FTX’s Key Principles for Market Regulation of Crypto-Trading Platforms

In this piece we identify a series of ten principles (and in some instances, proposals) that should guide policy makers and regulators as they build the regulatory framework for spot and derivatives crypto markets. FTX does not propose specific legislation here but rather principles and proposals that could be reflected in policy making, whether in the form of legislation, rulemaking or other regulatory action. Many of these principles are familiar to traditional securities and derivatives markets, but some of the principles reflect market-structure choices made by FTX and other crypto-platform operators that we believe lead to superior outcomes for investors and, indeed, the public. FTX therefore believes public policy should not only permit these choices but promote those that lead to such outcomes. Some of the discussion here focuses on the U.S. marketplace but the principles and proposals are applicable in any jurisdiction globally. FTX appreciates being able to engage in this dialogue with policy makers and regulators, and we are always happy to pursue follow-up discussions with interested parties. See our prior policy blog posts at https://blog.ftx.com/policy/.

1. Proposing One Primary Market Regulator with One Rule Book for Spot and Derivatives Listings

In the U.S. regulatory ecosystem, spot markets and derivatives markets are subject to different regulatory programs, and this can lead to inefficient and non-optimized market structures. In this post we propose as a solution an alternative regulatory approach that would provide market operators the ability to opt in to a unified regulatory regime for spot and derivatives marketplaces, through a primary regulator model.

As many know, the CFTC is the primary regulator of commodity derivatives marketplaces, while the SEC is the primary regulator of cash securities marketplaces, and the two agencies share oversight responsibility for certain aspects of security derivatives marketplaces.

In parallel, there is a further regulatory split for spot markets (sometimes called “cash markets” in the traditional commodities or securities context), where the applicable regulatory program depends on whether the product being traded is categorized as a security (where the SEC regulates) or a commodity that is not a security (where the states largely regulate, via money transmitter or money services business licensing).

Against that backdrop, and particularly outside of the U.S., we observe that many crypto-native trading-market operators offer for trading both spot transactions on crypto assets as well as derivatives on those assets, under a unified rule book, one collateral and risk-margin program, and a single technology stack. This model is generally not found in the U.S. given the jurisdiction’s historically fragmented approach to markets regulation. Nonetheless, we believe that for traded crypto markets, the key principles for market regulation (customer and investor protection, market integrity, preventing financial crimes, and system safety and soundness) generally apply equally across spot and derivatives markets, and commodities and securities markets. That is, the regulatory label on a given product or market need not change the core goals of regulation, and the same rulesets should generally apply across all markets. For that reason, we strongly support offering a single unified regulatory program for crypto market operators.

Specifically, in jurisdictions where there is a primary derivatives-market regulator separate and distinct from a primary cash-markets regulator (such as in the U.S.), policy makers and regulators should seek to permit qualified crypto markets operators to run a single rule book, risk program, and technology stack, approved and overseen by a primary regulator (perhaps chosen by the marketplace on on an opt-in basis and supported thereafter by inter-regulator cooperation and information sharing, with the possibility of the primary regulator shifting if the underlying product mix evolves in a certain way), that governs the listing and trading of both spot cash transactions in crypto assets as well as derivatives on crypto assets.

Much of this can be achieved today under existing statutory authority and with creativity and cooperation by and among market regulators. With some specific issues, however, clarity might be needed from legislation. Under the current U.S. paradigm, for example, we acknowledge that it is unlikely to be absolutely clear at any given moment, absent legislation, whether all of the crypto products listed on such a venue are definitively “within” or “without” the jurisdiction of either of the markets regulators. However, between two possible regulatory solutions under this paradigm - which are (1) that regulators can prohibit the marketplace altogether (via indecision, decree, or a combination of the two), or (2) that regulators can innovate and cooperate to ensure that key regulatory and policy goals are met in a clear and robust way while also permitting the marketplace to operate - we think the second approach offers a compelling option.

