The Expanding Regulatory Perimeter – Crypto-Asset Trading

By | May 30, 2019

Courtesy of Barbara C. Matthews (JD/LLM ’91)

“Hi!  I’m from the government.  I’m here to help.”

The regulatory perimeter regarding crypto-assets continues to expand.  The latest move comes from the International Organization of Securities Commissions (IOSCO) which released for comment on 28 May, 2019 suggested regulatory oversight standards[1] to govern crypto-asset trading platforms (the “IOSCO CTP Proposals”).  Many in the cryptocurrency sector are likely cringing, if they noticed.  Comments are due to IOSCO by 29 July, 2019.

First, the good news.  Policymakers globally are clearly pivoting away from policy stances seeking to ban, or otherwise constrain, innovation in digital asset trading.  Every digital asset issuer and trader should be celebrating this fact.  After two years of regularly asserting that policymakers should recognize the legitimacy of non-fiat currency trading, IOSCO seems to have finally agreed.

Now the bad news.  When policymakers agree that shutting down a market is not advisable, they then traditionally begin to assert jurisdiction over that market in order to ensure: (i) investor protection, (ii) fair access, (iii) market integrity, and (iv) free flow of supervisory information across borders.  In other words, the regulatory perimeter expands.  Welcome to cryptocurrency trading regulation.


Financial regulators across all sectors have been scrambling to keep up with innovation in the FinTech and digital asset sectors for the last two years; securities regulators are no exception.  2018 was a frenetic year with six major international regulatory policy groups weighing in on crypto-asset trading in addition to activities at the national level for at least six of the twelve calendar months.

During the second half of 2018, IOSCO conducted a survey exploring a range of regulatory standards applicable to trading cryptocurrencies.  They received substantial participation from all major jurisdictions globally except for Australia.  The geographic distribution was as follows:

High levels of participation from Europe reflect the engagement by regulators at the national level but not the European Securities Markets Authority.  The sole African participant was from the largest trading market on the sub-continent (South Africa).

The survey was conducted by IOSCO’s “Committee 2” which includes, but is not limited to, the membership of the newly established “ICO Network” of securities regulators created in 2018.  The survey had a broad remit, asking detailed questions concerning every aspect of the trading process, from access to price discovery; to custody; to clearing and settlement; to systems integrity/operational risk and, of course, cybersecurity.

Dwindling Regulation-Free Zones

As noted periodically on this blog (particularly in August 2018, January 2019, and February 2019) financial regulators have been methodically signaling the direction and scope of their engagement with the FinTech/BigTech sectors generally and cryptocurrency trading specifically.  This week’s consultative paper solidifies that policy trajectory by making clear how far the regulatory perimeter will soon extend to the cryptocurrency trading sector.

The IOSCO CTP Proposal suggests strongly that cross-border consensus now exists on a position long held by the Securities and Exchange Commission in the United States and like-minded regulators globally.  Namely, the policy community is making clear that cryptocurrency trading is like any other trading activity in the capital markets.  The IOSCO CTP Proposal implies strongly that these platforms should be subject to the full range of regulatory oversight as other trading platforms.

Policymakers effectively are endorsing the validity of CTPs.  Having done so, however, they are pivoting towards expanding the regulatory perimeter in order to fulfill their statutory missions that require them to safeguard market integrity and investor protection.

What Comes Next

The proposal indicates policymakers are preparing to pivot towards applying regulatory capital, audit trail, conflict of interest, custody, clearing and settlement, and cybersecurity standards to all CTP operators.  The comment period expires in July of this year.  Traditionally, the timing would then suggest that final standards would be articulated in the autumn, or by year-end 2019.

Not all policymakers will wait until the final standards have been articulated internationally.  Therefore, we can expect some volatility in the regulatory environment from 3Q2019 into the early part of 2020 as the new approaches become part of the cryptocurrency ecosystem.

Industry members seeking to avoid the most burdensome impacts will need to pivot as well.  Arguments resisting regulatory requirements will need to shift towards identifying why specific technical aspects of the CTP sector require separate or unique standards rather than application of standards crafted for traditional securities trading.

