{"kind":"expression","expression":{"expr_id":"289","doc_id":"289","label":"SL 12 of 2026","is_as_enacted":"t","commenced_on":null,"superseded_on":null,"valid_from":null,"valid_to":null,"is_current":"t","incorporating":null,"akn_expr_iri":"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01","akn_envelope":"{\"_canary\": {\"iri\": {\"work\": \"\/akn\/ky\/act\/sl\/2026\/12\", \"expression\": \"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01\", \"manifestation\": \"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01.pdf\"}, \"pdf\": {\"md5\": \"8b0e75b9718a8a5797dc462c4d1fdc72\", \"path\": \"\/Users\/q\/kyleg-data\/working\/SUBORDINATE\/2026\/2026-0012\/2026-0012_SL 12 of 2026.pdf\", \"pages\": 29, \"filename\": \"2026-0012_SL 12 of 2026.pdf\"}, \"errors\": [], \"extraction\": {\"model\": null, \"stats\": {\"word_count\": 10089, \"paragraph_count\": 19, \"text_char_count\": 69068}, \"usage\": null, \"method\": \"pymupdf-text\", \"version\": \"kyleg-akn-1.0\", \"extracted_at\": \"2026-06-22\"}, \"classification\": \"text_layer\", \"validation_flags\": [], \"docai_processor_id\": null}, \"akomaNtoso\": {\"act\": {\"body\": [{\"eId\": \"sec_n1\", \"num\": null, \"text\": \"Cayman Islands Monetary Authority Page 1 of 29 RULE AND STATEMENT OF GUIDANCE Market Conduct for Virtual Asset Service Providers February 2026 Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 2 of 29 Table of Contents 1. 2. 3. 4. 5. 6. 7. 8.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_9\", \"num\": \"9.\", \"text\": \"Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 3 of 29 List of Acronyms CIMA Cayman Islands Monetary Authority MAA Monetary Authority Act MNPI Material Non-Public Information RSOG Rule and Statement of Guidance VA Virtual Asset VASPA Virtual Asset Service Providers Act VASPs Virtual Asset Service Providers VATP Virtual Asset Trading Platform Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 4 of 29 Rule and Statement of Guidance Market Conduct for Virtual Asset Services Providers\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_1\", \"num\": \"1.\", \"text\": \"Introduction 1.1 This document (\u201cThe Rule and Statement of Guidance\u201d) establishes the Cayman Islands Monetary Authority\u2019s (the \u201cAuthority\u201d or \u201cCIMA\u201d) Rule and Statement of Guidance on Market Conduct for Virtual Asset Service Providers (\u201cVASPs\u201d). 1.2 The Rule and Statement of Guidance (\u201cRSOG\u201d) should be read in conjunction with: (a) Monetary Authority Act (\u201cMAA\u201d); (b) Virtual Asset (Service Providers) Act (the \u201cVASPA\u201d); (c) Anti-Money Laundering Regulations; (d) Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands; (e) Statement of Principles on Conduct of Virtual Asset Services; (f) Rule on Obligations for the Provision of Virtual Asset Services Virtual Asset Custodians and Virtual Asset Trading Platforms; (g) Statement of Guidance on Obligations for the Provision of Virtual Asset Services - Virtual Asset Custodians and Virtual Asset Trading Platforms; (h) Statement of Guidance on Outsourcing for Regulated Entities; (i) Regulatory Policy on Marketing Policies of Licensees; (j) Rule and Statement of Guidance on Internal Controls for Regulated Entities; (k) Rule on Corporate Governance for Regulated Entities; (l) Rule on Cybersecurity for Regulated Entities; (m) Statement on Cybersecurity for Regulated Entities; (n) Statement of Guidance Nature, Accessibility and Retention of Records; (o) The Regulatory Policy on Fitness and Propriety; and (p) any other relevant Acts and regulatory instruments issued by the Authority from time to time. 1.3 To highlight the Authority\u2019s market conduct rules within the compendium, a rule is written in light blue and designated with the letter \u201cR\u201d in the right margin.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_2\", \"num\": \"2.\", \"text\": \"Statement of Objectives 2.1 This RSOG establishes minimum requirements and guidance for VASPs in relation to market conduct. Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 5 of 29\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_3\", \"num\": \"3.\", \"text\": \"Statutory Authority 3.1 This RSOG is consistent with the Authority\u2019s statutory objectives as prescribed in Section 6(1)(b) of the MAA, which provides that the principal regulatory functions of the Authority are to: \u201c(i) to regulate and supervise financial services business carried on in or from within the Islands in accordance with this Law and the regulatory laws; (ii) to monitor compliance with the anti-money laundering regulations; and (iii) to perform any other regulatory or supervisory duties that may be imposed on the Authority by any other law;\u201d 3.2 Additionally, section 34(1) of the MAA provides that: \u201cAfter private sector consultation and consultation with the Minister charged with responsibility for Financial Services, the Authority may\u2013 (a) issue or amend rules or statements of principle or guidance concerning the conduct of Regulated Entity\u2019s and their officers and employees, and any other persons to whom and to the extent that the regulatory acts may apply; (b) issue or amend statements of guidance concerning the requirements of the anti-money laundering regulations or the provisions of the regulatory laws; and (c) issue or amend rules or statements of principle or guidance to reduce the risk of financial services business being used for money laundering or other criminal purposes.\u201d\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_4\", \"num\": \"4.\", \"text\": \"Scope of Application 4.1 This RSOG applies to Regulated Entities that have been authorised by the Authority to conduct virtual asset services pursuant to the VASPA. 4.2 The Authority will assess Regulated Entities\u2019 compliance with this RSOG in a manner commensurate with the size, complexity, structure, nature of business and risk profile of its operations. 4.3 The Authority acknowledges that Regulated Entities that are part of a group may be subject to group-wide market conduct practices and that such Regulated Entities may rely on the group\u2019s policies in respect of certain market conduct matters. Where a Regulated Entity is part of a group, it may rely on the group market conduct framework provided that the Regulated Entity\u2019s Governing Body is satisfied that the framework is commensurate with the size, complexity, structure, nature of business and risk profile of the Regulated Entity\u2019s operations and that the framework meets the legal requirements in the Cayman Islands, including those outlined in this RSOG. Where gaps are identified, a tailored market conduct framework that complies with this RSOG and legal requirements in the Cayman Islands should be implemented. Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 6 of 29 4.4 References to any Act or Regulation should be construed as references to those provisions as commenced, amended, modified, re-enacted or replaced from time to time. For avoidance of doubt, this document applies to the acts or regulations to the extent that such provisions in those acts or regulations are in force.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_5\", \"num\": \"5.\", \"text\": \"Definitions 5.1 The following definitions are provided for the purpose of this Rule and Statement of Guidance: 5.1.1. The \u201cAuthority\u201d has the same meaning as defined in the VASPA. 5.1.2. \u201cAgent\u201d refers to a person or entity that is authorised to act on behalf of a principal, whether for initiating transactions, handling documentation, or providing services, subject to the terms agreed with the principal and applicable law. 5.1.3. \u201cClient\u201d means a legal or natural person to whom virtual asset services are provided. 5.1.4. \u201cClient Agreement\u201d refers to a written document agreed to by the Client and the Regulated Entity, containing the conditions, terms of the business, and services provided to the Client by the Regulated Entity. 5.1.5. \u201cCommunication Channels\u201d includes, but is not limited to, the Regulated Entity's official website, social media platforms, print or television media, email broadcasts, newsletters, and any other medium used to convey information to Clients and the public. 5.1.6. \u201cControl Functions\u201d mean properly authorised functions, whether in the form of a person, unit or department, serving a control or checks and balances function from a governance standpoint and which carry out specific activities, including strategy setting, risk management, compliance, actuarial matters, internal audit, and similar functions. 5.1.7. \u201cCross-border transaction\u201d means any transaction where the originator and beneficiary institutions are located in different jurisdictions. This term also refers to any chain of transactions that has at least one cross-border element. 5.1.8. \u201cGoverning Body\u201d of a Regulated Entity is the Board of Directors where the entity is a corporation, the General Partner where the entity is a partnership, the manager where the entity is a Limited Liability Company, and the Board of Trustees where the entity is a trust business, or any equivalent governing structure as appropriate, taking into account the nature, size, and legal form of the Regulated Entity. 5.1.9. \u201cIssuance of Virtual Assets\u201d or \u201cVirtual Asset Issuance\u201d has the same meaning as defined in the VASPA. Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 7 of 29 5.1.10. \u201cPublic Disclosures\u201d means information that a Regulated Entity makes available to the public regarding its operations, virtual asset services, processes and controls, and compliance standing with the legal, financial, and regulatory requirements in the Cayman Islands or in any other jurisdiction in which it conducts business. 5.1.11. \u201cRegulated Entity\u201d means any legal person or arrangement that has been granted a license, registration, or waiver in accordance with the VASP waiver. 5.1.12. \u201cSenior Management\u201d includes the most senior staff of the regulated entity, including heads of divisions, and any person who fulfils the functions of a senior manager, by whatever name called. Such functions include actively participating in the daily planning, supervision, administration and execution of a regulated entity\u2019s objectives and strategy. 5.1.13. \u201cVirtual Asset Custodian\u201d has the same meaning as defined in the VASPA. 5.1.14. \u201cVirtual Asset Trading Platform\u201d (\u201cVATP\u201d) has the same meaning as defined in the VASPA. A. General Guidelines and Requirements\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_6\", \"num\": \"6.\", \"text\": \"Integrity and Conflicts of Interest 6.1 Regulated Entities are expected to act with honesty and integrity. The relationship between a Regulated Entity and its Clients should be based on the utmost good faith, by always upholding and acting within the terms of the documentation1 governing their relationship and in accordance with applicable Acts and regulations. 6.2 A Regulated Entity must establish, document, and implement clear written policies and procedures to ensure that it acts in the best interest of its Clients, and fulfil the responsibilities that it has undertaken on behalf of its Clients. 6.3 A Regulated Entity must conduct its business with due skill, care, and diligence, and must act ethically and professionally in a manner that safeguards the integrity of the market and prioritises the best interests of its Clients. Clients and prospective Clients must be treated fairly, transparently, and equitably. 6.4 A Regulated Entity must conduct its business in accordance with the terms and any conditions of its licence or registration under the VASPA. 6.5 The Authority will consider whether the Regulated Entity is acting within its powers and the specific virtual asset services for which a Regulated Entity has 1 \u2018terms of documentation\u2019 is used in a broad context to refer to the Client Agreement as well as any contractual and operational documents that may govern the Client relationship. These may include, but are not limited to, onboarding disclosures, promotional, offering documentation, custodial terms, supplemental product terms, and risk acknowledgements. R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 8 of 29 been licensed or registered as the scope of activities authorised under its licence or registration; since, consistent with Section 4 of the VASPA, Regulated Entities are prohibited from carrying out any specific virtual asset service activity(ies) outside the scope of their approved licence or registration, regardless of whether such services are provided directly or through affiliated entities on behalf of the Regulated Entity. 6.6 A Regulated Entity must maintain the confidentiality of a Client\u2019s affairs and protect the privacy of the information obtained from Clients, unless disclosure is required or permitted under applicable Acts and regulations, or with the consent of such Client to whom the duty of confidentiality is owed. 6.7 A Regulated entity should therefore be able to demonstrate that it has used Client\u2019s information only for the purpose for which it was obtained. 6.8 A Regulated Entity should identify and comply with the legal and regulatory requirements applicable to the administration of Client affairs in the jurisdiction(s) in which it conducts business or holds Client assets. 6.9 A Regulated Entity should maintain a documented compliance framework that identifies and tracks the relevant legal and regulatory obligations in each jurisdiction where it conducts business or holds Client assets. This may include internal jurisdictional checklists, reliance on external legal counsel, crossborder compliance protocols, or other recognised industry resources. Where necessary, the Regulated Entity should seek appropriate legal or professional advice to establish that it meets any applicable fiduciary, custodial, or administrative responsibilities under relevant acts and regulations. 6.10 A Regulated Entity must ensure that any decisions made, or transactions entered into by a Client, on behalf of a Client, or in relation to the Client Agreement are: (a) within the scope of approval of the Regulated Entity; (b) documented and actioned by the Regulated Entity in a timely and expeditious manner in accordance with the Client Agreement and commensurate with the size, complexity, structure, nature of business and risk profile of the Client operations; and (c) properly authorised and handled by persons employed by the Regulated Entity or by the Regulated Entity\u2019s Agent with an appropriate level of competence, knowledge, experience, and professional standing. 6.11 With regard to maintaining the timeliness of transactions, a Regulated Entity is guided to transact its business (including establishing, transferring or closing business relationships with its Client) expeditiously, meaning without delay, and in line with the terms of business contained in the Client Agreement. The Regulated Entity should also provide Clients with any information relating to operations on virtual assets that would require a Client\u2019s response, without delay. 6.12 A Regulated Entity should inform Clients of the typical timeframes for processing account withdrawals or account closures, including instances where, R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 9 of 29 due to safeguarding controls (such as virtual assets being stored in offline wallets), virtual asset withdrawals may take longer to process. A Regulated Entity should inform Clients of any withdrawal limits and related timeframes. 6.13 The concept of conflict of interest is generally related to a Regulated Entity putting control activities in place, including segregation of duties, declarations and recusal procedures to mitigate fraud, error or manipulation and to promote integrity, transparency and acting in the best interests of Clients. The Regulated Entity should therefore appropriately segregate the duties of critical functions, including but not limited to Client onboarding, transaction execution, reconciliation, custody, risk monitoring, and compliance. 6.14 The policies and procedures implemented by a Regulated Entity for the identification and management of conflicts of interest should consider: (a) conflicts of interest between a Regulated Entity and their beneficial owners, directors, senior officers, employees and Clients; (b) any personal conflicts of interest of any employee tasked with decisionmaking; (c) keeping and maintaining a register of potential and existing conflicts of interests, along with the mitigating measures in place; and (d) avoiding the assignment of conflicting duties to one individual. Certain duties within a Regulated Entity should be split, to the extent possible, among various individuals to reduce the risk of manipulation of financial data or misappropriation of assets. 6.15 A Regulated Entity must disclose any conflict of interest or potential conflict of interest to its Clients; and such disclosure must be in written form and include sufficient detail, taking into account the nature of the Client, to enable the Client to take or make an informed decision with respect to the product or service in the context of which the conflict of interest arises. 6.16 Every director and senior officer must disclose any conflicts of interest to the Governing Body on at least an annual basis. Where new conflicts arise, directors and senior officers must declare them and recuse themselves from decisions in which a conflict of interest exists. 