Canada’s Regulatory Guidance for Cryptocurrency Exchanges
A Good Thing for Users and Non-Custodial Exchanges
Two months ago, the Canadian Securities Administrators (CSA) — the collective of Canada’s provincial securities regulators — issued CSA Staff Notice 21–327, Guidance on the Application of Securities Legislation to Entities Facilitating the Trading of Crypto Assets.
The guidance lays out the CSA’s interpretation of whether cryptocurrency exchanges are subject to securities legislation.
If you are a cryptocurrency exchange operating in Canada or serving Canadian users, you are likely subject to Canadian securities legislation. This applies to your ‘typical’ cryptocurrency exchange (otherwise known as a custodial or centralized cryptocurrency exchange). Empowering users with full control of their own assets throughout and after the trade lifecycle (as is done by a non-custodial or decentralized exchange (DEX)) may be the only way to not be subject to securities legislation.
Below I summarize the guidance, then go into what it may mean for exchanges, users, and the cryptocurrency industry at large. I also address why the reactions of some custodial exchanges that are pushing back may not be taking into consideration the realities and benefits of non-custodial exchange technology. I present how the state-of-the-art non-custodial exchange technology is exactly what the CSA is describing and seeking in a safe system, and by extension, a great example of how public blockchains can be regulator friendly if applications atop are designed to be as such.
Table of Contents
- Summary of the Guidance
- What It Means For Exchanges, Users & The Industry
- Debunking Claims Against Non-Custodial Exchanges
- Closing Thoughts
1. Summary of the Guidance
- Even if an exchange has no securities on their platform — i.e., the assets supported are clear non-securities and non-derivatives, like bitcoin and ether (which are broadly viewed as digital commodities) — the exchange may still be subject to securities legislation because;
- The nature of the platform — “how trading occurs” thereon — may mean that an underlying non-security becomes a derivative because the exchange is not actually giving the asset to a user, but only agreeing to deliver the thing at some later point, and thus “the user’s contractual right to the crypto asset may itself constitute a derivative.” They continue, “some Platforms are merely providing their users with a contractual right or claim to an underlying crypto asset, rather than immediately delivering the crypto asset to its users.”
- The thrust of the note is that immediate delivery is the distinguishing factor, and essentially comes down to if the contract/instrument creates an obligation on the Platform to immediately transfer ownership, possession and control of the cryptoasset to the Platform’s user. I.e., is the exchange settling the cryptoasset to a user-controlled wallet.
- If this immediate delivery occurs, then users would not be faced with insolvency risk, fraud risk, performance risk or proficiency risk on the part of the Platform, and thus the platform would generally not be subject to securities laws. If immediate delivery does not occur, the platform is likely subject to securities laws.
Protecting users from the above-mentioned risks is ultimately what this guidance aims to achieve since the CSA mandate includes protecting Canadian investors from improper or fraudulent practices and fostering fair capital markets. And to be frank, it wants to avoid another QuadrigaCX disaster, and Einstein smaller disaster, which has permanently tainted crypto exchanges in the country and account for having lost/stolen hundreds of millions of dollars worth of cryptoassets from retail users.
A Bit More Colour
The CSA has done its homework and dives into the nuances of how cryptoassets are typically traded & settled on exchanges today. They describe that the centralized exchange status quo does not confer true ownership of the asset to users, but instead just shifts the assets around the platform’s internal ledger, crediting users’ accounts with changing balances.
Note: when you trade cryptocurrencies on a centralized exchange (CEX), the exchange does not actually transfer the currency to a user’s wallet — a wallet being the home to a user’s assets on a blockchain. Rather, a trade is just an entry made in the CEX’s internal database. To actually get their assets off the exchange and into their own control, a further withdrawal request by the user would be needed at some later point.
In its closing remarks, the staff states,
“In our view, a mere book entry does not constitute delivery, because of the ongoing reliance and dependence of the user on the Platform in order to eventually receive the crypto asset when requested.”
A user needing to request — connoting a later time and required action — for their assets to be placed in their own control is a problem in the CSA’s view, because it is in this period of protracted reliance that significant dangers may lurk.