Said more explicitly, in jurisdictions where there are two mature market regulators, FTX proposes the permissibility and adoption of a reasonable and rigorous framework that would allow a crypto-markets platform operator to elect one market regulator as its primary regulator for a unified spot and derivatives trading book, subject to adherence to a cooperative framework in which the other market regulator acts a secondary regulator while maintaining appropriate visibility into the platform’s operations, but not day-to-day supervisory responsibilities. (Indeed, a similar approach is used today when a market regulator from one jurisdiction “recognizes” the framework of a different jurisdiction where a primary, “home” regulator resides, and then defers to that primary regulator’s regulations and rulesets so long as they are sufficiently comparable.)

We propose a functional-based approach, where the regulation and the trading venue rule books that comply with that regulation should be largely modeled after existing market regulations for securities and derivatives markets, on the basis that most jurisdictions will follow this same approach. FTX believes that there is a unique current opportunity for U.S. regulators to take a leadership position in the global crypto markets regulatory discussion, and we believe that modelling a primary regulator model on existing market regulation will foster standardization and harmonization of regulation globally, paving the way for international adoption and reciprocal jurisdictional recognition.

To underscore why we are so focused on these regulatory issues - it is because we believe that getting crypto market regulation appropriately calibrated is critical for the continued development of healthy, transparent, and well functioning global crypto markets, which we believe will deliver knock-on positive effects to the global economy as a whole. And we think our proposed approach, in addition to solving for regulatory uncertainty and fragmentation, would also reduce operational complexity by allowing matching engines for both spot and derivatives transactions to operate on the same platform with the same user interface. This in turn would reduce operational risk to the platform, and promote capital efficiency by allowing collateral in support of both order books to rest on the same platform. In the rest of this piece, we discuss in more detail various additional practical benefits of crypto market place operators being subject to unified primary regulator oversight.

2. Full-Stack Infrastructure Providers and Maintaining Market-Structure Neutrality

Regulation should be market-structure agnostic, provided that the core regulatory issues (identified above as customer and investor protection, market integrity, preventing financial crimes, and system safety and soundness) are addressed. Technology has enabled any capable entity to perform the various functions involved with the pre-trade, execution, and post-trade phases of the lifecycle of an asset trade or transaction in a single regulatory stack - in fact, to split up those functions, from a technology perspective and when building a market from the ground up, would require a forced and artificial deconstruction.

However, one of the things that prohibits an entity from taking on any or all of these functions can be the specifications of a regulation. To say it another way, much of current market structure is a creation of regulatory artifact rather than a reflection of a thoughtful and holistic approach to marketplace design, efficiency, transparency, and risk management. FTX built and continues to evolve its trading ecosystem with the latter approach in mind.

We believe that so long as the various needed functions necessary to the lifecycle of a transaction are being met, policy makers would do well to remain otherwise neutral on how a market is structured (so long as appropriate customer protections also are in place, discussed below). For one example, most market regulation today envisions an intermediated market place where an intermediary such as a broker interfaces directly with a customer (think back to calling in, or mailing in, your order to a broker that had access to the physical exchange floor). In contrast, crypto-asset platforms largely dispense with this mode in favor of a direct-membership market structure, where end investors onboard directly to the platform for trading, and not through an intermediary or broker (although service providers such as Internet and data-center providers are involved).

A non-intermediated market allows all users to get the same access to market data (consider that FTX’s data is free, globally, versus much of the global trading venue industry where data fees are a material commercial component of the business), connectivity, and key features related to functionality and risk management, regardless of the sophistication of the user. The positive implications of this are potentially enormous, and are only just beginning to be seen, interestingly, around the direct-to-consumer crypto marketplace models. The public is better served if the barrier to entry to transact competitively with global markets is an internet connection, rather than a $100,000 (or more) data-subscription fee and a costly fee- or commission-based relationship with a broker that merely plugs you into the trading venue’s technology. Non intermediated markets create a more level playing field that’s often lacking in many traditional financial systems, whose market structures have created a number of challenges including real and perceived conflicts of interests between intermediaries and their customers.

Consequently, a direct membership market structure should be expressly permitted (not required, but permitted) so long as the relevant customer protections continue to be afforded, in this case by the platform provider.

