Part 1 - Future financial services regulatory regime for cryptoassets

BPUK Response

Apr 27, 2023

Future financial services regulatory regime for cryptoassets - GOV.UK (the “paper”)

This response is submitted by Freddie New (Head of Policy, Bitcoin Policy UK) and Richard Medley (Policy Advisor, Bitcoin Policy UK)

We address a selection of the questions posed by the Treasury’s consultation paper, as indicated below.

Part 1: Preamble

Cryptoassets should properly be divided into (i) Bitcoin and (ii) all other cryptoassets. It is important to draw this distinction in this context since it has a direct bearing on the nature and enforceability of any proposed regulation. Broadly speaking, any cryptoasset other than Bitcoin is centralised (to a greater or lesser degree), and likely vulnerable to disproportionate control by one or more powerful holders or users. The more centralised a cryptocurrency, the greater the risk of customer harm in the form of ‘rug pulls’, scam offerings, and ponzi-type behaviour, but at the same time, the greater the scope for a regulator to influence or control the behaviour of those individuals who themselves control a protocol and the application of that protocol. The degree of centralisation of a cryptocurrency has a direct bearing on the nature of the regulation appropriate for that cryptocurrency - for example, whether it is possible for a regulator to direct a natural or non-natural person to modify their behaviour and, by extension, to modify the rules of the cryptocurrency protocol, or whether (as in the case of Bitcoin) this is no longer possible.

By centralised, we mean the ability of a small group of persons to determine the rules of the cryptoasset’s code, to dictate governance, or to manipulate price - all potentially to the detriment of consumers. While Bitcoin remains vulnerable to market price manipulation, it stands apart from all other cryptoassets in its enormous degree of decentralisation and the fact that no matter how much bitcoin a person holds, that person cannot change the rules of its code or change its fundamental nature (e.g. by increasing supply). This is entirely unlike the way in which shareholder voting functions in a company, where a higher percentage of shares gives the holder a greater degree of control over the company in question.

Even controlling a majority of the hash power (broadly, the number of transactions that a Bitcoin miner is capable of performing per second in order to guess a block header and mine a new block) does not grant control of the Bitcoin network - because the thousands of nodes running the Bitcoin software worldwide and maintaining copies of the distributed ledger (the blockchain) would reject invalid transactions in the event of a 51% attack. No other cryptoasset is so secure or immutable, not least because every other cryptoasset still has a ‘controlling mind’ in the form of one person, or a small group of persons, capable of making systemic change to the cryptoasset’s rules. This is not possible with Bitcoin and has not been possible for more than a decade.

Bitcoin is now decentralised to such a degree that it is effectively beyond regulation, by which we mean that no state, no matter how repressive, can prevent the use and ownership of bitcoin without shutting down the internet (and even then solutions exist that do not require an internet connection in order to protect against network interruption, such as Blockstream’s satellite program 1). It is worth noting that despite the CCP’s best efforts on multiple occasions to enforce a ban of Bitcoin, more than 20% of the network’s hashrate is still located in China 2.

The fundamental point that regulators should keep in mind is that a Bitcoin transaction validly signed by a user’s private keys cannot be stopped or reversed, and if it is validly signed it will be mined into a block and included in the blockchain. No government, no bitcoin user, no miner, and no node operator can prevent the transmission of such a valid transaction.

Bitcoin has no issuer, no ‘controlling mind’, no CEO and no board of directors. In short, governments can regulate persons (natural and non-natural) and their behaviour, but cannot materially control the asset itself, or any of its properties. We therefore agree with the Treasury’s position set out in the paper that in many cases “financial services activities will be regulated, rather than the asset itself.”

Regarding the nature of the asset, it is important for regulators to understand that Bitcoin is not an IOU - in and of itself, it has no counterparty risk and is relatively unique, being a commodity money in digital form, rather than representing an obligation of a third party. Virtually all other money in use today is in fact a form of ‘liability’ money (the Bank of England openly admits that the pound sterling is nothing more than an obligation of the central bank 3). Bitcoin, by contrast, is specie in and of itself; it can be owned absolutely without reliance on, or representing an obligation of, any third party. We therefore broadly agree with the Treasury’s comments in the paper that ‘Cryptoassets such as Bitcoin do not provide a claim on an identifiable issuer since coins can be created or “minted'' according to a protocol which has been coded by computer developers often based in overseas or unknown locations.

Even where the creator of the cryptoasset is identifiable, they do not have the same level of control over it as a company does over the securities it issues.’

Recent developments in the banking and finance sectors have undoubtedly reminded the general public that a person depositing money into a commercial bank essentially becomes an unsecured creditor of that bank. The money deposited is no longer theirs, although they do have a legal claim to it as a creditor.