Conversely, on what is deemed to be immediate delivery, the guidance asserts that there must be an obligation to transfer the cryptoasset to a user-controlled wallet. Specifically, they include the following points (among others) for what must be satisfied to not be subject to securities legislation:
- the terms of the transaction require that the entire quantity of bitcoin purchased from the Platform or counterparty seller be immediately transferred to a wallet that is in the sole control of the user, and the transfer is immediately reflected on the Bitcoin blockchain;
- the sale or purchase of bitcoin is not merely evidenced by an internal ledger or book entry that debits the seller’s account with the Platform and credits the crypto assets to the user’s account with the Platform, but rather, there is a transfer of the bitcoin to the user’s wallet;
- the Platform or counterparty seller retains no ownership, possession or control over the transferred bitcoin.
You can (presumably) replace ‘bitcoin’ with ‘ether’ here, or other cryptocurrencies that have achieved commodity status (which may not be very many as of now).
For good measure, I include their exact interpretation of immediate delivery:
2. What It Means For Exchanges, Users & The Industry
Please note I am not a lawyer; this is just my personal opinion. Also note my interests are inherently aligned with Loopring, the leading protocol, and provider of scalable non-custodial exchange technology on Ethereum. We build for a world where digital assets trade without third-party custody or settlement risks, ever — guaranteed by cryptography.
It means business is going to be harder for cryptocurrency exchanges in Canada, or those serving Canadian customers, because they now may be subject to a much more stringent set of laws — those covering securities.
Subjecting these platforms to securities legislation will place a heavier and more costly burden on these businesses — likely heavy enough to make the smaller operations buckle and close. Larger operations will have to shape up and bulk up their legal and compliance teams, and seek registration as securities businesses if they are not already in the process.
The way I see it, the options for a Canadian cryptocurrency exchange are:
- register as a securities dealer
- adapt and adopt non-custodial exchange technology
- exit Canadian market / stop serving Canadian customers
- close down
Option 1 involves a substantial cost in human resources (robust compliance processes and personnel), capital (registration fees, legal fees), time (the involved process of registration). Even then, I do believe there are no guarantees of an exchange’s success in registering. If they do succeed, the above costs are not just one-off initial costs, but apply to maintain the compliance framework and requisite behaviour.
Option 2 involves integrating a non-custodial exchange protocol or capability into an exchange’s stack. Such technology uses the underlying blockchain for settlement, so no need for a user to entrust their assets to the exchange’s custody. Just as prescribed by the CSA, it uses the distributed ledger, not the internal one. This technology is beginning to mature and flourish, and actually has many other benefits besides, you know, staying in business. One benefit is that an exchange’s operations will likely be a lot less expensive & intensive than they were in the first place — even before considering the extra costs of securities registration. This is because the assets that were once secured internally with a big team of security & DevOps engineers are now secured by a public blockchain & cryptography! An exchange company can be leaner while being much more secure. Further, this technology is often free and open source. In the case of Loopring, it is an open protocol on Ethereum that any team or company can build on. An exchange can basically outsource their security and settlement needs — likely among the biggest resource drains on the business — and focus on user acquisition and growth. Loopring.io is an example of a non-custodial exchange built atop the protocol.
Option 3 involves switching your operations and perhaps corporate structure, and neglecting the Canadian market and users. While small in a global context (a few percents of users perhaps?), this could hurt exchanges who focus exclusively or mostly on Canadians.
Option 4 speaks for itself.
Aside from these options for existing exchanges, it will also dissuade new exchanges from popping up, or at least the less serious, scrupulous or resourced ones. On the other hand, it may encourage new exchanges with superior & secure technology to launch, as we will see at the end of this post.
Users will enjoy a level of autonomy and control over their cryptoassets that precludes the possibility of platforms losing them, stealing them, getting hacked, or anything — period.
A notably nefarious aspect of cryptocurrency exchange mishaps/mischief is that the fault is often not attributable. An ‘external hack’ that drains funds can easily be the CEO or rogue employee filling up their personal piggy bank. Or an ‘honest’ case of lost keys can, in reality, be outright theft. There is, of course, the potential for a well-intentioned exchange to simply make a mistake, but the end result is the same: users’ assets are gone.
