Partner Nicola McKinney analyses the G20’s crypto recommendations in Compliance Monitor

Partner Nicola McKinney explores recent recommendations from the G20’s Financial Stability Board regarding the regulation of crypto assets, and discusses the role of such reports in forming an integrated and cross-border regulatory approach. 

Nicola’s article was published in Compliance Monitor, 7 September 2023, and can be found here.

The G20’s Financial Stability Board last month published its final report with nine headline recommendations for cross-border cooperation to regulate unbacked crypto assets.  The ‘High-level Recommendations for the Regulation, Supervision and Oversight of Crypto-Asset Activities and Markets’ is aimed at achieving multilateral consensus and coordination in unbacked digital assets regulation.

In February 2022, the group’s Finance Minsters and Central Banks called for coordination and integration between state regulatory bodies in order to address potential risks and threats which they perceive to be posed by the crypto asset industry.  Those risks were identified as including threats to global economic stability, and arbitrage whereby actors escape the highly regulated traditional finance sector to carry out similar functions in the less regulated crypto space.  The Report was a response to that call.

The recommendations and Report were announced as marking a watershed moment, where actors in the crypto asset industry can no longer act outside of rules and regulations or argue that there is a lack of regulatory clarity.  

Framing the Report as drawing a clear line in the sand is, however, premature and exaggerated.

The Recommendations

The Report makes nine high-level, goal orientated recommendations.  Broadly, these can be grouped as identifying, first, high-level goals which should be common to all subscribing policy-makers and regulators, and second, slightly more specific duties which should be imposed upon crypto businesses.  

The common agenda at policy-maker level recommends that authorities should have and utilise regulatory and enforcement tools and have sufficient resourcing to back those mechanisms.  Regulation should be risk-based – including addressing financial stability risks arising from interconnections between traditional and crypto finance – and comprehensive to account for multiple functions.  Cross-border cooperation is also an identified target. 

At business level, crypto companies should be required to have wide-ranging internal governance requirements with effective risk management frameworks.  Duties should be imposed around holding certain data and information, and to make product and governance disclosures to customers and shareholders.

The Report addresses the crypto market generally, but the regulation of stablecoins – crypto assets which are value-linked to an underlying asset (for example the US dollar) – are the subject of a separate report.  

The Report is therefore, as the title sets out, high-level. This does not mean that it is not a welcome development in the progress towards an integrated and cross-border regulatory approach, but its importance should not be overstated.

The Global Regulatory Landscape

In the UK alone, since 2019, the crypto sector has since seen the publication of consultations and reports, at the highest regulatory, policymaker and lawmaker levels, on an almost monthly basis. 

In 2023 alone, high profile publications include the HM Treasury consultation and call for evidence on the future financial services regulatory regime for crypto assets (February), the House of Commons Treasury Committee ‘Regulating Crypto’ report (May), the All-Party Parliamentary Group report for the UK to become a crypto and fintech hub (June), and the Law Commission’s much-anticipated Final Report on Digital Assets (June).  

In the wider landscape the European Union has published the ‘Markets in Crypto Assets’ regulations (MiCA), and bodies such as the UK Jurisdiction Taskforce and UNIDROIT Digital Assets and Private Law Working Group are grappling with legal and regulatory questions around crypto.  The SEC in the US has also attacked regulation from a slightly different angle, by recently taking an active prosecutorial and enforcement stance, notwithstanding the arguable absence of clear, industry-tailored regulation.  

There is no doubt that there are big, foundational questions to answer, or that a great deal of discussion and debate is ongoing.  The effort to understand the scope of the digital assets industry, to correlate existing regulation in traditional finance with similar services and risk in crypto, to identify where regulation is necessary and where it will stifle growth – these are just a few of  the bedrock questions which policy makers are seeking to answer, before setting in place regulatory regimes which are likely to need to adapt to rapid innovation, and to provide clarity and stability over a number of years.  Reaching the point where specific regulations are imposed is taking time, and many might argue that it is taking too long.  

What is clear, however, is that this effort is a work in progress, with input needed from many quarters including from crypto businesses, lawmakers, academics and policymakers. There is no realistic analysis which could conclude that there is now a comprehensive rulebook, or regulatory clarity, or that this Report contains either.  

