The crypto winter and custody – practical advice for shoring up custody arrangements

11 November 2022
Matthew Bode, Partner, Brisbane

The digital assets world has been rocked by the liquidity run on FTX the week, the world’s second largest exchange, and the near buyout by Binance, the world’s largest exchange. While there are various reasons being put forward for the issues facing FTX, in a febrile environment part of the focus is on custody of client assets.

For those in the digital assets space who are considering these market issues, and the new regulation posed by the Digital Assets (Market Regulation) Bill 2022 (Cth) – which includes custody requirements, it is timely to consider what custody practically looks like for those who hold Australian Financial Services licences. That is the best indicator of the steps that should be considered by digital assets exchanges, funds and other fintechs to improve their custody arrangements, and to prepare for a future where additional regulation in this space is all but certain.

Client money obligations

If firms deal with client money i.e. as an AFS licensee, there are a number of requirements that apply. These include:

Holding requirements

Firms must separate client money from their own by keeping it in a different bank account (known as a trust account and most often designated as a s981B or s1017E account). The bank account must be with an Australian bank, an approved foreign bank or a cash management trust.[1] The fiduciary duties on these trust funds also overlays over the statutory obligations i.e. ordinary trust principles apply. (Oft-forgotten is the fact that Qld domiciled organisations also need to comply with the Qld Trusts Accounts Act 1973 (Qld), which applies various generic account recording and handling obligations!)

The legislation governs movement of moneys into accounts e.g. client money rules apply to top-up investments as well as initial purchases (s. 1017E(1)(e) of the Corporations Act 2001 (Cth) (Act)), and the requirement comes into effect immediately unless there is a 24-hour issuance of a product (s. 1017E(1)(d) of the Act). There is also a time limit on how long moneys can be held in the account – one month (s. 1017E(4) of the Act), unless it is not reasonably practical to do so.[2]

Many exchanges have FX fiat services – it is very likely they will need multiple trust accounts in each of these denominations. The monetary flow for each service and product is then critical, as often clients will provide moneys to an issuer or service provider which is mixed in nature e.g. partly to purchase a product, and partly for fees. The mandated separation of these moneys (see below), and how they get transferred to the trust account e.g. individual transfers or netted each day can become complicated from an operations and compliance perspective given the multiple accounts required and audit requirements;

Mixing requirements

It is impermissible to mix client moneys (s. 1017E of the Act). Only specific types of money can be paid into the client money account, being client money – paid by the client, or on behalf of the client for the benefit of the client; interest on the amount in the account (unless the issuer claims that money, after it is properly disclosed per r. 7.9.08A of the Corporations Regulations 2001 (Cth) (Regulations)); and, interest made on any investments made in accordance with the Act.

This sounds straightforward, but is logistically complicated when structuring and operating accounts as inbound moneys are often paid for multiple products (some of which may not be ‘financial products’ e.g. spot trades), or part of the money held becomes payable to the AFS licensee e.g. for margin payments or fees. If mixed money is paid, it can be paid to a non-trust account, and then portion of the moneys which is client moneys would need to be separated that day or the day afterward to the trust account under s. 1017E(2) of the Act. The reverse is not possible i.e. receiving mixed moneys directly into trust accounts, given the prohibition set out above.

Issues also arise on outgoing monetary flows. One of the common issues which arises here is for structured products, where settlement for say a swap occurs and the margin and settlement sum are in the client money account (and then both need to be moved).

Use requirements

Firms can invest some client moneys, though there are very specific rules around this which need to be satisfied. Most derivatives providers do this to hedge counterparty risk. Some AFS licensees obtain broad authorisations in their client agreements and product disclosure statements to make withdrawals from client money for any purpose, including as working capital and for proprietary trading. This is a tricky area which has been subject to recent reform, as once money has been withdrawn from client accounts (under the broad permitted use set out in s981D of the Act or paragraphs 7.8.02(1)(a) or (c) of the Regulations), it ceases to have the protections afforded to it by the statutory trust and may be exposed to higher levels of counterparty risk, for which clients are often not compensated.