6.17 A Regulated Entity must ensure that there is adequate segregation of duties, commensurate with the size, complexity, structure, nature of business and risk profile of its operations. 6.18 A Regulated Entity must maintain and implement effective policies and procedures to prevent, identify, manage, and disclose conflicts of interest. 6.19 The Regulated Entity must observe the conflict of interest and confidentiality disclosure requirements outlined in this Rule at all times as an ongoing obligation. 6.20 Overall, the Authority expects that, throughout the lifetime of the relationship with its Clients, a Regulated Entity maintains appropriate, reliable, timely, and transparent interactions while exercising due care and diligence. R R R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 10 of 29\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_7\", \"num\": \"7.\", \"text\": \"Client Asset Safeguards 7.1 A Regulated Entity outsourcing custody of Client virtual assets to third parties must ensure that such third parties are, at all times, in compliance with the relevant requirements under the VASPA, this measure and other applicable regulatory measures. 7.2 A Regulated Entity holding Client funds, on behalf of Clients, must ensure that Client funds are clearly segregated in compliance with the relevant requirements under the VASPA. 7.3 Where a Regulated entity decides to cease any virtual asset services, it must ensure that it honours its commitments, protects Client interests, and that any outstanding business is properly completed with minimal disruptions to its clients, and in accordance with the relevant Acts or regulatory measures.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_8\", \"num\": \"8.\", \"text\": \"Insurance 8.1 Where applicable, a Regulated Entity must maintain insurance protections to the satisfaction of the Authority, including the following: (a) professional liability of senior officers; (b) theft or loss of Client assets held in custody; (c) business interruption; and (d) cyber security. 8.2 Insurance coverage carries an added layer of security, ensuring that Clients are safeguarded against potential losses and can trust the Regulated Entity to act responsibly and transparently. The level of insurance cover that a Regulated Entity holds should be based on the products and services that it offers and its scale of operations. Consideration should be given to the following risks: (a) loss or theft of virtual assets belonging to Clients; (b) loss of documents; (c) misrepresentations or misleading statements made; (d) acts, errors, or omissions resulting in a breach of: (i) legal and regulatory obligations; (ii) the duty to act honestly, fairly, and professionally towards Clients; and (iii) confidentiality obligations; and (e) failure to establish, implement and maintain appropriate procedures to prevent conflicts of interest. 8.3 Where a Regulated Entity is unable to obtain such insurance coverage, it should notify the Authority and provide reasonable evidence of unavailability. In such cases, the Authority may permit the use of alternative risk mitigation measures, R R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 11 of 29 taking into account the nature, scale, complexity, and risk profile of the custody services provided. These may include alternatives such as: (a) Regular independent audits; (b) Enhanced cybersecurity and operational safeguards; and (c) Self-funded reserves or risk-based capital (as a form of self-insurance). All alternative measures would be subject to the approval of the Authority, in advance, and should offer a level of protection broadly equivalent to that of insurance. This exception is not intended to serve as a default alternative to insurance but as a limited accommodation in exceptional cases. Furthermore, the Authority may subject the Regulated Entity to review any self-insurance cover on at least an annual basis, considering the proportionality principle. 9. Marketing, Advertising, Communications, and Promotions 9.1 A Regulated Entity must ensure that all marketing, advertising, or promotional materials and information: (a) are fair, clear, and not misleading in both content and presentation; (b) are clearly identifiable as marketing or promotional in nature; (c) do not contain statements or visual elements that contradict the risks associated with Virtual Assets; (d) do not mislead Clients, deliberately or negligently, about the real or perceived benefits of any services carried out, or about potential profitability, exaggerate claims, or make assurances of gains; (e) do not mislead Clients about the safety, risk profile, simplicity, or guarantee, or create an urgency based on the speculative future value of an investment; or (f) do not create an urgency based on the speculative future value of an investment. 9.2 A Regulated Entity should ensure that any advertising, marketing, or promotional materials and communications relating to its products or services are fair, clear, and not misleading. In particular, the Regulated Entity should take reasonable steps to ensure that language is carefully chosen and does not include misleading statements, promises, or terms, when read in context, (such as \u201cguaranteed\u201d, \u201cconfidential\u201d, \u201cassured\u201d, \u201csecret\u201d, or similar expressions), whether relating to the scale of its regulated activities or to any other matter that the Regulated Entity does not reasonably believe to be true. The Regulated Entity should also have regard to the Authority\u2019s Policy on Marketing Policies of Licensees. 9.3 A Regulated Entity should establish that all communication and information provided to Clients: (a) is provided in writing or in a form that can be retained and referenced by the Client. The Authority notes that while typically, a Regulated Entity R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 12 of 29 communicates with Clients via e-channels, digital channels or applications, the expectation is that the Regulated Entity implements policies and procedures to manage the integrity and auditability of its communication with Clients. This is particularly important to consider, in conjunction with Rule 10.5 and whether such communication impacts the Client Agreement; (b) uses plain language, is logically ordered, accurate, clear, free of ambiguity and misleading language, technical jargon or complex information that is not clearly explained; highlights important information; (c) is sufficient for and presented in a way that is likely to be understood by the average Client in the group of Clients to whom it is directed, or by whom it is likely to be received; (d) does not disguise, diminish or obscure important items, statements or risk warnings, and includes clear, fair and prominent information on the proportion or percentage of Clients that incur losses when trading such products; (e) uses a font size in the indication of relevant risks that is at least equal to the predominant font size used throughout the information provided, as well as a layout that ensures that such an indication is prominent; (f) is consistently presented in the same language throughout all forms of information and marketing materials that are provided to each Client, unless the Client has agreed to receive information in more than one language; (g) is up to date and relevant to the means of communication that the Client has agreed to; and (h) considers whether the omission of relevant facts would result in the information being unfair and unclear, or misleading. 9.4 Further, the Authority does not require Regulated Entities to make audio or digital screen recordings of telephone calls with Clients. However, where material instructions, advice, or agreements are provided by telephone, Regulated Entities should follow up with written confirmations or follow-up documentation, including the substance of the communication in a durable and auditable format, so as not to breach any obligations relating to the Client agreement. 9.5 While technical or industry-specific terms are not prohibited, Regulated Entities should consider the ways of conveying information, the content that the communication is intended to convey, and the type, experience and level of knowledge and\/or sophistication of each Client, to uphold the integrity of such communication. Further, while the Authority does not mandate that Regulated Entities conduct formal tests (for example, quizzes) to assess a Client\u2019s level of knowledge and sophistication, Regulated Entities should use reasonable, riskbased evaluation methods considering factors such as product complexity, Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 13 of 29 Client profile, or onboarding information to tailor communications to Clients appropriately, and with integrity. 9.6 Where a virtual asset service or product carries a lower risk profile based on established technology or operational, or validated history, a Regulated Entity may describe such characteristics in its marketing, advertising or promotion, provided that it does so in a balanced manner that does not diminish disclosure of residual risks. 9.7 A Regulated Entity should not include in its marketing communications any statement detailing historic market performances of its products or services unless: (a) the basis on which such performance is measured is clearly stated and the presentation is not misleading; (b) it is accompanied by a risk warning indicating that past performance is not necessarily an indication of future performance; and (c) the past performance details are relevant to the service or product offered by the Regulated Entity. 9.8 It is also expected that the marketing communications of the Regulated Entity does not compare the products and services to other forms of investments or trading unless the reason for the comparison is clearly stated, justified and appropriate. 9.9 A Regulated Entity must ensure that its marketing, advertising, communications and promotions practices: (a) do not breach or contain any material or content that is in breach of any acts, regulations or applicable rules; (b) do not violate standards of prudence and fairness; (c) are clear, ethical, factual, and not misleading, false, or deceptive; (d) do not present or promote any services that it is not licensed or registered or waived to provide; (e) disclose to its Clients and prospective Clients any material risks that the Regulated Entity, acting with due care and diligence, ought to identify in connection with the virtual asset services it is advertising to them; and (f) do not place the reputation of the Cayman Islands at risk of being brought into disrepute. 9.10 A Regulated Entity must disclose all incentives and rewards being offered in marketing campaigns, including applicable terms and conditions. 9.11 The incentives and rewards disclosed should be clearly identified as being offered to the Client. The Regulated Entity should make it clear what the Client will receive, under what conditions, and avoid language that could cause R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 14 of 29 confusion about whom the reward is intended for. 9.12 Where a Regulated Entity uses a marketing or trading name that differs from its regulated legal name, both names should be clearly disclosed in all marketing, advertising, or promotional materials in a manner that is prominent and not misleading. 9.13 A Regulated Entity should ensure that the marketing of higher risk products, such as derivatives or leveraged trading, includes a warning of the risks involved. These may include: (a) the enhanced risk of losing invested capital through margin calls or position liquidations; (b) the impact of small fluctuations in the price of virtual assets; (c) the risk of imperfect correlation between a derivative and the underlying asset and the resultant hedging risk; and (d) statistics and statements on the percentage of Clients that lose money when trading with the custodian or trading platform. 9.14 A Regulated Entity should maintain a record of any marketing communications or promotional campaigns. This should be made available to the Authority if necessary.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_10\", \"num\": \"10.\", \"text\": \"Client Onboarding and Client Agreements 10.1 In assessing the complexity and minimising the risk of its products and services during client onboarding, the Regulated Entity should develop controls, policies and procedures which are proportionate to: (a) the level of understanding, interest, and needs of its Clients; and (b) the level of risk, experience, and vulnerability of its Clients. Examples of measures that a Regulated Entity may take in this regard include inter alia: (a) assessing the volatility and  extent to which a product or service is suitable and appropriate for a Client. This may include taking into consideration the nature of the Client (i.e. retail or corporate); (b) carrying out robust testing of new products and services, and the effectiveness of controls; (c) considering the extent to which Client assets are at risk as a result of new products or services being offered; and (d) the Client\u2019s risk appetite and financial position. 10.2 The key risks associated with virtual assets products and services, for which risk disclosures or warnings should be made to Clients, include, but are not limited to: (a) potential loss of value in full or in part or if the Client\u2019s invested capital Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 15 of 29 is at risk; (b) risks relating to the use of leverage; (c) the irreversible or illiquid nature of certain transactions; (d) the absence of financial protection for Virtual Asset investors; (e) the exposure to fraud, theft, manipulation, or cyber risks; (f) volatile trading history; and (g) the risks associated with the transfer and storage of virtual assets, applicable where the Client wishes to deposit or withdraw virtual assets to or from a wallet address controlled by the Regulated Entity. These disclosures should be presented in a clear, accurate, and easily understandable format across all Client-facing documentation, communications, and agreements. 10.3 Additionally, the Authority notes that all material terms must be fair, transparent, and clearly disclosed to Clients during the onboarding process and in the Client Agreement. This includes, but is not limited to: (a) terms relating to limitation of liability, indemnification, and the circumstances in which either party may be held liable for losses, damages, or third-party claims; and (b) any contractual right of a Regulated Entity to realise Clients\u2019 virtual assets, including the specific virtual assets subject to that right, the circumstances in which it may be exercised, and the actions the Regulated Entity may take when exercising it. 10.4 Moreover, the Authority notes that terms relating to limitation of liability and indemnification should not be one-sided to an unreasonable extent. For example, indemnities for Client negligence may be acceptable, but not clauses exempting a Regulated Entity from any illicit activity, including fraud or gross negligence. 10.5 A Regulated Entity must ensure that a written Client Agreement is signed by all parties and in place before providing any virtual asset service(s) under the VASPA and must provide the Client with a copy of the executed Client Agreement. 10.6 A Regulated Entity must clearly specify in the Client Agreement the nature of each service or product it provides to the Client, as well as the capacity in which it acts in relation to any relevant transaction. 10.7 The Regulated Entity must clearly identify all parties to the Client Agreement, including the legal name and registered address of the Regulated Entity, and, where applicable, any affiliated or parent entities, or provisions for custodial or other third-party arrangements that are materially connected to the provision of the virtual asset services. The Regulated Entity must also correctly identify the Client by legal name, and, where applicable, any additional party authorised to act on the Client\u2019s behalf. R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 16 of 29 10.8 A Regulated Entity must clearly disclose, in the Client Agreement\/ Terms of business \/ other relevant documents and in a manner that is simple and easy for the Client to understand, the quantity, value, and arrangements for the payment or provision of any commissions, fees, interest, charges, inducements, or other costs associated with the provision of virtual asset services, together with any applicable terms and conditions. The fees, charges or commission structures must be transparent, fair, and non-discriminatory. 10.9 The written Client Agreement should be shared between the Regulated Entity and the Client via a suitable documented communication method, such as email, smart contract, or secure Client portal access. The Authority expects that such Client Agreement is recorded, captured, or stored in a manner that ensures it can be accessed and verified by the Authority. 10.10 A Regulated Entity must provide Clients with written confirmation upon execution of a transaction that includes all relevant details of the transaction. 