This article relates to Shearman & Sterling's upcoming inaugural Digital Finance Summit on November 15-16. Learn more about the Summit.

Crypto-asset regulation has been publicly in the eye of the U.S. Financial Stability Oversight Council (FSOC)—the interagency oversight body that monitors systemic risk—for many years.  As crypto technologies have developed, FSOC and various of its member agencies have advocated applying existing frameworks to crypto-related activities and filling the gaps with a mix of new legislation and regulations.  In October 2022, as lawmakers in the United States continue to debate which agencies should regulate crypto-based activities, the Financial Stability Oversight Council (FSOC) released its Report on Digital Asset Financial Stability Risks and Regulations (Report), identifying six financial stability vulnerabilities connected to crypto-assets and making several recommendations. 

The U.S. is not alone on this front.  Due to their decentralized nature, crypto-asset markets face similar risks to those identified by U.S. regulators—but on a global scale.  International standard-setting bodies are also developing frameworks to address potential shocks to the global financial system arising from digital assets.  The Financial Stability Board has suggested that most crypto-asset markets should be subject to the rules of traditional finance. In addition, the Basel Committee on Bank Supervision has proposed a system of classification for crypto-assets to ensure more uniform global regulation across groups of assets.

Risks Connected to the Crypto-Asset Ecosystem, External and Internal

The six financial stability vulnerabilities identified in the Report fit into two categories: risks resulting from the crypto-asset ecosystem’s entanglements with the traditional financial system and those risks contained within the crypto-asset ecosystem.

According to FSOC, the most important financial stability consideration is the risk of connecting crypto-asset market participants, service offerings and technologies with the traditional financial system. Stablecoin assets, the values of which are inherently tied to national currencies or other reference assets, are of particular concern. Substantial stablecoin growth and a subsequent stablecoin run could dislocate the traditional asset market, according to the Report. The response to such a run would be largely unregulated, hindered by the opacity of the system and could be mismanaged—all leading to contagion.

In addition to stablecoin concerns, the Report finds that new crypto-asset-based products and services in banking, investments and insurance increase the risk of financial instability. Although sparsely offered now, new robust avenues for exposure to crypto-assets, such as crypto-backed mortgages and the increased adoption of crypto payments, are in development. As these new exposures increase, so too will the interconnectedness of crypto-assets and the traditional financial markets, increasing the likelihood of financial instability.

Vulnerabilities contained in the crypto-asset ecosystem are more acute, but could also pose considerable risks, especially as the crypto-asset market continues to grow. These risks are further divided into five groups: price volatility, internal financial exposures, operational mechanics, funding mismatches/runs and leverage.

According to the Report, these risks are exacerbated by the speculative nature of crypto-assets and the associated inability to accurately prescribe fundamental economic value to this asset class. In particular, FSOC is concerned about the “gamification” of crypto-asset markets, which may lower retail participants’ expectations for disclosures and compliance with investor protection rules.

Additionally, FSOC warned that the interconnections within the crypto-asset ecosystem exacerbate the effects of fragmented and tightening market liquidity across crypto native platforms, increasing the risk of widespread loss during a financial shock. The Report also highlights operational vulnerabilities, specifically disruptions in the deployed code caused by bugs, technological issues caused by the concentration of mining and malicious attacks on infrastructure service providers. Decentralization could complicate, or even prevent, an intervention to address any of these vulnerabilities from both a technological and a regulatory perspective.

Addressing Risks through Current Regulatory Frameworks

Many of the services provided within the crypto ecosystem are not actually novel, even if the technology is.  Banks and regulated financial institutions are already subject to a wide array of regulations and related guidance on crypto-assets. Banks may only engage in activities that are permissible under law and conducted in a safe and sound manner, and affiliates of by bank holding companies are also subject to activity restrictions. Further, banks are subject to prudential oversight of their activities, including supervision, examination and enforcement. For non-banks, some crypto-assets are securities regulated by the SEC, while others are treated as commodities, in which case, derivatives relating to such crypto-assets would be regulated by the CFTC.  Apart from federal regulation, some states are active in regulating crypto-assets, including New York, which requires licenses for certain businesses engaging in “virtual currency.”

FSOC recommends that current regulatory frameworks continue to be enforced and that crypto-asset firms and businesses to which these frameworks apply be brought into compliance. Compliance with these established regulatory regimes, according to the Report, could address risks related to interconnection with the traditional financial market, operational vulnerabilities, volatility in crypto prices, funding mismatches and runs and leverage.

Regulatory Gaps and How to Fill Them

Despite these existing, robust regulatory frameworks, the Report identified three regulatory gaps and suggested Congress take comprehensive action to fill these gaps.

First, federal regulation does not apply to spot markets for crypto-assets that are not securities, like Bitcoin, even when crypto-asset platforms engage in activities that would be regulated in other markets, like providing custodial services for crypto-assets. To avoid fraud and other risks, the Report recommends that Congress give federal financial regulators jurisdiction over these spot markets. This jurisdiction should include the authority to address conflicts of interest, abusive trading practices, cybersecurity, custody, settlement and many other areas of inherent risk.

Second, crypto-businesses are subject to piecemeal regulation based on their activities or their affiliates’ activities. No one regulator has full insight into the business. This gap allows crypto-businesses to engage in “regulatory arbitrage” and avoid certain regulatory requirements. The Report recommends that Congress give regulators the authority to supervise activities of all affiliates and subsidiaries of a crypto-asset entity. In the meantime, the Report recommends regulators coordinate with each other and with law enforcement to get a more holistic picture of the business and to enforce existing regulations as they may apply. Further, the Report recommends that Congress “create a comprehensive federal prudential framework for stablecoin issuers” that addresses the risks associated with crypto-assets.

Lastly, unregulated vertical integration of crypto-asset trading platforms directly exposes retail investors to risks that they might be protected from on other more traditionally siloed trading platforms. Without regulated intermediaries, and with automated closing, retail investors are more directly impacted by volatility, mistakes and hacks. To address these risks, the Report recommends that agencies analyze the impact of vertical integration and whether it is a model that can or should be supported by existing laws.

What’s Ahead

The Report is unlikely to inspire immediate action by Congress. The results of the midterm elections are also unlikely to signify any priority changes in specific areas. We are in the very early days of evaluating crypto-related oversight and regulation, and it is likely that regulatory turf wars will continue for quite some time.