Denis Beau: After the crypto-winter, the spring of crypto-assets regulation and supervision

Keynote speech by Mr Denis Beau, First Deputy Governor of the Bank of France, at the World Bank Global Payments Week 2023 "The Future of Payments", Marrakesh, 18 May 2023.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
22 May 2023

Dear colleagues from the World Bank, Ladies and Gentlemen,

According to some commentators, in a context of cascading bankruptcies (i.e. Terra/Luna, Celsius, Three Arrows, Genesis, BlockFi, FTX), the crypto ecosystem may have entered a so-called "crypto-winter". I don't know if this winter is going to last but I believe that it should be seen as "spring time" by regulators and supervisors, whose initiatives should be burgeoning.

Recently, many countries have indeed sped up their regulatory work within their jurisdiction. However, we have also seen variances in combining three regulatory approaches: banning crypto-asset activities; containing and isolating them from traditional finance and the real economy, which implies banning certain specific aspects and practices (e.g. advertising); regulating the crypto-asset market, either by assimilating crypto-assets to traditional financial assets and applying the corresponding existing regulatory regime, or by adopting a dedicated regulation (e.g. on stablecoins).

With the exception of China, the world's major economies and currency zones have developed or are in the process of adopting a combination of the last two approaches, based on the principle of "same activities, same risks, same rules". As a blunt banning of crypto-asset activities is not seen as an option for most, for a number of reasons, starting for instance with the belief in France that it would most likely lead to regulatory arbitrages between jurisdictions, most of the attention at national and international level has been put on "what?" (what activities and what risks) and "how?" (by which means) to regulate.

In my short introductory remarks today, I would like to share with you my perspective, as the organisers of this Global Payments Week Conference have kindly suggested, speaking from the standpoint of a central bank in charge of ensuring financial stability, on the types of risks associated with crypto-activities that particularly need to be considered for regulation and supervision, and the importance of a convergent and coordinated regulatory approach on crypto-assets at the international level.

I.    What risks to consider for regulation and supervision in the crypto ecosystem  

1)    Traditional and new risks associated with the development of the crypto ecosystem

The bankruptcy of FTX in November 2022, one of the largest crypto exchanges, and the resulting knock-on effects on its users and other market participants, have spectacularly shown the instability of the crypto-assets ecosystem. Within the regulatory and supervisory community, a root cause of this instability is well recognised. At present, crypto-asset infrastructures and activities generate risks which are similar to those of mainstream finance services, and inherent to the provision of financial services, including credit, liquidity and market risks. However, they do not benefit from the same regulatory safeguards that aim to put a limit on those risks and to ensure that they are properly recognised, monitored and managed.

Moreover, crypto-asset infrastructures and activities, beyond expanding outside the regulatory perimeter, have done so by including products, services and practices that carry certain specificities. From a risk perspective, these specific features may either amplify traditional vulnerabilities or introduce new ones, and should fall within the scope of regulation and supervision. Let me illustrate this point with two examples.

The first concerns financial integrity risk. Attention should be paid to this risk for two reasons: first, because, as shown by our supervisory experience at the ACPR, AML-CFT controls by service providers appear to be difficult to grasp and master, and are sometimes not performed in the crypto ecosystem, and second, because investors have the possibility of using and holding crypto-assets pseudonymously.

The second concerns cyber risk. It is currently the number one operational risk for financial players, and it has the ability to jeopardise the stability of the entire financial system. The exposure of the crypto ecosystem to this risk could be exacerbated by its technical specificities, including the recourse to blockchains, and the introduction of new points of vulnerability such as bridges between blockchains and so-called oracles that feed data into blockchains. In my opinion, the repeatedly successful cyberattacks aimed at crypto players are a warning signal that should capture the attention of regulators and supervisors.

2)    The specific case of "stablecoins"

In addition, within the crypto-asset market, stablecoins raise very specific risks.