10.11 The Regulated Entity should also consider providing written confirmation to the Client on the following: (a) the virtual asset being transacted along with the price, quantity and total cost; (b) the date and time that the transaction was placed; (c) in relation to the transaction details, if applicable, the direction of the transaction (e.g. buy or sell order); (d) the allocation and provision of an order identification number so that the Client will be able to communicate with the Regulated Entity in the event of any discrepancies, operational issues, or complaints; and (e) providing any funds, commission, or fees received in connection with any Client transaction. 10.12 The executed Client Agreement and written confirmation of a transaction, including the transaction details, may be provided to the Client in secure Client portals, via email, or other reliable and auditable electronic means. 10.13 A Regulated Entity should also consider including within the Client Agreement the manner in which the Client may provide instructions for any transactions. Generally, it should be established that the Client Agreement includes clear and accurate information on the official Communication Channels used between the Regulated Entity and the Client. This guidance supports Client awareness, reduces confusion, and aims to protect Clients from fraud, impersonation, scams or similar threats. 10.14 The Regulated Entity must include a dedicated section in the Client Agreement\/ Terms and Conditions\/ or an Alternative that prominently discloses all key risks associated with the virtual assets provided and written in plain language to ensure that Clients are aware of, and have acknowledged such risks, and can make well-informed decisions about engaging in the virtual asset service (s). R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 17 of 29 Disclosures of key risks in the Client Agreement \/ Terms and Conditions\/ or an Alternative must be assessed and updated to reflect evolving risks. 10.15 The Regulated Entity must disclose in the Client Agreement and other relevant documents, internal safeguards that it has implemented to mitigate key risks, including, where applicable, the methods of access to virtual assets held and insurance arrangements for the protection of these assets. 10.16 A Regulated Entity must always comply with the terms and conditions of the Client Agreement, unless otherwise required by law or waived with Client consent. 10.17 Where a waiver from the terms of the Client Agreement is granted, the Regulated Entity should document and retain evidence of the Client\u2019s consent and the basis for the waiver. Such records should be maintained in accordance with the entity\u2019s record-keeping policies and be made available to the Authority upon request. 10.18 A Regulated Entity must provide prior written disclosure of any amendments that it intends to make to the Client Agreement\/ Terms of business, and the manner in which the amendments can be made, and any associated or indirect costs, allowing a reasonable opportunity for the Client to accept, reject, or terminate the Client Agreement without any penalties, other than for the settlement of any outstanding obligations or liabilities under the Client Agreement. 10.19 Such amendments to the Client Agreement may include, but are not limited to, changes to fees, commissions, the structure of the business, conflicts of interest, changes in management, and control functions. Following the provision of such notice disclosure of any amendment to the Client, a Regulated Entity should clearly state that continued use of its virtual asset services will constitute acceptance of the amended terms of the Client Agreement. This approach reflects common commercial practice, provided Clients are given adequate notice and a fair opportunity to terminate without penalty. 10.20 The Regulated Entity must ensure that: (a) it has obtained and documented all relevant information about the Client\u2019s objectives, financial situation, risk tolerance, knowledge, experience and the understanding of the risks involved; and any other factors necessary to make an informed and appropriate decision on the Client\u2019s behalf; (b) the products and services offered to each Client are suitable, having regard to the factors in (a) in the above; (c) the discretion or power given to it, is used for proper purpose, in the Client\u2019s best interests, and in line with the Client Agreement; and (d) there is documented evidence to record decisions made under discretion, where the Regulated Entity has been granted discretion to act on behalf of Client. R R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 18 of 29 10.21 The Authority expects that dispute resolution mechanisms available to a Client, including escalation pathways and resolution timelines, are also clearly defined in a Client Agreement. 10.22 A Regulated Entity should consider informing Clients within the Client Agreement \/ terms and conditions or an alternative of the regulated activity that it performs, the jurisdiction(s) and those who are responsible for regulating it. 10.23 When structuring the Client Agreement, the Regulated Entity should include the arrangements for bringing the Client Agreement to an end.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_11\", \"num\": \"11.\", \"text\": \"Complaints Handling 11.1 A Regulated Entity must establish effective complaints-handling policies and procedures that ensure fair, consistent, and impartial management of complaints. 11.2 The complaints-handling framework should be disclosed in a clear and easy-tounderstand manner to establish accessibility and transparency for Clients, including by providing a standardised template or other simple method that enables any Client to submit a complaint easily. A Regulated Entity may disclose this information through its website or other communication channels, including social media platforms. 11.3 Upon receipt of a complaint, a Regulated Entity must, without delay, acknowledge the complaint in writing and inform the complainant that it is being considered. 11.4 The Regulated Entity must investigate and address Client complaints in a timely, fair and consistent manner and communicate the outcome of the complaints within a reasonable timeframe. 11.5 The Regulated Entity must maintain a log of Client complaints and resolutions for operational risk management purposes, which must be made available to the Authority upon request. This log must meet record-keeping requirements in relation to all Client complaints and resolutions, including: (a) details of each complaint; (b) date received; (c) response and actions taken; (d) Status of the complaint (whether resolved\/unresolved), complaints; and (e) date resolved. 11.6 The Regulated Entity must report to the Authority any Client complaint or a set of Client complaints that represent a material risk to Clients or are indicative of a material failure of the Regulated Entity\u2019s control environment. 11.7 Pursuant to the Anti-Money Laundering Regulations, a Regulated Entity is mandated to keep records for a minimum of five (5) years, from the date of R R R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 19 of 29 resolution. Where a longer retention period is necessary due to the nature of the complaint, legal risk, or internal policy, the Authority expects that Regulated Entities retain such records for up to seven (7) years or more, in line with best international practices and internal governance requirements. 11.8 The Regulated Entity should provide the Governing Body with regular reports on complaints handling, including sufficient analyses of complaint trends, all ongoing complaints data, outcomes and any potential systemic issues. This aims to promote proper oversight of the complaints handling programme on an ongoing basis, to identify patterns about the issues, and implement corrective measures to avoid recurrence. 11.9 A Regulated Entity is expected to maintain procedures and systems that keep complainants informed of the progress of their complaint through proactive written updates. These procedures and systems should, at a minimum, require written acknowledgement of receipt of a complaint and set clear expectations for update timelines that are appropriate to the nature and complexity of the complaint. 11.10 A Regulated Entity should openly communicate the details of the status of the resolution to the complainant within a reasonable timeframe, such as: (a) the alternative resolution options, irrespective of whether or not the complaint is resolved in a manner that they are satisfied with; (b) whether the complaint needs to be escalated for further enquiry; and (c) expected timeframe for the complaint to eventually be resolved. This is particularly more important in cases where the complaint is complex or uncommon in nature. Communication should remain consistent with any applicable legal restrictions. 11.11 A Regulated Entity should confirm to the Complainant in writing when a complaint has been closed. 11.12 If a Regulated Entity concludes that it is not upholding a complaint, it should communicate this to the complainant in writing, clearly stating the reason(s) for its decision in accordance with the Regulated Entity\u2019s relevant policies or evidence, to establish transparency and to help the complainant understand the rationale. 11.13 Where the provision of virtual asset services involves an Agent, a Regulated Entity must establish procedures to facilitate the handling of complaints between its Clients and such Agents. 11.14 Notwithstanding the involvement of an Agent, the Regulated Entity remains fully responsible for the resolution of all Client complaints. 11.15 A Regulated Entity must not impose any fees or charges on Clients for the submission or handling of complaints. R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 20 of 29\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_12\", \"num\": \"12.\", \"text\": \"Public Disclosures 12.1 A Regulated Entity must make public disclosures readily available across all Communication Channels as appropriate, and present them in a manner that is clear, concise, and easy to understand. 12.2 In respect of Rule 12.1 above, Public Disclosures include but are not limited to the disclosures about organisational changes, service or product offerings, risk factors, fees or changes in fees (as applicable), and regulatory status. Additionally, disclosures should be made in a manner that is easily accessible and understandable across the communication channels. 12.3 A Regulated Entity should publicly disclose its licensing or registration status and authorised number, as approved by the Authority. 12.4 A Regulated Entity must publish information related to its key corporate governance structures, as well as the identification and details of the members of its Governing Body, Control Functions and Senior Management. 12.5 When disclosing information on governance structures, a Regulated Entity should do so in a manner consistent with applicable data privacy laws. Disclosure does not extend to personal data such as home addresses or other sensitive information. Instead, the Authority expects publication of information, including, but not limited to, the person\u2019s name, title\/role, and professional designation. These disclosures assure competence, knowledge, and professionalism, consistent with the obligations set out in Rule 6.10(c) on Integrity. 12.6 Pursuant to the relevant Acts, a Regulated Entity should report material changes in its operations to the Authority where such changes are reasonably expected to significantly impact Clients\u2019 interests, regulatory compliance, or the Regulated Entity\u2019s risk profile. In the same vein, the Regulated Entity should consider whether to disclose such material changes to its Clients to avoid breaching Rules 12.1 or 12.4. 12.7 Material changes in a Regulated Entity\u2019s operation include, but are not limited to, the following occurrences: (a) breaches of security or significant operational changes; (b) any significant alteration to a VASP\u2019s operations or structure; (c) offerings that could impact Clients, stakeholders, or regulatory compliance; (d) service disruptions; (e) modifications to terms of service or fees; (f) shifts in ownership or management; and (g) sale or cessation of the Regulated Entity\u2019s operations. 12.8 If a Regulated Entity engages or partners with a third-party service provider in connection with the obligation of its services (for example, a bank that holds fiat funds), it should clearly disclose to its Clients the nature of the arrangement R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 21 of 29 and identify the party with whom the Client is transacting. 12.9 Where a Regulated Entity is part of a larger group structure, Clients should be made aware of which group entity they are transacting with at all times, including the regulatory status of that entity, and the level of protection afforded to the Client. 12.10 Where a Regulated Entity decides to cease any virtual asset services, it must notify the Authority and provide a plan for communicating its cessation to stakeholders for the Authority\u2019s approval.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_13\", \"num\": \"13.\", \"text\": \"Cross-Border Transactions 13.1 Regulated Entities should align their cross-border transaction practices with international standards, including the FATF Recommendations related to virtual assets and virtual asset service providers. 13.2 A Regulated Entity should notify the Client of the required information for crossborder transactions, including transaction identifiers. 13.3 As a best practice, all fees associated with cross-border transactions, including conversion costs and transmission charges, should be disclosed in advance. 13.4 A Regulated Entity should establish that its Clients are informed in real time whenever material updates arise regarding the status of cross-border transactions. Any delays or issues affecting cross-border transactions should be communicated to the affected Client without delay.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_14\", \"num\": \"14.\", \"text\": \"Trading on Own Account 14.1 Proprietary trades should be executed under the same conditions as Client trades to establish fairness. 14.2 A Regulated Entity must implement and maintain effective systems, controls, and procedures to prevent market manipulation, insider trading, and other abusive trading practices in connection with its proprietary trading activities. 14.3 Such systems, controls, and procedures should apply to all proprietary trading activities, whether conducted on-platform or off-platform. The systems, controls and procedures include, but are not limited to: (a) Real-time surveillance capable of detecting abusive practices such as spoofing, layering, wash trading, front-running, and insider trading; (b) Automated alerting tools and data retention systems to support forensic analysis; (c) Documented escalation protocols and internal reporting for suspicious or cancelled orders; (d) Regular internal reviews and, where appropriate, independent audits of the effectiveness of controls; (e) Governance arrangements that clearly assign accountability for surveillance and order handling; and R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 22 of 29 (f) Information barriers and trade handling rules to establish a clear separation between proprietary and Client-facing activities. Additionally, the Authority expects these systems, controls, and procedures to be commensurate with the Regulated Entity\u2019s size, complexity, and risk profile, and to include appropriate audit trails and escalation mechanisms. 14.4 Proprietary trading must not compromise trading conditions or create unfair trading advantages. 14.5 A Regulated Entity should establish that its proprietary trading activities are subject to appropriate internal controls, including but not limited to: (a) information barriers between proprietary and Client-facing functions; (b) fair and non-preferential access to liquidity and order execution; and (c) Continuous monitoring to detect and prevent conflicts of interest or preferential treatment. These controls help to ensure that Client orders are not disadvantaged and that the Regulated Entity acts in accordance with the principle of market fairness. 14.6 A Regulated Entity should establish that the internal controls outlined in 14.5 are supported by documented policies and procedures, including but not limited to: (a) governance arrangements that establish accountability for oversight of proprietary and Client-facing activities; (b) clearly defined procedures to identify, manage, and escalate conflicts of interest; (c) control mechanisms to establish order execution practices that do not favour proprietary trades over Client orders; and (d) periodic assessment of the effectiveness of information barriers and access controls. 14.7 A Regulated Entity must not use Client data to gain an unfair advantage in trading activities, including its proprietary trading. 