Overview of cryptocurrency regulation and its impact on your business [Part 2/3]
This article is the second installment of a 3-part series on cryptocurrency regulation and its impact on businesses in the industry.
This series comes at a pivotal moment for the crypto-sector as over 200 jurisdictions who support the FATF’s standards will have to transpose its anti-money laundering (AML) and counter financing of terrorism (CFT) requirements into local law.
Part 1 of the research introduced the goals of legislation in crypto markets as well as the key challenges faced by regulators. Regulators take three broad approaches to achieve the aims outlined in the previous section. This article turns to review the common regulatory frameworks and their impact on businesses. By understanding these environments, crypto businesses can determine how best to respond.
Regulated Jurisdictions
To begin with, the most business-friendly environments are regulated frameworks where clear guidelines have been set out. Elliptic believes legislation to be an enabler of responsible growth which will push the industry to achieve higher standards and attract new users. The following section will review some of the most popular regulatory models.
Abu Dhabi’s regulator, ADGM, approached the crypto-sector by launching an international consultation with private entities that highlighted a demand for greater regulation. It then chose to release a bespoke regulatory framework for cryptoasset businesses.
This framework is made of a licencing regime called ‘Operating a Crypto Business’ (OCAB) with clear AML rules attached to it, highlighting the importance of a risk-based approach. The OCAB guidance outlines the need for cryptocurrency market intermediaries to have policies and procedures in place to identify the source or destination of funds. More to the point, the document states that licence holders have a duty to:
‘maintain lists of tainted wallet addresses and, […] utilise third-party services to help identify such addresses’.
Elliptic’s webinar with ADGM is a great resource to learn more about the regulators’ framework design process and to gain an insight into global trends in crypto regulation.
Another significant development that requires over 2 dozen jurisdictions to take action by January 2020 is the European Union’s 5th Anti-Money Laundering Directive (5AMLD).
This legislation brings much-needed clarity to the growing European crypto industry and it is an opportunity for the EU to lead in setting global standards. Especially as Europol estimates that around 4 billion dollars are laundered each year in Europe using cryptoassets.
The obliged entities are:
- ‘providers engaged in exchange services between virtual currencies and fiat currencies’ and
2. ‘custodian wallet providers’
Such businesses have to conduct customer due diligence and transaction monitoring as part of their AML/CFT processes. The scope has some limitations as it does not address novel models such as crypto-to-crypto exchanges.
However, the FATF’s June 2019 guidance touches upon these so it can be expected that European regulators go beyond the 5AMLD’s requirements. For example, France’s regulator, the AMF, has created an opt-in framework. For clarity, the AMF is the single point of contact for crypto-businesses.
While the obliged entities must register and demonstrate appropriate AML/CFT measures, in parallel the AMF has a compulsory registration regime for crypto-to-crypto exchanges or peer-to-peer exchanges. France’s regulator ensures that businesses who comply with this regime will have guaranteed access to traditional financial services. This echoes the FATF’s guidance indicating banks can no longer de-risk crypto by refusing to offer their services to cryptocurrency service providers.
Looking at the most vocal regulator from 2015 to 2018, the United States’ authorities have provided in-depth AML/CFT guidance to the industry. The Financial Crimes Enforcement Network’s (FinCEN) regulation has one of the broadest scopes in the industry and some of the toughest requirements.
Ahead of the FATF’s June guidance, the FinCEN reiterated in May 2019 that all crypto firms must have appropriate measures to implement the Funds Transfer and Funds Travel rule. The guidance clearly establishes that businesses must be able to
‘track and monitor the transaction history of a [cryptocurrency] through publicly visible ledgers’.
The document also states that any crypto service provider that interacts with US customers must comply with these regulations. For this reason, some businesses are setting their non-US customer operations in less restrictive jurisdictions. Recently, Circle announced that it was moving its non-US customer operations to Bermuda. While the jurisdictions’ 2018 Digital Assets Business Act outlines AML/CFT requirements that are in line with the FATF’s standards it also provides a bespoke and comprehensive framework that allows for innovation. Circle states that this will enable it to list new crypto-products for its non-US customers.
However, registering an entity in another jurisdiction will not be sufficient to satisfy US regulators if businesses have dealt with US customers in the past. Indeed, the FinCEN made clear that it will be enforcing its legislation retrospectively meaning businesses need to ensure rigorous compliance since the beginning of their operations.
A critical first step to understanding crypto risks and obligations is to carry out a risk assessment. Get in touch with Elliptic to assess your historical and current risk exposure.
Unregulated Environments
Turning to the majority of jurisdictions, cryptocurrencies remain unregulated. Arguably, these are the least attractive jurisdictions as they sustain risk and uncertainty in the private sector.
This is due to many regulators having a “wait and see” approach when it comes to releasing cryptocurrency guidance. Indeed, Elliptic’s Community team has found that many regulators wait for influential bodies such as the FATF or the US’s FinCEN to come forward with their frameworks before releasing legislation.
A recent example of the negative impact of the lack of regulatory guidelines can be seen with Koinex, a now-defunct Indian cryptocurrency exchange. A post from Koinex’s co-founder details how the lack of clarity from authorities harmed his business’ and employees’ relation with banks to an unsustainable degree.
On a more positive note, the FATF’s June 2019 guidance on Virtual Assets and Virtual Asset Service Providers has highlighted the need for regulators to implement the necessary provisions following a risk-based approach to meet its AML and CFT requirements.
