How to supervise a crypto exchange
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The writer is a former financial regulator
Regulate crypto or let it burn? While debate rages in the US (and across the pixels of the Financial Times), it is already over in the EU — and soon will be in the UK.
The Financial Services and Markets Bill is winding its way through parliament. It now includes a broad definition of crypto assets that will be subject to regulation. A UK Treasury consultation will fill in the details shortly. And in the EU, the Markets in Crypto Assets Regulation (Mica) was agreed this summer and will come in force by 2024.
With the aftershocks from the collapse of the crypto exchange FTX reverberating, a new question comes into focus: how to supervise a crypto exchange?
Mica sets admirably tough standards for crypto asset service providers, covering exchanges. Exchanges will now need a licence from one country in order to gain a passport to do business across the whole of the EU. Two big changes are coming.
First, corporate structure. The service providers will need to have robust corporate governance and controls, an EU legal entity and, crucially, a corporate structure with jurisdictions that do not prevent effective supervision. FTX’s failure highlights the importance of these standards. But it is hard to give the other exchanges good marks. The largest, Binance, will still not say where it is headquartered, for example.
As the Bank of England’s Jon Cunliffe explains, part of the problem is that these are not really “exchanges” but rather provide multiple, bundled services that would be separated in traditional finance for conflict of interest, prudential and consumer protection reasons.
Mica unhelpfully appears to allow such bundling of multiple services in a single legal entity. Some guardrails will be needed in detailed rules set during the run-up to implementation.
Second, Mica will impose client asset protection rules on service providers. FTX’s alleged use of client assets to fund its trading arm means creditors are waiting to hear how much money they have lost. These creditors are thought to number at least 100,000 and could be more than 1mn.
This has left other exchanges scrambling to demonstrate the validity of their proof of reserves, the assets that back customer positions, with Binance commissioning a report from accounting firm Mazars. But the report is limited in scope on the crypto assets it covers, unconvincing about how customer liabilities are calculated and lacks comment on the effectiveness of internal controls. Mazars announced at the end of last week that it had stopped providing proof of reserve reports entirely and painstakingly qualified past ones as not being an assurance exercise.
Client asset segregation was a big non-crypto problem in the failure of Lehman Brothers and the broker dealer MF Global. This led to a crackdown in the UK and elsewhere, with big fines, detailed new regulatory requirements and increased personal senior manager liability. Tough rules, bespoke to crypto, will need to be developed and adopted at speed.
Supervisors are going to have some difficult decisions to make on granting licences if exchanges aren’t ready in time for the new EU and UK rules.
The exchanges will clearly need to make big changes to their business models before they submit their licence applications. Mica has a raft of other challenging requirements that also need to be sorted quickly.
Exchanges will have to vet each crypto asset’s suitability for customer trading based on the “reliability of the solutions used” and the potential association with financial crime. They will also need to disclose the adverse environmental and climate-related impact of the mining required for each crypto asset. Liability for losses from hacking of customer wallets will kick in. And tougher risk warnings for crypto investments will come into force in both the EU and UK.
Supervisors themselves have tight deadlines to make licensing decisions under Mica. The risk is that the race to be the crypto hub of Europe will sway decisions — likewise the new UK imperatives for supervisors to consider competitiveness.
Binance, by far the largest exchange, is the key test case. The French regulator, the Autorité des Marchés Financiers, raised eyebrows by registering Binance under pre-Mica rules, despite Binance being fined by Dutch supervisors and the UK’s Financial Conduct Authority saying it was unsupervisable. What will happen in the (re) licensing process?
Supervisors need the resources and political cover to refuse licences until corporate structure and client asset problems are sorted. The best way to supervise crypto exchanges? Start by not licensing them until they have got their act together.
Comments