FTX’s Key Principles for Ensuring Investor Protections on Digital-Asset Platforms
FTX strongly believes that ensuring investor protections is critical to the successful operations of digital-asset platforms, including our own, as well as to ensuring a positive user experience for our customers. FTX also believes that non-intermediated “direct access” markets, such as the FTX exchanges, can and do provide a level of investor protection that meets and exceeds the policy goals and purposes of traditional investor protection regulation (notwithstanding the absence of an intermediary or “broker”). Technology continues to displace the need for an investor to rely on intermediaries and brokers to access certain markets or asset classes, and one of the most important innovations of the digital-asset industry is a simplified market structure that does not need to rely on intermediaries for access to markets. From this observation, this paper addresses the key investor protection principles (described below) applicable to any market and the ways in which non-intermediated “direct access” digital-asset platforms can and do provide these protections for their users.
The goal of this paper is to support two critical propositions:
- The investor protection principles we describe in this paper can be provided directly by a digital-asset exchange or platform, using a non-intermediated market model, at an effectiveness level that exceeds relying on a series of intermediaries to provide similar protections and that ultimately leads to what FTX believes will be an overall risk-reducing market structure, for the benefit of investors.
- To the extent that legacy regulations or policies would assume or require an intermediary to provide these protections, we believe that approach often imposes unnecessary burdens and costs (including fees and both capital and operational inefficiency) on investors and markets without any corresponding benefit–and any such rules should be updated and modernized.
If market structure policy is truly to be technology neutral (which is an important and often stated principle expressed by policy makers), market regulators must acknowledge that intermediated market structures are due, in many instances, to the fact that technology was less robust when those markets were first developed. While intermediaries previously were helpful because the cost and complexity of accessing (1) a market for trading assets or (2) the assets themselves (especially when securities, for example, were in material or paper form) were substantial enough that it was economically efficient for an investor, especially an individual investor, to rely on an intermediary to provide such access and attendant services. However, intermediated market access is NOT an a priori first principle of market structure design, and technology has meaningfully changed what is possible.
Today, the only tools necessary to access a centralized market place for assets directly are (1) a computer or mobile device; (2) relevant “trading” software accessible on that hardware; (3) access to broadband services to transfer data over the Internet, and (4) an application programming interface (API) to allow the trading software to be built and integrate with the trading platform’s software. As a result, while investors might elect to use intermediaries for various reasons, those intermediaries are no longer indispensable for gaining access to financial products if the investor has the aforementioned tools.
We believe this has led to the possibility of the reduction of many types of risks, as explained in FTX’s Key Principles for Market Regulation of Crypto-Trading Platforms (hereinafter “Market Regulation Key Principles”; see https://www.ftxpolicy.com/). Combined with other best practices and enhanced risk-management techniques utilized by FTX, this simplified market structure forms the basis for our argument that a well designed and operated non-intermediated “direct access” digital-asset platform can be risk reducing relative to traditional market infrastructure. Building on FTX’s Market Regulation Key Principles, this paper continues the discussion about critical investor protections and our view that platform operators should be allowed to provide these protections, and be held accountable for them, rather than insisting that they be fulfilled by intermediaries on the platform.
While not the core goal of this paper, we also note that intermediation can reduce transparency and information available to the customer. Traditionally, most users are not given full market data; neither are they allowed full access to exchanges, preventing equitable access. FTX’s disintermediated structure ensures that all users have equal access to its information and markets.
Key Investor-Protection Principles
Ultimately, all policies affecting the operation of a digital-asset market ensure the protection of the investor on the platform, and FTX’s Market Regulation Key Principles paper addresses those. Here we focus on specific principles related to the core of protecting customers’ interests and their assets kept on a digital-asset platform. These include (1) maintaining adequate liquid resources to ensure the platform can return the customer’s assets upon request; (2) ensuring the environment where customer assets are custodied, including digital wallets, are kept secure; (3) ensuring appropriate bookkeeping or ledgering of assets and disclosures to protect against misuse or misallocation of customer assets; (4) ensuring appropriate management of risks including market, credit/counterparty, and operational risks; and (5) avoiding or managing conflicts of interest. Each of these is addressed in turn.