In other words, over 200 jurisdictions who have committed to meeting the FATF’s standards will have to come forward with their compliance requirements for cryptocurrency businesses in the near future. Jurisdictions who fail to implement this guidance will risk being listed as a high-risk or monitored jurisdiction by the FATF.
However, Ellipitc’s head of community highlights that due to the pressure to act rapidly across multiple jurisdictions there will added complexity in the regulatory landscape. From a business’ standpoint, those who operate in jurisdictions where cryptocurrencies are unregulated can nonetheless take proactive measures to prevent money laundering and the financing of terrorism. This can help crypto-firms prepare for regulatory measures ahead of time while fostering a good relationship with authorities. Also, companies who embrace compliance are differentiated in the market and are seen as offering services which consumers can trust.
Further, while some regulators have not communicated their views on cryptocurrencies it is likely that their status is being discussed behind closed doors. Elliptic encourages businesses to reach out to regulators to obtain regulatory clarification and to participate fully in the policymaking process.
Also, striving to achieve best practice in risk mitigation using services such as those offered by Elliptic can influence the regulator’s view of the industry prior to releasing regulation. Self-regulation can shape regulatory responses by giving the industry’s actors more weight.
Ultimately, the industry’s maturity in approaching compliance-related matters can lead regulators to delegate their oversight powers to bodies embedded in the market. For example, the JVCEA, created by a group of Japanese exchanges, was authorised by the country’s Financial Services Agency to be the sole association responsible for the self-regulation of crypto-businesses.
In parallel, businesses struggling with uncertainty can proactively monitor regulations and enforcement on a global scale. Elliptic’s Professional Services and Community teams encourage businesses in unregulated jurisdictions to monitor local regulator’s advancements on cryptocurrencies. This can be done by reading publications from governmental and intergovernmental bodies to help gain a sense of what is expected and keep ahead of change. The FATF’s public mutual evaluation reports are a good place to start.
Bans
Lastly, the strictest approach that regulators are taking is banning the use of cryptocurrencies. Unsurprisingly, markets have reacted most negatively to news coming from regulators indicating an outright ban of cryptocurrencies.
While bans of cryptocurrencies can certainly relieve regulators from the ‘lengthy and detailed examinations’ such bans remain one of the biggest threats to the industry. Moreover bans only divert crypto-related commerce and trading to unregulated underground platforms favoring illicit uses. This further harms the credibility of the cryptocurrency ecosystem, restricts its potential and holds back efficiency gains from consumers.
Global Trends
While these local approaches affect businesses it is worth considering global regulatory trends and market reactions. From a cryptocurrency market perspective, news regarding the legal status of cryptocurrencies causes the strongest variations in price. In addition, the market reacts positively to the establishment of clear regulatory frameworks. Regarding firms, research has found that
’regulatory news also affects the number and the volume of transactions, the number of active addresses, and the profitability of mining’.
All of these factors impact crypto-businesses. The Elliptic Data team argues that in the long run there may be a tiering of crypto-funds and crypto-businesses. Interestingly, different funds from the same cryptocurrency could potentially have different values based on where they have been held making some “coins” more desirable than others.
This will impact the relations of crypto-firms with customers and traditional financial institutions based on the perceived quality of their funds. This emphasises the need for local regulators to provide measured and detailed guidance on cryptocurrencies.
On an intergovernmental level, in June 2019, the FATF provided guidance detailing its expectations of a risk-based approach to regulating virtual assets. Crypto service providers across the industry have raised the Travel Rule (recommendation 16) as being a major technical hurdle — not to mention the data privacy-related issues.
However, this guidance also highlights the need for cryptocurrency businesses to have appropriate transaction monitoring solutions, such as Elliptic’s tools. Elliptic welcomes this approach and looks forward to seeing local regulators transpose this guidance. Make sure to read our detailed advisory on the FATF’s guidance.
Learnings for the Future
There are numerous lessons to be taken from local, intergovernmental and private sectors’ initiatives in crypto-compliance. This section considers some learnings for the future of the industry and how it can bridge the gap with traditional finance.
It is clear that moving forward the industry would benefit greatly from increased cooperation between the public and the private sectors as well as international regulatory harmonisation. Elliptic continues to play an important role in connecting the private and public sectors. Examples of past community engagements include coordinating responses to consultations, holding events with private and public bodies and speaking directly with regulators. This enables Elliptic to shape its services to address both the private and public sectors’ concerns. You can learn more about our vision and community engagements in our article.
Further, regulation is a key enabler for the industry which will create interest, confidence, and trust. On the one hand, businesses struggle with countless regulatory approaches and the different speeds at which authorities move. On the other hand, Elliptic’s Community team remarks regulators often cite the plethora of industry groups as being an issue. Although working groups are good initiatives to engage with regulators, authorities find it hard to discern a single coherent message.
Elliptic is confident that this will change as businesses mature and relationships develop. As an example, we see a trend with the cryptocurrency space gradually creating linkages with traditional finance. This is consistent with the FATF’s June 2019 guidance indicating that banks should not de-risk the virtual asset sector by refusing to provide banking services. Also, investment firms and banks are entering the market. Indeed, traditional financial institutions are issuing their own coins, accepting crypto-business as customers or investing in cryptocurrencies.
Elliptic also provides services to banks helping them understand and manage their cryptocurrency risk exposure. This is an essential step in bridging the gap between traditional finance and the crypto industry.
This article is for general information purposes only. Whilst we endeavour to ensure that the information in this article is correct, no warranty, expressed or implied, is given as to its accuracy and we do not accept any liability for error or omission.
