Cryptocurrencies, Tokens and Decentralized Finance: Regulatory Guidance

Source: BIS FSI Insights No 49 Compiled by: Guo Ruihua

The Financial Stability Institute (FSI, Financial Stability Institute), a subsidiary of the Bank for International Settlements (BIS, Bank for International Settlements), released the paper "Cryptocurrency, Tokens and Decentralized Finance: Regulatory Guidance", outlining 19 jurisdictions Policy measures taken by the District to address the risks posed by activities that incorporate crypto-assets and DLT programmability into financial services. The Institute of Financial Technology of Renmin University of China compiled the core content of the report.

executive Summary

Addressing the risks posed by crypto-assets has become an urgent issue for policymakers. The cryptoasset market has gone through cycles of growth and collapse, often resulting in huge losses for investors. These markets present risks that, if not adequately addressed, could compromise consumer protection, financial stability, and market integrity. While the turmoil experienced by these markets in late 2022 has so far not sparked wider contagion, the outcome could be worse if crypto asset markets and the traditional financial system were more closely linked.

**Policymakers are considering responses to crypto-related risks. **Possible courses of action include banning specific activities, isolating crypto-asset markets from the traditional financial system, regulating crypto-asset activities in a manner similar to traditional finance, and developing alternatives to improve the efficiency of the traditional financial sector (Aquilina et al. (2023)). These courses of action will depend on the risks to the provision of financial services posed by various activities involving encrypted assets and their underlying technologies, collectively referred to herein as distributed ledger technology (DLT). For courses of action to consider regulating crypto-asset activities, the question depends on policymakers' assessments of which crypto-assets and related activities pose risks that should be regulated and whether existing regulation covers these risks or whether there are gaps that need to be addressed.

**This article outlines the policy measures taken by 19 jurisdictions to address the risks posed by the integration of cryptoassets and DLT programmability into financial services. **In this paper, according to the taxonomy proposed by the FSB, cryptoasset activities are divided into three categories: (a) issuance; (b) operating DLT infrastructure; and (c) service provision (e.g. wallets, custody, payments, trading , borrowing). For an overview of policy measures, depending on whether they address (i) centrally managed cryptoasset activity; (ii) community managed cryptoasset activity;4 or (iii) users’ direct exposure to Divided into three categories.

**Different types of policy measures adopted by different jurisdictions include bans, restrictions, clarifications, customized requirements and initiatives to promote innovation. **As these measures tend to reflect the evolution of market developments, most current initiatives target centrally managed cryptoasset activity, with a particular focus on service provision.

**Current regulatory initiatives focus on issuers of security tokens and stablecoins against centrally managed issuance. **All jurisdictions we cover here require issuers of security tokens to comply with securities regulations. Several countries are developing frameworks for issuers of stablecoins for payments. The proposed initiative introduces licensing, capital and reserve requirements, but there are country-specific differences in terminology, licensing types, redemption rights, and standards of governance and risk management practices. Only a handful of countries have developed regulatory frameworks for issuers of stablecoins used for other purposes. Additionally, only a handful of countries have clarified whether securities laws apply to issuers of utility tokens.

**Initiatives related to centrally managed infrastructure activities primarily explore the benefits and risks of the use of DLT and its programmability by traditional financial intermediaries. **Several jurisdictions are cooperating to pilot test the use cases of DLT-based infrastructure for payments and securities clearing. Other jurisdictions promote innovation in controlled environments through bespoke licensing regimes and sandboxes. Only one jurisdiction has issued specific guidance on DLT.

**Initiatives related to centrally managed service delivery activities tend to extend the scope of regulation to new non-bank centralized intermediaries. **Most jurisdictions have introduced authorization, prudential, anti-money laundering/counter-terrorist financing (AML/CFT) and consumer protection requirements. Regulatory approaches include establishing bespoke frameworks, introducing specific exemptions from applicable laws, clarifying how existing payment or securities regulations apply, and restricting or prohibiting certain activities.

**Regarding community governance activities, policy measures are aimed at addressing risks posed by native tokens and decentralized finance (DeFi) protocols. ** For activities involving native tokens, some agencies rely on a broad interpretation of “rights” attached to a native token to determine whether it is a security and thereby clarify the scope of securities regulations. Others use specific examples for supplemental guidance. For DeFi protocols, most initiatives come in the form of analytical papers. Currently, only one authority in the jurisdictions we cover has issued guidance on the adoption of smart contracts. Another agency clarified applicable requirements related to decentralized exchanges and staking activities. Enforcement actions have been taken by some agencies to address AML/CFT and investor protection risks posed by certain agreements. A handful of institutions have launched initiatives to facilitate the adoption of protocols with certain characteristics in a trusted environment by traditional financial intermediaries.

