Code of conduct

Australian Digital Currency Industry Code of Conduct

ADCA developed the Australian Digital Currency Industry Code of Conduct as a tool to help Australian consumers identify digital currency businesses that have best-practice standards in place.

The Digital Currency Industry Code of Conduct is a self-regulatory scheme and was developed in response to a recommendation of the Senate Enquiry into Digital Currencies from August 2015.

Digital currency businesses that are certified by ADCA must prove to independent auditors that they meet the rigorous standards set by the Code. The external auditor confirms that each item in a checklist of code compliance obligations has been satisfied.

ADCA Certified Digital Currency Businesses

The following digital currency businesses operating in Australia have been provisionally certified under the Australian Digital Currency Industry Code of Conduct. Independent audits are currently underway to confirm compliance with the Code at which time final certification will be granted:

Coinloft
Independent Reserve

The ADCA Certified digital currency businesses listed above can be identified by the use of the ADCA Certification Mark on their website and a link to this page which confirms their certification. 

ADCA-Provisionally-Certified-Digital-Currency-Business

Any business displaying the ADCA Certification Mark on their website that is NOT listed above is incorrectly representing that it has achieved ADCA certification.

Full Text of the Australian Digital Currency Industry Code of Conduct

For a full copy of the Code in PDF format, including appendices and the self-certification Code Compliance Checklist, please download it below.

  1. Purpose
  2. Defined Terms
  3. Eligibility and Operation
  4. Best Practice Standards
  5. The ADCA Code Compliance Committee
  6. Provisional Certification
  7. Certification, Annual Review and Recertification
  8. Non-Compliance and Sanctions Process
  9. ADCA Certification Mark
  10. Limitation of Liability

1.    Purpose

1.1. This Code of Conduct sets out Best Practice Standards for the operation of a Digital Currency Business in Australia.

1.2. The Code of Conduct intends to provide assurance to consumers, regulators and commercial partners that an accredited member of ADCA has implemented Best Practice Standards in their business.

1.3. Certification by ADCA indicates that implementation of and adherence to Best Practice Standards by the member has been audited by an independent third party and then approved by ADCA in accordance with this Code of Conduct.

1.4. This Code of Conduct is a contract between ADCA and an ADCA Certified Digital Currency Businesses, and is not intended to form contractual rights or obligations as between ADCA Certified Digital Currency Businesses and their customers.

2.    Defined Terms

In this Code of Conduct, unless the context otherwise requires:

ADCA means the Australian Digital Commerce Association Ltd.

ADCA Certification Mark means the logo described in Appendix 1 that may be used by a Digital Currency Business to indicate that ADCA Certification under this Code of Conduct has been granted.

ADCA Certified (or Certification) means a Digital Currency Business that has been certified by the Committee as adhering to this Code of Conduct.

AML/CTF Law means the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, associated rules and other instruments.

ASIC means the Australian Securities & Investments Commission.

AUSTRAC means the Australian Transaction Reports and Analysis Centre.

Best Practice Standards means the standards of conduct for the operation of a Digital Currency Business described in Part 4 of this Code of Conduct.

Certification Date means the date that ADCA Certification is granted by the Committee to an applicant Digital Currency Business.

Code of Conduct means this document, which is also referred to as the Australian Digital Currency Industry Code of Conduct.

Committee means the ADCA Code Compliance Committee, the independent body established by ADCA to administer this Code of Conduct including the granting, administration (including suspension) and withdrawal of ADCA Certification.

Company Officer means “officer” as defined in the Corporations Law.

Corporations Law means the Corporations Act 2001 and related regulations and instruments.

Digital Currency means a digital representation of value that can be digitally traded and functions as (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status (i.e., when tendered to a creditor, is a valid and legal offer of payment) in any jurisdiction.  It is not issued nor guaranteed by any jurisdiction, and fulfils the above functions only by agreement within the community of users of the virtual currency.[i]

Digital Currency Business means an Industry Member that provides or facilitates the:

  • purchase or sale of a Digital Currency;
  • purchase or sale of a fiat currency in connection with a Digital Currency; or
  • storage of a Digital Currency;

but does not include an Industry Member that uses Digital Currency for purposes other than described in (a), (b) or (c) above (for example, purely for blockchain or other technology purposes where there is no transfer of tangible monetary value attached to the use of Digital Currency).[ii]

Director has the meaning defined in the Corporations Law.

