Ask the Experts: Crypto-Asset Regulation with Dr. Ryan Clements
By Glenn McAleer
I had the opportunity to sit down with Dr. Ryan Clements, Assistant Professor and Chair in Business Law and Regulation at the University of Calgary Faculty of Law. We discussed his paper, “Emerging Canadian Crypto-Asset Jurisdictional Uncertainties and Regulatory Gaps”. Dr. Clements also shared a brief history of crypto regulation in Canada, his goals as a scholar, and information on the Indexed Finance case currently in the Ontario Superior Court.
How are decentralized crypto assets currently regulated in Canada?
Canada has an internationally idiosyncratic approach to regulating certain decentralized crypto assets, like Bitcoin, where investors don’t control the private keys.
To understand Canada’s approach, you need to know some history. Several years ago, we had a catastrophic failure of a crypto-asset trading platform called QuadrigaCX. The custody of crypto-assets was accessible by only one individual. That individual died in late 2018 and hundreds of millions of dollars of crypto was lost. Investors asked, where were the regulators? Where were the investor protections, the custodial controls, and the operational safeguards? The first response from the regulators was to determine whether they even had jurisdiction over these decentralized crypto-assets. The Canadian Securities Administrators or CSA (an umbrella organization comprised of the provincial securities commissions that creates harmonized policies) put out a consultation paper considering how they might have jurisdiction. The consultation suggested that the relationship between a platform like QuadrigaCX and its users might create a security like an investment contract or a derivative. This is because the definition of “security” involves some very open-ended sub-prongs. Terms like “investment contracts” have been interpreted in case law to capture investments in a common enterprise with an expectation of profit based on the actions of other people.
After the consultation went public, there was a positive response. There were two successive CSA staff notices (21-327 and 21-329) that applied legacy securities regulatory frameworks to platforms that trade decentralized crypto-assets, because the relationship between the user of the platform and the platform itself created either a security or a derivative. This is the idiosyncratic nature of crypto regulation in Canada; because other international regulators aren’t doing it that way, we’re really the first. The point of my paper is to say that I think this is a good solution. It protects against failures like QuadrigaCX in the future. It creates trust, investor protection, efficient markets, and stability. However, if you look across the crypto market, it’s also incomplete. Because of the Ethereum blockchain and other programmable blockchains that have since been developed, users can self-custody, interface into a smart contract, trade and lend crypto-assets, mint non-fungible tokens and stablecoins, and much more – without using the services of an intermediary like a crypto-asset trading platform. This is what is known as decentralized finance or “DeFi.”
This entire world of decentralized finance (DeFi) is emerging parallel to the regulatory framework, which only applies to centralized intermediaries with custody. The market is developing away from centralized intermediaries to non-custodial situations, none of which are regulated. As I mentioned in my paper, there are investor protection concerns as well as interesting legal problems. It is not always clear that securities regulators have jurisdiction in these contexts. There are some interesting global jurisdictional issues as well. Who is responsible for regulating something like Ethereum, which exists everywhere? Even if the regulators in Canada wanted to regulate Ethereum, it’s not clear that they would be effective at doing so. DeFi is causing a complete paradigm shift, or revisitation, forcing regulators to consider how to regulate something that exists everywhere and can be interacted with peer-to-peer (P2P).
In your article you reference a finding from Rand Corporation in 2020 that estimates as few as 1% of all decentralized commodity crypto asset transactions worldwide take place outside of centralized exchanges. Do you believe that trend will continue?
I am skeptical that the 1% of the market identified by Rand will increase over time. I think people want to know who they’re dealing with. There will always be a subset of people that want anonymity, but most people who want to interface in the crypto world do so through an intermediary. The average investor is going to their preferred crypto asset trading platform or they’re buying an exchange traded fund (ETF), the price of which is based on a basket of other crypto assets.
The movement of the mainstream is still towards centralized intermediaries. I think that’s because finance and trust are deeply intertwined. Every day I read about hacks, scams, and fraud on DeFi. There’s nobody to go to if you lose your money and there is no recourse for misrepresentation. For example, the Indexed Finance case currently in the Ontario Superior Court.
Indexed Finance is a DeFi protocol, a software program built on a programmable blockchain that allows people with crypto assets to link into a smart contract and acquire the equivalent of a crypto index fund. Say you log onto a crypto-asset trading platform and realize that there are many different crypto assets available to purchase and that you’d like exposure to a bunch of them. If you want exposure to 500 stocks for diversification, you buy an ETF. It’s the same idea, Indexed Finance just did it without an intermediary. Now Andean Medjedovic, who finished his master’s degree in math at the University of Waterloo at the age of 19, figured out a way to extract 15 million dollars of tokens from Indexed Finance. He argued that it was a lawful arbitrage trade. He looked at the code, the code said he could do it, so he did. In his opinion, “code is law”. People who were hurt by this transaction hired lawyers to sue, alleging fraud. Medjedovic was supposed to send the crypto assets to a neutral custodian pending resolution of the trial, but he didn’t and now there is a warrant for this arrest, so we may not get a ruling on the “code is law” question. There is no regulation on Indexed Finance, no prospectus for risk disclosure, no safeguards, no code audits, nothing standardized.
