VoxEU Column Financial Markets Financial Regulation and Banking Monetary Policy

Crypto and regulation: I can’t live with you, but I can’t live without you

Claudia Biancotti
/

25 Aug 2022

In the spring of 2022, idiosyncratic weaknesses and adverse macro conditions combined to precipitate a major crisis in the crypto industry. But that crisis offered opportunity as well. This column depicts the crypto world at a turning point. If regulators and the industry cooperate, and bring order to many jurisdictions in the sector, crypto outfits will be free to focus on innovation rather than speculation. Still, roadblocks to constructive compromise abound – from anonymity issues and censorship resistance to tokens that embed no legal claims on any entity.

Claudia Biancotti

Research advisor to the Head of IT Bank Of Italy

In November 2021, the overall market capitalisation of cryptoassets surpassed $2.9 trillion. In August 2022, it was down to $1.2 trillion.¹ This dramatic fall partly tracked a general risk-off pattern driven by rising inflation, tighter monetary policy, and recession fears.² The rest was down to long-standing weaknesses of the sector, no longer concealed by inflows of fresh money.

Fraudulent practices, mismanagement of risk, and inadequate governance strategies precipitated the failure of largish projects and outfits, including the TerraUSD algorithmic stablecoin³ (Landau 2022, d’Avernas et al. 2022), centralised crypto lender Celsius, and crypto investment fund Three Arrows Capital. As trust in the ecosystem waned, major tokens such as bitcoin and ether shed more than half their value. While the worst part of the contagion appears to be over,⁴ asset prices have not recovered and investment in the space is slowing down.

So, is this the end of crypto, as prophesised many times before?⁵ It does not need to be, provided that regulators and the industry find a way to work together (Biancotti 2022).

A chance to rebuild in an orderly environment…

The washout of bad actors and the bursting of financial bubbles affords the crypto industry an opportunity to focus on amending its mistakes and building better technology, without distractions from overblown yields. This is the time for self-discipline and a sharper focus on security, decentralisation (Aramonte et al. 2021), and scalability. Many interesting experiments are already underway. The most striking example is perhaps that of so-called Layer 2s, infrastructural scaling solutions that improve the speed and reduce the cost of blockchain-based transactions (Ethereum.org 2022). Other rapid-growth areas range from research on privacy preserving cryptographic proofs of identity (Ante et al. 2022) to consumer products such as non-fungible tokens (NFTs) in the arts and entertainment markets.⁶

At the same time, the crypto ecosystem is finally going to be regulated in a comprehensive way in many jurisdictions, with international institutions such as the Financial Stability Board providing a forum for coordination (FSB 2022). The EU is at the most advanced stage, with the Markets in Crypto Asset Regulation (MiCAR) expected to come into force within the year (European Commission 2020).⁷ In the US, a presidential Executive Order in May 2022 mandated several agencies to explore a number of regulatory issues and report back within six months (the White House 2022). The UK announced in April that a regulatory package was coming, part of an effort to make the country a hub for the industry (Her Majesty’s Treasury of the United Kingdom 2022). Other countries, such as Japan, Canada, Australia, and South Korea, are deploying crypto laws in a similar spirit.⁸

Innovation and legal certainty may be the twin foundations upon which crypto flourishes. To achieve the goals envisioned by its advocates – enhanced cyber security across the digital world, effective protection of property rights, product and process innovation in finance and other sectors, rebalancing of power between providers and users of digital services with the so-called Web3 model, creation of opportunities for disadvantaged groups, and more – an important and challenging condition must be met. Regulators and the industry need to cooperate constructively and creatively, so that laws are not outpaced by technology or circumvented by players in bad faith. This is not going to be easy; at least, not all the time.

…but can we set our differences aside?

There are several potential roadblocks in the dialogue between regulators and the private sector. Assets traded in traditional financial markets represent claims on definite entities, and/or embed certain legal rights. This is not always the case in crypto markets, which may create a problem of regulatory perimeter. A part of crypto’s value proposition remains tied to systems that allow for participant anonymity while providing censorship resistance, i.e. the technical impossibility of blocking any transaction on a permissionless blockchain. Crypto developers generally prefer a higher degree of decentralisation and automation to a lower degree. Some even see the lack of rules as a gateway to financial inclusion and social mobility. These traits do not sit well with formal legal frameworks.