1. Maintaining Adequate Resources to Return a Customer’s Assets
A hallmark of the investor-protection regimes for markets globally and in the U.S. are requirements to ensure that the intermediary holding a customer’s assets has adequate liquid resources available at all times to ensure that the customer can redeem her assets when she chooses. Often these policies are designed to ensure that there is (1) no delay in returning customer securities upon request, or (2) no shortfall, where an amount lesser than the value of the customer’s asset can be returned to the customer. This principle often involves other restrictions on the custodian, including, for example, a restriction of the use of customer assets to finance other business expenses or initiatives. To ensure adequate liquid assets, familiar policies require a reserve of funds or qualified securities that is at least equal in value to the net cash owed to customers. U.S. derivatives policy is very similar and also requires a cushion of resources to be held by the entity managing a customer’s derivatives positions to ensure timely return of customer assets.
FTX recommends policy makers consider a policy embodying this principle for digital-asset platform operators: fashioning a requirement, to be reflected in the platform’s policies and procedures or otherwise, where the platform operator is accountable for keeping adequate liquid resources to ensure it can deliver customer assets back to the customer upon their request. This principle is sound for all asset types, and while the policy today tends to fall on intermediaries, it can just as easily be applied to the platform operator; in general it should apply to whichever entity is custodying customer assets. Such a policy as applied to digital-asset platform operators would be independent of other requirements to ensure adequate capital to cushion losses (see discussion below).
To the extent existing regulations have implemented this principle by fashioning restrictions on intermediaries, most market supervisors – including those in the U.S. – have other authorities that would permit appropriate or conditional application of such a duty on a market operator. The fact that customer assets include digital assets and tokens in principle need not alter the basic policy of ensuring there is the availability of liquid assets.
FTX has policies and procedures for its platforms today that reflect this basic principle by maintaining liquid assets for customers withdrawals, including a sufficient balance of digital assets funded by the company for its non-U.S. platform. The resources are funded to provide sufficient cover against user losses under certain events and extreme scenarios in order to, among other purposes, ensure a customer without losses can redeem its assets from the platform on demand.
2. Securing Environment Where Customer Assets Are Custodied
Another key customer-protection principle is making sure that the environment itself, where customer assets are kept, is safe and secure. Existing market regulation often looks to the requirements of other financial custodians and intermediaries that also custody assets as a proxy for safety and security. For example, U.S. policy has the concept of requiring the use of a “qualified custodian” for the custody of customer cash and securities, which in many instances is another intermediary that is also supervised and otherwise equipped to ledger and track a specific customer’s funds. Interestingly, the U.S. derivatives regulator explicitly recognizes that a clearinghouse is subject to sufficiently rigorous standards and supervision that it can be entrusted with safekeeping customer assets. In any case, this principle mandates that appropriate arrangements to safeguard the clients’ rights in client assets and minimise the risk of loss and misuse are in place, which can be accomplished by ensuring that the custodian of the assets maintains adequate levels of financial integrity, physical and cyber security, as well as transparency to customers about the locus and availability of their assets.
Regarding a digital-asset platform operator, the assessment of whether the environment delivers on this principle is different from that for traditional assets because the ecosystem often involves traditional fiat currencies as well as digital assets and tokens related to public blockchains. For digital assets, the digital wallet is central to the custody arrangements. For fiat currency, FTX and other other platform operators will necessarily rely on licensed banking institutions to custody a customer’s fiat currency; for traditional, non-tokenized securities, the custody function will follow the lines of the traditional market structure, unless some exemption is provided to allow some other arrangement – in the U.S., for example, existing regulations would require that custody be performed by a licensed intermediary legally permitted to custody such securities. (It certainly would be interesting, however, for policy makers to consider permissioning platform operators with the proven resources to custody these assets as well – again, derivatives regulation allows clearinghouses to custody assets.