External Dispute Resolution Scheme or EDR means a scheme approved by ASIC that accepts Digital Currency Businesses as members.

FATF means the Financial Action Task Force – an international policy-making body established by the G7 countries in 1989.

Industry Member means an entity which is:

  • legally incorporated under the laws of Australia or other country approved by the Directors of ADCA from time to time;
  • a FinTech or digital economy centric business (including blockchain and Digital Currency); and
  • accepted for Membership by the ADCA Board.

PEP means Politically Exposed Person for the purposes of AML/CTF Law.

Privacy Law means the Privacy Act 1988 and related regulations and other instruments.

Provisional ADCA Certification (or Provisionally ADCA Certified) means a Digital Currency Business that has been provisionally certified by the Committee as adhering to this Code of Conduct.

Provisional Certification Date means the date Provisional ADCA Certification is granted by the Committee to an applicant Digital Currency Business.

Sanctions Law means the Charter of the United Nations Act 1945, Autonomous Sanctions Act 2011, associated rules and other instruments.

Substantial Shareholder or Controller means a shareholder who owns (directly or indirectly) at least 25% of a company or its ultimate controlling entity or otherwise controls the company or its ultimate controlling entity.  “Control” in this context adopts the same meaning as in the AML/CTF Law.

3. Eligibility and Operation

3.1. This Code of Conduct has been adopted by the Directors of ADCA as ADCA Standards in accordance with Section 2 of Schedule 3 of the ADCA Constitution.

3.2. This Code of Conduct is available for voluntary adoption by Industry Members that operate a Digital Currency Business in Australia, including Digital Currency Businesses domiciled outside Australia but which provide services within Australia.
3.3. ADCA Certification and Provisional ADCA Certification is available to Industry Members that can demonstrate by means of a review process that its business processes, systems and policies comply with the provisions of this Code of Conduct in accordance with Part 7.

3.4. An ADCA Certified Digital Currency Business must comply with all relevant obligations under this Code of Conduct except where doing so would lead to a breach of a law. This Code of Conduct makes reference to Australian law. If an Australian law is inconsistent with a non-Australian law which also applies to the ADCA Certified Digital Currency Business, the Australian law shall prevail to the extent of the inconsistency.

3.5. This Code of Conduct is binding upon an ADCA Certified Digital Currency Business from the date upon which ADCA Certification (whether or not it is provisional) is granted (the Certification Date or the Provisional Certification date, as applicable) until such time as certification is terminated by the member by the provision of written notice to ADCA, or is withdrawn or suspended by ADCA. Termination, withdrawal or suspension does not result in a rebate of any fees paid to ADCA.

3.6. An ADCA Certified Digital Currency Business must implement business practices, systems and policies that will enable it to comply with the Code of Conduct.

3.7. An ADCA Certified Digital Currency Business must take reasonable steps to ensure that any director, employee or agent that acts on its behalf in the conduct of its Digital Currency Business also adheres to the Code of Conduct and is responsible for any breach of the Code of Conduct as if the breach had been committed by the Digital Currency Business directly.

3.8. ADCA must maintain a register of all ADCA Certified Digital Currency Businesses on its website along with a record of the most recent date and status of certification or re-certification.

4. Best Practice Standards

4.1. Reputation and General Conduct

4.1.1 ADCA Certified Digital Currency Businesses must comply with or observe Australian laws including the Corporations Law, Privacy Law (even if only on an opt-in basis), Sanctions Law and AML/CTF Law (subject to clause 4.3 below), and equivalent laws in jurisdictions outside Australia if they operate a Digital Currency Business in those jurisdictions.

4.1.2 ADCA Certified Digital Currency Businesses must act with integrity, transparency, competence, diligence, respect and in an ethical manner with its customers, employees, members of the public, government regulators and agencies and other members of the Digital Currency Industry and must not act in a way that may bring into disrepute:

  • ADCA;
  • ADCA members;
  • their own employees or customers, past or present;
  • the provision of Digital Currency services and its allied services.

4.1.3. ADCA Certified Digital Currency Businesses must conduct an annual ASIC register search, bankruptcy and National Police Clearance Certificate on all Directors, Company Officers and Substantial Shareholders or Controllers to ensure that they are fit and proper persons to operate a Digital Currency Business.

4.1.4. ADCA Certified Digital Currency Businesses must maintain a risk-based level of professional indemnity insurance cover for not less than $1 million and such other insurances as are appropriate.

4.1.5. ADCA Certified Digital Currency Businesses must maintain accurate and complete records of all transactions. Records must be kept up to date and secure for a minimum of 7 years.

4.2. Consumer Protection

4.2.1. ADCA Certified Digital Currency Businesses must maintain a customer Privacy Policy consistent with the Privacy Law and make it available on their website, and reference to it whenever personal information is collected.

4.2.2. ADCA Certified Digital Currency Businesses must apply data security systems and processes to protect customer data including any IP addresses, wallet addresses, digital currency identifiers or credit card information. The ADCA Certified Digital Currency Business shall (where applicable):

  • build and maintain a secure network;
  • protect customer data, including securely storing the customer data and encrypting any transmission of data across open, public networks;
  • maintain a vulnerability management program;
  • implement strong access control measures;
  • regularly monitor and test networks; and
  • maintain an information security policy.

4.2.3. Where customer fiat currency funds are received but not applied to the provision of a product or service within 24 hours, ADCA Certified Digital Currency Businesses must transfer any such funds to a separate bank account designated as a trust account (where not already held in such an account in the same fiat currency as provided by the customer). It is intended that only customer funds can be held in that account and funds that the ADCA Certified Digital Currency Business becomes entitled to must be withdrawn from the trust account as soon as practicable and no later than one month after the entitlement arises. Unallocated customer funds must be returned to customers within 30 days of receipt.

4.2.4. Where an ADCA Certified Digital Currency Business provides a service of storing, holding, owning or controlling Digital Currency on behalf of a customer, it will:

  • Hold Digital Currency of the same type and amount as that which is owed or obligated to the customer, and provide evidence of this upon request by the customer;
  • Not sell, transfer, assign, lend, hypothecate, pledge, encumber or otherwise use the Digital Currency except in accordance with the express directions of the customer.

4.2.5. ADCA Certified Digital Currency Businesses must maintain membership of an External Dispute Resolution Scheme to facilitate fair resolution of customer complaints and disputes.

4.2.6. ADCA Certified Digital Currency Businesses must clearly describe their pricing and fee structures on their websites.

4.2.7. ADCA Certified Digital Currency Businesses must clearly describe their complaints handling process and contact details on their websites.

4.3. Anti-Money Laundering and Counter-Terrorism Financing Obligations

4.3.1 ADCA Certified Digital Currency Businesses must comply with the Sanctions Law and applicable AML/CTF Law, or to the extent that AML/CTF Law does not apply to them, must voluntarily comply with so much of the AML/CTF Law as would be applicable if the AML/CTF Law applied to Digital Currency Businesses.

AML/CTF and Sanctions Compliance Program

4.3.2. ADCA Certified Digital Currency Businesses must adopt , maintain and comply with an AML/CTF and Sanctions compliance program consistent with the requirements of the Sanctions Law, and AML/CTF Law so far as applicable. In particular, the AML/CTF and Sanctions compliance program will cover:

  • a risk assessment framework[iii];
  • employee due diligence processes;
  • employee risk awareness training;
  • financial sanctions;
  • oversight by board and senior management;
  • appointment of an AML/CTF compliance officer;
  • independent review (see Part 7 of this Code of Conduct);
  • AUSTRAC reporting[iv] (including suspicious matter reporting) and monitoring (to the extent permitted by AUSTRAC);
  • for businesses with majority owned subsidiaries, branches or agents providing Digital Currency Business services outside Australia, systems to ensure consistent application of AML/CTF obligations across those entities;[v]
  • collecting and verifying customer and beneficial owner information; and
  • ongoing customer due diligence procedures, which provide for the ongoing monitoring of existing customers to identify, mitigate and manage any ML/TF risks. These include a transaction monitoring program and an enhanced customer due diligence program.

