“Beware the Ides of March,” noted William Shakespeare’s Julius Caesar. Never truer than March 2022 as far as digital assets are concerned.
We are only in April of 2022 but already it is clear that 2022 will be the year in which the global regulation of digital assets (which includes virtual currencies and non-fungible tokens, or “NFTs”) officially began. If anyone had any doubts about the seriousness of regulators around the world in dealing with decentralized, global, anonymous assets, those doubts should be immediately erased.
For the past several months, including a flurry of activity in March and early April 2022, global regulatory organizations have detailed their desire for robust, and onerous, digital asset regulations, and demonstrated strong commitment to successful enforcement. These assets will be eventually regulated, just as all other financial assets – no more and no less, and sooner rather than later. Companies involved with digital assets may take different approaches to this – from ignoring this global trend to embracing it and attempting to self-regulate within the space. But they would do well to keep in mind that with regulation comes opportunities, particularly for those who understand the benefits of regulation and who are willing to become first movers in the globally regulated digital asset space.
Unfortunately, globally bad actors are doing the same bad acts that occurred with commodities, stocks and bonds, and other financial assets for decades – front running, rug pulls, undisclosed unlawful trades, etc. These bad acts are nothing new, just a recycling of earlier methods of separating investors from their money and avoiding compliance requirements (including sanctions), and concerns over those acts and ensuring stability of the global financial system are the driving force behind many of the proposed new regulatory regimes.
The increased global focus on regulations of digital assets effectively began in October 2021 when the 200+ member Financial Action Task Force (“FATF”) released its 109-page Update Guidance for a Risk -Based Approach to Virtual Assets (“VAs”) and Virtual Asset Service Providers (“VASPs”). The 2021 Release made it clear, if it was not already clear, that VAs and VASPs are subject to the full range of obligations under the FATF Recommendations including Anti-Money Laundering (“AML”), Countering the Financing of Terrorism (“CFT”), and Know Your Client (“KYC”) requirements. The FATF was concerned about the rise of anonymity enhanced by digital assets, mixers and tumblers, decentralized exchanges and platforms, privacy wallets and other services and products that eliminate or reduce transparency and the ability of regulators and law enforcement agencies around the world to track and sometimes block cryptocurrency transactions. When bad people start to do bad things, the regulators feel an obligation to start imposing stricter regulations, and the situation is no different in the case of digital assets. As a result, the FATF wants its members to bring VAs and VASPs under the full regulatory scope of the FATF, including its registration and license requirements. This is the reason, for example, that establishing a cryptocurrency exchange in the Cayman Islands can take up to 8 months at present.
March of 2022 was particularly active. Firstly, on March 9, 2022, President Biden released an Executive Order (“EO”) on Ensuring Responsible Development of Digital Assets. The focus of the EO was on protection of consumers, investors and businesses, and ensuring the stability and integrity of the US financial system; fleeting mention was made of responsible financial innovation and reinforcing US leadership in the global financial system through responsible development of payment innovations and digital assets (though the EO did make clear that the US is contemplating issuance of a digital dollar). What is “responsible” is, like beauty, in the eye of the beholder; and the thrust of the EO is that the developments thus far in the cryptocurrency space have not been responsible, and, as a result, additional regulation is required.
There is momentum building for robust global digital asset regulatory regimes. This march towards global regulation is unlikely to halt.
For those students of history, the Mafia boss Al Capone in Chicago was ultimately convicted of tax evasion, not the other crimes he may have committed but which were harder to prove. Fast forward to March 2022, and not much has changed. The Organization for Economic Co-operation and Development (“OCED”), a 38 member country organization founded in 1961 to stimulate economic progress and world trade, released its 101 page Public Consultation Document, Crypto-Asset Report Framework (“CARF”) and Amendments to the Common Reporting Standards (“CRS”) seeking to vastly expand the tax reporting obligations under the CRS. CRS is a set of uniform tax reporting and KYC/AML rules adopted by some 97 countries starting in 2017. Members include not just the EU, Japan and other high tax jurisdictions but also the BVIs, the Cayman Islands, Jersey and Guernsey, and other tax havens. Noticeably absent from this list is Panama. Under CRS, participating countries collect tax information on locally incorporated companies and their ultimate beneficial owners (“UBOs”) and controlling persons and then report that information back to the home country in which the UBOs are located. This is all done in an effort to prevent the global tax evasion that the OECD believes is taking place.
Under CARF, participating countries will now have to seek to collect and report KYC and AML information (including name, address, date of birth, relevant tax identification number, etc.) on entities and their UBOs, and well as information on all transactions involving digital assets, including exchanges of fiat for crypto, crypto for crypto, NFTs for NFTs, air drops, and hard forks. All transactions at the exchange and the wallet level would be reportable by Reporting Crypto-Asset Service Providers (“RCASPs”), which includes all intermediaries (both corporate and individual) who as a business provide services effectuating exchange transactions for or on behalf of customers. This would include all types of exchanges, wallet providers, and brokers and dealers. The scope of CARF is very expansive. The OCED has not addressed at all some of the corollary issues that CARF will require, such as addressing the privacy rules under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) which may require storing customer data in the EU or in the jurisdiction in which the customer is resident, nor has it addressed, or seemingly considered at all, that compliance with such rules is time consuming, difficult, and expensive.
