MANAGING THE RISK OF REGULATION: HOW SELF-REGULATION COULD REINVIGORATE THE CRYPTOCURRENCY BOOM

Alexander Larsen, FIRM

President, Baldwin Global Risk Services Ltd & Fellow of the Institute of Risk Management

Calls for regulation & the G20 Summit

The cryptocurrency space has been fraught with cases of fraud and scams and with it being such a new industry with little in the way of regulation, it has been an ongoing focus of governments. This focus has only increased in recent months due to the number of high profile incidents, such as the theft of $500 million of digital money from the Coincheck Exchange.

This incident, and subsequent action from the regulators, added to the ongoing pressures to introduce regulation into the cryptocurrency space; assuming that we haven’t seen a bubble burst, it was one of the major contributing factors to the fear, uncertainty and doubt that has seen a cryptocurrency crash and an ongoing bear market, prices having fallen over 70% from all-time highs set in December 2017 and January 2018.

The discussions around Cryptocurrency regulations have even reached as high as the recent G20 Summit in Argentina (March 19th 2018).

Whilst some key concerns around cryptocurrency dangers were highlighted (such as consumer and investment protections and their use to shield illicit activity and for money laundering and terrorist financing), the G20 has rejected calls for regulation and have instead been urged to lessen the risks by working together to improve conduct, market integrity and cyber resilience in the cryptocurrency sector.

This has alleviated some of the fears in the industry of any major regulation being implemented any time soon and opens up opportunity for the industry to work with governments and take action to ensure this delay of regulation becomes permanent.

Response in Japan, UK, South Korea and USA

In a proactive move, The Japan Blockchain Association (JBA) and the Japan Cryptocurrency Business Association are expected to merge to create a new self-regulatory organization to strengthen self-regulation which, if approved, could act as an independent regulatory body of the government.

The UK has followed suit with seven British cryptocurrency companies having set up CryptoUK, a crypto trade association intended to improve industry standards and engage policymakers. Meanwhile, in South Korea 66 members have signed up to the Korean Blockchain Association including 25 of the biggest crypto exchanges with a view to self-regulate.

Perhaps the biggest news however, is that of the Winklevoss twins’ intention to create the Virtual Commodity Association, a self-regulatory organisation meant to police digital-currency markets and custodians in the USA. The high-profile brothers, who run the Gemini exchange, aim to develop industry standards, promote transparency and work with regulators including the U.S. Commodity Futures Trading Commission to prevent fraud.

Benefits of Self-Regulation

Having a self-regulatory body for the cryptocurrency space has a number of benefits to the industry.

Combatting heavy regulation

One of the key benefits is demonstrating that the industry is being proactive and responsible about protecting investors, preventing fraud, protecting against cyber-attacks and stamping out scams. This could be enough to appease regulators enough to delay or stop the introduction of heavy regulation. This assumes that the self-regulation goes far enough and proves to be effective.

By removing the threat of heavy regulation and replacing it with self-regulation, a high level of uncertainty is removed, bringing back confidence in the market and allowing organisations to plan effectively with a renewed focus on innovation.

Fit for purpose and industry specific

Industry driving self-regulation will ensure that this regulation is not only fit for purpose, allowing innovation in the space to continue, but also adaptable and able to evolve according to need or market changes. Additionally, rather than a one size fits all approach, separate and specific regulations could be developed for different types of cryptocurrencies such as privacy coins, smart contracts and settlement networks amongst others. The following graph provides an example of how cryptocurrencies may be differentiated, although this could be split even further.

A global solution

Self-regulation also combats one of the drawback of every country potentially having different regulation, which makes it increasingly difficult for companies to operate on a global scale. Self-regulatory bodies have more opportunity to collaborate with each other and introduce global regulations that are consistent and meet the needs of investors and cryptocurrency companies.

Beneficial to Government

Self-regulation can often be useful for governments too. It is not only faster to implement, but the burden of costs falls on the industry rather than the government. This is a major selling point of self-regulation and as long as governments are involved and are kept informed, they may be happy to leave it in the hands of self-regulatory bodies.

