CRYTPO REGULATION… ASK AND YOU SHALL RECEIVE (BUT MAYBE A LITTLE TOO MUCH)
Published on Nov 11, 2021 by Jaime Lumsden, Michele Levine and Nicholas Pavouris
Twelve recommendations for the future of crypto, contained in a report made by the Australian Senate Select Committee on Financial Technology and Regulatory Technology, have far-reaching, and sometimes onerous, implications for the future of crypto and de-banking.
The overwhelming message from industry submissions is that Australia is lagging behind its peers and regulatory certainty, flexibility and innovation are key. The “light touch” and “wait and see” approach so far adopted by regulators has created a regulatory vacuum in Australia, while other markets (e.g. Hong Kong, Singapore and the United Kingdom) have implemented regulatory reforms to cater for the crypto industry of today and tomorrow. That said, it is important to strike the right balance when designing new regulation.
This blog focuses on 6 of the recommendations we think are most important and analyses the practical implications on the industry, which may require further thought.
Our thoughts on Recommendations 1, 2 and 3 – Licensing Implications
The first recommendation is to introduce a markets licence for Digital Currency Exchanges (DCE), which will result in DCEs holding a markets licence similar to securities and derivatives exchanges (e.g. ASX). This is a substantial change and due consideration must be had in respect of:
- Recommendation 2: Custody or depository regime to be managed under the Treasury portfolio.
- Recommendation 3: Regulators to conduct a token mapping exercise; and
- Recommendation 4: A new Decentralised Autonomous Organisation (DAO) company structure be created.
If all the above recommendations are implemented, there is a real risk more crypto tokens will be classified as regulated financial products, and DCEs will need to hold the following licences if any of the crypto assets they list are regulated financial products:
- A DCE markets licence;
- A custody or depository authorisation regime under the Treasury portfolio; and
- An AFSL.
In addition, the ‘Payments System Review – From system to ecosystem’ (Payments System Review) proposes a new and separate tiered payments licence. Many operating in the digital currency space also provide payments services, meaning that they would also likely need a payments licence. This means a DCE could require up to 4 licences. Similar concerns exists for wallet or other custody providers that hold crypto assets and enable payments.
When viewed together, these licences would create a complex and potentially duplicative regulatory regime. We note that the Payments System Review flagged similar problems that currently exist for payments and strongly recommended that the payments regulatory regime be simplified and streamlined. These are sobering thoughts that should be front of mind when developing the regulatory framework for crypto, which may have multiple regulators, licences and regimes.
Regulators need to bear in mind that the industry will go from very low to very high regulation very quickly. We need to ensure that, as an industry, we strike an appropriate level of regulation. If we over regulate crypto, Australia will be the market of last resort, seen as too complex and too costly for the relative size of our market, which may discourage investment from global players. This is the reverse of the outcome that industry is seeking and the Government seems intent on encouraging.
In our view, there may be scope to streamline the required licences and we suggest that this be considered in light of, and in tandem with, the recommendations from the Payment Systems Review.
Another pertinent issue is Professional Indemnity (PI) insurance. The market for PI insurance for crypto businesses is essentially non-existent and, if a business is lucky, it may source limited and costly cover offshore. In our view, increasing licensing requirements for crypto businesses will not expand the PI insurance market. ASIC, APRA and industry will need to consider solutions to open the PI insurance market and consider whether alternate risk products are more appropriate.
Our thoughts on Recommendation 4 – giving DAO legal personality
The most interesting recommendation from the report is the proposal to establish a new company structure for DAO – otherwise known as a decentralised autonomous organisation, or an entity with no central leadership. Decisions are made from the bottom-up, governed by a community which is organised around rules enforced on a blockchain.
Whilst we think it is positive that the Committee are passionate about both digital and decentralised finance (DeFi), it raises a lot of questions and the potential ramifications are significant.
Regulation of DAO protocols and / or tokens needs to be thoughtfully considered. At present, DAO protocols and / or tokens are not caught by financial services regulation due to a number of technicalities. The main technicality is that the general and specific definition of ”financial products” require a “person”, “provider” or “issuer” to be involved. Currently, DAOs are not considered to be either a “person”, “provider” or ”issuer” as transactions are automated via algorithms that require validation by participants, either via proof of stake or proof of work mechanisms.
However, giving DAO legal personality may change this, meaning many of these protocols and tokens may involve the provision of financial products where before they did not. This not only means the DAO, as a legal person, will need an AFSL, but that any DCEs that list, and wallets that hold, these tokens will also need an AFSL (as outlined above).
It might be appropriate for these tokens and protocols to be regulated, but how does one practically impose licensing requirements on a DAO which, by definition, is decentralised and has no Board or management? Additionally, while it may be appropriate that these crypto assets are treated the same as other financial products from a regulatory point of view, as they have similar risks, we need to ensure that we do not overregulate the crypto sector.
We think it would be incredibly difficult for ASIC to regulate and enforce requirements on a DAO. The core function of a DAO is that there is no central leadership or decision makers. A network of thousands or millions (mostly pseudonymous) individuals across the world would be required to make decisions on behalf of the DAO. This means gaining consensus from a disparate group of people, with varying degrees of sophistication and understanding of regulation, who may speak many different languages, to nominate an appointed representative of the DAO, consenting to registering with ASIC, consenting to holding a regulatory licence such as an AFSL, issuing disclosure documents and paying Australian taxes from member entitlements. It also requires the DAO to facilitate initiation of governance proposals for these types of matters and a consensus voting mechanism.
