Crypto Regulatory Overview
A complex US crypto regulatory landscape
Hello everyone and welcome to the latest edition of GreySpark Insights.
Please do not hesitate to contact us with any questions or comments you may have. We are always happy to elaborate on the wider implications of these headlines from our unique capital markets consultative perspective. Happy reading!
The Markets in Crypto Assets regulation entered into force on June 29, 2023 in the EU, becoming the first comprehensive regulatory regime globally that is tailored specifically to cryptoassets trading.
MiCA is unique in the sense that it has put years of crypto trading regulatory discussion into action, potentially setting a precedent for what other, likewise regulatory frameworks will look like across other jurisdictions in the future. MiCA arguably marks the official recognition of cryptocurrency at a government level in the developed world, highlighting the medium’s viability as an asset class and its integration into the global financial system.
We will be covering the MiCA regulation and the implications for in-scope firms over the coming weeks. Stay tuned for that.
Despite the arrival of MiCA, the global crypto regulatory landscape is generally fragmented and clouded in regulatory uncertainty. Cryptocurrencies perplex regulators because they are unlike any traditional financial instruments, and they can also be classified under several different designations, including platform, governance and asset-based tokens (such as stablecoins). More details on the different types of cryptocurrencies can be found here. The varied nature of cryptoassets typically led to subjectivity and a lack of action from regulators, leaving the regulatory landscape lagging behind growth in the nascent asset class.
Nonetheless, crypto regulatory landscapes globally continue to develop, albeit at different speeds and trajectories. As such, we thought now would be a good time to look at crypto regulatory landscapes across different jurisdictions — and potentially clear up any confusion — given the resurgence in institutional crypto interest in Q4 2023, as highlighted by our recent Chart of the Day.
First stop, the United States.
Who are the US regulators?
the Securities and Exchange Commission;
the Commodity Futures Trading Commission;
the Financial Crimes Enforcement Network (FinCEN);
the Internal Revenue Service;
the Office of the Comptroller of the Currency;
the Federal Trade Commission; and
state-specific regulatory bodies.
How are cryptoassets regulated in the US?
As always, the landscape is a patchwork quilt defined by the breadth and depth of federal versus state-level agencies or departments and their enforcement capabilities, the federal versus state-level court systems and — in particular — blurry lines around the lack of a one-size-fits-all definition of cryptoasset types. This means that, depending on the scenario, the exact regulator in charge of enforcing rules will depend on whether an asset is traded, transacted or generally treated as a security, a commodity or derivative or as a money transmitter — that is, as a vehicle for a service that facilitates the transfer of fiat currency for businesses. The following bodies are responsible for enforcing the following, somewhat ostensible, cryptoasset regulations in the US:
the SEC oversees the issuance and resale of cryptoassets that are securities;
the CFTC regulates cryptoassets if they mainly qualify as commodities and are used as derivatives (including swaps, futures and options);
FinCEN regulates cryptoassets for purposes of anti-money laundering and counter-terrorism financing;
the IRS treats cryptoassets as property, with investment returns subject to capital gains tax;
the OCC provides policy, guidance and information about the use of cryptoassets in the Federal banking system, namely the custody of cryptoassets among national banks; and
the FTC provides consumer protection against cryptoasset-related scams.
However, there is one piece of regulation that all companies dealing in cryptoassets in the US must abide by, which is the Nixon-era Bank Secrecy Act (BSA) of 1970. The BSA requires companies to assist US government agencies in detecting and preventing money laundering through stringent reporting standards, compliance testing and staff due diligence.
Companies that offer crypto-assets must be registered with either the SEC, CTFC or FinCEN (depending on the nature of the assets), or a combination of each agency, as brokers or broker-dealers.
For example, the SEC only regulates cryptocurrency sales — that is, via an exchange platform — if it constitutes a sale of an instrument licenced as a ‘security’ under Federal law or under the law(s) of the state in which it is bought or sold, with the sale being subject to the Securities Exchange Act of 1934. The CFTC regulates the sales of cryptoassets that are defined as ‘commodities,’ with sales being subject to the Commodity Exchange Act of 1936.
Who do the US regulations apply to?
The BSA is the only universally applicable framework to any US financial institution dealing in cryptoassets, putting them on par with other financial institutions that do not deal in crypto.
After originally only applying to money services businesses (i.e., payment providers or banks), securities brokers and dealers, futures commission merchants, commodity brokers and mutual funds, the scope of the BSA expanded in 2021 to accommodate “businesses engaged in the exchange of currency, funds, or value that substitutes for currency or funds.” This includes crypto wallet providers, crypto exchanges and decentralised applications. More details on who the BSA applies to can be found here.
Apart from the BSA, additional registration and licensing requirements are applicable to a financial institution dependent on the nature of the cryptoassets that it deals in. For example, a business dealing in cryptoassets defined as ‘securities’ will be subject to regulations from the SEC. It is typical for financial firms dealing in cryptoassets to experience crossover in regulations; for example, a crypto exchange that lists cryptoassets defined as ‘commodities’ and as ‘securities.’