For digital assets, however, where policy is much less developed, custody involves control of private keys to digital wallets, and physical security involves the safekeeping of those private keys. When digital assets are left in the custody of platform operators such as FTX, safekeeping private keys can be performed in-house by the platform operator, or by the platform operator contracting with a third-party (the platform operator would remain accountable for regulatory requirements under this arrangement). Notably, both approaches have been permitted by market regulators and embraced by market participants.
Multiple architectures exist for the storage of private keys, which can be accomplished through use of a “hot wallet,” cold storage, multi-signature wallet, or even by a smart-contract wallet. To be sure, policy makers could decide if a particular approach should be allowed or prohibited based on a particular policy emphasis – each approach has trade offs related to security and efficiency – but at this time, the best policy approach is likely allowing market participants to decide their preferred custody approach by electing to transact with the platform operator that offers it. This approach necessarily would require that a platform operator adequately disclose its wallet architecture and security practices. In any case, limiting access to the private keys under custody through appropriate permissioning, and ensuring adequate cyber-security protections, are critical to discharging this principle regarding securing the environment where assets are kept.
Some have suggested that allowing the platform operator to serve as the digital-asset custodian might present a conflict of interest for the platform operator, presenting more opportunities for misuse or misallocation of customer assets. It is far from clear to FTX that contracting with a third party for custody would in every instance lower the risks of misuse or misallocation of a customer asset, particularly when the platform operator would presumably remain accountable and, indeed, liable in every case; and each additional party added to a customer’s experience adds another potential point of failure. We believe that rather than focus on any perceived conflict, policy makers should instead focus on the first principles described above for asset safekeeping (i.e., regular auditing of the cybersecurity aspects of the custody plan along with auditing the actual assets held in custody), and perhaps consider requiring the platform operator to disclose any remaining potential conflicts while developing policies and procedures to address them.
FTX uses both approaches, using a third-party custodian in part for the U.S. derivatives platform and a proprietary in-house custody solution for the other platforms. For its in-house wallet solution and to maximize security, FTX leverages best-practice, hot- and cold-wallet standards whereby only a small proportion of assets held are exposed to the Internet and the rest are stored offline. FTX policies and procedures also address and dictate other key components to the security of private keys, including applicable multi-signature arrangements, as well as the storage of backup relevant backup information. FTX’s custody solutions comply with all relevant regulations, including those of the U.S. CFTC, and the company takes pride in the confidence in our security measures our customers have given to us.
3. Ensuring Appropriate Ledgering and Disclosures of Assets to Protect Against Misuse
Another key investor-protection principle is making sure there is adequate bookkeeping (and related records) to track the customer’s assets, combined with appropriate disclosure and reporting. This is to ensure that whoever is in control of a customer’s assets is not misallocating or misusing those assets, particularly in furtherance to their own purposes at the expense of the customer’s best interests. The basic concept here is that there should be controls in place to ensure the custodian has books and records that keep track of and identify which customer owns what, and there is adequate regulatory and customer reporting, as well as independent auditing, to verify the same.
In keeping with this principle, FTX provides a user experience that enables any user to easily view account balances for all assets, for all of its platforms, in real time. By logging in to the customer’s account at FTX, the customer can immediately view the types of assets they own held in custody by FTX. The assets are ledgered and easily identifiable to the user (but held in an omnibus wallet in the case of the customer’s tokens in order to better promote liquidity on the platform) pursuant to internal policies and procedures, and FTX regularly reconciles customers’ trading balances against cash and digital assets held by FTX. Additionally, as a general principle FTX segregates customer assets from its own assets across our platforms.
Relatedly, and previewing the risk management discussion below, FTX ensures redundancy, resiliency, and disaster-recovery preparedness by using multiple geographically dispersed cloud and data service vendors and facilities to ensure industry-leading 24/7 service.
4. Conducting Adequate Risk Management to Protect Digital Assets
The next key principle is ensuring that any market participant in possession of customer assets is performing adequate risk management to protect those assets, regardless of their particular role in the ecosystem. There are multiple types of relevant risks that are inherent to any market structure, including but not limited to credit or counterparty risk, market risk, funding liquidity risk, and operational risk. (All of these in turn have a bearing on or contribute to systemic risk within the overall ecosystem.)
