When it comes to cryptocurrency regulation, the SEC considers most cryptocurrencies to be securities, favoring the concept of “same risks, same rules.”
But is it possible that this is not consistent in itself?
The same rules are not followed when it comes to the custody of crypto assets.
The SEC’s famous SAB 121 accounting bulletin changes the accounting rules for the custody of crypto assets, requiring that these assets be disclosed on the balance sheets of listed companies. This violates global accounting standards and has prevented banks from providing custody of cryptocurrencies. The SEC is trying to argue that crypto assets pose high cyber risks.
A new benchmark report on cryptocurrency regulation highlights that cyber risks are not new and are well covered by existing regulations. Thus, by applying the principle of “same risks, same rules”, no additional cyber regulations are needed for crypto assets.
Yesterday, Steven Schwarcz, professor emeritus at Duke University School of Law, published a paper on regulating financial innovation, with a focus on cryptoassets and DeFi.
We want to point out that the paper does not directly mention SAB 121, so it is Ledger Insights that points out the inconsistency. However, the professor’s observation on cyber risks follows directly from his discussion of the controversial application of “same risks, same rules” to crypto.
A thought-provoking article on cryptocurrency regulation
Most regulations focus on details, while Professor Schwarcz reviews high-level models that can be used to regulate fintech innovation. “Same Risks, Same Rules” is one of six models he explores.
While some may disagree with various suggestions, regulatory clarity is necessary for new industries to thrive.
The professor selected salient aspects of the six models to outline a recommended framework for approaching fintech innovation in general. He then applies it to the crypto sector.
Sandboxes, smart contract audits (not just code)
The first step is to set up regulatory sandboxes. The professor takes a pragmatic approach, recognizing that sandbox testing with a few customers will not highlight all potential risks.
Fintech companies need to monitor their risks themselves. However, this will likely not be enough, so a system of monitoring by third-party experts needs to be put in place.
In the cryptocurrency industry, smart contract audits are already widely used to identify bugs and qualify as third-party oversight. But this only addresses one specific risk. A broader range of risks must be explored: risks to the company and its customers, to other market participants, and to the public.
Additionally, the automated nature of smart contracts can trigger a vicious cycle. We have already witnessed several crypto crashes and their impact on crypto lending. The liquidation of collateral leads to a drop in prices, triggering a cascade of additional liquidations.
Stop an accident
In traditional finance (TradFi), this type of problem exists in high-frequency trading, where the suspension of trading allows for risk management. However, the professor acknowledges that this would be difficult to apply in the cryptocurrency sector.
It therefore recommends that companies identify their counterparties and disclose to them the risks they face. If a third-party monitor considers that the company’s use of smart contracts creates a significant risk, “regulators should have the power to suspend a company’s right to enter into new smart contracts.”
In other words, if you can’t prevent a crash by suspending trading, try to prevent it from happening. Although both are desirable.
One can imagine that this suggestion would cause a revolt in the crypto industry, but it has merit, provided that it is not abused and that “significant risk” is properly defined. TradFi has standard risk management approaches that can be modified and transposed to the crypto world. The most responsible players are already doing so.
For example, we know of at least one exchange that saw the Terra Luna collapse coming early because it had systems in place to protect its customers, although arguably its response made the downward spiral worse.
DeFi Regulation
The professor’s approach to DeFi is similar to discussions already taking place about how to identify those responsible, with governance token holders being one avenue.
Another option is to require DeFi platforms to be “provided by centrally registered and well-capitalized entities.” At the same time, he acknowledges that this could negate the benefits of DeFi (low costs), and therefore suggests consulting the DeFi industry before taking any steps in this direction.
When it comes to cryptoassets, he notes that some have proposed the financial equivalent of the FDA. In other words, all fintech innovations would require prior approval. He dismisses this idea as a disincentive to innovation. He writes that it “reverses the presumption, at least in the context of new financial products, that private sector freedom of contract produces beneficial societal outcomes.”
Regarding financial stability risks, the professor points out that fintechs are generally too small to create stability risks. These types of risks come from the actions of systemically important institutions. Therefore, to address this particular risk, limits should be imposed on them rather than on fintechs.
Surprisingly, he does not mention that this is the approach taken by the Basel Committee on Banking Supervision.
Given the seriousness of this article, who knows, maybe he was the one who suggested that banks have a maximum exposure to cryptocurrencies of 1% of tier 1 capital.