Achieving a clear and coherent crypto regulatory landscape in the US looks a near improbable task. Something of a paralysis-by-analysis situation has lingered for several years, with regulatory motives from different bodies frequently clashing, while providing confusing, subjective definitions of different kinds of cryptoasset that are open to interpretation.
Typically, cryptoassets sold in the US are advertised or classified by their sellers under one or more of the following three headings:
commodities; and as
Money services businesses that provide virtual currencies are subject to state-level registration requirements only.
However, in many cases, these definitions are misaligned to the regulatory bodies that claim to regulate that specific variety of cryptoasset.
For example, in the US, Bitcoin is not considered a security. Instead, it is regulated as a commodity. The Supreme Court’s definition of a ‘security’ is centered on the concept of an investment contract where there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others. Bitcoin largely does not fit this bill because of its anonymous and open source nature, with the absence of investor fund pooling. Crucially, the success of an investment in Bitcoin is not viewed as one that is reliant on the efforts of others. Therefore, because Bitcoin is a commodity, you would logically think that regulatory responsibility falls entirely under the scope of the CFTC.
However, this is not necessarily the case. No Federal financial regulator has the authority to regulate spot cryptoassets that are not securities. Rather confusingly, the CFTC only regulates cryptocurrencies used in derivatives contracts; so, in many cases, not all Bitcoin transactions are subject to oversight from the regulatory body it should, on the surface, be subject to.
In fact, according to K&L Gates:
“It is important to note that the “jurisdictional authority of CFTC to regulate virtual currencies as commodities does not preclude other agencies from exercising their regulatory power when virtual currencies function differently than derivative commodities.”
Subsequently, financial firms dealing in cryptoasset spot markets are exposed to a mishmash of regulations across state and federal lines, making compliance bureaucratic, arduous and expensive.
This confusion arguably instigated the SEC to define several cryptoasset networks as dealing in ‘securities’ to gain some kind of regulatory control, when — in reality — the cryptoassets do not necessarily stand up to classification as securities.
A recent example was the December 2020 SEC lawsuit against Ripple that resulted in a July 2023 ruling by the United States District Court for the Southern District of New York that Ripple’s XRP token was not a security. The SEC subsequently dropped the case on failure of appeal in October 2023.
Nevertheless, the SEC defined 68 cryptoasset tokens as securities, meaning that companies that deal in them will be subject to Federal securities law.
Ultimately, the US crypto regulatory landscape is shrouded in uncertainty, leaving the US crypto market vulnerable to illicit activity while also alienating cryptoasset providers who, at times, inadvertently break rules due to their lack of clarity. For example, in June 2023, crypto exchange Coinbase was sued by the SEC for operating an unregistered securities exchange. Crypto exchange Kraken was also sued by the SEC in November 2023 for operating an unregistered securities exchange.
Unsurprisingly, several US-based cryptoasset providers are shutting down operations in the country. A recent example is major crypto exchange Bittrex, which shut down its operations in Seattle earlier this year.
Since 2022, at least 50 bills designed to regulate cryptoassets were reportedly introduced to Congress. Arguably, the proposed Responsible Financial Innovation Act (RFIA) presents the best opportunity to establish a coherent crypto regulatory regime in the US.
The RFIA proposes a clear standard to determine when cryptoassets would be considered commodities and when they would be considered securities, thereby establishing regulatory authority between the CTFC and the SEC. However, it remains unclear whether the RFIA will pass the Senate in its current form.
Additionally, the SEC is expected to approve the first spot Bitcoin ETF in January 2024, after a decade of rejecting spot Bitcoin ETF applications largely due to fears of fraud and manipulation. Currently, at least nine asset managers, including BlackRock, are awaiting SEC approval for the product. In many ways, this could mark the start of a more functional crypto regulatory landscape in the US and could show a changing and arguably softening stance toward crypto in the US from regulators.
The product is potentially important as — if approved — the SEC could use institutional investor trading in it to set further standards, consistently, across a variety of cryptoasset product types that do not fit classification as ‘commodity’ or as ‘security,’ according to this analysis.
Also, the approval of the spot Bitcoin ETF, and the institutional interest it will inevitably attract, could leave the SEC with little choice but to ensure strong oversight and investor protections, putting regulatory draft bills into action and potentially bringing to an end a sense of regulatory dithering.
Nevertheless, US regulators still have some way to go if they are to create a cohesive, functional crypto regulatory environment.
Keep an eye out for more crypto regulatory breakdowns among different jurisdictions over the coming days. We also have more on the way regarding operational resiliency among financial institutions. You can be reminded of our latest operational resiliency post here, as we edge closer to revealing how financial firms can maximise their operational resilience using digital twin technology.