Crypto Basics

How Governments Regulate Cryptocurrency

In the early days of blockchain technology, cryptocurrencies operated in a gray area of the economy. But as financial institutions entered the space and global adoption soared, the risk calculus changed for regulators. Governments have since taken major steps to combat cybercrime and protect users — and many believe the work is far from over. For this reason, it’s critical for investors, businesses, and institutions to understand how governments regulate cryptocurrencies and how industry leaders are pushing the conversation forward.

Defining cryptocurrency

Technically speaking, cryptocurrencies are digital currencies secured by cryptography and maintained by decentralized networks of computers. The task of lawmakers, then, is to analyze this technology in terms of the legal frameworks that preceded the blockchain.

The first step of this process is to sort cryptocurrencies into asset categories: are they legal tender? Property? Investment vehicles? And if so, commodities or securities? And how exactly are they taxed?

Cash, property, security, commodity: the asset class approach to cryptocurrency regulation

In most countries, the U.S. and U.K. included, cryptocurrencies like bitcoin are considered property, but not legal tender. As property, crypto assets are subject to taxation. In the U.S., this means the IRS treats cryptocurrencies like other asset classes such as stocks and real estate, with capital gains, state, and federal income taxes levied accordingly. And since cryptocurrencies are not considered legal tender anywhere other than El Salvador, most businesses and services aren’t obligated to accept it. Many companies, however, have toyed with accepting bitcoin anyway, and financial services companies like PayPal and Square have stepped in as facilitators.

Depending on whether cryptocurrencies are defined as commodities or securities, the Commodity Futures Trading Commission (CFTC) or the Securities and Exchange Commission (SEC) have varying abilities to oversee and regulate cryptocurrency activity within the frameworks of commodity and security law.

Ambiguity still exists around when a cryptocurrency is considered a commodity or a security in the United States. With respect to commodities, the CFTC has stated that Bitcoin and Ethereum are commodities in the past, and CFTC Commissioner Dawn Stump recently put out guidance on how the CFTC’s regulatory oversight authorities apply. Commissioner Stump clarified that the CFTC does not have plenary authority to regulate commodities (though it does have certain enforcement powers, including the power to pursue claims of fraudulent or manipulative activity relating to commodities), but rather futures contracts on commodities, leveraged cryptocurrency transactions, and other derivatives products, which would extend to derivatives on cryptocurrencies that are commodities, such as futures contracts on Bitcoin or Ethereum.

With respect to securities, SEC Chair Gary Gensler has pointed to the Howey and Reves Tests as justification for its enforcement decisions. Under the Howey Test, which is most often cited, an offering is an investment contract—and therefore a security—if the arrangement is:

  1. An investment of money
  2. In a common enterprise
  3. With an expectation of profits
  4. Which are derived solely from the efforts of others.

Per the Reves Test, by contrast, a cryptocurrency offering—in this case, one that a resembles a promissory note, such as an initial coin offering (ICO)—is assumed to be a security unless one of seven exception cases are met, or unless the court decides to add a new exception.

While there have been some very specific cases in which the SEC has called a cryptocurrency out as a security, such as in their case against Ripple Labs, often Chair Gensler’s application of this terminology has been very broad. For example, in an August 2021 speech at the Aspen Institute, Gensler remarked that, with most exchanges offering trading of more than 100 different digital assets, “the probability is quite remote that, with 50 or 100 tokens, any given platform has zero securities” and that “stablecoins also may be securities and investment companies.” Chair Gensler has also suggested that some digital assets may represent “securities-based swaps” which come under a distinct SEC regulatory regime that is somewhat separate and apart from the rules applying to cash securities like equity or securities debt instruments.

Since different agencies regulate crypto assets differently based on how they intersect with their unique organizational mandates, there are possibly dozens of equally valid definitions depending on the specific case at hand. The objectives of these regulations, however, are fairly consistent: to ensure financial markets’ transparency and integrity, safeguard systems against crime and abuse, and provide essential investor protections.

Regulations for cryptocurrency businesses: The landscape today

The most wide-reaching regulations placed on cryptocurrency businesses are based on the standards and recommendations put forth by the Financial Action Task Force (FATF). As the global money laundering and terrorist financing watchdog, FATF’s main objective is to develop comprehensive anti-money laundering and countering the financing of terrorism (AML/CFT) controls, publish them as formal recommendations, and ensure their member jurisdictions are meeting their obligations to implement and enforce these standards. According to FATF’s website, more than 200 countries and jurisdictions are committed to implementing the standards.

In the United States, the piece of legislation central to compliance with FATF’s AML/CFT standards is the Bank Secrecy Act (BSA), which was originally passed by Congress in 1970. The BSA requires all money services businesses (MSBs) — meaning any business that facilitates the transmission or exchange of currency, including cryptocurrency businesses — to implement Know Your Customer (KYC) and Anti-Money Laundering (AML) programs. This means that cryptocurrency businesses like cryptocurrency exchanges, cryptocurrency ATMs, Over the Counter (OTC) brokers, custody providers, and Peer-to-Peer exchanges must therefore register as MSBs with the Financial Crimes Enforcement Network (FinCEN), the bureau of the Treasury Department tasked with enforcing the BSA, and comply with BSA requirements. These rules formerly applied to just fiat currency, but have since been generalized to include digital assets.