In the same way, the holder of a physical piece of paper money is a creditor of the central bank that issued the paper money - which is backed only by trust in that central bank and, by extension, the government behind it.

In an environment where trust in governments and their institutions has collapsed at an alarming rate, it is no surprise that citizens throughout the world, including those in the UK, are turning to alternative forms of money - whether physical bearer assets, such as gold, or digital bearer assets, such as Bitcoin.

As an overarching point, when regulating behaviour, our recommendation is to commence with regulation of the exchanges, namely the platforms where customers buy and sell bitcoin (and other cryptocurrencies). Each jurisdiction is likely to begin its regulatory journey here, ultimately regulating exchanges in a similar way to banks, ensuring that all users of the exchanges undergo KYC and AML checks. This will go a long way towards closing off the use of cryptoassets for illicit activities, as almost all tokens put up for sale will eventually be sold on an exchange, and working with blockchain analysis companies can very easily allow the authorities to track down and associate wallet addresses used for criminal activities with addresses of actual individuals on exchanges. In relation to illicit activities, it is worth noting that the research of leading blockchain analytics company Chainalysis shows that “transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021 4”, indicating that over 98% of all cryptocurrency transactions were perfectly legitimate - arguably a much higher level than that of the transactions taking place in the traditional banking system 5 (noting at the same time that since Bitcoin’s dominance of the market is around 47%, the figure for Bitcoin will be below 1%).

We note the proposal in the Treasury’s forward to ‘bring centralised cryptoasset exchanges into financial services regulation for the first time’ and are supportive of this step as it will be likely significantly to reduce the risk of customer harm.

Part 2: Specific Responses to Numbered Questions

Box 3.A, Question 6. Does the phased approach that the UK is proposing create any potential challenges for market participants? If so, then please explain why.

Box 4.A Question 8. Do you agree with the list of economic activities the government is proposing to bring within the regulatory perimeter? We note the reference at table 4.A (Proposed scope of cryptoasset activities to be regulated) to ‘Validation and Governance activities’. The suggested list of sub-activities includes ‘mining or validating transactions, or operating a node on a blockchain’. We recommend that further thought be given to whether operating a node, or mining bitcoin, be designated a regulated cryptoasset activity. Already, thousands of Bitcoin nodes exist worldwide (including many in the UK 6). A majority of these nodes operate behind Tor 7 and it is not possible to identify in which jurisdiction they are located. A node can run on a basic single board computer such as a Raspberry Pi and can be operated simply and at very low cost. We question the inclusion of ‘node running’ or ‘mining’ within the scope of the regulation for the very simple reason that there is no voting or governance system existing within the Bitcoin protocol that gives individual nodes a ‘vote’ or a voice over how the rules of Bitcoin may be applied or changed - the only choice a node-runner has is over which version of the software to run. Simply running software that blindly complies with protocol rules that the node-runner is incapable of changing does not appear to be an activity that is within the ambit of financial regulation. A node simply stores a full transaction record in the form of the distributed ledger, and it checks transactions that are broadcast to the network to ensure they are valid according to the rules of the protocol 8.

It does not therefore perform any financial activity that is capable of regulation. The function of Bitcoin miners, on the other hand, is to determine the correct order of transactions in the distributed ledger, and to expend energy in competing with each other to produce new blocks of these transactions. Once again, miners cannot alter the rules of the protocol or force any other users of the network to adopt new rules. Bitcoin is controlled by all users of the software, all around the world. Neither miners (nor even Bitcoin developers) can force a change in the protocol since every single user of the protocol is free to choose which version of the software to use. The system can only work correctly with a complete consensus between the users.

It is true that a miner that correctly creates a new block is rewarded with new bitcoin in what is known as the ‘coinbase’ transaction 9. However, the ‘miner’ in this context is not the ‘issuer’ of the new Bitcoin in the same way that a company issues new shares. One school of thought is in fact that the mined Bitcoin already exists, and has always existed since the protocol has been running. The successful miner has no choice or control over whether the Bitcoin from the coinbase transaction be awarded or not, and as such, at a very basic level, it is illogical to suggest that mining (running code that another party wrote and over which the miner has no control) should or even could be a regulated activity.

