Legal Tender? The Regulation of Cryptocurrencies

Thursday, June 7, 2018
Benoit Tessier/Reuters
Jose Pagliery

Investigative Reporter, Business and Cybersecurity, CNN

Marco A. Santori

President and Chief Legal Officer, Blockchain

Maria T. Vullo

Superintendent of Financial Services, State of New York

Seema Mody

Global Markets Reporter, CNBC

As cryptocurrencies proliferate rapidly around the world, governments are slow to respond with regulation. Panelists examine existing laws for digital currencies, potential areas for abuse and crime, and the best next steps for governments to keep up with the technology.

MODY: Are we seated? All right. Welcome, everyone, to today’s Council on Foreign Relations meeting, “Legal Tender? The Regulation of Cryptocurrencies.” My name is Seema Mody, global markets reporter at CNBC Business News, and I will be presiding over today’s discussion.

Joining us today is Maria Vullo, confirmed by New York State Senate as superintendent of financial services in June of 2016. She was nominated for the position by Governor Andrew Cuomo. As superintendent, she is responsible for protecting consumers and markets in New York state from fraud and financial crises.

Marco Santori, president and chief legal officer of Blockchain. He is known as the dean of digital currency lawyers. He’s also an advisor to the International Monetary Fund and the Blockchain ambassador to the state of Delaware.

And Jose Pagliery, reporter for CNN Investigates. He focuses on national security, crime, and the darker side of technology. And his first book was Bitcoin: And the Future of Money.

So we have a great panel for you for us to discuss this very new field of cryptocurrencies, which has really captivated the attention of financial markets. It started in 2017 with bitcoin rising 1,700 percent. This year a slightly different story. It’s been very volatile, and a lot of experts say it’s due to the uncertainty around regulation.

So let’s start with Maria. We have heard, Maria, from the SEC, the CFTC—I actually sat down with Federal Reserve St. Louis President James Bullard a couple weeks ago, too, who discussed his thoughts on regulation of digital currencies. Yet, there’s still a lot of confusion. Why has it taken regulators so long to put together a detailed framework around cryptocurrencies?

VULLO: Well, it certainly hasn’t taken New York long to establish a framework because New York was involved in this beginning in 2013—my agency, the Department of Financial Services—when actually bitcoin was trading at $100.

MODY: Wow.

VULLO: And so the agency did public hearings, and we came out with a BitLicense, which went effective in 2015, and we’ve been licensing those virtual currency exchanges that can comply with regulation. And my view is that a regulation in this space, just like any space where you have money transmission or other types of banking-type—this is, you know, slightly different, but you know, payment/settlement processes have been regulated, and I’m New York’s bank regulator.

I welcome the SEC and the CFTC’s roles in this. The fact that they’re just starting this year, it’s like, fine, better now than never. I think there are issues for them to be looking at, and so I welcome their involvement.

MODY: Marco, one part of this industry that has caught the attention of investors is initial coin offerings, this mechanism that is now increasingly used by startups to bypass rigorous regulation to raise funds. And, in fact, the latest data shows that startups, the amount they’ve been raising through ICOs has outpaced the capital that has been raised by venture capital. Is this a legal route to raise money, or is it not?

SANTORI: Well, I think it’s difficult to talk about—well, it’s difficult to talk about token sales in the aggregate, right? You mentioned ICOs. ICOs are, of course, the sale of a pre-functional token to the public on the basis of promises that the issuer of the token will expend their technical and managerial expertise to give that token value and use. Of course, you know, the lawyers of the room see how that kind of tracks the Howey test very well, the test for when is one kind of a security.

So I think a lot of these token sales are, in fact—well, they probably run afoul of the spirit of the law, if not the actual letter of the law. But I would be careful not to lump them all in together.

So one of the—one of the initiatives in October was something called the SAFT Project, the Simple Agreement for Future Tokens, which was one of the first self-regulatory efforts in the ICO space. It was a reaction to these ICOs that says, look, you shouldn’t be selling these pre-functional tokens to the public unless you truly do intend to sell a security. And it provided an alternative framework that we thought was better than what existed today. And the framework—you can read it in the SAFT Project white paper that I co-authored—but it’s actually—the framework’s been adopted largely by the regulators who are very quick to speak on these issues, like FINMA in Switzerland.

So there are different ways of going about it. Some of them, I think, probably run afoul of the spirt of the law, if not the letter of the law.

But a final point on it. I wouldn’t say that they are tools for avoiding regulation. People who sell tokens to the public are trying to do a lot of things, including raising money, like trying to decentralize their network, trying to get stakeholders who are not just a bunch of white men in a single ZIP code in Northern California, that are trying to do something new and different. So it’s not all just about avoiding regulations.

MODY: Hmm. Yet, Jose, some people would say that the opaque framework currently outlined by the SEC has allowed bad practices, from money laundering to pump-and-dump schemes, to persist.

PAGLIERY: It does. And how—the way I like to think about this is that in the 19th century, right, major strides in chemistry came not from these giant labs, but from people at home, right? So they—these chemists, these amateur chemists, had the freedom to discover new things and move things forward because there wasn’t a regulatory framework that cracked down on them and destroyed that ability or that freedom. But we have to think about the damage that’s caused by these experiments.

Bitcoin and other cryptocurrencies, they’re still an experiment. They’re a fascinating experiment, but they’re still an experiment. If we—if we view it through that lens, then certain things become clear. No, we don’t want regulation that will completely snuff out the entire industry. But when damage is caused there needs to be crackdowns, and much harder than what we’ve got right now, because the chemists in the 19th century weren’t experimenting with things that hurt hundreds or tens of thousands of people, right? And what we’ve got today is ICOs and other projects where hundreds or thousands of people will end up losing millions of dollars. And that damage needs to be accounted for.