The core function of these U.S. regulations, as with FATF’s AML/CFT standards worldwide, is to cut off the ability of criminals and terrorists to launder illicit funds and to empower law enforcement to effectively fight financial crime. As with any new type of financial instrument, criminals have explored cryptocurrency as a way to launder ill-gotten funds. However, with proper regulations and KYC and AML controls in place, law enforcement agencies can employ blockchain analysis tools to trace illicit cryptocurrency transactions to their cash out points, serve legal processes to those businesses, and obtain the KYC information associated with the relevant cryptocurrency addresses. If, on the other hand, the illicit actor cashes out in a country where FATF standards haven’t been implemented, such information may not exist. This sort of jurisdictional arbitrage is detrimental to criminal investigations of all kinds.

For that reason, FATF issues two public statements tri-annually that identify the countries and jurisdictions deemed either non-compliant or strategically deficient with their AML/CFT standards.

North Korea and Iran currently make up FATF’s “black list” of High-Risk Jurisdictions subject to a Call for Action, which consists of countries that are entirely non-compliant with FATF’s standards. FATF’s “gray list” of Jurisdictions under Increased Monitoring, on the other hand, is 22 countries large. This list is especially important to regulators, investigators, and compliance professionals, as countries on the gray list are subject to enhanced due diligence measures from FATF-compliant countries, meaning they must obtain additional information about the customer, the source of the funds and the source of the wealth before allowing any transaction to take place. For jurisdictions with serious, longstanding deficiencies, these measures can extend to a limitation or prohibition on financial transactions. This regulatory burden seriously incentivizes compliance, as it can force non-compliant countries out of markets almost entirely.

Beyond FATF, regulatory environments often vary dramatically from country to country. China’s variation is perhaps the most notable. Despite having an abundance of cheap electricity that was dedicated to bitcoin mining in the past, the Chinese government opted to ban mining earlier this year; and despite being the world’s largest cryptocurrency market by transaction volume in 2020, it has now opted to ban transactions, too. There are a couple of plausible explanations for why China cracked down now, in 2021. As our own Ulisse Dell’Orto, Chainalysis’s managing director for Asia Pacific & Japan has explained, China has a several-year head start in developing Central Bank Digital Currencies (CBDCs), so it may perceive decentralized cryptocurrencies like Bitcoin as competitive with their own centralized alternative. And while China cited environmental concerns in their decision to ban cryptocurrency mining, China’s opposition could be just as ideological as it is practical; in our Cryptocurrency and China report, we interviewed an anonymous China-based cryptocurrency operator, who had this to say about the recent crackdown:

To understand this, you need to understand the CCP’s governance philosophy. They take a top-down approach, and the goal is to maintain stability and unity. So when government officials see people like early Bitcoiners getting ultra rich and advocating for liberty and self-sovereignty, the natural inclination is to see them as dissidents.

This has translated into anti-cryptocurrency campaigns in state-monitored media, bans of crypto-related search terms on Chinese search engines and platforms, and more.

Other countries have had similarly turbulent relationships with crypto, albeit for different reasons. Take India, for example: in 2017, the Ministry of Finance issued statements equating cryptocurrencies to Ponzi schemes; in 2018, the Royal Bank of India (RBI) banned cryptocurrency activity entirely; in 2020, the Supreme Court struck down the ban; and by 2021, India had moved up to 2nd out of in 154 countries in our cryptocurrency adoption index, up from 11th the year before. In other words, while India’s government may be weary about cryptocurrency, its citizens are only becoming more comfortable participating in the country’s burgeoning marketplace.

Still other governments have embraced cryptocurrencies, seeing their advent as an opportunity to bring investment capital into their countries. As such, these countries have centered their regulatory structures around tax-friendliness. In Belarus, for instance, all cryptocurrency activities have been declared tax-free until at least 2023. In Switzerland, by contrast, crypto investments and trades are treated as tax-exempt capital gains, but annual “wealth taxes” are still levied on the total amount of crypto and other assets owned.

The full Geography of Cryptocurrency Report, which dives deeper into these global trends of adoption and regulation in 2021, is available to read today.

Recent enforcement actions

In the United States, the SEC is a key discussant in the conversation around cryptocurrency regulation, and is very active as an enforcement authority as well. As discussed earlier, most of the SEC’s regulatory actions have been justified on the basis of the Howey and Reves Tests, which determine whether a virtual asset is a security. This enforcement mechanism was first applied in 2017, when the SEC ruled that Slock.it UG’s token/coin offering was a security according to the Howey test. Thereafter, dozens of SEC complaints were filed against unregistered ICOs.

