Two Q&As on how to regulate crypto
We’ve belatedly read Goldman Sachs’s crypto-themed “Top of Mind” report from Friday. It has a good timeline of the digital shenanigans as well as offering pretty charts and interesting interviews with, among others, former SEC chair Jay Clayton and former CFTC chair Tim Massad.
Given the current pertinence of the regulatory views on crypto — ranging from stricter controls to “let it burn” — and Clayton and Massad’s stints as the top US regulators when crypto first started inflating, we thought we’d share the Q&A with readers.
One thing that struck us is that despite Massad and Clayton earlier this month presenting a joint plan on how to regulate crypto, Massad argues that a lack of US regulatory clarity has been harmful while Clayton, bluntly, calls this view “garbage”.
The questions in italics are from Goldman’s senior strategist Allison Nathan. To aid navigation we’ve bolded up some of the most interesting bits of the answers.
The Jay Clayton interview
GS: To what extent was FTX’s collapse a failure of regulation?
The forensic analysis of FTX’s collapse is in its early days, but we do know a few things. One, that FTX’s difficulties were centered in its offshore operations that were located in a place where regulation is nascent, which is almost always a recipe for disaster. This situation seems most comparable to the fraud perpetrated by Allen Stanford, where there was the facade of a regulated bank, but no inspection, no financial reporting, and none of the hallmarks of regulation. So, the collapse of FTX is firstly an age-old lesson that unregulated markets are dangerous. The law is words plus, importantly, enforcement and oversight, and no greater place of oversight and enforcement exists than in the US regulated financial markets. So, as investors depart from those markets, the risk goes up. And crypto is at the high-risk end of the spectrum. Investors have no regulated US intermediary assisting them in accessing their crypto investments. There is no regulated offshore exchange associated with those crypto investments, and no body of law deters bad actors in those jurisdictions from entering the market. That’s a cocktail for bubbles and fraud.
The second thing that seems fairly clear at this point is that FTX’s customer assets were comingled with the assets of the enterprise. That’s almost universally abhorred in US financial markets because the lack of segregation of customer assets, as well as no real custody of the assets, is undoubtedly problematic. So, where did regulation fail? In the places you’d expect: jurisdictions where no regulation exists, and where fundamentals around customer protection were violated.
Some observers have argued that a lack of regulatory clarity in the US has pushed much of the activity and risk taking in the crypto ecosystem towards such jurisdictions. What’s your response to that?
That’s garbage. The US has a very rigorous and paternalistic regulatory regime for financial services. The amount of time and money that US financial intermediaries spend on compliance and ensuring that their products are suitable for their clients is enormous. Crypto proponents have complained that this stringent regulatory regime is inconvenient. And it may be; by design, it’s very difficult for US retail investors to access private, unregulated investments. But that’s an active choice that the US has made, and it’s very clear. So, the problem is not a lack of clarity around regulation. The problem is that people engaged in the crypto ecosystem don’t like the existing regulations because compliance is costly. The claim of regulatory uncertainty is in many cases no more than a thinly veiled attempt to avoid these costs.
But isn’t there some confusion about how digital assets are classified from a regulatory perspective and therefore which agency has oversight?
The focus on this classification issue is misplaced and, again, nothing more than an attempt to avoid regulation. Regulators designated bitcoin a commodity in 2015, and some crypto proponents argue that many digital assets should similarly be treated as commodities, not as securities. I believe that most digital assets are securities. The likely motivation behind these efforts to seek commodity classification is that, while commodity futures markets are highly regulated, commodity spot markets have no federal regulator, and are therefore regulation lite. The limited regulation in the spot commodity spot market is a long-standing issue that probably should be addressed with a narrow fix, but crypto proponents are endeavoring to exploit the situation to avoid the high costs of regulatory compliance. Attempts to use this difference in securities and commodities regulation to leave a substantial swath of digital assets unregulated are just absurd. The reality is that the vast majority of digital assets are clearly securities, as demonstrated by several cases the SEC has brought and won around this issue, and broader claims about a lack of regulatory jurisdiction or authority are largely baseless. The US has a multifaceted regulatory regime comprised of many agencies, including the Fed, SEC, FDIC, CFTC, OCC, etc. Between these agencies, many more overlaps than gaps exist.
So, you see no need for new regulatory agencies and/or tools for the digital asset ecosystem?
