Crypto Assets and the Challenges for Regulatory Design

This article discusses the challenges for regulatory design in the area of crypto assets and suggests the likely direction of reform in Australia. It examines the challenges by reference to the definition of crypto assets, questions that are relevant to the regulation of crypto assets, the current regulatory framework for crypto assets in Australia, and the likely direction of reform in Australia. In terms of the likely direction of reform, the article suggests a move away from a prescriptive, rules-based approach to regulation in favour of a more principles-based approach, the expansion in the regulatory net to include providers of crypto-asset services, and the conferral of greater powers and flexibility on regulators to adapt to challenges brought about by technology.

By Andrew Godwin^[1]

 

The past decade has seen extraordinary growth in technological innovation. The emergence of blockchain technology (and distributed ledger technology more broadly) has led to a range of innovations in area such as financial services. These innovations include new ways of raising finance, such as initial coin offerings (“ICOs”), new means of exchange for payment purposes, such as cryptocurrencies, and new asset classes, such as crypto assets (which include cryptocurrencies and tokens more broadly); and new forms of business, such as decentralized autonomous organizations (“DAOs”). The new terminologies and taxonomies that have emerged alongside these innovations have presented challenges for both regulators and regulatory design. This article discusses the challenges for regulatory design in the area of crypto assets and suggests the likely direction of reform in Australia.

 

I. WHAT ARE CRYPTO ASSETS?

Crypto assets have been defined in a number of different ways. A recent consultation paper issued by the Department of the Treasury in Australia defined a “crypto asset” as follows:

“A crypto asset is a digital representation of value that can be transferred, stored, or traded electronically. Crypto assets use cryptography and distributed ledger technology.”^[2]

The above definition is similar to that adopted by financial regulators in Australia, including the market conduct regulator, the Australian Securities and Investments Commission (“ASIC”),^[3] and Australia’s central bank and payment systems regulator, the Reserve Bank of Australia (“RBA”).^[4] ASIC has noted that crypto assets “may also be commonly referred to as digital assets, virtual assets, tokens or coins,” and that ASIC is “not aware of a universally accepted name for, or definition of, “crypto-asset.”^[5]

A legislative definition of “digital currency” appears in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), which is similar to the definition published by the Financial Action Task Force.^[6] Singapore has adopted a legislative definition of “digital payment token” for the purposes of its payment services legislation.^[7]

As noted by ASIC, crypto assets “are not a homogenous asset class.”^[8] The UK Government has stated that the main types of crypto asset including the following:

• Exchange Tokens. Exchange tokens are intended to be used as a means of payment and are also becoming increasingly popular as an investment due to potential increases in value. The most well-known token, bitcoin, is an example of an exchange token.

• Utility Tokens. Utility tokens provide the holder with access to particular goods or services on a platform, usually using [distributed ledger technology]. A business or group of businesses will normally issue the tokens and commit to accepting the tokens as payment for the particular goods or services in question. In addition, utility tokens may be traded on exchanges or in peer-to-peer transactions in [the] same way as exchange tokens.

• Security Tokens. Security tokens provide the holder of a security token particular rights or interests in a business, such as ownership, repayment of a specific sum of money, or entitlement to a share in future profits.

• Stablecoins. Stablecoins are another prominent type of cryptoasset. The premise is that these tokens minimize volatility as they may be pegged to something that is considered to have a stable value such as a fiat currency (government-backed, for example U.S. dollars) or precious metals such as gold.^[9]

The taxonomy for crypto assets in the proposed EU Markets in Crypto-Assets Regulation (“MiCAR”) adopts a slightly different taxonomy for crypto assets. If enacted, MiCAR  would regulate the following:

• “asset-referenced tokens,” which includes stablecoins;
• “e-money tokens,” which are a type of crypto asset whose main purpose is to be used as a means of exchange aimed at stabilizing their value by referencing only one fiat currency; and
• “crypto-assets other than asset-referenced tokens or e-money tokens,” which include utility tokens that are issued for non-financial purposes and may include cryptocurrencies such as bitcoin.

MiCAR does not apply to security tokens, which are regulated as a “financial instrument” under the Directive on Markets in Financial Instruments, commonly known as MiFID2.^[10] In addition, central bank digital currencies are exempted from MiCAR if they are issued by central banks acting in their monetary authority capacity or by other public authorities.

