent registered trustee; and
(h) in relation to investors’ Digital Assets, have arrangements and processes in place to protect against the risk of loss, theft or hacking.
Settlement and Custody
A DAX operator must ensure—
(a) there are orderly, clear and efficient clearing and settlement arrangements; and
(b) in the case of a DAX operator operating a Digital Broker model, that it has sufficient liquidity risk management arrangement in place to ensure settlement can be done with its investors for purposes of every transaction.
These arrangements must include prior or upfront deposit of monies and Digital Assets with the DAX operator before entering into a transaction on the DAX.
A DAX operator should provide clear and certain final settlement in real time.
Market Integrity Provisions
A DAX operator must ensure that the pricing for trading in the Digital Assets on its platform is fair and transparent.
In the case of a DAX operator that operates a Digital Broker model, the DAX operator must disclose and display prominently on its platform, explanatory notes on the methodology of how the price is derived for the Digital Assets being offered on its platform.
A DAX operator must disclose information about its market structure, order types and the interactions of the order types, if any, on the platform.
A DAX operator must have adequate arrangements and processes to deter manipulative activities on the platform and ensure proper execution of trades.
A DAX operator must have adequate arrangements and processes to manage excessive volatility of its market which may include circuit breakers, price limits and trading halts.
A DAX operator must have adequate arrangements and processes to manage error trades.
A DAX operator must have adequate arrangements and processes to manage systems error, failure or malfunction.
A DAX operator must have adequate arrangements and processes to manage investors’ assets in the event of any suspension or outages of the platform, including transfer or withdrawal procedures.
A DAX operator must ensure trading information, both pre-trade and post-trade, is made publicly available on a real-time basis.
A DAX operator must make available in a comprehensible manner and on a timely basis, material information or changes to the tradable Digital Assets.
A DAX operator must ensure all information relating to the trading arrangements, including the circumstances arising thereof and where relevant, are made publicly available.
A DAX operator may provide or carry out market making activities to provide liquidity to its market, subject to SC’s approval.
A DAX operator must ensure sufficient disclosure of all market making arrangements to its investors.
Where a DAX operator appoints a third-party market maker, the DAX operator must comply with the requirements relating to outsourcing as set out.
A RMO must submit to the SC the following:
(a) An annual compliance report to demonstrate the RMO’s compliance with any conditions imposed by the SC pursuant to the registration of the RMO as well as the CMSA; and
(b) Its latest audited financial statements, within three months after the close of each financial year or such period that the SC may allow.
Submission of Application
About the Recognized Market (Digital Asset Exchange)
An Applicant that wishes to operate a Digital Asset Exchange needs to complete:
A. About the Digital Asset Exchange
Name of Digital Asset Exchange
Proposed trading model - Order Book (listing of buy/sell orders that will be matched by trading engine) or
- Digital Broker (counterparty to every buy/sell order on or through the platform)
Types of services / facilities offered on the Digital Asset Exchange including:
· Clear description of each service that the Applicant will provide
· Flowcharts or decision-making trees (if any) that illustrate the function and process flow of each service facilitated by the platform
Any other relevant information or documents that describe the services to be provided
Please describe unique differentiating factors of proposed platform and/or services from other competing platforms or the gaps within the market that the platform is able to address
Please provide a functional organisational chart and expected total headcount
Please describe the experiences of the senior management in performing their functions and experiences in relations to blockchain/cryptocurrency (please attach copies of any relevant qualifications)
Does the Applicant intend to carry out any other business activities that may or may not be connected to the Digital Assets, if any? (If “Yes”, please specify details)
B. Digital Assets to be Traded
Digital Assets intended to be offered
(Please explain reasons)
Policies and procedures used to assess digital asset prior to offering the digital asset to be traded on its platform
Policies and procedures relating to -
a. the conditions and thresholds that will trigger a delisting of a digital asset;
b. the management of the delisting of the digital asset offered on its platform.
