New Zealand -- Custody Regulations Regulatory Overview

New Zealand's regulatory approach to cryptocurrency and digital assets, including custody, is generally based on applying existing financial markets law, anti-money laundering (AML) and countering financing of terrorism (CFT) law, and consumer protection law where applicable, rather than a bespoke, comprehensive regulatory framework specifically for crypto. The Financial Markets Authority (FMA) is the primary regulator for financial markets, and the Department of Internal Affairs (DIA) supervises AML/CFT compliance.

Here's a breakdown:

General Approach

The FMA has provided guidance on how existing financial markets law (primarily the Financial Markets Conduct Act 2013 and the Financial Service Providers (Registration and Dispute Resolution) Act 2008) applies to crypto-assets. The key determination is whether a crypto-asset qualifies as a "financial product" or "financial service" under existing legislation. Pure cryptocurrencies (like Bitcoin or Ethereum) are generally not considered financial products themselves, but services built around them (e.g., derivatives, managed investment schemes, or certain custodial services) might be.

1. Custodial License Requirements

There is no specific "crypto custody license" in New Zealand. However, a provider offering crypto custody services may need to register as a Financial Service Provider (FSP) or a Reporting Entity under AML/CFT laws, depending on the nature of the service and the crypto-asset:

• Financial Service Provider (FSP) Registration:

  • If the crypto-asset being held constitutes a "financial product" (e.g., a security, managed investment product, or a derivative) as defined under the Financial Markets Conduct Act 2013 (FMC Act), then providing custody services for it would likely require FSP registration and compliance with the FMC Act's requirements for custodians of those specific financial products.
  • If the service involves other regulated financial services (e.g., acting as a trustee or offering managed investment services that include crypto), FSP registration is required.
  • Reference:
    • Financial Service Providers (Registration and Dispute Resolution) Act 2008: https://www.legislation.govt.nz/act/public/2008/0088/latest/DLM1419400.html
    • FMA Guidance on the Application of Financial Markets Law to Crypto-assets (Dec 2021): (You'll need to search the FMA website for the most recent version, typically under "Guidance notes" or "Publications"). The key takeaway is how a crypto-asset maps to existing financial product definitions. Example search result: https://www.fma.govt.nz/news-and-resources/media-releases/fma-releases-new-guidance-on-crypto-assets/ (This links to a media release about the guidance, the full guidance document is usually linked within or discoverable via FMA site search).

• AML/CFT Reporting Entity Registration:

  • Custodial wallet providers and crypto-asset exchanges are explicitly designated as "reporting entities" under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). This requires them to register with the Department of Internal Affairs (DIA) and comply with AML/CFT obligations, including customer due diligence, suspicious transaction reporting, and maintaining a robust AML/CFT programme.
  • Reference:
    • Anti-Money Laundering and Countering Financing of Terrorism Act 2009: https://www.legislation.govt.nz/act/public/2009/0035/latest/DLM2140700.html
    • DIA Guidance for Cryptoasset Reporting Entities: https://www.dia.govt.nz/AML-CFT-Reporting-Entities-Cryptoasset-Reporting-Entities

2. Segregation of Client Assets Rules

• FMC Act Custodians (if applicable): If a crypto-asset service falls under the definition of a "managed investment scheme" (MIS) or other regulated financial product under the FMC Act, then the custodian requirements of that Act would apply. These requirements mandate strict segregation of client assets from the custodian's own assets, independent oversight, and clear trust arrangements.
• Best Practice: Even where not explicitly mandated by law (e.g., for pure cryptocurrencies not deemed financial products), the FMA strongly advocates for robust client asset protection and segregation as a best practice for any entity holding assets on behalf of others. Failure to do so exposes clients to significant risks in case of insolvency or fraud.
• Reference:
  • Financial Markets Conduct Act 2013 (Part 4, relating to Managed Investment Schemes and custodians): https://www.legislation.govt.nz/act/public/2013/0069/latest/DLM2996906.html
  • FMA Guidance on Crypto-assets: Reiterates the importance of good governance and client asset protection principles.