For this reason, there are newish rules depending on whether clients are retail or wholesale around what can be done with client moneys. Regulation 7.8.02A (accounts maintained for section 981B of the Act), prevents the use of derivative retail client money from being used as the licensee’s working capital; or to meet obligations incurred by the licensee other than on behalf of the client; or to enter into, or meet obligations under, transactions the licensee enters into to hedge, counteract or offset the risk to the licensee associated with a transaction between the licensee and the client. Generalised authorisations cannot overcome these rules, though most licensees look to see how this pool of moneys can be used (if at all) given the value it represents; and

Movement requirements

Specific rules apply around when firms can move client money from the trust account and for what purpose (s 1017E(3) of the Act). There are also timeframes. For example, movements can only occur upon the client’s instruction; to pay brokerage charges; to pay money which is owed to the AFS Licensee; to pay money to an insurer in connection with an insurance contract; and, to make any other payment with is authorised by law.

‘Reportable client money’

Under the ASIC Client Money Reporting Rules 2017 (Reporting Rules), AFS licensees that hold ‘reportable client money’ must comply with a number of record-keeping, reconciliation and reporting requirements. ‘Reportable client money’ is derivative retail client money (s 761A of the Act) other than client money held in relation to derivatives traded on domestic exchanges.

Under Rule 2.1.1 of the Reporting Rules, a licensee must keep accurate records of the amount of reportable client money it is required to hold in a client money account for each client and on an aggregate basis. Under section 981B of the Act, a client money account is generally operated as a trust account and the funds in it must be held on trust for the persons entitled to them. ASIC expects licensees to clearly designate their client money accounts as such (RG 212 at RG 212.15–RG 212.19).

To satisfy this requirement, a licensee’s records need to be in a heavily prescribed format. For example, they need to include the balance of reportable client money owed to each of the licensee’s clients; records of transactions that affect the balance of reportable client money held by the licensee, including withdrawals and deposits relating to the purchase and sale of derivatives for, on behalf of, or for the benefit of the client, withdrawals of client funds under section 981D of the Corporations Act, and investment of client funds under section 981C(a) of the Corporations Act.

Reconciliations and reporting

Under Part 2.2 of the Reporting Rules, an AFS licensee must perform daily and monthly reconciliations of the amount of reportable client money that, according to its records, it must hold in a client money account against the amount of reportable client money it is actually holding in that account. The licensee’s record of a reconciliation should set out the total balance of reportable client money owed to the licensee’s clients; the total amount of reportable client money that is being held, or has otherwise been permissibly withdrawn or invested, by the licensee, including moneys in client money accounts or held with brokers or invested; an explanation of any difference between the amount of reportable client money owed to the licensee’s clients and the amount being held; the total balance of the licensee’s client money account(s) in which it holds reportable client money and the total amount of money other than reportable client money; the time and date to which the reconciliation relates and when performed.

For monthly reconciliations, a signed director’s declaration stating that the director believes, and has no reason not to believe, that the reconciliation is accurate in all respects. If there is any discrepancy i.e. an AFS licensee fails to perform a reconciliation as required by the Reporting Rules, or any discrepancy in the reconciliation is identified, then that needs to be reported to ASIC formally. There are also auditing requirements; the auditor’s report must be provided to ASIC 4 months after the end of the licensee’s financial year.[3]


There are a broad range of penalties around client money handling. Firms will commit an offence if firms: fail to pay client money into a trust account on time; make unauthorised payments out of a client money account, or otherwise breach the client money rules. ASIC has been focusing on this area in the past two years.

If a breach occurs, and the firm holds an AFSL, they will need to consider whether the breach is significant and requires reporting to ASIC. Virtually all are in our experience, given the new enhanced breach reporting regime which came into effect on 1 October 2022.

Breaching the rules is an offence of strict liability. ASIC has the power to: request the Court impose civil penalties; impose additional licence conditions; publish information on breaches; or, require the firm to undertake a client remediation program. ASIC may also accept an enforceable undertaking as an alternative to civil or licensing action.