MODY: Marco, we’ve seen a number of lawsuits filed by the SEC around ICO scams. Should that scare potential investors from launching their own ICO, or is that actually good for the industry—it shows the market that the SEC is actively looking to crack down on bad characters?

SANTORI: You know, I’ve worked with and against regulators for a long time as an attorney in private practice. I was a partner at Cooley, and a partner at Pillsbury before that. Now that I’m not in private practice, I can—I can sort of look back on—(laughs)—there’s a lot of things I could do now that I’m not in private practice.

VULLO: I echo that. (Laughter.)

SANTORI: And now I can sort of look back on that and I can—and I can say with certainty that this is really tough for regulators. And I know I’m probably putting words in the regulator’s mouth that we have before us today, but especially the federal securities regulators. This stuff—this is—this is a categorical platypus. There is no good way to take the existing laws and apply them cleanly and satisfactorily across the wide array of token sales, just taking one example that we see today. The Howey test is an ancient test about oranges and orange groves, and that’s how we’re supposed to determine what is and is not a security in the world of decentralized tokens. It is crazy. At the same time, it’s also sort of a testament to sound, principles-based regulation. (Laughs.) It’s very strange. But in a lot of ways it is a platypus. Tokens are this—you know, this hairy mammal that lays eggs and is also poisonous but warm-blooded. It’s difficult to categorize as just one thing.

I think that the approach that SEC has taken is, frankly, about the best that they can do, given what they have. And they have enforced against clear, obvious scams, and that’s important.

MODY: Maria, discrepancies from the state to the national level on where government agencies stand on cryptocurrencies. Why do you think that is? And is there an opportunity for the state regulators and national regulators to work together more effectively?

VULLO: Actually, I don’t think there are discrepancies between the state and the federal government in cryptocurrency. There are in other areas, but I don’t think there are. And I can talk about those some other time. But there aren’t really discrepancies here.

In many ways this is no different than other types of banking-related services where you have the state regulators, you know, in a space. You have public companies that also are regulated by the SEC. We’re always in—you know, we’re in that space together, you know, in a number of places with different and unique responsibilities and roles. And you have the CFTC, which is looking at derivatives markets and, you know, manipulation—market manipulation and things like that. So this, to me, is not in any way complicated or different than in other spaces.

I completely agree, I mean, this is an evolving area. And I don’t think we really know whether this area is going to last for that long. But it is precisely the type of circumstance where the regulators have to be involved because there is risk and because there are people out there, and particularly if it’s not the big institutions that are sophisticated but sort of the ordinary person that’s sort of using this in certain types of either settlement or payments or transactional purposes where they could lose a lot of money or they could be defrauded. Not to say that the people who are operating these exchanges are necessarily—you know, they’re not criminals. There may be criminal activity, just like there may be criminal activity in other ways, but I guess—it’s precisely why regulators need to be involved.

And on the state level, you know, like I said, New York led the way on this. There are many, many other states who are licensing these firms. And in New York at least, we require—before you can get a license, you have to have strong anti-money-laundering policies and controls. You have to have a cybersecurity policy and control. In fact, we have regulations in New York that they have to follow for those things. And I’ve been very clear with them—I issued guidance—that they have to make sure that they’re—they have to be monitoring what’s going on on their exchange because market manipulation is obviously a risk on any exchange. Again, this may not be greater or less than any other exchange, and I think it’s precisely why you need regulation. And I would say that regulation in this space and standards in this space actually can create a much more beneficial market.

Now whether that actually will happen remains to be seen, but setting the standards for the legally compliant ones and bolstering them up with, you know, really strong companies that can satisfy those standards could actually benefit, you know, the good guys—

MODY: So the—

VULLO: —and that’s really where, you know—and to have the ones that may be not operating properly in this space or don’t have the ability to sort of satisfy all the necessary requirements—we also require capital. You have to have capital. You can’t just sort of do this with people’s money and, you know—and not have capital—and other things. I mean, we look at their business models, too, and that’s why regulation is important.

MODY: Marco, do you agree or disagree?

SANTORI: I don’t disagree with any of that. I’m wary of it, though. I’m wary of the sentiment. I’m wary of—certainly of this assessment of leading the way.

Here in New York we were the first to create new laws around crypto, and I’ve long been on the record stating that I think those laws have been an abject failure. I think that they—this is the BitLicense in particular—that it was an attempt to solve a problem of regulatory uncertainty—this is at least what the superintendent at the time said—and it made that problem worse.

I think that, after being a practitioner in this space for the last six years, what we have in New York is a situation where it’s difficult for any practitioner to understand how the existing laws apply to their clients’ business. And speaking from the mouths of the clients, New York has become a crypto backwater in a lot of ways, and not because it takes long to approve licensing applications—it always takes long to approve licensing applications—but because the way that the BitLicense was drafted was speaking in metaphor. It talks about holding cryptocurrencies, but there is not a person in this world who has ever held a cryptocurrency or could ever hold a cryptocurrency like I can hold this glass of water, but that’s how the thing is drafted. That’s one—of course just one example of why the BitLicense is a troubling piece of law.

But the sentiment in general of leading the way on regulation isn’t a bad one; it’s just something we should be wary of and that it’s an incredibly powerful tool that can harm as well as it can help.

MODY: Jose?

PAGLIERY: So there are certain areas of regulation that I’m—a really fascinating thing how they mature, and before going into them, I should start out by saying that when I wrote my book four years ago, I was much less skeptical than I am today, and that’s because there are problems that have come up that I didn’t anticipate, and several of the people I was speaking to at the time didn’t anticipate.