The FSB’s recommendations are a wish list, an agenda – a starting point, rather than a landing point.  The real work of crafting detailed regulations is yet to come.  

The distinction between the agenda and drafting phases is perhaps best illustrated by considering MiCA by analogy, which incorporates 75 pages of introductory recitals, followed by 450 pages of regulation. By comparison, the FSB’s recommendations are much more closely on a par with MiCA’s recitals, without any of the detail of the regulations themselves.  

The remarks attributed to the FSB’s Secretary General John Schindler upon the publication of the Report, for example that crypto asset players “can no longer argue there is a lack of regulatory clarity” and that they “need to stop operating outside the regulatory perimeter or in non-compliance with existing rules” are therefore overstated, and suggest the existence of hard and fast rules that do not yet exist.  Hyperbolic language is arguably irresponsible in underplaying the challenge ahead, in actually creating such a ‘regulatory perimeter’.

The Limits of the Report

As well as the enormous challenge of drafting detailed regulations to achieve the goals of the Report, there are additional barriers to effective global regulation. 

For example, the G20 includes the USA, the UK, and the European Union, but does not include many of the smaller jurisdictions where many crypto businesses are located, such as a number of Pacific Island and Caribbean nations.  Some of those nations have introduced regulation at the vanguard of the crypto industry, and well ahead of the G20 countries. Achieving coordination across the G20 boundary is necessary, but also potentially more difficult to achieve where countries have already established and implemented regulation, and so might have to be persuaded to shift approach rather than to adopt a common framework at the outset.  

The issue of bringing as many states as possible into a cross-border discussion, and to have multi-lateral regulation in place, is crucial.  For example, from the perspective of consumer and investor protection, one of the central – and most newsworthy – challenges of early digital assets investment has been the proliferation of fraud, which is likely to have actors in multiple jurisdictions.

A UK-based investor duped into sending funds to a scammer to purchase crypto assets may, subject to a number of initial hurdles (were the funds in fact used to purchase crypto assets?; were those purchased and held on trust for her?) be in position to identify where her crypto assets have been transferred and landed (before going ‘off chain’) because of the transparency of blockchain transfers.

The identity of the fraudsters behind the scam are likely to be harder to pin down, as is demonstrated by the proliferation of crypto fraud litigation in the English courts where the primary defendants are ‘Persons Unknown’. There will, however, be a strong assumption that they are based in another jurisdiction where there are weaker regulatory and criminal enforcement mechanisms.  

The locations of the ‘last hop’ wallets – assuming that the crypto assets have been transferred through a number of wallets on different exchanges or platforms, and have not been mixed with other assets, or have otherwise remained identifiable as the victim’s assets (which is often much harder to demonstrate) – may well be in multiple different jurisdictions. 

The extent to which the victim is able to usefully obtain information about the customer associated with that ‘last hop’ wallet, or about onward transfers or the substitution of assets, or is able to ensure that the account or wallet activity is frozen and to take meaningful recovery action, will likely be affected by whether all of those jurisdictions are participants in a global regulatory regime.  

Coordination between state regulators, or mechanisms for recognising and enforcing foreign regulations and court orders, also achieves the benefit of preventing scammers and irresponsible actors from ‘jurisdiction shopping’. Where there are similar regulatory requirements, it is less possible to escape a more rigorous regime for a laxer one.  Where in each location there is a similar likelihood that regulation is enforced and may translate into a knock on the door by the police, or a court order facilitating payment or repayment of a victim, that regulatory arbitrage is further reduced.

Conclusions

The FSB’s vision therefore must be extended to, and draw in, outside participants, if it is to be effective. 

 The investors and victims may well be largely based in G20 countries, but in many cases the funds which are to be recovered – in the fraud example above (which is itself only one strand of how regulations are required) – will be in non G20 jurisdictions.  

A model set of regulations, which can be adapted and adopted, is likely to be useful, however the degree to which MiCA may be drawn upon remains to be seen.  

Another very real difficulty which regulators are likely to face is in the competition for resource to meaningfully enforce their rules.  Particularly where in the ‘tech’ space there is now a shift of attention away from the risks of ‘crypto’ and towards the threats posed by AI, and in the midst of a global economic downturn, there is a question of whether sufficient of the finite funds available will be dedicated to crypto threats, which are less existential in nature.