How to supervise a cryptocurrency exchange

The author is a former financial regulator

Adjust encryption or let it burn? While the debate rages on in the US (and in the Financial Times pixels), it’s already over in the EU and soon will be over in the UK as well.

The financial services and markets bill is making its way through parliament. It now includes a broad definition of crypto assets that will be subject to regulation. A UK Treasury consultation will complete the details shortly. And in the EU, the Markets in Crypto Assets Regulation (Mica) was agreed this summer and will come into effect by 2024.

With the aftershocks reverberating from the collapse of cryptocurrency exchange FTX, a new question is being asked: How to supervise a cryptocurrency exchange?

Mica sets admirably strict standards for cryptocurrency service providers, covering exchanges. Exchanges will now need a license from one country to obtain a passport to do business across the EU. Two big changes are coming.

First, the corporate structure. Service providers will need to have strong corporate governance and controls, an EU legal entity and most importantly a corporate structure with jurisdictions that do not hamper effective supervision. FTX’s failure highlights the importance of these standards. But it’s hard to give good ratings to the other exchanges. The largest, Binance, will not yet say where it is based, for example.

As the Bank of England’s Jon Cunliffe explains, part of the problem is that these are not really “exchanges” but rather provide multiple, bundled services that would be segregated in traditional finance for conflict of interest, prudential and consumer protection reasons.

Mica seems unnecessarily to allow such a grouping of several services into a single legal entity. Some guardrails will be needed in detailed rules established during the period prior to implementation.

Secondly, Mica will impose customer asset protection rules on service providers. FTX’s alleged use of client assets to finance its commercial arm means that creditors are waiting to hear how much money they have lost. These creditors are thought to number at least 100,000 and could number more than 1 million.

This left other exchanges struggling to prove their proof of reserves, the assets backing up client positions, with Binance commissioning a report from accounting firm Mazars. But the report has limited scope on the crypto assets it covers, is unconvincing about how client liabilities are calculated, and lacks commentary on the effectiveness of internal controls. Mazars announced late last week that it had stopped providing reserve test reports entirely and scrupulously qualified past ones as not a warranty exercise.

Client asset segregation was a major non-crypto issue in the bankruptcy of Lehman Brothers and broker dealer MF Global. This has led to a crackdown in the UK and elsewhere, with high fines, detailed new regulatory requirements and increased personal accountability of senior managers. Strict rules, tailored to cryptocurrencies, will need to be developed and adopted quickly.

Supervisors will have to make some tough licensing decisions if the trades aren’t ready in time for new EU and UK rules.

The exchanges will clearly need to make major changes to their business models before submitting their license applications. Mica has a number of other challenging requirements that also need to be sorted quickly.

Exchanges will have to check the suitability of each crypto asset for customer trading based on the “reliability of the solutions used” and potential association with financial crime. They will also need to disclose the negative impact on the environment and climate of the required mining of each cryptographic asset. Liability for losses due to hacking of client wallets will take effect. And stricter risk warnings for cryptocurrency investments will come into effect in the EU and UK.

Supervisors themselves have tight deadlines to make licensing decisions under Mica. The risk is that the race to become Europe’s crypto hub will affect decisions, in the same way as the UK’s new imperatives for supervisors to consider competitiveness.

Binance, by far the largest exchange, is the key testing ground. The French regulator, the Autorité des Marchés Financiers, raised eyebrows by registering Binance under pre-Mica rules, despite Binance being fined by Dutch supervisors and the UK’s Financial Conduct Authority saying it was unsupervisable. What will happen in the (re)licensing process?

Supervisors need the resources and political coverage to withhold licenses until corporate structure and customer resource issues are resolved. The best way to supervise cryptocurrency exchanges? Start by not licensing them until they’ve agreed.

Add a Comment

Your email address will not be published. Required fields are marked *