There are counterpoints explaining why custody of user assets on and by an exchange is actually a good thing. In fact, prior to this guidance, the CSA in conjunction with the Investment Industry Regulatory Organization of Canada (IIROC) issued a Consultation Paper 21–402, which sought comments from the industry. All of the comment letters in response to that can be found here.
Unsurprisingly, many exchanges responded that the proposed framework is an overreach, and that the described trading dynamics should have nothing to do with securities laws. Some of their points have merit. I won’t get into the technical and legalistic complaints/comments, which effectively expound on what is and isn’t a derivative, etc. I will, however, respond to a few of the concerns they repeatedly raise which I feel are out of touch, or at least out of date.
Namely, incumbent custodial exchanges claim that:
- non-custodial exchanges are inconvenient for users due to wallets
- settling trades on-chain is too slow and expensive
Taken together, they claim that non-custodial exchanges are at best non-user-friendly, and at worst non-usable. But both these claims are false.
In the next section, I refute these claims by offering evidence to the contrary, and in so doing, describe where lies the cutting edge of non-custodial exchange technology.
3. Debunking Claims Against Non-Custodial Exchanges
Before continuing, it’s important to consider that when I refer to non-custodial exchanges, I am not necessarily referring to ‘full-on’ DEXs (decentralized exchanges). This distinction is the topic for another post, but suffice to say that you can think of non-custodial exchanges (sometimes referred to as self-custodial exchanges) as the ‘typical’ exchanges we know today & describe above, except with asset custody 100% detached from the exchange and in the control of the respective user at all times.
A DEX on the other hand (the way purists mean it), is the non-custodial component, plus the extra guarantees of permissionlessness and censorship resistance — ensuring that no user can be turned away, trades censored, frontrun, KYC’d, etc. So while a DEX must be non-custodial, a non-custodial exchange needn’t necessarily be a ‘full’ DEX.
Non-custodial exchanges can (and many do) follow a perfectly regulatory compliant path, and are likely to be a great friend and tool for regulators — for the reasons of risk elimination outlined in the guidance.
For the remainder of the post, I will refer to non-custodial exchanges as NCEs for brevity. I mainly use NCE from here on instead of DEX, because this article is concerned with custody, not the other properties of a DEX. Note: a protocol like Loopring lends itself for DEX-building, but can also be used for ‘just’ NCE-building — for instance, a company building on it can decide to institute KYC.
False claim 1: (in)convenience
The most persistent rebuke put forth by custodial exchanges is that users often do not want to maintain custody of their own assets, and/or do not know how to manage their own private keys and blockchain wallets.
Exchanges assert that exchanges themselves — if properly run — are much more capable to do it for them. They further state that besides the security risks users present to themselves, it is simply more convenient to leave assets on an exchange platform, ready to be logged into with a username and password, and ready to be traded.
Coinsquare states in their comment letter:
“The main benefit to participants of storing their crypto-assets on a Platform is that they do not have to manage their own wallet, which would require them to be responsible for storing their own private keys. We believe that the tendency for participants to keep assets on a Platform is rooted in convenience…”
I agree with this argument’s logic for a subset of users — it’s true that an average user who doesn’t practice good private key protection can easily and accidentally lose access to their assets, or have them stolen. But it wholly neglects to consider how NCEs — and tools that sit adjacent to them, such as wallets — have evolved and begun to cater to the ‘normal’ users who prefer legacy style platforms. It’s amusing to learn that these NCEs and tools could now, in actuality, offer much greater convenience than their custodial counterparts.
To be specific, the comments from exchanges neglect, willingly or not:
- NCEs on Ethereum have the ability to present traditional style onboarding and convenience to users who want it. You can attach a wallet to your name/email & password, and use these credentials to access the exchange. And all the while, you maintain full custody of your assets. Dolomite, an exchange built on Loopring (v2, a prior version), explains how they offer this convenience. This design pattern completely overcomes the challenges and criticisms purported by the custodial exchanges. Wallet providers like Fortmatic and Portis similarly offer the convenience of easy (legacy-style) onboarding to applications as well.