One of them, for example, is the environmental concerns, so the mining process that processes these transactions is a huge energy suck, and the studies that are out there right now compare the amount of energy used to all of New York City or Serbia. And when you think about the amount of good that’s coming out of these mining operations, right, which is them solving puzzles that, in the real world, by the way, are totally useless, all right, so they’re solving these puzzles, churning out—you know, using this energy, churning out these, you know, carbon gases, and in the end they are not doing a lot of public good.

And so there is—I’m really interested in seeing how environmental law might be applied to this space.

VULLO: Yeah. Sorry—

MODY: Maria, is that something that you will focus on? I mean, I just reported on how one of the largest mining farms is being set up in upstate New York.

VULLO: Yeah, you know, it’s in—it’s a very interesting question. I think, you know, certainly information that we’ve received raises, you know, sort of financial, you know, cost issues because of the—just the amount of energy that is needed for the mining operations just to sort of support the blockchain or the other sort of distributive ledger technologies, and how sort of different states can sort of deal with that amount, and obviously there are environmental issues.

I think it also—the cost of the operation is something to think about when the claim is being made that this technology could assist with payment transmission in a much more efficient way, and so you have to think about the environmental ramifications of that, both from an environmental-environmental as well as the sort of cost of energy production for these types of operations. It’s not something, again, that me personally—I’m going to deal with, but when people are looking at, you know, sort of the economic development aspects of this, that’s a very, very relevant issue. We’re always looking in New York State for opportunities for economic development.

I believe that this industry does have the ability and has, you know—New York is the financial capital, we have lots of traders, we have lots of innovators, and we have people that are opening up offices here and hiring people here for the cryptocurrency space. But the mining is an interesting one.

Just real quickly, I mean, I’m not—you know, Marco was opposed to bitcoin in the very beginning, you know—I’m used to hearing about that. I just, you know, fundamentally disagree. I think regulators absolutely need to be in this space. I think to the extent that people are coming out and saying, oh, we’re innovative, and we’re startups, and you know, you just have to leave us alone, put us in a sandbox—I’m like, toddlers play in a sandbox; adults play by the rules. (Laughter.) That’s the way—you know, that’s the way I view it. You know, if you are going to interact with the public; if you are going to say, give me your U.S. dollars and I’ll give you some bitcoin or some litecoin or something; if you are going to—you know, do transmission—and by the way, we’re seeing a lot of adults in this room now, you know—we really, really are, and the adults want to play by the rules because they want a functioning market in this area. The big institutional investors, the others that want to be active in this space, you know, a lot of them are coming to us because actually they could make this market, I believe, work better.

Again, we don’t know what’s going to happen—there’s a lot of factors—but I think we need to be in this space. And you see how it evolves; you can’t sort of sit back and not be involved.

PAGLIERY: I actually want to build on that point you mentioned about the sandbox because, when I was reporting on this issue a few years ago, one of the things that really struck me was that sort of techno-libertarian spirit in this space, which at the time when I was writing about it, everyone was concerned that regulations were coming in to sort of quash that and make that go away.

Look, I’m a fan of that idea. That techno-libertarian thing, it’s great. There’s a lot of potential in there, right, like the idea that maybe if you’ve got a failing economy there might be a currency that you can run to to like circumvent your like really bad central bank. There is some potential there.

But there need to be rules because if there are not, then the currency is going to be very volatile, which makes it a terrible currency, right? Or you have a bunch of money-laundering concerns which, again, make it a terrible currency for an investment, or it just makes it a flat-out terrible investment because it’s—you don’t know if you are following the rules, you don’t know if someone is going to steal all of your money. Your investment could totally disappear in a few days, and who are you going to blame, right? I mean, there is this idea in cryptocurrency that code is law, right—the reason that it’s somehow better than a central bank is because the code is the rule, and that’s not going to change, and so there—you’re sort of—you’re not going to be affected by some central bank board, you know, willy-nilly changing things to affect the inflation rate.

But what we’ve learned from the experience of some cryptocurrencies is that actually the code is law, but the coders have power, so the coders that you don’t talk to, that you don’t have any access to—and by the way, they don’t have any responsibility to you that I’ve seen by law—they can tweak this, and they can either, you know, increase the value of your investment here, or totally destroy it the next day.

And one of the things—another aspect—not just environmental law—that I’m interested in is the idea of fiduciary responsibility. These computer coders—I want to know who they have to answer to, right, because if you are the executive at a bank, you have people to answer to, right? You have regulators to answer to, you have investors to answer to, but if you’re one of like a dozen coders around the world whose name no one know, right, and you are the one who is like—who is at the controls changing how this currency—how this cryptocurrency works, and you could totally tank that market or tank a value of what you’ve created, we have to figure out how these people are held accountable.

MODY: Marco—

VULLO: It’s interesting—

SANTORI: OK, that is—that is not only a bad question, but you should feel bad for asking it. (Laughter.)

MODY: Tell us why.

SANTORI: And—(laughs)—that’s because in the—

VULLO: I didn’t know this was about feelings. OK. (Laughter.)

SANTORI: (Sighs.) Because there has to be some element of personal accountability, some element of personal accountability.

This is not a techno-libertarian dream. This is basic human nature and that people have to be, to some degree, responsible for their own actions. Now I have never in my life advocated for this techno-libertarian utopia where there are no rules, and there are no central banks, and nobody is accountable to anybody except the hilt of a sword.

