Today the Conference of State Bank Supervisors (CSBS) announced their Model Regulatory Framework for regulation of virtual currency activities. Unfortunately, we’ve strong concerns about the vagueness of the language they’ve chosen in this final draft: vagueness that could encumber plenty of innovative but non-custodial companies, whom CSBS likely never intended to be regulated at all.
The CSBS has always had the right policy in mind for digital currencies:
It is CSBS policy that entities performing activities involving third party control of virtual currency should be subject to state licensure and supervision like an entity performing such activities with fiat currencies.
A proposition for which they cite our comment letter of last February:
Trusted intermediaries . . . so long as they walk and quack like a money transmitting duck, offer the same case for regulation as traditional financial services.
We’re gratified that CSBS wants to take an apples to apples approach when it comes to digital currency companies and traditional money transmitters. We’re happy they do not intend for states to regulate the oranges of this highly innovative space—the non-custodians, the developers, the miners, the multi-sig providers and the future innovations that look nothing like, for example, Western Union or PayPal.
But, and this is a large and unfortunate but, we are disappointed that the specific language of the model framework unveiled today—while broadly promising to follow the sensible approach for which we’ve advocated—contradicts its own stated intentions.
Rather than clearly limiting the licensing requirement to those who actually hold and transmit digital currency on behalf of others—as would a money transmitter with dollars or yen—the requirement continues to encompass mere facilitators of transmission. “Covered activities” is still specified to include:
Services that facilitate the third-party exchange, storage, and/or transmission of virtual currency (e.g. wallets, vaults, kiosks, merchant-acquirers, and payment processors).
This section might be reasonable were it indicative of some services that may be covered, but—instead—the language prefacing this prong is less forgiving; “Covered activities” includes “at minimum” these mere facilitators. As we pointed out in our comment last February,
[I]t would be incorrect to suggest that Internet service providers, such as Time Warner or Comcast, do not facilitate the third party exchange. Indeed there is no way to exchange cryptocurrency if one cannot connect to the Internet. However, it seems unreasonable to ask these infrastructure providers to register as virtual currency businesses.
Moreover, companies like Amazon and Google often provide app developers with cloud storage and computing solutions; are these companies virtual currency businesses if a licensed exchange chooses to store encrypted private keys on their platform? It seems rather silly to suggest that these companies should be licensed even though they’ve no ability to transact with any consumer funds.
And none of these hypotheticals even approaches the true nuance and complexity of this subject. What about a software designer who contributes code to an open source repository that is used in a consumer bitcoin software wallet? Did she not facilitate the storage of some consumer bitcoin? Or a multi-sig provider who only ever holds one key of three and therefore can’t ever transact with their user’s funds? Who needs to be licensed? Who should state regulators worry about? None of this is made any clearer by the work unveiled by the CSBS today, and—indeed—the suggestion that mere facilitation of transmission gives rise to an obligation to license only muddies these already cloudy waters.
Again, we applaud the CSBS for their repeatedly-stated policy goal:
[A]ctivities involving fiat currencies that are otherwise subject to state laws should be covered if undertaken using virtual currency.
But the nuts and bolts of how to achieve that parity are difficult to find in the specific language of the model framework. We urge any state regulators who are encountering these issues to look for a clearer, more justiciable standard of “covered activities” and believe the standard found in our own Principles and Framework fits the bill:
A business shall be found to be engaged in Digital Currency Transmission if and only if the business regularly and in the course of business has the ability to unilaterally execute or prevent a Digital Currency transaction on behalf of others.
It’s an easy test to assess: can the business transact on the user’s behalf and without her cooperation? If so, they license, if not, they may go forth and innovate without permission. Inquiring into the nature of “facilitation” only adds doubt, cost, and inertia to the process of regulation. Good for lawyers, perhaps, but certainly bad for the consumers and innovators we’d love to see thrive.