This brief is part of a series produced by the Digital Finance Project Team (DFPT)
of the Bretton Woods Committee's Future of Finance Working Group (FFWG)
RECENT DEVELOPMENTS IN In that context, it’s worth noting that while examples
of market volatility, illicit activities, and fraud crowd the
THE CRYPTO-ASSET MARKETS recent headlines about the perils of crypto, the need
Some of the risks, challenges, structural limitations, and
for regulation is much broader. Informed regulation is
misaligned incentives in crypto-asset markets have been
essential for businesses to grow and thrive. And it is note-
vividly on display this year, including the following:2
worthy that a lack of clear and predictable regulation is
∞ The collapse in the value of some algorithmic often cited as an obstacle to adoption and success by
stablecoins such as TerraUSD and Luna, and the entrepreneurs and other participants in the crypto space.4
spillovers this has generated to other types of sta-
Promoting the safety and soundness of financial firms
blecoins such as Tether
and platforms is a critical case in point: It is essential to
∞ Sharp price declines and volatility in non-
build trust in them and, in turn, the financial system by
stablecoin (or unbacked) crypto assets3
ensuring that they will be able to honor their commit-
∞ Freezing of withdrawals from and/or insolvencies ments. That’s true for both traditional finance (TradFi)
of crypto-asset firms such as Celsius and crypto, but, in contrast to TradFi, the crypto-asset
∞ Regulatory sanctions for failing to register prop- ecosystem currently lacks needed structural safeguards.
erly and other rule violations Disciplining mechanisms need to include laws, regula-
tions, supervision, industry standards, and appropriate
governance and culture, recognizing that the specifics
LAWS, REGULATIONS, AND may need to be adjusted given the different nature of
SUPERVISION crypto assets and the activities associated with them.
While these examples by themselves make a strong
As with TradFi, therefore, to complement regulation and
case for regulation, it’s important to step back and con-
oversight, industry participants should develop stan-
sider why financial regulation is needed.
dards for conduct and best practices and appropriate
The key motivations for regulation in finance are to governance and culture to enable and promote good
sustain trust between financial counterparties and to risk management. Risk management practices should
align private and public incentives. Specifically, regu- mirror those in TradFi in terms of desired outcomes,
lation aims to protect investors and consumers from with appropriate adaptations to account for the unique
predation or abuse, to promote market integrity, to structures and risks associated with crypto activities.
support the safety and soundness of individual financial
One important question is whether countries should
firms and the overall financial stability, and to mitigate
provide or require a safety net for crypto firms or
financial crime.
activities, as seen in some areas of TradFi. The quid pro address that allows sending or receiving bitcoin;
quo for the TradFi safety net is supervision and oversight, only the address (not the identity of the owner) is
with transparent reporting to the public. Any contem- visible on the blockchain. In TradFi, explicit iden-
plation of a crypto safety net should take account of the tification is required by law.
specific risks and characteristics of the asset or activity, 2. Transparency: Unlike in TradFi, where customer
and if established, should include strong safeguards, transactions are not published, crypto protocols
analogous to those in TradFi, to limit moral hazard. publish all transactions—albeit with only an address
To understand whether existing financial regulation rather than an ID. Although an ID can be linked to
is fit for purpose for these new activities and ways of an address in some cases, masking tools have been
doing business, it is important to recognize the similar- developed to make transactions difficult to trace.
ities and differences between crypto and decentralized 3. Lack of legal recourse: Crypto protocols lack inher-
finance (DeFi) on one hand, and TradFi on the other. ent property rights enforcement, so if your wallet
is drained, it is just like losing cash on the street.
Many characteristics and risks in DeFi are similar to
those in TradFi. Among them are 4. Entity-free transactions: Crypto intentionally does
not associate transactions with an intermediating
∞ market, credit, liquidity and contagion risks;
entity (excluding validators in protocols like proof
∞ operational /cyber risks; of work or proof of stake).
