There are a number of states within the US that have taken independent measures to regulate the cryptocurrency industry. Some of these measures have made their respective states more attractive to crypto startup companies; others have made it clear that the crypto industry is not welcome within them.
Additionally, the lines between what kinds of Blockchain security problems need to be addressed by regulators and which will be solved by technological development.
Recently, we spoke with cryptocurrency Regulation expert Patrick Burke about best practices in the cryptocurrency industry, why different jurisdictions may choose different regulatory styles, and where technological innovation and regulation meet.
“There are other jurisdictions where they really want to attract these kinds of businesses [startups], simply for the financial resources they would bring to a state--a state like Arizona or Wyoming, where they’re really glad to attract those kind of folks,” he continued, adding that Arizona is a ‘sandbox.’
This means that states like Arizona are open to regulatory experimentation. “Essentially, [Arizona] will say, ‘we want you to try things out here. We’re gonna make it legal for you--we’ll give you official sanctions to run your cryptocurrency operation here with a minimum of requirements or restrictions, because we’d like you to try it out here. So, play in our sandbox--we’re gonna keep an eye on things, but it’s going to be very light-touch.”
Experimentation Can Have Disastrous Results
On the other hand, Burke acknowledged that light-touch regulation can have disastrous consequences. “Take Canada,” he said, referring to the recent QuadrigaCX scandal that left hundreds of thousands of users without access to funds they had stored in a cryptocurrency exchange.
“Canada wasn’t regulating these exchanges at all, and still isn’t. Things happen, like Quadriga...and there have been other coins that have turned out to be big rip-offs in Canada. So, I think Canada--I haven’t talked to Canada lately, but I’m sure Canada’s looking at that and saying, ‘wow, shouldn’t we be doing something about that?’”
(Burke is correct--two financial regulators circulated a discussion paper asking for input on possible regulations from crypto industry participants earlier this month.)
Malta is a “Tax Haven”
“Malta is a jurisdiction over in the Mediterranean that is offering licenses to cryptocurrency companies around the world...but I think it’s sort of like a tax haven."
“It’s pretty clear why they do it the way they do it,” he said. “They don’t really have that many people to protect, and they are glad to get any bit of revenue. If someone opens an office there, it’s a big deal. It opens up a new generation of technology-oriented citizens there.”
“So there’s a lot to gain from having a light touch and attracting that kind of business."
Burke added that a progression toward heavier regulation may be a natural progression in a company where the cryptocurrency industry has started to mature. “A place like South Korea has a very serious financial regulatory approach, and they’ve been upping their game as they go along,” he said.
“But there have been a number of cryptocurrency exchanges in Korea that have had hacks, and I’m sure that they’re very focused on that and I’m sure that they’re upping the strenuousness of their cyber investigations and examinations of the exchanges, which is going to increase how [many] resources cryptocurrency companies are going to have to put into cyberdefense and compliance.”
So, eventually, “it’s going to cost more to do business there.”
“It’ the trade-off: as a government, are you going to be responsive to the pain that citizens feel when they get ripped off?”
“You can have trust in code, but you have to look at the people behind the code.”
Burke believes that both better regulations and improved technology will contribute to the future of cybersecurity.
On the technology side of things, “if there was a consumer report that could really look deep into the code that’s operating different currency exchanges’ operations, then it might be self-governing enough [to keep users safe],” he said. “In a sense, there is that--there are bug-bounty programs that are pretty successful.”
On the other hand, however, “I’m not sure a bug bounty program would have found that the QuadrigaCX guy was the only one who knew the private keys,” he said. This is where regulations are necessary: “you need someone to go in under the hood and look.”
“You can have trust in code, but you have to look at the people behind the code,” Burke continued, adding that it’s important not to fall into the trap of “getting excited by a [cool] interface.”
“You don’t know what’s behind it,” he said.
“It’s great to give people who are new, who are young, who are trying something out the chance to try something out. But there’s something about having people who are experienced veterans in dealing with other people’s money. Those kind of people understand how things can go wrong, and they avoid those early rookie mistakes.”
“When you’re technological and you’re excited about your technology, you tend not to put out the risks. So, to have some regulator--or it could be anyone else who goes, ‘hey, I wanna see your risk assessment,’ that’s really serious.”
“If you can have an independent audit by some kind of a consulting agency that’s really good at this stuff, and comes in and looks at things, then I’d say, ‘hey, you know, maybe it doesn’t need to be the government.’ But who’s going to require that you get a serious risk assessment when you’re a startup and you don’t have a lot of extra money to throw $100,000 at a risk assessment. Who’s gonna make you do that?”
The government, of course.
This is an excerpt. To hear Finance Magnates’ full interview with Patrick Burke, click the SoundCloud or YouTube links