Protecting Consumers in Crypto’s Regulatory Vacuum

Blockchain | September 22, 2022 By:

Cryptocurrency adoption quintupled from 2020 to 2021 with total transaction volume growing to $15.8 trillion. Cryptocurrency-based crime likewise had a record year, as criminals drove $14 billion in illicit activity in 2021. Criminals are basking in this regulatory vacuum, and on the blockchain there is no centralized authority to flag suspicious transactions and stop fraud before it happens. However, government and industry leaders from around the world are moving to propose and enact regulatory frameworks, with regulators publishing 9,872 pieces of crypto-related issuances last year, and on pace to approach 14,000 articles in 2022. Regulatory frameworks are essential for this new industry that is becoming inextricably interconnected with other components of the financial sector. We must protect not only the international economy but also the everyday consumer.

In June, a bipartisan action called the Responsible Financial Innovation Act was introduced to outline crypto standards at the federal level, but it’s widely accepted that it will fail. Europe is striving to take the lead on establishing a legal framework for the crypto asset market. The EU reached provisional political agreement on a law called Markets in Crypto-Assets (MiCA) in June requiring exchanges, brokers, and other crypto companies to enforce strict rules to protect consumers. While regulatory frameworks evolve and emerge, crypto exchanges can best fight criminal activity – and maintain a competitive advantage – by either complying with existing regulations or enacting proactive risk management.

Know your customer to win trust

A 2020 study by CipherTrace revealed that 56% of virtual asset service providers globally had weak or porous know your customer (KYC) practices, regardless of existing regulations. KYC represents essential identification methods to verify that cryptocurrency users are not bots, stolen identities, or synthetic IDs. It curbs illicit activities like money laundering and scams by rooting out criminals and flagging high-risk customers. Bad actors count on anonymity and will flock to exchanges that do not require KYC. 

The issues of KYC and regulations in general are contentious, as blockchain purists argue they run against the fundamental private, decentralized ethos of cryptocurrency markets. However, the industry cannot afford to delay regulatory implementation: Scammers stole $7.8 billion in cryptocurrency and criminals laundered $8.6 billion in 2021. In the absence of well enforced regulations, exchanges and other providers should strive to protect their customers from dirty money tricks, chargebacks, social engineering, and other fraudulent scams. By introducing strong KYC procedures, cryptocurrency businesses can also reduce the chance of legal disputes or massive regulatory fines that result from criminal opportunists.

Protecting crypto users from rug pulls and other schemes

In April, the New York State Senate introduced a bill that would criminalize “rug pulls” such as the $2 billion theft at the Turkish cryptocurrency exchange Thodex. Rug pulls occur when criminal developers defraud investors out of large amounts of money by attracting them to a new cryptocurrency project and then pulling out before the project is built, leaving investors with a worthless currency. The bill is currently in committee, but if passed, would establish the offenses of virtual token fraud, illegal rug pulls, private key fraud and fraudulent failure to disclose interest in virtual tokens. Without regulatory oversight, the only recourse investors have is to conduct extensive research on their own before investing. Exchanges can help protect investors by checking for irregular activity, monitoring for lack of liquidity locks and explosive price movement with limited token holders, and by filtering out scams, fakes and duplicate tokens.

Not deterred from doing wrong, nor motivated to do right

While some crypto exchanges opt for watertight compliance as a competitive advantage, many exchanges and DeFi companies will not take steps to protect their users without being compelled to by policy. Cryptocurrency users, many of whom may be novices, cannot currently turn to the authorities in cases of fraud, cyberattack, or other loss of funds. The proposed EU framework MiCA will establish a public register of non-compliant crypto-asset providers and hold crypto-asset service providers liable if their users lose assets and they fail to protect investors’ wallets. Cryptocurrency providers will then be legally motivated to devote resources to ensuring their customers’ security. 

It is in the digital asset providers’ best interest to safeguard users and hinder fraudsters, as consumers will be less convinced to use an exchange that they view as risky or a haven for money laundering. Every incident of a scam, breach, or fraud dents the reputation of an exchange, and damages user confidence. Until regulatory compliance is required, we operate in an ecosystem of uneducated users, unmotivated exchanges, and undeterred criminals.

Don’t wait for the regulatory winter

Although there is much debate swirling around the industry about how, when, and whether to regulate cryptocurrency and other DeFi markets, regulation is an inevitability. Compliance teams will have to work swiftly to anticipate, understand, and implement emerging obligations. If the still nascent industry is to achieve mainstream adoption and earn the trust of users, it needs to work with policymakers on sensible regulatory guardrails. Providers should lay the foundation for a transparent compliance program and code of conduct, which also has the added benefit of demonstrating vigilance and legitimacy. Waiting until the laws are enacted can result in a haphazard, taxing, and an expensive race toward compliance. Providers can move forward with proactive risk management by adopting cybersecurity and compliance software solutions and implementing rigorous compliance, AML, and KYC processes. Since no software, rule, or diligence can prevent all crimes, companies should devote resources to educating their customers about cryptocurrency investing and fraud prevention. As regulation emerges, firms will need to keep on top of regulatory change and scan the horizon for emerging bills and consultation – and RegTech can help.