Pershing Securities Australia (PSA) was the first company to face criminal prosecution for breaching client money provisions. In 2020, it was charged with two counts of failing to pay client money into an account and one count for failing to comply with requirements relating to a client money account. PSA was found guilty of breaching s993C(1) of the Act and Regulation 7.8.01(1) of the Regulations by transferring sale proceeds from international trading in client’s securities from trust accounts into PSAPL’s general bank account, over a period of approximately 424 days between 1 March 2016 and 20 December 2017. It also breached s993B(1) of the Act by failing to ensure that some client money it received was held in segregated client money trust accounts on a total of 707 days between 25 January 2016 and 31 December 2018. The company was fined $40,000; the case demonstrates ASIC’s focus on this area (it was successful in a similar action against Societe Generale), and how easy it is to breach these sections of the law.

Practical considerations

When and how the rules come into effect remains to be seen, though the application of the rules to digital asset firms now on the basis of the present framework is relatively straightforward. The fact that cryptocurrency is a new asset type does not particularly impact the regime, and the protections the rules afford to investors and internal clarity they provide underscores the potential benefit of the regime beyond future licensing compliance.

Set out below is a suggestion of the broad steps in the uplift journey that digital asset firms may wish to consider:

Phase 1 – present state: firms should identify and set out all the money and crypto flows involved in each of its product offerings. How the money is received, accounted for, held, applied and distributed at each step of the product lifecycle for all products need to be documented for legal, compliance, systems and accounting advice (under privilege).

Phase 2 – future state: firms should identify the assumptions for the future regulatory state, and model them for itself. There is a fair certainty around the client money obligations being applied to brokerages; whether the derivative client money reporting obligations need to be applied will depend on firms’ aspirations and the view it takes of the future.

Operationally, client money handling obligations differ based on the activities the business engages in. For exchange firms, the key features will be the brokerage model e.g. agency or principal, particular activities e.g. margin lending, staking and foreign exchange, and how fees are generated e.g. commission, spread, etc.

Phase 3 – infrastructure: digital assets firms will need to build the infrastructure to comply with client money handling obligations, and (if it wants) derivative client money handling obligations. This project will involve operational, risk/compliance and legal support addressing these areas:

  • Holding structures e.g. normal bank accounts, trust accounts, FX accounts, etc. It is very common to have multiple accounts to comply with the relevant provisions (s 1017E(5) of the Act);
  • Contractual infrastructure e.g. client contracts, required regulatory disclosures and marketing;
  • Policies & procedures e.g. how mixed money is identified and dealt with;
  • Controls e.g. assurance mechanisms, management information;
  • Systems e.g. how reconciliations and netting are performed;
  • Reporting e.g. regulatory and internal reconciliations;
  • Staff & training e.g. finance and compliance staff; and
  • Balance sheet accounting / auditing assurance.

Phase 4 – assurance: Once the client money rules are implemented, firms will need to obtain assurance through legal opinions and internal audit. There will also likely be a stakeholder engagement exercise for the board, and senior management.

Next steps

Custody regulations will come into place for digital assets firms, in one form or another. It will also be a focus for investors moving forward, given the disruptions of the past week with FTX. Those digital assets firms who get a head start on these arrangements – they take time to implement – will put themselves in a good position to face the future head on.

If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.

Authored by: 

Matthew Bode, Partner

[1] What is interesting here is to what extent these obligations may apply to crypto itself, as opposed to fiat currencies. We think that this will be unlikely, however, as the crypto is really the ‘asset’ and should properly be subject to separate custodial requirements. This is one area we are focusing on closely as part of policymakers’ proposed reforms; s 10(2)(d) of The Digital Assets (Market Regulation) Bill 2022 states that there will need to be requirements relating to the ‘segregation and management of funds (including digital assets and any other kinds of assets) of the exchange participants’. This is unclear and unhelpful in our view. For a copy of our submission on this legislation, please reach out to the author.

[2] See Basis Capital Funds Management Ltd v BT Portfolio Services Ltd [2008] NSWSC 766 for how to approach the concept of ‘reasonableness’ in this circumstance.

[3] In Australia, firms also need to have their compliance with the requirements of APES 310 audited annually.

This update does not constitute legal advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of the content.

Get in touch