It is relevant to note that crypto assets, such as cryptocurrencies and tokens more broadly, are often created and issued by ICOs. The regulation of ICOs has also been the subject of examination and debate in many jurisdictions.

 

II. WHAT QUESTIONS ARE RELEVANT TO THE REGULATION OF CRYPTO ASSETS?

There are a number of questions that are relevant to the regulation of crypto assets. These are questions that all jurisdictions need to consider.

• First, should the regulatory framework in respect of crypto assets – particularly private cryptocurrencies – be prohibitive or permissive? In September 2021, the People’s Bank of China declared that trading in cryptocurrencies was illegal and banned related activities, including fundraising through ICOs.^[11] In South Korea, a ban on ICOs has also been in place since 2017. However, the government is reported to be considering removing the ban and bringing ICOs within the regulatory framework.^[12] In India, the central bank, the Reserve Bank of India, issued a circular in 2018 prohibiting banks from providing services in connection with cryptocurrencies. This ban was later set aside by the Supreme Court in 2020. In November 2021, the Indian Government introduced the Cryptocurrency and Regulation of Official Digital Currency Bill into the Parliament. If enacted, the legislation would provide a framework for the creation of a central bank digital currency and prohibit all private cryptocurrencies in India, subject to certain exceptions “to promote the underlying technology of cryptocurrency and its uses.” It is uncertain what the prohibition and its exceptions would mean for the development of DAOs and ICOs in India.

Jurisdictions in the region that are permissive in nature include Australia, Singapore, and the Hong Kong Special Administrative Region, all of which regulate tokens and ICOs by reference to the existing regulatory framework, and Japan, which began to develop a bespoke regulatory framework for cryptocurrencies in 2014 and is developing specific guidelines for ICOs.

• Second, how should tokens or crypto assets be classified and what taxonomy should be used for this purpose? This is a fundamental question as it is difficult to know how to regulate something if it is difficult to classify it for regulatory purposes. The taxonomical challenges have become greater as a result of the pace of change that has been brought about by technological innovation and also the extent to which new asset classes have come to be defined more by technology than by traditional concepts or labels. Some jurisdictions have undertaken token mapping exercises to determine the best way to characterize the different types of token.^[13]

• Third, who or what should be the target of regulation? A particularly important related question is who should bear responsibility if things go wrong. Given that it is very difficult, if not impossible, in a practical sense to regulate technology itself, the focus inevitably shifts to those who utilize the technology or provide services, such as distributed ledger technology services or “crypto-asset services” as referred to in MiCAR. There have been proposals in Australia to widen the regulatory net to include service providers.^[14]

• Fourth, what regulatory style or method should be adopted for the regulation of crypto assets? For example, should jurisdictions favor a principles-based approach, over a prescriptive, rules-based approach? An example of a jurisdiction that has adopted a principles-based approach to the regulation of distributed ledger technology (DLT) providers is Gibraltar, where a DLT provider is required at all times to comply with specified regulatory principles. The principles include the requirement for a licensed DLT provider to “conduct its business with honesty and integrity”; “pay due regard to the interests and needs of each and all its customers and communicate with them in a way that is fair, clear and not misleading”; “have effective arrangements in place for the protection of customer assets and money when it is responsible for them”; and “have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing.”^[15]

• Fifth, should crypto assets be subject to bespoke (i.e. separate) regulation or instead be incorporated into an integrated regulatory framework? As noted above, some jurisdictions have regulated crypto assets within their existing regulatory framework and by analogy with the regulation of existing products and concepts. In these jurisdictions, crypto-specific provisions and definitions have appeared in legislation dealing with anti-money laundering (e.g. in Australia) and in payments legislation in order to attract the relevant licensing and other requirements (e.g. Singapore and the UK). By contrast, jurisdictions such as Gibraltar have adopted bespoke regulations, as outlined above. Many jurisdictions have also adopted a regulatory sandbox to provide an opportunity for technology-based products and services to be tested under controlled conditions outside the formal regulatory framework. In all contexts, a key concern is consumer protection.