14.8 To prevent such misuse and remain consistent with the Authority\u2019s expectations for market conduct and Client protection, a Regulated Entity should implement appropriate safeguards, including but not limited to: (a) Information barriers between proprietary and Client-facing functions, supported by system-level access controls and audit trails; (b) Independent surveillance functions with the authority to monitor internal and third-party data access; and (c) Maintenance of auditable records of how Client data is accessed, used, and protected. All use of Client data should remain consistent with the Authority\u2019s expectations for market conduct and Client protection. R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 23 of 29 14.9 Client data includes, but is not limited to, a Client\u2019s trade history, open or historical bid\/ask positions, order book interactions, trading frequency, behavioural patterns, and any other transaction-related data or metadata that could inform or influence a Regulated Entity\u2019s trading strategy. Such data should not be accessed or used by proprietary trading teams unless it has been sufficiently anonymised and aggregated, and only where: (a) Its use is demonstrably in the Client\u2019s best interest, such as for suitability assessments; or (b) The Client has provided explicit, informed consent. All access to Client data should comply with the requirements set out in Rule 14.7. B. Additional Rules and Guidelines Relating to Virtual Asset Trading Platforms and Virtual Asset Custodians\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_15\", \"num\": \"15.\", \"text\": \"Virtual Asset Trading Platforms 15.1 VATPs must implement systems and procedures to monitor, detect and prevent suspicious transactions, market abuse, and promote the best interests of Clients and the integrity of the market. 15.2 A VATP must undertake regular assessments to identify the inherent risks associated with market abuses, such as insider dealing and market manipulation, and determine the necessary measures to mitigate these risks. 15.3 VATPs must immediately report to the Authority any suspicions indicating that market abuse or other unfair trading practices are being, have been, or are likely to be committed. 15.4 VATPs should implement appropriate surveillance arrangements that apply to all virtual asset product offerings and should at least annually reconcile the coverage of such arrangements against their risk assessment. 15.5 The VATPs market abuse surveillance framework, whether manual or automated, should be established appropriately to the size, nature, and complexity of the VATP. Consideration should be given to: (a) the number of transactions that will need to be monitored; (b) the type of virtual asset being traded by the Client; (c) the frequency and volume of orders and transactions; and (d) the risk profile of the VATP. 15.6 The VATPs market abuse surveillance framework should include procedures, measures, and systems that detect wrongdoings such as insider trading or market manipulation. For the framework to be comprehensive, proactive, and practical, it should comprise of systems designed to monitor trading patterns, detect suspicious activities, and ensure that adequate actions are taken to prevent market manipulation. R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 24 of 29 15.7 VATPs should maintain a publicly accessible interface, such as a dashboard, displaying key market metrics like market trends, trade volumes, and other relevant data. This information should be presented in an easily understandable and user-friendly format, such as graphs, charts, or tables, to establish that users can access and interpret market data effectively. 15.8 A VATP should establish and maintain systems, policies, and procedures for the proper handling and protection of material non-public information (\u201cMNPI\u201d), including, where applicable, information related to whether a virtual asset will be admitted or listed for trading on its VATP. MNPI includes any non-public data that, if disclosed, could influence a decision to buy, sell, or hold a virtual asset. This includes, but is not limited to, information about planned listings, delistings, major upgrades, partnerships, or technical vulnerabilities. The VATP should take proactive measures to prevent the leaking or misuse of such information. 15.9 VATPs must make their pricing policies, including information on price discovery mechanisms, such as live pricing, real-time bid-ask spreads, and transaction fees, easily accessible and publicly available and prominently and clearly displayed on their website, platform, or any other medium used to provide access to their virtual asset services. 15.10 A VATP must implement pricing policies and procedures that prevent unfair trading activities and market abuse. 15.11 The VATP should implement effective system controls to reject transactions that would exceed the internal volume and price thresholds. 15.12 A VATP should have policies and procedures in place for analysing, individually or comparatively, each transaction executed and order priced, modified, cancelled, or rejected in its system. 15.13 For the purposes of Rules 15.9 and 15.10 above, VATPs should ensure that pricing information is continuously updated to reflect prevailing market conditions in real time. Where feasible, VATPs should enable Clients to access or be redirected to the original source(s) or the breakdown of pricing components used to compile the displayed pricing data, such as interchange rates and fees for each product and service provided. To prevent price manipulation and any unfair trading practices, price discovery methods should therefore include pre-trade and post-trade transparency, relating to the bid and offer prices, the depth of trading interests on prices advertised on trading platforms, and volume and transaction times. Overall, these measures aim to enhance transparency and support Clients in making informed decisions. 15.14 A VATP must disclose fee structures, including all applicable charges, upfront before the execution of any transaction. 15.15 VATPs must provide real-time order book data, showing aggregated buy and sell orders to Clients as appropriate, while maintaining confidentiality for sensitive information. R R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 25 of 29 15.16 The Authority expects that the VATPs establish that the real-time order book displays only non-sensitive data, such as aggregated order volumes, across all Communication Channels, while protecting individual order details, user identities, and any other private or proprietary trading information from being exposed to unauthorised parties. 15.17 A VATP must ensure the timely and consistent reconciliation of Client asset balances at suitable, frequent intervals to ensure that Clients' account balances or positions are accurate and provide Clients with applicable verification mechanisms\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_16\", \"num\": \"16.\", \"text\": \"Virtual Asset Custodians 16.1 A Virtual Asset Custodian must ensure that Client assets are clearly identified and segregated from the proprietary assets of the Regulated Entity as well as assets of its group entities. 16.2 A Virtual Asset Custodian must ensure that virtual assets and fiat funds belonging to Clients are protected from third-party creditors. 16.3 For the purposes of Rule 16.1 and 16.2 above, segregation should include clear operational and legal separation of Client assets from those of the Regulated Entity and its group entities. Where shared wallet infrastructure or global systems are used, the Regulated Entity should demonstrate that Client assets attributable to its Cayman operations are clearly identifiable, auditable, and not exposed to claims by creditors of the Regulated Entity. Transaction fees initially received into Client wallets should be swept into proprietary wallets on a frequent and auditable basis. Where a global pooled order book is used, the Regulated Entity should ensure that Clients are afforded fair access, competitive pricing, and appropriate disclosures in line with the Authority\u2019s expectations regarding market conduct and transparency. 16.4 A Virtual Asset Custodian must establish a custody policy with internal rules and procedures to ensure the safekeeping and control of virtual assets in its custody, as well as the means of access to them. 16.5 A Virtual Asset Custodian must ensure that any economic, governance, or other benefits arising from the custody of a Client\u2019s virtual assets, including, but not limited to, staking rewards, airdrops, or voting rights, are treated in accordance with the terms agreed with the Client. The Virtual Asset Custodian must clearly disclose the nature of such benefits to the Client and obtain the Client\u2019s consent regarding their retention, application, or transfer. 16.6 A Virtual Asset Custodian must implement robust security measures to protect Client assets. 16.7 For the purposes of Rule 16.6, robust security measures include the following, inter alia: (a) multi-factor authentication and access controls; (b) secure key management protocols (e.g., management of public and private keys or other related methods by which virtual assets are held, R R R R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 26 of 29 or multi-signature or hardware security modules); (c) ongoing threat monitoring and intrusion detection; (d) recurring testing of IT security and access management; periodic penetration testing; independent third-party security assessments; and (e) business continuity and incident response plans. The Regulated Entity should maintain internal documentation to support the effectiveness of these measures, such as audits and relevant accreditations, and should make such documentation available to the Authority upon request. 16.8 A Regulated Entity that provides virtual asset custody services should ensure that it adheres to the latest industry standards in relation to the use of online and offline wallets and implements appropriate security and cybersecurity controls to safeguard Client assets from unauthorised access, fraud, or theft. Such measures may include, but are not limited to, regular and secure backup systems, wallet software updates, robust cybersecurity controls, delegated limits of authority, and other equivalent technical or operational safeguards. 16.9 A Virtual Asset Custodian must provide the Client with clear and accurate information on storage methods used for their virtual assets. 16.10 A Virtual Asset Custodian should provide Clients with clear information on storage methods (e.g., hot, cold, or other secure storage) and the associated benefits, risks, and security features. The Virtual Asset Custodian should: (a) provide at least quarterly an update summarising its current storage posture (including indicative allocation across storage methods) and confirm whether there have been material changes since the prior update (a \u201cno material changes\u201d statement is acceptable where applicable); and (b) promptly notify Clients of any material change to storage methods or infrastructure when it occurs, particularly where risk may increase. 16.11 A Virtual Asset Custodian must report any breaches or unauthorised access to custody systems to the Authority and the affected Clients. 16.12 For the purposes of Rule 16.11, a Regulated Entity should report any material breach or unauthorised access to its custody systems in a timely manner that upholds Client protection, facilitates effective regulatory oversight, and preserves market integrity: (a) notification to the Authority: A Regulated Entity should notify the Authority no later than 72 hours after discovery of a material incident, as prescribed under the Authority\u2019s Rule and Statement of Guidance on Cybersecurity for Regulated Entities. (b) notification to Clients: In the same vein, affected Clients should be notified promptly after notification to the Authority, once the nature and impact of the breach has been reasonably assessed, and in any event no later than 72 hours from detection, unless otherwise directed by R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 27 of 29 investigative or regulatory authorities. (c) recordkeeping: All incidents, whether material or not, should be documented internally, including the timeline of detection, actions taken, and any reasons for delay in reporting. These records should be made available to the Authority upon request. 16.13 A Virtual Asset Custodian must ensure the timely and consistent reconciliation of Client asset balances at suitable, frequent intervals to ensure that Clients' account balances or positions are accurate.  The Virtual Asset Custodian must also provide Clients with applicable mechanisms to verify their balances or positions. 16.14 With regards to the reconciliation of Client asset balances, a Virtual Asset Custodian must maintain a register of the positions in the name of each Client, including, but not limited to, the following: (a) the value and the Client ownership of the virtual assets; (b) the ongoing record of any movement in the Client positions; (c) evidence of corresponding transactions; (d) the frequency of performing the reconciliation of Client virtual assets balances and fiat balances; and (e) reconciling internally calculated balances to the expected balance on the relevant distributed ledger; investigating any discrepancies; and taking the necessary measures to remedy any differences. 16.15 Reconciliation and verification mechanisms may be automated, comprising a secure and auditable process that enables a Client to confirm the existence and accuracy of their custodied asset balances, which are applied to correct wallet addresses without undue delay, without compromising the security or confidentiality of other Clients. Acceptable mechanisms may include, but are not limited to: (a) Secure Client account statements or read-only portals; and (b) Access to On-chain or tagged wallet addresses. 16.16 The reconciliations should be conducted at intervals appropriate to the nature and scale of the custody services, and, for further guidance, should include, at a minimum, daily reconciliation of the account balances of the Virtual Asset Custodian\u2019s own assets and of virtual assets and fiat funds belonging to clients. Documentation of the reconciliation should be retained and made available to the Authority upon request.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_17\", \"num\": \"17.\", \"text\": \"Enforcement 17.1 A Regulated Entity must observe all requirements and expectations within this Rule and Statement of Guidance on an ongoing basis and must not circumvent or attempt to circumvent the requirements contained herein. R R R Rule and Statement of Guidance Market Conduct for Virtual Asset Service Providers Cayman Islands Monetary Authority Page 28 of 29 17.2 Whenever there has been a breach of the Rules included in this document, the Authority\u2019s policies and procedures, as contained in its Enforcement Manual, will apply in addition to any other powers provided in the relevant Acts and the MAA.\", \"element\": \"section\", \"heading\": null}, {\"eId\": \"sec_18\", \"num\": \"18.\", \"text\": \"Effective Date 18.1 This RSOG will take effect upon publication in the Gazette. Cayman Islands Monetary Authority Page 29 of 29\", \"element\": \"section\", \"heading\": null}], \"meta\": {\"notes\": null, \"workflow\": null, \"lifecycle\": {\"source\": \"#cilegis\", \"eventRef\": [{\"eId\": \"e_commence_2026_01_01\", \"date\": \"2026-01-01\", \"type\": \"generation\", \"source\": \"#cilegis\"}]}, \"references\": {\"source\": \"#canary\", \"TLCRole\": [], \"TLCEvent\": [{\"eId\": \"ev_commencement\", \"href\": \"\/akn\/ontology\/canary\/event\/commencement\", \"showAs\": \"commencement\"}], \"TLCPerson\": [], \"TLCConcept\": [{\"eId\": \"inForce\", \"href\": \"\/akn\/ontology\/canary\/concept\/temporal\/in-force\", \"showAs\": \"in force\"}], \"TLCProcess\": [], \"TLCLocation\": [], \"TLCOrganization\": [{\"eId\": \"cilegis\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\", \"showAs\": \"Cayman Islands legislation mirror (kyleg)\"}]}, \"temporalData\": {\"source\": \"#cilegis\", \"temporalGroup\": [{\"eId\": \"tg_inforce_2026_01_01\", \"timeInterval\": [{\"end\": null, \"start\": \"#e_commence_2026_01_01\", \"duration\": null, \"refersTo\": \"#inForce\"}]}]}, \"classification\": null, \"identification\": {\"source\": \"#cilegis\", \"FRBRWork\": {\"FRBRuri\": \"\/akn\/ky\/act\/sl\/2026\/12\", \"FRBRdate\": [{\"date\": \"2026-01-01\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/sl\/2026\/12\/!main\", \"FRBRalias\": [{\"name\": \"cmsId\", \"value\": \"2026-0012\"}], \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRnumber\": \"12 of 2026\", \"FRBRcountry\": \"ky\", \"FRBRsubtype\": \"subordinate\"}, \"FRBRExpression\": {\"FRBRuri\": \"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01\", \"FRBRdate\": [{\"date\": \"2026-01-01\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01\/!main\", \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRlanguage\": \"eng\"}, \"FRBRManifestation\": {\"FRBRuri\": \"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01.xml\", \"FRBRdate\": [{\"date\": \"2026-06-22\", \"name\": \"generation\"}], \"FRBRthis\": \"\/akn\/ky\/act\/sl\/2026\/12\/eng@2026-01-01.xml\", \"FRBRauthor\": [{\"as\": \"#editor\", \"href\": \"\/akn\/ontology\/canary\/organization\/editor\/cilegis\"}], \"FRBRformat\": \"application\/xml\"}}}, \"name\": \"act\", \"header\": {\"title\": \"Rule and Statement of Guidance - Market Conduct for Virtual Asset Service Providers\", \"actNumber\": \"12 of 2026\", \"longTitle\": null}}, \"doc\": null, \"bill\": null, \"judgment\": null}}","akn_full_text":"Cayman Islands Monetary Authority\n\nPage 1 of 29\n\nRULE AND STATEMENT OF GUIDANCE\nMarket Conduct for Virtual Asset Service\nProviders\n\nFebruary 2026\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 2 of 29\n\nTable of Contents\n\nList of Acronyms .................................................................................................... 3\n1.\nIntroduction ..................................................................................................... 4\n2.