True Consumer Protection in Crypto Lies Between Centralization and Decentralization

Narratives about crypto regulations and compliance, or lack thereof, are increasingly missing the point. The general purpose of financial regulation is to maximize consumer protection, prevent fraud and abuse, and ensure well-ordered markets. Broadly speaking, the mission is the same in any jurisdiction, and for any financial regulator.

Crypto CEOs Need to Accept That Existing Regulations Also Apply to Them

Brian Armstrong is wrong: Staking is a security and the U.S. Securities and Exchange Commission (SEC) just proved it. He just misunderstood their position. This is where the lack of understanding of regulations on the crypto side is starting to get concerning. If we saw the same level of ignorance of the law in banking board rooms as we’ve seen with crypto executives, we would be excused for withdrawing most of our money and putting it in a safe.

The Coinbase CEO’s preemptive reaction to the SEC action against rival exchange Kraken’s crypto staking shows both a lack of knowledge about what a security is as well as a lack of basic knowledge about when securities laws apply and when they do not. It’s time for crypto executives to stop grandstanding and start getting better, unbiased legal advice.

Timothy Cradle is the director of regulatory affairs at Blockchain Intelligence Group.

Based on the responses from Armstrong and other crypto executives and decision-makers regarding regulations, it is clear many of them do not seem to understand that they are providing regulated services in a non-compliant manner. In the specific case to which Armstrong reacted before the facts were in, the SEC charged Kraken because it was paying interest on deposit accounts. That is a regulated activity that the SEC provides certain exemptions for, e.g., banks don’t have to register with the commission to pay interest on a savings account; it is certainly not the case that crypto companies are exempted from registering for paying interest to depositors just because the deposits are in crypto, as Brian Armstrong seems to assume.

Not only is that not the case, but this is also not the first time the SEC has successfully made this case in the form of an enforcement action. In 2022 BlockFI was fined for providing a similar service – paying interest on deposits – without registering with the commission. Coinbase, itself, received a letter from the SEC warning them away from providing a similar service to BlockFI. So why is it the case that Coinbase’s CEO does not seem to remember this and does not think the rules that apply to other financial services apply to his financial service?

It is either intentional ignorance or literal ignorance. Both are a concern when the future of a multi-billion-dollar financial services company is at stake.

Crypto ‘regulation by enforcement’ is simply not a thing

The problem is the pernicious concept in crypto that goes under the name “regulation by enforcement.” We need to excise this phrase from crypto, not just because it is imprecise but because it simply is not a thing. Regulators in the U.S. are not creating new rules; they are enforcing existing rules. Perhaps crypto executives need a quick refresher on the law and rule-making process:

2. The bill goes to committee

4. The bill is signed into law

5. Regulators write rules to match the intent of the law

6. A comment period is open to the public (no tweets accepted)

7. A final rule is written and published in the Federal Register

There is more nuance to the process, but that is it in a nutshell – it is a multi-year process on average, and that is how regulations are made. Precedent can be set with litigation by the regulators, but again, this action is not rule-making; this is enforcing existing rules.

If regulators have thus far been successful in obtaining enforcements then this should be a huge wake-up call to the crypto industry that financial transactions in crypto conform to regulated financial transactions and, as such, the existing rules apply. If their legal counsel is telling them otherwise, then it is time to get new legal counsel because this is a multi-million dollar lesson that the industry keeps learning and will keep learning until they make a change in strategy. A new lawyer won’t cost as much.

We’re starting to get a growing list of crypto services where one might ask: Is it regulated? And based on the enforcement actions we can say: Yes, unequivocally. Here are some examples:

Staking: Kraken enforcement action 2023

Rewards: BlockFI enforcement action 2021

Lending: Coinbase legal warning from the SEC 2021

Token issuance: Telegram (TON) settlement with the SEC in 2020

Crypto-based derivatives trading: Ooki DAO lawsuit from Commodity Futures Trading Commission 2022

All of these enforcement actions involve regulated activities; and there will be more settlements and enforcement actions to come.

