Blog article
See all stories »

Cryptocurrency Trading Platform Regulation Proposals

The regulatory perimeter regarding crypto-assets continues to expand.  The latest move comes from the International Organization of Securities Commissions (IOSCO) which released for comment on 28 May 2019 suggested regulatory oversight standards to govern crypto-asset trading platforms (the “IOSCO CTP Proposals”).  Many in the cryptocurrency sector are likely cringing, if they noticed.  Comments are due to IOSCO by 29 July, 2019.

First, the good news.  Policymakers globally are clearly pivoting away from policy stances seeking to ban, or otherwise constrain, innovation in digital asset trading.  Every digital asset issuer and trader should be celebrating this fact.  After two years of regularly asserting that policymakers should recognize the legitimacy of non-fiat currency trading, IOSCO seems to have finally agreed.

Now the bad news.  When policymakers agree that shutting down a market is not advisable, they then traditionally begin to assert jurisdiction over that market in order to ensure:

(i) investor protection,

(ii) fair access,

(iii) market integrity, and

(iv) free flow of supervisory information across borders. 

In other words, the regulatory perimeter expands. 

Background

Financial regulators across all sectors have been scrambling to keep up with innovation in the FinTech and digital asset sectors for the last two years; securities regulators are no exception.  2018 was a frenetic year with six major international regulatory policy groups weighing in on crypto-asset trading in addition to activities at the national level for at least six of the twelve calendar months.

 During the second half of 2018, IOSCO conducted a survey exploring a range of regulatory standards applicable to trading cryptocurrencies.  They received substantial participation from all major jurisdictions globally except for Australia.  The geographic distribution was as follows:

 

High levels of participation from Europe reflect the engagement by regulators at the national level but not the European Securities Markets Authority.  The sole African participant was from the largest trading market on the sub-continent (South Africa).

The survey was conducted by IOSCO’s “Committee 2” which includes, but is not limited to, the membership of the newly established “ICO Network” of securities regulators created in 2018.  The survey had a broad remit, asking detailed questions concerning every aspect of the trading process, from access to price discovery; to custody; to clearing and settlement; to systems integrity/operational risk and, of course, cybersecurity.

Dwindling Regulation-Free Zones

As noted in August 2018, January 2019, and February 2019, financial regulators have been methodically signaling the direction and scope of their engagement with the FinTech/BigTech sectors generally and cryptocurrency trading specifically.  This week’s consultative paper solidifies that policy trajectory by making clear how far the regulatory perimeter will soon extend to the cryptocurrency trading sector.

The IOSCO CTP Proposal suggests strongly that cross-border consensus now exists on a position long held by the Securities and Exchange Commission in the United States and like-minded regulators globally.  Namely, the policy community is making clear that cryptocurrency trading is like any other trading activity in the capital markets.  The IOSCO CTP Proposal implies strongly that these platforms should be subject to the full range of regulatory oversight as other trading platforms.

Policymakers effectively are endorsing the validity of CTPs.  Having done so, however, they are pivoting towards expanding the regulatory perimeter in order to fulfill their statutory missions that require them to safeguard market integrity and investor protection.

What Comes Next

The proposal indicates policymakers are preparing to pivot towards applying regulatory capital, audit trail, conflict of interest, custody, clearing and settlement, and cybersecurity standards to all CTP operators.  Since the comment period expires in July of this year, the timing suggests that final standards would be articulated in the autumn, or by year-end 2019.

Not all policymakers will wait until the final standards have been articulated internationally.  Therefore, we can expect some volatility in the regulatory environment from 3Q2019 into the early part of 2020 as the new approaches become part of the cryptocurrency ecosystem.

Industry members seeking to avoid the most burdensome impacts will need to pivot as well.  Arguments resisting regulatory requirements will need to shift towards identifying why specific technical aspects of the CTP sector require separate or unique standards rather than application of standards crafted for traditional securities trading.