4.3.3. A risk assessment framework under 4.3.2(a) must demonstrate that prior to and after accepting a new customer, consideration is given to:

  • customer type, including PEPs and their associates (also including where the customer is not an individual: beneficial owners or controllers);[vii]
  • the types of designated services provided;[viii]
  • sources of funds and wealth;
  • purposes and intended nature of the business relationship;
  • delivery methods and new technologies;[ix]
  • new designated services, and methods of delivering them; and
  • foreign jurisdictions with which it operates or conducts business.[x]

4.3.4. The AML/CTF and Sanctions program must be independently reviewed at regular intervals and the ADCA Certified Digital Currency Business must ensure the independence of the reviewer (see Part 5).

4.3.5. In addition to collecting and verifying the minimum KYC information required by the AML/CTF Law,[xi] the ADCA Certified Digital Currency Businesses must collect at a minimum:

  • the customer’s location at the time of the transaction, or their IP address;
  • details about the customer’s funding provider, (e.g. a bank in the case of fiat currency or e-wallet provider in the case of Digital Currency), and its location; and
  • in the case of a value transfer from the customer to another person, the payee’s name and location.

4.3.6. The ADCA Certified Digital Currency Businesses must verify the data collected pursuant to clause 4.3.4 using risk-based controls.[xii] For low and medium risk customers, this includes requiring PEP screening of the payee (if applicable), at a minimum.

4.3.7. Where an ADCA Certified Digital Currency Business uses a third party[xiii] (including an agent) to provide their services or perform customer due diligence measures, they will:

  • remain solely responsible for the delivery of their services and full compliance with this Code of Conduct; and
  • adopt a risk-based approach when engaging and monitoring those third parties.

4.3.8. If the ADCA Certified Digital Currency Business engages liquidity providers (including Digital Currency exchanges) or providers of electronic wallet services[xiv], those providers will be treated like a special category of high risk customers in that, in addition to performing normal customer due diligence measures, the ADCA Certified Digital Currency Business must gather more information about:

  • their reputation;
  • the quality of supervision;
  • regulatory history;
  • their AML/CTF Law (or equivalent to their jurisdiction) compliance; and
  • adequacy of their customer due diligence procedures including ability to provide customer identification data and other relevant documentation upon request without delay.

The ADCA Certified Digital Currency Business will also:

  • obtain approval from senior management before establishing such new relationships,
  • clearly understand the respective responsibilities of themselves and the third party, and
  • with respect to electronic wallets providers, be satisfied that the electronic wallet provider has conducted customer due diligence on their customers.

5.    The ADCA Code Compliance Committee

5.1. The Committee is to be determined by the Board.

5.2. The Committee must consist of at least three people, each of whom:

  • must be independent from the Board;
  • must have the necessary skills and expertise;
  • will be reimbursed for any Board approved out-of-pocket expenses incurred in connection with the performance of their duties as a Committee member;
  • may be paid a sitting fee or other remuneration as determined by the Board from time to time; and
  • must agree to be bound by and follow the terms of reference for the Committee.

5.3. The members of the Committee must appoint a chair from their number and may also appoint a deputy chair.

5.4. Except in circumstances where the Board is the respondent in a matter to be determined by the Committee, the Board has the right to appoint an observer to the Committee. The appointed observer will have the right to attend meetings of the Committee but will not be permitted to vote on Committee decisions or contribute to its deliberations. For the avoidance of doubt, the appointed observer may be, but does not need to be, an ADCA director.

