Dan M. Berkovitz (Former General Counsel of the SEC and former Commissioner of the CFTC )
Mriganka Pattnaik (CEO, Merkle Science )
In the first section of this article, Dan M. Berkovitz outlines the regulatory gap that currently exists in digital assets, the risks it presents to individual stakeholders and the overall financial system, and how this gap might be addressed by policy in the long term and the implementation of regtech solutions in the short-term. In the second section of this article, Mriganka Pattnaik explores the role of blockchain analytics and technology solutions for market participants, investors, and government agencies to work together to operationalize the prevention, detection, and enforcement of illicit activity on the blockchain.
I. Regulatory Gaps in the U.S. over Digital Assets
By Dan M. Berkovitz, former SEC General Counsel and former Commissioner at CFTC
The Digital Asset Regulatory Gap
In the U.S., there is a significant gap in the regulation of digital asset markets. No federal agency has regulatory authority over the trading of digital assets that are neither securities nor derivative instruments on commodities. The lack of regulatory authority over these markets —also known as the “spot” market or “cash” market for these assets—is a significant regulatory gap, as some of the largest digital asset markets fall within this unregulated region, including the spot market for bitcoin and possibly ether and other cryptocurrencies (depending on whether they are determined to be securities).
There is an urgent need to close this gap because it poses significant risks to customers and investors in these markets, such as market manipulation and other abusive trading practices.
Distinguishing between the SEC and CFTC Jurisdictions
Under current U.S. law, regulatory authority and jurisdiction over the trading of financial instruments and assets rests primarily in two federal agencies, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). The jurisdiction of these agencies depends on the type of instrument or asset.
The SEC regulates the instruments and assets that are securities. The CFTC regulates the trading of derivatives—namely futures, options, and swaps—on commodities. The SEC and CFTC jointly regulate assets that are both securities and derivatives on commodities, such as futures contracts on single-equity prices. A common misconception is that the jurisdictional divide between the SEC and CFTC depends on whether the asset is a security or commodity—in fact, however, the respective jurisdictions depend on whether the asset is a security or a derivative of a commodity.
The term “commodity” in the Commodity Exchange Act (CEA) has a very broad meaning to include anything that is the subject of a contract for future delivery or that in the future may be the subject of a contract for future delivery. Thus, the CFTC’s jurisdiction covers not only physical commodities like corn, wheat, gold, oil, and coffee, but also financial commodities, such as currencies, interest rates, and equity prices. Digital currencies and other types of assets also are commodities under the CEA, so the CFTC has regulatory jurisdiction over futures, swaps, and options on digital assets.
The SEC’s and CFTC’s regulatory authority over the markets within their jurisdictions includes authority to require trading on regulated and licensed exchanges and to prescribe requirements for both on-exchange and off-exchange transactions, including with respect to the execution, clearing, settlement, and reporting of such transactions. It also includes authority to regulate and require the registration of intermediaries—such as brokers and dealers—in such transactions. Both agencies have the authority to investigate and bring enforcement actions for violations of these requirements.
Neither the SEC nor the CFTC has regulatory authority over the spot market for commodities that are not securities. In these spot markets, the CFTC only has enforcement authority to bring enforcement actions for fraud or manipulation.
Rising Concerns Among Financial Institutions
In its 2022 report on Digital Assets Financial Stability Risks and Regulation, the Financial Stability Oversight Council (FSOC) stated that “[t]he spot market for crypto-assets that are not securities provide relatively fewer protections for retail investors compared to other financial markets that have significant retail participation.”
The International Monetary Fund published a study that identified numerous risks with unregulated cryptocurrency exchanges, including market abuse risks, information asymmetries, high risk of market manipulation, weak price discovery functions, and, more specifically, wash trading, pump-and-dump schemes, and whale trades - a myriad of issues that are now being addressed by a single, overarching solution: regtech.
Hazards to Retail Consumers in an Unregulated Digital Realm
In unregulated digital asset markets, retail customers are at risk of being harmed by such practices as the use of customer funds to support trading by affiliates, the use of funds of one customer to satisfy an exchange’s liabilities to another customer, and trading against customers by exchanges. Other issues that also regularly appear include everything from information asymmetries and abusive trading practices to market manipulation and conflicts of interest in the operation of trading infrastructures.
