Many “crypto exchanges” fail to understand that they are money handlers. Basically, “crypto” is not an excuse. The storing of highly sensitive data concerning the exchange of various assets for other assets or monies makes all exchanges subject to regulation. Account numbers, cardholder data, bank statements, and secrets that could be used to commit insider trading are all required to be secured.

Such areas are controlled through regulation, and are maintained by regulatory authorities such as the Securities and Exchanges Committee (SEC) and the Financial Industry Regulatory Authority (FINRA). The claims of blockchain do not relate to an exchange at all. Firstly, blockchain is a settlement function, and next, it is not even remotely related to the clearing function of an individual exchange.

The regulations in force and already in place through the FINRA and the SEC primarily concern communication—the archiving of electronically stored information (ESI) is of specific concern.

In the US, just a few of the regulations, established by the FINRA, include:

FINRA 10–06 — The provision says that financial firms retain records of all social media communications. Such a provision includes any and all “crypto exchanges,” and means that all posted tweets and all communications with those promoting the exchange and any asset on the exchange are retained (which means that a deleted tweet must be recorded as deleted).

— The provision says that financial firms retain records of all social media communications. Such a provision includes any and all “crypto exchanges,” and means that all posted tweets and all communications with those promoting the exchange and any asset on the exchange are retained (which means that a deleted tweet must be recorded as deleted). FINRA 11–32 — Says that tweets and text messages are written material which need to be preserved.

— Says that tweets and text messages are written material which need to be preserved. FINRA 11–39 — Establishes the requirement to retain, retrieve, and supervise business communication, even when such communication is conducted from a personal device.

Many believe that such rules merely apply to US exchanges — which is false. The “Long Arm” provisions of the US allow for interactions with any exchange that:

uses a .com domain;

accepts USD;

holds or trades against USD or USD equivalent (and such means USDT); or

has any network communications that pass a US server at any point in time.

To be compliant, “crypto” exchanges require an immutable archiving system capable of archiving all necessary ESI. And not just capable — one that is in fact capturing all of the information. The mere archiving of data is not sufficient; it must be archived in an immutable format to meet compliance standards.

When an “anonymous coin” such as Zcash is traded, the exchange is in criminal breach when it does not link the withdraw to the individual explicitly. The individual would then be required to retain all movements of the coin — the loss of such records itself being a crime if the amount was to change ; that is, the coin is reported lost, and then is even used (moved).

Enjoy the read…

https://www.finra.org/sites/default/files/SEA.Rule_.17a-4.Interpretations_0_0.pdf