∞ fraud, scams, and illicit activity; and 5. Irreversibility: Transaction errors in crypto cannot
∞ opportunities for abuse created by opacity and be corrected automatically, and because payments
concentration. are final when transacted, clearance and settle-
ment aren’t relevant. So a fat-finger error (typing
Traditional financial regulation aims to mitigate those 10,000 instead of 1,000) is typically not correctable
risks through disclosure, standards for risk manage- absent human intervention and cooperation from
ment, firm-level and systemwide resilience built with both parties to the transaction.
capital and liquidity requirements, and rules related to
firm-level governance and behavior. This is paired with Those characteristics pose a variety of challenges for
the supervision of financial firms and market infra- regulation. Among them are the following:
structure, deposit insurance, and lender of last resort ∞ TradFi regulations/laws are entity-based—they
liquidity provision for those subject to prudential over- focus on firms and people (and, to some extent,
sight, as well as regular stress testing and recovery and markets)—but DeFi is activity-based, so behavior
resolution planning for firms that are systemically can’t be (easily) overseen except through connec-
important. Given the differences between TradFi and tions to traditional finance, such as the on- and
DeFi, those tools may need to be adjusted to be fit for off-ramps used to convert sovereign currencies
purpose in the DeFi arena. or bank deposits into crypto or back again.
WHAT IS DIFFERENT ABOUT that may undermine trust, facilitate abuse, and
discourage use.
∞ Regulation tends to be embedded in static rules,
Five key characteristics differentiate DeFi from TradFi:
but DeFi is dynamic and evolving rapidly. For
1. Pseudonymity: Crypto protocols like bitcoin facil-
instance, a non-fungible token (NFT) may start
itate the use of pseudonyms for privacy—to shield
out as a simple piece of art and later be fraction-
participants’ identity. Transacting in bitcoin and/or
alized and used as collateral.
creating a bitcoin wallet generates an alphanumeric
∞ Crypto is footloose—geographic location and help level the playing field and reduce regulatory
jurisdiction are generally unknown and irrelevant, arbitrage.
but laws and regulations are locationally specific. 3. Technology-independent objectives, technology-
Supervision, if needed, and enforcement are thus specific tools: regulators should focus on the
more challenging than for traditional finance. outcomes of any particular technology or appli-
∞ Regulators and supervisors lack expertise and cation and be agnostic about the underlying
capacity—there is a severe shortage of proper staff- technology itself.
ing and skills for crypto onboarding (registration),
supervision, and enforcement that is exacerbated
by the rapid changes in technology and venues.
Likewise, some practical guidelines should facilitate
∞ To a greater extent than TradFi, crypto can be used translating those principles into actions:
to evade laws and regulations—the pseudonymity,
1. Set appropriate standards to protect investors and
frequent lack of an entity controlling transactions,
users and the broader economy and financial
and the global nature of digital assets mean that
crypto is well suited for those who wish to circum-
vent regulations, including cross-border capital 2. Use the existing framework and tool kit if they are
controls, or to engage in illicit activities. fit for purpose.
As has been emphasized in earlier DFPT briefs, inno- WHAT NEEDS TO BE
vation that meets consumer, investor, and business REGULATED AND WHY?
needs is presumably the raison d’être for the technology
1. Stablecoins: Unless they are backed 1:1 by very low-
and concepts behind crypto/DeFi activities. Equally, as
risk assets (e.g., central bank reserves or short-dated
Brief I asserts, we seek “a legal and regulatory regime
sovereign debt) or appropriately overcollateralized,
that promotes safety and resilience while allowing the
stablecoins will not be completely stable and the
new technologies and business models to develop and
chance of a run under stress will be unacceptably
experiment, succeed, or fail.”5 Allowing experimenta-
high. This is why the President’s Working Group
tion and failure should promote the assessment of the
recommended limiting stablecoin issuance to
benefits, costs, and risks associated with the innovation
insured depository institutions, where it would be
and the new business models the innovation enables.
treated like bank deposits (i.e., private money). The
Specifically, the following principles are fundamental UK and some in the US Congress are considering
to meeting that goal: other ways of ensuring stability (see Box 1).