Although in some instances agencies have been able to bring retrospective enforcement actions for fraud or misappropriation of customer funds, these retrospective actions can be brought only after customers have been harmed, as CFTC Chair Behnam has previously noted.
[T]he CFTC does not have direct statutory authority to comprehensively regulate cash digital commodity markets. Its jurisdiction is limited to its fraud and manipulation enforcement authority. In the absence of direct regulatory and surveillance authority for digital commodities in an underlying cash market, our enforcement authority is by definition reactionary; we can only act after fraud or manipulation has occurred or been uncovered.
As these risks show, it is imperative we close this regulatory gap, and one of the best avenues for doing so is at the intersection of regulation and technology, or for short, regtech.
II. Bridging the Regulatory Gap in Digital Asset Oversight: The Role of Blockchain Analytics
By Mriganka Pattnaik, CEO of Merkle Science
As discussed earlier by Dan M. Berkovitz, there is a regulatory gap for non-security, non-derivative commodities that presents a significant threat to the global financial system as both onshore and offshore market participants and investors transact with U.S.-domiciled digital asset platforms and financial instruments.
The Regulatory Gap in Digital Assets Compliance
As the founder of a blockchain forensics company, which proudly interacts with stakeholders across the ecosystem, including clients, regulators, and law enforcement agencies, I have recognized an unfortunate truth: When there is a lack of oversight, there is an opportunity for businesses to operate in the loopholes to maximize trading or business gains. For example, one company might operate an order-book exchange for the trading of digital assets that are neither securities nor derivatives. Other entities or bad actors may engage in unethical practices that were touched upon above, such as market manipulation, abusive trading practices, and practices that would be prohibited in regulated financial markets.
Closing this regulatory gap in digital assets will require a two-part solution:
- The short-term remedy adopts the best practice guidelines prescribed by the international regulatory bodies such as the Financial Action Task Force (FATF)
- The long-term remedy necessitates updating the legislation to provide regulatory authority over the spot markets for digital assets.
Both of these solutions require exchanges and other Virtual Asset Services Providers (VASPs) to establish robust risk policies and controls to effectively self-regulate when there is a lack of clarity from a central regulator. To put the policies and controls into action requires operational workflows to be underpinned by a regulatory technology (or ‘regtech’) stack that includes solutions for both:
- Market surveillance of digital asset wallets and addresses in real-time and historically after a transaction is confirmed on the blockchain.
- Blockchain analytics which operationalizes AML/CFT risk policies and controls so that preventative or remedial action can be taken such as blocking transactions.
The Urgent Need for Regulators and Law Enforcement to Deploy Blockchain Surveillance and Analytics Technology
The potential impact of solutions in market surveillance and blockchain analytics could not be more timely. CFTC Commissioner Christy Goldsmith highlighted the sweeping threat that digital assets pose in a keynote speech delivered at City Week 2023 titled “Illicit Finance and Other Key Risks of Digital Assets.” While her statement may seem like an indictment of digital assets, she concluded her talk by arguing that the private and public sectors must work together to unlock the potential of digital assets securely.
“Given that digital assets are already of significant size in the global financial system, it is imperative that these serious risks are managed. The stakes are too high. Market integrity, national security, and financial stability are non-negotiable. The private sector and governments both have a role to play in reducing these risks and in protecting customers,” she said.
Regtech for digital assets is the enabler of private-public sector collaboration to mitigate risks, protect consumers, and ultimately ensure the integrity of this promising new financial market. Just as we’ve seen regtech be developed and matured to support risk mitigation and regulatory compliance for other asset classes like cash and securities, we are now on the cusp of the same in digital assets where regulatory compliance operations are supported by technology.
Market surveillance tools can detect irregularities in trading and transactional behavior to prevent market manipulation in digital assets that both the SEC and CFTC have prioritized in their oversight and enforcement agenda. For example, both have issued consumer warnings about fraudulent websites for crypto trading. The CFTC has gone as far as levying punishments against perpetrators of these schemes such as the case where a Utah man was ordered to pay $2.5 million in restitution and penalties.
The CFTC will also be tracking these market manipulations through a forthcoming database that would include anyone convicted of fraud using digital assets, such as Ponzi schemes, investment scams, and pig butchering scams.
