We’re often asked what our ideal regulatory environment would be for Bitcoin and cryptocurrencies like it. A few years ago, in a regulatory submission to the Indian Ministry of Finance, we developed a list of six principles governments around the world should heed when considering blockchain regulation. Those are very general, however, and we’ve been asked recently for a more specific prescription that a national government could employ. So here’s our attempt to outline the regulatory regime a country that wanted to be welcoming to cryptocurrency innovation might want to pursue.
The punchline is that with the notable exception of taxation, the prescription is essentially the regulatory regime at which the United State has arrived after years of slow and piecemeal evolution. The U.S. regime is not perfect, it can improve, and other countries can learn from what the U.S. lacks largely for structural reasons (like federalism) that most other countries don’t face. We divide the policy areas into four general categories of regulation: consumer protection, investor protection, financial surveillance, and tax. We’ll go through them one at a time.
The purpose of consumer protection regulation is to ensure that businesses who take custody of consumer cryptocurrency for any purpose—whether it is for safekeeping, to provide payments or exchange services, or anything else—are sound and law-abiding. This is typically done through licensing. That is, a business cannot legally offer a service to the public that involves taking custody of consumer funds without first acquiring permission (a license) from the state. The state gives a license to any business that meets certain criteria, including passing a background check, posting a bond, satisfying minimum capitalization requirements, and offering specific disclosures to customers.
The key to a sensible consumer protection licensing regime is twofold. First, and most important, it should be clear that the licensing requirement is triggered by custody and nothing else. Second, licensing requirements should be reasonable and non-duplicative.
Taking custody of consumer funds is the activity that creates a risk to consumers (for obvious reasons), and it is that risk that licensing aims to ameliorate. Therefore, if a business provides cryptocurrency services to consumers (possibly including payments or exchange services) but does not take custody of consumer funds, it should be excluded from any licensing requirement. Only if a firm has the ability to lose or steal or otherwise risk consumer funds should it be required to be licensed.
In contrast to this, some governments have made the mistake of requiring a license from any business that engages in cryptocurrency services, even if no risk to consumer funds can be identified. This is pernicious because it places a burden on firms that have innovated in such a way to provide services to consumers without creating the kind of risk that licensing is meant to address in the first place. The way to avoid that is to have any licensing law turn exclusively on whether the business has “control” of consumer cryptocurrency, and the best statutory definition of “control” available is found in the Uniform Law Commission’s Regulation of Virtual-Currency Businesses Act (RVCBA):
“Control” means … [the] power to execute unilaterally or prevent indefinitely a virtual-currency transaction
For firms that do take custody (control) of consumer cryptocurrency, licensing criteria should be clear and sensible. First, in contrast to the United States where a business must acquire dozens of licenses in each state in which it does business, an ideal regulation would be national or transnational (e.g. the E-Money License in the European Union) in scope. Second, the level of regulation imposed by the license should be calibrated to the level of custody risk posed to customers by the business. For example, the RVCBA includes a provision that allows firms to operate without a license (simply by registering) until their business activity exceeds $35,000 annually.
The purpose of investor protection regulation is to ensure that investors do not face information asymmetries that would put them at a disadvantage. This means ensuring accurate financial reporting issuers of equities, as well as ensuring the fairness of markets. Bitcoin and cryptocurrencies like it are not securities, in part because there is not a firm or person who runs Bitcoin or issues them. It is instead more accurately classified as a commodity or perhaps a currency. Therefore, regulations that apply to securities and securities markets should not apply to Bitcoin and cryptocurrencies like it. In contrast to the United States, which employs a court-made test for determining whether an asset qualifies as an “investment contract,” most other countries list in statute what assets are securities. The ideal regulatory policy should simply ensure that Bitcoin and cryptocurrencies are not treated as securities.