Credit and counterparty risk refers to the risk that a counterparty will fail to perform its obligations. Market risk is defined as the potential for losses arising from the change in value of an asset. Liquidity risk is the potential that a position in an asset cannot be unwound due to a lack of depth or a disruption in the market for the asset. Operational risk includes a risk of loss from a failure of internal processes at an organization, which can be caused by human error, technology-system breakdowns, or communication-network failures; they also can include losses caused by external factors such as “acts of God” or other naturally occurring events.
Market participants in any market, including digital-asset market operators, must address each of these risks to ensure against substantial or catastrophic losses that could lead to existential threats against their own firm, thereby imperiling the assets of their customers. In general, policy makers that develop market regulation have required that both market operators as well as intermediaries manage risk by developing appropriate policies and procedures to address them, which contemplate the use of quantitative methods to measure risk, pricing products according to their risks, establishing risk limits, active management of risks through hedging and other techniques, and the building of cushions to absorb losses.
FTX is a full-stack infrastructure provider, combining the matching engine and the clearing function on the same platform, providing a unified user experience for the trading of assets as well as the clearing and settlement of those assets. FTX’s Market Regulation Key Principles addressed other risk-management considerations for the trading venue itself, but here we focus particularly on risk management embedded in the clearing and settlement functions that relate to investor protections.
Clearinghouses in traditional markets again are subjected to substantial regulatory rigor and are required to develop written policies, procedures, and controls that establish an appropriate risk-management framework which, at a minimum, clearly identifies and documents the range of the aforementioned risks and more to which the DCO is exposed, addresses the monitoring and management of the entirety of those risks, and provides a mechanism for internal audit. Public policy typically provides clearinghouses discretion in setting, modeling, validating, reviewing and back-testing margin requirements that build the cushion to absorb potential losses, but must develop such requirements nonetheless; those models are then evaluated by appropriate regulators. Clearinghouses are required by regulation to frequently check the adequacy of initial-margin requirements, value initial margin assets, back test products that are experiencing significant market volatility, and conduct stress tests with respect to each large trader who poses significant risk.
FTX platforms improve upon these requirements today in a number of material respects, and indeed the FTX US derivatives platform complies with the specific requirements of U.S. policy. First, the FTX international exchange imposes on its users a dynamic maximum leverage limit depending on their absolute position, which is limited to maximum leverage of 20 times the notional value of the user’s account, and substantially lower in the case of larger positions. The limit is calculated as a function of market liquidity and volatility, along with the positions and collateral that the user holds. Second, FTX platforms check customer-account levels and asset amounts, including those used to collateralize positions, multiple times per minute as opposed to once per day, as standard policy requires today. Third, customer positions are liquidated if the net balance of all of a customer’s positions becomes negative, or positions fall below the maintenance-margin threshold, and the FTX risk engine performs this function automatically. FTX uses an advanced and user-friendly liquidation process that gradually reduces a user’s position to bring it to solvency, instead of closing the entire position. Fourth, FTX’s risk-management program requires that digital-asset collateral be placed on the platform itself, rather than pledged but not delivered to the platform, to ensure the platform has immediate access to the collateral for purposes of managing market risks. And fifth, FTX’s markets are open 24 hours a day, 7 days a week, which protects against delayed management of customer positions or market conditions, and the consequent build-up of market risk.
FTX undertakes this risk-management program without any reliance on intermediaries, depending only on its own systems and personnel. Historically, in traditional market structures, intermediaries provided a first or outer layer of risk management, as the entity typically responsible for onboarding customers and maintaining the customer relationship, and thereby exposing that intermediary to all of the attendant risks from that relationship. Market operators and clearinghouses are beneath or within that outer layer and, as explained above, also engage in management of the risks outlined above.
