Our webinar several weeks back on compliance in the world of cryptocurrencies was one of our most well attended and interesting live events so far.
Our speakers—EU Policy Expert David Doyle and Fintech Consultant and Instructor P. Faisal Islam—shed plenty of light on this heavy-hitting, trendy subject.
There was plenty of participation from the audience with multiple engaging and insightful questions being posed to the panel of experts.
If you missed it, we highly recommend you check out the full transcript below, which is available to AGRC members.
For now, here are some of the session’s main highlights.
How have cryptocurrencies gone from being part of a largely unregulated market to one that is on its way to becoming more heavily regulated? Could you trace the history of regulation in the cryptocurrency sector?
Faisal Islam: “In the cryptocurrencies space, one of the terms that had been thrown around is that cryptocurrency is speed running finance. What we’re essentially trying to do is pop up all this new financial products and see how it plays out in the cryptocurrency space, imitating essentially the last 200 years of financial evolution and instruments being developed. What you’re seeing in the cryptocurrency sector is finance being speed run where you have all these different markets that are popping up. So you had initially speed running of equities industry, which was essentially buying cryptos. You had the speed running of the IPO industry, which is the ICOs, and you can imagine all these industries in a traditional space that took such long time to do, the cryptocurrency space is essentially replicating that evolution but extremely fast. The commodity space, for example, that’s the NFTs in cryptocurrency and again your speed running commodities itself.”
“As a result, what’s been happening is that on the regulation side, it’s also been speed running regulations, so whatever regulatory development that has happened in the traditional space which has usually evolved over 150-200 years, are now being crafted within a year, published for public consultation within six months, and developed for first approval within another six months. So the regulation also has been speed running just as much, if not albeit the fact that they have to follow with the trends on the development of the cryptocurrency space. So it might seem because of the large amount of speed running in regulatory output that it is becoming more heavily regulated. It’s not, it’s just certainly a little bit more than what it was before.”
Why is carrying out in-depth risk assessments the best way for financial institutions to comply with a regulatory obligation when it comes to cryptos?
David Doyle: “If we are referring to providers and issuers, yes, there are some very robust, detailed, and sometimes very intrusive checks that need to be undertaken by national regulators in Europe in the 27 member states before a provider or issuer is allowed to commence any operational activity in any part of the 27 EU member states. Whereas many other countries don’t look into this aspect, have focused almost exclusively on the payment system, on the payment protocols, in Europe we are looking at a very comprehensive crypto assets regulatory framework which embraces all of the key players, whether they be providers, issuers, but also exchanges, any entity that provides trading, advice, transmitting of orders, custody, crypto to fiat exchanges, etc.”
“So, before they indulge in any of these activities, the national regulator must undertake a certain number of pre-checks. For the issuers, for instance, they must own or maintain capital funds of at least 350,000 Euros or two percent of the total reserve assets, whichever is the largest for significant issuers. And we have yet to define what we mean by significant issuers; that will only be defined during the so-called level 2 EU regulatory technical standards, which will be drafted by ESMA for approval by the European Commission. But one can imagine, we’re talking here about significant issuers that go into billions of dollars or Euros. They will have to have at the very least a maintenance of capital funds equal to three percent of any market capitalization in excess of one billion euros or three percent of reserve assets, so the same would apply for U.S. crypto asset transactions as well.”
“And as far as issues of stable coins or concerns there, they will be also subject to capital and liquidity rules with a one-to-one ratio partly in the form of deposits and a mandatory EU presence. So we have a number of very I think credible, laudable checks that are undertaken by the national regulators with ESMA standing above all this and ready to intervene should the national competent authority find itself in difficulties in making an assessment of some third country or some obscure issuer and wishes to operate on the European Union. So that I think is well established.”
How should organizations involved in cryptocurrencies better prepare themselves for a more heavily regulated future in this sector?
Faisal Islam: “…Make sure you’ve got competent individuals that are sort of manning the strategy and an ongoing long-term vision of your business to make sure that your inherent risks, both perceived and not perceived, are well mitigated.”
“The next thing I would say is you will have to understand that a lot of your products need to be retested a lot of times. So, if you were in the fincrime and AML space, one of the things you’re used to doing is testing the mitigations of the four pillars of your AML programme, products, customers, geographies, and channels. And in the cryptocurrency space what the inherent risk of your product might be keeps changing as it interacts with other cryptocurrency products a lot. So, a lot more work needs to be done on the evaluation of your controls for the mitigations that you have for the four pillars of your AML program.”
“And the third I would say is, please for the love of God, hire more technologists and less business and sales folks. There isn’t a need to be able to sell the idea of crypto or getting out to it. People are doing it already by themselves. In fact, there is no need to sell your product itself or sell the concept of getting on crypto, individuals have already taken care of it. And what I’m seeing more of is individuals from the business end with MBAs and so on getting hired in cryptocurrency companies more often than technologists. Please don’t do that, especially for my fincrime and AML department heads. A lot of times, a lot of you are hiring a lot of individuals that come from the banking sector or the traditional sector, which is fine, do that, but one of the things you’re not requesting as a required competence in the individuals that you’re hiring is someone that has knowledge and ability to manipulate data. So, whether they are certified or know how to use languages like R, Python and also have a compliance and AML background is far more useful than someone that worked in the bank for 20 years, and somehow that’ll be beneficial to you. It won’t. The thing is because they worked in the bank for so long, their incompetency stayed hidden for that very long.”
David Doyle: “Three thoughts. First of all, for non-EU crypto asset actors. Europe is very open to developing a comprehensive crypto asset environment that is attractive to both indigenous and non-EU actors and they’ve made that very clear. But what you should understand is there’s no equivalence regime, whereas a third country bank can only operate in any of the 27 EU member states or a couple of them if there is an equivalency agreement and a memorandum of understanding signed up between the EU regulators and let’s say the U.S. regulator, which attests to having broadly the same levels of risk assessments, licensing, authorization, fit on proper rules on both sides of the Atlantic and there would be no mutual recognition.”
“So that means for third country crypto asset actors, a physical presence is indispensable. If you look at two of the leading crypto asset exchanges, Gemini and Binance, both of them have set up their hubs in Europe, Gemini in the Republic of Ireland and Binance in France, where they intend to use that hub in those two EU jurisdictions to be able to provide services across the 27 EU member states on a seamless basis. But you need that physical presence and you must accept that and brace yourself for a more complex regulatory and supervisory environment that I’ve just mentioned, which will be dealing with national competent authorities in wherever, Estonia, Ireland, and France if you’ve got activities there. But you will also find yourself dealing if you have cross-border activities for the college of national supervisors and perhaps also with the European Banking Authority, which will have its views as well.”
“And last but not least, compliance costs. Now even the European Commission, two years ago I think, it issued a report on the extent, on the magnitude of compliance costs associated with the crypto asset issuers and providers and it doesn’t come cheap. The white paper, for instance, that must be issued by or produced by issuers before they can issue a crypto asset can cost anything between 45 and 87,000 US dollars per shot. Then you’ve got the providers and they have huge ongoing and one-off compliance costs, anything between 3.2 million dollars to 28 million dollars in terms of ongoing and initial compliance costs, so this doesn’t come cheap. We knew this from the beginning, MiCA is in a way a bit of an impediment to small to medium-sized sort of crypto asset start-ups. It is really designed for some of the bigger guys and maybe there is some justification in that, but it’s just a flag that there are hefty compliance costs associated with doing business in any of the 27 EU member states.”