3. Custody of Crypto Assets – Key Functional and Disclosure Requirements

For crypto assets, the asset is safekept in a wallet, where custody can be performed by the asset owner or by a wallet holder on the customer’s behalf. Where custody is performed on a customer’s behalf by a platform operator or intermediary, appropriate safeguards should be disclosed in policies and procedures of the custodian. Key areas of focus and disclosure should include: wallet architecture; whether insurance is provided by the custodian; how private keys are kept secure, managed and transferred; managing risks related to insider collusion or fraud; and physical security of data centers.

Importantly, in the case of platform operators, consideration should be given to the increasingly common practice of using third-party providers for data centers (i.e., cloud-service providers) as well as custodial services. In these instances, the platform operator will not itself perform these functions but nonetheless will be held responsible by users for them, and users should be given visibility into how third parties will address the aforementioned issues. Market supervisors should require regulated platform operators to perform regular diligence on their vendors and to have sufficient business continuity and disaster-and-recovery programs in place in connection with their vendor suite.

4. Full-Stack Market Infrastructure Providers and the Lifecycle of a Trade – Addressing Risk Related to Token Issuance and Asset Servicing, Orderly Markets and Settlement of Trades, Cross Margining and Risk Management of Positions

Again, native crypto-trading platforms integrate into a whole the system for custody, issuing tokens, settlement of trades, and risk managing positions with one technology stack. In creating or fine-tuning a regulatory framework for these platforms, policy makers should ensure that market supervisors understand this system through well developed and clear policies and procedures disclosed by the platform operator. The framework should address the following key issues related to the lifecycle of a spot or derivatives trade.

**Token Issuance and Asset Servicing**

Token issuers who have access to the platform for purposes of issuing a token should be governed by disclosed policies and procedures that explain the listing standards for tokens. In some cases, existing securities laws will apply, in which case the policies and procedures should explain how such laws are complied with by the platform as it relates to issuing the security tokens.

This document does not address whether existing securities laws should be amended to account for distributed-ledger technologies and new methods of issuing securities in tokenized form. Suffice it to say here that some of the traditional requirements for central securities depositories might not be appropriate for platforms that offer these services, but others will be.

To the extent a token is not a security but has some security-like features at some point in time, and policy makers otherwise have not addressed whether such tokens should be treated as securities, a platform operator in any case should be required to disclose, or otherwise facilitate disclosure of (i.e., most material information for a token can be easily found on the Web, and a platform could direct a platform user to this information), key material information about the token issuer as part of the platform’s listing standards.

Likewise, in the case of all tokens, the platform operator should develop and disclose policies and procedures for how a token issuer will interact with the platform for purposes of facilitating asset servicing, so that supervisors and platform users both can understand and assess the risks to the platform posed by token-issuance functionality. This would be especially relevant in the case of security tokens, where dividend payments and changes in ownership, for example, would impact the token and the owner of the token

**Market Surveillance**

Good public policy would require that a crypto-platform operator has policies and procedures concerning the practices and technology used to perform market surveillance of the platform’s trading environments in order to curb market manipulation and promote orderly markets. This is standard policy for traditional supervised markets and should be carried over to supervised crypto markets as well.

**Settlement**

With regard to settlement, our recommended policy would require the platform operator to have clear and transparent policies and procedures that explain when settlement of a transaction becomes final, and the conditions and circumstances under which the platform provider would reverse settlement due to errors, etc. By and large, regulated venues do this today in their terms of service, etc., and we think it is important they continue to do so.

One of the hallmarks of the FTX trading experience is to allow users to pair in a transaction nearly any combination of assets for purposes of settlement – for example, a user could exchange BTC for USDC or for SOL. Sound policy would allow the platform to settle transactions by pairing the assets with any of the others listed on the platform, including stable coins or cash fiat currencies (see below for discussion of stable coins) but also other crypto assets, so long as the platform otherwise made clear how and when settlement becomes final.