No. The idea that we somehow need a new regulator because technology has enabled a different way to deliver the same product is also absurd. What we need is the type of interagency cooperation that has occurred many times in the past. The SEC and CFTC have effectively worked together on many areas where their jurisdictions have overlapped, such as the swaps market that covers securities, and the joint rulemaking that the Dodd-Frank legislation required. I am hopeful that the recent crypto turmoil will lead to a similar joint response from the regulatory agencies that makes it clear how crypto entities can comply with existing regulations. Again, many crypto proponents who are trying to find an unregulated space between the regulators aren’t going to like a coordinated effort. But regulators can’t make an exception to a body of law that covers tens of trillions of dollars in annual transactions just because the promise of a new technology is so great, and crypto proponents shouldn’t ask them to. Instead, they should make the case that the capabilities of crypto are so vast that regulatory objectives can be achieved with greater efficiency.
But doesn’t the decentralized and global nature of digital assets make applying existing rules to them challenging?
The technological aspect isn’t the key challenge. The challenge is that US regulations don’t extend far beyond US borders. So, if an entity is committing fraud in a jurisdiction that the US doesn’t regularly cooperate with from an oversight and enforcement perspective, the chances of any meaningful remedy are very low; I say to investors all the time, if money disappears in these jurisdictions, you’re not getting it back. This isn’t a digital assets issue, it’s a cross-border jurisdictional issue. If investors participate in, say, a penny stock offering in a non-money centered jurisdiction, and the proponent of that offering vanishes, investors will encounter the same problem.
All that said, is there anything that US regulators can and should do from here?
Yes. Former CFTC Chairman Timothy Massad and I have laid out several areas where regulators can take action. First, regulators should require all crypto intermediaries to implement basic customer protections. The SEC and CFTC should issue a core set of standards for consumer protection, which could easily be drawn from existing requirements for US securities and derivatives exchanges, and mandate that all crypto trading venues abide by them if they’re not already registered entities with the SEC or CFTC. This would ensure a basic set of protections while the classification issues that many entities have been exploiting are resolved. Second, regulators need to continue to vigorously enforce the regulations that are already on the books. Trading platforms that are trading securities need to be brought into compliance with SEC rules. The SEC’s crackdown on unregistered initial coin offerings (ICOs) that I oversaw was necessary because these offerings flouted the rules for public offerings, often failing to provide even basic financial information or risk disclosures. Both the SEC and the CFTC have also brought a variety of actions against unregistered or illegal products, Ponzi schemes, and other scams, and they should continue doing so. This could take many forms, one of which may be to simply deem products illegal, which has already occurred, for example, when products are deemed vulnerable to use in money laundering or terrorist financing activities. Third, regulators need to focus on bringing stablecoins into regulatory compliance. Many stablecoins have unstable features often associated with counterparty and credit risk that should be regulated as cash equivalents would be for traditional financial intermediaries. Banking regulators should take the lead on this, but the SEC and CFTC can help by requiring that intermediaries only deal with stablecoins issued by a regulated entity that holds reserves in cash and high-quality liquid assets.
If all of that is left to be done, should regulators have accomplished more in the space now?
More can certainly be done, but we should take some comfort that the current turmoil in the crypto ecosystem has not spilled over to the financial system. That’s largely because unregulated digital assets have not been integrated with the core of the credit-based financial system. The credit for that, however, primarily goes not to the regulators, but to regulated entities. Regulators rarely give credit to the regulated for good decisions. But the reality is that in the US, we rely on regulated institutions to make good decisions. Regulated entities have rightly chosen to take a cautious approach to providing products that offer widespread access to digital assets until it is clear that entities engaging with those assets are compliant with regulatory norms. So, I take my hat off to the regulated industry that has made the hard decisions to stay away from digital products that could pose substantial risk to their clients, and ultimately, the broader financial system.
How important is proposed congressional legislation to regulating the space?
Most legislative proposals in Washington don’t become the law. So, waiting for Congress can be like waiting for Godot; that’s not a winning strategy for any administrator. An administrator’s job is instead to enforce and improve upon the existing laws and regulations and bring discipline and rigor to the marketplace. The SEC is made up of about 5k employees who perform the same job every day regardless of who is heading up the institution or what’s happening in Congress. That said, the current legislative proposals can be divided into a few different categories. Some proposals relate to incentivizing cooperation across the federal financial regulators. Some deal with the integration of new technology into existing laws and regulation by, for example, addressing issues like how to custody a digital asset, or whether a stablecoin with particular characteristics should be considered a security like a mutual fund or a deposit like a banking product. And some proposals are more comprehensive bills that endeavor to create a new regulator or a new regulatory scheme for digital assets. While Washington can always surprise, I think some legislation in the first two categories has a significant chance of becoming law, but the chances of a comprehensive bill passing are remote at best. Regardless of what happens on the legislative front, regulatory agencies on their own can make substantial progress in enhancing the safety and security of the digital assets space.