C. Investors on the Digital Assets Exchange
Types of investors targeted [ ] Retail [ ] Institutional [ ] High-Net-Worth Individuals
[ ] Professional traders [ ] Others (please specify):
Investors’ entry requirements
(Please explain the specific entry requirements for the types of investors targeted selected above)
Proposed salient terms and conditions
Expected number of investors 12 months after Go Live 12 months after Go Live
Number of investors: _____
Target volume / value: _____
D. Referral Arrangements
Third party *introducer / referral, if any
(*Introducer / referral party means a third party engaged by the Digital Asset Exchange Operator to refer/introduce an investor for a fee) (If “Yes”, please specify details of arrangement, including incentives structure)
E. Details of Transaction Process Flow
(may provide process flow diagram)
Trading, offering and/or execution process
Settlement and clearing activities
(Please explain both on-chain and off-chain processes)
Transfer and withdrawal of fiat currency or Digital Asset
F. Market Structure
i) Order types
ii) Order matching processes (e.g. matching algorithm)
iii) Trading hours
Volatility control mechanisms
(Please describe the parameters and thresholds which will be considered)
Market surveillance and controls
(Please describe the surveillance tools that will be utilised, the risks that may arise by using the surveillance tools and the mitigation measures to be taken)
Details of arrangements and processes to manage:
a. error trades
b. systems error, failure and malfunction
c. investors’ assets in event of any suspension or outage
Please explain how the platform manages its own digital asset inventory in relations to:
G. Systems & Technology
IT systems utilised in platform operationalisation
a. High-level description of the IT infrastructure underpinning the platform
b. Description of the technology component required to operate the platform (which should include record keeping, cyber security, access control and disclosures)
c. Where relevant, description of how the platform would rely on the blockchain technology
d. Any other relevant information relating to the IT systems.
Describe the proposed governance framework including the structure and processes relating to technology risk management
Will the technology and IT infrastructure be developed in-house (proprietary) / outsourced
If it is a proprietary system, please provide information on the person in charge of building the systems and their relevant competencies.
If outsourced, please provide information on the outsourcing arrangement and how the Applicant will ensure the competency of the appointed service providers and their compliance with the requirements in the Guidelines.
Estimated headcounts required to build/maintain the necessary technology component of the platform
Business continuity management and disaster recovery plans
(Please confirm that the document is available for SC’s inspection) [ ] Full business continuity procedures
[ ] Any agreements/ terms of reference agreed with any third party providing compliance or other services to the Applicant
[ ] Any outsourcing arrangements for disaster recovery
(Please provide details)
Describe the proposed cyber security governance framework, including control measures that commensurate with the proposed business profile and associated risks
Describe the proposed data management controls, policies and procedures to safeguard the confidentiality, integrity and availability of data
Record keeping and audit trail processes
H. Compliance Arrangements & Risk Management
Describe the framework and procedures in relation to :
a. customer onboarding
b. CDD/EDD/ODD measures as set out under the relevant AML/CFT requirements for purposes of identification and verification of issuers
c. risks based approach (including Renewal of CDD, risk parameters, thresholds and mitigation measures)
d. Travel rule requirements
Describe the enterprise-wide compliance function, including the proposed governance framework, roles and responsibilities and reporting line
Monitoring processes and procedures to ensure investors’ compliance with Digital Asset Exchange rules
(Please describe in detail the onchain and offchain processes, parameters and thresholds)
Arrangements and processes to deter and detect financial crime (e.g. AML / CFT)
Please explain the tools or service providers that will be adopted as part of the compliance function and manual escalation processes of compliance issue (where applicable)
Arrangements and processes to deter and detect market abuse
Please describe the resources to be provided (including headcount) to conduct the compliance arrangements
Arrangements and processes to manage investors’ disputes and complaints
Conflict of interest management framework
Details of recovery and resolution processes
Describe overview process towards compliance of PDPA and Anti-Bribery and Anti-Corruption requirements
Details of main business risks including operational risk and any other risk together with how the platform intends to manage and mitigate the risks identified
Details of internal audit function
Please include processes to be undertaken, frequency, reporting line and any other information
I. Client Asset Protection Arrangements
Details of monies handling arrangements Please provide :
· explanation on the management and access of funds received and settlement to investors; and
· process flow and proposed turnaround time for monies that are received and released
Name of licensed financial institution
Name of trustee
Details of digital asset custody arrangements
Name of custody service provider(s)
Details of safeguards for custody of digital assets
(please provide explanation on wallet and key generation, key management and key lifecycle including details on–
· security measures to mitigate hacking risk, system outages, risks of collusion and any other risks deemed applicable)
Explanation on how digital assets will be segregated and how settlement of digital assets will be carried out
(Please explain on-chain and off-chain processes)
J. Outsourcing Arrangements
Details of functions intended to be outsourced and rationale
Details of parties that carry out the outsourced functions
Details of outsourcing, assessment and monitoring processes including -
· Intended outsourced functions;
· Suitability Assessment of the service provider or the sub-contractor;
· Performance tracking
· Risk Assessment; and
· Termination process of the service provider or the sub-contractor
K. Proprietary Trading / Market Making
Proprietary trading for providing liquidity
(If “Yes”, please specify details)
Details should include the rules and parameters to which the provision of liquidity would be subjected, and process flow to ensure market fairness and transparency.
