Juan Llanos is a seasoned risk, blockchain and financial compliance expert and certified anti-money-laundering specialist. He writes about risk and virtual currencies on his blog ContrarianCompliance.com.

In this CoinDesk 2016 in Review special feature, Llanos provides a broad look at the trends impacting global regulation in the cryptocurrency and blockchain sectors.

Looking back on 2016, it feels as though most regulators around the world took a year-long vacation from the blockchain and cryptocurrency space.

To be fair, apart from dealing with the anxieties typical of an election year (or the anti-globalization times we are living in), they were listening and learning. The amount of collaboration and mutual education between government and industry over the past year has been remarkable – and for good reason.

Whether on the policymaking, the rulemaking or law enforcement side of government, regulators are grappling with a wave of innovation that is challenging assumptions, beliefs and positions.

Indeed, there’s a long list of questions to consider.

Are blockchains and crypto-tokens attractive to criminals or a threat to national security? Can the new financial intermediaries that use them use the same compliance tools and techniques as traditional financial institutions? Is it possible to evade taxes or break other laws with them? Can better information-sharing and monitoring systems be built?

Are blockchains simple to understand and safe for consumers and businesses to use? What are the risks of financial loss to consumers and investors? If ledgers are public or shared across multiple parties, can privacy and confidentiality be protected and preserved? How far can we go in letting innovators experiment with them? Did company X break any laws with that initial coin offering? What is a smart contract?

Are existing regulatory safeguards adequate and appropriate? Can the same regulations be applied to both closed and centralized decentralized technologies? Can our own oversight of financial intermediaries be streamlined?

How do we enforce our laws without third-party intermediaries? We barely can afford to supervise thousands of entities, how are we going to supervise millions?

Before we unpack these questions, let’s first take a step back.

A year of leniency

That’s not say that nothing happened in 2016. Yet, compared to previous years (and against the expectations of many), government intervention in the cryptocurrency space was almost non-existent.

In January, we learned that the Manhattan District Attorney had shut down over 70 bitcoin scams. Not much else happened throughout the year on the law enforcement side, except for a similar crackdown in Taiwan in May.

A month later, a different type of enforcement action was taken by the CFTC against Hong Kong-based bitcoin exchange Bitfinex. The reason was a series of technical trading violations that cost the exchange $75,000 in civil penalties and an operational retooling that may have also introduced looming vulnerabilities.

On the famously confusing US state-by-state licensing regime front, we learned in August that California had completely overhauled its proposed digital currency bill, effectively kicking the can down the road till next year. In early December, the bitcoin community welcomed the innovation-friendly policy and a new Digital Currency Regulatory Guidance presented by regulatory agencies in Illinois.

Finally, in what was probably the biggest shocker of the year, in mid-November, the IRS requested a massive amount of user and transaction data from cryptocurrency exchange Coinbase as part of a taxpayer investigation. (A few months before, the IRS had received a slap on the wrist for not enforcing cryptocurrency tax compliance).

Elsewhere in the world, Russia and Italy were also pondering taxation of cryptocurrencies.

Two big market failures over the summer, however, The DAO debacle and the Bitfinex hack, have yet to elicit a visible reaction from a regulator.

Many of us suspect that will happen in 2017.

Taming a complex animal

When looking at how this will change, I find it useful to first make a distinction between the three distinct yet interconnected elements that make up a modern nation’s regulatory toolkit: policy, regulation and enforcement.

Also, it is worth bearing in mind that regulation is generally industry-specific (aviation, pharma, financial services), activity-based (market making, money transmission, deposit-taking) and jurisdiction-dependent (each country).

Policy objectives are fairly harmonized across the globe and relatively slow to change. Consumer protection, safety and soundness, stability, transparency are examples of policy objectives in the financial services world.

In a different industry, say aviation, a policy goal would be aircraft security and passenger safety.

Regulation and enforcement tend to be more jurisdiction-specific and malleable to special special-interest influence. Regulatory authority emanates from broad statutes generally prompted by catastrophic market failures, such as the Great Recession, or events, such as 9/11 or the 2004 tsunami in Thailand.

Given its dominant position, the US will impose and enforce rules on trade and national security more forcefully than, say, Argentina, which may not have any.

Naturally, there are differences in approach and attitude towards policy, regulation and enforcement among different political factions.

If formally flawed, regulation can be excessively prescriptive (heavy on detail and length) and difficult to comply with and enforce. If substantively flawed, regulation can have serious unintended consequences: hamper economic growth, and encroach upon people’s freedoms.

Arguably, until now, serious FinTech innovation does not seem to have been a public policy priority in the US under either party.

If the US has reluctantly begun to contemplate alternative licensing mechanisms for FinTech startups, it is a salutary unintended consequence of the apparent “FinTech innovation Cold War” triggered by the UK, Singapore and Switzerland.

Reading Trump’s tea leaves

But, trying to predict the policy direction and enforcement attitudes of the Trump administration is a challenge. The reason is that, in his own words, he is “so unpredictable”.

Yet, Trump aside, change is likely. The US now risks losing its dominant position unless it too reluctantly addresses its “regulatory debt” issues and adapts its regulatory frameworks.

Against this backdrop, both Trump and the Republican Congress are expected to take a laissez-faire stance on regulation. The questions are what sectors or policy objectives will be the new priorities, and whether enforcement would also be loosened up. Tax compliance enforcement is probably a good candidate for lax treatment.

Elsewhere, the massive set of financial regulations known as Dodd-Frank is perceived to be heavy-handed and misguided, and Republicans already have a plan to replace it. The elimination of the Consumer Financial Protection Bureau, created by that statute, would benefit the blockchain industry, but would leave the individual states as the sole prudential regulators of money transmitters.

This quiet spell is probably the closest to a regulatory sandbox that we, US residents, will ever get to experience.

Yes, I do not hold my breath waiting for a financial services sandbox to become a reality in the US. Not even in the Trump administration, and not for bitcoin or open blockchains, at least.

My sense is that, for the foreseeable future, Trump will have bigger fish to fry.

The heaviest and sharpest sword

AML (anti-money laundering) and CFT (countering the financing of terrorism) regulations are the most harmonized globally, and the most difficult to change or ignore. They are, however, selectively enforced based on the authority and resources of each jurisdiction.

Based on his campaign promises, Trump is bound to step up law enforcement and national security efforts.

We would all do well to remain vigilant and concerned about Trump’s foreign policy. A jingoistic policy and enforcement attitude is bound to engender hostility and retaliation. Further, the proven association of cryptocurrencies to terrorism could be catastrophic for bitcoin and privacy-preserving cryptocurrencies.

This would change the status quo, as bitcoin has arguably had an easy ride over the last few years.

Granted, it still carries the negative stigma of its association with scams and criminal use. But, it remains to be seen how long it will take for the US government to begin to consider why it is selectively enforcing regulation in the general finance sector and not in the cryptocurrency space.

Hope for the best, prepare for the worst

In this climate, it’s wise to remember that regulation is inevitable, yet valid, while compliance is onerous, but valuable.

There is always a positive outcome intended by a piece of regulation. I encourage entrepreneurs to focus on attaining those outcomes and policy goals first (spirit over letter) and to strengthen their product and organization from within (substance over form).

In my view, that path forward is along the lines of legitimacy-building and automation.

There has never been a better time to rethink and redefine policy and regulations, to influence and allow oneself to be influenced. I encourage entrepreneurs and regulators to build bridges and collaborate to jointly find answers to the difficult questions above.

Both the industry and the government need it to be on the right side of history.

President Obama image via Shutterstock