I think that DeFi needs regulation to solve its trust problem or it will continue to exist as a smaller sub-set of direct engagement. For an investment, I’m going to go to the platforms that are transparent, to the things I’m most used to dealing with – like a bank or investment dealer. That’s where the focus of the regulation is right now. Will that change over time? As younger generations grow up with crypto, as interfaces look more like legacy finance, more people might directly interface into the DeFi world. That’s where the issues I bring up in my paper become more relevant.
Your article mentions that there’s been no formal jurisdictional position advanced on proof of stake validation rewards (crypto staking), but that staking is likely within the ambit of the regulators. Given that Ethereum is planning to migrate from a proof-of-work (PoW) model to a proof-of-stake (PoS) model, do you believe crypto-staking will become more prevalent?
You’re seeing international crypto-asset trading platforms provide an interface into the staking and DeFi world. There are multiple ways to stake, but if I attempt to do it on my own, I’m susceptible to cyber-security and other risks in DeFi. Given the high earning potential, there is demand for platforms offering a fee to stake for you. What is staking legally? This hasn’t been articulated by the regulators yet. Legally – is it a security like a debt? Is it a deposit, like what you’d have at a bank? Is it something else? We don’t know; the regulators haven’t said anything yet. One of the challenges is that it’s happening now. I can access international crypto-asset trading platforms from Canada that provide staking services. Depending on how the regulatory framework around staking eventually takes shape, platforms in Canada could be at a business disadvantage to platforms internationally. Canadian securities regulators are chasing platforms accessible to Canadians while other platforms in Canada are interfacing directly with the regulator.
I think the bigger question with crypto is “what’s the end game here?” I’ve been in the crypto market for a while. I’ve seen the market cap go from the billions to the trillions. But you wonder – do we need 19 000 different kinds? Some of them look like Bitcoin, do we need that many analogues to Bitcoin? Why not just use Bitcoin? Some of them are different, like Ether, which is a utility token on a programmable blockchain. Now there are a bunch of different programmable blockchains – will they all survive? How many programmable blockchains do we need? That’s an interesting question – where do we go with all of this? It seems inevitable to me that there will be consolidation over time. I’m a proponent of tinkering; if we can make processes better, if there are benefits to society, that’s awesome. What I’m less receptive to is the idea that the crypto market can operate well without regulation. I don’t see regulation as a punishment, I see it as a mechanism of trust and stability in financial markets. I think that it provides investor protection, system stability, efficiency, and fairness across markets. I think that we need that to transact financially with each other. My goal as a scholar is to consider how to bridge these two worlds. How to integrate a regulatory framework that can maximize productive entrepreneurship and actual use value, but also maximize trust and financial inclusion. To maximize use you need trust, and to get trust I think there’s a place for a regulatory framework.
Is an incomplete regulatory scheme as stifling of innovation as a strict and comprehensive one?
That gets brought up in discussions around new policy formation in finance. On one hand, the market likes certainty – it's nice for operators to consider a checklist of what they must comply with. Uncertainty is not so nice. I think there are ways to bridge that gap and you’re seeing them through novel approaches to regulation, like sandboxes for example.
The idea of a sandbox is that it allows for accommodation while testing your product. Regulators create a “safe space” to test the product with real consumers and reduced regulatory obligations. It gives the regulator a chance to learn, the operator a chance to test and be operational, and at the end of the day, if you must register like a bank, there’s a run time for that. There’s also the idea that the same risk should create the same regulation. I think these are valid frameworks. I also think that its valid to look to contextualizing traditional rules, even if we’re not seeking bespoke solutions. We need disclosure on these crypto coins that are trading, but it makes no sense to make them issue a traditional prospectus because there are elements of the legacy prospectus rules that don’t fit. Willingness of the regulator to contextualize disclosures is helpful. The gaps I identify in my paper are where policy formation hasn’t come but I’m not a fan of fast policy formation if it’s not clear that there is widespread use. I think creating strict regimes before things are being widely utilized might make us create the wrong regime – it's okay to have a bit of a slow and informed process and that’s what were seeing with DeFi.
What do you see as the greatest threat to prospective investors and what advice might you offer to help mitigate against those threats?
Dr. Clements began by acknowledging that this isn’t investment advice, as he’s a law professor.
My job is to identify risk because risk informs regulation. If there is a unifying, high level statement to synthesize those risks I would pose it as a question – “do you understand the risks involved in what you’re doing?” If I go buy the stocks of a publicly traded company, they’re subject to a defined regime of disclosure that they must continue to meet. That doesn’t mean that the shares of the company that you purchase are without risk – it just means that the risks are ascertainable. You can look at an investment and compare balance sheets with another company. You have reference points to evaluate risks. On DeFi you don’t have standardized reference points.
I think Canada’s approach to centralized trading is good because the regulators are making platforms put out risk disclosure statements. If you decide to engage with DeFi on your own, you need to do your own investigation because there’s no standardized disclosure frameworks. There’s a lot of exciting stuff out there right now and there’s a fear of missing out. You need to understand your own risk profile and decide whether the investment fits within it. To do that you need to understand what the risks are. I would encourage people to do more homework. Know what you’re doing, and know what you’re getting.