How the US Government can make cryptocurrency exchanges safe for investors, and prevent another FTX type of disaster.
This is my proposed model for cryptocurrency exchange regulations regarding exchanges which hold cryptocurrency investors deposits.
Six ways to make Exchanges safe for investors.
- These are my six ways to make Centralized cryptocurrency exchanges safe for investors.
- I defined as Centralized those cryptocurrency exchanges which hold cryptocurrency investors funds as deposits in customer accounts.
- Examples of Centralized Exchanges include FTX International, whose former CEO Sam Bankman-Fried is in jail, and currently on trial for financial crimes. Another examples would be FTX US, Binance US and Binance International.
- The starting point in my research was copies of laws for laws enacted in Japan. after a Centralized Exchange crisis , known as the Mt. Gox incident.
- Mt. Gox incident, a Centralized Exchange Bankruptcy due to theft of cash and cryptocurrency assets 2014.
- Summary statements
Six Ways to make Centralized Cryptocurrency Exchanges safe for investor funds, and prevent another FTX and Sam Bankman-Freid situation.
First,
- No commingling of funds, as in segregate the exchange’s customer cryptocurrency and customer cash from the exchange's cryptocurrency and the exchanges’ cash.
- The law and regulation should require that the customers assets and the exchanges assets be held in separate wallets
Second,
- The centralized exchange must outsource the actual custody of all customers cryptocurrency and cash to a third-party completely separate and unrelated to the centralized exchange, which must carry insurance equal to the value of assets it is taking custody of for the exchange and the customer.
- These custody agents are licensed and registered by the government, but paid for by the exchanges.
Third,
- Exchanges must keep the majority of customer funds in storage wallets not connected to the internet, so called Cold Storage. Specifically, the exchange must keep 95% of each customers cryptocurrency assets and cash assets in cold wallets of this trusted third party.
Fourth,
- Trading wallets: the exchange may keep an equivalent amount of the 5% of customers assets held in the exchange wallets connected to the internet, so called Hot Wallets, which is for trading, and which can be connected to a trading wallet containing 5% of all customer deposits, held in an cold wallet controlled by the same trusted third party as in number Two above.
- In this way 100% of customer funds are protected, and the exchange takes all the risk of website hacks, not the customers.
- This incentivizes them to protect their site against hacks.
Fifth,
- Depositor protection against loss of deposits to exchange creditors in the case of bankruptcy. Exchange customer deposits, just like bank customer deposits are not exchange assets or property, and should not be given to exchange creditors to satisfy exchange debts. This must extend to bankruptcy situations. The exchange Terms of Service must specify that exchange customers are entitled to receive payment in full of all cryptocurrency and cash held for the exchange by the custodian. This means customers who deposit funds don’t lose their funds to exchange creditors in the case of bankruptcy.
- And all creditors must sign a memorandum acknowledging this and agreeing not to seek exchange customers assets in the event of bankruptcy.
Sixth,
- Exchanges must prove compliance through audits. These Centralized Exchanges must pay for a quarterly audit, by a third party accounting firm, to insure that each of the above five requirements are being followed. The custodian companies are expected to keep records of cash and cryptocurrency flowing into the exchange via cryptocurrency ledgers and exchanges must cooperate to provide wallets addresses for all cryptocurrency flowing into the exchange.
Copy of Japanese Laws regarding Centralized Cryptocurrency Exchanges, or exchanges which take deposits of cryptocurrency investors cash and cryptocurrency.
Definition: Japanese name for Centralized Cryptocurrency Exchange and definition.
- Definition of Crypto Asset Exchange Services, the term “Crypto Asset Exchange Services” (or CAES) means any of the following acts carried out as a business: sale or purchase of Crypto Assets, or the exchange of a Crypto Asset for another Crypto Asset; intermediating, brokering or acting as an agent in respect of the activities listed in item (a); management of customers’ money in connection with the activities listed in items (a) and (b); or management of customers’ Crypto Assets for the benefit of another person.
- It should be noted that the rules designates (d) “management of customers’ Crypto Assets for the benefit of another person” as a type of CAES.
- Consequently, management of Crypto Assets without the sale and purchase thereof (“Crypto Asset Custody Services”) is included in the scope of CAES.
