The Securities and Exchange Commission (SEC) has issued a notification requiring digital asset business operators that have custody of customers' digital assets to have a digital asset wallet management system to store digital assets and cryptographic keys.
The digital wallet management system is meant to facilitate efficient custody of digital assets and keys and ensure the safety of clients' assets.
The regulator said cryptographic keys and other data must be kept confidential in order to be used for the approval of transfers or transactions related to digital assets in digital wallets.
From Jan 16, digital asset operators are required to establish policies and procedures for governance, risk management and wallet and key management, as well as communication to clarify such policies, action plans and procedures, work supervision and internal control to ensure compliance with the regulation, the SEC statement said.
They also need to have policies and procedures for designing, developing and managing digital wallets as well as creating, maintaining and accessing keys or other related information appropriately, securely and safely. The keys must be kept confidential to approve transfers or transactions relating to digital assets in digital asset wallets.
The operators are also required to have contingency plans in case an event affects the management system of digital wallets and keys. This includes laying out and testing action procedures, designating responsible persons and reporting the event.
An audit of system security is required, as well as a digital forensic investigation in case an event affects the security of systems related to digital asset custody, which could cause a significant impact to clients' assets.
Digital asset business operators that had custody of clients' assets prior to the effective date of the regulation are required to fully comply within six months, the statement said.
Global digital asset service providers have recently encountered problems, resulting in service interruption, including those related to maintenance of customers' property.
The SEC is requiring digital asset operators, including digital asset exchanges, brokers, traders and digital asset fund managers, to disclose and issue alerts regarding the risks of asset custody.
Digital asset operators need to inform clients about the storage of digital assets, provide advice on assessing the strength of the operator as well as the risk management of digital asset storage. They should also provide a list of third-party custodians and disclose the list of digital asset exchanges with trading connections.