Apart from market surveillance, utilizing blockchain analytics is essential for VASPs to take a risk-based approach to real-time transaction and wallet monitoring in order to minimize on-chain risks for consumers and investors, all while ensuring a frictionless transaction experience for illicit activity.
The role of blockchain analytics in regtech
Blockchain analytics providers are an integral part of the regtech and business operations tech stack needed by crypto-native businesses, DeFi participants, financial institutions, and government agencies to manage regulatory compliance and mitigate risk. Merkle Science has developed a comprehensive suite of predictive web3 risk and financial intelligence solutions designed specifically for blockchain transaction monitoring and forensic investigations to protect users and meet AML/CFT, fraud, and sanctions regulatory requirements.
Core Principles for Digital Asset Compliance, Market Protection, and Consumer Trust
In a previous congressional testimony, Dan M. Berkovitz discussed how trading facilities are expected to meet a set of core principles when they are licensed. The Global Digital Assets and Cryptocurrency Association (the “Global DCA”), of which Merkle Science is a proud member, has also issued a set of Core Principles for the industry and its members as the minimum and expected standards a VASPs should operate against.
One of the most important principles is the need to implement strong know-your-customer (KYC), anti-money laundering (AML), and sanctions compliance policies, controls, experts, and technology tools to operationalize the guidance. Blockchain analytics is an essential part of the tech stack for exchanges and other VASPs to track illicit financing, flag these funds, and even provide intel that can assist in their recovery.
Want to learn more?
Access Merkle Science’s guide to digital assets and crypto for law enforcement agencies and regulators here.
Case Studies for Blockchain Surveillance and Analytics
This section will explain common examples of illicit activity that regulators and law enforcement could encounter as part of their surveillance and enforcement responsibilities. Here I examine the problem, real-life examples for these typologies, and the solution to prevent or take remedial action:
- Market manipulation in cryptocurrency trading
- Illicit financing facilitated through digital assets
Case Study 1: Market manipulation
Market manipulation is when company leaders, employees, or board members commit unethical or illegal acts to manipulate market conditions or create unfair advantages. These activities reduce investor confidence, jeopardize the integrity of markets, and expose retail investors to risks they may not have the sophistication to discern. Although regulations have reduced such market manipulation in traditional financial markets, cryptocurrency remains more susceptible due to the regulatory gap.
Real Examples of Market Manipulation in Cryptocurrency
Wash Trading: Wash trading is when fictitious trades are made with no change in beneficial ownership. The goal of wash trading is to make an asset look actively traded, as when the Tron team allegedly made wash trades for its own native token.
Pump and Dump: In a pump and dump, the scheme’s operators secure a position in an asset, aggressively market it with false or misleading information, and then sell it once its price inflates from other buyers. For example, the SQUID token capitalized on the popularity of The Squid Games, shooting up to a high of $2,861. When it later crashed in a matter of minutes to $0.0008, the developers disappeared, indicating a possible rug-pull.
Information Asymmetry: Stakeholders may withhold information, leading to an unfair advantage in trading. Insider trading is a common result, as when Coinbase's Ishan Wahi was sentenced to two years in prison for tipping off affiliates about coins that the exchange would be listing.
Conflicts of Interest: FTX founder Sam Bankman-Fried and three executives allegedly received loans from a sister company, Alameda Research, amounting to $4.1 billion. All conflicts of interest should be prevented through corporate governance.
Ponzi schemes: In a Ponzi scheme, scammers create a fake business and then raise money from investors, who they pay off by collecting funds from newer investors. Trade Coin Club, which raised more than $295 million in Bitcoin from investors, allegedly operated in this way: Investor withdrawals were paid entirely through deposits from newer investors.
Monitoring for market manipulations in digital assets is complicated by their pseudonymity, the decentralized nature of blockchains, and the fact that transactions can be transnational with almost no guardrails.
Market surveillance tools have emerged to address the complexities in monitoring digital asset transactions and accounts, with most leveraging real-time monitoring of trading activities across blockchains and wallets. Utilizing sophisticated algorithms trained on large datasets, these tools can discern patterns indicative of market manipulations, such as potential wash trading or insider trading. When these tools detect suspicious activity, they can promptly report to the relevant authorities, enabling quicker intervention before these schemes escalate and impact a broader set of stakeholders. Market surveillance tools are thus essential to any regulatory regime for digital assets.