- Therefore, a person engaging in Crypto Asset Custody Services needs to undergo registration as a CAESP. - In this context, the FSA Administration Guidelines on Crypto Assets describes the “management of customers’ Crypto Assets for the benefit of another person” as follows: “[A] although whether or not each service constitutes the management of Crypto Assets should be determined based on its actual circumstances, a service constitutes the management of Crypto Assets if a service provider is in a position in which it may transfer its users’ Crypto Assets (for example, if such service provider owns a private key with which it may transfer users’ Crypto Assets solely or jointly with its related parties, without the users’ involvement).”
- Accordingly, it is understood that if a service provider merely provides its users with a Crypto Asset wallet application (i.e., a non-custodial wallet) and private keys are managed by the users themselves, such a service would not constitute a Crypto Asset Custody Service.
source
Japanese rules for Centralized Cryptocurrency Exchanges, or exchanges who take deposits of cryptocurrency assets and cash from investors. In Japan these are called Crypto Asset Exchange Services Providers, or CAESP. source
- Principal regulations on CAESPs
Regulations for the handling of Crypto Assets
In Japan, due to a series of incidents involving leakage of Crypto Assets from CAESPs, strict regulations have been introduced for the protection of user property.
- Under such regulations, a CAESP that manages users’ fiat currency and Crypto Assets must segregate such property from its own property.
- For purposes of fiat currency management, such currency must be held in trust with a trust bank or trust company for protection against the CAESP’s bankruptcy.
source
In the area of Crypto Asset management, stringent rules, as set forth below, have been put in place to protect users from leakages of Crypto Assets and from the bankruptcy of a CAESP:
- A CAESP must manage users’ Crypto Assets and its own Crypto Assets in separate wallets.
- A CAESP must manage at least 95% of users’ Crypto Assets in wallets that are not connected to the Internet (so-called “cold wallets”).
- A CAESP that manages less than 5% of its users’ Crypto Assets in a wallet other than a cold wallet (so-called “hot wallets”) must manage the same type and amount of its own Crypto Assets (“Redemption Guarantee Crypto Assets”) in a cold wallet to protect users against the risk of leakages of Crypto Assets from hot wallets.
- Users will have preference rights to repayment over the segregated Crypto Assets and Redemption Guarantee Crypto Assets. Such priority security interest is specifically stipulated in the PSA.
In addition to the above, CAESPs are required to have their segregation of fiat currency and Crypto Assets audited annually by a certified public accountant or auditing firm.
source
Other regulations on the conduct of CAESPs
- In addition, the following regulations are imposed on the conduct of CAESPs:
- CAESPs are required to take such measures as necessary to ensure the security of important information, such as personal information and information on private keys to Crypto Assets.
- They are also required to establish a risk management system to prevent system failures and cyber incidents.
- Establishment of contingency plans to deal with exigencies and provision of related training are also required.
- CAESPs are required to provide users with information such as an overview of each Crypto Asset handled by them, details of transaction rules and fees, information on the assets received from users, and users’ transaction history.
CAESPs are subject to regulations regarding CAES advertising and solicitation. False and misleading representations, as well as representations promoting the trading of Crypto Assets for the sole purpose of profit, are prohibited.
CAESPs are required to establish internal control systems for responding to user complaints in a fair and appropriate manner, and to take measures to resolve disputes through alternative dispute resolution procedures.
source
Mt. Gox incident Japan Centralized Cryptocurrency Incident, 2014.
- Mt. Gox incident, a centralized Exchange disaster in 2014, where thousands of investors lost millions of dollars worth of cryptocurrency, which is now worth billions of dollars. And how that caused the host country to pass laws concerning Centralized Cryptocurrency Exchanges, the kind of cryptocurrency exchanges which hold investors cash money and their cryptocurrency. These laws prevented cryptocurrency investors whose cash and cryptocurrency were held at FTX Japan from losing their cash and their cryptocurrency. These laws resulted in those investors getting both their cash and their cryptocurrency back within 30 days of FTX International declaring bankruptcy. Unfortunately, FTX International, FTX US and many other FTX exchanges operated in countries without these cryptocurrency laws, and their investors have had their cash frozen, and are expected to lose the majority of their funds in the bankruptcy resolution.