Regulatory clarity is a simple hurdle to clear

Soon we’ll see definitive proof that tokens themselves are unregistered securities when the SEC wins the Ripple case. As if we didn’t already know that via multiple comments from SEC officials.

In the year to come we’ll have more concrete proof that certain crypto services are unregistered futures and derivatives exchanges – based on comments made by CFTC Chair Benham as he ramps up the enforcement division of the commission to set precedents by targeting non-compliant crypto exchanges.

Will it take multiple business failures to convince the crypto industry to mature and take their regulatory reality more seriously in the U.S.? Possibly. What we’ve seen in the past few months from regulators are existential challenges to the crypto industry: The Office of the Comptroller of the Currency and Federal Reserve Board are warning banks away; and Kraken and BlockFI have each received cease-and-desist orders for product lines in the past year. In the past month, we’ve also seen the TZero crypto app (an Overstock product) deciding to discontinue services due to regulatory challenges related to failures in their customer disclosures.

There is one argument in crypto regulation that makes sense: the need for regulatory clarity – though, even this is diminishing with ever more enforcement actions. We may need to trade the bad phrase “regulation by enforcement” for “regulatory clarity by enforcement.” At least the latter is something less difficult to argue against. In other words, why not just continue to ask regulators to state clearly what the rules are instead of begging them to stop suing you?

Regulatory clarity is a simple hurdle to clear. We’ve seen this with money-laundering regulation. In 2019 FinCEN issued FIN-2019-G001, FinCEN’s guidance on the “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies.” Since 2019 there has been nothing in the U.S. with the same level of explicit detail stating how rules apply to crypto and under what circumstances. As a result, we see every crypto company, with few exceptions, registered as a money services business and adhering to the five pillars of Bank Secrecy Act (BSA) compliance.

With the SEC and CFTC, where there is no such explicit guidance, we see continued non-registration and consequent enforcement actions, settlements and cease-and-desist orders. There’s a clear causal relationship here between guidance and compliance.

Therefore, it is time for crypto executives and decision makers to think critically about regulations, stop complaining, hire better legal and compliance personnel who will tell them the hard truths (you are regulated, time to register), and have a more productive dialogue with regulators than they’ve had to date.

Crypto’s Illness: Regulatory Reluctance

Gary Gensler speaks about derivatives and an event hosted by Third Way Think Tank, July 10, 2013. (Photo: Third Way)

The U.S. crypto industry has been learning a rough lesson in regulatory compliance in the past few months. With fines, cease and desist orders, agency warnings, and traditional finance counterparties withdrawing from the industry, it is becoming increasingly apparent that crypto has a compounding problem.

The origin of this isn’t FTX, Voyager Digital, Terra Luna, or any other of the business failures or frauds of 2022. Those are symptoms of another disease. The sickness that’s causing crypto to fumble in front of U.S. regulators and counterparties goes all the way back to the founding principles of Bitcoin and  some of its most prominent industry players.

Crypto, from its inception, was built as an anti-regulatory, anti-enforcement, censorship resistant technology. It’s debatable whether it achieves any of these goals, but this was its founding philosophy and it drives a lot of the decision making in crypto board rooms to this day — that is the sickness that needs to be cured.

What crypto decision makers are finding is that governments and regulators don’t appreciate attempts to subvert established norms. They’re also finding that established laws and norms apply to their novel forms of transactions and regulators are not shy about enforcing these rules and doing what they must to protect what they view as their turf.

For example, in recent months, we’ve seen the sanctity of decentralization challenged in the CFTC vs. Ooki DAO case; staking challenged in the SEC settlement with Kraken; and stablecoin issuance being challenged by the SEC as of mid-February’s disclosed investigation into Paxos.

More pillars will fall. Pending lawsuits will clarify whether token issuance is a regulated activity. The little-noticed CFPB investigation into Nexo will likely prove that crypto providers are regulated under the Consumer Financial Protection Act and Regulation E – which means they must comply with UDAAP (UDAP) requirements under The Dodd-Frank Act and transaction settlement requirements under the Electronic Funds Transfer Act. This investigation could be the CFPB’s first crypto related enforcement action and would set a precedent for every crypto company’s marketing, disclosure, and consumer protection frameworks as well as their transaction processing.

The collapse of FTX and others—including Celsius, where I worked and which I have harshly criticized—may not have been the origin, but it is a spasmodic symptom. What was missing with FTX can be found in existing U.S. regulations: e.g. capital controls, regulatory monitoring and oversight, consumer protections, reporting requirements, bookkeeping requirements, governance requirements and other controls that would have either made the fraud more difficult or made it more evident. FTX, however, could have been perpetrated without crypto. As its new CEO said, it was a case of “old fashioned embezzlement.” But it was the company’s desire to evade stricter regulations that drove it to set itself up in a jurisdiction with lightweight regulatory controls.

Again, the sickness is the anti-regulation mindset.

Crypto was meant to foster financial inclusion and promote a path to financial openness via the publicly available blockchains. However, it contradicts these goals by resisting adequate financial disclosures – this excludes anyone who wants to clearly understand a financial product before using it. Opacity leaves room for abuse, like in the FTX fraud. One would think crypto industry leaders would reconcile this reality and try to do better.

Crypto decision makers who pay lip service to the need for regulatory clarity don’t seem to want to actually be regulated or know what the purpose of financial regulations are. To put it briefly, financial regulations are meant to prevent the abuse of the financial system – either by actors who provide inadequate and inappropriate financial services or by those who intend to use it for criminal means.

The CFTC levied $205 million in fines. And focused on cryptocurrency. Not sayin' they're related, but... (Marco Verch via Flikr, CC BY 2.0).
The SEC has enabled a regulatory vacuum. And you know what vacuums do? They suck. (Marco Verch via Flikr).

We’ve seen this recent resistance from the largest U.S. crypto provider, Coinbase. Both the CEO and Chief Legal Officer have attempted to contradict the SEC’s conclusions in the Kraken case. The CEO tweeting his opposition before the charges were made public and displaying his ignorance of the facts of the case and the law. This wasn’t accidental. It’s clear that he doesn’t want to be regulated under securities laws.

As the SEC Chairman stated in interviews following the Kraken settlement, it is simple for companies to register with the agency to provide what they call staking. Staking is paying interest on deposits, and Coinbase provides this staking service. They try to explain away their unregistered investment product with crypto buzzwords like decentralization, but it seems to be very provable that Coinbase staking is an investment contract and as such is a security.

Given that Coinbase is a public company and already beholden to SEC reporting requirements, it’s difficult to understand their resistance to registering, reporting, and providing public disclosure regarding how the yield on their staking product is generated. One can only conclude that they don’t want to do it, not that it would be any sort of operational or cost-inefficient burden.

Crypto will have to continue to learn expensive lessons until it realizes that it is providing regulated services in the United States. While other countries, and one specific regulator in the U.S., FinCEN, have provided regulatory clarity via specific frameworks or documented guidance, the broader U.S. regulatory apparatus has spoken with one clear voice and said, no new rules, no guidance, just comply with existing rules. It would be in the crypto industry’s best interests to take this hint. It is far less expensive to pause an offering, assess it and apply to register with agencies than it is to absorb multi-million-dollar fines. The problem is that the decision makers in crypto do not want to do this.

It is a problem to ignore regulation because the regulators aren’t ignoring the industry. They are issuing fines, cease and desist orders, and threatening crypto’s ability to exist as a normal financial service. Crypto’s anti-regulation sickness may prove to be a terminal disease if they do not change this mindset.