CRA-5.1.2
Past version: Effective from 01 Apr 2019 to 31 Mar 2023
To view other versions open the versions tab on the right
(a) Crypto-asset Wallets: Procedures describing the creation, management and controls of crypto-asset wallets, including:
(i) wallet setup/configuration/deployment/deletion/backup and recovery;
(ii) wallet access privilege management;
(iii) wallet user management;
(iv) wallet Rules and limit determination, review and update; and
(v) wallet audit and oversight.
(b) Private keys: Procedures describing the creation, management and controls of private keys, including:
(i) private key generation;
(ii) private key exchange;
(iii) private key storage;
(iv) private key backup;
(v) private key destruction; and
(vi) private key access management.
(c) Origin and destination of accepted crypto-asset funds: Systems and controls to mitigate the risk of misuse of crypto currencies, setting out how:
(vii) the origin of accepted crypto-asset is determined, in case of an incoming transaction; and
(viii) the destination of accepted crypto-asset is determined, in case of an outgoing transaction.
(d) Security: A security plan describing the security arrangements relating to:
(i) the privacy of sensitive data;
(ii) networks and systems;
(iii) cloud based services;
(iv) physical facilities; and
(v) documents, and document storage.
(e) Risk management: A risk management plan containing a detailed analysis of likely risks with both high and low impact, as well as mitigation strategies. The risk management plan must cover, but is not limited to:
(i) operational risks;
(ii) technology risks, including 'hacking' related risks;
(iii) market risk for each accepted crypto-assets; and
(iv) risk of financial crime.
Added: April 2019