**Initiatives tend to reflect the evolution of the crypto asset market in relation to the risk of direct exposure of users to crypto assets and related activities. **All jurisdictions we cover have issued warnings to retail investors about the risks posed by cryptoassets, with some warnings specific to specific types of cryptoassets (e.g. native tokens, security currency). A handful of jurisdictions have banned the distribution of certain crypto assets to retail investors, while others have imposed restrictions on promotional activities. For wholesale investors, no jurisdiction has so far introduced rules aimed at mitigating the risks associated with investing in crypto assets for traditional financial institutions.

**As crypto asset markets evolve and DLT programmatic capabilities are applied to new use cases, policymakers may face additional challenges. ** Sustained efforts are required to understand novel business models and their potential risks, to build or maintain skills and capabilities to appropriately assess potential financial market impacts, and to adjust policy responses in a timely manner. Only with sufficient resources and timely and reliable information can authorities assess future risks to the financial system.

**The global nature of cryptoassets poses significant challenges requiring effective cooperation and coordination between domestic and foreign regulators. **Jurisdictions cannot fully mitigate the risks associated with cryptoassets if policy measures are susceptible to gaps and inconsistencies across borders. A coordinated response is essential. Against this backdrop, international standards that promote a consistent regulatory framework will play a key role in preventing regulatory arbitrage and a fragmented regulatory environment from harming financial stability.

*Definitions and Taxonomy of Policy Measures Covered in This Paper

Currently, there is no generally accepted definition of a "crypto-asset". The institutions covered in this article use different terms, definitions, and taxonomies, often depending on the angle from which these assets are analyzed (eg, technical, functional, legal). For example, terms such as digital assets, encrypted assets, virtual assets or encrypted tokens are often used interchangeably. In addition, different terms used to refer to the representation of real-world assets in DLT also exist, and the classification of these assets is not uniform.

Likewise, to date there is no generally accepted classification for incorporating cryptoassets and smart contract functionality into the activities of providing financial services. As in the case of cryptoasset terminology, any analysis of policy measures in this area is affected by inconsistencies in the classification of activities involved in determining whether an actor is a service provider for regulatory purposes across jurisdictions.

Any cross-country comparison of policy and regulatory responses to cryptoassets and related activities is difficult due to the lack of generally accepted terminology and taxonomies. This article uses the definitions proposed by the SSB wherever possible and categorizes policy measures along three dimensions to cover the various initiatives issued by the jurisdictions covered. The first dimension refers to cryptoasset activity. The second dimension refers to how activities are managed. The third dimension refers to the types of cryptoassets involved in these activities. The following are descriptions of the terms and taxonomies used to classify the policy measures covered in this paper.

1. The first dimension: crypto asset activity

Many activities incorporate crypto assets and smart contract functionality into the provision of financial services. Based on the taxonomy of cryptoasset activities proposed by the FSB, this paper divides cryptoasset activities into three categories: (i) activities related to the issuance of cryptoassets (such as creation, issuance, distribution, and redemption); (ii) activities related to operating DLT infrastructure Related activities (such as verifying and settling crypto asset transactions); and (iii) activities related to the provision of services related to crypto assets (such as wallet, custody, payment, trading, trading, lending, borrowing or risk management services). There are additional activities called "Other Support Services" that support the first three categories of activities. These services include developing code, providing data outside the network (such as oracles), providing API and cloud services, providing risk consulting services, or conducting audits (see Figure 1).

Figure 1 Classification of Cryptoasset Activities

2. Second Dimension: Management of Crypto Asset Activities

Cryptoasset activities can be managed (i.e. operationally and governed) in different ways. For this paper, we distinguish between policy measures addressing the risks posed by activities managed by actors organized under centralized operating and governance arrangements (“centrally managed activities”), and those organized by a community of participants in a public DLT network. Managed activities ("community-managed activities") that have decentralized operational and governance arrangements.

3. The third dimension: encrypted asset type

Cryptoassets include all digital assets issued by the private sector that rely primarily on cryptography and distributed ledgers or similar technologies (FSB (2022a)). Although agencies use different terms and definitions to refer to cryptoassets, they share the FSB's definition that they refer to cryptographically protected digital representations of value or contractual rights that can be transferred, stored, or traded electronically , and use a distributed ledger or similar technology to record or store data.