Consider, for example, the proposals regarding treatment of custody standards in the CTP context.  The IOSCO CTP Proposal accepts that custody regarding cryptocurrency trading presents unique characteristics not easily addressed by existing rules.  They isolate three specific types of custody arrangements (hot or cold storage, self-custody through private electronic wallets, and third-party service providers) that likely will require additional elaboration.

The overriding public purpose is to prevent fraud and loss due to operational risks like systems failures and bankruptcy.  Cryptocurrency hardliners will see the effort as intrusive.  But CTP operators (as opposed to issuers) may pivot towards their traditional counterparts and support some regulatory engagement as a mean of sparking confidence among revenue-generating traders and investors by highlighting their credibility due to regulation.

The market pivot is already starting, if my conversations at the Collision technology conference last week are any indication.  Cryptocurrency issuers and trading platforms were at the conference in force, alongside many FinTech companies.  While a handful of firms continued to articulate the traditional anti-regulation (“they can’t stop us!”) slogans, far more firms proudly indicated that they are regulated and subject to regulatory oversight in their home country.  The message was clear: regulatory oversight makes our firm more trustworthy than the competition.

Three Notable Carve-Outs

Three areas stand out as being exempt from the cross-border consensus standards so far.  The three areas are:

(i) national standards about whether the underlying cryptocurrency asset is a permissible subject for secondary market trading,

(ii) price discovery processes, and

(iii) clearing and settlement.

The IOSCO CTP Proposal indicates that policy reluctance regarding price discovery and the post-trade environment have more to do with the nascent state of market development than they do with any regulatory perspectives suggesting these areas should be exempt from regulatory oversight. 

Consequently, when an industry standard has emerged in these areas, policymakers will likely move to extend existing regulatory standards as well.  These are not permanent carve-outs.

One Major Pressure Point -- Anonymity

The IOSCO CTP Proposal fails to acknowledge the one major pressure point that permeates the sector.  It seems to assume that CTP operators can, and will, embrace the need for customer verification and audit trails that underpin many, if not most, of the proposed applications of existing regulatory standards to the CTP context.

This is a problem.  The cryptocurrency sector and, more generally, the underlying technology within distributed ledgers (DLTs) is designed to keep confidential the identity of the transacting parties.  DLTs shift the locus of identity ownership to individuals, leaving authentication to an automated algorithmic process.  The IOSCO CTP Proposal released this week implies that the very anonymity that makes the sector attractive to many participants is precisely the element that must recede in order to assert regulatory jurisdiction effectively.

Industry participants are familiar with this debate.  Some entities (like JP Morgan Chase, which just launched the JPMCoin) are launching their own DLTs which serve as gateways to instant payments, with the company serving as the identity verification agent.  These large firms effectively vouch for the individuals entering the DLT.  To the extent that they permit transactions outside the self-contained company distributed ledger, they will do so only with counterparts that have similarly robust identity verification standards.

If banking is fundamentally about trust, then a gated DLT is an excellent way to evolve the banking business model, particularly if it delivers instantaneous payments that eliminate settlement and credit risks the bank might otherwise have to absorb.  The problem, of course, is that much of the cryptocurrency universe is allergic to the kind of centralization and audit trail elements incorporated into these closed systems.

Viewed from this perspective, the IOSCO CTP Proposal presents a “bank shot” effort to establish authentication requirements in the cryptocurrency sector through the trading gateway rather than through direct regulation of the underlying digital assets themselves.  This approach eliminates the need for policymakers to get drawn into messy, often polemical, debates regarding fiat currencies and central banks.  The question is whether cryptocurrency market participants are savvy enough to realize the implications of these proposals.

It will be interesting to watch this debate unfold over the next 18-24 months.

6730

Comments: (1)

Barbara Matthews
Barbara Matthews - BCMstrategy, Inc. - Alexandria, Va 31 May, 2019, 12:56Be the first to give this comment the thumbs up 0 likes Updates....after this was published, the Financial Stability Board released its report on cryptocurrency to the G20 (just before next week’s annual summit AND the Bundesbank President publicly warned about the monetary policy and financial stability issues raised by both cryptocurrencues and central bank digital currencies. The last 24 hours validate the policy trend projections provided in this blogpost.