5.5. The Committee will administer this Code of Conduct according to the following guidelines:

  • Jurisdiction: The Committee will only consider matters directly related to granting, administration (including suspension) and withdrawal of ADCA Certification.
  • Conflicts of interest: Committee members will disclose any conflicts of interest connected to any decision making and the chair or deputy chair will manage the conflict in accordance with the ADCA conflict of interest policy. In addition, no ADCA Digital Currency Business (including its employees, directors, and people with more than 5% shareholding in the business) may be a member of the Committee.
  • Fairness, transparency and openness: The Committee’s administration of affairs will be fair and have regard to the principles of natural justice, be transparent and open in the same way that the ADCA Standards Review Committee operates.
  • Confidentiality: All information disclosed by an applicant or ADCA Digital Currency Business for certification or recertification under this Code of Conduct must be regarded as confidential and must not be used or disclosed by any member of the Committee or ADCA Board except as required by law or as permitted by the relevant ADCA Certified Digital Currency Business. However, the Committee may advise the Board or a government body, or otherwise make public with the Board’s consent, any information arising from consideration by the Committee that it believes may have sector wide significance. Where the Committee advises the Board about issues arising from a Complaint, applicants or ADCA Digital Currency Businesses (as the case may be) will not be identified unless the Committee has made a decision to name the person, with the consent of the Board.
  • Initial Certification, Annual Review and Recertification: See Part 6 of this Code of Conduct.
  • Corrective action: See Part 7 of this Code of Conduct.
  • (g) Risk-based: The Committee will take a risk-based approach in determining how to exercise its powers.

6.    Provisional Certification

6.1. A Digital Currency Business seeking certification as an ADCA Certified Digital Currency Business may submit an application for Provisional ADCA Certification by payment of the application fee (see 7.6 below) and submitting to the Code Compliance Committee:

  • a completed, self-certified Code Compliance Checklist in the form set out in Appendix 2; and,
  • a written undertaking to instruct an external auditor approved by ADCA to:
    1. conduct a review of its business processes, systems and policies in accordance with Appendix 2 of this Code of Conduct;
    2. provide a report of the review, within 5 months of the Provisional Certification Date; and,
  • a written undertaking to observe all of the provisions of this Code that apply to an ADCA Certified Digital Currency Business

6.2. The Committee may grant Provisional ADCA Certification. In determining whether to grant Provisional ADCA Certification, the Code Compliance Committee shall consider whether:

  • the completed Code Compliance Checklist and any supporting materials indicates a very high degree of compliance with the Best Practice Standards set out in Part 4; and,
  • there is a high degree of confidence that the external audit will verify that the applicant’s business processes, systems and policies are adequate to ensure consistent compliance with the Code of Conduct.

6.3. Upon receipt of the self-certification, and before approving the application for Provisional ADCA Certification, the Committee can require further information including documents supporting the contents of the self-certification in determining whether to grant the Provisional ADCA Certification.

6.4. Provisional Certification shall automatically lapse in the event that the applicant does not provide an external auditor’s report as required by 6.1(b) within 5 months of the Provisional Certification Date or commits any other material act of non-compliance with this Code of Conduct.

7.    Certification, Annual Review and Recertification

7.1. A Digital Currency Business seeking certification as an ADCA Certified Digital Currency Business must commission, at its own expense, and provide to the Committee, an external auditor’s report detailing the review by an auditor approved by ADCA of its business processes, systems and policies in accordance with Appendix 2 of this Code of Conduct, to confirm that they are adequate to ensure consistent compliance with the Code of Conduct.

7.2. ADCA Certification automatically lapses on the anniversary of the Certification Date unless re-certification has been approved by the Committee or, in extraordinary circumstances, the ADCA Board has approved an extension. An extension may only be granted once and for no longer than two months.

7.3. An ADCA Certified Digital Currency Business must:

  • commission, at its own expense, a two-yearly external review of its business processes, systems and policies to confirm in accordance with Appendix 2, that they remain adequate to ensure compliance with the Code of Conduct. The two-yearly review must be completed by an external auditor approved by ADCA and the report provided to the Committee within 23 months of the last Certification Date in order to allow sufficient time for the report to be considered by the Committee; and
  • for every year that an external audit is not conducted, self-certify that it has adequate processes, systems and policies in place to remain compliant with the Code of Conduct, in accordance with Appendix 2 of this Code of Conduct. The self-certification must be provided to the Committee no later than one month prior to the anniversary of the Certification Date.