As far as market regulation is concerned, an ideal policy would be to simply ensure equal treatment between markets in cryptocurrency and commodities. Typically, it is not markets for commodities themselves that are regulated, but commodity derivatives markets that are subject to regulation. Alternatively, foreign exchange market regulation could serve as a model for cryptocurrency exchange regulation.
The purpose of financial surveillance laws (better known as anti-money-laundering regulation) is to deputize private businesses as criminal investigators for the state. Generally these laws apply only to a defined class of business referred to as “financial institutions.” Regulated financial institutions must collect identifying information about their customers, as well as surveil their customer’s activities and automatically report detailed information about certain specified transactions (or potentially all transactions) to the financial surveillance regulator, which will in turn share that information with law enforcement and national security agencies. Throughout this process customer information is collected and transmitted to the government without a search warrant, and, in some cases, without any independent legal process whatsoever. Persons engaged in a variety of cryptocurrency activities may or may not be classified as financial institutions and be obligated to surveil their customers or transactional counterparts.
As far as financial surveillance is concerned, an ideal policy would be to require a warrant for any state collection of personal financial data from a financial institution including businesses facilitating cryptocurrency activities. This, however, would be an extreme shift in policy; banks have been subject to financial surveillance laws in the U.S. since the 1970s, and the Supreme Court found long ago that bank customers have no reasonable expectation of privacy over records that they willingly hand over to banks while transacting. Similar regimes have proliferated across the world thanks to international standards-setting bodies such as the Financial Action Task Force. Short of reviving judicial oversight and a warrant requirement for the mass collection of customer financial data by law enforcement, a pragmatic policy is to seek equal treatment as between cryptocurrency businesses and traditional financial institutions. This means that only those businesses that hold and control customer cryptocurrency (as in our definition from consumer protection above) should be classified as regulated financial institutions. Non-controlling cryptocurrency businesses such as miners, node-operators, software developers, or minority key-holders in a multi-sig arrangement, should never be classified as financial institutions. Individuals transacting on their own behalf (buying and selling, donating, or paying for goods and services) should also never be classified as financial institutions.
Taxation policies vary from country to country. As a first pass, governments should state clearly and in detail how cryptocurrency transactions will be taxed as this may not be intuitive given the novelty of cryptocurrencies as assets. If a country wishes to tax cryptocurrencies as property and collect capital gains taxes when cryptocurrencies are sold at a profit, then it should provide guidance on how to account for basis. There should also be a threshold in the amount gained below which no tax is due. Without such a de minimis exemption from capital gains taxation, a cryptocurrency user could trigger a taxable event every time she pays for a good or service rendering cryptocurrencies too complicated for daily use in payments. For the same reasons, purchases of cryptocurrency should be VAT exempt.
Cryptocurrency block rewards from mining or staking on cryptocurrency networks should not be taxed as income when they are created. These rewards are best analogized to fruit that has ripened on the taxpayer’s land, crops grown in her fields, or precious metals mined from her soil. Applying a tax liability at the moment the new value is created generates extreme accounting difficulties and overtaxes the citizen. Instead, should a country wish to collect taxes related to mining or staking activities, it should tax them when they are sold by the miner or staker.
The above is what we would suggest if starting from scratch. As noted at the outset, the regulatory regime in the United States goes in the right direction. If we had a magic wand we would like to see the following changes in the U.S.:
- A federal option for licensing of firms that take custody of consumer funds that preempts state-by-state money transmission licensing, as well as a clear articulation that states may not regulate non-custodial cryptocurrency businesses under their money transmission regimes.
- A clearer articulation of when a presold token is not a security, as well as a securities law safe harbor for the development of new tokens.
- A clear requirement for a warrant for any state collection of personal financial data from a financial institution including businesses facilitating cryptocurrency activities.
- Tax treatment of cryptocurrency as currency and a clear articulation that validation reward are not income until disposed of.
Of course, policy making is a process and we might not always be able to achieve perfection but if we could this is what we would like to see in the U.S. and abroad.