SIO-10.1.5

A stablecoin issuer that maintains custody or control of approved stablecoins must not, at any time, permit arrangements whereby just a party or signatory is able to completely authorise the movement, transfer or withdrawal of approved stablecoins held under custody on behalf of clients. In particular, licensees must not have custody arrangements whereby only a sole person can fully access the private key or keys for the approved stablecoins held under custody by the licensee.

SIO-10.1.6

Stablecoin issuers that maintain custody or control of approved stablecoins are required to mitigate the risk of collusion between the authorised persons or signatories who are able to authorise the movement, transfer or redemption of approved stablecoins held under custody.

SIO-10.1.7

Stablecoin issuers that maintain custody or control of approved stablecoins must have policies and procedures in place that clearly describe the process that will be adopted in the event that the licensee comes to know or suspects that the approved stablecoins it is holding under custody on behalf for clients have been compromised, such as in the event of a hacking attack, theft or fraud.

Such policies and procedures must detail the specific steps the licensee will take to protect client’s approved stablecoins in the event of such incidents. Licensed stablecoin issuers must also have the ability to immediately halt all further transactions with regard to the approved stablecoin.