Virtual Asset Exchange
Order matching, spot/derivatives routing (as applicable), listing governance, and execution controls.
Compliance-first digital asset licensing portal
Digital Asset Licensing Framework for Cross-Border Market Operators
A structured framework designed for virtual asset service providers operating in multi-jurisdictional environments, with emphasis on governance, AML/CFT controls, safeguarding, and technology risk.
Risk-based oversight model
Fit & proper standards
AML / Travel Rule readiness
Market conduct expectations
What we license
Categories are structured to reflect operational risk, custody exposure, and client-asset safeguarding responsibilities. Each category includes baseline governance expectations, systems requirements, and compliance modules.
Custody Provider
Safeguarding, key management controls, segregation, operational resilience, and incident response.
Broker-Dealer (Digital Assets)
Agency / principal dealing frameworks, suitability controls, and conflict management expectations.
Token Issuer
Disclosure standards, governance, issuance controls, and distribution risk management.
Stablecoin Operator
Reserve management principles, transparency practices, redemption controls, and risk disclosures.
Infrastructure Provider
Technology services with material impact on client flows, custody, or security posture.
Core regulatory pillars
The framework is built around risk controls that scale with business model complexity, client exposure, and cross-border activity. Expectations are designed to support institutional onboarding, third-party due diligence, and operational resilience standards.
Capital & Substance
Baseline financial resilience, governance presence, and accountable control functions.
AML / CFT Controls
Customer due diligence, ongoing monitoring, reporting triggers, and sanctions screening.
Market Integrity
Listing discipline, surveillance expectations, conflicts management, and client communications.
Technology & Cyber
Security controls, incident response, resilience planning, and third-party risk governance.
Application pathway
Designed to be structured and document-led. Applications are expected to be submitted via registered agents where required by process. Reviews follow a completeness-first approach to reduce ambiguity and improve assessment efficiency.
6-step review flow
1
Pre-application
Scope mapping, eligibility screening, document checklist alignment.
2
Registered agent
Submission packaging, controlled representations, and filing readiness.
3
Completeness check
Validation of mandatory modules and evidence requirements.
4
Assessment
Governance, AML, custody, and technology risk evaluation.
5
Decision
Approval, conditional actions (if any), and issuance mechanics.
6
Ongoing obligations
Reporting cadence, monitoring expectations, and supervisory engagement.
Institutional alignment & supervisory focus
The framework is designed to support structured due diligence and operational controls used by institutional counterparties. It emphasizes evidence-based governance, risk ownership, and clear accountability across control functions.
Risk-based supervision model
Supervisory expectations focus on the practical risk profile of the business model—client exposure, custody responsibilities, cross-border flows, and technology concentration—rather than labels. Firms should be able to demonstrate control design and control effectiveness.
- Governance mapping: board oversight, senior management accountability, control ownership.
- Evidence standards: policies + procedures + logs + testing, not just written statements.
- Third-party dependency controls: vendor due diligence, SLAs, and resilience planning.
- Incident readiness: detection, response, notification pathways, and post-incident learnings.
Due diligence compatibility
Many market participants undergo onboarding reviews by banks, payment partners, institutional clients, and compliance teams. The framework is structured to help align internal control narratives with the kinds of questions counterparties typically ask.
- Client asset safeguarding approach (segregation, key management, recovery design).
- AML / sanctions screening architecture and ongoing monitoring model.
- Market conduct discipline and communications / disclosure standards.
- Technology risk governance: access control, change management, security testing.
Start with the framework, not the hype.
Review eligibility, obligations, and evidence standards before you prepare submissions.