In fact, that’s not even how bitcoin works. That was rife with misstatement, and I’m sort of struggling to begin at a certain place, but that’s not what code is law means. There are actually very few people that believe that code is law, and who do these coders answer to? The code is open source. Now to a lot of the people in this room, they might think, well, I can’t read code; I don’t care if it’s open source. That’s not the point. The point—that there are millions of people around the world that do read code, and they are extraordinarily vocal about that on the venues where people who would use the code are actually acting, and reading, and interacting. Those people raise red flags. They call out bugs. We know this because Blockchain is open source. You can see—our software is open source—you can see on GitHub and a number of other repositories precisely what the code does, how it works, in real time, up to the minute. You have no idea about any of that with regard to the phones in your pocket, and you rely on them every day for sensitive information, for personal information, for financial transactions, and yes, Apple reports to somebody, but so do the coders. They report to all of us, directly to their users, without the use of these intermediaries.

So I feel like I’m sort of the lone defender of crypto up here, but I don’t wear a cape on a day-to-day basis. I don’t think these are crazy notions. I think this is just simply reflecting the reality that is in front of us and setting aside the fear, uncertainty, and doubt.

MODY: But what about these concerns over environmental—I mean, if—should miners not only worry about the DOJ knocking at their door, but environmental regulators if they are consuming so much energy to make, what, one bitcoin?

SANTORI: No, I think we should rush headlong into it without regard for the risks. No, I think that—I think that the environmental concerns are real, but like most things in this industry and most of the headlines in this industry, they are extraordinarily overblown. Most of the environmental concerns are quotes—well, they’re misquotes from a study that itself measured the actual energy use of crypto mining at a factor of two-fold greater than it is today.

But let’s just say that those were right. Let’s say the study was right. I don’t think that’s any different than the exact same fearmongering that happened around the conversation for networking computers together. Can you imagine the amount of electricity required to run millions of computers around the world? That would be insane! Could we permit that as a civilized society? And then if we were to network them together and run cables across the Atlantic Ocean? My god, the fossil fuels that would be burned for that.

Yes, it’s a lot of electricity, but to say that it serves no purpose is just a misstatement. It serves a considerable purpose. Your information—your personally identifying information has been hacked from Home Depot, Target, Experian, the IRS—because their systems were not secure. What does the burning of this coal, the releasing of these carbons into the air do? It secures your data. The bitcoin network has never been hacked—ever. Think about that. Let that sink in.

And then finally, realize that practically speaking most of the electricity used for bitcoin mining and cryptocurrency mining is excess electricity around hydroelectric dams.

MODY: So it doesn’t cost as much.

SANTORI: Certainly here in the United States, and Wenatchee, Washington, is a great example of this, but most of the electricity used is excess energy that would have gone to waste anyway, so maybe I can put—

MODY: Marco, a burning question. Given that you’ve studied the formula and the code behind each altcoin—

SANTORI: (Laughs.)

MODY: —which one will survive in 10 years? Will it be bitcoin, ethereum, ripple, litecoin, zcash? There are so many; 1,400 cryptocurrencies in the universe right now. Which one lasts?

SANTORI: Yeah, and I think that is a tiny fraction of what we’ll see over the next 10 years. I believe that everything that can be tokenized will be tokenized. One of the benefits of Blockchain tokens is that they make illiquid assets highly liquid. That comes with risks. It comes with real risks and risks that, thankfully, we have intelligent regulators to look at and help us control for.

But it also comes with tremendous possibility. I see a world where everything is tokenized at some point in its life cycle, whether for factoring purposes, for simple commercial agreements, for tracking purposes, for clearing purposes. I think there’s going to be a thousand flowers blossoming in this particular industry.

MODY: Maria, is there one that you worry about the most in terms of the coin that is used most for criminal activity—bitcoin, ethereum versus others?

VULLO: No, I don’t think you can separate them in that. And again, I think—you know, I want to be clear—I mean, this is an evolving space. It’s a space where regulators need to be involved because any time that there is risk—and I’m not saying that because there is risk certain things are happening. Certain things are not happening. But there is clearly risk here. There is clearly, you know, transmission of currency, you know. There’s clearly things that are akin to things where regulators have always been in the space. There’s these sort of securities offerings issues where the SEC has always been in that space, and where there’s risk, you need to have controls. I mean, these are probably concepts that everybody in this room understands. You have risk; you need controls.

And some of the controls you need—one thing that I didn’t mention before that Jose’s comments made me think about is know your customer. Any bankers in the room understand the concept of know your customer. Well, the—any sort of company that’s behind any of the sort of trading of this—you need to know your customer. Those types of things mitigate the risk of criminal activity. It doesn’t mean that it won’t occur, but that’s we do as regulators. We try to mitigate the risk of those things, just like that money laundering issue. And that’s where, you know, the idea of this—sort of the startups get to be in the space before they are regulated is just not something that is consistent with what we do here in this country in terms of mitigating risks when people—and particularly people’s financial well-being—is part of the equation.

Is there promise here? Absolutely. I think we also need to separate the sort of transmission of the bitcoin from the technology that underlies this—the distributed ledger, the blockchain—is tremendous technology with great promise. We’re not regulating the technology, right? We’re regulating certain types of activities through which that technology is being used, and I think that technology has promise for lots of other things, as well. So I think that’s a whole ‘nother conversation, but that’s not—there’s nothing wrong with, you know, the technology. Obviously, what’s the data that comes in the technology—is it going to be protected when there is PII in there in terms of cyber security, and data security, and all of those things?

And by the way, not that I—it’s not Experian; it was Equifax. And I’ve been really outspoken on Equifax so I know this very well because we don’t want another one of those situations happening, but it’s—

MODY: Exactly right.

At this time I would like to invite members to join our conversation with their questions. A reminder that this meeting is on the record. You can wait for the microphone. Please stand and state your name and affiliation, and limit yourself to one question.

