Notifications
Clear all
Topic starter
22/06/2026 10:04 am
TL;DR: The Philippines’ central bank now requires virtual asset service providers to apply robust due diligence before listing tokens, with ongoing monitoring, delisting thresholds, and a ban on privacy coins, according to SumSub. For identity and compliance teams, the signal is that asset approval is becoming a governance workflow built around traceability, risk, and accountability, not a one-time listing decision.
NHIMG editorial — based on content published by Sumsub: Philippines bans privacy coins and tightens crypto listing and trading rules
Questions worth separating out
Q: How should virtual asset platforms govern crypto listings under tighter regulatory rules?
A: They should treat listing as an ongoing governance process, not a one-time approval.
Q: Why do privacy coins create compliance and control problems for platforms?
A: Privacy coins reduce the platform’s ability to trace who is transacting, how value moves, and whether suspicious activity can be investigated.
Q: What breaks when asset support lacks delisting thresholds?
A: The platform keeps supporting assets after the original risk decision has expired.
Practitioner guidance
- Map token approval to a governed review workflow Assign clear owners for initial listing, periodic reassessment, and removal decisions.
- Define measurable delisting triggers before listing an asset Set thresholds for de-pegging, insolvency, reserve deterioration, scam association, and cybersecurity concerns.
- Separate traceable and opaque asset classes in policy Classify assets by whether transaction monitoring and participant visibility meet your minimum oversight standard.
What's in the full analysis
Sumsub's full article covers the regulatory detail this post intentionally leaves for the source:
- The memorandum’s six-pillar listing assessment model and how each factor is weighted in practice.
- The specific conditions that can trigger suspension or delisting, including liquidity loss, de-pegging, and scam involvement.
- The distinction between BSP requirements and separate securities-related rules for token offerings.
- The privacy coin prohibition and its practical implications for platform support decisions.
👉 Read Sumsub's analysis of the Philippines' stricter crypto listing rules →
Crypto listing rules: what they mean for IAM and compliance teams?
Explore further
22/06/2026 10:48 am
Crypto listing is now an identity and trust decision, not just a market decision. The BSP’s six-pillar assessment model forces platforms to ask who stands behind an asset, whether it can be traced, and whether it remains supportable over time. That moves listing governance closer to an assurance function, where identity, provenance, and operational risk are evaluated together. The practitioner conclusion is that token approval needs the same discipline as other high-risk access decisions.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities.
A question worth separating out:
Q: Who is accountable when a supported token later becomes unsafe?
A: Accountability sits with the provider that chose to support the asset and failed to monitor it against its own criteria. The central bank’s model implies that approval and removal are both governed decisions, so risk, compliance, and operational owners must be able to explain why support continued after warning signs emerged.
👉 Read our full editorial: Philippines crypto listing rules sharpen identity and traceability controls