All that said, can digital assets, whose value proposition seems to lie in their decentralized nature, really ever flourish in a regulated regime?
I’m optimistic that they can. The promise of distributed ledger technology is remarkable given how many transactions are already taking place around the globe 24/7 with very few frictions. That undeniably demonstrates that the opportunity to improve the efficiency of traditional financial markets is vast. But, again, we cannot and will not give up a proven and widely accepted regulatory framework in order to achieve those efficiencies more quickly.
Readers will be forgiven a hollow laugh at Clayton’s argument that US regulators rely on institutions making “good decisions”, and might well want “” added to his claim that a bazillion low-friction financial transactions around the world prove the value of blockchain. Anyway, onwards to . . .
The Tim Massad Interview
GS: To what extent was FTX’s recent collapse a failure of regulation?
FTX’s collapse is largely attributable to the lack of a regulatory framework. Investor protection standards that have been developed through decades of experience in the securities and commodity derivatives markets aren’t being observed in the crypto market. One FTX entity that was observing those standards was apparently LedgerX, its derivatives exchange that is registered with the CFTC. LedgerX didn’t file for bankruptcy, and it appears to be sound. The rest of the FTX US operations, as well as most other large crypto trading platforms in the US, that are venues for spot market as opposed to derivatives trading, aren’t registered with either the SEC or the CFTC. They are essentially only subject to state money service business laws. Those laws trigger the application of federal anti-money laundering requirements, but otherwise are woefully inadequate from an investor protection standpoint. Those laws originated in the telegraph era to regulate Western Union offices in different states; they’re remnants of a bygone age. They don’t contain anything remotely like the standards we impose on securities and derivatives exchanges today. So, saying that US crypto entities are well-regulated by these state laws is akin to saying that the stock market was well-regulated prior to the 1929 crash under state blue sky laws.
Why haven’t traditional investor protection standards been applied in crypto markets?
The development of appropriate regulatory standards for the crypto industry has long been hampered by disagreements over whether crypto tokens should be classified as securities or commodities. The SEC has the authority to regulate securities and has brought lawsuits to establish that certain crypto tokens are securities. But that has yet to change the industry’s mindset, and trading platforms have continued to argue that they’re not trading securities, but rather commodities, so they haven’t registered as securities exchanges. This is where the issue of “regulatory uncertainty” comes up, but I think crypto proponents exaggerate this problem as a way to avoid the costs of compliance. We need to fine-tune some requirements so they work for crypto, but that doesn’t mean you shouldn’t comply at all. This argument also exploits a gap in the regulatory framework. During my tenure as chairman of the CFTC, we declared bitcoin and other virtual currencies to be commodities, which gave us authority over the trading of crypto derivatives products. But neither the CFTC nor any other federal agency has the authority to set standards for the spot market for cryptocurrencies that aren’t securities, such as bitcoin, and that is where most of the trading occurs. This has led to a lack of basic protections for crypto investors.
Why are commodity spot markets unregulated at the federal level?
Historically, there wasn’t a federal regulator of spot commodity markets because these markets were local and for physical goods — wheat, cotton, cattle. I often compare the CFTC’s regulation of the trading of crypto derivatives to the CFTC’s regulation of the trading of cattle futures. Nobody ever argued that the CFTC should regulate the buying and selling of cows. So, the framework of US commodity regulation was always federal regulation of the derivatives market — where people were hedging exposure to the physical market — but it was never federal regulation of the spot market. Those physical commodity spot markets for cows or oil or wheat were never retail markets. But crypto is different and that’s the problem: it began as a retail financial instrument from the start, it was global, and it triggered a lot of speculation. That has made this lack of spot market regulation a significant risk to investors.
Isn’t it clear at this point that crypto spot markets should be regulated? Why haven’t we seen more progress on this front?
The crypto spot market should be regulated, but progress has been slow, in large part because regulation always lags innovation, and crypto is still a relatively new innovation. And despite the obvious gap in the regulatory framework, the crypto industry has had little interest in fixing it, fearing that greater regulation would undermine either the promise of the technology or at least their ability to make money. So, there has been no organized interest pushing Congress to respond, and not much tends to happen in Washington without that. Unfortunately, it often takes failures like the FTX collapse to spur action. All that said, more should’ve been done by now in terms of providing authority to either the CFTC or the SEC to set standards for the crypto spot market. I wish Congress had done that years ago.
So, this is a job for Congress then, not for the regulators themselves?