3. Insurance/Bonding Requirements

• No specific crypto custody insurance/bonding mandate.
• FMC Act (if applicable): For entities regulated under the FMC Act (e.g., licensed MIS managers or custodians), there are general requirements for having adequate professional indemnity insurance and robust internal controls, but not a specific "bonding" requirement for crypto assets.
• FSP Dispute Resolution Schemes: All registered FSPs must belong to an approved external dispute resolution scheme, which provides a mechanism for consumers to resolve disputes with the financial service provider. This is a form of consumer protection but not insurance for assets.
• Reference:
  • Financial Service Providers (Registration and Dispute Resolution) Act 2008: Specifies requirements for belonging to a dispute resolution scheme.
  • FMA Guidance on Crypto-assets: Encourages providers to consider their insurance coverage as part of robust risk management.

4. Cold Storage Mandates

• No specific cold storage mandate.
• FMA Guidance / Best Practice: The FMA's guidance emphasizes the importance of robust cybersecurity, internal controls, and risk management for any entity holding digital assets. This implicitly includes the appropriate use of hot and cold storage solutions, multi-signature wallets, hardware security modules (HSMs), and secure key management practices to mitigate the risks of theft, loss, or unauthorised access. These are generally considered industry best practices rather than legal mandates.
• Reference:
  • FMA Guidance on Crypto-assets: Discusses operational risks and the need for robust security.

5. Qualified Custodian Definitions

• No specific "qualified custodian" definition for crypto-assets.
• FMC Act Custodians: The closest equivalent in traditional finance is a "custodian" for a managed investment scheme (MIS) under the FMC Act. These custodians have specific duties, including independence from the manager of the MIS, oversight functions, and stringent regulatory requirements. Whether a crypto custody service would need to meet this standard depends on whether the underlying crypto-asset is deemed part of an MIS or another regulated financial product.
• The FMA's guidance explores the functions of a traditional custodian under the FMC Act and how they might apply to crypto custody, particularly if the crypto-asset itself is considered a financial product.
• Reference:
  • Financial Markets Conduct Act 2013 (Part 4, Subpart 5 - Duties of custodians of MIS): https://www.legislation.govt.nz/act/public/2013/0069/latest/DLM2996906.html

6. Pending Custody Legislation

As of late 2023 / early 2024, there is no specific, dedicated "crypto custody legislation" currently pending in New Zealand.

However, the broader regulatory landscape is under constant review:

• Government Work Programme on Digital Assets: The New Zealand government, through various agencies including the Ministry of Business, Innovation and Employment (MBIE), Treasury, the Reserve Bank of New Zealand (RBNZ), and the FMA, is actively monitoring and considering policy responses to digital assets and the evolving financial landscape. This includes discussions around the future of money, central bank digital currencies (CBDCs), and potential prudential supervision frameworks for novel financial instruments and services.
• RBNZ's Future of Money Programme: The RBNZ has been consulting on the future of money, including issues related to digital currencies and stablecoins. While not directly focused on custody, any changes to the definition of money or prudential regulation could indirectly impact how custody of digital assets is regulated.
  • Reference: RBNZ Future of Money Programme: https://www.rbnz.govt.nz/future-of-money
• FMA's Ongoing Monitoring: The FMA regularly updates its guidance and may issue new warnings or take enforcement action as the market evolves. They maintain a watching brief on international developments.

In summary, New Zealand takes a "technology-neutral" approach, applying existing laws to crypto custody where possible. While this provides some regulatory clarity for certain aspects (like AML/CFT), it also means there isn't a comprehensive, purpose-built framework addressing all nuances of digital asset custody, leading to reliance on general best practices and the interpretation of existing financial product definitions. The landscape remains dynamic.