The cryptocurrency market has continued to expand from the types of coins and use cases to the number of participants and the crazy volatility – crypto is crossing over and becoming a permanent consideration or feature in the mainstream. In April 2020, Bitcoin traded at $6,800. Today, it sits at over $30,000, having peaked in November 2021 at $64,400. Bitcoin is just one out of +18,000 cryptocurrencies, which are traded on 460 crypto exchanges.
But as the development of crypto assets has escalated, regulation to protect consumers, support market standards of execution and mitigate fraud has been notably absent. Calls to regulate crypto with suggested frameworks from the global industry were made loud and clear by Binance, Coinbase and FTX in 2021, and the call for regulatory progress and clarity is industry driven in many cases today. The need to engage with industry by our regulators, with a focus on protecting customers, is becoming progressively clear.
The question is, how?
The UK’s FCA, EU regulators and US agencies are all “loudly” working on crypto market regulation. New consultations and legislation are expected imminently. Compliance officers in this space are going to be super busy just keeping up with regulatory change and arbitrage in the space. But is it simply a case of too little, too late and, more importantly, in the wrong place?
Can compliance officers keep up with the new rules?
It’s clear that authorities are stepping up their pursuit to regulate the crypto industry. The following are some of the main announcements that have been released since the start of 2022:
- The FCA has proposed to regulate the financial promotion of crypto assets in the UK.
- The UK’s HMRC has announced further guidance on tax crystallisation for crypto transactions.
- The closure of the FCA crypto asset temporary registration regime.
- In the US, President Biden has signed an Executive Order, directing federal and state agencies to conduct detailed research into creating a consistent regulatory framework for digital assets (crypto) and resolve the differences that currently exist between them.
- In the EU, MEPs have agreed on the draft rules specified in the EC’s Markets in Crypto-Assets (MiCA). These include supervision, consumer protection and environmental sustainability of crypto assets.
- FATF (Financial Action Task Force, an independent inter-governmental body) continues to drive forward the ‘Travel Rule’. This rule was originally applied to cross-border and domestic wire transfers as a way to ensure capture of taxable receipts and prevent money laundering and counter terrorist financing, requiring the facilitator to exchange information on both the originator and the beneficiary of a transfer. This information exchange would now apply to VASPs too, to protect legitimate finance and customers, but there is a very stark downside to the travel rule; potentially compromising data ownership principles under GDPR and creating vulnerable data-rich information pools with highly sensitive personal data at risk. This is quite aside from the leakage anticipated from unhosted wallet information gathering and the very nature of the public blockchain.
Regulation in crypto is starting to take shape which is a good thing, however the sunrise issues around different rules being implemented at different times across different jurisdictions has led to increased levels of confusion and complexity.
Crying out for a unified approach
Is crypto regulation going from one extreme to the other? Authorities are playing catch up to an industry that’s growing and morphing so fast, they have in many cases been caught off-guard with the pace of change and a skills drought. Regulation is at risk of becoming so onerous by trying to fit a crypto-shaped problem into a fiat-shaped solution, some jurisdictions could be regulated out of commercial viability unless they are prepared to pivot.
While we doubt this is an inevitable path, the strictness or restrictions in any given regime is less important right now than the clarity that’s needed for those operating in the space.
With areas like market abuse, conflicts of interest and financial promotions relying in most places on rulings instead of rules, anxiety rises. Compared to regimes afforded to other areas of traditional finance, the crypto industry rightly feels an unlevel playing field is being sought by some regulators who lack confidence in their crypto knowledge, disadvantaging VASPs with questionable benefits.
For instance, in the case of the Travel Rule, as mentioned above, the de minimis threshold for domestic fund transfers in the US remains at $3,000 and in Europe at $1,000, below which the rule does not apply. In the US, the threshold on all international transfers impacted by this rule, including crypto, is expected to be lowered to $250. However, in Europe regulators appear to be considering lowering the threshold to zero, just for crypto.
Furthermore, in the UK crypto firms have been criticised for how and to whom they advertise. As highlighted in the Papa John’s case, engaging with new customers on crypto will likely need to abide by severe restrictions such as no incentivisation and tight limits, even as a UK registered firm. This is not intended to cover trad-fi marketing incentives though, such as discounted trading fees, cashbacks or a free Parker pen. Why is crypto treated differently?
There is a strong desire to see increased cross-border clarity. As tough as it may be, all crypto venues, and in particular those jurisdictions who are competing with each other to be attractive global crypto hubs would benefit from a timely, basic, standard set of principles VASPs can engage with and solution providers can accommodate, irrespective of jurisdiction. Compliance thought leaders and educators need to strive continuously for a strong grasp of their obligations as VASPs expand, pivot and mature to provide the necessary head room for further innovation into Web3.
Perhaps this is asking too much. Will regulators who have already spent significant funds and resource on creating regulation and who do not wish to “lose face” change their process and rules?