The design and issuance of cryptoassets depends on the intended purpose they are intended to serve, with broad objectives guiding their creation. For example, some are created for a specific use within a specific network, such as providing access to a service (eg, FIL grants the holder the right to access a data storage network). These cryptographic assets are often limited in functionality and are not designed to be used for anything other than their intended use. Some other cryptoassets are designed to enable developers to build applications on a specific DLT (e.g. ETH is used to build applications on the Ethereum platform). These cryptoassets are designed to be a necessary technical component of the operation of the DLT platform and serve as an economic incentive to pay for transaction fees and other services within the platform. There are also cryptoassets that are issued to represent ownership rights over real world assets (such as PAXG as a digital representation of ownership rights over physical gold). These cryptoassets are typically designed according to the terms and conditions under which ownership is established and the transfer of the underlying assets is followed, including storage and custody, transfer procedures, and redemption mechanisms.

Due to the wide range of intended uses of cryptoassets, agencies rely on different criteria to classify them. Many institutions classify cryptoassets according to their payment or investment function as defined under their regulatory framework, rather than the creator’s intended use. Under this standard, agencies classify cryptoassets according to whether they perform a payment or investment function or provide other functions, such as providing access to digital goods or services within a network. Another criterion is their technical design. Under this standard, institutions classify cryptoassets based on whether they were created as an integral part of the operation of a DLT platform. For those cryptoassets that maintain a stable value by reference to one or more assets, many institutions rely on (i) the type of asset they are referencing (e.g. fiat currency, commodity, or other cryptoasset); (ii) the type of arrangement they are managed under (e.g. centralized or decentralized); or (iii) their likelihood of becoming systemically important in or outside of one or more jurisdictions to further classify them.

Although there is no unified terminology, many institutions refer to cryptoassets as "tokens" for classification purposes. Many institutions classify cryptoassets according to the economic function the token performs, using terms such as "payment token," "security token," or "utility token." Others use the term "tokenized assets" to refer to digital representations of real-world assets in DLT. In this sense, agencies may use different terminology to refer to cryptoassets with the same characteristics. For example, a crypto asset that offers similar rights and obligations to traditional financial instruments such as shares, debt instruments or collective investment schemes might be called an "investment token" or a "security token" or a "tokenized security ".

To ensure that this article covers all types of cryptoassets discussed in the policy paper, it is important to use sufficiently broad and inclusive definitions. Whenever possible, we used the definitions proposed by the SSB. In the absence of a definition of SSB, we use a generic definition that encompasses most of the cryptoasset characteristics covered in this paper. If a more specific definition is required, it will be referenced in the relevant part of this paper. We use "token" and "crypto-asset" interchangeably. In this context, the main types of cryptoassets covered in this paper are defined as follows:

• **Stablecoin: **A cryptographic asset that is designed to maintain a stable value relative to a specified asset, group or basket of assets (FSB (2022c)).
• Global Stablecoins: Stablecoins have potential reach and usage across multiple jurisdictions, and may become systemically important both within and outside of one or more jurisdictions, including as payments and/or stores of value means (FSB (2022c)).
• **Security tokens: **Tokens as defined by securities regulations that provide rights and obligations similar to traditional financial instruments such as shares, debt instruments or collective investment schemes.
• **Utility Tokens: **Tokens that provide a user with access rights to a specific good, service, or application when the user redeems the token.
• **Governance tokens: **Tokens issued as an incentive to allow users the opportunity to become part owners and decision makers in DeFi protocols (FSB (2023)).
• **Native Token: **The basic token of the blockchain plays an inseparable role in the operation of the protocol where it is issued, and is created when it is created. It is often used to pay transaction fees (FSB (2023)).

4. Classification of Policy Measures

This paper divides policy measures into three groups according to the aforementioned classification and definition. As shown in Table 1, these policy measures address the risks of: (i) centrally managed cryptoasset activity; (ii) community managed cryptoasset activity; and (iii) users’ direct exposure to cryptoassets and related cryptoassets Activity.

Table 1 Classification of Policy Measures

*Future Challenges and Concluding Observations

**Crypto-assets and their related activities will continue to attract the attention of various agencies in several areas, including initiatives aimed at addressing the risks associated with crypto-assets other than security tokens or stablecoins. **Most agencies have not yet adopted specific regulatory measures for issuers of utility tokens, governance tokens or non-fungible tokens. In the future, agencies may consider introducing restrictions or specific requirements related to utility tokens as investment vehicles. For example, these restrictions may limit the ability of issuers to buy back such tokens, or prohibit exchanges from listing such tokens or providing credit for trading such tokens (i.e. prohibiting margin trading). Agencies may also consider imposing similar restrictions on governance tokens and any other tokens designed to perform functions different from those performed by existing financial assets.