- Read more about Mt. Gox:
Mt. Gox incident, a centralized Exchange disaster in 2014, where thousands of investors lost millions of dollars worth of cryptocurrency, which is now worth billions of dollars. And how that caused the host country to pass laws concerning Centralized Cryptocurrency Exchanges, the kind of cryptocurrency exchanges which hold investors cash money and their cryptocurrency. These laws prevented cryptocurrency investors whose cash and cryptocurrency were held at FTX Japan from losing their cash and their cryptocurrency. These laws resulted in those investors getting both their cash and their cryptocurrency back within 30 days of FTX International declaring bankruptcy. Unfortunately, FTX International, FTX US and many other FTX exchanges operated in countries without these cryptocurrency laws, and their investors have had their cash frozen, and are expected to lose the majority of their funds in the bankruptcy resolution.
source
Summary
- In 2014 Centralized Cryptocurrency Exchange Mt Gox in Tokyo, Japan filed bankruptcy, and thousands of investors lost access to cash and cryptocurrency deposited on with this company.
- Because modern securities laws in Japan , which are modeled after laws in the America, didn’t recognize all the differences between Centralized Exchanges, Banks, Securities or Stock Investment companies, this exchange with millions of dollars in cash and cryptocurrrncy was operating with very little direct oversight, as there were no specific Japanese laws for cryptocurrencies and cryptocurrency exchanges. Therefore when it went bankrupt as the result on embezzlement and theft, the Japanese court system found itself dealing with a multi-million dollar theft and bankruptcy for which it had no directly applicable laws. Today, almost ten years that case is not settled, and investors who deposited cash and cryptocurrency are still waiting for the return of their deposits.
However, as a result of this disaster, Japan stopped relying on regulations from 1950 and through a joint effort of the cryptocurrency Exchange association of Japan, the government, the courts and the regulatory bodies they produced a new set of laws and regulations regarding cryptocurrencies and cryptocurrency exchanges.
These laws provide strict rules, and regulatory clarity which protects the investors and the markets, and other financial industries connected to cryptocurrency exchanges like banks. These laws have protected Japanese investors from a recurrence of Mt Gox, and when FTX International filed for bankruptcy in November of 2022, Japanese Investors in FTX Japan received all their deposited cash and cryptocurrency in 30 days. While they’re American counterparts ; customers of FTX US, are still waiting for the bankruptcy process to finish, almost one year later.
In addition to this lengthy delay, American depositors using Centralized Cryptocurrency Exchanges have none of the protections for their deposits that their Japanese counterparts have, and they will be competing with all other creditors of FTX US, as well as the Bankruptcy lawyers for a share of the liquidated assets.
The underlying theme of several Centralized Cryptocurrency Exchanges and Centralized Crypyocurrency Investment services, resulting in multi-billion dollar losses for investors, all have an underlying theme of comingling of funds, misuse of investors funds and inadequate investor protections. All of which were addressed by Japanese laws in 2014, and updated as the cryptocurrency investment economy changed through innovation and technology invention.
The path forward seems clear to me. In years past we saw technology change our world, with the horse giving way to the car, cars to planes and trains, and the internet. In each situation our country didn’t hesitate to create new laws and regulations to deal with new technology, and provide protections for involved parties. I believe the same is true for cryptocurrency and cryptocurrency exchanges, and I hope this article provides enough information to help anyone researching information on this topic.
References
References for Mt Gox from Willkipedia
58 references at this site: https://en.wikipedia.org/wiki/Mt._Gox
References for Japanese Cryptocurrency Laws
- Blockchain & Cryptocurrency Laws and Regulations 2023 | Japan
https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/japan
https://sanctionscanner.com/blog/cryptocurrency-regulations-in-japan-492
I believe the government will even be willing to defend Cryptocurrency if they first of all see it as something they want to embrace and not fight against
True, if they could see the advantages, they might embrace it.
Thanks for the insight on centralized exchanges regulatory policies and new laws put to safe guard investors funds if well implemented the risk of high bankruptcy and collapse of exchanges will be contain we don't want reoccurrance of FTX in 2023 this will be bad for the entire crypto space.
