CRA-4.3.14
(a) Licensees must conduct a thorough due diligence process to ensure that the crypto-asset is created or issued for lawful and legitimate purposes, and not for evading compliance with applicable laws and regulations (e.g., by facilitating money laundering or other illegal activities) and that the process is subject to a strong governance and control framework.
(b) Licensees must consider the following factors while undertaking the due diligence:
(i) The technological experience, track record and reputation of the issuer and its development team;
(ii) The availability of a reliable multi-signature hardware wallet solution;
(iii) The protocol and the underlying infrastructure, including whether it is: (1) a separate blockchain with a new architecture system and network or it leverages an existing blockchain for synergies and network effects, (2) scalable, (3) new and/or innovative or (4) the crypto-asset has an innovative use or application;
(iv) The relevant consensus protocol;
(v) Developments in markets in which the issuer operates;
(vi) The geographic distribution of the crypto-asset and the relevant trading pairs, if any;
(vii) Whether the crypto-asset has any in-built anonymization functions; and
(viii) Crypto-asset exchanges on which the crypto-asset is traded.
(c) Operational risks associated with a crypto-asset . This includes the resulting demands on the licensee’s resources, infrastructure, and personnel, as well as its operational capacity for continued client on-boarding and client support based on reasonable forecasts considering the overall operations of the licensee ;
(d) Risks associated with any technology or systems enhancements or modification requirements necessary to ensure timely adoption or listing of any new crypto-asset ;
(e) Risks related to cybersecurity: Whether the crypto-asset is and will be able to withstand, adapt and respond to cyber security vulnerabilities, including size, testing, maturity, and ability to allow the appropriate safeguarding of secure private keys;
(f) Traceability/Monitoring of the crypto-asset : Whether licensees are able to demonstrate the origin and destination of the specific crypto-asset , whether the crypto-asset enables the identification of counterparties to each trade, and whether transactions in the crypto-asset can be adequately monitored;
(g) Market risks, including minimum market capitalisation, price volatility, concentration of crypto-asset holdings or control by a small number of individuals or entities, price manipulation, and fraud;
(h) Risks relating to code defects and breaches and other threats concerning a crypto-asset and its supporting blockchain, or the practices and protocols that apply to them;
(i) Risks relating to potential non-compliance with the requirements of the licensee’s condition and regulatory obligations as a result of the listing of new crypto-asset ;
(j) Legal risks associated with the new crypto-asset , including any pending or potential civil, regulatory, criminal, or enforcement action relating to the issuance, distribution, or use of the new crypto-asset ; and
(k) Type of distributed ledger: whether there are issues relating to the security and/or usability of a distributed ledger technology used for the purposes of the crypto-asset, whether the crypto-asset leverages an existing distributed ledger for network and other synergies and whether this is a new distributed ledger that has been demonstrably stress tested.
Added: April 2023