Influence

Another aspect that should be considered as being highly desirable to the industry is that it allows them to lobby, interact with and educate regulators and legislators. This can ensure that any future regulation introduced is not detrimental to the industry and is developed in conjunction with businesses in the space.

Effective self-regulation:

Whilst the benefits of self-regulation are clear, the regulatory body in place needs to be strong, fit for purpose and effective. Some key areas for consideration by newly formed self-regulatory bodies are covered below.

Government supported and backed by law

In order to remove the introduction of government regulation, the industry needs to ensure that the self-regulatory body is backed by law and has a government regulatory partner. A positive relationship needs to be built with them in order to have successful self-regulation. Unfortunately, there is a widely held view within the cryptocurrency space that the government and banks are enemies of cryptocurrency and are looking for every opportunity to shut the industry down. This view needs to change if self-regulation is going to work and if they want the industry to flourish.

Industry support

Another critical success factor will be industry support and involvement in the creation of regulation. This helps the buy-in process and also ensures well thought out and extensive regulations are put in place that have been agreed by all members. The more participation the better as self-regulation can have little effect if companies are not involved.

Accountability

With self-regulation, members need to be prepared to accept that there will be penalties and sanctions for non-compliance. Therefore, a strong accountability program that includes transparent reporting to stakeholders, should be implemented and committed to in writing by members with annual certified compliance submissions. It should focus on sound financial and non-financial practices with oversight and transparency and members should expect for information to be shared with government regulators as appropriate.

Detection

A key challenge with self-regulation is that of detection. There needs to be a system in place for detection from audits and reviews to Incentivize the detection and deterrence of manipulative and fraudulent acts and practices, including partnering with regulators and particularly the CFTC to share or refer information, as appropriate.

What areas should be self-regulated:

Once a self-governing body has been established and has the right framework in place to be effective, the areas of self-regulation to consider are numerous and some examples follow.

Specific requirements dependent on Cryptocurrency status

One of the advantages of self-regulation, as mentioned earlier, is the ability to develop specific regulations for different types of cryptocurrencies depending on their status. Exchanges for example will have very different requirements from privacy coins or technologies that provide a platform for other tokens to be launched such as Ethereum/EOS.

Exchange regulation might focus on investor protection and ensure money on the platform is well protected, enough liquidity is available should the worst happen and all user data is safe. Platform-based tokens on the other hand might focus on ensuring that they do due diligence before allowing a token to be launched on their platform.

ICOs

A major area of concern for regulators has been ICOs. Investors have lost a lot of money as a result of scams and fraud and the industry should focus on ensuring that every ICO meets minimum requirements such as clarity of who the board members are, and ensuring other minimum due diligence has been undertaken by an external and approved organisation, etc. before it can be listed by any of the exchanges that are members of the self-governing body.

Minimum requirements

Fraud and money laundering

One of the ongoing criticisms of cryptocurrencies, whether valid or not, is that it is being used by terrorists and money launderers. Ensuring members properly screen their customers or analyse usage on their exchanges for trends that might indicate criminal activity could be one way of improving the image of the industry.  There needs also to be action taken by members when identifying such activity such as sharing information with the relevant agencies or regulators or freezing assets or accounts.

Cyber Security

Cyber security is the topic that launched regulators into action in the first place. Cyber risk has been a growing threat in the last few years. Going forward we can only expect hackers to become more organised and well-funded, which, alongside advances in AI and technology, will lead to more sophistication in their attacks.

Some organisations are already spending hundreds of millions of pounds on cyber security, whilst governments are spending billions in order to prevent these attacks. It therefore makes sense for the cryptocurrency industry to be working hard to ensure this is the case for them too.

Conclusion

It may not be enough to convince regulators that government regulation is not required. All is not lost however, and just by having self-regulation, the industry will have prepared organisations for a regulated industry making them more resilient to change and therefore reducing the overall impact that regulations have on cryptocurrencies.

This in itself could be enough to reinvigorate the cryptocurrency boom and see new all-time highs in the market and drive innovation further.

Our new Strategic Insights into Cyber Risk course can be found here: https://www.theirm.org/training/all-courses/strategic-insights-into-cyber-risk.aspx

The Institute of Risk Management offers a variety of in-house and public courses on all aspects of risk management, find out more here: www.theirm.org