\nStatement of Objectives ................................................................................... 4\n3.\nStatutory Authority .......................................................................................... 5\n4.\nScope of Application ......................................................................................... 5\n5.\nDefinitions ....................................................................................................... 6\n6.\nIntegrity and Conflicts of Interest .................................................................... 7\n7.\nClient Asset Safeguards ................................................................................. 10\n8.\nInsurance ....................................................................................................... 10\n9.\nMarketing, Advertising, Communications, and Promotions ............................ 11\n10. Client Onboarding and Client Agreements ...................................................... 14\n11. Complaints Handling ...................................................................................... 18\n12. Public Disclosures .......................................................................................... 20\n13. Cross-Border Transactions ............................................................................. 21\n14. Trading on Own Account ................................................................................ 21\n15. Virtual Asset Trading Platforms ..................................................................... 23\n16. Virtual Asset Custodians ................................................................................ 25\n17. Enforcement ................................................................................................... 27\n18. Effective Date ................................................................................................. 28\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 3 of 29\nList of Acronyms\n\nCIMA\nCayman Islands Monetary Authority\nMAA\nMonetary Authority Act\nMNPI\nMaterial Non-Public Information\nRSOG\nRule and Statement of Guidance\nVA\nVirtual Asset\nVASPA\nVirtual Asset Service Providers Act\nVASPs\nVirtual Asset Service Providers\nVATP\nVirtual Asset Trading Platform\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 4 of 29\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Services Providers\n\n1.\nIntroduction\n\n1.1\nThis document (\u201cThe Rule and Statement of Guidance\u201d) establishes the Cayman\nIslands Monetary Authority\u2019s (the \u201cAuthority\u201d or \u201cCIMA\u201d) Rule and Statement of\nGuidance on Market Conduct for Virtual Asset Service Providers (\u201cVASPs\u201d).\n\n1.2\nThe Rule and Statement of Guidance (\u201cRSOG\u201d) should be read in conjunction\nwith:\n(a)\nMonetary Authority Act (\u201cMAA\u201d);\n(b)\nVirtual Asset (Service Providers) Act (the \u201cVASPA\u201d);\n(c)\nAnti-Money Laundering Regulations;\n(d)\nGuidance Notes on the Prevention and Detection of Money Laundering\nand Terrorist Financing in the Cayman Islands;\n(e)\nStatement of Principles on Conduct of Virtual Asset Services;\n(f)\nRule on Obligations for the Provision of Virtual Asset Services Virtual\nAsset Custodians and Virtual Asset Trading Platforms;\n(g)\nStatement of Guidance on Obligations for the Provision of Virtual Asset\nServices - Virtual Asset Custodians and Virtual Asset Trading Platforms;\n(h)\nStatement of Guidance on Outsourcing for Regulated Entities;\n(i)\nRegulatory Policy on Marketing Policies of Licensees;\n(j)\nRule and Statement of Guidance on Internal Controls for Regulated\nEntities;\n(k)\nRule on Corporate Governance for Regulated Entities;\n(l)\nRule on Cybersecurity for Regulated Entities;\n(m)\nStatement on Cybersecurity for Regulated Entities;\n(n)\nStatement of Guidance Nature, Accessibility and Retention of Records;\n(o)\nThe Regulatory Policy on Fitness and Propriety; and\n(p)\nany other relevant Acts and regulatory instruments issued by the\nAuthority from time to time.\n\n1.3\nTo highlight the Authority\u2019s market conduct rules within the compendium, a\nrule is written in light blue and designated with the letter \u201cR\u201d in the right margin.\n\n2.\nStatement of Objectives\n\n2.1\nThis RSOG establishes minimum requirements and guidance for VASPs in\nrelation to market conduct.\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 5 of 29\n3.\nStatutory Authority\n\n3.1\nThis RSOG is consistent with the Authority\u2019s statutory objectives as prescribed\nin Section 6(1)(b) of the MAA, which provides that the principal regulatory\nfunctions of the Authority are to:\n\n\u201c(i) to regulate and supervise financial services business carried on in or from\nwithin the Islands in accordance with this Law and the regulatory laws;\n (ii) to monitor compliance with the anti-money laundering regulations; and\n(iii) to perform any other regulatory or supervisory duties that may be imposed\non the Authority by any other law;\u201d\n\n3.2\nAdditionally, section 34(1) of the MAA provides that:\n\n\u201cAfter private sector consultation and consultation with the Minister charged\nwith responsibility for Financial Services, the Authority may\u2013\n\n(a)\nissue or amend rules or statements of principle or guidance concerning\nthe conduct of Regulated Entity\u2019s and their officers and employees, and\nany other persons to whom and to the extent that the regulatory acts\nmay apply;\n\n(b)\nissue or amend statements of guidance concerning the requirements of\nthe anti-money laundering regulations or the provisions of the\nregulatory laws; and\n\n(c)\nissue or amend rules or statements of principle or guidance to reduce\nthe risk of financial services business being used for money laundering\nor other criminal purposes.\u201d\n\n4.\nScope of Application\n\n4.1\nThis RSOG applies to Regulated Entities that have been authorised by the\nAuthority to conduct virtual asset services pursuant to the VASPA.\n\n4.2\nThe Authority will assess Regulated Entities\u2019 compliance with this RSOG in a\nmanner commensurate with the size, complexity, structure, nature of business\nand risk profile of its operations.\n\n4.3\nThe Authority acknowledges that Regulated Entities that are part of a group\nmay be subject to group-wide market conduct practices and that such\nRegulated Entities may rely on the group\u2019s policies in respect of certain market\nconduct matters. Where a Regulated Entity is part of a group, it may rely on\nthe group market conduct framework provided that the Regulated Entity\u2019s\nGoverning Body is satisfied that the framework is commensurate with the size,\ncomplexity, structure, nature of business and risk profile of the Regulated\nEntity\u2019s operations and that the framework meets the legal requirements in the\nCayman Islands, including those outlined in this RSOG. Where gaps are\nidentified, a tailored market conduct framework that complies with this RSOG\nand legal requirements in the Cayman Islands should be implemented.\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 6 of 29\n4.4\nReferences to any Act or Regulation should be construed as references to those\nprovisions as commenced, amended, modified, re-enacted or replaced from\ntime to time. For avoidance of doubt, this document applies to the acts or\nregulations to the extent that such provisions in those acts or regulations are\nin force.\n\n5.\nDefinitions\n\n5.1\nThe following definitions are provided for the purpose of this Rule and\nStatement of Guidance:\n\n5.1.1. The \u201cAuthority\u201d has the same meaning as defined in the VASPA.\n\n5.1.2. \u201cAgent\u201d refers to a person or entity that is authorised to act on behalf\nof\na\nprincipal,\nwhether\nfor\ninitiating\ntransactions,\nhandling\ndocumentation, or providing services, subject to the terms agreed with\nthe principal and applicable law.\n\n5.1.3. \u201cClient\u201d means a legal or natural person to whom virtual asset services\nare provided.\n\n5.1.4. \u201cClient Agreement\u201d refers to a written document agreed to by the\nClient and the Regulated Entity, containing the conditions, terms of the\nbusiness, and services provided to the Client by the Regulated Entity.\n\n5.1.5. \u201cCommunication Channels\u201d includes, but is not limited to, the\nRegulated Entity's official website, social media platforms, print or\ntelevision media, email broadcasts, newsletters, and any other medium\nused to convey information to Clients and the public.\n\n5.1.6. \u201cControl Functions\u201d mean properly authorised functions, whether in\nthe form of a person, unit or department, serving a control or checks\nand balances function from a governance standpoint and which carry\nout specific activities, including strategy setting, risk management,\ncompliance, actuarial matters, internal audit, and similar functions.\n\n5.1.7. \u201cCross-border transaction\u201d means any transaction where the\noriginator and beneficiary institutions are located in different\njurisdictions. This term also refers to any chain of transactions that has\nat least one cross-border element.\n\n5.1.8. \u201cGoverning Body\u201d of a Regulated Entity is the Board of Directors\nwhere the entity is a corporation, the General Partner where the entity\nis a partnership, the manager where the entity is a Limited Liability\nCompany, and the Board of Trustees where the entity is a trust business,\nor any equivalent governing structure as appropriate, taking into\naccount the nature, size, and legal form of the Regulated Entity.\n\n5.1.9. \u201cIssuance of Virtual Assets\u201d or \u201cVirtual Asset Issuance\u201d has the\nsame meaning as defined in the VASPA.\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 7 of 29\n5.1.10. \u201cPublic Disclosures\u201d means information that a Regulated Entity\nmakes available to the public regarding its operations, virtual asset\nservices, processes and controls, and compliance standing with the\nlegal, financial, and regulatory requirements in the Cayman Islands or\nin any other jurisdiction in which it conducts business.\n\n5.1.11. \u201cRegulated Entity\u201d means any legal person or arrangement that has\nbeen granted a license, registration, or waiver in accordance with the\nVASP waiver.\n\n5.1.12. \u201cSenior Management\u201d includes the most senior staff of the regulated\nentity, including heads of divisions, and any person who fulfils the\nfunctions of a senior manager, by whatever name called. Such functions\ninclude actively participating in the daily planning, supervision,\nadministration and execution of a regulated entity\u2019s objectives and\nstrategy.\n\n5.1.13. \u201cVirtual Asset Custodian\u201d has the same meaning as defined in the\nVASPA.\n\n5.1.14. \u201cVirtual Asset Trading Platform\u201d (\u201cVATP\u201d) has the same meaning\nas defined in the VASPA.\n\nA.\nGeneral Guidelines and Requirements\n\n6.\nIntegrity and Conflicts of Interest\n\n6.1\nRegulated Entities are expected to act with honesty and integrity. The\nrelationship between a Regulated Entity and its Clients should be based on the\nutmost good faith, by always upholding and acting within the terms of the\ndocumentation1 governing their relationship and in accordance with applicable\nActs and regulations.\n\n6.2\nA Regulated Entity must establish, document, and implement clear written\npolicies and procedures to ensure that it acts in the best interest of its Clients,\nand fulfil the responsibilities that it has undertaken on behalf of its Clients.\n\n6.3\nA Regulated Entity must conduct its business with due skill, care, and diligence,\nand must act ethically and professionally in a manner that safeguards the\nintegrity of the market and prioritises the best interests of its Clients. Clients\nand prospective Clients must be treated fairly, transparently, and equitably.\n\n6.4\nA Regulated Entity must conduct its business in accordance with the terms and\nany conditions of its licence or registration under the VASPA.\n\n6.5\nThe Authority will consider whether the Regulated Entity is acting within its\npowers and the specific virtual asset services for which a Regulated Entity has\n\n1 \u2018terms of documentation\u2019 is used in a broad context to refer to the Client Agreement as well as any contractual and\noperational documents that may govern the Client relationship. These may include, but are not limited to, onboarding\ndisclosures, promotional, offering documentation, custodial terms, supplemental product terms, and risk\nacknowledgements.\n\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 8 of 29\nbeen licensed or registered as the scope of activities authorised under its licence\nor registration; since, consistent with Section 4 of the VASPA, Regulated\nEntities are prohibited from carrying out any specific virtual asset service\nactivity(ies) outside the scope of their approved licence or registration,\nregardless of whether such services are provided directly or through affiliated\nentities on behalf of the Regulated Entity.\n\n6.6\nA Regulated Entity must maintain the confidentiality of a Client\u2019s affairs and\nprotect the privacy of the information obtained from Clients, unless disclosure\nis required or permitted under applicable Acts and regulations, or with the\nconsent of such Client to whom the duty of confidentiality is owed.\n\n6.7\nA Regulated entity should therefore be able to demonstrate that it has used\nClient\u2019s information only for the purpose for which it was obtained.\n\n6.8\nA Regulated Entity should identify and comply with the legal and regulatory\nrequirements applicable to the administration of Client affairs in the\njurisdiction(s) in which it conducts business or holds Client assets.\n\n6.9\nA Regulated Entity should maintain a documented compliance framework that\nidentifies and tracks the relevant legal and regulatory obligations in each\njurisdiction where it conducts business or holds Client assets. This may include\ninternal jurisdictional checklists, reliance on external legal counsel, crossborder compliance protocols, or other recognised industry resources. Where\nnecessary, the Regulated Entity should seek appropriate legal or professional\nadvice to establish that it meets any applicable fiduciary, custodial, or\nadministrative responsibilities under relevant acts and regulations.\n\n6.10\nA Regulated Entity must ensure that any decisions made, or transactions\nentered into by a Client, on behalf of a Client, or in relation to the Client\nAgreement are:\n\n(a)\nwithin the scope of approval of the Regulated Entity;\n\n(b)\ndocumented and actioned by the Regulated Entity in a timely and\nexpeditious manner in accordance with the Client Agreement and\ncommensurate with the size, complexity, structure, nature of business\nand risk profile of the Client operations; and\n\n(c)\nproperly authorised and handled by persons employed by the Regulated\nEntity or by the Regulated Entity\u2019s Agent with an appropriate level of\ncompetence, knowledge, experience, and professional standing.\n\n6.11\nWith regard to maintaining the timeliness of transactions, a Regulated Entity is\nguided to transact its business (including establishing, transferring or closing\nbusiness relationships with its Client) expeditiously, meaning without delay,\nand in line with the terms of business contained in the Client Agreement. The\nRegulated Entity should also provide Clients with any information relating to\noperations on virtual assets that would require a Client\u2019s response, without\ndelay.\n\n6.12\nA Regulated Entity should inform Clients of the typical timeframes for\nprocessing account withdrawals or account closures, including instances where,\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 9 of 29\ndue to safeguarding controls (such as virtual assets being stored in offline\nwallets), virtual asset withdrawals may take longer to process. A Regulated\nEntity should inform Clients of any withdrawal limits and related timeframes.\n\n6.13\nThe concept of conflict of interest is generally related to a Regulated Entity\nputting control activities in place, including segregation of duties, declarations\nand recusal procedures to mitigate fraud, error or manipulation and to promote\nintegrity, transparency and acting in the best interests of Clients. The Regulated\nEntity should therefore appropriately segregate the duties of critical functions,\nincluding but not limited to Client onboarding, transaction execution,\nreconciliation, custody, risk monitoring, and compliance.\n\n6.14\nThe policies and procedures implemented by a Regulated Entity for the\nidentification and management of conflicts of interest should consider:\n\n(a)\nconflicts of interest between a Regulated Entity and their beneficial\nowners, directors, senior officers, employees and Clients;\n\n(b)\nany personal conflicts of interest of any employee tasked with decisionmaking;\n\n(c)\nkeeping and maintaining a register of potential and existing conflicts of\ninterests, along with the mitigating measures in place; and\n\n(d)\navoiding the assignment of conflicting duties to one individual. Certain\nduties within a Regulated Entity should be split, to the extent possible,\namong various individuals to reduce the risk of manipulation of financial\ndata or misappropriation of assets.\n\n6.15\nA Regulated Entity must disclose any conflict of interest or potential conflict of\ninterest to its Clients; and such disclosure must be in written form and include\nsufficient detail, taking into account the nature of the Client, to enable the Client\nto take or make an informed decision with respect to the product or service in\nthe context of which the conflict of interest arises.