Background
It is often claimed that external risks such as major regulation are impossible to manage, and certainly in an industry that is mostly unregulated such as the cryptocurrency space, the claim could be even more justified. This article hopes to prove otherwise however, with some examples of how the cryptocurrency space is already adapting and trying to reduce the impact of regulation through self-regulation and ideas of what self-regulation might look like.
Calls for regulation & the G20 summit
The cryptocurrency space has been fraught with cases of fraud and scams and with it being such a new industry with little in the way of regulation, it has been an ongoing focus of governments. This focus has only increased in recent months due to the number of high profile incidents. Following the theft of $500 million of digital money from the Coincheck exchange earlier this year, Japan’s financial regulator ordered all cryptocurrency exchanges to submit a report on their system risk management in relation to managing their customer assets and measures to counter cyberattacks.
The incident, and subsequent action from the regulators added to the ongoing pressures to introduce regulation into the cryptocurrency space and has been one of the contributing factors to the fear, uncertainty and doubt that has seen a cryptocurrency crash and an ongoing bear market with prices having fallen over 70% from all-time highs set in December 2017 and January 2018.
The uncertainty surrounding regulation also makes it very difficult for companies in the space to properly plan or remain innovative until there is more clarity over what regulation will look like. Some of the technology being developed for example may fall foul of future regulation whilst certain countries may prohibit investing in certain types of cryptocurrency.
The discussions around Cryptocurrency regulations have been as far reaching as the G20 Summit in Argentina (March 19th2018). The G20 has rejected calls for regulation which has alleviated some of the fears of any major regulation being implemented any time soon, but it still leaves the uncertainty of future regulation or country specific regulation being put in place. This positive news is therefore the ideal time for the industry to take action and ensure this delay of regulation becomes permanent.
Response in Japan, UK, South Korea and USA
Japan
In a proactive move, and perhaps to avoid heavy regulation, The Japan Blockchain Association (JBA) and the Japan Cryptocurrency Business Association are expected to merge to create a new self-regulatory organization to strengthen self-regulation and if approved, could act as an independent regulatory body of the government. It’s interesting to note that JBA has already set an example for the industry, having established self-regulation standards which includes the use of cold wallets amongst its 15 crypto exchange members although it has become clear that this was not enough.
UK
In the UK, according to the Financial Times, and in what seems to be a move inspired by Japan, “seven cryptocurrency companies have set up the UK’s first crypto trade association in a bid to inject more legitimacy and transparency into the sector while authorities weigh up a potential clamp-down.” The association in question is CryptoUK which has been put in place “to improve industry standards and engage policymakers”.
South Korea
In South Korea, 66 members have signed up to the Korean Blockchain Association (KBA) including 25 of the biggest crypto exchanges with a view toself-regulate. KBA is said to be looking closely at how the Japanese approach develops.
USA
Perhaps the biggest news however, is that of the Winklevoss twins’ intention to create the Virtual Commodity Association, a self-regulatory organisation meant to police digital-currency markets and custodians in the USA. The high-profile brothers, who run the Gemini exchange, aim to develop industry standards, promote transparency and work with regulators including the U.S. Commodity Futures Trading Commission to prevent fraud.
These responses should be seen by investors and the cryptocurrency space as a whole, as very positive. In fact, it would do the industry good to focus more on using self-regulation as a way to reduce the risks of regulation if it wants the market to recover and innovation to continue.
What is self-regulation
Self-regulation, in the majority of cases, is when regulatory authority which usually creates regulation, enforces it and punishes any behaviour that is in breach of the regulation, is delegated to a private entity or body. In some cases, self-regulatory bodies may only create and enforce the regulation whilst passing the responsibility of punishment on to a formal regulatory authority instead.
The body will usually be membership based requiring its members to sign up to the self-regulatory requirements and punishments and in many cases, members will police each other. Some bodies will have statutory backing whilst others won’t and it very much depends on the motivations for self-regulation. For the cryptocurrency space however, which is seeking to keep heavy regulation at bay, it is crucial that any self-regulatory body will need to have statutory backing and close ties to government regulators.
Benefits of Self-Regulation
Having a self-regulatory body for the cryptocurrency space has a number of benefits to the industry.
