Possible Digital Asset Industry Standards
This document contains a draft of a set of standards that we as an industry could enact to create clarity and protect customers while waiting for full federal regulatory regimes. Treat it as an industry norms manual, trying to establish consensus. This is written by Sam Bankman-Fried, but neither he, nor FTX, feel confident that this structure is exactly correct–it’s just a draft.
Ideally, some industry group would mull over these topics, revise them, and publish what they feel to be an appropriate set of community norms!
And to be clear: nothing here is legal advice, or meant to override any relevant laws. It’s merely an attempt to create what clarity and protection we can in the meantime.
Hacks and Accountability
Hacks are extremely destructive to the digital asset ecosystem.
They have been all too prevalent and large. At the same time, the industry has done a decent job of identifying and flagging addresses carrying funds from a security breach, and so even if the funds are gone, the hacker may not actually be able to utilize most of them.
Asset listing; also, what is a security?
At least as of now, one central question that actors in the industry must sometimes answer is whether a particular asset is or is not a security.
In general, BTC and ETH are not considered securities; many long-tail tokens acting as investment contracts are securities. There are a number which are unclear, however.
Eventually, there may be legislative, regulatory, or judicial clarity on this question. Until then, this is how FTX, at least, plans to proceed. To be clear, this is only for listings on FTX US; this is not meant to make any decisions for the industry more broadly.
For all assets listed on our federally regulated platforms, we intend to publish an informal registration-statement-like overview of the asset. See here for a draft of such a statement for bitcoin.
Ideally, we’d end up in a place as an industry where being a security is not a bad thing: where there are clear processes for registering digital asset securities which protect customers while allowing for innovation. We remain excited to work constructively with regulators to develop and act within a regulatory framework for tokens that are securities.
I think that, eventually, blockchain technology has a lot of potential to improve traditional market infrastructure.
On January 28th, 2021, retail investors bought large amounts of certain equities–e.g. AMC and GME–on a number of mobile brokers, notability including Robinhood.
As prices of those stocks rose, the investors made large amounts of money, at least marked to market. Perversely, this posed a problem for the markets.
Stocks take two days to settle (and dollars can take months, especially for ACH and credit cards), with some amount of uncertainty and risk that the other side will fail to deliver in the intervening period. This means that, on January 28th, retail investors had billions of dollars of unsettled gains.
The typical retail stock transaction goes through a huge number of entities: for instance
That’s over 15 entities for a single investment!
And every single one of them incurs some amount of settlement risk. So if retail makes billions of dollars in a day, then you have tens of entities, each of which potentially need billions of dollars of spare capital, in case any one of the many entities in the chain later fails to deliver.
Once the investor’s profit exceeded the regulatory capital of the less well capitalized brokers, those traders were shut down, and in some cases liquidated, to ensure that they didn’t make any more money–money their brokers would not have been able to guarantee. There’s a limit on how much money retail can make in the current equities market structure!
But on January 28th, digital assets kept trading liquidity. Why?
Because if Alice wants to buy SOL from Bob in return for USDC, Alice sends the USDC on-chain to Bob, Bob sends back the SOL, and a few seconds later–with just ~$0.0005 in fees–the trade has fully settled, with no outstanding settlement uncertainty or risk, and so essentially no regulatory capital necessary.
And if two platforms had a transfer or transaction between them, they could just send the appropriate asset on the blockchain to the other one, once again clearing up settlement risk in seconds.
All of which is to say: I think that tokenizing stocks could help simplify securities settlement, providing a stronger and more equitable market structure for retail.
What’s blocking this now? I think the biggest thing is regulatory clarity: what would clearing, custody, registration, issuance, disclosures, etc. look like for e.g. tokenized AMZN?
Customer Protections, Disclosures, and Suitability
The clearest way to help protect investors is to provide transparency and prevent scams.
Investors should be given clear, comprehensible information describing the asset they are considering, and regulators should crack down on any that misrepresent or make materially misleading marketing claims.
I also think that, as a default, systems should not meaningfully run on credit–especially for retail. Retail investors should generally not be able to lose more than they have deposited to a platform, and any credit extended by a platform should be given extreme scrutiny if its failure could result in socializing losses among other innocent investors on the platform. This is one of the core planks of the clearing model we propose in our DCO amendment.
It’s also worth noting that this is one of the strengths of DeFi: even during one of the largest crashes in crypto history, truly decentralized platforms didn’t suffer losses–because rather than rely on vague credit checks, they verified the assets used for margin by requiring them as collateral.
If you have sufficient disclosures and transparency, are not exposing investors to more risk than what they deposit, and are regulating away scams, the remaining core piece of customer protection is suitability. In other words, who is an appropriate user for a particular product?
Centralized, regulated digital asset venues–like FTX–are going to end up under various disclosure/transparency regimes, potentially including suitability checks in some cases.
There are many ways that one could try to determine suitability, which generally trade off economic freedom against risk.
There is no single perfect procedure to determine suitability, but as a general matter, I believe that knowledge-based tests are the appropriate method, and significantly better for customers than wealth-based standards.
Here are various methods one could use to determine who can access a particular product:
The problem with (a) and (b) is two-fold. First, they can act to reinforce class barriers: only the wealthy can get real access to the financial ecosystem, and so only those who already have lots of money are allowed to make and grow money, exacerbating economic, racial, and rural disparities. Second, it’s not clear that it in fact does a great job of protecting investors. I’ve found the users who have had to fight through the most in their life to achieve economic stability tend to be among the most informed, sophisticated, and knowledgeable users; claiming that excluding the poor from having financial freedom is effective customer protection would imply things I very much do not believe.