Also, please describe how the platform intends to manage its DA inventory to facilitate this.
Third-party market maker
Yes(If “Yes”, please specify details)
Details should include the rules and parameters to which the market makers would be subjected, and process flow to ensure market fairness and transparency.
Also, please describe how the platform will assess the suitability of a market maker which should include the credibility, the experience and how the market maker sources the DA
L. Business Plan
Details of business model and plans over next five (5) years
M. Fees and Charges
Details of all fees structure applicable to each of the services offered including the rationale for imposing such fees
Please explain the pricing model of the proposed services including where applicable, price fetching and inventory pricing
Organisational structure and job descriptions for key functions, (e.g., due diligence, technology, operations, compliance) with clear demonstration of reporting lines and segregation of duties
Estimated headcounts required, including hiring plan for each identified key function to operationalise the proposed platform over the next three (3) to five (5) years.
Information of key personnel carrying out key functions
(e.g. qualification, employment history, background details).
O. Financial Resources
If operations have yet to commence, please provide:
i) Monthly cash flow forecast for first twelve (12) months of going live
ii) Pro forma income statement for first five (5) years of going live and up to year profit is achieved
If operations have commenced, please provide:
i) Financial statements since commencement of operations, including statement of cash flow, balance sheet, and income statement
ii) Monthly cash flow forecast for first twelve (12) months of going live
iii) Pro forma income statement for first five (5) years of going live and up to year profit is achieved
P. User Education and Awareness
Describe the plans for public awareness and user education
If the Applicant is operating similar market(s) or conducting a business in any regulated activity in Malaysia or any other jurisdiction, provide relevant information such as:
The name(s) of such market(s) and/or type of regulated activity(ies)
The name(s) of such jurisdiction(s)
The name(s) of any supervisory authority, including self-regulatory organisation, that exercise oversight over the Applicant or its related corporations in these jurisdictions
Evidence of the Applicant’s authorisation to operate a market or conduct a business of a regulated activity in these jurisdictions, including a copy of any conditions imposed on the Applicant’s market operations and conduct of regulated activity in these jurisdiction(s)
As applicable, documentation that would allow the SC to consider if the requirements and supervision of the Applicant is subject to are sufficiently equivalent to the requirements and supervision to which under the CMSA, e.g. a summary of the laws, legislation, regulations and rules applicable to the Applicant in these jurisdiction(s)
All registration forms, periodic reports and other additional documents as required shall be submitted to the SC at the following address:
Securities Commission Malaysia 3 Persiaran Bukit Kiara
50490 Kuala Lumpur
Tel: (603) 6204 8000
Fax: (603) 6201 5282
(Attention: Market and Corporate Supervision)
This application must be accompanied with an application fee of RM5,000 upon submission to the SC.
Connect with Us
Please contact us with any queries regarding the requirements relating to a digital asset exchange.