\n\n6.16\nEvery director and senior officer must disclose any conflicts of interest to the\nGoverning Body on at least an annual basis. Where new conflicts arise, directors\nand senior officers must declare them and recuse themselves from decisions in\nwhich a conflict of interest exists.\n\n6.17\nA Regulated Entity must ensure that there is adequate segregation of duties,\ncommensurate with the size, complexity, structure, nature of business and risk\nprofile of its operations.\n\n6.18\nA Regulated Entity must maintain and implement effective policies and\nprocedures to prevent, identify, manage, and disclose conflicts of interest.\n\n6.19\nThe Regulated Entity must observe the conflict of interest and confidentiality\ndisclosure requirements outlined in this Rule at all times as an ongoing\nobligation.\n\n6.20\nOverall, the Authority expects that, throughout the lifetime of the relationship\nwith its Clients, a Regulated Entity maintains appropriate, reliable, timely, and\ntransparent interactions while exercising due care and diligence.\nR\nR\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 10 of 29\n\n7.\nClient Asset Safeguards\n\n7.1\nA Regulated Entity outsourcing custody of Client virtual assets to third parties\nmust ensure that such third parties are, at all times, in compliance with the\nrelevant requirements under the VASPA, this measure and other applicable\nregulatory measures.\n\n7.2\nA Regulated Entity holding Client funds, on behalf of Clients, must ensure that\nClient funds are clearly segregated in compliance with the relevant\nrequirements under the VASPA.\n\n7.3\nWhere a Regulated entity decides to cease any virtual asset services, it must\nensure that it honours its commitments, protects Client interests, and that any\noutstanding business is properly completed with minimal disruptions to its\nclients, and in accordance with the relevant Acts or regulatory measures.\n\n8.\nInsurance\n\n8.1\nWhere applicable, a Regulated Entity must maintain insurance protections to\nthe satisfaction of the Authority, including the following:\n(a)\nprofessional liability of senior officers;\n(b)\ntheft or loss of Client assets held in custody;\n(c)\nbusiness interruption; and\n(d)\ncyber security.\n\n8.2\nInsurance coverage carries an added layer of security, ensuring that Clients are\nsafeguarded against potential losses and can trust the Regulated Entity to act\nresponsibly and transparently. The level of insurance cover that a Regulated\nEntity holds should be based on the products and services that it offers and its\nscale of operations. Consideration should be given to the following risks:\n\n(a)\nloss or theft of virtual assets belonging to Clients;\n(b)\nloss of documents;\n(c)\nmisrepresentations or misleading statements made;\n(d)\nacts, errors, or omissions resulting in a breach of:\n(i)\nlegal and regulatory obligations;\n(ii)\nthe duty to act honestly, fairly, and professionally towards\nClients; and\n(iii)\nconfidentiality obligations; and\n(e)\nfailure to establish, implement and maintain appropriate procedures to\nprevent conflicts of interest.\n\n8.3\nWhere a Regulated Entity is unable to obtain such insurance coverage, it should\nnotify the Authority and provide reasonable evidence of unavailability. In such\ncases, the Authority may permit the use of alternative risk mitigation measures,\nR\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 11 of 29\ntaking into account the nature, scale, complexity, and risk profile of the custody\nservices provided. These may include alternatives such as:\n\n(a)\nRegular independent audits;\n(b)\nEnhanced cybersecurity and operational safeguards; and\n(c)\nSelf-funded reserves or risk-based capital (as a form of self-insurance).\n\nAll alternative measures would be subject to the approval of the Authority, in\nadvance, and should offer a level of protection broadly equivalent to that of\ninsurance. This exception is not intended to serve as a default alternative to\ninsurance but as a limited accommodation in exceptional cases. Furthermore,\nthe Authority may subject the Regulated Entity to review any self-insurance\ncover on at least an annual basis, considering the proportionality principle.\n\n9.\nMarketing, Advertising, Communications, and Promotions\n\n9.1\nA Regulated Entity must ensure that all marketing, advertising, or promotional\nmaterials and information:\n\n(a)\nare fair, clear, and not misleading in both content and presentation;\n(b)\nare clearly identifiable as marketing or promotional in nature;\n(c)\ndo not contain statements or visual elements that contradict the risks\nassociated with Virtual Assets;\n(d)\ndo not mislead Clients, deliberately or negligently, about the real or\nperceived benefits of any services carried out, or about potential\nprofitability, exaggerate claims, or make assurances of gains;\n(e)\ndo not mislead Clients about the safety, risk profile, simplicity, or\nguarantee, or create an urgency based on the speculative future value\nof an investment; or\n(f)\ndo not create an urgency based on the speculative future value of an\ninvestment.\n\n9.2\nA Regulated Entity should ensure that any advertising, marketing, or\npromotional materials and communications relating to its products or services\nare fair, clear, and not misleading. In particular, the Regulated Entity should\ntake reasonable steps to ensure that language is carefully chosen and does not\ninclude misleading statements, promises, or terms, when read in context, (such\nas \u201cguaranteed\u201d, \u201cconfidential\u201d, \u201cassured\u201d, \u201csecret\u201d, or similar expressions),\nwhether relating to the scale of its regulated activities or to any other matter\nthat the Regulated Entity does not reasonably believe to be true. The Regulated\nEntity should also have regard to the Authority\u2019s Policy on Marketing Policies of\nLicensees.\n\n9.3\nA Regulated Entity should establish that all communication and information\nprovided to Clients:\n\n(a)\nis provided in writing or in a form that can be retained and referenced\nby the Client. The Authority notes that while typically, a Regulated Entity\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 12 of 29\ncommunicates with Clients via e-channels, digital channels or\napplications, the expectation is that the Regulated Entity implements\npolicies and procedures to manage the integrity and auditability of its\ncommunication with Clients. This is particularly important to consider,\nin conjunction with Rule 10.5 and whether such communication impacts\nthe Client Agreement;\n\n(b)\nuses plain language, is logically ordered, accurate, clear, free of\nambiguity and misleading language, technical jargon or complex\ninformation that is not clearly explained; highlights important\ninformation;\n\n(c)\nis sufficient for and presented in a way that is likely to be understood\nby the average Client in the group of Clients to whom it is directed, or\nby whom it is likely to be received;\n\n(d)\ndoes not disguise, diminish or obscure important items, statements or\nrisk warnings, and includes clear, fair and prominent information on the\nproportion or percentage of Clients that incur losses when trading such\nproducts;\n\n(e)\nuses a font size in the indication of relevant risks that is at least equal\nto the predominant font size used throughout the information provided,\nas well as a layout that ensures that such an indication is prominent;\n\n(f)\nis consistently presented in the same language throughout all forms of\ninformation and marketing materials that are provided to each Client,\nunless the Client has agreed to receive information in more than one\nlanguage;\n\n(g)\nis up to date and relevant to the means of communication that the Client\nhas agreed to; and\n\n(h)\nconsiders whether the omission of relevant facts would result in the\ninformation being unfair and unclear, or misleading.\n\n9.4\nFurther, the Authority does not require Regulated Entities to make audio or\ndigital screen recordings of telephone calls with Clients. However, where\nmaterial instructions, advice, or agreements are provided by telephone,\nRegulated Entities should follow up with written confirmations or follow-up\ndocumentation, including the substance of the communication in a durable and\nauditable format, so as not to breach any obligations relating to the Client\nagreement.\n\n9.5\nWhile technical or industry-specific terms are not prohibited, Regulated Entities\nshould consider the ways of conveying information, the content that the\ncommunication is intended to convey, and the type, experience and level of\nknowledge and\/or sophistication of each Client, to uphold the integrity of such\ncommunication. Further, while the Authority does not mandate that Regulated\nEntities conduct formal tests (for example, quizzes) to assess a Client\u2019s level of\nknowledge and sophistication, Regulated Entities should use reasonable, riskbased evaluation methods considering factors such as product complexity,\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 13 of 29\nClient profile, or onboarding information to tailor communications to Clients\nappropriately, and with integrity.\n\n9.6\nWhere a virtual asset service or product carries a lower risk profile based on\nestablished technology or operational, or validated history, a Regulated Entity\nmay describe such characteristics in its marketing, advertising or promotion,\nprovided that it does so in a balanced manner that does not diminish disclosure\nof residual risks.\n\n9.7\nA Regulated Entity should not include in its marketing communications any\nstatement detailing historic market performances of its products or services\nunless:\n(a)\nthe basis on which such performance is measured is clearly stated and\nthe presentation is not misleading;\n(b)\nit is accompanied by a risk warning indicating that past performance is\nnot necessarily an indication of future performance; and\n(c)\nthe past performance details are relevant to the service or product\noffered by the Regulated Entity.\n\n9.8\nIt is also expected that the marketing communications of the Regulated Entity\ndoes not compare the products and services to other forms of investments or\ntrading unless the reason for the comparison is clearly stated, justified and\nappropriate.\n\n9.9\nA Regulated Entity must ensure that its marketing, advertising, communications\nand promotions practices:\n(a)\ndo not breach or contain any material or content that is in breach of any\nacts, regulations or applicable rules;\n(b)\ndo not violate standards of prudence and fairness;\n(c)\nare clear, ethical, factual, and not misleading, false, or deceptive;\n(d)\ndo not present or promote any services that it is not licensed or\nregistered or waived to provide;\n(e)\ndisclose to its Clients and prospective Clients any material risks that the\nRegulated Entity, acting with due care and diligence, ought to identify\nin connection with the virtual asset services it is advertising to them;\nand\n(f)\ndo not place the reputation of the Cayman Islands at risk of being\nbrought into disrepute.\n\n9.10\nA Regulated Entity must disclose all incentives and rewards being offered in\nmarketing campaigns, including applicable terms and conditions.\n\n9.11\nThe incentives and rewards disclosed should be clearly identified as being\noffered to the Client. The Regulated Entity should make it clear what the Client\nwill receive, under what conditions, and avoid language that could cause\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 14 of 29\nconfusion about whom the reward is intended for.\n\n9.12\nWhere a Regulated Entity uses a marketing or trading name that differs from\nits regulated legal name, both names should be clearly disclosed in all\nmarketing, advertising, or promotional materials in a manner that is prominent\nand not misleading.\n\n9.13\nA Regulated Entity should ensure that the marketing of higher risk products,\nsuch as derivatives or leveraged trading, includes a warning of the risks\ninvolved. These may include:\n\n(a)\nthe enhanced risk of losing invested capital through margin calls or\nposition liquidations;\n(b)\nthe impact of small fluctuations in the price of virtual assets;\n(c)\nthe risk of imperfect correlation between a derivative and the underlying\nasset and the resultant hedging risk; and\n(d)\nstatistics and statements on the percentage of Clients that lose money\nwhen trading with the custodian or trading platform.\n\n9.14\nA Regulated Entity should maintain a record of any marketing communications\nor promotional campaigns. This should be made available to the Authority if\nnecessary.\n\n10.\nClient Onboarding and Client Agreements\n\n10.1\nIn assessing the complexity and minimising the risk of its products and services\nduring client onboarding, the Regulated Entity should develop controls, policies\nand procedures which are proportionate to:\n(a)\nthe level of understanding, interest, and needs of its Clients; and\n(b)\nthe level of risk, experience, and vulnerability of its Clients.\nExamples of measures that a Regulated Entity may take in this regard include\ninter alia:\n(a)\nassessing the volatility and  extent to which a product or service is\nsuitable and appropriate for a Client. This may include taking into\nconsideration the nature of the Client (i.e. retail or corporate);\n(b)\ncarrying out robust testing of new products and services, and the\neffectiveness of controls;\n(c)\nconsidering the extent to which Client assets are at risk as a result of\nnew products or services being offered; and\n(d)\nthe Client\u2019s risk appetite and financial position.\n\n10.2\nThe key risks associated with virtual assets products and services, for which\nrisk disclosures or warnings should be made to Clients, include, but are not\nlimited to:\n\n(a)\npotential loss of value in full or in part or if the Client\u2019s invested capital\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 15 of 29\nis at risk;\n(b)\nrisks relating to the use of leverage;\n(c)\nthe irreversible or illiquid nature of certain transactions;\n(d)\nthe absence of financial protection for Virtual Asset investors;\n(e)\nthe exposure to fraud, theft, manipulation, or cyber risks;\n(f)\nvolatile trading history; and\n(g)\nthe risks associated with the transfer and storage of virtual assets,\napplicable where the Client wishes to deposit or withdraw virtual assets\nto or from a wallet address controlled by the Regulated Entity.\n\nThese disclosures should be presented in a clear, accurate, and easily\nunderstandable\nformat\nacross\nall\nClient-facing\ndocumentation,\ncommunications, and agreements.\n\n10.3\nAdditionally, the Authority notes that all material terms must be fair,\ntransparent, and clearly disclosed to Clients during the onboarding process and\nin the Client Agreement. This includes, but is not limited to:\n\n(a)\nterms relating to limitation of liability, indemnification, and the\ncircumstances in which either party may be held liable for losses,\ndamages, or third-party claims; and\n\n(b)\nany contractual right of a Regulated Entity to realise Clients\u2019 virtual\nassets, including the specific virtual assets subject to that right, the\ncircumstances in which it may be exercised, and the actions the\nRegulated Entity may take when exercising it.\n\n10.4\nMoreover, the Authority notes that terms relating to limitation of liability and\nindemnification should not be one-sided to an unreasonable extent. For\nexample, indemnities for Client negligence may be acceptable, but not clauses\nexempting a Regulated Entity from any illicit activity, including fraud or gross\nnegligence.\n\n10.5\nA Regulated Entity must ensure that a written Client Agreement is signed by all\nparties and in place before providing any virtual asset service(s) under the\nVASPA and must provide the Client with a copy of the executed Client\nAgreement.\n\n10.6\nA Regulated Entity must clearly specify in the Client Agreement the nature of\neach service or product it provides to the Client, as well as the capacity in which\nit acts in relation to any relevant transaction.\n\n10.7\nThe Regulated Entity must clearly identify all parties to the Client Agreement,\nincluding the legal name and registered address of the Regulated Entity, and,\nwhere applicable, any affiliated or parent entities, or provisions for custodial or\nother third-party arrangements that are materially connected to the provision\nof the virtual asset services. The Regulated Entity must also correctly identify\nthe Client by legal name, and, where applicable, any additional party authorised\nto act on the Client\u2019s behalf.\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 16 of 29\n\n10.8\nA Regulated Entity must clearly disclose, in the Client Agreement\/ Terms of\nbusiness \/ other relevant documents and in a manner that is simple and easy\nfor the Client to understand, the quantity, value, and arrangements for the\npayment or provision of any commissions, fees, interest, charges,\ninducements, or other costs associated with the provision of virtual asset\nservices, together with any applicable terms and conditions. The fees, charges\nor commission structures must be transparent, fair, and non-discriminatory.\n\n10.9\nThe written Client Agreement should be shared between the Regulated Entity\nand the Client via a suitable documented communication method, such as\nemail, smart contract, or secure Client portal access. The Authority expects that\nsuch Client Agreement is recorded, captured, or stored in a manner that\nensures it can be accessed and verified by the Authority.