There is a gap in the regulation of crypto-assets that Congress needs to fix. The gap is contributing to fraud and weak investor protection in the distribution and trading of crypto-assets. In “It’s time to strengthen the regulation of crypto-assets,” Timothy G. Massad discusses how better regulation will benefit crypto investors, further the development of new technologies, curtail the use of crypto-assets used for illicit payments, and reduce the risk of cyber attacks, which can result in collateral damage elsewhere in our financial system. Crypto-assets cut across current jurisdictional boundaries and thus fall into gaps between regulatory authorities. While each of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) has some authority over crypto-assets, neither has sufficient jurisdiction, nor do they together.

The Gap Between Bitcoin’s Promise and Today’s Reality

The hype surrounding Bitcoin and other crypto-assets has contributed to regulatory distraction. Bitcoin’s creators promised it would solve the “trust problem” and reduce our reliance on centralized financial intermediaries. However, it has not reduced our reliance on financial intermediaries or eroded the power of our largest institutions. Indeed, crypto-assets have created new financial intermediaries that are less accountable than the big banks.

The New Crypto Financial Intermediaries

New crypto exchanges and trading platforms are not subject to the traditional standards required of securities and derivatives market intermediaries. As a result, investor protection is weak and allegations of fraud and conflicts of interest are frequent. There are no specific rules to ensure protection of customer assets. One supposed virtue of distributed ledger technology (DLT) is to provide an immutable record of ownership. Yet some platforms do not actually record customer interests on the blockchain and may operate without sufficient assets to cover customer claims. It is like fractional reserve banking without the regulatory framework—or insurance—that protects depositors. There are no rules regarding how trades are executed. Crypto exchanges are not required to have systems to prevent fraud and manipulation, nor are there rules to prevent or minimize conflicts of interest. Crypto exchanges can engage in proprietary trading against their customers, something the New York Stock Exchange cannot do. Regulations to minimize operational risk and ensure system safeguards are needed, just as with securities and derivatives intermediaries.

Timothy G. Massad Senior Fellow - The John F. Kennedy School of Government, Harvard University Former Chairman - Commodity Futures Trading Commission Former Assistant Secretary - Treasury for Financial Stability

Systemic Risks: Cyber Attacks and Illicit Payments

Inadequate regulatory oversight creates broader societal risks with respect to cyber security and illicit payments. Unlike banks and exchanges, crypto intermediaries do not face any specific cyber security requirements, and cyber hacks are common: “Hacking [against crypto institutions] is on the rise because it works.” Crypto institutions are small compared to banking, securities and derivatives markets, but they do not operate in isolation; they have many connections with the broader financial system. A cyber attack on a crypto institution could lead to collateral damage elsewhere. Crypto-assets are used increasingly to avoid government sponsored sanctions and for illicit payments— including ransomware for cyber attacks and transactions in narcotics, firearms or other dark market goods. The lack of transparency on the part of the crypto intermediaries contributes to this problem.

Closing the Gap: How to Improve Regulation

The SEC has jurisdiction over crypto-assets deemed securities, but many crypto-assets—including the most widely traded ones such as Bitcoin—are not securities. The CFTC declared Bitcoin and other virtual currencies commodities, but that does not solve the problem. Derivatives based on crypto-assets are subject to CFTC regulation—such as Bitcoin futures and swaps– as are the platforms that trade such derivatives. But the CFTC has only very limited jurisdiction of the underlying cash market for such crypto-assets—for example, the buying and selling of Bitcoin. That is where most of the activity is today. Congress needs to fix this by creating regulatory oversight of the cash market for crypto-assets, and the trading platforms and other intermediaries that operate in that market. Either the SEC or the CFTC is competent to regulate this area if given the power; it would be inefficient to create a new agency. Massad recommends making the SEC the lead agency. Massad argues we should not defer to state law in regulating crypto assets. This market strives to be international and is best served by a national regulatory framework. The variation in international regulation of crypto-assets should not cause us to hesitate in moving forward; it creates opportunity for the U.S. to exert global leadership. The 2012 law regulating crowdfunding is a good model for Congressional action. That law set principles similar to ones we have followed in the securities and derivatives markets, and left it to the SEC to figure out the details and implement regulations. Congress should do the same thing here.

Regulation and Innovation

Innovative technology does not inherently require a loosening of regulation. It is not necessary to relax the rules on initial coin offerings or create “regulatory sandboxes” where regulations are waived. Whether better regulation favors larger institutions and more centralized applications of DLT and thereby undermines the potential that DLT contributes to more decentralized financial processes is an open question that deserves more analysis.

The Path Forward

Seven direct recommendations flow from this paper. According to Massad, a report from the Financial Stability Oversight Council would be the ideal way to move forward. Industry self-regulatory initiatives are also necessary. Here are the recommendations:

Congress should pass legislation providing the SEC (or alternatively the CFTC) with the authority to regulate the offering, distribution and trading of crypto-assets, including regulation of trading platforms, custodians (or wallets), brokers and advisors. Congress should increase the resources of both the SEC and the CFTC to implement new as well as existing authorities pertaining to regulation of crypto-assets. The legislation should set forth core principles, rather than specifics for regulations, as Congress has done for the futures industry and crowdfunding. Core principles should cover, at minimum, the following: protection of customer assets governance standards (including fitness standards for directors and officers) conflicts of interest, including discretion to the lead agency to set regulations prohibiting or restricting the performance of multiple functions by the same entity; recordkeeping and periodic reporting execution and settlement of transactions in a timely, efficient and transparent manner; pre- and post-trade transparency requirements prevention of fraud, manipulation and abusive practices disclosures to platform users, including regarding fees; order types and policies on execution of transactions; liabilities; and recourse for customers risk management business continuity, cybersecurity, and disaster recovery procedures and backup facilities; financial resources; and AML, KYC and similar measures to minimize illicit activity risk and ensure transparency.

Congress should direct the agency to issue regulations to implement the core principles and on such other matters as the agency believes are necessary to promote transparency, integrity, customer protection and financial stability.

With respect to offshore platforms that solicit or provide access to U.S. investors, Congress should give the relevant agencies the authority to determine whether such platforms should be required to comply with U.S. standards, or demonstrate compliance with comparable standards, or disclose prominently that they do not meet such standards. Congress should direct the relevant agencies to consider whether there may be different ways of meeting core principles for centralized versus decentralized platforms and systems and, where practicable, have regulations that do not favor one approach over another. As a first step toward the development of legislation, the Financial Stability Oversight Council or the Treasury Department should issue a report recommending Congressional action to strengthen and clarify regulation of the sector. The industry should continue to develop its own self-regulatory standards. The legislation should give the lead agency the authority to allocate responsibility for certain enforcement or compliance matters to a self-regulatory entity.