The problem with (d) is that you could see people taken advantage of who do not understand the platform they’re using, taking risks they’re unaware of and are not willing to take.
(e) could mean any number of things, but is generally an invitation for bias and exclusion, creating ivory towers of financial access.
As far as I can tell, (c) is the most appropriate. Rather than making assumptions about economically disadvantaged populations or condescending to any particular groups, it drives straight at what is in fact the largest worry: that people will use a product they do not understand, taking a risk they are not willing to take. In general America is built on a foundation of freedom and individual choice, and that’s true economically and financially as well as verbally. But that doesn’t allow platforms to take advantage of customers with misleading, deceptive, or sloppy products. And so I support implementing knowledge-based quizzes–rather than asset-based ones–to determine product suitability.
Anyway–in order to demonstrate what we would plan to launch FTX US Derivatives with, were our amendment to be approved, we’ve put together a site that contains a comprehensive set of customer protections–from disclosures to explainers to knowledge based quizzes.
Sanctions, allowlists, and blocklists
In order for commerce to work, it’s crucial that validators and smart contracts are free, permissionless, and decentralized.
There are many cases, though, where many asset senders and centralized intermediaries will want or need to maintain and/or respect various address blocks: either because of hacks, scams, or sanctions.
I fundamentally believe that blocklists – not allowlists – are the correct approach to sanctions compliance on blockchain environments.
The possible options for those sending assets or acting as centralized intermediaries are to either:
Allowing all transfers opens up the door to significant financial crimes, and banning all transfers unless allowlisted grinds commerce and innovation to a halt and freezes out the economically disadvantaged. Maintaining a blocklist is a good balance: prohibiting illegal transfers and freezing funds associated with financial crimes while otherwise allowing commerce.
It’s worth emphasizing this: all of commerce breaks down if you require a allowlist to transact. Want to buy a bagel at a corner store? Better have your passport, proof of address, phone, email, and SSN ready! Oh, and I sure hope 7-11 likes being a broker-dealer. (Imagine what would happen to the underbanked if buying a bagel required a passport.) Maintaining the presumptive freedom of peer to peer transfers and decentralized blockchains (unless there is specific evidence of a scam, illicit finance, etc.) is absolutely necessary.
At the same time, the largest gap in sanctions compliance right now is timing–what happens if funds from illicit financial activities are moved after the activities are discovered but before that’s communicated to all of the platforms?
What does this mean, in practice*? (*To clarify, “in practice” here means “how things should work in a perfect and logical word”).
Finally: we should attempt to implement some system like the above to help us respond quickly to incidents. If this were updated quickly and immediately on-chain, we could make reponses and asset freezing effectively instantaneous.
DeFi is crucial to a lot of the innovation that digital assets could ultimately bring. It’s also one of the trickier things to think about in the context of current regulatory frameworks.
But there’s never going to be a perfect answer; all we can do is put one foot in front of the other. So here’s a proposal for a rough regulatory heuristic to use with DeFi.
First of all: maintaining free, decentralized validators and smart contracts is absolutely crucial for DeFi–and commerce more generally–being able to function.
On the one hand, you have actions that feel more like free speech, expression, and mathematical constructs: those that are purely writing code, deploying it to decentralized blockchains, or validating blocks according to the rules of the chain. Decentralized code as speech.
On the other hand, you have constructs that look much more like centralized financial services: an American actively hosting a centralized website that markets and actively facilitates US retail investors to access DeFi protocols, or actively marketing products. Centralized GUIs and marketing as regulated financial activities.
What this would mean:
This is a compromise, and it’s not perfect by any strongly held position. But I think it’s reasonable. It allows core technological innovation to continue and people to express their freedom, while requiring licensure for activities that market to retail or resemble traditional financial brokerages, creating a layer for regulators to enforce consumer protection and market integrity.
I’m very open to suggestions on this front! There are many variants that one could have. But above all else: figuring out how and where DeFi and things tangentially related to DeFi do and don’t fit into regulatory contexts is a hard problem, and one on which there is not yet firmly settled thought. We should be careful about locking in decisions absent working out a sound and responsible basis for doing so.
See here for a proposed set of community standards on stablecoins, at least until there is an explicit regulatory framework for them.
Stablecoins present a huge opportunity to modernize and democratize payments, both domestically and abroad. We should adopt regulatory policy that supports them, while protecting against any systemic risk.
In short, any stablecoin holding itself out to be stable relative to the US Dollar should be backed by at least as many US Dollars (or federal government issued treasury notes/bills) as there are stablecoin tokens in circulation, and should maintain up to date and public information and audits attesting as such.
In addition, there should be KYC of the traders participating in the on-ramp/off-ramp process (i.e., KYC of the individuals and entities creating and redeeming the stablecoin). This is very easy to get correct - and we think there are a number of suitable regulatory frameworks under which a stablecoin program may be pursued - provided the operating entity maintains the relevant information on assets and has and enforces the proper KYC requirements. To be clear, this does not mean that passports and social security numbers are necessary to buy a bagel from 7-11–but issuances and redemptions of stablecoins should be BSA-level KYCed activity.