Lawmakers should make sure there are clear differences between centralized and decentralized exchanges, and they shouldn't be forced to follow rules that don't fit the risks they face.
Chair Brown, Ranking Member Toomey, and members of the United States Senate Committee on Banking, Housing, and Urban Affairs, my name is Jennifer Schulp, and I am the Director of Financial Regulation Studies at the Cato Institute's Center for Monetary and Financial Alternatives.
I appreciate the chance to speak at today's hearing, which is called "Crypto Crash: Why the FTX Bubble Burst and How It Hurts Consumers."
My testimony is mostly about the regulatory lessons that can be learned from the FTX bankruptcy.
On November 11, 2022, FTX Trading Ltd. and about 130 related companies filed for bankruptcy. This happened after a series of events that started in late October 2022 revealed problems with the crypto exchange platform and made it impossible for the platform to meet customer withdrawal requests. FTX was started in 2019 and has its main office in the Bahamas. It was a place where people could trade cryptocurrencies, including through leveraged and margined crypto trading. FTX also had its own cryptocurrency token, called FTT, which gave some holders discounts on trading fees. West Realm Shires Services Inc., doing business as FTX US, was a separate company that helped U.S. customers trade crypto. It was registered as a money services business with the Treasury Department's Financial Crimes Enforcement Network and did business in most states as a money services business.
In short, the common story about what led up to the bankruptcy petition starts with Sam Bankman-Fried, the co-founder and CEO of FTX, tweeting something negative about the CEO of a rival cryptocurrency exchange. This exchange, Binance, held a lot of FTT from an investment in FTX that has since been sold. Soon after, it came out that Mr. Bankman-crypto Fried's trading company, Alameda Research, held a lot of FTT. This made people wonder what FTX and Alameda had to do with each other. After hearing about these rumors, Binance's CEO said that Binance would sell its FTT. Customers of FTX started taking more assets out of FTX because they were worried about what a drop in the price of FTT would mean for FTX. This was because Alameda and FTX might work together in the future. The price of FTT dropped a lot, and FTX couldn't keep up with customer withdrawal requests. By November 10, the Securities Commission of the Bahamas had frozen FTX's assets in the Bahamas. Even though Mr. Bankman-Fried had given reassurances about the liquidity of the U.S. exchange (FTX US), FTX filed for bankruptcy on November 11 for almost all related entities, including the U.S. exchange. Documents filed in the bankruptcy case show that FTX Trading owes at least $3.1 billion to its creditors. At the very least, FTX customers' assets were mixed in with Alameda's, and Alameda used customer funds to do margin trading, which led to huge losses.
This is too simple, though, because new information keeps coming out about what happened to FTX. Continued effects include the bankruptcy of BlockFi, a crypto company that offered exchange and interest-earning custodial services and had gotten a credit facility from FTX after its own liquidity crisis earlier in 2022. Many parts of FTX's relationship with Alameda and what both companies did in the cryptocurrency market are also being looked into. In fact, the Department of Justice, the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC), as well as Congress, state regulatory agencies, and private lawsuits, are all looking into different parts of these events.
Since the situation is still changing, it is too soon to say for sure what caused FTX to fall and what the right regulatory fixes are. Courts should figure out what crimes and rules were broken here, and claims of fraud and broken contracts should be vigorously pursued wherever they are valid.
But two important things seem clear to people who make policy. First, it doesn't look like the problems with FTX are caused by cryptocurrencies or other blockchain technologies. John J. Ray III, who was hired to replace Mr. Bankman-Fried as FTX's CEO and lead the company through bankruptcy, said of the company's situation, "Never in my career have I seen such a complete failure of corporate controls and such a complete lack of trustworthy financial information as occurred here." These problems with risk management should be blamed on the people who did them, not on the crypto ecosystem as a whole, whether they were done on purpose or because they were very careless.
Second, the problems that are happening here—lending customer assets to an affiliated entity and hiding these transfers—are risks of a certain type of cryptocurrency exchange called a centralized exchange, which holds customer assets and keeps ledgers that are not open to the public. In fact, a few other notable crypto companies that went bankrupt this year, like the hedge fund Three Arrows Capital and the lenders Voyager Digital and Celsius Network, were more like traditional centralized financial companies than software applications that made decentralized finance (DeFi) possible, which crypto made possible. DeFi, which includes decentralized crypto exchanges, aims to reduce these risks by using technology like public transaction data and the ability to self-custody assets, among other things. Policies that are meant to reduce the risks of centralized financial intermediaries shouldn't be applied blindly to decentralized projects.
The Path Forward
With this in mind, I suggest three takeaways for policymakers in the wake of the FTX bankruptcy.
Differentiate Decentralized Projects from Centralized Exchanges
First, there are important differences between a centralized entity like FTX and decentralized projects that try to minimize the role of human financial intermediaries. Lawmakers should make sure there are clear differences between centralized and decentralized exchanges, and they shouldn't be forced to follow rules that don't fit the risks they face.
