Crypto: The road to regulation is not the road to perdition.

I have been writing about crypto (including regulation) for some time, have practised as a regulatory lawyer for 30 years and authored numerous books. Here are my latest observations on the tumultuous events of the last week.

As a preliminary comment, the word ‘token’ is today used to refer to a crypto (digital) asset, but as I have pointed out in a previous article, the use of tokens in an economic setting has existed for at least two thousand years. Bitcoin and other crypto could be viewed as a modern incarnation using technology (blockchain). Try checking out a ‘Roman token’ (or spintria), with a Google search (and please do not let it detract from the seriousness of the subject).

Traditionally, there have been two sides to the crypto debate. One side has focused on the decentralised nature of crypto assets operating on the blockchain, sometimes arguing that it can be trusted inherently and that it enhances democracy by making decentralised finance available to all. Also said that transactions that exist only in cyber space, cannot be regulated, or regulated in the same way as centralised financial markets. The other side tends to argue that no system can ever be trusted inherently, less still one that is subject to no (or little) regulatory oversight and that regulation is itself a badge of trust. The truth probably lies somewhere in the middle. No financial system (decentralised or otherwise) is risk-free nor can be trusted blindly but also is never beyond the scope of regulation (or even taxation for that matter). Gibraltar has positioned itself at the vanguard of regulation and more jurisdictions are now seeking to regulate this space.

Another point worth making is that technology applications have been used in financial services (and other business sectors) for many years (with varying degrees of success). The difference may well be that in the crypto sector technology drives the business rather than technology simply helping the business or informing it to take decisions. The mainstream financial market has also had risk management and corporate governance ingrained over many years. Admittedly, this failed spectacularly in the 2008 banking crisis. But the traditional crypto space tends to be more concerned about the technology and less about the risks. Regulation tries to address these issues, although not without its challenges, because a business can have all the trappings of regulation but for this to be effective, risk management and governance needs to be embedded in the business and this sometimes may require a cultural change in a space which until recently was largely unregulated.

Of course, crypto is still very much in its infancy and therefore the traditional financial markets can provide helpful insight on many of the issues now facing the sector. Let us look at some of these.

A criticism often levelled at crypto is lack of transparency. From another perspective, however, it is actually more transparent than other sectors as any crypto enthusiast (and there is an army of them on social media platforms!) is able to scrutinise transactions real-time on the blockchain. What instead is needed (primarily) is licensing and regulation that ensures customer funds and money remain safe in market venues where users buy and sell or trade crypto assets. They are not taking deposits like a traditional bank would do (borrow to invest). As such, consumer protection should apply to customer assets and money to the extent that they remain so in accordance with applicable rules. In this regard, custody ordinarily requires more than just segregation of assets/money in order for those assets/money not to represent the property of a firm and therefore to be protected against third party creditors.

Another criticism is leverage. But many corporate groups across all business sectors use some form of leverage or another. Leverage also exists in financial transactions of all types and financial markets of all kinds. That in itself is not objectionable. However, it requires an understanding of the inherent risks (e.g. group contagion) assuming the arrangements comply with the applicable rules (whatever those may be in the relevant business sector). This has been a focus of regulators within the traditional financial market for a long time. Crypto is a new sector and there is still a lack of knowledge and understanding that comes from many years of experience. But there are common historical lessons to be learnt.

FTX started to raise concerns because it appears that customer assets were lent to another group company for them to trade. This was reportedly in exchange for tokens issued by the group as collateral. It created a counterparty risk in the event of trading losses (especially as the value of the collateral itself would be impacted) and also led to questions being asked about use of customer assets. This would not have been a problem if disclosed to the regulators, authorised by customers and if there was no breach of customer funds or other applicable rules. The matter is now the subject of regulatory and other agency investigations in multiple jurisdictions. Of course, for the wider sector it will likely mean far more scrutiny and increased regulation, requiring operators to adapt business models to play the long game (as we saw in mainstream finance, post the 2008 global banking crisis).

One of the other key risks within any regulated environment (especially in owner-managed businesses) is a dominant CEO without a strong executive team and board of directors. I articulated this risk in my governance book over 10 years ago. In retrospect, FTX was a business that ostensibly placed its founder CEO at the centre of everything the group did. It cannot now escape scrutiny around corporate governance.

Crypto was supposed to provide an alternative to the banking system which many crypto enthusiasts regarded as unsafe. But banks are highly regulated and have the central bodies as the lender of last resort. They are also covered by local deposit protection schemes. Crypto have neither. It is therefore much more challenging for regulators and policymakers.

That is why crypto regulation and enforcement of rules are essential. They will not stop business failures because, as I have often said, that would be impossible with or without wrong-doing. The traditional financial industries (broker, banking, insurance and dealers) have rules that are intended to address many of these risks (Basel, Solvency 2, MiFID). Admittedly, these are often far too prescriptive. But no one would today articulate an argument against regulation of any of these sectors. Instead the debate may be about whether there should be more or less regulation (e.g. ‘principle’ or ‘rules’ based).

The crypto sector needs to have a mature discussion with policyholders and regulators globally (rather than avoid the issue altogether) in order to at least try to influence the outcome where reasonably possible. Ironically, that is what the CEO and founder of FTX was attempting to do in Washington DC. At least he got that right, even if of no consolation now. But it is more important than ever that this continues.