Assuming that the issue of registering a DAO to a particular jurisdiction is overcome, it remains to be seen how ASIC would be able to regulate and, if needed, take enforcement action against individuals, particularly those overseas where jurisdiction can be an issue. In DeFI, there is also the possibility for various DAOs to directly interact with each other in relation to certain transactions and functionality e.g. Polygon interacting with Ethereum. These interactions may add further complexity as it may be difficult to determine which DAO is responsible for what interaction. It may be that ASIC will need to limit the scope of what kind of DAO can be registered in Australia.
If you would like to explore the ramifications of giving the DAO legal personality, there is an excellent article published by Mr David Gikandi, applying Australia’s proposal to UniSwap. You can read his thoughts here.
We think that it is more appropriate to regulate the gatekeepers, such as DCEs and wallets. DAOs are set-up to be decentralised and autonomous and we think it is unlikely that a DAO community would vote to incorporate in Australia. The recommendation really requires ASIC to consider how they can practically regulate a decentralised organisation effectively without stifling investment and innovation in Australia.
Our thoughts on Recommendation 5 – AML/CTF
The report recommends changes to the current regulatory framework, including:
- AUSTRAC publishing a list of DCEs to foster confidence in the crypto sector;
- AUSTRAC make continued overseas observations before introducing the “travel rule” for digital assets in Australia; and
- Australia's AML/CTF regulations should be clarified to ensure they do not undermine innovation and are fit for purpose for DCEs and any other relevant crypto-asset businesses.
Publishing a list of DCEs will help consumers to understand which DCEs are properly regulated by AUSTRAC. However, it is critical that consumers are aware that AUSTRAC registration is a simple process and AUSTRAC regulation is limited to AML / CTF only and that AUSTRAC regulation is not an endorsement or confirmation of a legally compliant business or risk mature business. Customers will still need to still approach these situation as “buyers beware”.
The ”travel” rule will require providers to include verified information about the originator (payer) and information about the beneficiary (payee) for digital asset transfers to strike an appropriate balance between risk and the operation of legitimate businesses. This can be difficult in the blockchain context given anonymity and reporting limitations.
Whilst the ”travel” rule would no doubt greatly assist in the regulatory oversight of AUSTRAC and bring DCEs in line with the traditional financial institutions, we agree it will be too difficult to implement successfully at this stage and early implementation will give rise to first mover disadvantage by creating additional regulatory burden that may not be effective. We agree with the recommendation that AUSTRAC should continue to observe the attempted implementation overseas before determining how to best introduce the changes in Australia. This will ease unnecessary cost burdens and not undermine innovation.
Lastly, insufficient little detail was included on the nature or type of changes that should be made to AML / CTF regulation. This raises the risk that any future review doesn’t focus on key risk areas.
From our perspective, a good starting point is to expand the meaning of DCEs to cover business that facilitate digital asset to digital asset exchanges. Presently, an entity is caught by the definition of a DCE, and required to enrol and register with AUSTRAC, if it exchanges fiat currency for digital asset or vice versa.
The risk with the current approach is that a large volume of digital currency exchanges have no regulatory oversight, raising the risk of money laundering and counter-terrorism risks. This is especially the case where digital assets are sourced overseas from exchanges located in less regulated markets and then exchanged for other digital assets in Australia. These transactions fall outside of the AML / CTF regime and regulatory oversight is only triggered once the last digital asset is exchanged for fiat currency in Australia by a DCE. This creates inherent risk in the system.
If digital asset-to-digital asset exchanges are included as a designated service, we believe a number of other businesses would fall within AUSTRAC’s remit, including unregulated DCEs and wallet holders. In our view, this change would further legitimise crypto businesses in Australia and hopefully alleviate the concerns expressed by banks around de-banking under regulated businesses.
Our thoughts on Recommendation 10: De-banking…
We agree that a dispute mechanism for de-banked businesses and customers will create transparency and certainty. However, this is not enough. There needs to be a policy decision to support the crypto and fintech industry and protect customers’ money. This is critical, as the crypto and fintech sectors are rapidly growing and are fragmenting traditional banking. Failure to do so may put customers’ money at risk as crypto and fintech businesses are forced to look for alternate solutions.
While we acknowledge this is a difficult nut to crack, it requires coordinated action from the Government, RBA, APRA and banks. Risk management is key and individual to the respective banks, but it should not be an excuse in and of itself. If the recommendations in the report are implemented, we suspect banks will have less scope to push risk management reasons for denying service. This is because crypto businesses will be subject to very high regulation.
Further, we think there is scope for the ACCC to look at competition considerations, particularly in light of banks entering the crypto market. Our regulatory regime should promote innovation and competition, not squash it.
Next steps
Given apparent bi-partisan support, it can be expected the Government will move swiftly. We expect the Government to open up consultation for a short period following any release of draft legislation. However, timelines after that are less certain, as industry makes submissions on the specifics of the draft legislation and its implications, and an impending election year can both apply or ease pressure to pass draft legislation – depending on whether the legislation is a key election platform or not.
Crypto is certainly evolving, maturing and possibly subject to great change! We are more than happy to help you with anything crypto, financial services regulatory or licensing, just get in touch.
November 2021