Another hallmark of full stack trading experiences is access to credit to ensure and promote liquidity on the platform. Public policy should allow platform operators to facilitate the provisioning of credit to platform users so long as this service and function are well documented and explained to the supervisor and market participants on the platform. This is a clear example of where services previously provided by intermediaries can be solved by the trading venue itself.

Because crypto platforms have led the way in exchange innovation, public policy should anticipate that crypto firms will become more and more integrated with traditional payment rails and similar systems. Policy makers should consider whether and when to expressly delineate under what circumstances these platforms could access government-sponsored payment systems created for the settlement of securities, for example. Other policy initiatives will address whether and under what circumstances securities, including government-issued securities, can be reflected in tokenized form, but if such tokenization is permitted, an otherwise properly supervised platform operator should be allowed to access existing payment systems to facilitate settlement of such securities, even if interaction with that system is not on a real-time basis. Such a policy is recommended because otherwise access to this payment system would involve an intermediary, introducing various types of counterparty, operational, and credit risks to the platform that would not be in the interests of the participants on the platform (which itself would be highly supervised under our proposed framework).

**Cross Margining and Risk Management**

The regulatory framework for crypto should clearly allow for the cross-margining of both derivatives and spot positions on the platform with any and all assets permitted in the customer wallet and account, subject to appropriate risk weights and haircuts, as applicable. For the settling and risk management of crypto asset transactions on a crypto platform, the settlement and risk systems are automated and the relevant software interacts with the wallet and account that contain customer assets

A well-designed regulatory framework would allow a single platform to perform all risk functions, and require the appropriate standards on those functions. For example, in addition to the custody requirements mentioned above, the settlement and risk-management systems should be appropriately explained to the market supervisor through the platform’s rule book, and the regulator should be made aware of major changes to the system.

Sound policy also should ensure that risk-management systems used by a platform operator are configured to prevent customer accounts from going net negative across positions. A risk-management system that effectively performs this function with this goal, including through liquidations of customer positions, should not be allowed to do so in an arbitrary manner. Instead, the rules, risk parameters and business logic that trigger any actions taken by the customer platform as it relates to customer assets should be clearly disclosed and appropriately explained to the supervisor as well as the platform users in the platform’s rule book, which should be approved by the primary market supervisor.

In permissioning the use of a risk-management system for clearance and settlement, policy makers should take care to remain technology and methodology neutral, so long as the platform operator can effectively demonstrate its responsibilities can be adequately met.

5. Trading Platform Providers – Ensuring Regulatory and Market Reporting

Regulatory reporting of transactional activity should be required in order to provide market supervisors appropriate visibility into the trading platform, and to better allow supervisors to police for market manipulation and other unfair trade practices.

Policy makers should consider carefully how best to provide this data – a requirement should be considered that would mandate that trading platforms create an API for the beneficial use of market supervisors to directly ingest data from the platform itself, rather than require a separate entity to undertake reporting responsibilities.

With respect to market reporting, a hallmark of the crypto-asset industry (as previewed above) is the provisioning of market data to users free of charge. Policy makers should carefully consider the standards under which platforms are permitted to charge users a fee for the provisioning or use of market data related to trading that takes place on said platform along with the implications of that activity for market access, transparency, and fairness policy initiatives. The right standards could incentivize the platform operators to focus on risk management, user experience, and product innovation for competitive advantage rather than fees based on trading activity brought to the platform by the user.

6. Ensuring Customer Protections

As suggested, crypto-asset platforms have ushered in an evolution of market structure in favor of a non-intermediated model, where entities separate from the platform are not needed in order to access the platform and the trading environment

In this market structure, however, key customer protections should remain in place. From a policy perspective, one approach could be a very general and non-prescriptive one that requires that platform providers or intermediaries develop and disclose policies and procedures to ensure the best interests of all customers are protected at all times, and leave it to the entity’s discretion. This would allow investors to choose a platform provider based on the robustness of those policies and procedures.

