Section 2: UPDATE ON THE REGULATORY POLICIES
GENERAL APPROACHES BY GOVERNMENTS
Globally, regulatory bodies have been rather calm recently; we have seen relatively fewer media articles, compared to previous times. Interestingly, political crack-downs appear to be proportional to Bitcoin’s price, which makes perfect sense.
Despite this, apparent calm does not mean that regulators have been idle. Our review of press releases indicates that the implementation of crypto or blockchain-related regulations is occurring almost every other day; for something like 200 jurisdictions on the planet, that’s not surprising. But in general, we observe that the stances taken by officials and regulators have been in line with what they have previously indicated, thereby confirming their positions/views.
A few countries that had negative approaches are changing their tone, although not always with full acceptance of cryptocurrencies, they are at least acknowledging the potential of distributed ledger technologies; Indonesia is an example.
As for coordinated financial regulation, the Basel Committee is working on the prudential treatment of crypto assets, intending to reach an agreement on how much capital lenders should hold to cover the risks inherent to holding crypto assets. Compared to the usual critics of Bitcoin and the like, this is quite an exciting move – acknowledging a reality!
STATUS REGARDING OFFICIAL INITIATIVES TO PASS FIAT ON DLT
The most significant sign of progress has come from China, where a central bank-issued cryptocurrency is expected to circulate soon. While the infrastructure is believed to be quite similar to that of Libra, the intrinsic value of this token will be the Chinese yuan or renminbi. So, the release of this Chinese cryptocurrency should first be adopting blockchain support to emit the central bank money, then invite people to use it for representation and exchange of value. But many interesting aspects are yet to be clarified:
• How much of the currency will be released in this manner? And will it be accompanied by a destruction of equivalent paper fiat?
• How will it compete with the traditional currency transacted by commercial banks? Such a full-scale experiment is going to be very interesting to study.
• Will this money be available for payments abroad, including for foreigners to own and use, even outside of China? In this respect, the intentions of Chinese regulators are ambiguous, as they have actively sought to prevent citizens from taking money out of the country, while at the same time pushing for international recognition of the renminbi as a reserve currency able to compete with the US dollar, thereby also bypassing the western banking/financial system. In the eyes of Chinese officials, Libra’s movements have no doubt stressed the urgency to move. Exciting times ahead!
Benoît Coeuré, a member of the European Central Bank, has been given the responsibility within the Bank of International Settlements to head the Innovation Hub, to foster international collaboration among central banks on innovative financial technology. Among the areas of focus for the assignment are the Central Bank Digital Currencies (CBDC), global stablecoins, and other payment innovations. The BIS also claims to be planning to look at “regtech”, digitization of financial titles trading, and financial disintermediation.
The truth is, with varying willingness to publicly discuss it, most central banks are actively studying how they can do it, and what the impact would be. Examples are numerous: the European Central Bank has confirmed it is exploring the feasibility of a DLTbased euro as a retail and wholesale currency; others include Tunisia, Canada, Russia, and Sweden. Arguably, today no central banker can afford not to consider it, at least from a feasibility perspective, in terms of supporting their national currency. But the debate around possible changes to the circulation process, that is, controlling who is going to be entitled to possess and exchange it (licensed banks only vs. open) has not commenced.
REGULATION OF INITIAL CRYPTO-ASSETS OFFERINGS
Fundamentally, there is not much that is new in terms of intentions to regulate ICOs.
Capital raising via ICOs has shrunk drastically. This is all far less of a hot topic than it was in 2018. The prices of most ICOs had collapsed, down to their initial offering price or below, justifying the warnings of financial watchdogs around the planet at the time when ICOs were popular.
A correlated observation is that investors who lost money have not complained a great deal, clearly indicating they were aware of the potential risk of losing all of their investment (which mostly happened). This suggests that individuals who got (and continue to get) involved felt (and feel) responsible for the outcome, and generally were aware of the asset category they were getting into. Arguably, they were knowingly operating in this hazardous environment, showing that people can act without being watched after / protected all the time by their governments.
Anyway, it all looks like a fire that extinguished itself before it became an actual problem for officials in charge. Currently, some ICOs are launching in jurisdictions that are comfortable with the nature of tokens, which are now clearly described in official documents, in addition to their whitepapers.
Investors are excluded if they are citizens of countries that have expressed opposition (or indeed, threats), and these ICOs are making an effort to apply KYC to subscribers – to avoid being accused of taking dirty money. Past ICOs that have not complied with this is potentially in trouble. However, there are very few actual cases of judicial action, just a few that are there to establish jurisprudence and scare others from bending the rules too far.
Speaking of this, in this section, we usually present details of a US SEC case! This time, let’s study the Telegram dispute. Telegram raised $1.7 billion in the first half of 2018 to build the TON blockchain, and almost 40 of the 171 investors were US citizens, who contributed about 25% of the total. However, Telegram did not deliver the GRAM tokens to its investors by the scheduled date in October 2019.