Cryptocurrencies are new and different because they let people store and send money anywhere in the world without going through trusted third parties. Cryptocurrencies try to solve the problem of financial frauds like unauthorized transfers and false bookkeeping by giving people an alternative to banks and brokers, who have traditionally been trusted to hold and transfer assets and keep honest ledgers. In broad terms, cryptocurrencies replace "the books" with a public digital ledger (called a "blockchain") that records transactions and verifies them with cryptographic proof. Also, "the bookkeepers" are replaced by programs that run on computers and check each other's work.
DeFi takes this idea one step further by cutting out the middleman from not only token transfers but also a wide range of other financial transactions, such as giving and getting loans, trading different types of crypto tokens, and making up new ways to get insurance. Instead of using financial middlemen, DeFi uses "smart contracts," which are software programs that run themselves and are put on cryptocurrency blockchains. When certain conditions are met, these "smart contracts" deliver financial instruments. DeFi has the potential to change the world because it can be used without permission and can be put together with other projects.
People may doubt that crypto can reduce risks by cutting out the middleman because of what happened with FTX. But without more information, such questions can misrepresent FTX, which is a traditional middleman at its core. Like a traditional bank or broker, FTX took people's assets, such as cash and cryptocurrency, by controlling their "private keys." And FTX kept the books, as bad as they were.
These centralized exchanges are like the way financial instruments have always been traded through middlemen. They let people trade cryptocurrencies for fiat currencies and usually hold their assets for them. Most centralized exchanges organize sales with central limit order books, which match willing buyers and sellers at the best price (i.e., the highest bid and lowest ask touchlines). Their backend software and transaction histories are not by nature public. Centralized exchanges can add or remove tokens from their lists and let users trade or stop them from doing so.
DEXs, which stand for "decentralized exchanges," are an alternative to these centralized markets. DEXs break with history because they use open-source software instead of middlemen. Even though DEXs come in different shapes and sizes, in their most basic form, they decentralize core exchange services like custody, market making or order book matching, and settlement. DEXs let users keep their own tokens and use different ways to set up sales, such as automated market maker pools (AMMs) and on-chain order books. DEXs made up of smart contracts written in open-source code that can be checked are also designed to be public and record transactions directly on a public blockchain ledger. Users can usually list their own tokens on DEX protocols, as long as the blockchain infrastructure of the tokens is compatible with the DEX smart contracts. Even though the companies that make DEX protocols' front-end graphical user interfaces can remove certain tokens from their front ends, DEX smart contracts can be freely copied and changed, so the choices of a single front end don't limit what a DEX protocol can do.
DEXs do not solve every problem or eliminate every risk. For example, users can swap between certain cryptocurrencies, but they can't use debit or credit cards to buy cryptocurrencies. Hackers can also try to break into smart contracts. But DEXs are not reliant on a middleman keeping his word because they are made up of smart contracts that are public and can be checked. Also, real DEXs are written in open-source code, which means that if users don't like everything about one DEX version, they can change it and start over.
This doesn't mean that DeFi is better than centralized finance all the time. Almost certainly, this will depend on what the user needs. It's also not to guess how well DeFi, centralized finance, or any other project will do. Instead, the goal is to help explain what makes DeFi special so that policies that want to deal with financial risks can see how centralized firms and DeFi projects are different. This means knowing not only the risks of decentralized exchanges, like complicated (if public) transaction histories and security holes, but also how decentralization can help reduce other risks by making transaction data public and letting people store their own digital assets. Different kinds of risks should be dealt with in different ways.
Understanding these risks also means knowing that forcing DEXs to follow rules made for traditional intermediaries that work for everyone takes away from what makes DEXs different. It's also counterproductive because, as you might expect, following rules made for intermediaries usually means giving tasks to intermediaries. This brings back some of the risks that DEXs try to avoid.
Establish Clear Rules for the Regulation of Crypto Marketplaces and Token Issuers
Second, whether you think the SEC was sleeping at the wheel or that the fact that FTX was based in the Bahamas meant that no U.S. regulation could have stopped its collapse, the lack of clarity in U.S. regulations is still a problem that leaves known risks unaddressed and can drive innovation to countries with clearer rules.
A sensible regulatory framework should tell both crypto exchanges and token issuers how to tell the difference between projects that copy the risks of traditional finance and those that reduce those risks by cutting out the middleman.
Crypto marketplaces: In the United States, modern exchange regulation tries to deal with the "intermediary risks" posed by the middlemen who make up secondary markets for financial instruments. In order to do this, the Commodity Exchange Act of 1936, as changed by the Commodity Futures Trading Commission Act of 1974, and the Securities Exchange Act of 1934 require, among other things, that exchanges register with and follow the rules of their main federal regulator (e.g., the CFTC or SEC) and keep an eye on and police the behavior of their members. Both regulators want to deal with risks that have to do with where assets are kept, how transparent markets are, how markets can be manipulated, and fraud. But these risks are different in centralized and decentralized marketplaces.
