SIO-5.3 Governance Requirements
SIO-5.3.1
A stablecoin issuer must have robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which they are or might be exposed, and adequate internal control mechanisms, including sound administrative and accounting procedures.
Added: July 2025SIO-5.3.2
Stablecoin issuers must adopt policies and procedures that are sufficiently effective to ensure compliance with the requirements of this Module and other applicable Modules. Stablecoin issuer must establish, maintain and implement, in particular, policies and procedures on:
(b) the custody of the reserve assets, including the segregation of assets, as specified in Section SIO-6.4;(c) the rights granted to the holders of approved stablecoins, as specified in Section SIO-6.5;(d) the mechanism through which approved stablecoins are issued and redeemed;(e) the protocols for validating transactions in approved stablecoins;(f) the functioning of the stablecoin issuer’s proprietary distributed ledger technology, where the approved stablecoins are issued, transferred and stored using such distributed ledger technology or similar technology that is operated by the stablecoin issuer or a third party acting on their behalf;(g) the mechanisms to ensure the liquidity of approved stablecoins, including the liquidity management policy and procedures for issuers of significant stablecoins referred to in Section SIO-8.2.3(b);(h) arrangements with third-party entities for managing the reserve assets, and for the investment of the reserve assets, the custody of the reserve assets and, where applicable, the distribution of the approved stablecoins to the public;(i) the written consent of the stablecoin issuer given to third parties that might offer or seek the admission to trading of the approved stablecoin;(j) complaints-handling, as specified in Section SIO-5.7;(k) conflicts of interest, as specified in Section SIO-5.8;Added: July 2025SIO-5.3.3
For the purposes of Paragraph SIO-5.3.2(h), stablecoin issuers must enter into a written contact with the third party. The contractual arrangements must set out the roles, responsibilities, rights and obligations both of the licensee and of the third party. Any contractual arrangement with cross jurisdictional implications must provide for an unambiguous choice of applicable law.
Added: July 2025SIO-5.3.4
Unless a stablecoin issuer initiates a redemption plan referred to in Chapter 11 of this Module, the stablecoin issuer must employ appropriate and proportionate systems, resources and procedures to ensure the continued and regular performance of their services and activities. To this end, stablecoin issuers must maintain all of their systems and security access protocols in conformity with necessary and appropriate standards.
Added: July 2025SIO-5.3.5
Where a stablecoin issuer decides to discontinue the provision of its regulated stablecoin offering services and activities, including by discontinuing the offering of a particular approved stablecoin, it must submit a plan to the CBB for approval of such discontinuation.
Added: July 2025SIO-5.3.6
Stablecoin issuers must identify sources of operational risk and minimise those risks through the development of appropriate systems, controls and procedures.
Added: July 2025SIO-5.3.7
Stablecoin issuers must establish a business continuity management policy to ensure, in the case of an interruption of their Information Technology systems and procedures, the preservation of essential data and functions and the maintenance of their activities or, where that is not possible, the timely recovery of such data and functions and the timely resumption of their activities.
Added: July 2025SIO-5.3.8
Stablecoin issuers must have in place internal control mechanisms and effective procedures for risk management, including effective control and safeguard arrangements for managing IT systems. Further, stablecoin issuers must monitor and evaluate on a regular basis the adequacy and effectiveness of the internal control mechanisms and procedures for risk assessment and take appropriate measures to address any deficiencies in that respect.
Added: July 2025SIO-5.3.9
Stablecoin issuers must have systems and procedures in place that are adequate to safeguard the availability, authenticity, integrity and confidentiality of data as required under Personal Data Protection Law. Those systems must record, and safeguard relevant data and information collected and produced in the course of the stablecoin issuer’s activities.
Added: July 2025Responsibility of the Board of Directors
SIO-5.3.10
The Board of a stablecoin issuer is responsible for overseeing the implementation of sound governance arrangements that ensure effective and prudent management of the licensee and the interest of its clients including the segregation of duties and the identification, prevention and management of conflicts of interest.
Added: July 2025SIO-5.3.11
The Board must establish and approve:
(a) the overall business strategy and the key policies of the stablecoin issuer taking into account the licensee’s long-term financial interests and solvency and interest of the clients;(b) the policies required under Paragraph SIO-5.3.2 and such policies must be consistent with the risk appetite the stablecoin issuer;(c) the organisation structure of the stablecoin issuer;(d) the overall risk strategy, the stablecoin issuer’s risk appetite and its risk management framework;(e) an effective internal control framework to ensure compliance with applicable regulatory requirements including with regard to the management of reserve assets;(f) in accordance with the requirement of Paragraph SIO-8.2.3(a), a remuneration policy applicable upon classification of an approved stablecoin as significant stablecoin;(g) the policies and procedures to identify, prevent, manage and disclose conflicts of interest, in line with Section SIO-5.8;(h) arrangements that aim to ensure the integrity of the accounting and financial reporting systems, including financial and operational controls and compliance with the law and relevant standards.Added: July 2025Responsibility of Senior Management
SIO-5.3.13
The senior management is responsible for the implementation of the strategies and policies set out by the Board and must regularly discuss the implementation and appropriateness of these strategies and policies with the Board.
Added: July 2025SIO-5.3.14
The senior management must:
(a) actively engage in the business of the stablecoin issuer and must take decisions on a sound and well-informed basis.(b) monitor that the risk culture of the licensee is implemented consistently;(c) oversee the implementation of policies and procedures to identify, prevent, manage and disclose conflicts of interest, in accordance with Section SIO-5.8 of this Module;(d) oversee the integrity of financial information and reporting, and the internal control framework, including an effective and sound risk management framework;(e) ensure that the heads of internal control functions are able to act independently and, regardless of the responsibility to report to other business lines or units, can raise concerns and warn the management body in its supervisory function directly, where necessary, when adverse risk developments affect or may affect the stablecoin issuer; and(f) set and monitor the implementation of the internal audit plan.Added: July 2025