Some US investors complained and were unable to agree with Telegram. Importantly, the SEC did not dispute the characteristics or the legality of the token offering, as the issue was designed to attract experienced investors, and complied with the regulations. However, the SEC was concerned that a secondary market for the token was immediately available, where fewer experiences investors may not be aware of all the risks. It is not unclear how the SEC will move to address this concern: let it go or create new ad hoc rules.
Besides ICOs, irrespective of the type of investor associated with a token, especially for clear financial titles, we have observed that the applicable laws are generally deemed to be good enough by the regulators. In practice, however, existing regulations have to be adapted to allow for the new functionality proposed by DLT management, to be effectively used and leveraged (typically, the possibility to hold and transfer these assets more quickly). But the financial obligations of the issuer are pretty much the same, with a few exceptions. So, we are not seeing the appearance of new, specific pieces of regulation, but rather the incorporation of the original supporting medium of representing assets into the existing frameworks.
KYC / AML / CFT
More than ever, the position of regulators can be summed up, as Julie Myers puts it: “Money laundering, fraud and the financing of terrorism are serious crimes that have significant global effects. Any technology that has the capability to be used for these crimes must be regulated in some way to mitigate those risks.”
Privacy / confidential cryptocurrencies regulations
Anonymous cryptocurrencies are built purposely to free people from controls, while on the other hand, officials and governments will never be keen to allow value to be moved anonymously in cyberspace. So again, frontal opposition is expected to lead to a fight. However, this quarter, we have not seen any concrete moves in that direction, probably due to the sluggish market for anonymous cryptocurrencies.
The only thing we see is that, for exchanges, the listing of privacy coins may ultimately be considered by regulators to be a breach of KYC, as these coins prevent any identification of the origin of funds. In anticipation of clampdowns, many exchanges have already been removing trading and custody of
privacy coins, and at present, only around one-third of exchanges are proposing them.
Implementation by crypto actors
UK banks are looking at a blockchain-based solution relying on Factom and developed by the start-up, Knabu, to tackle their KYC obligations. Despite the incumbents’ aversion to the blockchain, we expect more banks to embrace these systems, which will produce significant savings in operational costs to resolve their legal obligations.
Meanwhile, a survey has concluded that two-thirds of the top 120 crypto exchanges had weak KYC policies.
On-chain KYC management is closely linked to identity management. Please refer to the extensive coverage of this topic in the previous issue of Blockchain Quarterly.
Interestingly, managing KYC on-chain might not be technically complicated; what matters is that a credible authority can be created on-chain – or rather, that an existing official body can be given access to operate on-chain.
In general, on an open chain, anyone can propose the issuing of digital identities. Ideally, all of them being under the same format, to enable interpretation in the same manner by all applications that need to access them. But only real-world qualifying authorities (e.g. regulators, certified agencies, notaries) will, at the end of the day, be respected for financial KYC. Hence the importance of involving relevant governmental departments!
DATA PRIVACY PROTECTION COMPLIANCE
The European Union is spearheading regulation to protect data privacy; it has enforced the General Data Protection Regulation (GDPR). While this has had a massive impact on businesses, especially the internet giants, blockchain has fundamental issues when it comes to complying with the regulation. Let’s dive a bit deeper into this topic.
In a nutshell, the principles of transparency and traceability of data entered permanently in an open ledger is a concern when it comes to operating in jurisdictions that intend to permit access, rectification and deletion of personal data upon request of the relevant individuals.
The European Parliament has issued a report titled, “Can distributed ledgers be squared with European data protection law?” In this paper, the researcher highlights the fundamental incompatibilities that appear, point by point. Very interestingly, blockchain complies with some GDPR requirements: transparency, accuracy and integrity is, of course, more comfortable to demonstrate on a DLT-system. However, the principles of purpose limitation and data minimization are not significant concerns; they are to be taken into account when designing the applications. So, the most worrisome questions interest, with no surprise, the right to erase private data – the right to forgetting – and the confidentiality / protection of private data.
However, the report falls short of proposing paths to solve the issues. So, let us consider this here. The approaches we envisage that can be pursued to try to resolve the problems, and use DLTs in a compliant manner are the following:
In principle, we can state that a fully decentralized platform proposes a set of instantiated logic, available to anyone, with the developer having no liability.
Going further, if an individual perceives an advantage in using an on-chain service/logic, and is required to share his or her data, then it is arguable that the benefit obtained from the platform should justify the publication, even forever, of the data. This justification is a practical one, not solving the core issue, but merely making it legally acceptable. Everyone then is free to participate in the system if they wish to benefit from it.
It can be demonstrated that the handling of aggregated private data will no longer be private. Hence a service that handles the private data of several individuals off-chain, before aggregating it and inputting it on-chain, could be a potential business opportunity to comply with GDPR.
Pruning can be considered a possibility to erase data from the ledger after a given period has elapsed (not upon request of users).
By the way, as a general comment, States are slightly schizophrenic when, on the one hand, they insist on tracking and controlling all financial flows via KYC, and on the other hand, they impose regulations on businesses to ensure confidentiality and self-control of data owned by corporations.