Why crypto compliance is crucial
Recent research by Thomson Reuters found that the growth of cryptos is now estimated to be near $3trn in total market capitalisation.
Evgeny Likhoded, founder and CEO of Clausematch, says that such fast growth in popularity and size means that crypto assets are now presenting new risks.
“As criminals have always been early adopters of technology there are multiple AML risks associated with crypto as it is increasingly becoming mainstream and is involved in more activities. Losses from crypto-related crime rose 79% from 2021, driven by a spike in theft and scams. A good sign of the industry growing is that regulators are now introducing more requirements for crypto firms to comply with and setting up working groups aimed at specific threats in the crypto space.”
Examples of effective regulation at a national level do exist. Singapore, Bahrain, the Bahamas and Gibraltar are considered by some in the industry as leading the way on how to provide certainty and collaborative engagement in a crypto regime, with a set of rigorous standards and rules that embody discipline and trust; factors that differentiate compliant VASPs from the rest.
This is what compliance officers in crypto organisations crave. Compliance strives to provide an authentic view of how a company operates and thinks. Compliance just loves it when what the firm says it is going to do, actually gets done.
For the next stage of crypto integration into financial ecosystems, counterparties demand credibility of due diligence, risk management and compliant operations. Consequently, valuations of VASPs will focus on these matters because that’s just how the financial market works.
Regulation in the wrong area?
The rules that currently drive registration of a UK VASP are very CTF/anti-money laundering-centric. Despite the FCA taking their responsibilities seriously to only register appropriately planned and managed businesses, the lack of regulatory norms seen in traditional finance are evident.
Consumers rightly expect a regulator to promote trust. The FCA has a specific objective to encourage competition. Regulatory voices seeking rapid development for these areas have appeared tone-deaf in the past due to the prominence given to AML/CTF and anti-tax avoidance. Perhaps this is because of tax avoidance being of greater concern to central government and the most lucrative wheels squeaking the loudest? It would be encouraging to see at least equal effort going into crypto-market conduct, where both customers and the exchequer benefit from better outcomes.
More attention could be geared towards preventing ‘pump and dump’ schemes and insider trading. VASPs require clear guidance and direction to protect their customers, not solely because of regulatory expectations, but simply to do the right thing… Some VASPs may not even know what good could look like in a regulatory vacuum.
This is not a problem caused by the FCA; the problem is that many agencies, including the UK’s FCA, do not have a mandate from Parliament to regulate crypto, given it currently falls outside their regulatory perimeter because crypto is not (yet) classed as money or a security or A.N.Other regulated asset class.
A more consumer-focused regulatory agenda in crypto needs to be swiftly rolled out to deliver on the potential of crypto mass-adoption.
What can VASPs do?
Regulatory and legislative progress is in flight around the world at incredible speed and compliance officers need to get on board and stay afloat in a rapidly shifting ocean of change. But as discussed, that doesn’t mean that all bases will be covered and they will also likely take some time to come into effect. If crypto companies want to grow responsibly, be viewed as quality organisations and stamp their own credibility on the sector in the UK, they may want to consider the following:
- Prepare thoroughly and register with the FCA as a crypto asset business. It shows that the company’s business plans, wind down contingencies, IT security and resilience, product robustness, design and ethical practices have all been scrutinised. It’s not a guarantee of success or security, but it is a diligent process and we’d all like to see it happen more fluently, faster and through engagement by crypto-SME’s within the FCA workforce. The trad-fi approach of a series of monologues between applicant and regulator isn’t working brilliantly; a more dialogue-oriented approach could improve this?
- Incorporate a high-level corporate governance code across the firm. For instance, the IOSCO Principles for Financial Market Infrastructure (PFMI) is an international standard for financial market infrastructures, such as payment systems or central securities depositories, internationally recognized as key to strengthening and preserving financial stability. The PFMI is not a crypto-specific regime, but it is highly relevant to many crypto firms.
- Adopt proportionate trad-fi approaches when maturing the VASP; for example, when building a product, refer to MIFID II rules as your framework; when building a team, look to SMCR principles. The outcomes are more likely to be aligned with (albeit unspoken) regulatory expectations.
Incorporating voluntary compliance adoption into a VASP in 2022 may be a challenge. It could wait, it’s expensive, it takes time, and it isn’t always considered the “sexiest” of subjects by some players. Building a VASP right first time, in full knowledge that regulation IS coming this year and the next and the next, mitigates the pain in the investment required. For those who believe compliance is expensive, they may find non-compliance comes with an even more unwelcome price tag. Our advice is to structure and prepare now, with vocal backing through sustained tone from the top and budget provision.
This could lay foundations for a more collaborative approach, but we suspect, in the absence of open dialogue, it may only happen in years to come of post-regulatory rule setting and development.
Author: Shelley Schachter, Head of compliance at CEX.io