In traditional market structure, any type of breakdown in the risk management at the outer layer of the intermediated market structure exposes the inner layer to consequent risks. This is so because those intermediaries are members of the trading platform as well, and the effects of a risk-management breakdown can be transferred to the trading platform as well as to the other members of the trading platform. Policy makers refer to this concept as interconnection risk. Arguably, the existence of this outer layer created through intermediation increases the opportunities for risk-management failure because there are so many more points of potential lapses or failure. Many of these can be inconsequential to the overall ecosystem, but some or many can be consequential.
The simplified market structure native to the digital-asset ecosystem poses fewer interconnection risks within the system because the outer layer of participants is folded into the inner layer – investors access the digital-asset platform directly. Likewise, without intermediaries bringing their customers to the trading platform, the trading platform is not exposed to risk-management failures by an intermediary, and can focus instead on its own risk-management program. This in turn simplifies the role of the supervisory community overseeing such platforms, who by focusing on the risk management of the platform operator can dispense with concerns about the platform’s members who are not intermediaries. Again, this concept is key to FTX’s view that the market structure for our platforms is risk reducing compared to those found in traditional markets.
One corollary to this concept is that involving intermediaries in the market structure does not by definition lead to greater investor protections, as some have argued. Instead, greater protections would depend entirely on the risk-management resources and capabilities (operational and financial) of the intermediary and whether they are delivering on other key investor protections, which in part depends on the level of supervision of the intermediary vis a vis the level of supervision of the platform. As a general matter, the supervision of clearinghouses as it relates to risk management in particular is equal to or greater than that for intermediaries, with heightened financial integrity and reporting standards. And as explained above, FTX risk management is designed and has been implemented to improve upon those standards in multiple ways.
Fewer interconnections, combined with superior risk-management practices at the platform level, while delivering on core investor protections, leads to a superior and risk-reducing market structure that better protects investors.
5. Avoiding Conflicts of Interest
The final principle is that in order to ensure the investor’s interests are protected, conflicts of interest between the investor and the entity offering the products should be eliminated, mitigated and/or managed appropriately. Once again, in traditional capital markets the policy focus has been on intermediaries who offer access to investment products or otherwise sell the products to their customers directly, and today there are considerable requirements directed at intermediaries. Although not all existing regulations related to conflicts will apply, to the extent that policy makers wish to apply the relevant measures to the digital-asset space, this could be accomplished rather smoothly by shifting the burden of those measures from intermediaries to the platform operator as needed.
Policy governing traditional markets generally takes two approaches to addressing conflicts of interest: expressly prohibiting certain types of conduct, and requiring policies and procedures that involve affirmative steps to identify areas of risk for conflicts, and measures to mitigate or eliminate those conflicts. As an example of the former, most securities regimes, including in the U.S., expressly prohibit misstatements or misleading omissions of material facts, and fraudulent or manipulative acts and practices, related to the purchase or sale of investment products.
An example of the latter approach is a “best interest” or “suitability” requirement for entities offering investment products to their customers, again typically intermediaries in the case of traditional markets. This type of policy seeks to discourage entities from offering or recommending products that the investor does not sufficiently understand or possess the resources to use properly. Other regimes are less prescriptive and generally focus on the financial wherewithal of a customer seeking access to a trading market, on the premise of ensuring creditworthiness and an ability to meet financial obligations on the platform, along with risk-related disclosures.
FTX favors an approach that provides equal access to all investors, and follows sufficiently robust listing standards that ensure adequate information about the listing is provided to the customer. But if policy makers preferred to impose a heightened standard more similar to what is found in securities markets, for example, they would need to impose that responsibility on the platform operator, which again could easily be accomplished.
In any case, whether intermediaries are involved in the market or not, conflicts inevitably arise when each actor is pursuing its commercial or economic interests. The key point for this particular principle is that when they do, there are familiar methods for eliminating or mitigating those conflicts, even as they apply to platform operators. FTX conducts its business with a goal of maximizing our customer’s interest, but supports reasonable policy measures to eliminate or mitigate conflicts that impose those responsibilities directly on the platform.