If a more detailed or prescriptive approach is favored, such an approach should consider whether specific requirements related to practices impacting platform customers such as front-running trading activity, market manipulation, general risk disclosures related to the assets and instruments listed for trading, appropriate and non-misleading communications with customers, and avoidance of entering into conflicts of interest with customers. Again, appropriate customer-protection requirements can be borrowed from the traditional finance space – the key is to ensure that the platform provider can provide them rather than insisting that an intermediary perform the function. FTX believes that market place operators are properly positioned (perhaps best positioned) to deliver these types of disclosures and materials to users in a way that can be built directly into the trading venue user interface/user experience.

7. Ensuring Financial Responsibilities are Met

As with traditional markets, ensuring that customer assets are protected to the maximum extent possible should be a principle for regulating crypto-asset markets.

Again, the prominence of the wallet as a tool for storing assets is key to the crypto-asset space, and apart from requirements to ensure that the wallet itself is safely maintained and secured, policy makers should ensure that customers have access to real-time information about their account levels at all times (and redundant access paths, in the event of disruptions on one access path), particularly if and when a platform operator commingles customers’ assets in an omnibus manner. If a platform provider elects to provide this infrastructure, operational complexity can be substantially reduced while customer assets are meaningfully protected.

In the case of a platform operator or an intermediary, policy makers should consider whether to adopt a minimum capital requirement (or other financial wherewithal condition) to ensure there are adequate resources to address operational and other types of risks that could jeopardize customer assets in custody. For platform operators, this could take the form of ensuring operational resiliency but in addition also ensuring adequate resources to address defaults and liquidations performed by a risk-management system (see above discussion on platform risk management). The goal should be to ensure platform operators need not depend on off-platform resources for settlement and risk management.

With respect to margining customer accounts, there should be a policy that expressly allows portfolio margining of all customer positions in all assets on the platform. This risk-management approach promotes capital efficiency and reduces operational risks to the platform or intermediary managing the customer account.

8. Ensuring Stable Coins Used on Platform Meet Appropriate Standards

A platform operator that permits the use of stable coins for settlement of transactions should be required to explain the standards the platform operator uses in deciding which stable coins it permits for such purposes. FTX has articulated and explained its policy recommendations for stable coin issuers (see https://blog.ftx.com/policy/context-stablecoin-regulation/).

The reason such a policy is recommended is that stable coins are exposed to reserve-volatility as well as redemption risk, and platform users should be entitled to some understanding of whether and to what extent those risks could impact their activity on the platform, including their impact on settlement of transactions (which might not be direct, but nonetheless indirect).

For example, a stable coin backed by risky and volatile assets and not transparently backed by an adequate amount of such assets with appropriate haircuts, could become exposed to price risk. This price risk could interfere with settlement finality on the platform, insofar as the value of the stable coin delivered as payment for the crypto assets in a transaction on the platform are suddenly not equal. Ensuring that stable coins allowed for use on the platform meet adequate standards set by the platform operator (or by public policy makers if applicable) mitigates this risk, and should better protect the users of the platform.

9. Full-Stack Infrastructure Providers – Ensuring Appropriate Cybersecurity Safeguards are Kept

Market regulators in recent years have developed comprehensive cybersecurity requirements for market infrastructure providers. Policy makers should either apply the relevant safeguards already in place for exchanges, or otherwise require that the platform provider develop and disclose to market participants its policies and procedures regarding cybersecurity safeguards. In the case of platform operators already licensed by a market regulator, system-safeguard requirements already will be in place. In the case of platform operators not already licensed, one consideration for policy makers is to adopt a policy that helps facilitate standardization of these safeguards domestically as well as globally

10. Full-Stack Infrastructure Providers – Ensuring Anti-Money Laundering and Know Your Customer Compliance

Platform operators must perform appropriate KYC as part of user onboarding and must conduct regular anti-money laundering surveillance of user activity (both on the trading venue and via the scrutiny of related on-chain transfers in and withdrawals out). Many platforms, including FTX, use a combination of vendors and internal compliance personnel to assist with these functions today. However accomplished, it is critical that crypto market place regulation continues to require significant focus on the performance of KYC and AML obligations. To ensure this, market place operators should be performing periodic self-audits and should also be subject to regular review and exam by their primary regulator on these requirements.