A degree of compromise can be reached on many facets of these issues, especially if regulatory sandboxes and innovation hubs are leveraged to their full potential. In those protected spaces, already active in many jurisdictions, authorities and the industry can learn each other’s language, and conjure solutions that preserve the rule of law without drastic departures from the crypto ethos. For example, decentralisation does not necessarily mean lack of legal accountability. While some crypto actors are keen on ‘non-governance’ – the complete and immutable automation of protocols – in real life most decentralised projects are ultimately governed by someone, such as the members of a decentralised autonomous organisation (DAO). Legislating DAOs and similar arrangements may be the key to balancing relevant interests in this domain.⁹ This would also provide more clarity on the legal claims embedded in some tokens.¹⁰

Anonymity raises thornier issues, yet solutions can still be found if both sides are willing to cede some ground. For example, regulators could encourage the use of identification technologies that reduce information leaks to a minimum. Such technologies would allow for the anonymity of interested parties vis-à-vis anyone but authorities – no need to provide personal information to exchanges or any other company. Other solutions could build on suggestions from the industry, such as the recent proposal of soulbound tokens (Weyl et al. 2022), or non-transferable NFTs that contain verifiable information about a single individual.

Censorship resistance is the toughest problem to crack. It is an essential correlate of trustlessness, one of the key aims of crypto at the time of its inception. Bitcoin was originally born to enable secure transactions between peers, without any need to rely on a trusted intermediary. Transaction integrity was to be guaranteed by a transparent algorithm alone, so that any abuse could be ruled out. Enabling any third entity to interfere with transactions deeply undermines this concept. On the other hand, full-fledged censorship resistance prevents nation states from controlling access to financial infrastructure for domestic and external power projection, an essential prerogative even in the most liberal of jurisdictions (Baldwin 2020).

This issue is increasingly in the public eye. In the Summer of 2022, the US Office of Foreign Assets Control (OFAC) placed sanctions on a set of smart contracts that diminish the traceability of some cryptoassets. North Korean hackers and other criminals had used the contracts to launder illicit funds (US Department of the Treasury 2022). This was an unprecedented move, as sanctions are generally directed at named individuals or companies, not at autonomous code. The sanctions are a very powerful instrument, exposing anyone who interacts with the code to the risk of decades-long imprisonment. OFAC’s decision opened a fierce debate that carries echoes of the encryption wars fought in US courts in the 1990s.

There is a dearth of soft options to address the downsides of censorship resistance. Regulators could upload their own smart contracts to popular blockchains, aimed at tracking suspicious operations, but this approach is not equivalent to being able to block a transaction. It is a choice that preserves the integrity of the ecosystem, at the cost of slow, ex post trudges through blockchain forensics labs and the courts in case anything untoward is found.

One alternative would demand that developers embed certain controls in protocols, when the chain is at the still-centralised nascent stage, the way some addresses are already blacklisted on a voluntary basis by many protocol founders. When and if the chain becomes entirely decentralised, the updating of controls would have to be done directly by authorities, but the actions allowed to them could be constrained from the beginning in a transparent way to prevent abuse.¹¹ This would allow for faster enforcement of regulation, but would be profoundly at odds with crypto values.

References

d’Avernas, A, V Maurin and Q Vandeweyer (2022), “Can Stablecoins Be Stable?”, Swedish House of Finance Working Paper.

Ante, L, C Fischer and E Strehle (2022), “A bibliometric review of research on digital identity: Research streams, influential works and future research paths”, Journal of Manufacturing Systems 62: 523–538.

Abelson, H, R Anderson, S M Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, M Green, S Landau, P G Neumann, R L Rivest, J I Schiller, B Schneier, M A Specter and D J Weitzner (2015), Keys Under Doormat: Mandating Insecurity by Requiring Government Access to All Data and Communications, MIT Press.