• Sixth, what is the impact of the applicable regulatory model in the relevant jurisdiction? This question often has greater relevance than is recognized. A related question is whether there is a single market conduct and consumer protection regulator and a single rule book for this purpose, or multiple regulators and different rulebooks for different sectors or industries. The Twin Peaks regulatory model, under which regulation is objectives-based and functionally split between a market conduct regulator and a prudential regulator, has been recognized as being conducive to technological innovation. As noted by Professor Howell Jackson of Harvard University,

…one of the advantages of Twin Peaks systems is that they are better suited to reach beyond traditional sectors to areas such as finance companies (New Zealand) or Fintech innovations (Hong Kong). With the rise of Big Tech and the ever-rising importance of various flavors of shadow banking, the comparative advantages of Twin Peaks structures should continue to grow. Objectives-based supervision may just be a better fit for the Twenty-First Century economy.^[16]

• Seventh, what are the regulatory objectives, principles or philosophy that guide a jurisdiction in its regulation of crypto assets? By way of example, since the late 1990s when the design of corporations and financial services legislation was significantly influenced by an inquiry called the Wallis Inquiry, Australia has subscribed to the principle that there should be “similar (or same) regulatory treatment for functionally equivalent products.” This has been a guiding principle in relation to the development of regulation in this area for the past 25 years. A critical challenge with a functional approach, however, is how to define and assess functional equivalence.

The UK, by comparison, has been guided by the principle of “same risk, same regulatory outcome.” A risk-based approach has some attractiveness, but there is a challenge in determining how to measure risk as it is applied to products and activities.

Under its Digital Finance Strategy, the EU has adopted an approach to financial stability, based on the principle of “same activity, same risk, same rules.” This is similar to the approach in the UK, but appears to represent a more activities-based approach. This also has some attractiveness, but it requires clarity around the classification of crypto assets, which has been identified as a challenge under MiCAR.^[17]

It is also important to consider the relevance of general regulatory principles, such as the need for regulation to be technology-neutral; in other words, not to favor one technology over another.^[18]

 

III. WHAT IS THE CURRENT REGULATORY FRAMEWORK FOR CRYPTO ASSETS IN AUSTRALIA?

To date, Australia has regulated crypto assets by reference to the existing legal and regulatory framework and has not enacted bespoke laws or legal provisions. To some extent, a holistic approach to the regulation of crypto assets is predestined as a result of Australia’s functional approach to regulating financial products, and also the functional nature of the Twin Peaks regulatory model, involving a single market conduct and consumer protection regulator in financial services in the form of ASIC and a separate prudential regulator in the form of the Australian Prudential Regulation Authority (“APRA”). The functional approach to regulating financial products and to financial supervision creates a certain path dependency that favors a holistic approach to reform.

Adopting the functional approach, section 763A of the Corporations Act 2001 (Cth) provides that a financial product is a “facility”^[19] “through which, or through the acquisition of which, a person does one or more of the following”:

• “makes a financial investment”;
• “manages financial risk”; or
• “makes noncash payments.”

The functional approach to the definition of “financial product” in the Corporations Act means that if crypto assets or tokens function as financial products under any of the three categories set out above, they will be regulated as such and will attract the relevant obligations, including those in respect of licensing and disclosure. One of the benefits of the functional approach is that it recognizes the challenges in designing regulation by reference to labels as distinct from the function of a particular product or activity.

By contrast, many other jurisdictions rely on exhaustive lists of financial products or services to regulate securities, financial products, or investment products. Australia appears to be unique in relying on a broad, functional definition of “financial product” – a point that was noted and explored in some detail in the first Interim Report issued by the Australian Law Reform Commission in its review into the simplification of corporations and financial services regulation in Australia.^[20] Similarly, the United States adopts a functional test – the Howey Test – to determine whether a transaction is an “investment contract.”^[21] This test, however, is relevant to determining what qualifies as a “security,” and thereby attracts the disclosure and registration requirements, and does not cover financial or investment products more broadly.^[22]

Although the functional approach in Australia appears attractive, ASIC has noted that it “can cause uncertainty for investors and consumers as well as issuers and distributors of these assets” and that “[i]t is a policy matter for government whether or not there should be clarity on this issue.”^[23] Of course, a key issue is how regulatory clarity might be provided. The next section examines the likely direction of reform in Australia.

 

IV. WHAT IS THE LIKELY DIRECTION OF REFORM IN AUSTRALIA?

Although the timetable for law reform in Australia is uncertain, the Federal Government acknowledged the need to modernize the regulatory architecture in its response to various inquiries and reviews, including an inquiry by the Senate,^[24] the Review of the Australian Payments System;^[25] and the Parliamentary Joint Committee Inquiry into Mobile Payments and Digital Wallets, and noted the following:^[26]

The reviews found new technologies and services are testing our current regulatory definitions, perimeter, and powers, and exposing regulatory gaps which could contribute to increased risks of consumer and business harm, possible future systemic instability and impeding private sector investment in innovative products and services.

