CFTC Commissioner Goldsmith Romero Highlights Digital Asset AML/ Cyber Risks
Commentary by Steven Lofchie
CFTC Commissioner Christy Goldsmith Romero highlighted risks created through the use of digital assets.
In an address at the Institutional Adoption and Regulation of Digital Assets Summit at City Week in London, Ms. Goldsmith Romero said that "most current risk" within the digital asset space comes from decentralized finance ("DeFi") which made up 82 percent of cyber hacks in the past year. She also asserted that the anonymity of cryptocurrency enables cybercrime, and, in particular, ransomware. She made clear that it is possible for crypto companies to ensure privacy for customers, while abstaining from the use of mixers or other related-technology which increase the ability to engage in anonymous transactions.
To prevent crypto cybercrime, Ms. Goldsmith Romero underscored the importance of (i) strengthening cross-chain bridges that allow users to transfer crypto assets to different blockchains and (ii) securing third-party services, such as customer interfaces.
Financial Stability Risks
Ms. Goldsmith Romero cautioned that while crypto exchanges may be structured similarly to traditional exchanges, they can lack adequate disclosures and proper regulatory supervision. She noted two examples where unregulated exchanges led to bad outcomes for investors: the Celsius bankruptcy and the FTX collapse. In Celsius, she said, the court upheld an electronic disclosure agreement known as a "click-wrap agreement" and found that customer deposits were owned by the exchange and not the customers. As a result, she said, the customers were not prioritized in bankruptcy. In the case of FTX, Ms. Goldsmith-Romero said that the collapse "laid bare the risk of undisclosed and unmitigated conflicts of interest" through vertical integration. She reiterated the "significant risk" posed by crypto companies serving multiple functions.
To address risks to financial stability, Ms. Goldsmith Romero urged Congress to close the regulatory gap for non-securities spot markets in order to reduce conflicts of interest-related risk. Ms. Goldsmith Romero stated that it will not be enough to simply manage cyber vulnerabilities which create risk to financial stability. She said that cyber vulnerabilities must be eliminated.
Commentary
The regulators are clearly attentive to the problems besetting the digital asset markets, as those problems certainly make the case that the market cannot succeed without regulation. Unfortunately, the digital asset market cannot succeed without regulation that is tailored to the product, which none of the U.S. regulators (leaving aside SEC Commissioner Hester Peirce) seem interested in developing. See, e.g., Commentary: The Securities Law Treatment of Utility Tokens; see also Analysis: By Whom Should Digital Assets Be Regulated? The Solomonic Solution.
Not only are current regulatory requirements not modified to be workable for digital assets, the additional demands that would be imposed are too high. Why, as to digital assets, is it not sufficient that cyber vulnerability be limited; why must it be "eliminated" as Commissioner Goldsmith Romero states. That is not a realistic standard; it is certainly not one that the U.S. government meets. See, e.g., NYT Article, Russian Hackers Broke into Federal Agencies, U.S. Officials Suspect; Popular Science, Why Government Agencies Keep Getting Hacked.