Box 4.A: Question 7. Do you agree with the proposed territorial scope of the regime? If not, then please explain why and what alternative you would suggest. We refer to paragraph 4.5 of the paper and the suggested requirement for a person to be FSMA-authorised in order to carry out a regulated activity in the United Kingdom. We refer to our response above in relation to 4.A question 8 (relating to the nature of the proposed regulated activities) but specifically on the territorial extent, we note that it is not currently possible to determine in which jurisdiction the majority of the reachable nodes on the Bitcoin network are located 10. This is because the majority of nodes run either behind Tor or using a VPN. Any attempt to regulate thousands of individual persons, running small nodes behind Tor using cheap, single board computers would firstly be disproportionate regulatory overreach, and secondly be completely unenforceable by any regulatory body anywhere in the world. A more productive solution would be to exempt individual natural persons from the scope of the regulation, whether such persons are mining or running nodes. In our view, it would be a poor use of the regulator’s resources to attempt to enforce any other approach.

Box 4.A: Question 9. Do you agree with the prioritisation of cryptoasset activities for regulation in phase 2 and future phases?

Our view is that a key goal of any regulation in this space should be the prevention of customer harm. We note that ‘Admitting a cryptoasset to a cryptoasset trading venue’ is set to be included only in Phase 2 and not in Phase 1. In our experience, some of the greatest customer harm in the cryptocurrency space has taken place where tokens are issued without appropriate issuer track records, held in the majority by a small team, which then offloads the tokens onto retail customers, before exiting and crashing the market price of the now worthless token. We would recommend that devising clear and strict rules for the listing of new tokens be prioritised as this is an area where consumers are repeatedly at risk and have frequently suffered severe financial harm 11. Members of our organisation have previously communicated (for example, during the FCA’s Crypto Sprint in 2022) that a ‘prospectus’ style regime for listing new tokens could be a simple and effective guardrail for preventing such scams in the future.

Box 4A: Question 12. Do you agree that so-called algorithmic stablecoins and crypto-backed

tokens should be regulated in the same way as unbacked cryptoassets? Our view is that the risks associated with algorithmic ‘stablecoins’ are significant and are very likely to lead to customer harm (as witnessed by the events of 2022 12). We are supportive of the suggested methodology for addressing these risks via financial promotion rules - it is essential that retail customers are fully informed as to the hazards of investing their money in a stablecoin protocol that is capable of entering into a negative feedback loop and abruptly (and catastrophically) de-pegging from the asset that ostensibly backs it.

Box 5.A: Questions for Respondents - Questions 14 to 18

We have chosen to address these questions generally as we are broadly supportive of the suggested approach here. As noted elsewhere in our response, we have in previous submissions (for example, to the FCA Cryptosprint) suggested that the prospectus-style regime provides a workable precedent that can be adapted to the cryptoasset space and could provide guidance as to how offers of digital securities might be made to the public.

We suggest that the Treasury also considers ‘grandfathering’ provisions for assets, such as Bitcoin, that are without an issuer and have been in the market for a number of years (14 and counting). We note that the paper proposed “Where there is no issuer (e.g. Bitcoin), the trading venue would be required to take on the responsibilities of the issuer if they wish to admit the asset to trading.” In the case of Bitcoin, we also note that the Treasury has elsewhere in the paper made the statement “Cryptoassets such as Bitcoin do not provide a claim on an identifiable issuer since coins can be created or “minted'' according to a protocol which has been coded by computer developers often based in overseas or unknown locations. Even where the creator of the cryptoasset is identifiable, they do not have the same level of control over it as a company does over the securities it issues.”

In the Treasury’s own words, therefore, there is an acknowledgement that the creator of Bitcoin is not identifiable and does not have the same level of control over Bitcoin as does a company (or another cryptoasset issuer) over the securities it issues. With this acknowledged, it is then challenging to see how a trading venue can be required to take on the responsibilities of the issuer in the case of Bitcoin (unless of course those responsibilities are effectively nil, given the Treasury’s correct analysis of the nature of control over Bitcoin). In short, we would recommend that any regulation takes note of the unique nature of Bitcoin and ideally either carves this asset out of scope, or acknowledges that Bitcoin, as the original, oldest and most widely-traded of available cryptoassets, is grandfathered into the new regulation.

Box 6.A: Question 19. Do you agree with the proposal to use existing RAO activities covering the operation of trading venues (including the operation of an MTF) as a basis for the cryptoasset trading venue regime?

We would query the scope of the regulation’s applicability and whether it is intended to cover individual persons who are not engaged in a commercial enterprise but are, for example, running a Lightning node 13 that routes a small number of payments in a de minimis amount. It would not seem proportionate for these to be included within the scope of regulated activities (nor would the rules be enforceable if they were). See in addition our response to the questions below.

Box 7.A: Question 21. Do you agree with HM Treasury's proposed approach to use the MiFID derived rules applying to existing regulated activities as the basis of a regime for cryptoasset intermediation activities?