Any questions? Yes, James.

Q: Hi, I’m James Fawcett from Morgan Stanley.

I’m somewhat tempted to engage with Marco because I think his comments around electricity and usage, et cetera, are rife with—rife with misconceptions and misstatements, but that’s not what I’m worried about today.

What I would like to ask is when we look at the ICO fundraising market, it’s pretty clear it’s—especially the way it’s developing outside the U.S.—it’s largely a circumvention of existing regulatory framework in the U.S. And so I think the question I would like to ask is—really for anybody that has an opinion—is do we need to revisit the underlying assumptions around protection for consumers and retail investors, et cetera? Should people be accredited or not—those kinds of things, I mean, because the losses that we’re talking about already are massive—billions of dollars in defunct currencies already—but I think there is also a credible question as to are we treating people in a way that we are going to prohibit them from participating and so we need to think about what the underlying assumption set is about who needs protection under what conditions. Thank you.

MODY: Maria?

VULLO: I’d be happy to just start on that. I mean, the securities offerings issue—yes, I think most of my comments on this is just based upon my prior 27 years as a practicing lawyer, but I mean, I think the question as to the Howey test and how do you apply the Howey test to this—I think those are real issues, and particularly when you have so much of the global, overseas activity.

But it is something that I think, you know, the SEC, you know, is talking about. I think the fact—you know, I think Seema mentioned earlier—whether it’s opaque or whatever, I think regulators are thinking about this. And I think rather than sort of jump on, you know, you go after the ones that are really—that you know are absolutely violating the law and causing real harm. But I think, you know, yeah, in all of these areas, anything new, you have to look at whether or not the existing law—the principle is probably the same, but whether the things surrounding it are appropriately applicable, whether you need to tweak it, or maybe make major changes to what it is in order to both foster innovation and allow for sort of more global enterprise while mitigating risk. And I think those are all really important questions. And from my perspective, as sort of DFS superintendent and sort of state-based—I’m not in that—you know, I’m not the securities regulator. And so—you know, but I have the sort of exchanges or the other sort of virtual currency or other type of currency operators, the holding of the wallets, the custody, some institutional, some retail. But, you know—and if they are doing things that require them to comply with federal law, they have to comply with federal law. But it’s not really the companies that I regulate, actually, at this point that are doing that, to my knowledge.

PAGLIERY: James, I’d like to answer that—some of that if I can. So on a personal level, I tend to side towards individual freedom on most issues, right? And so the question about whether or not credit investor laws should be sort of looked at again, I think it’s a great question because that law, as it stands, I think is quite blunt, right? I mean, like, why is it that if a person doesn’t have a certain level of wealth they can’t even access these type of investment fields? I mean, that—it just—it seems terribly unfair. So that’s a good question to ask, and some of that can change in the—especially in the age of GoFundMe campaigns, right? I mean, like why not, right? If somebody wants to invest in something, why not?

But that—on the flip side, then, maybe there should be a much smarter approach to regulating the companies doing these ICOs, right, and making sure there are stark warnings to an investor—a potential investor. But, yeah, it’s probably time to look at that.

SANTORI: So I thought it was a great question, and thematically, right, the question is, is this an opportunity to revisit first principles. And in—I’ve been in crypto since late 2012, which means it’s the only room I have gray hair in so far, and I think that it is. I think that it is. Since we were first talking about what is money, to what is a security, that has been the better part of a decade of conversation about first principles.

Now your question around should we revisit the accredited investor requirements, look, the system makes the rich richer and the poor poorer to a certain extent but, I mean, the kinds of scams that took place without the accredited investor requirements ruined so many lives. So I think it’s a political question. That’s why we have a great democracy is we can—we—we have a way to decide that.

But I will note that, more practically speaking, the stakes are very high here. This is not going to be like money. The U.S. can export its policy around money to the G-20. We cannot do that around securities because the risks are completely different in other countries, and the view on how to protect investors varies widely from country to country.

So, yes, pretty much all of us want to prevent money laundering—pretty much—but not all of us want to prevent the poor or the underbanked from accessing speculative investments. That has always been the case, but what’s new and different about token sales, for example, is that the money centers are no longer here in token sales. Most of the money pouring into token sales, it’s actually from professional investors. It’s from folks who would otherwise be accredited, but it’s not from New York, it’s not from London. It’s from China, it’s from Russia, and Europe, and actually a little bit of South America, too.

So this is really, I think, the first real threat to the U.S.’s supremacy around finance simply because the money isn’t concentrated here anymore.

MODY: And you are already seeing distressed nations look to cryptocurrencies as a way to either circumvent sanctions or also a way to transfer money out because of just the fast transaction, I guess, characteristic that it has.

Next question, yes.

Q: Good morning. Rick Niu from C.V. Starr. We’re a global financial services company.

Can each of you comment—for the last couple of years—your observation of the dynamics of this industry and its regulation in other parts of the world—maybe as a follow-on to Marco’s comments? Thank you.

VULLO: I mean, I think I’ll just start on that in terms of, you know, other parts of the world. I mean, I think it’s similar to what was said here, you know—other parts of the world—depends upon what part you are talking about—have different views of things, and I think when the discussion about securities here and about, you know, the United States has different standards, say, than sort of other places sort of reminds me of sort of debates over insider trading and whether it should be unlawful here in the United States, and there are people that believe that, you know, it’s OK. And certainly in other countries you can, and I think crypto sort of raises the issues.

