QuadrigaCX: A Review by Staff of the Ontario Securities Commission
Ross McKee of McKee Law shares his insights on the recent Ontario Securities Commission staff review of the QuadrigaCX investigation
What happened?
The Ontario Securities Commission publicly released a report by its staff of the investigation of the crypto-asset trading platform QuadrigaCX, which collapsed in 2019. The report examined in detail how the platform was run, the causes of its collapse, and what happened to customer assets after the collapse. The report also discusses how, in the OSC Staff’s assessment, the Quadriga platform involved trading in securities or derivatives. The report is being used as a significant public education opportunity, circulated as its own interactive website (www.quadrigacxreport.ca) and associated videos.
What types of stakeholders will be impacted by this?
The OSC QuadrigaCX report is a cautionary tale that should be relevant both for customers of crypto-asset platforms and for operators of such platforms. Its discussion of regulation will be of interest to any platform operators who are currently providing or considering crypto asset trading services for customers in Canada.
Why does this matter?
After dealing with the past surge of ICOs, Canadian securities regulators have turned their attention to crypto-asset trading platforms more generally, including platforms that trade digital assets such as bitcoin, which are generally considered not to fall within the interpretation of “securities”.
It is no longer sufficient for operators of brokerages and trading platforms that are trading digital assets to simply state that because the assets being traded are not considered securities, they are therefore entirely outside the scope of Canadian securities regulation.
This claim had been a frequently espoused view prior to January 2020, when the Canadian Securities Administrators Staff published Notice 21-327 – Guidance on the Application of Securities Legislation to Entities Facilitating the Trading of Crypto Assets.
CSAN 21-327 disputed the view that securities regulation did not apply, because “some Platforms are merely providing their users with a contractual right or claim to an underlying crypto asset, rather than immediately delivering the crypto asset to its users. In such cases, after considering all of the facts and circumstances, we have concluded that these Platforms are generally subject to securities legislation.”
At the time of its release, CSA 21-327 was viewed as an attempt by the CSA to assert jurisdiction to bring previously unregulated bitcoin trading platforms, such as Quadriga and others, within the CSA’s regulatory scope.
The Quadriga report repeats staff’s view: “If a platform retains possession and control of the crypto assets being traded on the platform, securities laws may apply.” It is being published to show in shocking detail what can happen if a business operates in an unregulated manner, although the report is careful to caution that “even the most robust regulatory regime cannot detect every instance of fraud.”
Does this create new opportunities for stakeholders? If so, what might they be?
The Quadriga report emphasizes the sharp regulatory distinction between platforms that continue to control their customers’ assets versus those which do not. Platforms that only trade assets that are not legally securities or derivatives and which do not retain control of customer assets after a trade is settled are expressly not covered by Canadian securities regulation. This clarity is welcome.
Does this change create new risks for industry stakeholders? If so, what should they be looking out for?
Platforms that either trade securities or derivatives or which choose to control their customers’ assets outside the trade execution and settlement function must consider how marketplace regulation applies to them and what steps they must take to comply.
The particular scope and burden of marketplace regulation will depend upon a platform’s business activities. It might be limited to reporting trades in derivatives to a designated trade repository, or it might range up to full regulation as an alternative trading system (ATS), which in Canada also requires registration as an investment dealer.
There are as yet in Canada no registered crypto-asset marketplaces, so any such registration application will be novel—which usually means a lengthy, uncertain, and expensive process.
How does this impact compliance teams, and what can they do to stay ahead of the regulatory requirements?
Current platform operators should carefully consider whether any of the crypto assets they list for trading could be deemed securities or derivatives (recognizing that the scope of the latter can be very broad). If they are not securities or derivatives, then the operators need to consider how their customers’ assets are or could be handled before and after trade and settlement. The platform must ensure there is immediate delivery of the assets to the customer and no element of holding, custody, or control over those customer assets; otherwise, marketplace regulation may be triggered.
A system where customers may request their assets for delivery at any time represents custody. CSAN 21-327 states that book entry where assets are held as nominee for a customer does not constitute delivery. Only the transfer of assets to a user-controlled wallet is sufficient. (CSAN 21-327 is silent on the efficacy of multi-sig arrangements.)
For operators that are either listing assets that are securities or derivatives, or which provide customers with custody arrangements, those arrangements will need to be reassessed and changed to either get outside the scope of regulation or commence the registration process.
What can management teams or boards of directors do to stay ahead of these changes?
Management teams need to fully understand what aspects of their business, if any, could fall within this enhanced regulatory scope. They then need to assess whether their business models can be changed, and develop the appropriate roadmaps.
Boards of directors need to be assured that their management teams are addressing this appropriately, and should seek regular, detailed reports to fulfill their supervisory responsibilities.
What can service providers do to help their clients stay ahead of these changes?
Service providers can assist their clients in assessing a business’s possession and control of customer assets and how this could be shifted to a non-custodial model. The staff of Canadian securities regulators are typically open to informal one-on-one discussions around how, in their view, particular solutions might work under this enhanced regime.
Author — ROSS McKEE
Ross McKee is currently consulting for McKee Law with a specialty in crypto-asset securities regulations. Through an almost 40-year career as a securities lawyer at Canada’s Blake, Cassels & Graydon LLP, Ross has counseled issuers, capital markets participants, and marketplaces on securities regulation, registration, and marketplace compliance issues.
Ross led Blake, Cassels & Graydon’s crypto-asset regulatory practice for cryptocurrency, digital tokens, and other blockchain businesses—including being the Canadian rapporteur for the Chamber of Digital Commerce’s Token Alliance. Ross successfully obtained the only discretionary prospectus exemption order granted to date by Canadian securities regulators for a digital token offering. Ross retired from Blakes in 2020
learn more
Is your AML compliance too expensive, time-consuming, or ineffective?
iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.
Request a demo today.
GDPR and Your Verification Solutions: Ensuring Compliance and Data Security
GDPR and Your Verification Solutions: Ensuring Compliance and Data Security The General Data Protection Regulation (GDPR) has significant implications for how financial and legal service providers handle personal data during client onboarding. While KYC/AML...
Ensuring Data Privacy in KYC Compliance: Key Steps and Best Practices
Data privacy compliance is a critical aspect of operating in today's digital landscape. Protecting personal data and adhering to regulatory requirements helps build trust with customers and avoid legal repercussions. Implementing...
Understanding the General Data Protection Regulation (GDPR) for Business Compliance
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that impacts businesses operating within the European Union (EU) and those handling EU citizens' data. Ensuring compliance with GDPR is crucial...