\n\n10.10 A Regulated Entity must provide Clients with written confirmation upon\nexecution of a transaction that includes all relevant details of the transaction.\n\n10.11 The Regulated Entity should also consider providing written confirmation to the\nClient on the following:\n(a)\nthe virtual asset being transacted along with the price, quantity and total\ncost;\n(b)\nthe date and time that the transaction was placed;\n(c)\nin relation to the transaction details, if applicable, the direction of the\ntransaction (e.g. buy or sell order);\n(d)\nthe allocation and provision of an order identification number so that the\nClient will be able to communicate with the Regulated Entity in the event\nof any discrepancies, operational issues, or complaints; and\n(e)\nproviding any funds, commission, or fees received in connection with\nany Client transaction.\n\n10.12 The executed Client Agreement and written confirmation of a transaction,\nincluding the transaction details, may be provided to the Client in secure Client\nportals, via email, or other reliable and auditable electronic means.\n\n10.13 A Regulated Entity should also consider including within the Client Agreement\nthe manner in which the Client may provide instructions for any transactions.\nGenerally, it should be established that the Client Agreement includes clear and\naccurate information on the official Communication Channels used between the\nRegulated Entity and the Client. This guidance supports Client awareness,\nreduces confusion, and aims to protect Clients from fraud, impersonation,\nscams or similar threats.\n\n10.14 The Regulated Entity must include a dedicated section in the Client Agreement\/\nTerms and Conditions\/ or an Alternative that prominently discloses all key risks\nassociated with the virtual assets provided and written in plain language to\nensure that Clients are aware of, and have acknowledged such risks, and can\nmake well-informed decisions about engaging in the virtual asset service (s).\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 17 of 29\nDisclosures of key risks in the Client Agreement \/ Terms and Conditions\/ or an\nAlternative must be assessed and updated to reflect evolving risks.\n\n10.15 The Regulated Entity must disclose in the Client Agreement and other relevant\ndocuments, internal safeguards that it has implemented to mitigate key risks,\nincluding, where applicable, the methods of access to virtual assets held and\ninsurance arrangements for the protection of these assets.\n\n10.16 A Regulated Entity must always comply with the terms and conditions of the\nClient Agreement, unless otherwise required by law or waived with Client\nconsent.\n\n10.17 Where a waiver from the terms of the Client Agreement is granted, the\nRegulated Entity should document and retain evidence of the Client\u2019s consent\nand the basis for the waiver. Such records should be maintained in accordance\nwith the entity\u2019s record-keeping policies and be made available to the Authority\nupon request.\n\n10.18 A Regulated Entity must provide prior written disclosure of any amendments\nthat it intends to make to the Client Agreement\/ Terms of business, and the\nmanner in which the amendments can be made, and any associated or indirect\ncosts, allowing a reasonable opportunity for the Client to accept, reject, or\nterminate the Client Agreement without any penalties, other than for the\nsettlement of any outstanding obligations or liabilities under the Client\nAgreement.\n\n10.19 Such amendments to the Client Agreement may include, but are not limited to,\nchanges to fees, commissions, the structure of the business, conflicts of\ninterest, changes in management, and control functions. Following the\nprovision of such notice disclosure of any amendment to the Client, a Regulated\nEntity should clearly state that continued use of its virtual asset services will\nconstitute acceptance of the amended terms of the Client Agreement. This\napproach reflects common commercial practice, provided Clients are given\nadequate notice and a fair opportunity to terminate without penalty.\n\n10.20 The Regulated Entity must ensure that:\n(a)\nit has obtained and documented all relevant information about the\nClient\u2019s objectives, financial situation, risk tolerance, knowledge,\nexperience and the understanding of the risks involved; and any other\nfactors necessary to make an informed and appropriate decision on the\nClient\u2019s behalf;\n(b)\nthe products and services offered to each Client are suitable, having\nregard to the factors in (a) in the above;\n(c)\nthe discretion or power given to it, is used for proper purpose, in the\nClient\u2019s best interests, and in line with the Client Agreement; and\n(d)\nthere is documented evidence to record decisions made under\ndiscretion, where the Regulated Entity has been granted discretion to\nact on behalf of Client.\n\nR\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 18 of 29\n10.21 The Authority expects that dispute resolution mechanisms available to a Client,\nincluding escalation pathways and resolution timelines, are also clearly defined\nin a Client Agreement.\n\n10.22 A Regulated Entity should consider informing Clients within the Client\nAgreement \/ terms and conditions or an alternative of the regulated activity\nthat it performs, the jurisdiction(s) and those who are responsible for regulating\nit.\n\n10.23 When structuring the Client Agreement, the Regulated Entity should include the\narrangements for bringing the Client Agreement to an end.\n\n11.\nComplaints Handling\n\n11.1\nA Regulated Entity must establish effective complaints-handling policies and\nprocedures that ensure fair, consistent, and impartial management of\ncomplaints.\n\n11.2\nThe complaints-handling framework should be disclosed in a clear and easy-tounderstand manner to establish accessibility and transparency for Clients,\nincluding by providing a standardised template or other simple method that\nenables any Client to submit a complaint easily. A Regulated Entity may disclose\nthis information through its website or other communication channels, including\nsocial media platforms.\n\n11.3\nUpon receipt of a complaint, a Regulated Entity must, without delay,\nacknowledge the complaint in writing and inform the complainant that it is\nbeing considered.\n\n11.4\nThe Regulated Entity must investigate and address Client complaints in a\ntimely, fair and consistent manner and communicate the outcome of the\ncomplaints within a reasonable timeframe.\n\n11.5\nThe Regulated Entity must maintain a log of Client complaints and resolutions\nfor operational risk management purposes, which must be made available to\nthe Authority upon request. This log must meet record-keeping requirements\nin relation to all Client complaints and resolutions, including:\n(a)\ndetails of each complaint;\n(b)\ndate received;\n(c)\nresponse and actions taken;\n(d)\nStatus of the complaint (whether resolved\/unresolved), complaints; and\n(e)\ndate resolved.\n\n11.6\nThe Regulated Entity must report to the Authority any Client complaint or a set\nof Client complaints that represent a material risk to Clients or are indicative of\na material failure of the Regulated Entity\u2019s control environment.\n\n11.7\nPursuant to the Anti-Money Laundering Regulations, a Regulated Entity is\nmandated to keep records for a minimum of five (5) years, from the date of\nR\nR\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 19 of 29\nresolution. Where a longer retention period is necessary due to the nature of\nthe complaint, legal risk, or internal policy, the Authority expects that\nRegulated Entities retain such records for up to seven (7) years or more, in line\nwith best international practices and internal governance requirements.\n\n11.8\nThe Regulated Entity should provide the Governing Body with regular reports\non complaints handling, including sufficient analyses of complaint trends, all\nongoing complaints data, outcomes and any potential systemic issues. This\naims to promote proper oversight of the complaints handling programme on an\nongoing basis, to identify patterns about the issues, and implement corrective\nmeasures to avoid recurrence.\n\n11.9\nA Regulated Entity is expected to maintain procedures and systems that keep\ncomplainants informed of the progress of their complaint through proactive\nwritten updates. These procedures and systems should, at a minimum, require\nwritten acknowledgement of receipt of a complaint and set clear expectations\nfor update timelines that are appropriate to the nature and complexity of the\ncomplaint.\n\n11.10 A Regulated Entity should openly communicate the details of the status of the\nresolution to the complainant within a reasonable timeframe, such as:\n(a)\nthe alternative resolution options, irrespective of whether or not the\ncomplaint is resolved in a manner that they are satisfied with;\n(b)\nwhether the complaint needs to be escalated for further enquiry; and\n(c)\nexpected timeframe for the complaint to eventually be resolved.\n\nThis is particularly more important in cases where the complaint is complex or\nuncommon in nature. Communication should remain consistent with any\napplicable legal restrictions.\n\n11.11 A Regulated Entity should confirm to the Complainant in writing when a\ncomplaint has been closed.\n\n11.12 If a Regulated Entity concludes that it is not upholding a complaint, it should\ncommunicate this to the complainant in writing, clearly stating the reason(s)\nfor its decision in accordance with the Regulated Entity\u2019s relevant policies or\nevidence, to establish transparency and to help the complainant understand\nthe rationale.\n\n11.13 Where the provision of virtual asset services involves an Agent, a Regulated\nEntity must establish procedures to facilitate the handling of complaints\nbetween its Clients and such Agents.\n\n11.14 Notwithstanding the involvement of an Agent, the Regulated Entity remains\nfully responsible for the resolution of all Client complaints.\n\n11.15 A Regulated Entity must not impose any fees or charges on Clients for the\nsubmission or handling of complaints.\n\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 20 of 29\n12.\nPublic Disclosures\n\n12.1\nA Regulated Entity must make public disclosures readily available across all\nCommunication Channels as appropriate, and present them in a manner that is\nclear, concise, and easy to understand.\n\n12.2\nIn respect of Rule 12.1 above, Public Disclosures include but are not limited to\nthe disclosures about organisational changes, service or product offerings, risk\nfactors, fees or changes in fees (as applicable), and regulatory status.\nAdditionally, disclosures should be made in a manner that is easily accessible\nand understandable across the communication channels.\n\n12.3\nA Regulated Entity should publicly disclose its licensing or registration status\nand authorised number, as approved by the Authority.\n\n12.4\nA Regulated Entity must publish information related to its key corporate\ngovernance structures, as well as the identification and details of the members\nof its Governing Body, Control Functions and Senior Management.\n\n12.5\nWhen disclosing information on governance structures, a Regulated Entity\nshould do so in a manner consistent with applicable data privacy laws.\nDisclosure does not extend to personal data such as home addresses or other\nsensitive information. Instead, the Authority expects publication of information,\nincluding, but not limited to, the person\u2019s name, title\/role, and professional\ndesignation.\nThese\ndisclosures\nassure\ncompetence,\nknowledge,\nand\nprofessionalism, consistent with the obligations set out in Rule 6.10(c) on\nIntegrity.\n\n12.6\nPursuant to the relevant Acts, a Regulated Entity should report material\nchanges in its operations to the Authority where such changes are reasonably\nexpected to significantly impact Clients\u2019 interests, regulatory compliance, or the\nRegulated Entity\u2019s risk profile. In the same vein, the Regulated Entity should\nconsider whether to disclose such material changes to its Clients to avoid\nbreaching Rules 12.1 or 12.4.\n\n12.7\nMaterial changes in a Regulated Entity\u2019s operation include, but are not limited\nto, the following occurrences:\n(a)\nbreaches of security or significant operational changes;\n(b)\nany significant alteration to a VASP\u2019s operations or structure;\n(c)\nofferings that could impact Clients, stakeholders, or regulatory\ncompliance;\n(d)\nservice disruptions;\n(e)\nmodifications to terms of service or fees;\n(f)\nshifts in ownership or management; and\n(g)\nsale or cessation of the Regulated Entity\u2019s operations.\n\n12.8\nIf a Regulated Entity engages or partners with a third-party service provider in\nconnection with the obligation of its services (for example, a bank that holds\nfiat funds), it should clearly disclose to its Clients the nature of the arrangement\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 21 of 29\nand identify the party with whom the Client is transacting.\n\n12.9\nWhere a Regulated Entity is part of a larger group structure, Clients should be\nmade aware of which group entity they are transacting with at all times,\nincluding the regulatory status of that entity, and the level of protection\nafforded to the Client.\n\n12.10 Where a Regulated Entity decides to cease any virtual asset services, it must\nnotify the Authority and provide a plan for communicating its cessation to\nstakeholders for the Authority\u2019s approval.\n\n13.\nCross-Border Transactions\n\n13.1\nRegulated Entities should align their cross-border transaction practices with\ninternational standards, including the FATF Recommendations related to virtual\nassets and virtual asset service providers.\n\n13.2\nA Regulated Entity should notify the Client of the required information for crossborder transactions, including transaction identifiers.\n\n13.3\nAs a best practice, all fees associated with cross-border transactions, including\nconversion costs and transmission charges, should be disclosed in advance.\n\n13.4\nA Regulated Entity should establish that its Clients are informed in real time\nwhenever material updates arise regarding the status of cross-border\ntransactions. Any delays or issues affecting cross-border transactions should\nbe communicated to the affected Client without delay.\n\n14.\nTrading on Own Account\n\n14.1\nProprietary trades should be executed under the same conditions as Client\ntrades to establish fairness.\n\n14.2\nA Regulated Entity must implement and maintain effective systems, controls,\nand procedures to prevent market manipulation, insider trading, and other\nabusive trading practices in connection with its proprietary trading activities.\n\n14.3\nSuch systems, controls, and procedures should apply to all proprietary trading\nactivities, whether conducted on-platform or off-platform. The systems,\ncontrols and procedures include, but are not limited to:\n(a)\nReal-time surveillance capable of detecting abusive practices such as\nspoofing, layering, wash trading, front-running, and insider trading;\n(b)\nAutomated alerting tools and data retention systems to support forensic\nanalysis;\n(c)\nDocumented escalation protocols and internal reporting for suspicious\nor cancelled orders;\n(d)\nRegular internal reviews and, where appropriate, independent audits of\nthe effectiveness of controls;\n(e)\nGovernance arrangements that clearly assign accountability for\nsurveillance and order handling; and\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 22 of 29\n(f)\nInformation barriers and trade handling rules to establish a clear\nseparation between proprietary and Client-facing activities.\n\nAdditionally, the Authority expects these systems, controls, and procedures to\nbe commensurate with the Regulated Entity\u2019s size, complexity, and risk profile,\nand to include appropriate audit trails and escalation mechanisms.\n\n14.4\nProprietary trading must not compromise trading conditions or create unfair\ntrading advantages.\n\n14.5\nA Regulated Entity should establish that its proprietary trading activities are\nsubject to appropriate internal controls, including but not limited to:\n(a)\ninformation barriers between proprietary and Client-facing functions;\n(b)\nfair and non-preferential access to liquidity and order execution; and\n(c)\nContinuous monitoring to detect and prevent conflicts of interest or\npreferential treatment.\n\nThese controls help to ensure that Client orders are not disadvantaged and that\nthe Regulated Entity acts in accordance with the principle of market fairness.\n\n14.6\nA Regulated Entity should establish that the internal controls outlined in 14.5\nare supported by documented policies and procedures, including but not limited\nto:\n(a)\ngovernance arrangements that establish accountability for oversight of\nproprietary and Client-facing activities;\n(b)\nclearly defined procedures to identify, manage, and escalate conflicts of\ninterest;\n(c)\ncontrol mechanisms to establish order execution practices that do not\nfavour proprietary trades over Client orders; and\n(d)\nperiodic assessment of the effectiveness of information barriers and\naccess controls.\n\n14.7\nA Regulated Entity must not use Client data to gain an unfair advantage in\ntrading activities, including its proprietary trading.