7.4. The Committee may grant ADCA Certification. In determining whether to grant certification or recertification, and before accepting an external audit report prepared in accordance with clauses 7.1 and 7.3(a), the Committee can require from the Industry Member:

  • documents supporting the contents of the audit report conclusions; and/or
  • evidence supporting the independence or competence of the auditor.

7.5. Upon receipt of the self-certification, and before recertifying a Digital Currency Business, the Committee can require further information including documents supporting the contents of the self-certification in determining whether to grant the recertification.

7.6. The ADCA Board must determine a Code of Conduct Certification Fee that must be paid by the applicant for certification (including provisional certification) or re-certification prior to consideration of the application by the Committee. The fee shall not be refundable in the event of an adverse determination, and is in addition to any fee payable to the external auditor.

7.7. The Committee must maintain a Code Compliance Checklist (see Appendix 2) which will be used by the external auditors approved by ADCA as the basis of the initial and subsequent two-yearly external certification and recertification reviews. It will also be used for self-certification. The Code Compliance Checklist shall comprise of the following sections:

  • Code of Conduct review, including a summary of recommended and required improvements in light of the findings; and
  • Evidence of the impartiality and professional competence of the external auditor.

7.8. External auditors must be required by the ADCA Certified Digital Currency Business to produce a review report using the format prescribed by the Code Compliance Checklist in order to ensure consistency and comparability of assessments.

7.9. The Committee must consider the report prepared by the external auditor or the self-certification and must make a determination that certification or recertification under this Code of Conduct be:

  • granted;
  • granted subject to conditions; or
  • refused

7.10. An applicant for certification or recertification under this Code of Conduct may appeal a decision of the Committee to the ADCA Standards Review Committee, which is governed by the ADCA Standards, Disputes, Complaints Handling and Reviews policy.

7.11. This Code of Conduct and the activities contemplated by it are governed by the law in force in New South Wales, Australia. Each party irrevocably and unconditionally submits to the non-exclusive jurisdiction of the courts of New South Wales, Australia and courts of appeal from them for determining any dispute concerning this Code of Conduct or the activities contemplated by this Code of Conduct.

7.12. The Committee may amend the Code Compliance Checklist from time to time, and has a discretion to impose extra or waive various elements of the Code Compliance Checklist based on the guidelines set out in clause 5.5.

8.    Non-Compliance Reporting, Complaints and Sanctions Process

8.1. An ADCA Certified Digital Currency Business must undertake to promptly report all incidences of material non-compliance with the Code of Conduct to the Committee.

8.2. An incident of non-compliance will be considered material after considering the following:

  • the number and frequency of previous similar incidences;
  • the impact of the incident or likely incident on the ADCA Certified Digital Currency Business’s ability to provide the service;
  • The extent to which the incident or likely incident indicates that the ADCA Certified Digital Currency Business’s arrangements to ensure compliance with those obligations is inadequate; and,
  • the actual or potential financial loss to customers arising from the incident or likely incident.

8.3. Where a complaint is made to the EDR scheme and an adverse finding is made against the ADCA Certified Digital Currency Business, it must notify the Committee immediately. The Committee will review the circumstances of the complaint only for the purposes of determining whether it provides evidence of material non-compliance with this Code of Conduct.

8.4. Upon investigation of an incident of material non-compliance under clause 8.2 or notification of an adverse finding under clause 8.3, the Committee may:

  • take no action;
  • require that a specific corrective action be undertaken within a nominated period; or
  • withdraw certification.

8.5. The Committee will not exercise its discretion to withdraw certification without first giving the ADCA Certified Digital Currency Business a period of not less than 14 days to respond to the Committee’s concerns and provide reasons as to why certification should not be withdrawn.

8.6. In making its decision, the Committee will consider whether the incident of non-compliance is evidence of a systemic failure of business processes, systems or policies such that they are inadequate to ensure consistent compliance with the Code of Conduct.

8.7. An ADCA Certified Digital Currency Business that receives an adverse finding under the Code of Conduct may appeal the decision to the ADCA Standards Review Committee, in which case the ADCA Standards, Disputes, Complaints Handling and Reviews policy will apply.