Failure to modernize our regulatory framework will mean Australian businesses and consumers are increasingly engaging with unregulated parties and the rules governing our systems could be increasingly determined by foreign governments and large multinational companies.^[27]

Included in the recommendations of the Payments System Review Report were the following:

• that powers be given to the responsible minister, the Treasurer, to designate payment systems and participants for regulatory purposes and to direct regulators to develop regulatory rules accordingly;
• that a functional approach be adopted in terms of the regulation of payments;
• that coordination between the regulators, particularly the RBA and AUSTRAC, which is the AML regulator, be strengthened.

Included in the recommendations of the Senate Select Committee were the following:

• that a market licensing regime for Digital Currency Exchanges be established;
• that a custody or depository regime for digital assets with minimum standards be established;
• that a token mapping exercise be conducted to determine the best way to characterize the various types of digital asset tokens in Australia;
• that a new Decentralized Autonomous Organization company structure be established;^[28] and
• that Treasury lead a policy review of the viability of a retail Central Bank Digital Currency in Australia (Recommendation 8)

The Government stated its in-principle agreement to the above recommendations^[29] and has commenced consultations in relation to crypto asset secondary service providers.^[30]

Treasury’s recent consultation paper in relation to crypto asset secondary service providers acknowledged the “evolving question about whether [providers] who deal in all crypto assets should be included in the regulatory perimeter, or whether the types of applicable crypto assets should be more narrowly defined.”^[31] It identified two options for regulating providers. The first option would bring all crypto assets into the existing financial services regime by defining crypto assets as financial products under section 764A of the Corporations Act. Under this option, the government (or ASIC as the regulator) “could be provided with powers to exempt or “carve out” particular crypto assets which do not warrant regulation under the financial services regime in a risk-based manner.”^[32]

This would be consistent with submission to the Senate Committee that advocated including a definition of a “digital asset” in the Corporations Act on the basis that this would expressly attract the disclosure and other consumer protection regimes and allow ASIC to administer the Australian financial services licensing regime in respect of financial services relating to digital assets. Other submissions advocated a bespoke approach.

The alternative option would involve self-regulation by the crypto industry in the form of codes of conduct for crypto asset services. This approach, Treasury suggested, would be “closer to the U.S. and UK, who do not specifically regulate crypto assets (excluding for AML/CTF) unless they are securities or financial products.”^[33]

What does all of this suggest in terms of the direction of reform? First, it is likely that the impact of technology will result in a move away from a prescriptive, rules-based approach to regulation in favor of a more principles-based approach, one that is supported by clear outcomes. Secondly, the regulatory net is likely to expand to include a broader range of parties than was traditional the case, including providers of crypto-asset services. This was previously recognized in the Payments System Review Report in Australia in relation to providers of payment facilitation services.

Thirdly, it appears inevitable that regulators will need to be given greater powers and flexibility to adapt to challenges brought about by technology and will also need greater regulatory discretion in order to achieve adequate consumer protection without stifling innovation.

---

[1] Dr Andrew Godwin is Principal Fellow at Melbourne Law School, the University of Melbourne, and Special Counsel assisting the Australian Law Reform Commission in its current Review of the Legislative Framework for Corporations and Financial Services Regulation. This article is adapted from “The Australian Reform Agenda,” presentation delivered by the author at the “Regulating Digital and Crypto-finance: A Conversation Across Borders” webinar hosted by the UCL Centre for Ethics and Law on March 22, 2022. For a recording of the webinar, see https://www.ucl.ac.uk/laws/events/2022/mar/online-regulating-digital-and-crypto-finance-conversation-across-borders.

[2] Department of the Treasury (Cth), Crypto asset secondary service providers: Licensing and custody requirements (Consultation Paper, March 21, 2022).  A similar definition is adopted by the UK Government. See HMRC internal manual – Cryptoassets Manual, available at https://www.gov.uk/hmrc-internal-manuals/cryptoassets-manual/crypto10100. See also Art. 3(1)(2-5) of the proposed EU Markets in Crypto-Assets Regulation (MiCAR).

