The Securities and Exchange Commission of Thailand has just released new parameters for business operators surrounding requirements for storing digital assets and wallet keys.
A Trio of Requirements
These new requirements are being implemented for one main reason – to “…ensure safety of clients' assets”. With that in mind, the following is an excerpt from the communication shared by the SEC of Thailand, detailing its new rulebook for service providers.
(1) Policy and guidelines for overseeing risk management and management of digital wallets and keys as well as communication to clarify such policy, action plans and procedures, work supervision and internal control to ensure compliance with the policy;
(2) Policy and procedures for designing, developing and managing digital wallets as well as creating, maintaining and accessing keys or other related information appropriately, securely and safely;
(3) Contingency plan in case of occurrence of any event that may affect the management system of digital wallets and keys. This includes laying out and testing action procedures, designating responsible persons and reporting the event. An audit of system security is also required as well as digital forensic investigation in case of any event affecting the security of systems related to digital asset custody, which could cause significant impacts on clients’ assets.
Essentially, what the SEC of Thailand is attempting to do is standardize the process of storing assets and keys used by service providers on behalf of clientele. This means not only establishing safe practices for the creation and ongoing maintenance of associated wallets, but a ‘contingency plan' in the event of a hack or loss of access to funds.
The regulator notes that while existing service providers are being given 6 months to align their practices with these new requirements, the changes are in effect immediately for new entrants to the market.
A Long List of Reasons Why
Not all forms of custody are equal, and for years now there have been examples popping up of exchanges becoming victim to attacks on hot-wallets. It isn't just small obscure exchanges either, as industry giants like Binance have also been on the wrong end of a hack.
- Binance lost >7,000BTC in 2019 from a hot-wallet
- Bithumb has had its hot-wallets hacked at least 3 times
- Coincheck hot-wallet hacked, resulting in loss of 523M NEM tokens
The list goes on, and on. What it shows is that even the largest exchanges are susceptible to theft, and must plan accordingly. Each of the scores of hacks that have resulted in the loss of funds being stolen from hot-wallets is just another reason why contingency plans such those now being implemented by the SEC of Thailand are needed.
What Can You Do?
Standardizing the practice of storing asset and keys is a good thing that will hopefully prevent future hacks. It would be foolish to think that they will not occur again though. With that in mind, there are steps that investors can take to minimize their risk and potential exposure to such events, even if an exchange has a contingency plan in place.
The first step is a simple and obvious one – do not store more assets than necessary on an exchange. If you don't have assets on an exchange, your funds are not at risk in the event of a hack. While this may be the most effective way of protecting ones funds, it is also contingent on practicing safe storage habits yourself. This means using hardware wallets, unique password, scam awareness, and more. To learn more about some of the more reputable hardware wallets on the market, click HERE.
The second step you can take, is to only use reputable, licensed, exchanges with a good track-record. Even better, try using an exchange which is both based and operated out of your jurisdiction. Many investors however, like to trade digital assets and not just hold them as a long-term investment. This means leaving a portion of your funds on an exchange if you fall in to this camp. Do not be lured in to using an obscure exchange just because it offers extreme leverage opportunities, or access to even more obscure speculative tokens.
The bottom line is that even with standardized regulations being established to ensure safe storage by service providers of digital assets and keys, risks will always exist. Stay informed, stay diligent, and stay mindful of the safety of your holdings.