8.8. The Committee will not consider individual consumer complaints. Complaints management will be facilitated through the internal dispute resolution processes of the ADCA Certified Digital Currency Business or the EDR scheme appointed under clause 4.2.5.

9.    ADCA Certification Mark

9.1. An ADCA Certified Digital Currency Business will be entitled to describe itself as “ADCA Certified” and to use the ADCA Certification Mark described in Appendix 1.

9.2. A Provisionally ADCA Certified Digital Currency Business will be entitled to describe itself as “Provisionally ADCA Certified” or “ADCA Certification Requested” and to use the Provisional ADCA Certification Mark described in Appendix 1.

9.3. An ADCA Certified Digital Currency Business must include a section on its website in the form prescribed in Appendix 1 that explains the nature and purpose of ADCA Certification and includes a link to this Code of Conduct on the ADCA website.

9.4. Use of the description “ADCA Certified” and the ADCA Certification Mark is limited exclusively to current ADCA Certified Digital Currency Businesses and must be immediately discontinued in the event that certification lapses, is suspended or terminated by ADCA, or withdrawn by the Digital Currency Business.

10. Limitation of Liability

10.1. ADCA Certified Digital Currency Businesses and applicants for ADCA Certification (whether successful or not) agree that they are solely responsible for the provision of products and services to their customers and prospective customers and that ADCA does not provide products or service to those customers or prospective customers.

10.2. ADCA Certified Digital Currency Businesses and applicants for ADCA Certification (whether successful or not) agree that ADCA is not liable for any act or omission of a Digital Currency Business and holds ADCA harmless against any suit, claim, action, investigation, complaint or other request for compensation to the fullest extent permitted by law. To the extent that ADCA is found liable, liability is limited to the amount paid to ADCA by the Digital Currency Business for ADCA Certification.

10.3. Applicants for ADCA Certification or recertification under this Code of Conduct who are unsuccessful and ADCA Certified Digital Currency Businesses whose ADCA Certification is suspended or terminated for material non-compliance with the Code of Conduct, and upon exhaustion of the appeal processes described in this Code, agree that ADCA is in no way liable for any economic loss, loss of profit or other loss associated with the denial or withdrawal of ADCA Certification. To the extent that ADCA is found liable, liability is limited to the amount paid to ADCA by the Digital Currency Business for ADCA Certification.

10.4. ADCA excludes all liability it may have to ADCA Certified Digital Currency Businesses and applicants for the acts and omissions, negligent or otherwise of its officers, employees and other representatives in connection with this Code of Conduct, and to the extent it is unable to rely on such exclusion, limits the total liability of ADCA for such acts or omissions to the total amount of the fees paid by the relevant Member to ADCA in the relevant financial year.

[i] ADCA has adopted the FATF’s definition of virtual currency, found here.

[ii] For example, one Satoshi of BTC is required to access the BTC blockchain, but only represents a small fraction of a BTC and poses no money laundering or terrorism financing risks.

[iii] Benchmarked against FATF Recommendation 1.

[iv] Benchmarked against FATF Recommendations 20 and 21.

[v] Benchmarked against FATF Recommendation 18.

[vi] Benchmarked against FATF Recommendation 5 and 6.

[vii] Benchmarked against FATF Recommendations 8 and 12.

[viii] If the Digital Currency Business also offered traditional remittance services, this is an example of a “designated service”.

[ix] Benchmarked against FATF Recommendations 15 and 16.

[x] Benchmarked against FATF Recommendation 19.

[xi] For example, An AML/CTF program must include a procedure to collect (where the customer is an individual), at a minimum: the customer’s full name; date of birth; and  residential address.  Also, the AML/CTF program must include a procedure to verify, at a minimum:  the customer’s full name; and either: (a)  date of birth; or (b)  residential address.

[xii] Controls may include verifying the payment provider by conducting and recording independent electronic searches on reputable websites, such as a government-controlled banking regulator websites, or an established Digital Currency Industry Body websites.

[xiii] Benchmarked against FATF Recommendation 17.

[xiv] Benchmarked against FATF Recommendation 13 and 17.

© Australian Digital Commerce Association 2017

ADCA