Consider, for example, the proposals regarding treatment of custody standards in the CTP context.  The IOSCO CTP Proposal accepts that custody regarding cryptocurrency trading presents unique characteristics not easily addressed by existing rules.  They isolate three specific types of custody arrangements (hot or cold storage, self-custody through private electronic wallets, and third-party service providers) that likely will require additional elaboration.

The overriding public purpose is to prevent fraud and loss due to operational risks like systems failures and bankruptcy.  Cryptocurrency hardliners will see the effort as intrusive.  But CTP operators (as opposed to issuers) may pivot towards their traditional counterparts and support some regulatory engagement as a mean of sparking confidence among revenue-generating traders and investors by highlighting their credibility due to regulation.

The market pivot is already starting, if my conversations at the Collision technology conference last week are any indication.  Cryptocurrency issuers and trading platforms were at the conference in force, alongside many FinTech companies.  While a handful of firms continued to articulate the traditional anti-regulation (“they can’t stop us!”) slogans, far more firms proudly indicated that they are regulated and subject to regulatory oversight in their home country.  The message was clear: regulatory oversight makes our firm more trustworthy than the competition.

Three Notable Carve-Outs

Three areas stand out as being exempt from the cross-border consensus standards so far.  The three areas are: (i) national standards about whether the underlying cryptocurrency asset is a permissible subject for secondary market trading, (ii) price discovery processes, and (iii) clearing and settlement.

The IOSCO CTP Proposal indicates that policy reluctance regarding price discovery and the post-trade environment have more to do with the nascent state of market development than they do with any regulatory perspectives suggesting these areas should be exempt from regulatory oversight.  Consequently, when an industry standard has emerged in these areas, policymakers will likely move to extend existing regulatory standards as well.  These are not permanent carve-outs.

One Major Pressure Point

The IOSCO CTP Proposal fails to acknowledge the one major pressure point that permeates the sector.  It seems to assume that CTP operators can, and will, embrace the need for customer verification and audit trails that underpin many, if not most, of the proposed applications of existing regulatory standards to the CTP context.

This is a problem.  The cryptocurrency sector and, more generally, the underlying technology within distributed ledgers (DLTs) is designed to keep confidential the identity of the transacting parties.  DLTs shift the locus of identity ownership to individuals, leaving authentication to an automated algorithmic process.  The IOSCO CTP Proposal released this week implies that the very anonymity that makes the sector attractive to many participants is precisely the element that must recede in order to assert regulatory jurisdiction effectively.

Industry participants are familiar with this debate.  Some entities (like JP Morgan Chase, which just launched the JPMCoin) are launching their own DLTs which serve as gateways to instant payments, with the company serving as the identity verification agent.  These large firms effectively vouch for the individuals entering the DLT.  To the extent that they permit transactions outside the self-contained company distributed ledger, they will do so only with counterparts that have similarly robust identity verification standards.

If banking is fundamentally about trust, then a gated DLT is an excellent way to evolve the banking business model, particularly if it delivers instantaneous payments that eliminate settlement and credit risks the bank might otherwise have to absorb.  The problem, of course, is that much of the cryptocurrency universe is allergic to the kind of centralization and audit trail elements incorporated into these closed systems.

Viewed from this perspective, the IOSCO CTP Proposal presents a “bank shot” effort to establish authentication requirements in the cryptocurrency sector through the trading gateway rather than through direct regulation of the underlying digital assets themselves.  This approach eliminates the need for policymakers to get drawn into messy, often polemical, debates regarding fiat currencies and central banks.  The question is whether cryptocurrency market participants are savvy enough to realize the implications of these proposals.

It will be interesting to watch this debate unfold over the next 18-24 months.


Barbara C. Matthews (JD/LLM –‘91) is the Founder and CEO of BCMstrategy, Inc., a technology company that uses patented technology to quantify the language of policy risk in order to deliver predictive analytics to market participants and advocates.  She has been on the frontier of financial regulation and policy globally throughout her career, including service as the first U.S. Treasury Attache to the European Union with the Senate-confirmed diplomatic rank of Minister-Counselor.


[1] Issues, Risks and Regulatory Considerations Relating to Crypto-Asset Trading Platforms:  Consultation Report, International Organization of Securities Commissions (May 2019).  Available at:

Leave a Reply

Your email address will not be published. Required fields are marked *