There are certainly other countries that are—that are involved in this space. In the bitcoin area, Mt. Gox was a Japanese exchange that had many, many problems, and it actually, you know, went bankrupt in 2013, and there were some huge problems with that. And people were really harmed by that. The Japanese authorities, you know, regulate this now. So do we—we actually just licensed a large bitFlyer, which is the largest global exchange that comes out of Japan.

You’re going to see in different parts of the world, you know, different views of this and sort of lack of governmental structure is going to have implications in different places. Different types of governments just, you know, won’t be able to, but I also think that, in an area like this where you do have people in parts of the world that don’t have access to traditional currency, for whatever reason, this does provide some promise, and I think, you know, it’s—you know, the jury is still out on whether this will work and whether it will work well for people or have—but I’m very open-minded about it.

SANTORI: Yeah, I think that’s a great point, and so Blockchain’s business is a global business. We have the biggest global brand in crypto—over 25 million wallets, and most of those are not in the United States. In fact, the U.S. is our third largest market. And that goes to show that, you know, when people come to Blockchain they do so for different reasons than when they go to an exchange. A lot of people go to an exchange to speculate, and there’s nothing wrong with that. Plenty of people make a good living that way, and people can actually invest that way.

But people come to Blockchain to use their virtual currency; not to speculate on it. We are a wallet which allows people to transact directly with the Blockchain network and, you know, what that does in many parts of the world is save lives—in parts of the world like Ukraine and Argentina, where, frankly, there’s not a whole lot of confidence in the local currency because it has demonstrated its failure to be a good store of value. And so even though bitcoin goes like this, it’s better than the Argentinian peso that goes, you know, mostly like that.

So different regulators look at this differently. I will say, you know, I’ve criticized U.S. regulators for moving too quickly but, to their credit, that the U.S. regulator is light years ahead—light years ahead in understanding how this stuff works than pretty much any other regulator in the world save maybe a couple of jurisdictions—like Japan is very sophisticated on this issue.

MODY: But don’t global central banks and regulators have to see eye-to-eye before—to increase legitimacy behind some of these cryptocurrencies.

SANTORI: I don’t think crypto needs it. I don’t think crypto needs this stamp of legitimacy. It hasn’t needed it. I think that the only reason it would need it is because governments say it needs it, and people sort of expect that the governments are going to do something about it, and so it sort of—they sort of need to save it from themselves.

MODY: Yes, in the back.

Q: Hi. My name is Chris Wallace. I’m with Greycroft for early-stage VC.

We’ve looked—my question is around infrastructure and the maturity of infrastructure in this space. I think Marco’s point about a lot of the exchanges being global was really salient. You see exchanges with billions of dollars of volume per day, like Binance. They are moving to Malta because of the favorable regulation. They are located in Hong Kong. They are not in the U.S.

So I’m wondering what’s your perspective around the maturity of those platforms and around the maturity of the custody, around the maturity of the wallets, and how this ecosystem really becomes robust and really—you know, where there is opportunity for institutional capital because I think that’s kind of where we are trending, but it’s a matter of where is the technology today and where will it be tomorrow.

SANTORI: Look, I think that Binance going to Malta—it’s regulatory arbitrage, right? It’s—(laughter)—there’s not—yeah, I know we’re on the record, but look, let’s just be real. The flight to different jurisdictions is very much regulatory arbitrage, and all of these exchanges, all of these custodial wallets—we’re a non-custodial wallet—but there are others who are custodians out there—it’s actually well-informed regulatory arbitrage, and the reason is that, you know, you can’t escape the jurisdiction of New York by moving to Malta and still servicing New York customers, right? (Laughs.) The United States exercises extraterritorial jurisdiction. What they’re hoping for is that, you know, they’re just going to be a little harder to get than the next guy. It’s like the two guys running away from the bear. One stops to put on sneakers because he thinks he can outrun the other guy; not because he can outrun the bear.

So I think that that is largely regulatory arbitrage. It’s something we’ve never engaged in. We’re one of the oldest companies in the space, and we have headquarters in London and a big office here in New York that, you know, we—there is no hiding. At the same time, though, this is very much a global story, and I think that the regulations globally will develop differently because, for the first time, the U.S. doesn’t have the leverage that it otherwise had around exporting policy. I think it’s going to be a bumpy road.

PAGLIERY: I would just like to weigh in to say that I am wary of any operation that leaves to not have to abide by certain rules, and as an investigative reporter who spends a lot of his time, you know, tracking down shell companies to figure out what people are really up to, I’m just very concerned about that sort of thing.

MODY: But what about all the financial companies that are based in the Cayman Islands, Mauritius, so—

PAGLIERY: They are the same kind of—

MODY: —same concern and they’re fine.

VULLO: Yeah, I mean, there’s concern, but that may be a little bit different than maybe—I mean, we obviously have some concerns about that and regulatory arbitrage—believe me, I—in lots of places I have concerns about. But, you know, on the Cayman Islands, I mean, that’s for tax reasons, you know, in some other places but, you know, they do have a functioning government there and oversight.

But, yes, if someone is going in sort of certain countries where there is just, you know, no regulation, and then you’re really worried about the criminal activity, as Marco said—you know, you come into New York, if you’re going to serve New Yorkers, there are 22 million people here. It’s hard for people to avoid New York. If they want to and do, you know, illegal activities or what have you—not within my space—but if they want to be in New York, and most people who want to have a legitimate business want to be in New York, and so that’s where I think we are trying to have a good structure to make that happen.

But look, this is hard. This whole new thing is hard. But the fact that it’s hard doesn’t mean that—you know, we should be having this conversation, we’re having a lot of conversations. It certainly doesn’t mean that people should go too fast or too soon, but I certainly think that it’s evolving, and we need to, you know, do our best to manage the risk and, at the same time, allow something new to flourish. But the international nature of this and technology is really what’s taking us in a place that maybe some people are just uncomfortable, but I think we have to work it through.

