Businesses in this space are vulnerable to attacks by bad actors using social engineering or coding skills to steal assets. However, the problem doesn't stop there — in fact, that's a less important risk for the future of the space.
Besides hacking, there is also a considerable risk of mismanagement. The typical digital asset company is founded and operated by professionals in technology. They understand tech, but they often have little professional experience in the financial world.
Funds, exchanges and transfer platforms are all mostly really in the finance business, but they and their customers regard them as technology businesses. In reality, just as traditional finance businesses have had to adapt to changing technology — from ATMs to mobile payments to the blockchain — digital asset exchanges need to adapt to the realities of responsibly and successfully managing large amounts of other people's money.
Separation of powers and checks and balances: basic principles
In the traditional finance space, rules are governing how asset managers, funds and other professional industry participants must run their business and handle client money. No such laws cover crypto businesses. Digital assets are evolving in tandem with their far more highly-regulated fiat and real cousins in the traditional finance and asset spaces.
Some regulators foresee rules that govern crypto and other assets in the same way: for instance, the G20 nations have indicated they will draw up laws that match the Anti-Money Laundering (AML) and Countering Funding of Terrorism (CTF) standards set by the Financial Action Task Force. However, for now, the digital asset world remains severely underregulated and would benefit from some of the same rules that apply to the traditional finance space.
We can see examples of the regulations governing the traditional financial world in the requirements laid down in 2003 by the United States SEC, which obliged managers of invested assets to meet the following criteria:
- Use of qualified custodians to hold clients' assets in an approved and transparent manner
- Notices to clients explaining how their assets are held
- Account statements to clients detailing their holdings
- Annual surprise exams
- Additional protections, including independent review, if the custodian is related to the trustee's business
The European Union has stringent rules on transactions as well, requiring significant levels of transparency.
Note that these are not additional services or selling points, but the bare minimum to operate in the space at all. What are your chances of finding even one business with its roots in the digital assets space that offers these safeguards?
The separation of powers between financial service providers and custodians in the financial world is there to prevent precisely the types of error and abuse that are, unfortunately all too common in the digital assets space.
The role of separated powers in the digital asset space
Many crypto businesses — primarily exchanges — are trying to be bankers, custodians, brokers/dealers, payment processors, issuers and tech firms, all at once. Without proper checks and balances, this creates endless possibilities for fraud, cover-ups and criminal negligence.
That's particularly true in a space where customers see multiple technological and procedural 'black boxes' in the creation and processing of their assets. Moreover, with no professional bars to entry, and no KYC requirements or oversight, complex multiparty frauds can be enacted against customers, shareholders or other stakeholders.
Digital asset companies often clash with traditional financial companies. They'll approach a bank for services, only to be turned away. These companies are often mystified. Holding large quantities of assets, both theirs and their clients', aren't they good customers?
The reason for this misunderstanding is the mismatched rules under which the traditional and digital assets spaces operate.
Can crypto exchanges and other digital asset businesses really blame traditional banks for not wanting their business, when it comes freighted with money from unknown sources (in some cases, unknowable sources)? Banks don't want to provide services to companies that handle tens or hundreds of millions of dollars' worth of money without knowing anything about their clients, or where the money comes from.
Fundamental tenets of ethical behaviour: the basis for sensible regulation
The financial industry has long-established fundamentals of ethical behaviour. Knowing who your customer is, and where their money comes from; establishing fitness and propriety, and separating powers.
There is no reason why these principles can't be applied to digital asset businesses as well. To do so would not further centralize cryptocurrency production, storage and exchange, as some fear, but would merely impose basic rules on the critical service providers in the broader digital asset ecosystem. (For those more familiar with the digital asset space, it may help to see these vital service providers as 'nodes' in the wider financial network.)
Centralized exchanges have already become key players in this space, demonstrating their value and the need for their presence.
We have seen what happens when these basic requirements are not in place: asymmetries of comprehension and access are exploited to commit malfeasance, including lax security, illegal security offerings through improperly set-up STOs, and in some cases, criminal negligence or outright fraud.
At the end of the day, it is the end-customer that loses money. Exchanges socialize their losses — this is unheard-of in the traditional finance space. Imagine: a bank vault gets looted for a billion dollars, 'Oceans 11'- style, and then the bank says to its clients that everyone's account balance will be reduced by 50%.
That is crazy, and in the traditional banking world, it would never happen. One of the services you pay your bank for is to accept responsibility for your assets. When a bank loses money, it is the institution, not its customers, that loses out.
But somehow, in the crypto space, people just accept this. A single client's voice is not heard, and the community as a whole feels helpless and fractionalized. Numbers count for little when the market offers too little choice, and individual vendors all present the same opacity.
This is where regulators have an opportunity to get something positive done today by pushing for some of the fundamental tenets of ethical behaviour in digital asset businesses.
Potential regulatory solutions for the digital asset space
Regulators could impose the following on crypto businesses that provide financial services:
- Provide a proper standard of service to your clients
- Comply with your legal and regulatory obligations and
- Run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles;
- Protect client money and assets
None of these requirements is egregious. They have not prevented a significant amount of freedom for asset holders in the traditional finance space, nor held back traditional financial businesses from profitability. But they have ensured trust between institutions d their customers, something we are badly in need of in the digital asset space.