Last week I spent a day at the Join Research Center of the European Commission discussing Fintech and, more specifically, blockchain and cryptoassets. Despite the fact that my presentation was very academic, most of the following discussion had a clear "policy" angle. This got me thinking about the regulatory issues related to blockchain. This piece is the outcome of these ruminations. My attempt is to classify what is going on in the blockchain world, in relation to what the regulator should know/do, starting from "low priority" moving to "high priority" stuff. Comments are welcomed!
Several companies (IBM, Walmart, ...) are working on private or semi-private blockchains. This is basically "blockchain as a shared database" among different actors, either part of the same consortium or part of the same supply chain.
I have to admit that this is the application of blockchain that I least understand. The reason is that, as a shared database, blockchain is quite bad---traditional solutions are much faster and efficient. The only advantage of a blockchain, which may be relevant in some contexts, is that data maintained by a blockchain do not belong to anyone in particular (equivalently, they belong to the entire network), whereas traditional solutions require an organization that maintains the data and therefore has control over them. In some applications, this control may be problematic.
From the regulatory standpoint, the only issue I see is that if data do not belong to anyone and are instead "on the blockchain," it is not clear who is responsible for making sure that these data comply with whatever regulation exists (for example, regulation about how long data should be kept, when data should be erased, ...). In most cases, it will be a matter of making sure that the blockchain is designed so that the resulting data comply with existing regulations. In other cases it will be about designating an "authority" that can edit the data maintained on the blockchain.
A second avenue that is being explored is the so called "tokenization" of existing assets. In this case, an existing class of assets (shares in a company, ownership titles, future contracts, ...) is exchanged "on the blockchain" rather than via traditional methods. For example, the company Overstock is apparently planning to launch a blockchain based stock exchange. From the regulatory standpoint, we are facing a well understood asset class, with a well defined regulation that should be followed whether the asset is traded on the blockchain or not.
Despite this, I think "tokenization" opens significant regulatory challenges. The reason is that a large fraction of current regulation assumes that retail investors can access financial products only via financial intermediaries. Hence, to make sure that your average pensioner stays clear of complex financial products, current regulation forbids financial intermediaries from offering such products to this category of investors. When such products are "tokenized" and sold on the blockchain, there is no intermediary anymore. Current regulation will need to adapt to a world in which finance is more and more disintermediated.
Legit-coins vs shit-coins
All other projects can be placed into either of two bins. The first bin contains what I call legit-coins. They are crypto-assets that have potential value because they are necessary in order to use a specific software (in this case, a blockchain-based protocol). They are a novel asset class, they should exist, thrive, but, of course, they also require a sensible regulation (some ideas on this later).
The second bin contains what I call shit-coins. These are crypto-assets that derive their value from an action that someone will perform in the future, but are not old-coins. To say it in another way, these are assets that are sold together with a "promise to do something" (either implicit or explicit) without being a contract. They are what the regulator should most worry about, because they are sold to investors on the basis of a false premise: that the seller is under an obligation to deliver something (or do something).
Unfortunately, shit-coins abound. For example, any tokens that have value because "the holder can redeem it for USD/EUR/..." falls into this category because its value depends on a given organization complying with this promise, which they may not do (probably not too surprising for those of you who followed the Tether saga). Tokens that are supposed to have value because "we will distribute profits among token holders" also fall in this category.
An interesting corollary is that any tokens that is necessary in order to use a not-yet-available or close-source software should be considered as shit-coins. The reason is that the organization controlling the software is making an implicit promise: that only a specific token will be used with their software. But absent a contract, this is an empty promise: the software can be changed so to accept other tokens, greatly reducing the value of the initial token. Quite different is when a token is necessary to operate an existing, open-source piece of software. Of course, the fact that a software is open-source does not guarantee that the developers will not change it later in a way that hurts investors. But in this case, at least, anybody can fork the software making such changes less likely.
An interesting side note is that the difference between legit- and shit-coins is often whether a particular action depends on software or humans. For example, the DAO was a smart-contract that, among other things, would have redistributed profits among the token holders, and hence was, according to my classification "legit" (it turns out there was a bug and it did not go as intended, but that is a different story). Another example is the use of smart contracts to create "stable coins", that is, tokens that maintain a stable value because backed by assets that are accessible by a smart contract and not by humans.
Is it all good with legit-coins?
I think legit-coins are a legitimate asset class, but similarly to all other asset classes, they also require a sensible regulation. On this topic I refer you to a recent working paper of mine. From the regulatory standpoint, the two takeaways from that paper are that startups (or, more broadly, developers) behind a blockchain projects should maintain skin in the game: always have a large share of total tokens on their "balance sheet." Which seems quite obvious until you realize that most startups sell 90% of their tokens at ICO, distribute some more to advisers and early investors, so that in the end very little is left with the people who are supposed to work hard and improve the software. The second is that the tokens held by the developers behind a project should vest for a non-trivial period (say 5 years), while currently most ICOs have no vesting at all, or a vesting period of only 1/2 year, after which everybody is free to sell their tokens and retire.