MODY: From a scale of to 10, how big of a concern, though, are cryptocurrencies to the State of New York?

VULLO: You know, I mean, there are so many concerns that, you know, I have in my job. I mean, it’s just—but it’s really just part of the job, and again, you know—

MODY: But has it increased on the scale?

VULLO: It’s—you know, when I see some of the trading, you know, disparities but, you know, you see that in other markets, too, and I just think, you know, there’s lots of people out there that, you know, can adjust when you need to. I think we have to extra vigilant here.

The biggest concern I have is just cyber security in general. I mean, if you’re just talking about something that could have such a devastating impact to the whole financial system, not to mention, you know, the election system in our country, you know, that’s really a biggest concern.

Cryptocurrency—yeah, it’s a concern. It’s a concern that people are going to lose out on something. It’s a concern that people may use it for illicit purposes but, you know, there are a lot of really, you know, clever criminals out there that are using a lot of things for improper purposes, and I think we just have to manage this just like we would manage something else, though recognizing, you know, this is a little bit different. And so we have to keep learning.

MODY: OK. Yes?

Q: Hi. Les from Alpine Capital Advisors.

You know, the CFR, UNICEF—those are great nonprofits, so I always kind of wondered—and I’m not an expert and not a lot of us are—but what do you guys think about the use of setting up a nonprofit foundation for these ICOs? It seems like such a blatant circumvention of liability, securities laws. You know, there’s—I think there’s a coin called weedcoin—they’re a nonprofit. It seems like such a—such a blatant thing that you guys can kind of clamp down on.

SANTORI: In private practice I advised on a number of these, and I—not once in my entire career did “you should form a nonprofit to circumvent the U.S. securities laws” ever escape my mouth until just now. (Laughter.)

It doesn’t work, it was—it became fashionable because ethereum did it, and they did it, as far as I can tell, to—for tax structuring purposes primarily, and they probably got an aggressive legal opinion from a lawyer at some point who said, well, at least you’d have an argument for the securities laws. And I don’t think it’s a very strong argument. ‘

If we’re looking back to the Howey test, which is still law here in the U.S.—it’s a facts and circumstances analysis that looks through the formalities to the economic realities of a transaction. So the creation of a nonprofit organization to conduct a token sale, even if that nonprofit organization is in Zug, Switzerland, which is the fashionable place to do this, it doesn’t have an effect on the securities laws.

What I will say is that the nonprofit approach to computer protocol governance is tremendously powerful and valuable. The problem is, when you try to use that particular tool for this job of somehow camouflaging yourself among non-securities, it just doesn’t—it doesn’t compute. So I think it is valuable in the long term as a decentralized open source—as a free and open source software governance mechanism, but it is so bad for taking in money and selling tokens—so bad—and there are a number of disputes going on right now, not the least of which is of course the Tezos dispute and its resulting litigation that was caused by this cleft between the foundation that has all the money and a private company that has all the IP, and they are expected to work together. It’s a common problem in the industry.

MODY: Next question? (Pause.)

Jose, I was going to ask you, since you cover national security, are you finding as you put together your research that the role of funding terrorist activity the cryptocurrencies are playing—how—

PAGLIERY: That’s a good question, and—it’s a good question because there’s a lot of talk about it, right, like, is ISIS using bitcoin was a question like—(laughs)—I got for a long time.

I don’t know. I mean, like it—I just don’t—so I try to put myself in the shoes of—when I talk to FBI agents or folks in the intelligence community about this problem, I try to put myself in the shoes of somebody who would benefit from this, and I hate to sound like such a skeptic here, but like cryptocurrencies are such a terrible currency, a terrible like store of value that you can rely on that they are better off trading illegally in oil or in stolen artifacts because to actually access this cryptocurrency and use it, you need the network to be reliable, you need the stored value to be pretty consistent, you need other people to use it. And so, sure, there are lots of cyber criminals that use it because it’s the best way to get somebody to pay for ransomware, right? When they lock down your computer and they want you to pay them, it’s a pretty fast, easy way for them to get some sort of value there. And the reason—

MODY: And it’s anonymous, too.

PAGLIERY: Mostly anonymous, right. I mean, pseudo-anonymous, right, so like I always wonder when it is that these people are going to cash out so that the FBI, using, you know, the tools that they’ve got, can actually find them and arrest them.

But it works for hackers, even if the currency is not stable because they do it at scale, right? Ransomware doesn’t attack 10 people; it attacks 10,000 people, a hundred thousand people, and if you can manage to get like 5 percent of them to pay and you really only keep 5 percent of that money, you know you’ve got a pretty good business just sitting there at your computer hacking everybody around the world.

But as far as terrorism goes, I mean, I’ve heard the question, but I haven’t seen it actually in play.

VULLO: Yeah, I don’t think we know on that, but I wanted to comment on your anonymity point because there’s a way that potentially—and I’m not a technology person so—but there’s a way that actually, you know, blockchain and other technology behind cryptocurrency could actually aid—but it’s an after-the-fact thing—in sort of law enforcement purposes. And really what I’d love to hear from on this topic is what the FBI thinks or law enforcement thinks because it is certainly possible that utilizing the blockchain for purposes of terrorism or other things might actually create records of a sort that law enforcement could use.

Now obviously people move, and people use different names, and there’s all—but that we have that issue and sort of just general money transmission, I mean, through a—I won’t mention the name, but there are lots of money transmitters that, you know, people sort of send, wire money, you know, through from other countries that go to terrorists, right, so—but the question here is really whether this creates a record that the criminals don’t want to have, and the other methods might actually be better for them. And I’m not saying that this is necessarily true or not, but I think it’s a real question. I really think we need to know what the law enforcement and the FinCEN, you know, which I think is looking at this but—you know, what do they think about this, and I think that’s an important question.

