The International Organization of Securities Commissions, or IOSCO, published a consultation report in May titled "Policy Recommendations for Crypto and Digital Asset Markets."¹

The consultation is intended to establish a clear and robust international baseline for the regulation of, and international cooperation in respect of, cryptocurrency and digital assets to address the market integrity and investor protection risks in crypto-asset markets.

This article analyzes IOSCO's proposals and considers whether there is more that can be done. 

The Issue

Cryptocurrencies and other digital assets have proliferated in recent years, encouraging expert and novice investors alike to speculate in highly volatile and uncertain markets.

Due to the speed at which these new markets have become established, regulators have struggled to set up robust frameworks to protect investors.

This regulatory lag has been exploited by criminals engaged in fraud and money laundering and has led to high levels of exposure and risk for investors trading in legitimate crypto assets.

Digital asset trading is, by its nature, a cross-border concern. Without effective coordination among states, even well-designed regulations are easily circumvented.

Such coordination is made more difficult by states that are unwilling to engage in international solutions and states that are themselves engaged in nefarious conduct in the crypto sphere.

The Recommendations

IOSCO's target is to finalize its recommendations by the end of 2023. Thereafter, it will be up to individual jurisdictions to ensure their regulatory frameworks comply with the minimum standards set out therein.

IOSCO's overarching recommendation is that regulatory frameworks addressing digital assets should seek to achieve regulatory outcomes for investor protection and market integrity that are equivalent to those required in traditional financial markets, to facilitate a level playing field between crypto assets and traditional markets.

The consultation sets out 18 recommendations that are grouped into six categories, as follows.

Conflicts of Interest

The recommendations within this category focus on risks arising from vertically integrated crypto-asset trading platform business models. Many crypto asset service providers provide multiple services within a single platform, including exchange trading, brokerage and proprietary trading.

The recommendations seek to ensure there are effective structures in place to mitigate conflicts of interest, including the potential to require disaggregation and separate registration.

The recommendations also seek to address conflicts of interest arising from the listing and trading of crypto-assets by requiring crypto-asset service providers to make accurate and sufficient disclosures to the market about the asset and its issuer in order to facilitate informed decision making by market participants.

Market Manipulation, Insider Trading and Fraud

Financial crime risks in the crypto sector are high, fueled by:

• A lack of effective market surveillance;
• Manipulative market practices such as Ponzi-style schemes;
• Pump and dump schemes;
• Wash-trading and front running;
• Insider dealing and unlawful disclosure of inside information; and
• Fraudulent, misleading or insufficient disclosure.

To address these risks, the consultation recommends establishing effective systems and controls to identify and monitor for manipulative market practices and to prevent leakage of inside information.

Combating crypto-related financial crime will also require enhanced cross-border intelligence and cooperation among regulatory and law enforcement authorities.

Cross-Border Risks and Regulatory Cooperation

This last point feeds into recommendations as to how participating states should adopt best practices in international cooperation to help ensure effective supervision and enforcement, and to reduce the risk of money laundering.

Many crypto-asset service providers are immature market participants and have not developed a sufficiently robust approach to regulatory compliance, meaning that investor protection and market integrity issues will persist without coordinated international regulatory action to address them. 

IOSCO's recommendations seek to enhance existing approaches to market conduct regulation, as well as existing information-sharing tools for supervision and enforcement to address these risks.

Custody and Client Asset Protection

The recommendations seek to safeguard client funds and assets and to provide clients with clear, concise and nontechnical disclosures of the associated risks, in order to ensure that client monies are held safely and transferred securely, avoiding inappropriate mixing of assets and other potential abuses.

Operational and Technological Risk

Crypto-asset service providers will be required to comply with certain minimum standards relating to operational and technology risk and resilience. They will be required to disclose all material sources of risk and to have in place appropriate risk management frameworks to manage and mitigate them.

Retail Access, Suitability and Distribution

The promotion of crypto-assets is underregulated and crypto-asset service providers often employ aggressive tactics to target retail investors who promise high returns without sufficient warnings and guidance as to the risks involved.

The recommendation seeks to ensure that regulations require crypto-asset service providers to diligently assess and only onboard sufficiently sophisticated retail investors who understand and are suitable for the greater speculative risks inherent in the crypto market.

New Financial Conduct Authority Rules

In the U.K., steps are already underway to enhance regulation around the marketing of crypto-assets following the implementation of the Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023, which came into force on June 7, and which brings the promotion of qualifying crypto-assets within the remit of the FCA.

On the back of this amendment, the FCA issued a policy statement on June 8, announcing new advertising rules that will come into force from early October.²

Under the new rules, the promotion of crypto-assets will be broadly limited to communication by, or approved by, FCA-authorized individuals.

Promotions that are in breach of these rules may be punished by an unlimited fine or up to two years' imprisonment.

Analysis

Crypto-asset regulation has inevitably struggled to match the pace of market innovation. Improved regulation will not only benefit retail investors by protecting them against financial crime risk, but also allow legitimate market entrants to positively distinguish themselves from less scrupulous participants looking to take advantage of legal lacunae.

IOSCO recommendations are a valuable first step in seeking to close the proverbial barn door, but the onus will be on individual states and trading groups to ensure they meet the standards that the recommendations seek to establish.

It remains to be seen whether this will be sufficient to rein in those who continue to profit from weaknesses in the regulatory environment, particularly given the comparative sophistication of the criminality at play.

¹https://www.iosco.org/library/pubdocs/pdf/IOSCOPD734.pdf.

²https://www.fca.org.uk/publication/policy/ps23-6.pdf.