Over the past years regulators worldwide have been dealing with and addressing the increasing size, complexity and resulting risks posed by the crypto industry. It hardly comes as a surprise to anyone who is involved day-to-day with this industry, whether directly as a trader, investor, journalist, or just curious bystander that compliance plays a key role in how crypto companies and their products need to be built and managed.

Crypto Scams, rug-pulls and poor management

Unfortunately, there have been far too many examples of companies which as a result of poor risk management or because of fraud have collapsed and disappeared with substantial amounts of money. Between 2014 and 2016, the Ponzi scheme OneCoin attracted $4 billion in investments; finally, nearly six years later, in December 2022, one of OneCoin’s co-founders pleaded guilty and could face 60 years in an American jail. However, OneCoin’s now infamous founder Dr Ruja Ignatova is still at large and, if one were to believe more recent reports, may have been murdered.

Where there is money to be made, scammers will always find a way to seduce investors with the allure of seemingly easy and fast returns. In April 2021, the founder of crypto exchange Thodex disappeared with $2 billion which, according to the investigative solutions provider Chainalysis, represented 90% of the total lost value of so-called rug pulls in 2021. That same year $60 million disappeared from AnubisDAO which was only in existence for 24 hours; while Mutant Ape Planet (MAP) NFT’s founders took $2.9 million, although allegedly it wasn’t his first or only scam.

People have quite rightly become wary of such fraudulent schemes, and they are by no means always easy to spot. Little did many investors (including some of the big names in the venture capital world) realize that even the flag bearers of the industry were poorly run and, in some cases, utterly mismanaged. 2022 quickly became the crypto world’s own 2008, albeit with one key difference: the crypto industry does not (yet) represent a systemic risk to the global economy. Many investors lost vast sums of money but, in truth, the crypto industry is still too small and insufficiently integrated into everyday financial systems to have caused a similar wide-spread panic which the 2008 financial crisis caused.

In 2022, no government stepped in to rescue or nationalize any crypto company. On the contrary the so-called FTX-effect focused the minds of regulators everywhere and, in some cases, accelerated the pace of regulation and enforcement.

2022, a year of reckoning

November 2022 will be a memorable month for the crypto and web3 industry when, in the space of just 10 days, Bahamas-based FTX went from boom to bust, taking down with it its hedge fund Alameda Research which had $5.4 billion under investment. FTX, valued at $32 billion, collapsed leaving potentially one million creditors out of pocket. What has transpired since is that the company, among a long list of failings, didn’t have in place appropriate governance and compliance controls.

FTX was but one of the most well-known dominos which collapsed during a turbulent period for the industry. Only a few months earlier in May the exchange Voyager went under, the crypto hedge fund Three Arrows Capital (3AC), digital asset lenders BlockFi and Celsius. The final blow to FTX came when Binance pulled back from a rescue package it had initially offered thus causing further tremors in the market.

In February 2023  bitcoin was still trading 32% down from where it was a year ago. Some would argue that this performance is no better or worse than some traditional stocks and currencies. The key issue is not the trading value of cryptocurrencies but how sound are the companies which manage people’s cryptocurrencies. These companies play an increasingly important role in a world where everything now pivots around embedded finance solutions.

Into  the regulator spotlight 

Regulators are particularly looking at how these companies manage risk. Most of it is not new – since the 2008 financial crisis regulators have implemented stricter regulations. These ensure that traditional financial institutions have robust controls in place to prevent money laundering and data breaches.

It came as no surprise that governments and regulators had to take action by grabbing this occasion to push for stricter and faster regulation of the sector.

In December 2022, France’s parliament the National Assembly voted in favour of faster and stricter regulation of Digital Assets Service Providers (DASP). This caused considerable panic in the French market. The arguments made sense: additional regulation would not have prevented an FTX-style scenario, since the company was not based in France; the European Union had just voted in favour of the new MiCA Regulations due to come into effect soon but not before Q3 2024; and, last but not least, excessively strict regulations risk having the opposite effect by pushing companies to jurisdictions with lesser controls. In January 2023 the French Senate rejected the legislation in its proposed form but did accept a number of amendments. The FTX-effect had its results, France will now proceed with an accelerated calendar ahead of MiCA.

In contrast to France, Lithuania had already started tightening its regulatory regime for what are called their virtual asset services providers (VASP) much earlier and well before FTX collapsed. Already, since November 2022, all VASPs registered in the country had to increase their share capital to €125,000 (not a requirement in France) and to hire a resident money laundering reporting officer (MLRO), something which was always mandatory in France.

Every regulator wishes to protect its market and consumer, but everyone is taking a slightly different approach. Ultimately, in Europe this will all be evened out by MiCA which will harmonie the regulations and provide more of a level playing field. 

Some of the advantages of identifying and using a crypto provider registered in Europe are:

  1. Registration enables regulators to know what companies are active (i.e. incorporated) in their market – this means the regulator can also audit them and conduct onsite inspections if required;
  2. Regulators know what services the companies offer (at least for those regulators that request and/or validate the products) and, as a result, can have a better understanding of the risks to their consumers;
  3. High(er) share capital means that companies with too little funding are pushed out of the market either completely;
  4. The requirements to appoint an MLRO means that companies have to focus on the implementation of the AML framework and controls;
  5. As a result of the registration requirements banks, liquidity providers and other critical services providers increasingly only provide their services to duly-registered crypto companies;

If you’re a business operating in the web3 or crypto space, reach out to us to learn how Merge reduces the cost and complexity of embedding financial services  through a single API platform in a compliant way.