- Forgetting exchanges for a moment, wallets themselves have grown and matured tremendously, and actually offer an improvement to UX vs traditional systems. Gone are the days when a 12-word seed phrase is the only recourse for a user to regain access to their funds. So-called smart contract wallets are just about the most convenient and friendly experiences you can ask for. In many cases, developers could completely abstract away the crypto-ness. For example, making use of ‘social recovery’, a complete neophyte can create their wallet on a mobile app, and name 2 friends, 1 family member, and 1 professional service (anyone really) as their ‘guardians’. In the event the user loses access to their wallet, they can effectuate some pre-set recovery scheme which may require 2-of-4 (or some m-of-n) of these guardians to ‘flip the switch’ to recover the funds. The processes can get very creative and useful, such as adding in delay periods, ‘deadman switches’, and daily limits. Argent and Gnosis Safe are two such examples of smart contract wallets.
As you may glean from the above, convenience is actually enhanced on NCEs. In fact, the possible configurations for a user’s NCE experience lie on a spectrum between security and convenience. Even the user who opts to stay on the convenient extreme will still enjoy much more security and accountability than they’ve experienced on custodial exchanges. Ignoring this fact in their cries of inconvenience, custodial exchanges are either wilfully ignoring this threatening advance, or are blissfully unaware of the state of the art.
Before moving on to the next point, it is worth stressing that besides the user-driven choice of security vs convenience, perhaps the greatest overarching theme in the world of NCEs is choice in general.
With assets in their own control and custody, users are empowered to choose and switch platforms according to their changing needs and experiences, and to whomever is delighting them the most. There is no longer any vendor lock-in problem. User’s are not rigidly stuck to a platform. While this flexibility is not ideal for custodial exchanges trying to build their moat with AUM-style defensibility, it is great for users, market competitiveness, and for the CSA and regulators who seek to protect users.
And speaking of choice, let’s take this full circle and make the custodial exchanges a little bit happy: if a user wishes (and regulatory permissible), they can actually keep their assets custodied with their exchange!
The crucial idea is that users have the choice to custody assets themselves — on whichever wallet they see fit — or with the exchange, or some other third-party (whom they may find more reputable, regulated, or competent).
The trading platform and custody provider should not be a mandatory package deal. That’s not how it works in traditional finance, and with the tools available in the blockchain arena, it certainly should not be how it works in a new or decentralized finance. So if a user wishes, they can go to (fictitious) Matthewsexchange.com as their preferred trading venue — because they like the assets, liquidity, and UI — but have their assets custodied on their smart contract wallet, hardware wallet, or with (fictitious) Trustworthy Custodians R Us Inc., who plug in their account to the venue. It is all modular and more convenient and secure for users.
False claim 2: too slow & expensive
Historically, the bane to DEX existence has been speed — more commonly discussed as scalability. The common wisdom has been DEXs cannot scale. However, scalability research and development is one of the most exciting areas of innovation in the space, and where Loopring builds and focuses its solutions.
Trading on an NCE or DEX means trading (settling) on the underlying blockchain. Thus, it is only as fast as the underlying ledger produces blocks, but often even slower, as there is no guarantee you will be in the next block, or how many trades you can fit in one block, etc. This is measured as a blockchain’s throughput; how many transactions can it settle in a period of time (transactions per second, TPS). In the context of exchange, how many trades per second.
An NCE has faced similar tradeoffs to the blockchain itself: to achieve interesting decentralized and self-custodial properties, you gave up speed. And in my opinion, just as the most interesting blockchains such as Ethereum choose true decentralization, permissionlessness, and censorship resistance over incremental throughput gains, so too must a compelling NCE.
Anyone can be fast; it’s about being fast without compromising the ideals & unique capabilities we are all here for.
Below is a brief overview of the generations of orderbook DEX tech so you can understand the picture:
- The first approach was to build a DEX fully on-chain, where everything — placing an order, canceling an order, matching an order — required an on-chain transaction. This was slow and expensive, as Ethereum can only settle about 15 TPS. A DEX could achieve about 1–2 TPS in this way.