While the US has not adopted CRS, Congress and the IRS are likely to seek access to the same tax reporting information as participants in CRS. This could be done through existing Tax Exchange and Information Agreements that provide for an exchange of information between tax haven countries and the US or through amendments to the Foreign Account Tax Compliance Act (“FATCA”) and the FATCA agreements already in place. As we have seen over the last several years, US regulators are keen to regulate this space and have been pursuing an enforcement-driven approach to regulating cryptocurrency in lieu of any comprehensive regulatory framework, leaving companies operating in the US to review regulators’ piecemeal enforcement actions for guidance. President Biden’s EO aims to change this and implement a more comprehensive regulatory approach.
Thirdly, the day after the OECD released CARF, the International Organization of Securities Commissions released its IOSCO Decentralized Finance Report, summarizing the various ways in which Decentralized Finance transactions have been abused by bad actors around the world and urging additional regulations to protect consumers.
Fourthly, on March 28th, President Biden released his proposed 2023 Budget which would among other things expand the tax rules applicable to securities lending to digital assets, require additional information reporting by certain financial institutions and digital asset brokers, require reporting of foreign digital assets accounts and apply the mark-to-market rules to certain investors in digital assets. These new rules are projected to raise some $11 billion in revenue.
Fifthly, on March 31st, the European Union lawmakers met to discuss the Markets in Crypto Asset regulations package, a process started in 2020. The proposed regulations and explanation are some 168 pages long. At the same time, a member of the European Central Bank Board said that “cryptocurrencies are pure gambling, wasting enormous amounts of energy.”
Sixthly, in the UK, the Financial Conduct Authority (“FCA”) has been required to process permanent registration applications from crypto asset businesses for the purpose of the 5th Money Laundering Directive by March 31st, having extended its deadline to do so from last year. Over the last few months, the FCA’s reluctance to take on the mantle of the UK’s crypto asset business anti-money laundering regulator has become evident with its preference being to encourage such crypto asset businesses to withdraw their registrations and relocate elsewhere overseas. With hundreds of crypto asset businesses having taken advantage of the Temporary Registration regime, only a few have been granted a permanent registration, which does not auger well for the immediate future of such businesses in the UK. Additionally, the FCA has also signaled its intent to restrict advertising of digital assets to the UK general public beginning in the summer of this year”.
Next, the US Securities and Exchange Commission (“SEC”) has been particularly active in enforcing existing US securities regulations, developed in the 1930s, with respect to digital assets. It is not too much of an exaggeration to state that the SEC’s general view is that if a virtual currency has the potential for appreciation, it is probably a security subject to regulation by the SEC. Everyone is eagerly waiting to see what happens in the SEC’s lawsuit against Ripple regarding Ripple’s issuance of the XRP token, and whether the decision in that case will provide any additional guidance on the application of the “Howey Test” to digital assets. Time will tell whether the decision is narrowly decided so that it provides no real guidance or whether it provides more substantive guidance in this area.
Lastly, both the FCA in the UK and the Monetary Authority of Singapore have recently issued comments, based on these same general concerns mentioned above, which eventually will have the effect of restricting the marketing of digital assets to the general public. This is a trend that is likely to continue in other countries as well.
It is clear that regulators globally have focused their attention on digital assets, in large part over long-held concerns about protecting consumers from bad actors, perceived abuses in reporting cryptocurrency transactions for tax purposes and conduct of criminal activity and more recently from concerns about potential for circumvention of sanction regimes and ultimately stability of the financial system. Unlike some, our view is that the regulations that are going to be imposed are fairly consistent, in purpose and effect, with those that apply to other existing financial assets. They will not be a new form of regulation, but rather an extension of existing frameworks to digital assets, adapted to particular features of such assets.
In our view, participants have three choices and only three choices. The first is to ignore this trend and hope that it goes away – the ostrich approach. Those involved in the digital asset space that take this approach and ignore this global focus on regulating digital assets do so at their peril. The result will be, at best, that they are subject to a global patchwork of often conflicting regulations that are foisted upon them, or, at worst, that they will be subject to enforcement actions and face severe monetary and other penalties. For digital asset exchanges that operate through an entity, coping with increased tax, AML, KYC, security, custody, marketing and other regulations will be costly but feasible given their market size and cash flows. For newer companies, the burden will be significant.
The second approach is to do what others have done in similar situations and create a self-governing organization, similar to the US FINRA organization, and seek to persuade regulators to let that body enact applicable regulations, perhaps subject to the ultimate oversight of the regulators.
The third approach is somewhere in between the first two and requires an organized effort from entities in this space to appeal directly to global regulatory organizations – through traditional methods of public comment on proposed regulations, lobbying, etc. – seeking to influence global regulators to promote sensible and consistent regulations around the world.
This has the advantage of promoting uniform regulations around the world. Under the second two options, digital asset companies have an opportunity to benefit from any new regulations. For example, the first large digital asset exchange that registers as such with the SEC may be able to seize considerable additional market share. Understanding that this is a complex task given the current state of play in the US, a registered exchange may be able to work with token issuers to offer legally compliant, freely tradeable tokens to all investors, including non-accredited investors.
The situation is less clear for digital asset issuers, including artists minting NFTs and individuals who operate decentralized exchanges. Many of them will not have the financial resources, training or personnel to perform full-fledged KYC / AML / CFT reviews, much less comply with the GDPR and CCPA privacy requirements.
There is a recent TV advertisement by the crypto exchange Crypto.com featuring Matt Damon, which concludes with the Roman proverb “The Future Favors the Brave.” We disagree, in our view “The Future Favors the Prepared.”
Where do you stand?