Combatting heavy regulation
One of the key benefits is demonstrating that the industry is being proactive and responsible towards protecting investors, preventing fraud, protecting against cyber-attacks and stamping out scams. This could be enough to appease regulators enough to delay or stop the introduction of heavy regulation. This assumes that the self-regulation goes far enough and is proving to be effective.
By removing the threat of heavy regulation and replacing it with self-regulation, a high level of uncertainty is removed bringing back confidence in the market and organisations can plan effectively with a renewed focus on innovation.
Fit for purpose and industry specific
With the industry driving self-regulation, it will ensure that it is not only fit for purpose, allowing innovation in the space to continue, but also adaptable and able to evolve according to need or market changes. Additionally, rather than a one size fits all approach, separate and specific regulations could be developed for different types of cryptocurrencies such as privacy coins, smart contracts and settlement networks amongst others. The following graph provides an example of how cryptocurrencies may be differentiated although this could be split even further.
A global solution
Self-regulation also combats one of the drawback of every country potentially having different regulation, which makes it increasingly difficult for companies to operate on a global scale. Self-regulatory bodies have more opportunity to collaborate with each other and introduce global regulations that are consistent and meet the needs of investors and cryptocurrency companies.
Beneficial to Government
Self-regulation can often be useful for governments too. It is not only faster to implement, but the burden of costs falls on the industry rather than the government. This is a major selling point of self-regulation and as long as the government are involved and are kept informed, they may be happy to leave it in the hands of self-regulatory bodies.
Influence
Another aspect that should be considered as being highly desirable to the industry is that it allows them to lobby, interact with and educate regulators and legislators. This can ensure that any future regulation that is introduced is not detrimental to the industry and is developed in conjunction with businesses in the space.
Effective self-regulation:
Whilst the benefits of self-regulation are clear, the regulatory body in place needs to be strong, fit for purpose and effective. Some key areas for consideration by newly formed self-regulatory bodies are covered below.
Government support and backed by law
In order to remove the introduction of government regulation, the industry needs to ensure that the self-regulatory body is backed by law and has a government regulatory partner. A positive relationship needs to be built with them in order to have successful self-regulation. Unfortunately, there is a widely held view within the cryptocurrency space that the government and banks are enemies of cryptocurrency and are looking for every opportunity to shut the industry down. This view needs to change if self-regulation is going to work and if they want the industry to flourish.
Industry support
Another critical success factor will be industry support and involvement in the creation of regulation. This helps the buy-in process and also ensures well thought out and extensive regulations are put in place that have been agreed by all members. The more participation the better as self-regulation can have little effect if companies are not involved.
Accountability
With self-regulation, members need to be prepared to accept that there will be penalties and sanctions for non-compliance. Therefore, a strong accountability program should be implemented and committed to in writing by members with annual certified compliance submissions. It should focus on sound financial and non-financial practices with oversight and transparency and members should expect for information to be shared with government regulators as appropriate.
Detection
A key challenge with self-regulation is that of detection. There needs to be a system in place for detection from audits and reviews to incentivised Incentivize the detection and deterrence of manipulative and fraudulent acts and practices, including partnering with regulators and particularly the CFTC to share or refer information, as appropriate.
Reporting
The whole purpose for self-regulating the cryptocurrency industry is to avoid heavy regulation and improve transparency and investor protection. As a result, there should be transparent reporting that meets the needs of each stakeholder and provides the right level of transparency and information sharing needed to ensure confidence in the process.
What areas should be self-regulated:
Once a self-governing body has been established and has the right framework in place to be effective, the areas of self-regulation to consider are numerous and some examples follow. This is not an exhaustive list and indeed is only a very high-level overview of what should be considered. The real requirements, as mentioned previously, should be designed and agreed by the members who offer expertise in their fields.
Cryptocurrency status protocols
One of the advantages of self-regulation, as mentioned earlier, is the ability to develop specific regulations for different types of cryptocurrencies depending on their status. Exchanges for example will have very different requirements from privacy coins or technologies that provide a platform for other tokens to be launched such as Ethereum/EOS.
Exchange regulation might focus on investor protection and ensure money on the platform is well protected, enough liquidity is available should the worst happen, and all user data is safe. Platform based tokens on the other hand might focus on ensuring that they do due diligence before allowing a token to be launched on their platform.