Similar actions have recently been threatened in order to stop the launch of interest-bearing offerings from major cryptocurrency businesses, such as Circle Yield and Coinbase Lend—both of which have since been postponed indefinitely. Many suspect that the SEC will continue to regulate cryptocurrency businesses on a case-by-case basis before formalizing its stance through rulemaking. Gary Gensler, the SEC chair pushing for increased enforcement of cryptocurrency service providers, appears to be leading this charge, but other SEC officials have advocated for a more cautious approach. In August, when the SEC took action against cryptocurrency exchange Poloniex for failing to register as a national securities exchange or operate pursuant to a registration exemption, and therefore violating Section 5 of the Exchange Act, SEC Commissioner Peirce took exception to this action and expressed a number of questions she believes the SEC still needs to clarify before their authorities related to cryptocurrency exchanges are clear.

The CFTC has also exercised its enforcement authority on several occasions. In September, it ordered one cryptocurrency exchange that formerly offered margined retail commodity transactions to pay a $1.25 million dollar penalty for failing to register as a futures commission merchant. And just last week, it fined other cryptocurrency companies a combined $42.5 million for two reasons: one, for operating as a unregistered futures commission merchant, and two, for falsely claiming that their stablecoin was fully backed by U.S. dollars. Commissioner Dawn Stump subsequently expressed her concern that, because the CFTC’s authority over many stablecoins is limited to anti-fraud and anti-manipulation enforcement actions and not plenary authority to proactively set rules, this enforcement action might engender a false sense of security among cryptocurrency users.

Regulations in the making

As the main global AML/CFT standards body, FATF is one of the most influential entities for digital asset regulation. So its updated guidance, with a release slated for later in October, will likely have a big impact on the cryptocurrency industry. The updated guidance is expected to clarify the definitions of virtual assets and virtual asset service providers (VASPs)—including how these terms apply to DeFi and NFTs—how the FATF standards apply to stablecoins, and guidance related to implementation of the Travel Rule, which FATF has encouraged member jurisdictions to expand to cover cryptocurrency.

This Travel Rule guidance comes at a crucial moment, as the European Commission, the UK HM Treasury, and FinCEN each have travel rule proposals under consideration. But before we unpack these proposals, we should first explain the rule: the travel rule aims to stop money laundering by minimizing the anonymity of large cryptocurrency transactions. It thus mandates that VASPs obtain, hold and exchange information about the originators and beneficiaries of cryptocurrency transfers with other VASPs and above a certain threshold. FATF recommends 1,000 USD/EUR/GBP as the threshold, and most of the proposals have followed suit.

The European Commission’s proposal applies to cryptocurrency transactions above €1,000 between VASPs. The HM Treasury proposal, on the other hand, applies to cryptocurrency transactions above £1,000 between VASPs as well as from personal wallets to VASPs. It is uncertain whether this proposal will be scaled back to include only transactions between VASPs, which we believe is the more important and relevant record-keeping requirement. Lastly, FinCEN’s proposal sets a threshold of merely $250 between VASPs. It’s important to note here that these proposals have yet to be approved and may well change before taking effect.

Another piece of regulatory guidance anticipated in late October is the U.S. Treasury Department’s report on stablecoins, which is expected to recommend that stablecoin issuers be regulated like banks, with reserve and reporting requirements to match. Should Congress fail to implement a satisfactory, bank-like framework, the Biden administration has said that it “wouldn’t be reluctant to use FSOC [the Financial Stability Oversight Council],” a panel of regulators tasked with monitoring risks to the financial system, to ensure the enforcement of its recommendations. In other words, some form of stablecoin regulation is likely soon to come, whether through Congress or another channel.

Finally, this summer, the U.S. Senate considered a $1 trillion bipartisan infrastructure bill. Included in the bill was a provision to broaden the definition of “broker” to include cryptocurrency brokers, like exchanges, requiring them to report information about users’ names, addresses, and trading activities to the Internal Revenue Service. Many in the cryptocurrency industry expressed concerns that the way the language was drafted was too broad and could be interpreted to encompass miners, node validators, or developers, who would not have access to the required reporting information. While attempts were made to modify the language in the Senate, they were not ultimately successful. As of now, the House has yet to pass the legislation, so there may still be opportunities to modify the language, but many have pointed to this as an example of the importance of improving education around cryptocurrency and engaging with legislators and policymakers to ensure that policy and regulations make sense for the space.

How the cryptocurrency industry can help

Given the broad-reaching implications of cryptocurrency regulation and the breathtaking pace of innovation in this space, the cryptocurrency industry is eager to work with regulators to design new, more efficient regulatory frameworks. We have never seen many of these innovations before, so the traditional regulatory model doesn’t always apply neatly. This doesn’t mean the industry cannot be regulated effectively, but it does mean that it must be done carefully.

We also believe there is an opportunity for regulatory innovation in the space. While traditional finance is very opaque, with regulators having no access to transaction data without requesting it from financial institutions directly, blockchain technology allows for an unprecedented level of transparency. This enables regulatory supervisors to review transactions freely and easily, changing the nature of regulatory compliance and monitoring.

We are glad to see regulators engaging with the industry and working to learn more about the technology. As a company that works with both sides— industry and regulatory agencies—we are eager and well-positioned to help make those connections.