**Another area requiring the attention of agencies is initiatives to address risk management practices and potentially anti-competitive behavior in centrally managed crypto asset activities. **While there have been some initiatives to limit the concentration risks of stablecoin issuers, agencies may consider similar measures to limit the risks posed by centralized entities that perform multiple functions. For example, in addition to their primary functions as exchanges and intermediaries, some trading platforms also engage in other services such as custody, brokerage, or lending, or other activities related to issuing and operating DLT infrastructure. By vertically integrating multiple functions, these entities resemble financial conglomerates (FSB(2022c)). For these cases, agencies could limit the amount and type of activities managed by a centralized intermediary; prohibit payment of stablecoin issuers from engaging in activities such as trading other encrypted assets; and Institutions develop risk management guidelines. In this regard, business model analysis can help institutions better understand an entity's cryptoasset activities. This assessment can include an assessment of governance and decision-making processes, helping to identify the parties responsible and accountable for all cryptoasset activities.

**If entities in the traditional financial sector begin to use public permissionless distributed ledger technology to develop applications related to the provision of financial services, this may require agencies to consider how appropriate regulations should be developed. **As more and more use cases are built on top of often decentralized governance infrastructure, significant operational and technical risks can arise, and it can be difficult to determine which parties or entities should be held accountable.

**The regulatory framework may need to consider some additional technical factors that may affect the level of risk of applications built on public permissionless DLT. **For example, two encrypted assets or activities may have the same economic function, but differences in the underlying DLT computing environments in which they operate may result in different risks. These differences include factors such as the type of consensus mechanism, underlying smart contract code, or oracle data reliability. These risks may need to be captured in regulatory frameworks, and in such cases, a technology-neutral approach may not be appropriate.

**Institutions may need to assess whether it is necessary to adjust the scope of regulation to include new participants providing services through DeFi protocols. **The risks associated with DeFi are similar to those addressed by existing financial regulations. However, it is not correct to assume that institutions only need to adjust the regulatory scope of different financial activities to put DeFi on a par with traditional finance. For example, new players involved in providing services through DeFi protocols may need to be considered. In addition, it may be necessary to control (i) the code (such as developers) that enables DeFi protocols to implement financial functions; (ii) the transaction verification and settlement process (such as miners and validators); (iii) the application Governance of the program (e.g. governance token holders); or (iv) regulation by actors providing critical data to operate smart contracts (e.g. oracles).

**Institutions may also need to develop legal frameworks to enforce agreements encoded in smart contracts. In this regard, they may need to determine the responsibilities of participants involved in technical intermediary structures that use token management services with financial functions. **Public authorities in some jurisdictions are currently exploring how to adapt laws to these new structures; financial institutions may consider developing guidelines or recommendations for the application of these laws in the financial sector.

**Similarly, financial regulatory structures and legal frameworks may need to be adjusted. There may be a need to clarify which agencies will regulate and supervise various entities and activities involving the use of cryptoassets to provide financial services. **In some jurisdictions, multiple agencies regulate and supervise these entities and/or activities, while others choose to establish dedicated agencies.

** Adequate expertise and resources are critical to addressing the risks posed by crypto assets and the DeFi ecosystem. **These ecosystems are constantly evolving as they incorporate new design features, emerging technologies, and market players. For example, using generative artificial intelligence tools to develop code and smart contracts; large technology companies as providers of DLT infrastructure; oracle providers providing infrastructure and interconnection services; or the emergence of new token standards. Institutions will therefore need to continually strive to understand novel business models and their potential risks, and to develop or maintain sufficient skills and capabilities to appropriately assess the potential impact on financial markets and adjust their regulatory responses in a timely manner. Responding to potential risks to the financial system can only be undertaken if institutions have adequate resources and access to timely and reliable information.

**Cooperation and coordination at the national and international levels remain key to addressing the risks associated with crypto-assets and their markets. **The recent turmoil in the cryptoasset market highlights the urgent need for swift and global implementation of international standards. Cryptoassets are inherently global and prone to regulatory and supervisory arbitrage. Jurisdictions cannot fully mitigate their risks as long as they are exposed to cross-border weaknesses and inconsistencies. In addition to the consistent implementation of international standards, establishing a coherent regulatory framework for crypto-assets and related services is critical to addressing associated risks.

The following is a screenshot of the paper part