Scandals in crypto have forced more guardrails for the industry. Image: Unsplash/Traxer
Listen to the article
- After a turbulent year, the crypto industry would benefit from better policy and best practices, specific to the different players.
- Centralized exchanges cater to largely novice crypto users and hence should take extra care to build trust.
- Recent move by exchanges to publish proof of reserves shows the ecosystem is on a path to build better.
The crypto ecosystem is diverse. On the infrastructure side are the protocol developers, miners and validators and node service providers; on the market side, there are the decentralized exchanges, swap protocols, centralized exchanges and other intermediaries. Each of these functions is varied and may, at times, operate independently of the other. Just as one rulebook cannot govern all financial institutes and technology providers, a framework for crypto should recognize and accommodate these distinct functions.
Centralized exchanges and other intermediaries are critical in the crypto ecosystem, acting as a bridge to the decentralized world of crypto. However, as these intermediaries cater to largely novice crypto users, they should take extra care to facilitate their experience. A misstep here could have a cascading effect on the crypto's progress. We look at emerging industry best practices, through the lens of centralized exchanges and platforms.
Due diligence and risk assessment
As the Financial Stability Board recommends and the Forum's forthcoming paper on regulatory pathways for crypto assets reveals, centralized exchanges should give governance and risk management more attention.
Exchanges should be diligent about their accounting practices. If the business is to enable users to buy and sell crypto based on an order-book model, then the company books should be assiduously kept. That seems like standard practice, but recent developments have reminded us that such a golden rule is not always complied with.
Disclosures and user protection
Most users discover a token on centralized exchanges, but in most jurisdictions, the exchange is not accountable as an intermediary to assess the token's financial health. As such, there is a great need for exchanges to conduct due diligence and risk monitoring of the tokens they list.
Evaluation of a token should precede its listing on the exchange and continue as long as it is available on the platform. Exchanges should closely monitor the token's circulating supply and market capitalization, trading volume, liquidity, the developer ecosystem and the stability and uptime of the base network or smart contract, among other factors.
An additional nudge to users alerting them of unusual activity or volatility in a token before they complete a purchase will also go far for user protection. Such app-based or platform-based nudges – or Riskometer as it is called at CoinSwitch – can prevent users from falling for fear-based or peer-pressure-based purchases.
Exchanges should also have robust disclosure mechanisms in place, which allow disclosure of specific risks particular to the listed tokens and risks specific to exposure to counterparties, custodians and other market participants. They should also raise users' awareness of safeguarding tokens (cybersecurity, market conduct-related disclosures and custody) to build trust in the ecosystem.
It’s also important to note that roles and responsibilities in crypto can be blurred, unlike in traditional capital markets that have safeguards to prevent conflict of interest. Thus, the token issuer, liquidity provider and exchange may be the same or related entities. The recent events demonstrate what can go wrong here.
User risk assessment
On the users' side, the single-most-important consideration is know-your-customer (KYC) checks. The Financial Action Task Force (FATF), the global watchdog, formulated the first set of standards for virtual asset service providers (VASP) in 2019. Called the Travel Rule, FATF recommends a risk-based approach to KYC, requiring VASPs to obtain and exchange information on sender and beneficiary for transactions above $1,000.
In India, the Aadhaar system, one of the most sophisticated ID programmes in the world, enables crypto exchanges and intermediaries to reliably verify the identity of the customers against a government database, avoiding gaps during verification. The public digital rails in the country also enable exchanges to verify against a government database with the customer’s Permanent Account Number (PAN) card, an alphanumeric identifier linked to the user's financial activities, including income tax and bank accounts.
While unscrupulous actors, negligent or intentional actions and the resultant contagion grab the headlines, many responsible players want to co-build a human-centred, innovative ecosystem.”
Existing crypto regulations matter
It is often argued that the crypto ecosystem requires bespoke regulations as this is a new technology. Parts of this ecosystem would benefit from well-thought-out, evidence-based and coordinated policymaking. However, the existing rules and regulations are not redundant. Many current laws, whether related to consumer protection, data protection, data management or cybersecurity, remain relevant and applicable, albeit with a few clarificatory changes.
For example, the framework established by the Computer Emergency Response Team-India (CERT-In), the national nodal agency on cybersecurity functioning under the Ministry of Electronics and Information Technology in India, was amended to include transactional data management of crypto users.
It mandates that crypto service providers:
- Maintain all information obtained as part of a user's KYC.
- Maintain records of financial transactions for five years.
- Maintain accurate information so that individual transactions can be reconstructed.
- Maintain logs of ICT systems for 180 days. Designate a point of contact to interface with CERT-In.
While sentiment and context on data storage would differ in other jurisdictions, similar measures will help exchanges and intermediaries standardize practices. Adherence to data management rules, KYC or anti-money laundering norms and identification credentials (such as India's Aadhaar-based unique identification) can address the concerns over money laundering and capital controls.
Similarly, relying on existing regulatory frameworks on data management, CoinSwitch, has implemented further controls, including geofencing its services to India, restricting customer banking service to only India-registered bank accounts, and cross-checking and restricting access to the service to sanctioned individuals.
How is the World Economic Forum promoting the responsible use of blockchain?
Progress is happening
The silver lining is that the industry is continuously improving its practices. While unscrupulous actors, negligent or intentional actions and the resultant contagion grab the headlines, many responsible players want to co-build a human-centred, innovative ecosystem.
Welcome changes such as the recent drive by centralized exchanges to publish Proof of Reserves and Liabilities are a case in point. Such disclosures bring much trust and transparency in the ecosystem and reassure users that centralized exchanges only hold such assets they claim to have custody of and are in a position to meet all redemptions.
The year was no doubt turbulent for the crypto ecosystem and costly for users, but if the stakeholder's response to this chaos is greater transparency and accountability, that means progress. The early days of the stock markets also saw their fair share of problems, which helped the regulators instil guardrails to protect investors. Still, the stock markets are not immune to malpractice.
Crypto assets are part of a fast-evolving ecosystem and as industry stakeholders and users grow wiser, its safeguards will develop. Although 2022 may have delivered crypto some painful messages, it has also seen much improvement.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
The views expressed in this article are those of the author alone and not the World Economic Forum.