Congress could legislate standards, but the SEC and CFTC could also establish common standards for trading venues regardless of whether tokens are considered securities, commodities, or something else, and then persuade the crypto industry to comply. This is what former SEC Chairman Jay Clayton and I have proposed they do. These standards would be drawn from existing requirements for securities and derivatives exchanges that are designed to protect customer assets, prevent fraud and manipulation, prohibit conflicts of interest, ensure operational resilience, etc. The two agencies could then convince crypto trading venues to adopt these standards by establishing an interim period during which the venues wouldn’t be shut down for failing to register with either the SEC or the CFTC so long as they comply with the standards. This would assure the platforms and their customers that operations would continue — on a much more responsible basis — while classification issues are resolved, at which point regulators could require crypto platforms to register as securities exchanges if they deem them to be trading securities. This would be an avenue to substantially improve investor protection in the near term, and could eventually be codified by Congress.
What else can be done to strengthen investor protection?
The other way to do this is for the SEC and the CFTC to jointly create a new self-regulatory organization (SRO) — as recently suggested by Harvard Law Professor Howell Jackson and myself — the mission of which would be to protect investors and financial markets by developing and enforcing much-needed standards for the crypto industry. We see several benefits to such an organization. One, creating an agency jointly overseen by the SEC and the CFTC could avoid the need to litigate whether digital assets are ultimately securities or commodities, the debate which led to the current problem in the first place. Two, an SRO would bring in the necessary expertise from the industry, which would be particularly valuable when it comes to challenges like how to implement standards for decentralized finance platforms. Three, an SRO would be an effective way to make the crypto industry pay for the development and implementation of regulation. Four, its creation would require no new legislation; the SEC and CFTC each have the existing authority to establish an SRO, and precedent exists for joint-agency SROs. But this could also be codified by Congress. The problem is that the US’ fragmented financial regulatory system, consisting of different regulators for different product groups and institutions, makes it difficult to respond to certain types of innovations. A unitary regulator with broad power to set standards would be better placed to do so.
Haven’t the recent crises proven that the crypto industry shouldn’t be left to self-regulate though?
The concept of a “self-regulatory” organization is often misunderstood; in US financial markets, it doesn’t mean that the industry regulates itself. Rather, an SRO operates under the jurisdiction and supervision of a regulatory agency. While it brings in industry participants to formulate rules, those rules are approved by the regulatory agency, as are the board members and other actions taken by the SRO. FINRA and the National Futures Association are the classic examples of SROs, and those organizations have been incredibly important in the development of US securities and derivatives markets. SROs can only work if they are tightly supervised by the government. Former SEC Chairman and Supreme Court Justice William O. Douglas, the driving force behind the creation of the SRO model, said it best: the only way self-regulation could work was for the government to “keep the shotgun, so to speak, behind the door, loaded, well-oiled, cleaned, ready for use”. That’s precisely the method of SRO supervision Jackson and I have advocated for by proposing joint SEC and CFTC oversight.
Even if such a national agency were to be created, wouldn’t the global nature of digital assets make it difficult for it to effectively protect investors?
Not necessarily. Regulation is always implemented through national authorities, and crypto is a global market, so it will always be challenging to protect investors. To do so will require similar types of regulatory frameworks in other countries. But US regulators have faced and overcome such challenges before. During my tenure at the CFTC, we developed effective standards for previously unregulated over-the-counter swaps, based on principles agreed to by G20 leaders, and then different national rules were harmonized across borders. The same international cooperation could absolutely be employed in regulating the crypto space.
Are you concerned, though, that tougher regulation in any jurisdiction could push much of the activity in the crypto ecosystem towards jurisdictions that don’t adopt such standards?
Not particularly. People made the same argument about regulating swaps, but for the most part these products didn’t move to less-regulated jurisdictions. Neither did initial coin offerings following the SEC’s crackdown several years ago. And even if tougher regulation does push crypto activity towards regulation-lite jurisdictions, US regulators have some means to protect US investors, including by restricting access to and relationships with platforms based in such jurisdictions.
Ultimately, how can regulators find the right balance between protecting investors and not stifling innovation in a still-nascent crypto industry?
The regulatory framework for crypto shouldn’t depend on agreeing on a view about the future of the technology. There are those who think crypto will ultimately transform the financial system. And then there are those like Charlie Munger who think crypto is “partly fraud and partly delusion”. Regulators shouldn’t try to figure out which camp is right, but instead focus on crafting a framework that protects investors and minimizes the risks of financial instability while not hobbling innovation in the industry. Crypto proponents, who have been very politically active in an attempt to stave off stronger regulation, will probably argue that any regulation will hobble innovation. But I don’t believe that more transparency, better disclosures, limiting leverage or conflicts of interest, etc. would hurt any truly valuable innovative potential of crypto.