1. |
External audit.
|
|
a. |
VASPs shall appoint an independent third-party auditor to perform an audit of the financial statements of the VASP in order to make available an annual report, and promptly notify VARA of the full name and contact details of the auditor upon appointment. |
|
b. |
The annual report of VASPs shall promptly be made available to their clients and VARA upon request. |
|
c. |
VASPs should understand the steps taken by the auditor in proving the existence and ownership of Virtual Assets and ascertaining the reasonableness of the valuation of Virtual Assets. |
|
d. |
The accounting information given in the annual report shall be prepared in accordance with generally accepted accounting principles. |
|
e. |
If requested, VASPs shall procure relevant counterparties to cooperate with the auditor and to provide with the auditor all necessary information for the auditor to conduct the audit. |
|
f. |
VARA may in its sole and absolute discretion require a VASP to appoint alternative auditors if their original auditors are not deemed appropriate for the size and complexity of their business and in terms of reputation.
|
2. |
Internal audit.
|
|
a. |
VASPs shall, where applicable, establish and maintain an objective internal audit function which shall be independent of the operational function and submit regular reports directly to the Senior Management. |
|
b. |
VASPs shall establish and maintain clear policies in defining the role and responsibilities of, and the working relationship between, the internal and external auditors. |
|
c. |
The internal audit function shall—
|
|
|
i. |
perform audit work regularly and at least on a quarterly basis; |
|
|
ii. |
inform the Senior Management of findings and recommendations; and |
|
|
iii. |
follow up with and resolve matters or risks highlighted in the relevant reports.
|