July 25, 2021


As published on TABB Forum (https://tabbforum.com/opinions/how-to-prepare-for-a-regulated-market-of-digital-assets/)



Full article published below:


As investors’ appetite for digital assets grow, regulators around the world are simultaneously increasing their focus on investor protection. This article by Magnus Almqvist, Head of Exchange Development at Exberry, highlights a number of issues that that are on regulators’ radar. Mr. Almqvist also offers a brief checklist of what digital asset marketplaces need to consider in terms of regulatory compliance.


As popular interest in digital assets grows, regulators around the world are simultaneously increasing their focus on investor protection. As a consequence, they are beginning to establish rules to ensure fair and orderly markets to better protect the end consumer. With a growing number of jurisdictions keen to issue regulatory licences for crypto businesses, those that either already have or are interested in setting up a digital asset exchange cannot afford to dismiss the concerns of regulators. This article sets out a brief checklist of what digital asset marketplaces need to consider in terms of regulatory compliance.

It’s a tough crowd

The Basel Committee on Banking Supervision (BCBS) recently called for tougher capital rules over holding digital assets, the toughest of which could force banks to put aside enough capital to cover 100% of potential losses. Further, the intergovernmental organisation Financial Action Task Force (FATF), which addresses combatting the financing of terrorism (CFT), has updated its Travel Rule of Recommendation 16. This means that creators and beneficiaries of all digital fund transfers should exchange descriptive information, implying a systemisation of information-exchange protocols.


Regulators on a national level are also keen to bring the cryptosphere into their purview:

  • The Monetary Authority of Singapore (MAS) is offering payments and crypto exchange licences under the Payment Services Act, a comprehensive regulatory framework for companies handling activities relating to digital assets, including payments and trading;
  • Hong Kong’s Financial Services and Treasury Bureau (FSTB) and the Hong Kong Securities and Futures Commission (HKSFC) are proposing regulations that will allow security token offerings (STOs) as an alternative to traditional fund-raising channels, and are meant to cover virtual assets services providers that trade non-securities virtual assets as well (e.g. cryptocurrencies) under the Anti-Money Laundering Ordinance (AMLO);
  • The UK’s Financial Conduct Authority (FCA) is extending the deadlines of its temporary registrations regime which allows cryptoasset firms to carry on their business while the regulator carries out further checks related to anti-money laundering rules.

What is clear is that digital asset organisations need to start thinking about reaching compliance or regulatory status on their operations and their tech stacks; or at the very least have systems and controls that are equivalent to capital markets requirements if the local regulator does not yet have a certification process for digitised assets, as these requirements are surely inevitable.

Brief overview of regulatory checks

Below is a brief overview of both the operational and technology elements that digital asset exchanges should be considering upon setting up their enterprise.



  • In terms of overall corporate governance, there will be regulatory requirements for holding regulatory capital (capital reserves in order that the company can be wound down in an orderly manner), as well as requirements on how that capital is held (financial implications for the balance sheet of a company);
  • In certain jurisdictions, regulators will dictate that certain roles must exist within an organisation, and may even need to approve candidates when appointing corporate roles within the company, such as the Chief Financial Operator, Head of Compliance and Head of IT;
  • A Risk Register and Log of Incidents will need to be set up to continuously record and keep updated a list of events, associated actions and resulting remedies, including customer complaints, employee complaints, security breaches, IT failures, IT security audits, regulatory audits etc.


  • The ability to demonstrate the matching engine of an exchange can guarantee a fair and orderly processing of orders (known as a ‘deterministic’ market ). Take, for instance, the case of systems built on ERC-20 (the official protocol for proposing improvements to the Ethereum (ETH) network), from which the full history of an entity on the protocol can sometimes be viewed. In addition, the staking process is potentially open to front-running of client orders. Firms will need to be prepared to answer regulators as to how this system, therefore, guarantees fair and orderly markets;
  • A full audit trail of transactions (of both orders and trades) is mandatory – so you can have an understanding if something went wrong, and you have the data to rebuild the order book for any point in time historically. Your infrastructure will need the ability to both log, store and quickly search for files;
  • An ability to detect potential market abuse will be needed (depending on what type of asset is being made available to trade);
  • Transaction reporting capabilities will be necessary for regulatory compliance.

Adeptly scale, with confidence

In order to go forward with confidence against a backdrop of constantly changing rules, firms should undertake a review of their operational organisation and tech stack – in what regulators refer to as ‘systems and controls’. In addition, depending on what matching engine and infrastructure is installed, firms should seriously consider doing a POC with a matching engine they are confident will correlate with regulatory expectations from the core up.

Innovative and fast-growing tokenized or digitised markets often come with a perception of uncertainty and risk. Anyone looking to take advantage of them, and the latest technologies, are also looking for the safety, security and maturity expected by experienced market participants. Providers of purpose-built exchange infrastructure, such as Exberry, can not only help digital asset firms with their regulatory compliance, but can adeptly scale to the needs of its clients from start-ups to more established exchanges.

Photo Credit: by Aviz from Pexels

Why Flexibility is Key for the Upcoming EU DORA Regulation

Ever-increasing digitalisation is propelling the world of financial services to act faster and do more than ever before. One side effect of this is the increased risk posed by the failure of critical suppliers. This is the reason EU regulators have introduced the Digital Operational Resilience Act (DORA), which will implement uniform rules for financial entities on operational resilience throughout the EU.

Recent European Elections and Their Implications on Capital Markets

The elections for the European Parliament, held between 6th and 9th of June, could end up significantly impacting capital markets on the continent. This juncture could have the effect of reshaping regulatory landscapes, influencing market stability and altering cross-border economic activities.

Let’s talk

We are looking forward to hearing from you and one of our team members will be in touch.

Want to partner with us?

Try our sandbox

Please fill out this form and we will grant you sandbox access shortly

Let’s talk

We are looking forward to hearing from you and one of our team members will be in touch.


Full-Stack Developer

Please fill out this form and attach your CV, we will get in touch with you shortly