Question 22. Do you have views on the key elements of the proposed cryptoassets market intermediation regime, including prudential, conduct, operational resilience and reporting requirements?

Our recommendation here is simple - that the definition of cryptoasset intermediation services clearly excludes any and all services provided by amateur individuals operating Lightning nodes (of whom there are many 14). As per our comment on the question above, it is neither reasonable nor proportionate to expect an amateur hobbyist to comply with stringent financial regulation, or for such a person's activities to be defined as ‘regulated’ activities. By way of explanation, a Lightning node runner does provide liquidity to the Lightning network, by locking funds into a ‘payment channel’. Many transactions can be made in this payment channel before it is closed and the final balance written into the base layer of Bitcoin’s blockchain.

However, the node runner will not be exercising discretion or determining the nature, destination, or amount of any payments that their node is routing. It therefore appears disproportionate to require node runners to be subject to reporting requirements simply for running software over the operation of which they have no substantive control.

Box 8.A: Question 23: Do you agree with HM Treasury’s proposal to apply and adapt existing frameworks for traditional finance custodians under Article 40 of the RAO for cryptoasset custody activities?

Question 24: Do you have views on the key elements of the proposed cryptoassets custody regime, including prudential, conduct and operational resilience requirements?

We reiterate our view that the aim of good law and regulation should primarily be the avoidance of customer harm. From this perspective, we are broadly supportive of the proposals to adapt existing frameworks for custodians, to ensure that custodians have robust governance, and so far as possible, that customers should have recourse and redress in the event of a loss of their assets.

We feel, additionally, that a broader point needs to be made here. For far too long, prominent decision-makers, regulators and public figures have been consistently dismissive of cryptoassets, and of Bitcoin (references to ‘tulips’, ‘ponzis’ and ‘scams’ are constant and continuous). While we may agree with such references in the case of a large majority of cryptoassets, the fact remains that Bitcoin at the time of writing has a total market capitalisation in excess of half a trillion dollars 15, and it is neither helpful nor constructive for policymakers to dismiss such a significant asset class, and in doing so to put millions of customers at the risk of significant harm (exposing them to financial loss and hardship) by a stubborn refusal to recognise that there is objective value in Bitcoin, whatever their subjective prejudices.

As support for this view, we quote the head of digital policy at Barclays Bank, Nicole Sanders, who recently expressed the view that no regulatory action has been taken in this space because regulators simply thought that cryptocurrency would die 16. We are pleased that decision-makers are now treating the space seriously and giving careful consideration to the prevention of customer harm, but we wish the record to show that it is regrettable it has taken so long and that the industry has been met with dismissiveness rather than the careful consideration that it deserves. We note, however, the recent UK government fact sheet on cryptoassets, which provides welcome evidence of a serious approach to the subject, in contrast to previous dismissive statements 17.

However, we have in the recent past held discussions with several industry participants in the Bitcoin space who have expressed to us their extreme reservations relating both the slow pace of clear regulation in the UK, and also the nature of some of the regulation that is emerging. We note as a particular area of concern the ‘positive frictions’ that will be required, such as the 24 hour cooling off period in a customer journey 18. We quote: “Subject to any changes in circumstances, we expect to take a consistent approach to cryptoassets to that taken in our new rules, in place from 1 Feb 2023, for other high-risk investments. This would mean firms being required to use specific risk warnings and positive frictions (such as a 24-hour cooling off period) in their consumer journeys, in addition to the overarching requirement that their promotions are clear, fair and not misleading.”

While we support the goal that promotions must be clear, fair and not misleading, the 24 hour cooling off period in particular creates significant friction for British businesses that seek to comply with the rules (noting however that this is similar to the legislation applicable to casinos - ideally a potential middle ground might be that this would apply only to new customers opening new accounts where both the customer and the exchange are UK-resident/regulated) 19.

Non-FCA regulated businesses that are able to access the UK market will not be subject to this regime and will immediately have an unfair competitive advantage over British businesses that seek to comply in good faith. One of the companies to whom we spoke had been in the process of opening a UK office, but is now reconsidering whether to do so (given the significant friction). The other is now intending to relocate from the UK to New York.

Despite the obvious commercial disadvantages set out above, it appears logically inconsistent that the justification for the provision is that ‘cryptoassets remain high risk’, when at the same time the government’s own fact sheet of 11 April this year (see footnote 17 above) states in the first paragraph that “Cryptoassets are a digital representation of value…

Cryptoassets typically fluctuate more in value than government-issued currencies. For example, the price of one Bitcoin fluctuated from an all-time high price on 8 November 2021 where it reached $67,567 per coin, to a recent low on 18 June 2022 to $17,744'' - both acknowledging that Bitcoin has a value, and providing evidence of its price range. The fact sheet conspicuously fails to mention that 24 months prior to the sample dates, bitcoin had been trading at merely £3,000.