No matter what kind of marketplace it happens in, fraud should never be allowed. This is already covered by securities laws and regulations. It is against the law to defraud, lie, or leave out important facts that could be misleading when buying or selling a security. The same is true in the case of commodities, where it is illegal to knowingly or carelessly defraud someone or make a false or misleading statement or leave out a material fact in a contract to sell a commodity in interstate commerce.
Aside from anti-fraud agencies, however, applying securities and commodity futures exchange rules to crypto marketplaces creates regulatory uncertainty, which hurts those marketplaces and doesn't distinguish between centralized and decentralized exchanges. It doesn't make sense to put rules in place to deal with the risks of middlemen for software that is meant to get rid of middlemen. For example, requirements to hold customer property in a way that makes it less likely to get lost don't apply to DEXs where users keep their own tokens. In the same way, requirements that trading data be made public are, at best, unnecessary for DEXs and, at worst, counterproductive because they could mean that information has to be given in ways that can only be done with more active management of DEX projects.
Congress should make it easy for centralized marketplaces to register with their relevant regulator, the CFTC for crypto commodities marketplaces and the SEC for crypto securities marketplaces. This way, rules can be made that are narrowly focused on relevant risks. Congress should also define decentralized exchanges and make it possible for DEXs that meet certain criteria to register voluntarily with the regulator that oversees them. When DEX registration isn't required, it shows that DEXs can use technology to deal with intermediary risks. It also encourages innovation in DEX design, including consumer protections, keeps up with the speed at which DEXs change, and gives DEXs a lot of room to show what they can do (e.g., their openness and interoperability).
Token Issuers: Taking care of how markets are regulated, however, is only part of the job. It's also important to be clear about whether crypto projects need to be regulated as securities. This will help figure out which regulator has control over the trading of these instruments and what kind of customer protections are needed. If a cryptocurrency project isn't regulated as a security, it should be thought of as a commodity.
Like with exchanges, decentralization is a key factor in deciding whether crypto projects should be governed by the federal securities law regime that is already in place. At a high level, the goal of federal securities law is to make sure that what people say about possible investment opportunities is true. Securities laws were made in part to protect investors from the risks that come from a management body being able to know things that investors don't and from being able to do things that aren't in the best interests of investors. So, securities rules are a good way to deal with the specific risks of fraud, deception, and manipulation by developers, sellers, or promoters who continue to run a cryptocurrency project.
Congress should make it clear that securities laws do not apply to projects that do not have a central point of control. This means that securities laws wouldn't apply to tokens where the developer, seller, or promoter doesn't promise to do the work needed to deliver the token and its benefits, i.e. act like a manager. For example, this could mean making software or trying to get users or merchants to use it. When developers say they will do these things, the crypto project is centralized, and security measures should be put in place. But if the project can work as planned without the help of managers, it is decentralized, and securities laws do not apply to the sale of its tokens.
Congress should make it easier for cryptocurrency projects that are moving toward decentralization but aren't quite there yet to avoid having to follow securities laws. This could be done by giving a streamlined disclosure option that covers information that crypto buyers need to know. Even SEC Chair Gary Gensler, who has been, to say the least, against giving more guidance about crypto, has said that crypto projects may need different disclosure rules than traditional securities like stocks.
To get effective regulation in this space, it is important to make it clear when securities laws apply to crypto projects. Without clear and logical answers, legal uncertainty will continue to confuse developers and users, stifling innovation or sending it overseas, and leaving risks unaddressed that are similar to those already covered by the law.
The Market Should Decide Crypto’s Promise
Lastly, after FTX went bankrupt, there were the usual calls to "protect consumers" from risks by banning crypto, giving crypto the same strict rules as traditional banking, or, paradoxically, not regulating crypto in order to make it look less legitimate. This kind of "protection," which is based on a value judgment about the worth of the crypto ecosystem, takes the choice to engage in technological innovation out of the hands of consumers, investors, and entrepreneurs and puts it squarely in the hands of the government, where it does not belong.
Even though it's reasonable to be cautious around a new type of asset or technology, it's a very different thing to actively stop people from using a tool that, by some estimates, about one in five Americans already uses for things like trading and sending money back home. People from underrepresented groups are more likely to invest in cryptocurrencies. This could be because they are looking for solutions to problems that the traditional financial system doesn't offer. Even though crypto hasn't reached all of the goals that it or others have set for the ecosystem, this is not a reason to limit access to it. Regulatory interventions shouldn't change the results by slowing down the natural growth of an industry.
Also, the fact that some people might lose money if they invest in crypto does not mean that strict rules are needed. Risk is a natural part of markets, and sometimes failure is needed for growth. People shouldn't be protected from loss by the government. Americans should be able to take part in this process, whether it's good or bad, without putting the government's efforts to protect them at risk.
** Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of USA GAG nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.