True Consumer Protection in Crypto Lies Between Centralization and Decentralization
Narratives about crypto regulations and compliance, or lack thereof, are increasingly missing the point. The general purpose of financial regulation is to maximize consumer protection, prevent fraud and abuse, and ensure well-ordered markets. Broadly speaking, the mission is the same in any jurisdiction, and for any financial regulator.
The conversation in crypto has been overly centered on the crypto industry at the expense of the crypto user. As long as we focus too much on whether specific exchanges must follow new or existing regulations, we miss the chance to consider how consumers can best benefit
Timothy Cradle is the director of regulatory affairs at Blockchain Intelligence Group and compliance advisor to Biokript.
As a regulatory affairs director and compliance consultant, I tend to look at crypto regulation and compliance from a dispassionate view. I must put ideology aside when recommending or attempting to implement a compliance framework for clients. It boils down to a simple question: “What needs to be done to ensure compliance.” Too restrictive and it negatively affects their business model. Too permissive and it sets them up for long-term failure (often in the form of an enforcement action).
I’m certainly not alone. As a former chief compliance officer for a crypto startup, I know other compliance professionals who take personal liability for the compliance programs they recommend so getting it wrong is a career-existential concern. When looking at the two counterposed operating models in crypto, decentralized and centralized services, the potential failures of each can only be addressed if each extreme borrows from the other.
In fact, this past week, the U.S. Department of Treasury highlighted many of the noteworthy financial crime risks decentralized finance (DeFi) poses – including money laundering, theft, scams and sanctions evasion. The agency noted “DeFi services often have a controlling organization that provides a measure of centralized administration and governance.”
In my compliance-mind this means that imposing the same sort of regulatory controls expected of a centralized institution are neither impossible, nor unreasonable. In fact, the Digital Assets Anti-Money Laundering bill introduced to the U.S. Senate in December 2022 seems to come to the same conclusion as it seeks to bring any service that “facilitates digital asset transactions” into scope of the Bank Secrecy Act (the U.S. anti-money laundering law). We don’t need the government to tell us that DeFi is uniquely risky; a simple search of crypto theft, rug pulls, hacks and scams will point to a litany of DeFi failures.
The centralized players obviously have their own problems. In just the past month we’ve seen scathing revelations about Binance and its avoidance of the most basic forms of compliance, namely know-your-customer (KYC) and regulatory registration rules. Binance is being sued in the U.S., likely to withdraw from Canada and the U.K. and may lose its license in Australia (whose regulator included a full list of Binance’s regulatory failings in the license announcement).
We’ve also seen multiple players in the U.S. incur fines for not registering their securities products with the Securities and Exchange Commission, which of course means little to no consumer protection was in place for the users of these products. This was all following the year of shame which was 2022 when billions of dollars worth of crypto were lost to outright fraud, market manipulation, embezzlement and bankruptcy – losses largely preventable had these players not also had direct control of their user’s assets.
So what do we need from both sides that makes the other work well?
From centralized entities: transparency and accountability. An inherently accountable organization with public-facing individuals. In other words, a regulated player that is required to ensure it is acting in the best interest of users, disclose the risks in an honest way and can be forced to provide the necessary disclosures to that effect. (And no, unattributed transactions on a blockchain are not adequate levels of transparency.) These firms must also implement cybersecurity, fraud and money laundering controls – a smart-contract audit alone won’t do.
See also: Let’s Actually Commit to Proofs of Reserve This Time, OK? | Opinion
From decentralized entities: transaction settlement lying with the service, while asset custody always remains with the user.
We need to remember the ultimate goal of crypto is to provide individuals with a better financial system than what they’ve gotten from legacy systems. The ultimate goal of regulation is to ensure consumers are protected. We get the best result by mixing those two philosophies, in the same way we need to mix the philosophies of centralized finance and decentralized finance to achieve a system that’s fair and useful for all participants.
The right rules to oversee crypto are already in place to protect consumers, what the industry needs now is to embrace the right aspects of centralization without losing the tenets of decentralization.
