Entire section Custom print Link Text Only Rich Text Print
  Versions

 

Prevention of Fraud

43. Licensees must take reasonable steps to detect and prevent fraud, including by establishing and maintaining a written anti-fraud policy. The anti-fraud policy must, at a minimum, include:

(a) the identification and assessment of fraud-related risk areas;
(b) procedures and controls to protect against identified risks;
(c) allocation of responsibility for monitoring risks and establish real-time/near real-time fraud risk monitoring and surveillance system; and
(d) procedures for the periodic evaluation and revision of the anti-fraud procedures, controls, and monitoring mechanisms.

44. Licensees must, as a minimum, have in place systems and controls with respect to the following:

(a) Crypto-asset Wallets: Procedures describing the creation, management and controls of crypto-asset wallets, including:

(i) wallet setup/configuration/deployment/deletion/backup and recovery;
(ii) wallet access privilege management;
(iii) wallet user management;
(iv) wallet Rules and limit determination, review and update; and
(v) wallet audit and oversight.

(b) Private keys: Procedures describing the creation, management and controls of private keys, including:

(i) private key generation;
(ii) private key exchange;
(iii) private key storage;
(iv) private key backup;
(v) private key destruction; and
(vi) private key access management.

(c) Origin and destination of crypto-assets: Systems and controls to mitigate the risk of misuse of crypto-assets, setting out how:

(i) the origin of crypto-asset is determined, in case of an incoming transaction; and
(ii) the destination of crypto-asset is determined, in case of an outgoing transaction.
Added: January 2024