As governments ramp up crypto-related regulation and enforcement actions, calls for closer cross-border cooperation in the development of a comprehensive supervisory regime to tackle this highly internationalised sector are growing louder. While the G20 Financial Stability Board (FSB) consults on proposals for consistent international oversight, it remains to be seen whether the divergent approaches of the UK, EU and US can be brought into alignment.
Despite well-publicised recent volatility in the crypto markets, including the collapse of the FTX crypto exchange, the worldwide market capitalisation for digital currencies is still approximately $850 billion (down from a November 2021 peak of $3 trillion). Nearly $400b of that is in Bitcoin alone. As digital assets have continued to gain in popularity, so too have their risks. The decentralised, borderless, and pseudonymous nature of crypto assets and transactions make them susceptible to fraud, misappropriation, and use for money laundering and terrorist financing. These design features also pose jurisdictional challenges for regulators and enforcement agencies more accustomed to dealing with traditional structures with clearer territorial nexuses.
To date, supervision and enforcement activity has primarily been weighted towards crypto exchanges and crypto wallet providers and their ability to detect illegal activity by their customers, with more work needed to enable targeting of other market participants to protect consumers and investors.
Regulatory developments in the UK and US have thus far concentrated on specific high-risk products (such as stablecoins) and bringing cryptoasset exchange and custody providers into scope of AML/CTF compliance oversight, while the EU’s proposed Markets in Crypto Assets (MiCA) Regulation seeks to impose wide-ranging regulation of cryptoassets and cryptoasset service providers. The difference in approach reflects how the UK and US have sought to incorporate the supervision and enforcement of crypto into existing regimes, while the EU has prioritised the creation of a bespoke overarching framework.
Following EU Council approval in October, an EU parliament vote on MiCA is due next February meaning that the effectiveness of this potential legislation will not be seen for quite some time.
Nonetheless, as crypto does not fully fall within the regulatory scope of traditional financial markets, the US and UK are also undertaking work to expand the perimeters of their regulatory oversight. In the US, government agency reports in response to President Biden’s executive order on ensuring responsible development of digital assets advanced proposals for a comprehensive multi-agency approach to crypto risk management, with a focus on increasing enforcement resourcing and aggressive pursuit of fraudsters.
Meanwhile, the UK is progressing its Economic Crime and Corporate Transparency Bill to strengthen law enforcement agencies’ ability to ‘seize, freeze and recover’ crypto assets. The Financial Conduct Authority (FCA) has published draft rules to bring certain cryptoassets within scope of the financial promotions regime and is also considering how to meet the regulatory challenges of issuance and disclosure, custody, and who within the crypto ecosystem should be subject to regulation.
In parallel with increasing regulation, authorities have also been stepping up enforcement in the crypto space. The US Department of Justice (DoJ) has been particularly vocal in calling for increased international cooperation on crypto enforcement, including information sharing and investigation coordination, mutual policy support, preservation and collection of evidence, and private sector partnerships. Differences in policy towards the crypto sector create headwinds against such cooperation.
On 11 October, the US Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) reached settlements of USD 24 million and USD 29 million, respectively, with Bittrex, Inc., a cryptocurrency exchange based in Washington. Bittrex, Inc. was found to have wilfully violated sanctions, anti-money laundering and suspicious activity reporting regulations between 2014 and 2017. This follows OFAC’s first enforcement action against a virtual currency exchange, SUEX OTC, S.R.O, in September 2021 for failing to prevent the laundering of ransoms. The DoJ has also recently successfully prosecuted an individual for unlawfully obtaining over 50,000 Bitcoin on the dark web, charged as wire fraud.
In the UK, the FCA has opened a significant number of enquiries into unauthorised cryptoasset businesses under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) (111 in the two years between July 2018 and July 2020). However, the FCA has not yet announced any enforcement decisions against firms breaching the MLRs. Momentum is building on criminal prosecutions in the UK, with four offenders convicted in July 2022 of fraudulently obtaining and laundering £21 million of cryptocurrency on an Australian exchange. With a parallel mounting civil fraud caseload relating to crypto assets in the English courts (none of which has yet reached a final decision), there is a need for increased activity in regulatory supervision and enforcement against bad actors in this sector.
The FSB opened a consultation in October 2022 on the international regulation of cryptoasset activities. Under the tag line 'same activity, same risk, same regulation', the FSB proposed a framework to encourage international consistency and to align the risks posed by crypto assets to those of traditional financial products, diverging where needed to account for specific risks. Internationally aligned standards will undoubtedly help reduce the risk of regulatory arbitrage.
The FSB also highlighted the difficulties in achieving effective enforcement on account of the jurisdictional challenges posed by crypto. It identified that enforcement powers in most jurisdictions are not currently adequate, even where there is regulatory coverage (for example, by categorising certain cryptoassets as securities). It suggested that one part of the solution could be to focus the trigger for enforcement powers on the domicile and access of users rather than the jurisdiction of issuers and service providers. It also underlined the importance of cross-border information sharing. International censure of the French regulator Autorité des Marchés Financiers’ authorisation of a Binance subsidiary as a digital assets service provider in July 2022, while authorities in the UK, across the EU and Singapore had warned of Binance’s risks to supervision and consumers, suggests that there is a long road yet to travel towards cohesive international enforcement.
Whilst there is a clear course to a relatively common approach to the regulation of crypto exchanges, mirroring existing firm authorisation and customer KYC/AML requirements used for traditional financial institutions, challenges remain in reaching a consensus on other market participants and the appropriate enforcement approaches to highly decentralised platforms and technologies.
Judith Seddon is a partner at Dechert. Her co-authors are associates Thomas Stroud and Andris Ivanovs and trainee Jen Hutchings
No comments yet