Posted using IceBreak
Your welcome. I want to develop a well referenced guideline.
This is what the US needs; regulatory clarity and improved investor protection.
Thank you, I appreciate the support.
Add this idea to your standards:
https://cer.live/methodology/cryptoexchanges
Cybersecurity Ranking and CERtification Platform
302 Exchanges Audited
220 Certificates Issued
$139b+ Balances Tracked
Why CER?_
Since 2018, we have reviewed 270+ crypto exchanges and performed dozens of complex security assessments of well-reputed exchanges, resulting in the CER score has become an important indicator of trust for tens of millions of crypto users around the world. We keep our hands on the latest trends, monitor deep and dark internet to understand why and how hacking accidents occur in order to predict and prevent future attacks.
Thank you for this important information.
About The Institute of Internal Auditors
Media contact:
Chris Almonte
[email protected]
+1-407-937-1349
Letter to Us Congress: https://www.theiia.org/en/about-us/advocacy/responses-to-regulators-and-oversight-bodies/
PRESS RELEASE THE IIA DEC 05, 2022
…
2022
DECEMBER
THE IIA CALLS UPON CONGRESS TO REQUIRE CRYPTOCURRENCY EXCHANGES
LAKE MARY, Fla. (December 5, 2022) – The Institute of Internal Auditors (IIA) – the internal audit profession's leader in standards, certification, education, research, and technical guidance worldwide – today released a letter calling for Congress to establish new requirements designed to bolster corporate governance at cryptocurrency exchanges operating in the United States.
In a letter to Chairs and Ranking Members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs; U.S. Senate Committee on Agriculture, Nutrition, and Forestry; U.S. House Committee on Financial Services; and U.S. House Committee on Agriculture; The IIA points to the recent Chapter 11 bankruptcy filing of cryptocurrency exchange FTX as an example of the devastating impact on American consumers when companies lack sufficient internal controls and fail to provide objective assurance over those controls.
In the letter, Anthony Pugliese, CIA, CPA, CGMA, CITP, President and CEO of The IIA notes that as a privately held company, FTX was not required to comply with certain provisions of the Sarbanes-Oxley Act of 2002 (SOX) intended to promote sound internal controls over financial reporting and provide transparency to the investing public and accountability from corporate leaders.
“Unfortunately, since most cryptocurrency exchanges are not subject to SOX compliance, consumers were denied basic organizational transparency and did not possess relevant information to assess investment risk,” Pugliese wrote.
He notes that the absence of a robust internal audit function at FTX prevented the identification and mitigation of multiple material risks and highlighted the important role of internal audit in providing a board of directors with objective assurance, insight, and advice that is independent from management.
“The FTX collapse is the latest reminder that organizations without a robust internal audit function are, at best, playing with fire and, at worst, setting themselves and their stakeholders up for a disastrous – and entirely preventable – fall,” said Pugliese. “Countless investors are now paying the price for FTX’s failures. It’s clear that we cannot rely on unregulated crypto exchanges to do the right thing on their own – we need to mandate stronger corporate governance standards and ensure accountability when these exchanges aren’t protecting their customers. When bad corporate actors fail, it shouldn’t be investors who are left holding the bag. A robust internal audit function protects investors and the business itself, ensuring transparency and accountability.”
Based upon preliminary lessons learned from the FTX collapse, The IIA calls upon Congress to enact two new mandates designed to promote transparency and prevent future cryptocurrency internal control failures:
Require all cryptocurrency exchanges operating in the U.S., as well as affiliated partners, to possess a sufficiently resourced and highly qualified internal audit function.
Require the senior management of cryptocurrency exchanges operating in the U.S. to certify, annually, that their exchanges’ internal controls are adequate and appropriate based upon an independent internal audit assessment.
The IIA notes in its letter that these recommendations are an important step in establishing greater confidence in the cryptocurrency market.
Thank you for this important information.
IIA suggested legislation for US Congress:
https://www.theiia.org/globalassets/site/iia-letter-to-congress_5.4.23.pdf
Thanks
#aroundtheblock
Very good ideas.