ICO’s & determining cryptocurrency status
A major area of concern for regulators has been ICO’s. There have been numerous out right scams as well as frauds when it comes to ICO’s being launched. Investors have lost a lot of money as a result and the industry should focus on ensuring that every ICO meets minimum requirements before it can be listed by any of the exchanges that are members of the self-governing body.
Minimum requirements such as clarity of who the board members are, checking that a physical address isn’t a “boiler room” address, ensuring other minimum due diligence has been undertaken by an external and approved organisation, etc.
Further work can also be done to analyse what type of cryptocurrency status the particular ICO will fall under as mentioned earlier (Privacy coin, smart contract etc.) and this could be extended to all members of the self-regulatory body. This can be determined from a legal analysis through to a technological analysis.
Fraud and money laundering
One of the ongoing criticisms of cryptocurrencies, whether valid or not, is that it is being used by terrorists and money launderers. It is therefore important to tackle this issue before it gets any further attention. Ensuring members properly screen their customers or analyse usage on their exchanges for trends that might indicate criminal activity could be one way of improving the image of the industry.
There needs also to be action taken by members when identifying such activity such as sharing information with the relevant agencies or regulators or freezing assets or accounts.
Cyber Security
Cyber security is the topic that launched regulators into action in the first place. Cyber risk has been a growing threat in the last few years. A recent report claimed that the risk in 2016 was four times higher than in 2015. 2017 was worse again. Going forward we can only expect hackers to become more organised and well-funded, which, alongside advances in AI and technology, will lead to more sophistication in their attacks.
Some organisations are already spending hundreds of millions of pounds on cyber security, whilst governments are spending billions in order to prevent these attacks. It therefore makes sense for the cryptocurrency industry to be working hard to ensure this is the case for them too.
Transparency requirements
Transparency requirements should be a basis of the regulation put in place and should cover aspects such as:
- Conflicts of interest, Modern Slavery and ethics
- Responsible financial management that ensures confidence for investors in the financial status of companies.
- Investors complaints and communication process
Is self-regulation enough?
The cryptocurrency industry is a financially-strong industry, which is a pre-requisite to having successful self-regulation as a struggling industry is more likely to cut corners in its attempt to survive.
However, there are major challenges ahead. In various studies and theories such as Carlo Scarpa, “The Theory of Quality Regulation and Self-Regulation,” and the Australian Consumers’ Association, reporting to an Australian Taskforce in Industry Self-Regulation, it was found that self-regulation is more successful where non-compliance does not pose a high risk or serious harm to investors.
It is clear that the cryptocurrency space does indeed pose a high risk to investors. Other characteristics that are less favourable (and which describe the cryptocurrency industry) include an industry still in infancy and the absence of any cohesive industry association.
Additionally, the European Union (EU) study on self-regulation in Ecommerce highlighted:
- The problem of enforcement if there is no statutory backing;
- unless participation is obligatory, regulatory measures affect only those disinclined to flout the rules;
- procedures can fall short of standards that would be set by courts (for example, for civil liberties);
- the burden of the costs of regulation may discourage participants and thus fall on the consumer;
It is therefore wise that organisations and the industry as a whole should consider other Risk Management solutions alongside self-regulation such as identifying current regulation in other industries (such as the tech industry) and reviewing current business practices that could potentially fall foul of future regulation.
Conclusion
Risk Management seeks to mitigate risk by reducing the likelihood and/or impact of an event occurring. In this case, the introduction of regulation is the event in question and self-regulation is the solution to mitigate it.
Self-Regulation may reduce the likelihood of regulation being introduced but as we have covered with the EU and Australian Taskforce findings, even if self-regulation is successful, it may not be enough to convince regulators that government regulation is not required. All is not lost however, and just by having self-regulation, it will have prepared organisations for a regulated industry making them more resilient to change and therefore reducing the overall impact that regulations have on cryptocurrencies.
The conclusion therefore is that self-regulation, alongside other risk management solutions, has the potential to reduce both the likelihood and impact of regulation being introduced and the huge reduction of uncertainty that comes with it. This in itself should be enough to reinvigorate the cryptocurrency boom and see new all-time highs in the market and drive innovation further.
Alexander Larsen
President, Baldwin Global Risk Services Ltd
Fellow of the Institute of Risk Management
www.baldwinglobal.com
Twitter – @AlexLarsen_Risk
Email – Al@baldwinglobal.com