Licensees that maintain custody or control of crypto-assets are required to have policies and procedures in place that clearly describe the process that will be adopted in the event that the licensee comes to know or suspects that the crypto assets it is holding under custody on behalf for clients have been compromised, such as in the event of a hacking attack, theft or fraud. Such policies and procedures must detail the specific steps the licensee will take to protect client’s crypto assets in the event of such incidents. Licensees must also have the ability to immediately halt all further transactions with regard to the crypto assets.
