In its notice, the CSA highlighted safeguarding of crypto assets as one focus area for disclosure reviews, particularly controls to guard against the risk of loss and/or theft. Failure to adopt adequate protections, it said, “may give rise to public interest concerns about the issuer.”
Issuers that have a self-custody system may disclose their use of multi-signature wallets, safeguarding of private keys, “cold wallets,” and frequent monetization of crypto assets into fiat currency, and measures to mitigate cybersecurity risks, among others.
Those that use third-party custodians, meanwhile, are expected to disclose a broader set of information that includes the identity and location of the custodian and any sub-custodians, a discussion of the services provided by the third-party custodian to the issuer, and any information the issuer knows about the custodian’s operations that could affect the issuer’s ability to obtain an unqualified audit opinion on its financial statements, among others.
“The use of, and reliance on, crypto asset trading platforms also raises issues that extend beyond an issuer’s own controls,” the notice said. “Their account with the crypto asset trading platform generally represents a contractual claim against the trading platform and subjects the reporting issuer to the risks related to the solvency, integrity and proficiency of the operators of the trading platform.”
Many of the investor protection considerations applicable to investment funds may also be relevant to issuers who are materially involved in investing in cryptocurrencies and do not have other substantial operations, according to the CSA. Issuers that file a prospectus, the CSA said, may face challenges getting a receipt unless they take relevant risk mitigation efforts comparable to those expected under the investment fund regime.