These include a false sense of security and appear largely to be a misnomer as they have proved not to be so stable, as exemplified by the collapse of Terra USD. At the heart of their instability lies the lack of transparency on the nature and appropriateness of their reserves or on the limits of their stabilisation mechanism, which exposes their holders to limitations and risks on their redemption rights.

The absence of any legal recourse is also a concern as many countries, apart from the EU in a few months, have not yet adopted a legal framework, dedicated or not, for regulating the stablecoin issuance activity.

II.    The European regulatory stance and the importance of a convergent and coordinated regulatory response 

1)    The European regulatory stance 

In this context, several countries, such as the United Kingdom, Singapore, and Japan, have sped up their regulatory work within their jurisdiction. But I guess it is fair to say that the European Union leads the way, with the adoption, last month, of the Markets in Crypto-Assets regulation (MiCA) by the European Parliament. MiCA is a regulatory and supervisory milestone for the crypto ecosystem as it will provide a strict regulatory framework for issuers and service providers of crypto-assets and stablecoins, while addressing a number of major risks.

However, if MiCA is a regulatory milestone, it deserves to be complemented in the next few years with additional requirements.

Indeed, MiCA partially covers crypto-asset service providers that combine multiple functions and activities in different jurisdictions, so-called crypto conglomerates. To improve this coverage, it is notably crucial to limit and control the concentration of activities in these conglomerates through strict governance requirements and to enhance investor protection by addressing conflicts of interests and reinforcing redemption rights and the protection of reserves.

In addition, MiCA does not cover the DeFi ecosystem and its challenges in terms of regulation, given its specificities. To do so, I believe that we should not try to replicate existing financial regulations at all costs, but draw inspiration from regulations in other sectors to regulate for instance "products" even when their "producers" or "issuers" are not clearly identified. Furthermore, we have to recognise technical specificities and pay particular attention to the three layers that schematically constitute DeFi, namely, infrastructures, applications and access gates. To contribute to the development of that extension of MiCA, we recently published a discussion paper outlining possible avenues for regulation. This document is open for consultation on the ACPR website and we encourage industry stakeholders to provide their input.

2)    The challenge of international coordination for an effective and global regulatory framework 

That being said, these regulatory issues are global, which means that we need to ensure that national regimes are consistent with each other in order to avoid any risk of regulatory arbitrage. To this end, we need to speed up international work under the aegis of the FSB. Highest priority should be given to the finalisation of the FSB recommendations on stablecoins and other crypto-assets, in cooperation with other international standard-setting bodies (CPMI, BCBS, FATF).

The second priority should be to regulate the interconnection between the traditional financial system and the crypto-asset market in a secure way. The timely and faithful implementation of the Basel standards on the prudential treatment of banks' crypto-asset exposures, published in December 2022, will be key from that perspective.

The development of crypto-asset based services in banks must take place within a prudent framework that limits the risks for financial stability. Consequently, the enforcement of prudential standards should strictly take into account the developments of interconnections between crypto-assets and regulated entities, such as banks.

Lastly, two new issues will require a global regulatory response. DeFi is the first one:  its use of public blockchains and its global reach make it difficult to allocate responsibilities and impose strong regulatory requirements such as in MiCA. But the FSB is working on it: it has already published a report on DeFi's vulnerabilities and policy work is in progress. Second, we need to address challenges raised by worldwide crypto conglomerates. The FSB has also initiated work on this type of crypto-asset service providers to identify and monitor the risks associated with the concentration of their activities.

To conclude, let me just stress that it is not clear to me what is going to be the future of the crypto ecosystem and the shape that the financial landscape will eventually take as a result. Market forces will decide. But what is clear to me is that, for the crypto ecosystem to overcome the confidence crisis it is currently facing, and to develop on a sustainable basis, a confidence prone regulatory and supervisory framework is needed. Central banks have an important role to play in helping develop that framework, and in facilitating a very much needed convergent and coordinated framework at the international level.

Thank you for your attention.