1. Laws and regulations should support responsible 2. Other crypto assets: Not only can the prices of
innovation. Risks should be well managed, but the unbacked crypto assets fluctuate significantly,
goal should not be to drive risk to zero. there is often limited or no built-in recourse for
2. “Same activity, same risk, same disclosure, same retail holders if they are lost through error or theft.
mitigation/outcome”6 will reduce uncertainty and
Box 1. Regulation of stablecoins: Proportionate to the risks*
The collapse in the value of some algorithmic stablecoins To distinguish among the types and risks of stablecoins,
such as TerraUSD and Luna has undermined trust in other the Basel Committee on Banking Supervision has pro-
stablecoins. But there are a wide variety of stablecoins with posed a two-part classification framework to assess the
very different risks. Thus, regulation should eschew a one- risks to banks’ crypto-asset exposures based on the prin-
size-fits-all approach and instead have regulations that are ciple of “same risk, same activity, same treatment.”†
appropriate for the risks. For example, a stablecoin that is
Japan’s parliament recently passed a bill on stablecoins,
backed 1:1 by central bank reserves will, all else equal, be
defining them as a form of digital money. Such stablecoins
less risky than a stablecoin backed by commercial paper or
must be linked to the yen or other legal tender and thus
dependent on algorithmic backing. In the same vein, scale
guarantee holders the right to redeem them at face value.
matters. If stablecoins grow to be systemically important,
In order to ensure that, the law requires that stablecoins
runs and “breaking the buck” could lead to instability in
only be issued by licensed banks, registered money trans-
the broader financial system. In this case, the regulatory
fer agents, and trust companies.‡
bar needs to be higher to mitigate such risks.
The following criteria distinguishes the different types of stablecoins and indicates what regulatory approach might
be appropriate:
Fiat currency Explicitly backed “payment stablecoins” §, ¶
Require disclosure of (1) the nature, level, and composition of assets backing targeted redemption
value; (2) whether there is full or partial backing; and (3) whether there is contingent support.
For issuers of “payment stablecoins,” require prudent resources and reporting standards that are
proportional to the quality/risk of the stablecoins’ backing.
Require issuers to disclose their identities and be subject to appropriate regulatory oversight.
Some propose that issuers of “payment stablecoins” could be regulated as insured depository
institutions (e.g., under a “Federal Stablecoin Platform”) with de facto backing of bank reserves.**
However, others have noted that deposit insurance backing may not be necessary when there
is 1:1 backing by central bank reserves with enough capitalization that the issuer has adequate
resources to honor its obligations.
3. Trading venues and exchanges: Volatility and dys- sponsors, and mechanisms for recourse and remedies
function in underlying crypto assets have triggered on failed or disputed transactions.
runs on these platforms and investors have been
Suitability standards: Standards to ensure that high-risk
denied access. They are also subject to operational/
assets can only be purchased by those who understand
cyber risks that can erode market integrity, trigger
their risks and are able to absorb potential losses. For
runs, and endanger investors. Potentially signifi-
example, regulators might limit the acquisition of and
cant conflicts of interest must also be monitored.
risk disclosure for algorithmic stablecoins—or any
4. Custodians and wallets: Crypto custodians are high-risk asset—to accredited investors and qualified
also subject to runs and to cyber/operational risks. institutional buyers.7
5. DeFi: The opacity in DeFi can facilitate exploita-
Cryptocurrency issuer soundness: As noted above,
tion or fraud, resulting in undisclosed conflicts
ensuring the safety and soundness of crypto firms is
of interest and market manipulation. That this
essential to limiting the potential for losses.8 While cryp-
might occur through the autonomous execution
to’s characteristics will make implementation a challenge,
of smart contracts makes it difficult for investors
reporting standards should be analogous to those in
and regulators to identify responsible parties and
TradFi for issuers of backed and unbacked crypto assets,
obtain redress.
as well as for entity identification, limits on ownership
concentration, and disclosure of potential conflicts of
CRITICAL POTENTIAL GAPS interest to help forestall “51 percent attacks”9 and other
AND HOW TO FILL THEM events that could unfairly disadvantage minority parties.
Consumer and investor protection: Four key gaps in
KYC and digital IDs: Anonymity or pseudonymity can
consumer and investor protection in crypto assets need
facilitate money laundering and illicit activity, under-
to be addressed: (1) adequate disclosure, (2) suitability
mine trust in crypto assets, and frustrate tax collection.10
safeguards, (3) cryptocurrency issuer soundness, and (4)
Global compliance with KYC and anti–money launder-
digital IDs and Know Your Customer (KYC) enforcement.
