Communication with regulators

https://twitter.com/kanzure/status/1229856579324760064

Backgrounds

  • NTT
  • JFSA
  • SEC (enforcement division)
  • celo
  • compliance
  • gold reserves, central bank digital currencies (monetary policy controls)
  • soc1/soc2 audits
  • engineer

Developers and regulators: lawfulness questions

Are software developers liable from a regulatory perspective for software that they write? There was a case against EtherDelta. He was receiving income from it. In any crime, for enforcement agencies... there's a line between regulators and criminal enforcement. Regulators create rules. There has to be a component of crime. There has to be ill intent- an intentional component, to deceive, to take advantage of somebody, and there has to be somebody who has been harmed.

Is there anything that developers can do to draw a clear line? So I created a system that was intentionally created... but neither of us can provide guidance to you. It's always based on circumstances. But if you're asking generally, say we have created a smart contract and released it to the world and we don't have a master key and I can't do anyhting with it- and I created this code for evil. Say I created a smart contract virus. Augur is an example of this. Augur is complicated, because of the consequences. It looks like a smart contract, it was a prediction market. The intention of the authors was to create a prediction market, but what happened when people use it for ill purposes like putting a hit on someone's hand... it becomes the responsibility of the operators. Well, this will be decided in court. So the question is, could they have reasonably expected that this is an intended use? A common use? Could they have done anything to safeguard this or have some control? They will probably argue that they weren't anticipating that, and they were doing everything to prevent it-- have a kill switch or something. Here, code rules. It's a mathematical logic. But human society is not like that. Everything is probabilistic, it's not black and white, and society changes. Tomorrow what's considered truth might tomorrow not be. Stuff happens. Society has developed a mechanism for how we evolve. Building flexible code, just like building flexible law, is important.

What about developer certifications to work on blockchain projects? Maybe some minimum knowledge about financial obligations or requirements. Someone somewhere else can deploy code that wasn't covered by the certification. It's a global project. It's a global world. All the regulations and all the laws. Then there's regulatory arbitrage. We're not quite there. There's globalization and the European Union created... ultimately we're talking about a global regulation or coordination agency, a coordination between agencies around the world. European Union still has laws that have to be ratified by member nations. In the United States, same thing, conflict between state and federal law, so we're not there yet. Blockchain just sped up this conflict or highlighted this conflict. Over time, there should be fewer loop holes, but at least rules and social norms that people adhere to.

There are also different philosophies among regulators. Social norms might be a good solution. Social norms will change per jurisdictions and societies. It's cultural norms.

Self-regulation

Self-regulation is welcome, especially if it is intended to be inclusive. When regulators intervene is when consumers or certain players are harmed. In particular, where vulnerable populations are harmed. Those who have asymmetric access to information and those who can be taken advantage of. Effectively, to the degree that the market participants are willing to work together and create rules for self-disclosure or for enforcing in the code for the mutual benefits.

Coordination and powers of monetary policy

From the regulatory standpoint, do you see an appetite for each jurisdiction to carve out their own rules on grey area? Or globally do we want to engage stakeholders to come to a certain conclusion? Are there universal rules?

We talk about harmonization of regulation all the time. We would rather have everyone be on the same page. We want to support existing standards. Everyone wants to work together, but at the same time, they also have their own jursdictions and their own rules and regulations. Most don't want to give up that autonomy to the Federal Reserve or the ECB or whoever. I think you really see it especially with central bank digital currencies because they don't want to give up their monetary policies. When the Fed makes policy, they don't really think about Ecuador, so likewise Ecuador isn't likely to get aligned right?

Central banks don't understand the technology. They know monetary policy and how the financial system works. The new financial system or what's available with smart contracts and what's available with stablecoins and things like that.. is something that they just have to get their head around. Right now you see central banks huddling together, and programmers huddling separately.

You can do more things with monetary policy with stablecoins and central bank digital currencies. Central banks are not worried about bitcoin because its high volatility makes its useless as a medium of exchange. Is bitcoin really degrading the effectiveness of monetary policy? Well, they are more concerned about Libra. There's a lot of smaller stablecoins out there. Libra has a huge footprint. Even if a fraction of people use it, even as a medium of exchange, they are more worried about things that can be used as a medium of exchange.

Sanctions and control

Confidential transactions degrades some power just like compelled decryption issues. It's a backdoor for financial regulators. A private citizen with small transactions should be able to have privacy, but if you reach some threshold or some level of actor then society deserves transparency. We need to be able to follow the money.

One example is cannabis. It's a conflict of state vs federal law. Do we really want cannabis employers to not have finanical privacy? To not be able to use money? It degrades the value of money if there are sanctions against these kinds of private transactions. A money should have certain fungibility, otherwise it degrades the value of money.

zooko didn't want a backdoor for zcash. He wanted to strike a balance between regulation and innovation. Engineers might call it a backdoor. Any backdoor is bad. It implies someone has a key to the kingdom. Everything gets compromised, that's the only safe assumption. We need a solution in cryptocurrency where light is the ultimate disinfectant. We don't want to have "dark corners", but people do deserve privacy. How you do it, is another way. Maybe through blockchain governance. Maybe some people say it has to become transparent, and then it does become transparent.

Without regulatory clarity, it hampers business growth. There are grey areas or undefined rules. Like storage of key materials: do we have to have the private keys stored in a certain jurisdiction?

What about the three year safe harbor, is that being taken seriously? It depends. It depends on the lawmakers. It was a proposal for Congress to pass that. This was limited to utility tokens.

Other issues

  • regulation as backdoors (confidential transactions vs AML/KYC backdoor for regulators)
  • compelled decryption in court (risk of eroding court power and power of law)
  • risk assessment - looking at derivatives positions across an entire industry, preventing financial instability
  • ability to practice monetary policy
  • financial enforcement of sanctions

  • regulatory arbitrage vs coordination across agencies

  • opportunities for regulatory reform and promotion of business formation

Summary

We have some things in common, like we all believe using backdoors is not a good idea to ensure enforceability of regulation because it harms business and innovation. Regulators still need a solution, though. Engineering might be able to provide another solution for AML/KYC in confidential transactions, for example. I hope this kind of conversation is productive. We need to keep these conversations going. We also talked about central bank digital currencies and monetary policy. We would like to reach a consensus by continuing these kinds of workshops.

Q: As a regulator, what is your main challenge right now?

A: The main challenge is how to apply anti-money laundering regulations. We have the "travel rule" which is going global. They asked all crypto exchanges to report the identity of the transaction such as name, and identification. It's difficult to implement because there's so many types of non-custodial wallets and it's hard to connect addresses to identity. We have to implement it, maybe later this year, but we don't have a practical technological solution. We haven't really reached consensus. This is an example of how regulators are struggling with addressing the issues and how we need the engineering community to provide input on solutions.