Written by Holly Thomas-Wrightson on Monday 20 February, 2023
2022 was a turbulent time in the world of cryptocurrency, with big name blockchain networks like Terra and FTX crumbling, sanctions being placed on exchanges like TornadoCash and the introduction of the Virtual Assets Regulation Authority (VARA) to name just a few of the year’s events. ICA hosted a discussion in early February to review some of these headlines, and take some time to look at what it could all mean for 2023.
Pekka Dare, Vice President of ICA led the discussion with Esme Hodson, Chief Compliance Officer at Standard Chartered, Marian Muller, Founder of Bitpliance and Denisse Rudich, Founder and Director of Rudich Advisory.
Lessons learned from 2022
Dare set off the conversation by asking the panellists to look back at events in 2022 and the lessons that could be learned from them. Muller started the topic by establishing that a lot of the enforcement action was not surprising and, if anything, was simply overdue. A lot of the problems faced in the FTX case, for instance, was due to exotic derivative products, overleveraging and centralised risk.
One key thing that the year’s events gave the industry was that they provide useful examples of what not to do. Rather than relying on a few big examples that were not realistically useful to the average business, the increase in cases gives a wider scope to learn from, as well as learning from comparing the differences between similar cases to see why they were treated differently by regulators. There is also increased regulatory clarity as regulators catch up to the fast-changing state of the crypto landscape, giving many businesses the guidance they’ve been waiting for.
The importance of self-disclosure was also brought up, and constant internal risk monitoring and for gaps in a business’s framework, fixing what can be fixed or disclosing any failures as they arise to avoid them developing into egregious cases.
Sanctions and crypto
Rudich looked more at what was going on in the sanctions space, with the most well-known example being TornadoCash.
Sanctions were also used to kerb the use of ransomware, as well being placed on groups like Lazarus, part of North Korea’s ‘cyber army’ which was in previous years responsible for attacks on Sony and various banks from around the world.
There has also been an increase in engagement between regulators and the crypto industry, as well as the regulated sector, which Rudich hopes will lead to more understanding of what happens when fiat goes into and back out of cryptocurrency, as well as further roundtables, studies and papers to learn about the impact from.
Privacy vs secrecy vs anti money laundering requirements
Dare brought the question to Hodson about where she could see the debate about where the line would be drawn between the need to maintain people’s right to privacy and preventing bad actors from using anonymity to mask their criminal activity.
She emphasised the importance of financial institutions (FIs) making customers feel their privacy is protected, but that the way to do that is to give them privacy from outside forces, not by giving them the anonymity that would allow bad actors to abuse the systems. We should not make the mistake of thinking that protecting people’s privacy is something new, simply because we are looking at it through the lens of digital assets.
FTX’s impact
Hodson emphasised that the failure of FTX was primarily due to governance issues, and not anything inherent to digital assets themselves. The immediacy of digital assets allowed the ‘velocity and the impact of that alleged fraud to be much quicker and much larger than we’ve been able to look at before’, whereas in cases like the Enron scandal (which the FTX scandal has been widely compared to) involved comparatively slower fiat currency.
She also drew attention to the fact that the current approach to digital assets is far too ‘mosaic’ by focusing on each type individually, rather than looking at it as a whole, and that we should be looking at how the risks are familiar, instead of treating digital assets as an entirely new, unknowable space.
Regulatory harmonisation
Rudich touched on the establishment of VARA and the EU’s Markets in Crypto-Assets (MiCA) regulation on the horizon, and how these bring the hopeful possibility of harmonisation – much needed within a regulatory environment that is currently struggling to establish a consistent lexicon of terms for digital assets.
However, this is only possible if different regions are willing to adopt a shared framework. Currently, countries are creating their own documentation on the topic, with each deciding what terms to use and how to define them, which makes it incredibly difficult for those working in the digital asset space to work across jurisdictions or, in the case of the US, even across both federal and state level. She added that a turning point on this could come from G7 and G20 they push forward that need for harmonisation.
‘Digital assets have a global potential,’ Hodson added to Rudich’s point, ‘and if we don’t have a cohesive global outlook towards them, there’s no way to unlock that potential.’
Centralised finance (CeFi) or decentralised finance (DeFi)
Muller stated that he hoped that regulators would focus on both CeFi and DeFi risks to help consumers, though that the approach would need to be different. Looking at a lot of 2022’s biggest failures, they came about because of centralised risks not being accounted for, such as third-party due diligence or over leverage, a lot of which is driven by greed. Decentralisation can be seen to take positive steps away from these issues, but brings with it its own risks, including a lack of established tools to protect consumers.
A consistent theme that ran throughout the webinar was that we are in a period of time in which anything that is viewed through the lens of cryptocurrency is instantly treated as ‘other’. From businesses treating the risk as different, even when it shares multiple traits with similar threats, or the discussion on privacy vs. security being treated as new, to centralised and decentralised financial risk being ‘lump[ed] in together’ simply because it is related to crypto.
‘Even if you don’t think that digital assets are going to change the world,’ Hodson said, ‘they will be part of the world.’