Other Requirements
CRA-8.1.12
Licensees that maintain custody or control ofcrypto-assets are required to maintain, at all times, an updated list of all past and present authorised persons who were / are able to view, initiate, authorise, sign, approve or complete the transfer or withdrawal ofcrypto assets held under custody on behalf of clients. In addition,licensees must have clearly defined policies and procedures to enable or revoke the authority granted to these persons.Added: April 2023CRA-8.1.13
Licensees that maintain custody or control ofcrypto-assets are required to have policies and procedures in place that clearly describe the process that will be adopted in the event that the licensee comes to know or suspects that thecrypto assets it is holding under custody on behalf for clients have been compromised, such as in the event of a hacking attack, theft or fraud. Such policies and procedures must detail the specific steps thelicensee will take to protect client’scrypto assets in the event of such incidents.Licensees must also have the ability to immediately halt all further transactions with regard to thecrypto assets .Added: April 2023