\n\n14.8\nTo prevent such misuse and remain consistent with the Authority\u2019s expectations\nfor market conduct and Client protection, a Regulated Entity should implement\nappropriate safeguards, including but not limited to:\n(a)\nInformation barriers between proprietary and Client-facing functions,\nsupported by system-level access controls and audit trails;\n(b)\nIndependent surveillance functions with the authority to monitor\ninternal and third-party data access; and\n(c)\nMaintenance of auditable records of how Client data is accessed, used,\nand protected.\n\nAll use of Client data should remain consistent with the Authority\u2019s expectations\nfor market conduct and Client protection.\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 23 of 29\n\n14.9\nClient data includes, but is not limited to, a Client\u2019s trade history, open or\nhistorical bid\/ask positions, order book interactions, trading frequency,\nbehavioural patterns, and any other transaction-related data or metadata that\ncould inform or influence a Regulated Entity\u2019s trading strategy. Such data\nshould not be accessed or used by proprietary trading teams unless it has been\nsufficiently anonymised and aggregated, and only where:\n(a)\nIts use is demonstrably in the Client\u2019s best interest, such as for\nsuitability assessments; or\n(b)\nThe Client has provided explicit, informed consent.\n\nAll access to Client data should comply with the requirements set out in Rule\n14.7.\n\nB.\nAdditional Rules and Guidelines Relating to Virtual Asset Trading\nPlatforms and Virtual Asset Custodians\n\n15.\nVirtual Asset Trading Platforms\n\n15.1\nVATPs must implement systems and procedures to monitor, detect and prevent\nsuspicious transactions, market abuse, and promote the best interests of\nClients and the integrity of the market.\n\n15.2\nA VATP must undertake regular assessments to identify the inherent risks\nassociated with market abuses, such as insider dealing and market\nmanipulation, and determine the necessary measures to mitigate these risks.\n\n15.3\nVATPs must immediately report to the Authority any suspicions indicating that\nmarket abuse or other unfair trading practices are being, have been, or are\nlikely to be committed.\n\n15.4\nVATPs should implement appropriate surveillance arrangements that apply to\nall virtual asset product offerings and should at least annually reconcile the\ncoverage of such arrangements against their risk assessment.\n\n15.5\nThe VATPs market abuse surveillance framework, whether manual or\nautomated, should be established appropriately to the size, nature, and\ncomplexity of the VATP. Consideration should be given to:\n(a)\nthe number of transactions that will need to be monitored;\n(b)\nthe type of virtual asset being traded by the Client;\n(c)\nthe frequency and volume of orders and transactions; and\n(d)\nthe risk profile of the VATP.\n\n15.6\nThe VATPs market abuse surveillance framework should include procedures,\nmeasures, and systems that detect wrongdoings such as insider trading or\nmarket manipulation. For the framework to be comprehensive, proactive, and\npractical, it should comprise of systems designed to monitor trading patterns,\ndetect suspicious activities, and ensure that adequate actions are taken to\nprevent market manipulation.\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 24 of 29\n\n15.7\nVATPs should maintain a publicly accessible interface, such as a dashboard,\ndisplaying key market metrics like market trends, trade volumes, and other\nrelevant data. This information should be presented in an easily understandable\nand user-friendly format, such as graphs, charts, or tables, to establish that\nusers can access and interpret market data effectively.\n\n15.8\nA VATP should establish and maintain systems, policies, and procedures for the\nproper handling and protection of material non-public information (\u201cMNPI\u201d),\nincluding, where applicable, information related to whether a virtual asset will\nbe admitted or listed for trading on its VATP. MNPI includes any non-public data\nthat, if disclosed, could influence a decision to buy, sell, or hold a virtual asset.\nThis includes, but is not limited to, information about planned listings, delistings, major upgrades, partnerships, or technical vulnerabilities. The VATP\nshould take proactive measures to prevent the leaking or misuse of such\ninformation.\n\n15.9\nVATPs must make their pricing policies, including information on price discovery\nmechanisms, such as live pricing, real-time bid-ask spreads, and transaction\nfees, easily accessible and publicly available and prominently and clearly\ndisplayed on their website, platform, or any other medium used to provide\naccess to their virtual asset services.\n\n15.10 A VATP must implement pricing policies and procedures that prevent unfair\ntrading activities and market abuse.\n\n15.11 The VATP should implement effective system controls to reject transactions\nthat would exceed the internal volume and price thresholds.\n\n15.12 A VATP should have policies and procedures in place for analysing, individually\nor comparatively, each transaction executed and order priced, modified,\ncancelled, or rejected in its system.\n\n15.13 For the purposes of Rules 15.9 and 15.10 above, VATPs should ensure that\npricing information is continuously updated to reflect prevailing market\nconditions in real time. Where feasible, VATPs should enable Clients to access\nor be redirected to the original source(s) or the breakdown of pricing\ncomponents used to compile the displayed pricing data, such as interchange\nrates and fees for each product and service provided. To prevent price\nmanipulation and any unfair trading practices, price discovery methods should\ntherefore include pre-trade and post-trade transparency, relating to the bid and\noffer prices, the depth of trading interests on prices advertised on trading\nplatforms, and volume and transaction times. Overall, these measures aim to\nenhance transparency and support Clients in making informed decisions.\n\n15.14 A VATP must disclose fee structures, including all applicable charges, upfront\nbefore the execution of any transaction.\n\n15.15 VATPs must provide real-time order book data, showing aggregated buy and\nsell orders to Clients as appropriate, while maintaining confidentiality for\nsensitive information.\n\nR\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 25 of 29\n15.16 The Authority expects that the VATPs establish that the real-time order book\ndisplays only non-sensitive data, such as aggregated order volumes, across all\nCommunication Channels, while protecting individual order details, user\nidentities, and any other private or proprietary trading information from being\nexposed to unauthorised parties.\n\n15.17 A VATP must ensure the timely and consistent reconciliation of Client asset\nbalances at suitable, frequent intervals to ensure that Clients' account balances\nor positions are accurate and provide Clients with applicable verification\nmechanisms\n\n16.\nVirtual Asset Custodians\n\n16.1\nA Virtual Asset Custodian must ensure that Client assets are clearly identified\nand segregated from the proprietary assets of the Regulated Entity as well as\nassets of its group entities.\n\n16.2\nA Virtual Asset Custodian must ensure that virtual assets and fiat funds\nbelonging to Clients are protected from third-party creditors.\n\n16.3\nFor the purposes of Rule 16.1 and 16.2 above, segregation should include clear\noperational and legal separation of Client assets from those of the Regulated\nEntity and its group entities. Where shared wallet infrastructure or global\nsystems are used, the Regulated Entity should demonstrate that Client assets\nattributable to its Cayman operations are clearly identifiable, auditable, and not\nexposed to claims by creditors of the Regulated Entity. Transaction fees initially\nreceived into Client wallets should be swept into proprietary wallets on a\nfrequent and auditable basis. Where a global pooled order book is used, the\nRegulated Entity should ensure that Clients are afforded fair access,\ncompetitive pricing, and appropriate disclosures in line with the Authority\u2019s\nexpectations regarding market conduct and transparency.\n\n16.4\nA Virtual Asset Custodian must establish a custody policy with internal rules\nand procedures to ensure the safekeeping and control of virtual assets in its\ncustody, as well as the means of access to them.\n\n16.5\nA Virtual Asset Custodian must ensure that any economic, governance, or other\nbenefits arising from the custody of a Client\u2019s virtual assets, including, but not\nlimited to, staking rewards, airdrops, or voting rights, are treated in accordance\nwith the terms agreed with the Client. The Virtual Asset Custodian must clearly\ndisclose the nature of such benefits to the Client and obtain the Client\u2019s consent\nregarding their retention, application, or transfer.\n\n16.6\nA Virtual Asset Custodian must implement robust security measures to protect\nClient assets.\n\n16.7\nFor the purposes of Rule 16.6, robust security measures include the following,\ninter alia:\n(a)\nmulti-factor authentication and access controls;\n(b)\nsecure key management protocols (e.g., management of public and\nprivate keys or other related methods by which virtual assets are held,\nR\nR\nR\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 26 of 29\nor multi-signature or hardware security modules);\n\n(c)\nongoing threat monitoring and intrusion detection;\n(d)\nrecurring testing of IT security and access management; periodic\npenetration testing; independent third-party security assessments; and\n(e)\nbusiness continuity and incident response plans.\n\nThe Regulated Entity should maintain internal documentation to support the\neffectiveness of these measures, such as audits and relevant accreditations,\nand should make such documentation available to the Authority upon request.\n\n16.8\nA Regulated Entity that provides virtual asset custody services should ensure\nthat it adheres to the latest industry standards in relation to the use of online\nand offline wallets and implements appropriate security and cybersecurity\ncontrols to safeguard Client assets from unauthorised access, fraud, or theft.\nSuch measures may include, but are not limited to, regular and secure backup\nsystems, wallet software updates, robust cybersecurity controls, delegated\nlimits of authority, and other equivalent technical or operational safeguards.\n\n16.9\nA Virtual Asset Custodian must provide the Client with clear and accurate\ninformation on storage methods used for their virtual assets.\n\n16.10 A Virtual Asset Custodian should provide Clients with clear information on\nstorage methods (e.g., hot, cold, or other secure storage) and the associated\nbenefits, risks, and security features. The Virtual Asset Custodian should:\n\n(a)\nprovide at least quarterly an update summarising its current storage\nposture (including indicative allocation across storage methods) and\nconfirm whether there have been material changes since the prior\nupdate (a \u201cno material changes\u201d statement is acceptable where\napplicable); and\n(b)\npromptly notify Clients of any material change to storage methods or\ninfrastructure when it occurs, particularly where risk may increase.\n\n16.11 A Virtual Asset Custodian must report any breaches or unauthorised access to\ncustody systems to the Authority and the affected Clients.\n\n16.12 For the purposes of Rule 16.11, a Regulated Entity should report any material\nbreach or unauthorised access to its custody systems in a timely manner that\nupholds Client protection, facilitates effective regulatory oversight, and\npreserves market integrity:\n(a)\nnotification to the Authority: A Regulated Entity should notify the\nAuthority no later than 72 hours after discovery of a material incident,\nas prescribed under the Authority\u2019s Rule and Statement of Guidance on\nCybersecurity for Regulated Entities.\n(b)\nnotification to Clients: In the same vein, affected Clients should be\nnotified promptly after notification to the Authority, once the nature and\nimpact of the breach has been reasonably assessed, and in any event\nno later than 72 hours from detection, unless otherwise directed by\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 27 of 29\ninvestigative or regulatory authorities.\n\n(c)\nrecordkeeping: All incidents, whether material or not, should be\ndocumented internally, including the timeline of detection, actions\ntaken, and any reasons for delay in reporting. These records should be\nmade available to the Authority upon request.\n\n16.13 A Virtual Asset Custodian must ensure the timely and consistent reconciliation\nof Client asset balances at suitable, frequent intervals to ensure that Clients'\naccount balances or positions are accurate.  The Virtual Asset Custodian must\nalso provide Clients with applicable mechanisms to verify their balances or\npositions.\n\n16.14 With regards to the reconciliation of Client asset balances, a Virtual Asset\nCustodian must maintain a register of the positions in the name of each Client,\nincluding, but not limited to, the following:\n(a)\nthe value and the Client ownership of the virtual assets;\n(b)\nthe ongoing record of any movement in the Client positions;\n(c)\nevidence of corresponding transactions;\n(d)\nthe frequency of performing the reconciliation of Client virtual assets\nbalances and fiat balances; and\n(e)\nreconciling internally calculated balances to the expected balance on the\nrelevant distributed ledger; investigating any discrepancies; and taking\nthe necessary measures to remedy any differences.\n\n16.15 Reconciliation and verification mechanisms may be automated, comprising a\nsecure and auditable process that enables a Client to confirm the existence and\naccuracy of their custodied asset balances, which are applied to correct wallet\naddresses without undue delay, without compromising the security or\nconfidentiality of other Clients. Acceptable mechanisms may include, but are\nnot limited to:\n(a)\nSecure Client account statements or read-only portals; and\n(b)\nAccess to On-chain or tagged wallet addresses.\n\n16.16 The reconciliations should be conducted at intervals appropriate to the nature\nand scale of the custody services, and, for further guidance, should include, at\na minimum, daily reconciliation of the account balances of the Virtual Asset\nCustodian\u2019s own assets and of virtual assets and fiat funds belonging to clients.\nDocumentation of the reconciliation should be retained and made available to\nthe Authority upon request.\n\n17.\nEnforcement\n\n17.1\nA Regulated Entity must observe all requirements and expectations within this\nRule and Statement of Guidance on an ongoing basis and must not circumvent\nor attempt to circumvent the requirements contained herein.\n\nR\nR\nR\n\nRule and Statement of Guidance\n\nMarket Conduct for Virtual Asset Service Providers\n\nCayman Islands Monetary Authority\n\nPage 28 of 29\n17.2\nWhenever there has been a breach of the Rules included in this document, the\nAuthority\u2019s policies and procedures, as contained in its Enforcement Manual,\nwill apply in addition to any other powers provided in the relevant Acts and the\nMAA.\n\n18.\nEffective Date\n\n18.1\nThis RSOG will take effect upon publication in the Gazette.\n\nCayman Islands Monetary Authority\n\nPage 29 of 29","akn_extracted_at":"2026-06-22 15:40:06.618169+00","cms_id":"2026-0012","law_type":"subordinate","year":"2026","number":"12","title":"Rule and Statement of Guidance - Market Conduct for Virtual Asset Service Providers","status":"in_force"},"provenance":{"files":[{"file_id":"5184","expr_id":"289","kind":"akn_xml","filename":"2026-0012_SL 12 of 2026.akn.xml","source_url":null,"storage_path":"\/Users\/q\/kyleg-data\/working\/SUBORDINATE\/2026\/2026-0012\/2026-0012_SL 12 of 2026.akn.xml","content_md5":"e5cd823275c9dd3d44498dc7219eac46","byte_size":"71586","http_last_modified":null,"fetched_at":"2026-06-22 15:40:06.851419+00"},{"file_id":"577","expr_id":"289","kind":"pristine_pdf","filename":"2026-0012_SL 12 of 2026.pdf","source_url":"\/cms\/images\/LEGISLATION\/SUBORDINATE\/2026\/2026-0012\/2026-0012_SL 12 of 2026.pdf","storage_path":"\/Users\/q\/kyleg-data\/pristine\/SUBORDINATE\/2026\/2026-0012\/2026-0012_SL 12 of 2026.pdf","content_md5":"8b0e75b9718a8a5797dc462c4d1fdc72","byte_size":"941679","http_last_modified":null,"fetched_at":"2026-06-21 23:09:36.32505+00"},{"file_id":"578","expr_id":"289","kind":"working_pdf","filename":"2026-0012_SL 12 of 2026.pdf","source_url":"\/cms\/images\/LEGISLATION\/SUBORDINATE\/2026\/2026-0012\/2026-0012_SL 12 of 2026.pdf","storage_path":"\/Users\/q\/kyleg-data\/working\/SUBORDINATE\/2026\/2026-0012\/2026-0012_SL 12 of 2026.pdf","content_md5":"8b0e75b9718a8a5797dc462c4d1fdc72","byte_size":"941679","http_last_modified":null,"fetched_at":"2026-06-21 23:09:36.32505+00"}],"paragraph_count":253,"latest_history":null},"quality":{"expr_id":"289","doc_id":"289","quality_state":"needs_review","quality_score":"84","needs_human_review":"t","deterministic_categories":"{duplicate_text,page_header_footer_noise}","llm_categories":"{truncated_text,other}","repair_actions":"{collapse_duplicate_text,manual_review,reextract_full_text,strip_page_furniture}","finding_severity_counts":"{\"low\": 1, \"medium\": 1}","finding_summary":"Sample appears mostly complete but shows truncation at the end of section 16.15; human review recommended to ensure full text integrity.","assessed_at":"2026-06-22 15:29:46.107037+00","updated_at":"2026-06-22 15:29:46.107037+00"}}