At our annual Links conferences, we’re privileged to engage some of the best minds in crypto — from regulators to journalists to law enforcement to executives, and more. This year’s New York event was no exception. We appreciated the opportunity to discuss growing the crypto ecosystem safely with regulators and industry experts. Throughout these conversations, a key theme emerged: Crypto businesses and government agencies must work together to make the industry safe and regulated, while keeping pace with innovation. In this article, we’ll share takeaways from our discussions with regulators and a crypto exchange executive.
Crypto through a regulator’s eyes and the path forward
On Day 2 of Links NYC, Caroline Malcolm, Chainalysis Global Head of Public Policy, interviewed Christy Goldsmith Romero, Commissioner at the Commodity Futures Trading Commission (CFTC). Commissioner Goldsmith Romero has a 21-year career in the federal government working to keep markets safe, ensure financial stability, and protect investors and customers. In her opening remarks, she discussed what’s required to build a safe financial system.
“If government doesn’t keep pace with technology, it’s usually the most vulnerable people who suffer,” Goldsmith Romero said. “So, we have to find a way to try to ensure that there are customer protections, ensure that there are market integrity guardrails.”
She believes that establishing clear regulation is non-negotiable because crypto is already part of the global financial system. “I would rather businesses and people be able to do that in the United States through a regulated system that brings some safety, financial stability, customer protections, than go offshore, which is still going to introduce risk into our financial system.”
When it comes to preventing illicit finance, Goldsmith Romero talked about identity as a foundational piece of that challenge. Not only do regulators want to know who an exchange is doing business with, customers want to know, too. “A lot of your customers also don’t want to be having their funds mixed with someone from North Korea or a terrorist group,” she said. The traditional financial system has long provided privacy to consumers, while still collecting the identifying data it needs to comply with the law and disclose that information when necessary. Evolving financial technologies must do the same. Governments simply won’t support systems that provide anonymity because those won’t help them prevent illicit finance.
Goldsmith Romero also shared her cybersecurity priorities. She stressed the importance of private key management, citing the Ronin Network attack where hackers gained access to private keys to steal $600 million in crypto. That said, governance issues involving controls around private keys have become critical, as is fortifying cross-chain bridges. Man-in-the-middle attacks are another challenge the crypto industry must tackle, and Goldsmith Romeo referenced the $120 million BadgerDao hack that operates a customer-facing interface. From a regulatory standpoint, she noted that cyber experts agree — it’s no longer sufficient to manage cyber risks, but rather, crypto businesses must eliminate them.
Virtual currency compliance: A New York state regulator’s perspective
Following Christy Goldsmith Romero’s session, Chainalysis co-founder Jonathan Levin sat down with Adrienne Harris, Superintendent of New York State Department of Financial Services (DFS). Harris, who served at the US Department of the Treasury during President Obama’s administration, discussed how DFS is working to make crypto safer for consumers.
In the last couple of years, DFS has added employees to meet the industry’s growing needs and create more clarity in regulation. Since her arrival at the agency 18 months ago, Harris has watched the organization go from understaffed to a team of over 50 people. Though DFS began creating crypto regulation back in 2015, it historically hasn’t had assessment authority. Today, the organization is close to finalizing regulations on crypto assessments. DFS has also created a robust examination procedure and has since brought some enforcement actions. In the last year, Harris says the organization has established “a soup-to-nuts suite of tools for regulating this space.”
When it comes to granting licenses, DFS has worked to make the process smoother and add transparency. “I am not a believer in regulation by enforcement,” Harris says. “So, it’s not what you see from DFS. We’ve got rules on the book, we’ve got supervisory agreements, we’ve got examination procedures, and we go through the whole thing, just like we do with banks and insurance companies.”
In addition to the work done in the US, Harris collaborates closely with agencies overseas. DFS regulates 84 institutions and has supervisory oversight for global insurance organizations, which connects the organization to international regulators and markets. She makes frequent trips to Singapore, UAE, and Europe to meet with regulators, and crypto is always a part of the conversation.
“When I talk to regulators overseas, they say, ‘We know if a company has met New York’s standards, it will meet our standards’…which again, is a great credit to the team that we’ve built at DFS.”
This spring, Harris will visit Western Europe where regulators will work on improving joint oversight for companies that operate globally. The goal for regulators: “to oversee the entirety of the risk, and not just look at their own little piece of the pie,” says Harris. “But again, also find ways to hopefully streamline our oversight so that it’s less burdensome on the companies. And I think that’s a win for both industry and regulators, for consumers, and others.”
When it comes to making the industry safer for consumers, Harris sees opportunities for improvement in both the private and public sector.
For crypto companies:
- With customer due diligence, AML, and KYC practices, banks are well seasoned and expect their crypto customers to achieve that maturity too.
- Better compliance with these policies will make it easier for the virtual asset community to engage the traditional financial services system in a way that will grow the space responsibly.
- Crypto companies need to employ technology to comply with regulation. Harris says it’s “an imperative that the compliance apparatus scales along with the business apparatus.” While the crypto industry is built on tech, DFS sees many compliance teams relying on paper and Excel spreadsheets, demonstrating a lack of maturity around meeting BSA/AML requirements and building robust cybersecurity practices.
- In addition to having the right technology to meet regulatory requirements, crypto businesses must have qualified compliance professionals who know how to use these tools effectively.
- The idea that regulators can simply review the books once a year is not fitting for a 21st-century financial system.
- Instead, regulatory bodies must use technology to monitor activity and find problems before they metastasize, before the consumer gets hurt, and before market manipulation occurs.
Compliance with global regulations in 2023
On Day 1 of the conference, Jonathan Levin interviewed Noah Perlman, Chief Compliance Officer (CCO) at Binance. Perlman has worked in both the public and private sector and served as Global Head of Financial Crimes at Morgan Stanley prior to his work in the crypto industry.
In order to make cryptocurrency safer for customers, Perlman says that Binance works to ensure its products and services comply with regulations worldwide, employing a robust KYC program and transaction monitoring, along with quality controls, auditing, and documentation.
Binance measures the success of its compliance program in part by how it collaborates with the public sector. Last year, the organization ran 70 trainings to help agents around the world understand cryptocurrency. Additionally, last year Binance responded to 47,000 law enforcement requests. Already in 2023, they’ve assisted operations that have seen law enforcement sixteen over $100 million in stolen crypto.
Though some of that activity isn’t required of the exchange, Perlman believes it’s the right thing to do for Binance users, who want to be on a safe, legitimate platform. Additionally, he says Binance hopes that on the regulatory side, “folks start to see that there are good actors in the industry.” Perlman wants to challenge the perception that crypto businesses and regulators are in a face-off and believes the model should be collaborative, ensuring compliance and making a safe environment for consumers.
Protecting customers comes down to one simple principle
Our biggest takeaway from all these sessions is that growing the crypto ecosystem safely requires a concerted effort and collaboration from all industry players. To do so successfully, stakeholders should use one simple principle to guide their operations. Christy Goldsmith Romero summed it succinctly during her session: the most important thing that regulators and industry could be doing to safely grow the crypto financial system is to put customers first. “All else is going to flow from there,” she said.