Case Study 2: Illicit Financing
Authorities often grapple with deciphering blockchain data, struggling to track the movement of illicit financing. While illicit financing was not addressed above, it is a gap that we have observed as providers of blockchain analytics - one that emerges from a lack of regulatory authority. When no single agency has oversight over a given typology of illicit financing, criminals can operate with far greater latitude.
The lack of regulatory authority is concerning, given the breadth of typologies of illicit financing.
- Theft of digital assets from legitimate businesses - in 2022, a staggering $3.9 billion was looted from DeFi platforms.
- The use of digital assets as an outflow for other criminal activity, such as in the case of terrorist financing or money laundering (both of which trading facilities must take strong action to prevent as part of the core principles they are expected to meet for licensing).
- The use of digital assets as an instrument in various types of financial fraud - for example, Bitcoin accounts for 98% of ransomware payments, which CFTC Commissioner Christy Goldsmith considers one of the “top three cyber threats.”
Real Examples of Illicit Financing via Digital Assets
Unfortunately, criminals are using new innovations to make it even more difficult for authorities to track illicit financing and recover these funds.
Layer 2 chains: Built atop existing blockchains, these chains inherit vulnerabilities from the base, or Layer 1, chains. Their inherent complexity, diverse protocols, and interconnectedness amplify potential attack vectors. For instance, in 2023, hackers siphoned off $1.14 million across multiple Layer 2 chains in the attack on the decentralized finance application, Steadefi.
Coin mixers and privacy coins: Digital assets can be further obfuscated using coin mixers. Platforms like Tornado Cash allowed users to mask transaction trails by mixing their coins with those of other users. Privacy-centric coins like Monero are also increasingly utilized for their native anonymizing features, such as stealth addresses and ring confidential transactions.
Smart contract / chain-hopping: Despite their transformative potential, smart contracts present many vulnerabilities. Grim Finance lost $30 million in 2021 due to a reentrancy attack, for example. Chain-hopping, the act of moving funds across multiple blockchains and often through the use of DeFi protocols, further complicates tracking, with projections showing this method laundering over $10 billion by 2025. Smart contracts can also automate and thus accelerate chain-hopping, as when attackers hacked US$110 million from Alphapo, which they then funneled from the Ethereum Blockchain to 67 newly minted Bitcoin addresses.
Blockchain analytics solutions have many features. These tools can identify high-risk entities using algorithmic pattern detection and categorize them into risk profiles. On a transactional level, these solutions can track movements across blockchains, break down complex transactions, and provide visual maps to link transactions and accounts. If illicit funds are detected, addresses can also be blacklisted.
Moreover, during an incident response, blockchain analytics offers real-time monitoring to pinpoint fund movements, enabling swift actions, such as coordinating with an exchange to freeze assets. The adoption of this technology by enterprises and authorities presents a substantial barrier to criminals, making their illicit endeavors more transparent and traceable. Incorporating these tools within the regulatory framework significantly hinders the concealment of illegal transactions, which ultimately safeguards consumers and the financial system.
The Call to Action for Public-Private Sector Collaboration
The evidence and blueprint for a systems-level solution to operating a digital assets market responsibly to protect citizens and in the interests of a lawful, transparent economic system have been presented to legislators.
Not only that, legitimate exchanges and VASPs with a compliance-first culture to protect their users' and investors' interests are already operating against the kind of core principles outlined by the Global DCA and in Dan Berkovitz’s previous testimony and analysis above.
The hybrid solution of balanced regulation together with industry self-regulation will bring the clarity needed for both the public and private sectors to combat bad actors collectively.
Now it’s time for lawmakers to close the regulatory gap and tighten up surveillance and market monitoring with the right blockchain regtech tools in place to do that with agility, cost-effectively, and with confidence in the accuracy of the data evidence.
Crack the Crypto Crime Code with Merkle Science
Register for Merkle Science’s free, upcoming online panel, Cracking the Code: Crypto Crime Trends and Law Enforcement Strategies, which deep dives into crypto crime trends and law enforcement strategies for regulators and public sector agencies. A replay will also be available for download after the event.