This article was written by Aisha Kafati, Senior Manager – Strategy & Consulting, Matt Lawrence, Security & Consulting Manager – Digital Risk & Compliance, North America and Benjamin Milch, Tech Strategy Manager – Metaverse Continuum Business Group.

You can find the original article here.

The accelerated adoption of digital assets in our everyday lives is creating market demand across organizations as well as increasing focus across regulatory agencies and government. In large part, this is due to cryptocurrency’s potential to destabilize and disrupt traditional financial markets on a global scale and provide wide-spread access to financial services to those across the globe that were previously unbanked or underbanked. Furthermore, the creation of new blockchain enabled innovations such as “smart contracts”, decentralized finance (“DeFi”), and tokenized assets [i.e., non-fungible tokens (“NFTs”)] create potential for even greater disruption and introduce incremental regulatory considerations to address risk vulnerabilities that may potentially undermine the crypto market.

Key macro-risks requiring greater evaluation and regulatory clarity:

1. Low levels of investor and consumer understanding of crypto assets including costs, fees, and conflicts of interest
2. Lack of redress and/or recovery and resolution mechanisms
3. Uncertainties around the operational resilience of some crypto-asset focused institutions.

It is possible that given the public prominence of crypto-assets and crypto-asset trading platforms, the rapidly growing retail investor adoption, and the use of leverage that any loss of confidence in crypto-assets could have implications to the direct financial interconnectedness of crypto-asset markets”.1 The effects of widespread loss of confidence have been experienced before in multiple crashes, and most recently with TerraUSD collapse in May 2022. Stablecoins – once thought as a minimizing risk – have disproven this as seen by the collapse of the algorithmic Stablecoin UST or TerraUSD losing its currency peg to drop below $0.30 2 , which has been followed by around $1 trillion leaving the crypto market. Compounding the challenge, the pace technology innovation has further accelerated after each of the previous five major market resets since the inception of Bitcoin. For example, the period following the 2018 crash helping foster DeFi, NFT’s, Ethereum alternatives, and Stablecoins. 3

The lack of regulations and regulatory oversight around crypto is more crucial now than ever before, and directly affects how firms must assess and mitigate risks. Regulations today were written to apply to traditional fiat currency, and do not always easily translate to cryptocurrency. For example, legislation like the ‘Howey Test’ is not easily transferable to cryptocurrency to determine of the type of asset.4 Due to this lack of regulatory clarity, many traditional financial institutions (“FIs”) have opted not to offer cryptocurrency-based products/services.

To facilitate increased regulatory clarity, President Biden issued an executive order in March requiring a collaborative, interagency approach to ensure the responsible development of digital assets within the U.S., pushing various regulatory agencies to increase research efforts and further develop regulations surrounding digital assets. To facilitate greater adoption and ensure the safety and soundness of the financial system, regulators would need to further develop a regulatory framework addressing concerns spanning privacy, security, price stability, consumer safety and financial crime. These tenets are a necessary precursor to a viable micropayments system, bringing cryptocurrencies into ubiquity for the entire market.

Compliance & Risk Trends
While the OCC, FinCEN, SEC, and other regulatory bodies provide guidance, it is still left to each firm to evaluate their specific crypto strategy, positions, risk appetite, and risk management programs to assess and mitigate risk exposure. As their risks evolve at the same pace of new product development, FIs would need new risk assessment and management frameworks.

In that regard, there are a myriad key compliance risk types to lookout for. In this blog series, we will further explore three of the emerging risk areas in greater detail:

1. Privacy/Information Security: Cryptocurrencies provide a platform to meet or exceed many privacy regulations in existence today, but transparency of distributed ledgers poses unique challenges for many coins, including Central Bank Digital Currencies (“CBCDs”).
2. Financial Crime: Cryptocurrency offers pseudo-anonymity which led the regulators to take notice and require action to prevent financial crimes. FIs will need to Know Your Customer, Sanctions and Know Your Transaction programs to detect and manage these risks.
3. Sustainability: As companies are increasingly expected to identify and manage ESG-related risks, they would need to understand and manage risk associated with the environmental impact of mining and payments, stakeholder diversity, and distributed decision-making methodologies.

As firms consider the above risks and tailor their risk and compliance functions to better respond to these, they will be better able to build a true cryptocurrency competitive advantage with appropriate risk management.

In our next blog, we will discuss the privacy challenges and considerations of this exciting new technology.