- The next DEX design, which has been around for a few years, has been a ‘hybrid’ approach: doing as much as possible off-chain, and only do the mission-critical steps on-chain. This means placing, hosting & matching orders off-chain, and submitting a matched trade onto Ethereum for settlement. The off-chain part is kept kosher by ensuring proper cryptographic signatures accompany every order. The protocol can only execute this order and cannot mess around. A DEX could achieve about 2–3 TPS in this way.
- The next and newest type takes the hybrid design philosophy to its logical and extreme conclusion: do absolutely everything off-chain, including settlement. It proves the validity of execution using Zero-Knowledge Proofs (ZKPs), and submits only a small proof on-chain. Specifically, it compiles a batch of trades, executes them, proves they are correct using the strong cryptographic guarantees of ZKPs, and submits a small proof — a thumbprint of its veracity — to Ethereum. The ZKPs (a cryptography discipline around since the ‘80s) act as a verifiable computation engine: outputting something that is either true or false — the actions either conform to the trading protocol or not — no messing around possible. This construction is called a Zero-Knowledge Rollup (zkRollup), which is a type of Layer 2 scaling solution (referring to the fact scaling happens ‘one layer above’ the base chain; Layer 1 being Ethereum here). The first live implementation of this is Loopring’s latest protocol version, which can currently achieve 2,025 TPS.
That is worth repeating: technology exists today for scaling NCE or DEX throughput on Ethereum by a factor of 1000. This level of throughput is more than enough for any cryptoasset exchange currently operating — custodial or not. And this is achieved without any security sacrifice at all: Loopring inherits 100% Ethereum-level security guarantees, so user assets are always in their own control.
Thus, the tradeoff between speed and security has been solved. This is not hyperbole: Loopring.io is an example of a live exchange anyone can use right now, built on their zkRollup protocol.
The astute reader may realize that the corollary of higher TPS means lower cost per settlement. In Loopring’s case, that cost can be $0.000124 per trade (USD), or 1 million trades for $124. Prior versions were nearly 1000x more expensive. This improvement is because the cost of one trade is amortized with others in the batch. It’s the same logic as if renting a bus for a road trip: the cost per person of renting it would be reduced if we can get more people on the bus to split it. (The bus’ fuel cost may increment slightly higher with each person’s weight, but the fixed rental/driver cost is the bulk of it).
Thus, as mentioned earlier, NCE tech is actually a cost saving technology for exchange owners and operators. Paying only ten-thousandths of a cent to settle trades on a secure ledger means they have plenty of profit margin on the trading fees they charge users. For example, on a $1000 trade with a 0.25% trading fee, an exchange would earn $2.5, and pay only ~$0.000124 in settlement cost. 99.9% gross margins sound pretty nice. And recall, this means requiring less overhead in security personnel, compliance personnel, registration licences, etc., as an exchange never actually touches user assets.
It’s important to consider that not all Layer 2 scaling solutions are created equal: the two layers can be tethered to each other in different ways — some loose, some strict, and some tradeoff security in their pursuit of high-performance. Thus, it’s crucial for users and regulators to be educated on the nuances of NCE tech. Loopring’s zkRollup, for instance, takes the most secure path at every decision point, relying only on proven ZKP cryptography that predates blockchain-mania, and on Ethereum, the most secure smart contract platform.
Interestingly, and somewhat obviously, normal custodial exchanges are also doing everything off-chain. Problem is, it is literally everything, and it never gets tied back to the chain in any faithful way. Off-chain in their case is just their internal database, which they can tamper with as they wish. In some respect, blockchain is a complete afterthought — the digit in a user’s balance could just as easily be a barrel of grain as it can be a bitcoin.
Custodial exchanges claim complete off-chain operation is needed for a viable user experience. From a comment letter from Bitvo (a Canadian exchange) to the CSA and IIROC:
“By requiring actual delivery of crypto assets on completion of each trade without the off-chain option, this would create logistical challenges, timing delays and increased costs as it relates to cryptocurrency-to-cryptocurrency trades…”
There is nothing inherently wrong with off-chain, but that doesn’t mean users need to grant exchange owners complete and arbitrary control of their assets. The difference in how Ethereum and Loopring use the term off-chain is that it implies it is attached to the chain in significant ways: there are cryptographic guarantees, or in other designs, game-theoretic guarantees. With much R&D, these off-chain solutions have become trustless to empower users. And with 2,025 TPS, and a settlement cost of ~$0.0001 per trade, there is no longer any validity in saying that trading on NCEs is too slow and expensive.
