The Reason Crypto Regulation Is Turning Out to Be So Difficult

The tension between the crypto industry and regulators has reached a near-fever pitch in the last couple months. First was August’ infrastructure bill, which contained a provision for taxing crypto that was impossible for some of the crypto entities caught in its net to comply with. (Although the House eventually realized it was unworkable, the language was not revised, basically collateral damage due to the pettiness of a representative who didn’t get a provision he had wanted.)

During that time, Crypto Twitter attacked a number of governmental figures, with much ire directed at the main regulator that could bring down the burgeoning world the crypto industry believes it is building: US Securities and Exchange Commission chair Gary Gensler. One crypto entrepreneur, railing about Gensler, said he had “Goldman vampire blood.”

Shortly thereafter, Brian Armstrong, CEO of Coinbase, the first crypto company to be publicly listed in the US, published a tweet thread calling the SEC’s behavior “sketchy.” He alleged that the SEC had deemed Lend, a new product Coinbase wanted to launch a security — even threatening the company with a lawsuit if it were to launch Lend — while refusing to talk with Coinbase or Armstrong or explain why.

The subetxt to these clashes is an area of crypto known as decentralized finance or DeFi. In a previous article, I wrote about how many entrepreneurs dream of creating a decentralized network similar to bitcoin, but one that offers a different financial service. Some of them have created what they believe are decentralized lending protocols, decentralized exchange protocols, decentralized derivatives, etc.

What makes such a service decentralized, ideally, is the lack of centralized intermediaries with CEOs and boards who are hiring people to take customer information and keeping track of the financial activities with that system. However, in reality, many of these services are created by centralized companies, though the goal is to eventually set the technology free to run autonomously as smart contracts, or pieces of software, that don’t need an office full of humans to keep on top of everything. Many of these are released with a so-called “governance” token whose holders act in lieu of a corporate structure and can vote on upgrades and other changes to the network.

This is the core tension that regulators and the crypto community are at odds over now. As Collins Belton, founder of Brookwood P.C., a boutique law firm that works with crypto companies, put it, “A lot of the securities laws, or the case law that surrounds securities laws, are really predicated on the existence of intermediaries and their activity. When you remove them, coming up with a cohesive framework that can stitch together a traditional and a decentralized world is quite difficult.”

Referring to how the SEC allegedly refused to explain to Coinbase how its Lend product was a security, Belton continued, “I think they’re unwilling to articulate a position is in part because they’re trying to resolve this tension, and if they do it the wrong way, is they’ll essentially give everyone a road map to not being regulated by the SEC.”

The SEC has traditionally overseen entities such as securities exchanges, brokerage firms, dealers, investment advisors and investment funds. Such entities are required to register with the SEC and adhere to laws that were passed in the 1930s.

DeFi is such a difficult space for the SEC because it poses the question of who to regulate, when software has replaced many of the entities that typically fall under its purview.

Chair Gensler has made it clear that he believes that the ways the SEC has traditionally regulated finance also apply to DeFi, and that the space is not actually decentralized. In a Q&A with The Washington Post earlier this week, he said, “I think that we have robust authorities at the Securities and Exchange Commission and we’re going to use them and continue,” although he later added, “there are gaps.”

However, there are different views on how well the existing decades-old laws apply to crypto. In fact, CFTC chairman Chris Giancarlo recently called for new regulations to address what he sees as a fundamentally different paradigm. In an interview with CoinDesk, he said, “It’s important for this new innovation that we don’t apply 90-year-old statutes …”

The cynical (and perhaps mainstream) view of why the crypto industry doesn’t believe these old laws apply to decentralized smart contracts is that the developers who create them just want to avoid regulation. While it’s likely that some subset may have that in mind, there’s another motivation that many entrepreneurs in the space mention: the problems of centralized business models.

One of the worst examples commonly brought up is the Equifax hack, which exposed the sensitive personal information of 148 million Americans such as their names, addresses, Social Security numbers and birthdates. As Mike Belshe, founder and CEO of BitGo, said on my podcast, Unchained, “We have seen Equifax leak all personnel data from all of their clients reporting credit information to them. I mean, these are huge, massive failures. Why do these things happen? So, unfortunately, to just take the rule that was created a long time ago — before we had this awareness around digital security — and apply it today, as if those risks don’t exist, I think it’s it’s a real misjustice to the people, if we don’t reevaluate kind of how we’re doing that and the risks.”

Belshe would instead be in favor of the decentralized model, which does not create so-called “honeypots” in which hackers can obtain data on millions of people after exploiting a single vulnerability.

But then that raises the question of how to regulate, if there’s no centralized entity that could fall under current regulations. He believes that blockchain forensics companies, which have software that can “analyze blockchain data and figure out who’s who,” as he puts it, and eventually track transactions to centralized exchanges that hook up to the traditional financial system and have their customers personal identifying information, is a method that both empowers regulators without re-creating the risks in the centralized system.

Another crypto entrepreneur, Dave Jevans of CipherTrace (disclosure: a previous sponsor of my shows), whose company works closely with regulators, agrees, saying in an Unchained podcast interview, “We think that a much more of a peer-to-peer type of model which will help contain privacy, contain breaches, make it more attack resilient, is a better model.”

However, given the way things are going, at the moment, it does not look like this is how things willo shake out in the near future. Belton says, “We’re starting to see a deep focus on exchanges and related intermediaries, and I’d expect toward end of this year or going into next, the [regulators] would shift into front end operation and development, and at that point, that would be where they get the three main actors they’re focused on for the next few years in my opinion.”

Given that next week is the end of the fiscal year for the SEC, before which the SEC has historically reached a lot of settlements of published enforcement actions, we may get a hint of whether he’s right very soon.

If you’re interested in more on this topic, check out my interview with Nik De, managing editor for global policy and regulation at CoinDesk, on these issues — out today!

Thanks for reading! If you like what you read, you can:

I’m a crypto journalist, host of the Unchained pod, and author of The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze.