When it comes to cryptocurrency regulation, the SEC views most cryptocurrencies as securities, favoring the concept of ‘same risks, same rules’.
But is it possible it’s not being consistent itself?
The same rules aren’t being followed when it involves the custody of crypto-assets.
The notorious SEC accounting bulletin SAB 121 changes the accounting rules around the custody of crypto-assets, requiring those assets to be disclosed on the balance sheets of listed firms. That contravenes global accounting norms and has prevented banks from providing cryptocurrency custody. The SEC tries to argue that crypto-assets have elevated cyber risks.
A new heavyweight paper on crypto regulation points out that cyber risks are not new and are well covered by existing regulations. So using the principle of “same risks, same rules”, no additional cyber regulation is necessary for crypto-assets.
Yesterday Steven Schwarcz, Distinguished Professor at Duke University School of Law, published a paper on regulating financial innovation, with a focus on crypto-assets and DeFi.
We’d note that the paper does not directly mention SAB 121, so it is Ledger Insights that’s highlighting the inconsistency. However, the Professor’s cyber risks observation directly follows his discussion of the controversial application of ‘same risks, same rules’ to crypto.
A thought provoking paper on crypto regulation
Most regulations focus on the minutiae, whereas Professor Schwarcz reviews the high level models that can be used in regulating fintech innovation. ‘Same risks, same rules’ is one of six models he explores.
While some may disagree with various suggestions, regulatory clarity is necessary for new industries to flourish.
The Professor selected the salient aspects of the six models to outline a recommended framework to address fintech innovation in general. He then applies it to the crypto sector.
Sandboxes, smart contract audits (not just code)
A first step is to provide regulatory sandboxes. The Professor has a pragmatic view, recognizing that sandbox tests with a few customers won’t highlight all the potential risks.
There’s a need for fintech firms to self monitor their risks. However, that’s not likely to be sufficient, so there should be a system of third party expert monitoring.
In the crypto sector, smart contract audits are already widely used to identify bugs and qualify as a type of third party monitoring. But that only addresses one specific risk. A broader range of risks need exploring – risks to the firm and their customers, to other market participants and the public.
Plus, the automated nature of smart contracts can trigger a vicious cycle. We’ve already witnessed multiple crypto crashes and the impact on crypto lending. The liquidation of collateral leads to price declines, sparking a cascade of additional liquidations.
Stopping a crash
In traditional finance (TradFi) these sorts of issues exist in high frequency trading, where suspending trading helps to address the risk. However, the Professor recognizes that would be tricky to enforce in the crypto sector.
Hence, he recommends that businesses identify their counterparties and disclose the risks to them. If a third party monitor finds the firm’s smart contract usage creates significant risk, then “Regulators should have the power to suspend a business’s right to enter into new smart contracts.”
In other words, if you can’t stop a crash by suspending trading, then try to prevent it from happening in the first place. Although both are desirable.
One can imagine that the suggestion would cause the crypto sector to be up in arms, but it has merit, provided it’s not overused and one appropriately defines ‘significant risk’. TradFi has standard approaches to risk management which can be tweaked and ported to the crypto world. The more responsible players already do this.
For example, we’re aware of at least one exchange that saw the Terra Luna collapse unfolding early on, because they had systems in place. Hence, they protected their clients, although arguably their reaction exacerbated the downward spiral.
DeFi regulation
The Professor’s approach to DeFi resembles discussions already taking place about how to identify responsible people, with holders of governance tokens being one avenue.
An alternative option is to require DeFi platforms to be “provided by centrally registered and well capitalized entities.” At the same time, he acknowledges that could nullify DeFi benefits (low costs), so suggests consulting the DeFi industry before taking steps in this direction.
Regarding crypto-assets, he observes that some have proposed the financial equivalent of the FDA. In other words, all fintech innovations would need approval in advance. He dismisses this as an innovation killer. He wrote that this “reverses the presumption, at least in the context of new financial products, that private-sector freedom of contract produces beneficial societal outcomes”.
In the case of financial stability risks, the Professor notes that fintechs are generally too small to create stability risks. These sorts of risks come from the actions of systemically important institutions. Hence, to address this particular risk, there should be limits on them rather than fintechs.
Surprisingly, he doesn’t mention that this is the approach taken by the Basel Committee for Banking Supervision.
Given the gravitas of this paper, who knows, perhaps he was the one that suggested banks have a maximum crypto exposure of 1% of Tier 1 capital.