ing (AML) protocols is thus more challenging than in
Disclosure: In order to weigh risks against opportuni- TradFi, underscoring the complementary need for digital
ties, consumers and investors need strong disclosure identity across jurisdictions. Proper, secure digital IDs can
of all pertinent risk factors, similar to disclosure in both protect the privacy of and validate parties to transac-
TradFi. Crypto platforms should be required to provide tions. Unfortunately, agreement on how to achieve both
clear and timely disclosure of their key risk factors, risk goals in the United States is still lacking.11 The World Bank
management processes, the nature and risks of their is assisting many countries to develop digital IDs under
an interim solution is needed until robust and broadly “same activity, same risk, same disclosure, same mit-
implementable digital IDs are available. igation/outcome” should guide laws, regulations, and
supervision for these activities. Substantial further
Financial stability: The Global Financial Crisis showed
development of the analytical, empirical, and legal
that the so-called macroprudential measures are
foundations for these activities is warranted.
needed to mitigate threats to financial stability of the
whole financial system. These can arise when shocks Financial crime: Global financial systems can be
expose systemic vulnerabilities; for example, because exploited by criminals who finance illicit activities, such
one or more firms are so important that their material as human trafficking, transactions for illegal substances,
distress or failure would trigger systemic consequences and theft. Terrorism financing is a related challenge.
or because a pervasive activity or systemically relevant While global KYC/AML rules exist, they are porous. And
market becomes dysfunctional. the pseudonymity of crypto and the fact that not all
crypto platforms are subject to KYC/AML regulations
Although none of the digital asset businesses or activ-
make crypto vulnerable to such illicit activity.
ities are yet of systemic importance, they could grow
to be so in the future.13 And their characteristics create The need to strengthen KYC/AML regimes is critical
substantial uncertainty about when that threshold may in both DeFi and TradFi. Authorities understand the
be reached. need to extend the rules to virtual assets and virtual
asset service providers (VASPs). Strengthening the
The judgment about whether a business or activity was
FATF guidelines14 proposed for these instruments and
systemic would presumably be based on several factors,
enhancing enforcement of existing rules will be an
including connections with the traditional financial
important first step.
system, importance in payments, leverage of important
participants, and the exposure of household wealth. For
example, if stablecoins became systemically import- THE CHALLENGE OF
ant for payments, disruptions in their value could lead
to payments dysfunction and spillovers to the broader
financial system. When such activities have been
Crypto—and digital finance generally—is footloose and
judged to be systemic, a higher standard of regulation
can potentially operate globally without being domi-
and supervision would be appropriate. This might be
ciled in a particular jurisdiction. In contrast, traditional
similar to the higher capital and liquidity, stress test, and
finance generally requires a financial institution to
resolution requirements to which traditional financial
be locally identified, incorporated, and/or regulated.
firms are subject when they are deemed to be systemic.
Ensuring compliance by crypto asset platforms with
Of course, authorities cannot and should not simply risk-management requirements and other standards
apply macroprudential banking regulation directly to endorsed by global standards setters such as the
International Organization of Securities Commissions
(IOSCO), the Committee on Payments and Market
This brief has assessed crypto/DeFi risks and examined
Infrastructures (CPMI),and the Basel Committee on
how to fill regulatory gaps and provide the necessary
Banking Supervision is thus a major challenge.
mitigants to promote responsible innovation. Global
That challenge is more complicated across borders (e.g., legal and regulatory consistency is needed in order
for stablecoins) as some jurisdictions may promote regu- to build trust, promote a level playing field, and limit
latory arbitrage and a race to the bottom similar to TradFi the regulatory arbitrage to which crypto and DeFi are
activities in less regulated offshore financial centers. especially prone. While such activities aren’t currently
Analogously, remedies could include restrictions on consequential enough to threaten financial stability, they
those crypto activities that originate in poorly regulated could be in the future. For this reason alone, authorities
jurisdictions (such as those on offshore banking booking should begin developing appropriate legal and regula-
centers for KYC from the Organisation for Economic tory frameworks at both the national and the global levels
Co-operation and Development [OECD]). This may to mitigate the potential vulnerabilities of these activities.
require innovations in cyber-blocking technologies, new The goal must be to ensure that, in the long run, the costs
monitoring and sanctions mechanisms across national of such activities won’t outweigh their benefits.
jurisdictions, selective waivers of sovereign immunities
to allow international examinations and enforcement
where necessary, and international coordination.