So the next time you see a statement such as the following, you can handily refute it. As Coinsquare continued in their comment letter referred to above:
“We believe that the tendency for participants to keep assets on a Platform is rooted in convenience, particularly for frequent traders that are impacted by high confirmation times and mining/transaction fees associated with “on-chain” transactions and for participants who lack the technological savvy.”
These statements are no longer correct. High speed and low cost — aka high-performance — is available today on DEXs. Thousands of trades can settle instantly, and for fractions of a penny, and in a way that makes it impossible for exchange owners to cheat or steal from users.
One caveat is that basically all the above relates to trading on Ethereum, with Ethereum-based assets only. To support ‘cross-chain’ trading — where you trade assets or coins that are on separate chains, such as BTC or ZEC — the above technology doesn’t hold by itself. Solutions are required which port over the assets to Ethereum. The good news is several such solutions are live or in progress, such as WBTC or tBTC. Moreover, as a counter to the caveat, it should be noted that the vast majority of non-native chain tokens do in fact currently live on Ethereum, following the ERC20 standard.
Canada has been home to several of the highest-profile cryptocurrency exchange mishaps and mischief. Users have had hundreds of millions of dollars stolen, and the provincial regulators are now intent on enforcing the protections for which they exist. One more major setback may risk the industry being relegated to banishment, not only in courts, but more importantly in the minds of millions of potential users.
Thus, the CSA has put forth relatively rigorous guidance in comparison to the status quo in the nascent industry, and to what participants may have expected. However, the CSA guidance benefits from what blockchain technology is explicitly suited for: the transfer of digital assets that live on these ledgers.
It has always made little sense that trading of these assets happens predominantly on legacy-style databases where they are but a human entry, instead of on their native, tamper-proof rails. At the same time, it did make sense given that traders demanded a better experience in terms of speed & cost, and were willing to give up the ideological underpinnings — as well their asset custody — in the name of performance and a better experience. Now, however, there is simply no need to make that tradeoff.
The CSA rightly realizes that blockchain trading technology has matured, and feels able to hold the industry to a high standard. I find this impressive on their part, and believe users are undoubtedly the primary beneficiary of this guidance. We need to recall that these cryptoassets are bearer instruments — if you don’t have them (if you don’t directly control the private key), then you really don’t have them. It is simply too easy for exchange owners to misbehave and act maliciously — and without attribution — or for them to make grave mistakes in earnest.
This asset class and parallel financial system is undefined by our current framework and is an especially slippery slope. It requires a choice between two reasonable paradigms: become regulated as securities exchanges to protect users, or use technology to empower users to protect themselves.
They are not commanding all cryptocurrency exchanges to register as security exchanges; they proffer the ability for an exchange to use the technology that undergirds the entire industry itself.
Thus, exchange owners have two very viable paths: either shape up in the existing regulatory regime, or use the cryptographically secure ledgers to disallow the platform from acting against users. Any exchange owner complaining about these two options may not properly appreciate their duty to users, or the allure and consequent threat of the honey pots they house.
As it stands today, it is perfectly possible to build a non-custodial exchange that replicates (and improves upon) the experience, convenience, and performance of a custodial exchange. Immediate delivery — and an inability to break optimal behaviour — is now table stakes, not an unattainable goal.
It is unsurprising that incumbent custodial exchanges would challenge this reality and this guidance, as it threatens their headstarts and way of doing business. But for users and regulators alike, it is increasingly clear: blockchain-based assets should be settled on the blockchain, and if not, then only by companies committed and held to the highest standards.
Enforcing good behaviour by technology means less reliance on regulators; enforcing good behaviour by securities legislation means less reliance on technology. Either way, good behaviour and user sovereignty and safety must be the guiding light.