While it is undeniable that price fluctuations are frequent and warnings as to such fluctuations should properly be included within any financial promotion, Bitcoin now has a fourteen year track record and at no point since it began trading has it dropped to zero in sterling terms. While its price remains volatile, with every year the likelihood of a drop to zero occurring diminishes.

In summary, it seems disproportionate of the regulator to cite this as a reason to require UK companies comply with restrictions that will not apply to non-FCA regulated firms, which requirements will be likely to drive business offshore, with the associated loss of tax revenue for the Treasury, loss of UK jobs, and loss of domestic opportunity.

Box 9.A: Question 30. Do you agree with the proposal to require all regulated firms undertaking cryptoasset activities to have obligations to manage inside information?

Absolutely yes - preventing insider dealing, and especially situations where exchanges deal against their own customers (as it is alleged has taken place at multiple exchanges 20) is crucial to prevent customer harm.

Box 10.A: Questions for Respondents 32. What types of regulatory safeguards would have been most effective in preventing the collapse of Celsius and other cryptoasset lending platforms earlier this year?

We would suggest two simple requirements here, firstly in a regulatory requirement for inclusions in the terms and conditions of such lending platforms, and secondly in terms of reserve requirements and depositor protection.

Regarding the first, while it is true that the Celsius terms and conditions provided that an Earn Rewards Investor relinquished control over their deposited cryptocurrency to Celsius, which was then free to use such cryptocurrency as it saw fit 21, it is arguable that this surrender of title to Celsius was not sufficiently signposted to depositors. Depositors appear to have behaved as though Celsius was a bank, with all the protections that a bank is able to provide. Our view is that an element of any terms and conditions which has such potentially catastrophic implications in the event of an insolvency event should be required to be stated prominently, front and centre, as the first clause highlighted to any potential depositor. In short, this risk was not adequately or fairly disclosed to Celsius customers.

Secondly, we suggest the imposition of at the very least some fractional reserve requirements upon custodians who are offering cryptocurrency lending. As we have recently seen, bank runs in the era of Twitter and 24/7 banking can happen with shocking speed, and this is an even greater risk in the cryptocurrency space. A reserve requirement imposed on a regulated exchange that offers a lending service would go some way towards mitigating such a risk, and the eventual extension of a regime analogous to the Financial Services Compensation Scheme 22 would provide some significant comfort to depositors in the event of counterparty insolvency.

Question 35. Should regulatory treatment differentiate between lending (where title of the asset is transferred) vs staking or supplying liquidity (where title of the asset is not transferred)?

We agree that regulation should differentiate between these two activities. Again, we return to the key principle - that regulation should prevent or minimise customer harm. As we set out above, customers appear to have treated the deposit of funds into Celsius (and its other failed competitors) as analogous to banking deposits. It is noted that a deposit of cash into a bank does in legal terms also involve a ‘disposal’ of that cash, albeit in a context where that cash is lent by the depositor to the bank. In this context, the bank receiving the deposit gains title to it, and the depositor retains only a claim against an equivalent amount of cash as a creditor of the bank.

We do not propose to set out a detailed explanation of staking and liquidity provision here, as such activities are of less relevance to on-chain Bitcoin transactions, but in the case of an exchange that offers services similar to those offered by Celsius, BlockFi, or their other failed competitors, our view is that if such exchanges are being regulated in a similar way to banks, then the customers who are depositing valuable assets into such exchanges should be entitled to protections similar or equivalent to the Financial Services Compensation Scheme.

References

1 https://blockstream.com/satellite/

2 https://decrypt.co/100668/covert-chinese-bitcoin-miners-still-account-for-21-of-network-hashrate-report

3 See paragraph 1.1 of ‘New Forms of Digital Money’ by way of example: https://www.bankofengland.co.uk/paper/2021/new-forms-of-digital-money

4 https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/

5 https://www.fca.org.uk/news/press-releases/credit-suisse-fined-ps147190276-us200664504-and-undertakes-fca-forgive-us200-million-mozambican-debt

6 https://bitnodes.io/

7 https://www.torproject.org/

8 https://learn.saylor.org/mod/book/view.php?id=36307&chapterid=18896#:~:text=A%20bitcoin%20node%20is%20a,blockchain%20database%2C%20and%20network%20routing

9 https://www.javatpoint.com/coinbase-transaction

10 https://bitnodes.io/

11 https://www.washingtonpost.com/world/2021/11/02/squid-game-crypto-rug-pull/