Aramonte, S, W Huang and A Schrimf (2021), “DeFi Risks and the Decentralization Illusion”, BIS Quarterly Review, December.

Baldwin, D A (2020), Economic Statecraft: New Edition, Princeton University Press.

Biancotti, C (2022), “What’s Next for Crypto?”, Bank of Italy Occasional Papers, forthcoming.

Didisheim, A, S Kassibrakis and L Somoza (2022), “The End of the Crypto Diversification Myth”, VoxEU.org, 21 July.

Ethereum.org (2022), Ethereum for Everyone – Scaling Ethereum without Compromising on Security or Decentralization.

European Commission (2020), Digital Finance Package.

Financial Stability Board (2022), FSB Statement on International Regulation and Supervision of Crypto-Asset Activities, 11 July.

Her Majesty’s Treasury of the United Kingdom (2022), “Government sets out plan to make UK a global cryptoasset technology hub”, 4 April.

Landau, J P (2022), “Crypto Currencies and Digital Money: Tacking Stock”, VoxEU.org, 27 June.

OECD (2022), “Institutionalisation of Crypto-Assets and DeFi-TradFi interconnectedness”, OECD Business and Finance Policy Papers, 19 May.

The White House (2022), “Executive Order on Ensuring the Responsible Development of Digital Assets”, 06 March.

United States Department of the Treasury (2022), “U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash”, 08 August.

Weyl, E G, P Ohlhaver and V Buterin (2022), “Decentralized Society: Finding Web3’s Soul”, SSRN, 11 May.

Footnotes

Source: coinmarketcap.com, as of 16 August 2022.
For an analysis of price correlation between cryptoassets and tech stocks, see Didisheim et al. (2022).
An algorithmic stablecoin is a token expected to maintain a fixed price (typically, one US dollar) without embodying any claim to redemption in fiat money. Rather, holders can redeem it against other crypto tokens, and stabilisation is supposed to come from arbitrage mechanisms within crypto markets. The large majority of algorithmic stablecoins have eventually de-pegged, sometimes because of hacks, but mostly as their stabilisation mechanisms failed to withstand sell pressure.
Despite increasing interconnection with the traditional financial system (OECD 2022), the crisis did not expand beyond the crypto world.
https://www.bitcoinisdead.org/
For an in-depth analysis of these and other topics, the reader can refer to white papers for individual projects and podcasts such as Bankless, The Defiant, Web3 with a16z, Unchained, Empire, The Breakdown, Overpriced JPEGs, and The Delphi Podcast.
MiCAR is part of a broader package, which also includes a new cybersecurity law applicable to all providers of financial services and a statute establishing a pilot regime for securities trading powered by distributed ledger technology (DLT).
Departing from this trend, China opted for a blanket ban of what was once a very vibrant crypto scene – although data suggest that some mining and trading outfits are still operating. Similar bans exist in Algeria, Bangladesh, Egypt, Iraq, Morocco, Nepal, Qatar, and Tunisia. In another 15 to 20 countries, mostly in Africa and the Middle East, crypto is not illegal but the restrictions on use cases are quite heavy.
The US state of Wyoming is leading the way in this area, with DAO legislation deployed in 2021.
Even in the presence of legislation tailored to DAOs, some tokens would remain devoid of links to any legal entities. The most notable case is Bitcoin, which cannot be overlooked since it still commands the majority of market capitalisation. The EU MiCAR statute does not cover Bitcoin, although a future version might. In the US, legislators are discussing the possibility of regulating Bitcoin (and other fully decentralised tokens) as commodities.
Another, even more radical possibility would entail forcing developers to hand over so-called admin keys, or credentials that allow for protocol modification. Aside from the fact that in some cases admin keys do not exist, this type of practice has been sharply criticised by information technology scholars in the wider context of giving governments backdoors to encrypted systems. Among the arguments presented is the multiplication of cybersecurity risks. One especially authoritative reference on this matter is Abelson et al. (2015).