The Thai Securities and Exchange Commission (SEC) issued regulations requiring digital asset business operators that provide custody of clients’ digital assets to "establish a digital wallet management system to accommodate efficient custody of digital assets and keys and ensure safety of clients’ assets."
The new regulations cover three requirements:
1) Policy and guidelines for "overseeing the risk management of digital wallets and keys" (defined as a cryptographic key or any other data that must be kept confidential in order to be used for approval of transfers or transactions related to digital assets in digital wallets), as well as communication to "clarify such policy, action plans and procedures, work supervision and internal control to ensure compliance with the policy."
2) Policy and procedures for "designing, developing and managing digital wallets as well as creating, maintaining and accessing keys or other related information appropriately, securely and safely."
3) Contingency plan should an event occur that may affect the management system of digital wallets and keys. This includes "laying out and testing action procedures, designating responsible persons and reporting the event. An audit of system security is also required as well as digital forensic investigation in case of any event affecting the security of systems related to digital asset custody, which could cause significant impacts on clients’ assets."
The regulations came into effect on 16 January 2023. Digital asset business operators that had provided custody of clients’ assets prior to the effective date of the regulations are required to fully comply within six months from the effective date.