Qatar Central Bank has finally published its DLT (Distributed Ledger Technology) guidebook which came into enforcement on the 22 of July 2024.
As per the QCB, the guideline will cover the interactions with or use of DLT by an entity in any form. Entities need to inform QCB of all potential DLT applications which is only allowed for permissioned based DLT networks.
As per QCB, “Currently, QCB would not permit Permissionless DLT networks.”
QCB noted, “By issuing this Guideline, Qatar Central Bank aims to establish an appropriate regulatory framework for financial institutions in the country in order to develop smart solutions as the Distributed Ledger Technology (DLT) provides the opportunity for financial institutions to develop their services in various ways. DLT provide a transparent and secure platform for recording transactions, enabling instant settlement and reducing the need for intermediaries. Its benefits include increased efficiency, lower costs, enhanced transparency, and improved security, ultimately streamlining processes and fostering greater trust in the financial sector.”
The QCB also noted that it will continue to provide outstanding initiatives that help create a favorable environment for the financial technology sector in the country to grow as this Guideline supports the financial sector development in line with Qatar’s Third National Development Strategy deemed to be the final stage towards achieving Qatar National Vision 2030, which aims to build a digital economy while stimulating the widespread adoption of technology and encouraging technological innovations in various areas, including the financial sector.
In terms of the guideline, entities should elaborate on the strategy that the DLT will be used for. This should include a business case, addresses information and communication technology requirements, information security, and operational risk management (including business continuity, disaster recovery, and resiliency framework).
It should also include implementation plan and architectural roadmap which covers the target IT environment, the transition from the current environment to the target environment and the operating model, including any organizational change or additional skillsets that may be necessary.
Entities are also allowed to use DLT products sourced through a third party who will be subject to an assessment process.
The QCB guideline also discusses the development of a register with complete inventory of all DLT applications which must be maintained on a regular basis.
In addition, entities wishing to deploy DLT, must demonstrate prudential and regulatory requirements are met when using a DLT and that Sector-Specific Security Regulations are followed including
- Evaluate the model used to operate and manage the Distributed Ledger (e.g., a consortium, a single firm) including rules to govern the ledger(s), including Participant and Validator rules, and restrictions.
- Consensus Mechanism approval processes and procedures to grant access to create, read, update or deactivate data stored on the Distributed Ledger(s).
- Ensure integrity of the governance framework in place to manage changes at the DLT level. The Entity must assess its ability to extend control to the DLT parameters and rules required in order to define the governance model in a consistent manner with its risk management framework.
- The Entity must assess the impact of a change of governance on the service delivery.
- Review regulatory and legal issues: The Entity must verify if any of the DLT application’s activities, services or products require licensing, approval, or registration with QCB.
The guidebook also discusses wallets. As per the guidebook, If the DLT includes a wallet solution, there should be strong mechanism for private key storage to prevent theft or corruption. The Entity must select or approve the internal or external security solution(s) chosen to protect private keys, whether the Entity self-custodies or appoints a qualified custodian. These solutions should be evaluated considering internal and external security risks.
The Entity must evaluate the appropriateness of the storage solution and consider additional controls, such as utilizing strictly controlled cold Wallets, for higher risk assets.
This announcement comes, as Henk J. Hoogendoorn, Chief of Financial Services Sector at Qatar Financial Centre in an interview with World Alliance of International Financial centers, announced that the Digital Assets Framework which has been mandated by QFC and Qatar Central Bank will be finalized by the end of 2024.
The Digital asset framework is a solid framework for tokenizing real-world assets such as securities, debt capital market instruments, investments, Sukuk, and other asset classes.
With this Qatar will have moved along not only with its DLT guidelines, but digital assets and CBDC as well.