[3] See ASIC, Crypto-assets as underlying assets for ETPs and other investment products (Consultation Paper, CP 343, 30 June 2021) at 7-8.

[4] See Reserve Bank of Australia, “What are Cryptocurrencies?,” available at https://www.rba.gov.au/education/resources/explainers/cryptocurrencies.html.

[5] ASIC, supra note 3 at 8.

[6] Financial Action Task Force, Report: Virtual Currencies – Key Definitions and Potential AML/CFT Risks (2014).

[7] Payment Services Act 2019 (No. 2 of 2019) (Singapore).

[8] ASIC, supra note 3 at 8.

[9] UK Government, supra note 2.

[10] Directive 2014/65/EU.

[11] China has, however, started to trial its central bank digital currency, the digital yuan.

[12] See Timothy Craig, “ICOs Could Be Returning to South Korea,” Crypto Briefing (January 19, 2022), available at https://cryptobriefing.com/icos-could-be-returning-to-south-korea/.

[13] See Department of the Treasury (Cth), supra note 2 at 3: “Consistent with the Government’s response to the Senate Report, a token mapping process will be completed as a separate piece of work and finalised by the end of year,” and, at 12, “the token mapping exercise to be completed by end of 2022 will provide further clarity as to how crypto assets are classified on a risk-based and technology agnostic basis.”

[14] See Department of the Treasury (Cth), supra note 2 at 3. 

[15] Financial Services (Distributed Ledger Technology Providers) Regulations 2017 (Gibraltar).

[16] Andrew Godwin & Andrew Schmulow (eds), The Cambridge Handbook of Twin Peaks Financial Regulation (Cambridge University Press, 2021), Foreword at xix.

[17] A key issue that is subject to debate is the difficulty in drawing lines between the different types of token and the challenges that this may create in terms of regulatory arbitrage. See Dirk A. Zetzsche, Filippo Annunziata, Douglas W. Arner & Ross P. Buckley, “The Markets in Crypto-Assets regulation (MiCA)

and the EU digital finance strategy” (2021) 16(2) Capital Markets Law Journal 203.

[18] See Department of the Treasury (Cth), supra note 2 at 6: “The Government identifies the following objectives for the proposed regulatory regime: ensuring that regulation is fit for purpose, technology neutral and risk-focussed…”

[19] The term “facility” is defined in s 762C.

[20] Australian Law Reform Commission, Interim Report A: Financial Services Legislation (ALRC Report 137, November 2021) at 287 [7.66].

[21] As decided in Securities and Exchange Commission v. W. J. Howey Co., 328 U.S. 293 (1946), an investment contract is “a contract, transaction or scheme whereby a person invests [their] money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.”

[22] The regulatory classification of cryptocurrencies was complicated when, in 2015, the Commodity Futures Trading Commission defined bitcoin and other cryptocurrencies as commodities under the U.S. Commodity Exchange Act.

[23] The Senate (Australia), Select Committee on Australia as a Technology and Financial Centre, Second Interim Report (April 2021) at [5.56], citing ASIC’s answers to questions on notice.

[24] Senate (Australia), Select Committee on Australia as a Technology and Financial Centre, Final Report (October 2021). This report focussed on reforms in Australia’s technology, finance and digital asset industries, including reforms in the regulation of cryptocurrencies and digital assets. For details of this inquiry and copies of the reports, see https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Financial_Technology_and_Regulatory_Technology/FinancialRegulatoryTech.

[25] Australian Government, Payments system review – From system to ecosystem (June 2021). This review focussed on the payments system and how it should be reformed to accommodate new technologies, business models, participants, and new forms of money. For details of this review, see https://treasury.gov.au/review/review-australian-payments-system.

[26] For details of this inquiry, see https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Corporations_and_Financial_Services/Mobileanddigitalwallet.

[27] Australian Government, Transforming Australia’s Payments System (December 8, 2021), available at  https://treasury.gov.au/publication/p2021-231824 at 4.

[28] It is relevant to note that Treasury agreed to commence consultation on an “appropriate regulatory structure” for Decentralized Autonomous Organizations, leaving open the possibility that an alternative to the company structure is adopted.

[29] Australian Government, Transforming Australia’s Payments System (December 8, 2021), available at  https://treasury.gov.au/publication/p2021-231824.

[30] Department of the Treasury (Cth), supra note 2.

[31] Ibid. at 5.

[32] Ibid. at 18.

[33] Ibid. at 19.