PAGLIERY: The term that I keep hearing from the law enforcement folks is that this is prosecution futures, right? I mean, if you are using something like bitcoin to commit crime, and you cash out at some point, like you’ve got to realize that this public ledger has all these transactions in there permanently. They’re going to get you eventually.

VULLO: Right.

PAGLIERY: I was fascinated when I was covering the downfall of Silk Road, the illegal online marketplace because the guy behind that, who eventually got prosecuted and is now in prison, he—his legal team—which was totally mind-blowing to me—asserted some sort of claim or ownership on bitcoin that was used there, right, and I thought to myself, wait a minute, wait a minute. How are you possibly going to say that you weren’t behind the illegal market, but those bitcoins—that’s definitely yours? Really? I mean, like the record is right there, and you can tell how it all flowed to you. (Laughter.)

And so it was—I mean, that was mind-blowing to me as a journalist. But this idea of prosecution futures—this is where having a public ledger that is permanent—and that’s the real genius behind the blockchain here and the reason why it’s so much more useful than just currency—that’s permanent, and they’re going to get you eventually.

SANTORI: You know, there’s—

VULLO: The question is how is it preventative, though, too, because you don’t want—I mean, law enforcement is great and important, but really the other piece of it is that if people realize that, right, they’re not going to use it because they don’t want to get caught, and so then—

PAGLIERY: Well, they’re using more anonymous—

VULLO: —it’s not being used for it, so you have to look at the—sort of the—you know, the front end as well as, you know, the back end, but I think there’s—and there may be some misinformation, but I think law enforcement—and they probably are—because they usually keep that more quiet—looking at this, and I think that’s good.

MODY: Marco, can they always get caught, or are there ways to hide from regulators?

SANTORI: You know, there actually is some hard data on this. The HM Treasury in England every year publishes a list of the global—sort of the global financial crime list of payment mechanisms that are used for financial crime and terror, and they list every single payment mechanism and rank them. It’s this incredibly practical tool for those of us who practice in this area to use to establish risk, to do our own risk assessments, for independent risk assessors to determine the risk of a particular enterprise, and it’s really good on panels like this.

Every year so far that crypto—that virtual currencies have been included on that list, they have ranked dead last—dead last—in terms of 20 different payment instruments—after gift cards, after cash, after remittance, after hawala, after every single—I don’t have to name them all—after every single payment mechanism.

Now does that mean they cannot be used for terror? Well, of course not. I mean, of course virtual currencies are going to be used for terror, and unfortunately we all have to come to grips—we in the industry have to come to grips with the fact that one day there will be an event-driven regulatory cataclysm when some attack is funded with virtual currency. It hasn’t happened yet, and I think the reason for that is because it exists on—primarily because it exists on an open ledger that anybody can see, anybody can review. And if you read the now famous Exhibit B to the Silk Road—to the second Silk Road complaint when the government went after the rogue federal agents who had stolen money from the Silk Road—from the Silk Road, it’s this incredible chart of the—where the Department of Justice traced every transaction from one address to another address, to an exchange, to a mixer, to another address, to another address, to the bright, shining face of one of their federal agents who had stolen this money. And you can do that with an open permission list ledger like a blockchain. You can’t do that with PayPal unless PayPal kept really good records. You can’t do that with Liberty Reserve, period, because Liberty Reserve, as we all remember, was just, you know, a criminal organization.

There are things here that are durable that prevent crime, but we do have to be realistic about their limitations and recognize that it’s going to happen eventually.

MODY: Yes, quickly.

Q: Maurice Tempelsman, Leon Tempelsman & Son.

If you were sitting in Bretton Woods or some other more comfortable place, let’s say a warmer place, and you were thinking ahead about—in broad strokes—the financial system that should be put in place in a world that inevitably will continue on globalization, how would you move—what are the broad strokes? How would you come to grips with it? Or is it too early to tell?

MODY: And one minute, please. (Laughter.)

PAGLIERY: One minute for me?

MODY: One minute total.

PAGLIERY: Total? All right.

VULLO: You mean start all over again and say what should the financial system look like? Go for it.

PAGLIERY: All right. A short answer would be maybe central banks around the world should talk about digitizing their currencies and really trying to figure out a way to do that—to crack down on money laundering, to effect some sort of control over their own currency, to give a lot of thought to adapting some sort of lessons learned to the—

VULLO: But is that a unitary currency or is that—I mean, there’s lots of questions here, and you have—

MODY: Backed by the Fed.

VULLO: Yeah, and you have countries across—yeah, but you have countries across the world that just have fundamentally different structures and, you know, it’s a difficult thing. But we have—with currencies, with the usual currencies, we have established systems where countries work together on it, but I agree. I think we’re in the digital age, and that’s where we’d have to start.

MODY: It’s an area that generates a lot of intrigue, and good questions, and of course we’re waiting for more answers from what is a rapidly-evolving industry.

Maria, Marco, and Jose, thank you.

VULLO: Thank you.

MODY: Thank you, and we’ll conclude here. (Applause.)


Top Stories on CFR

United States

New U.S. Census Bureau data shows the United States importing more goods from Mexico than from China. Will the shift change the global trading landscape?



Vladimir Putin’s grip on power in Russia does not appear as ironclad as it once did. Liana Fix and Maria Snegovaya recommend that the United States prepare for potential leadership change in Moscow and develop response strategies with its allies to mitigate fallout.