Bangkok, 4 February 2022 – The Securities and Exchange Commission (SEC) urges digital asset business operators to give priority to cybersecurity and to assign a responsible person to oversee this matter to ensure continuity of service provision and safety of clients’ digital assets in protection of digital asset traders.
Recent news reports on cyber attack on a foreign decentralized finance platform, which resulted in tremendous loss of clients’ digital assets, have raised concerns over cybersecurity. The SEC is therefore urging digital asset business operators to emphasize the importance of cybersecurity on a continuing basis and to assign a responsible entity to oversee the matter to ensure that they can provide services to investors continuously and clients’ digital assets are securely safeguarded.
The SEC requires that digital asset business operators have efficient risk management and be equipped to tackle cyber threat to ensure that clients’ digital assets under their custody are safe. Essentially, digital asset business operators are required to establish a cybersecurity system in accordance with the regulations specified by the SEC and arrange for IT security audit and a penetration test by a knowledgeable and skilled auditor who is independent from the responsible IT Unit before commencing service provision and at least once a year thereafter. In addition, digital asset business operators must conduct a cyber resilience assessment every year.
Regarding custody of clients’ digital assets, the SEC specifies that digital asset business operators establish measures for controlling and keeping clients’ digital assets securely or deposit clients’ digital assets with a third party custodian who is fully qualified in accordance with the regulations, which emphasize the importance of cybersecurity service systems when clients’ total digital assets under custody are worth more than 15 million baht for five consecutive days.
In addition, digital asset business operators are required to maintain net capital in accordance with the specified conditions to handle potential risks and liabilities from duty performance, for example, in case of loss of clients’ assets.
SEC Secretary-General Ruenvadee Suwanmongkol said: “Technology is key to digital asset business operations. The SEC thus gives a special emphasis on cybersecurity to protect the safety of clients’ assets, and requires digital asset business operators to have cybersecurity measures in compliance with the standards specified by the SEC. Likewise, service users should remain focused on cyber risk prevention when using personal devices to make transactions, including keeping one’s digital assets in a private wallet. The SEC recommends that service users allow multi-factor authentication for the email account and the trading account of digital assets to reduce the risk of cyber attack on the accounts and passwords. Investors should also follow digital asset business operators’ advice on user account security.”
________________________