Crypto regulation should take risk-based approach

OVER the past few years, regulators and policymakers have grown increasingly focused on ensuring crypto assets are adequately regulated. Acknowledging that the crypto economy is here to stay means crypto products, services and activities must be brought into the regulatory fold to ensure risks are adequately addressed and to avoid harm.

Crypto assets and their service providers tend not to fall neatly within existing regulations because of their distinctive characteristics, including how the underlying blockchain technology performs differently than traditional financial technologies.

The greatest potential benefits of crypto asset and blockchain technology may also be exactly what introduces new complexities in how to regulate financial services using them. Regulation typically looks to assign responsibility and accountability to an identifiable party; how does that work if the service is provided through software code alone and supported across a distributed network of unaffiliated computers?

These challenges have resulted in gaps, ambiguities and uncertainty about which set of rules apply under what conditions, and which regulators have jurisdiction to enforce them. As a result, regulators and policymakers around the globe are looking to update their frameworks appropriately.

But each country is approaching crypto regulation differently. Some are amending existing regulations, while others are introducing entirely new pieces of legislation. Some countries are focusing more narrowly on regulating specific types of crypto assets and activities (such as stablecoins for payments) whereas others are looking to capture the entire crypto sector within one all-encompassing regulation. Even within individual countries, regulators and policymakers sometimes take different views on how to regulate the same crypto asset or crypto-related activity, and who has authority to regulate them.

Given the need to update crypto regulation, overcome regulatory fragmentation and foster innovation, it is important that policymakers and regulators engage with industry to design workable regulatory solutions. The most effective rule-making usually happens when the public sector collaborates with the private sector. The private sector can help policymakers and regulators better understand the industry, technology and ecosystem, and work directly with them to craft rules and standards that achieve regulatory objectives without hampering innovation or resulting in unintended impacts.

As an initial starting point to drive such public-private collaboration, we are proposing a set of6 key considerations that we believe are critical when evaluating and designing new rules for crypto assets:

1. Establish regulatory clarity for payments

Above all, it is necessary that there is clarity around what rules apply to crypto assets, particularly when they are used for payments. Clear definitions with sufficient guidance as to when and how these rules will be applied will be key. Regulatory frameworks for crypto assets should set out clear standards and expectations for financial institutions, crypto service providers and other players that look to support crypto-related payments. Crypto-based payments should not be subject to overlapping, duplicative or conflicting rule sets.

2. Focus on risk

Rules and safeguards should be designed to correspond with the risk introduced by the payment mechanism and activity performed. As such, crypto regulation should take a risk-based approach to establishing rules for crypto-related payments. Establishing principles-based rules that allow controls to be tailored to the specific risks created by crypto-based payments will be most effective in achieving regulatory objectives. And by focusing on regulating risk, rather than specific technologies, the rules will be more flexible, adaptable and resilient to ensure continued technological advancement.

3. Incorporate strong consumer protections

Regulations should establish standards aimed at protecting consumers who choose to make payments that involve crypto assets. Consumers need to be empowered to make informed decisions around how they pay for goods and services. As such, consumers will need to be adequately informed of the differences between different crypto-based payment mechanisms, as well as between crypto-based and traditional forms of payments, especially when they could be exposed to harm.

Depending on the nature of the legal claim a crypto asset represents and the set of rights it provides to the holder to redeem or convert it, regulations should consider whether deposit insurance is available. They should set standards around the composition and liquidity of the reserve assets. Rules should establish the legal nature of crypto-based payment mechanisms to define the rights that holders of tokens have, and how they are able to enforce those rights. This is important not only to distinguish it from existing forms of money, but to ensure that individuals can easily redeem or convert their tokens for other forms of money, like cash or traditional commercial deposit money.

4. Promote fair competition

Given the borderless nature of crypto assets and distributed ledger technology (DLT), regulations should be technology-neutral, and as consistent as possible across markets, business models and borders. At a minimum, it would be useful if policymakers and regulators were able to define a global standard for the legal nature of fiat-backed stablecoins used for payments. Such uniformity across jurisdictions can help avoid regulatory conflicts and help minimise arbitrage opportunities to promote fair competition.

5. Foster responsible innovation

Crypto regulations should balance the fostering of responsible innovation against other policy interests, such as fighting money laundering and terrorist financing, protecting consumers and preserving stability. Lawmakers and regulators should work with the private sector to design rules that achieve regulatory objectives without impeding technological advancement and economic growth. The public sector should consider whether voluntary risk frameworks or safe harbours can be used to incentivise responsible innovation. Regulators can also encourage innovation by creating regulatory sandboxes, or programmes to test and pilot innovative solutions under the supervision of the regulator, but without imposing the burden of complying with the full set of regulatory requirements until the solution is set to be commercialised.

6. Support robust operational resiliency and security

Crypto asset regulation, at its core, should support the resiliency and trust of payments. This means designing standards around implementing strong technological, physical and organisation safeguards to secure networks or applications that rely on crypto assets and DLT. Decentralised networks and self-executing software applications may require different methods to achieve the same level of security and resiliency expected of traditional payment mechanisms, which is again where a risk and principles-based approach will be most effective. Given the rapid acceleration of technology and the tactics used by bad actors to exploit these advances, regulation should allow for enough flexibility for security safeguards to adapt as vulnerabilities, exploits and attack vectors evolve.

The past year has seen incredible momentum in the world of crypto assets, from the explosion of non-fungible tokens and the launch of central bank digital currencies to the growing collaboration between traditional financial services providers and crypto natives to explore how crypto and its underlying technology can improve services like payments.

What is next? If the previous 18 months have shown us anything, it is just how tough it is to predict the future of crypto. However, what we can be certain of is that crypto's role in the digital economy will depend on making smart decisions that value innovation while preserving safety, security, consumer protection and financial stability. OMFIF

• The writer is vice-president of regulatory affairs, crypto, blockchain and digital at Mastercard. This was first published by the Official Monetary and Financial Institutions Forum.