CFTC should regulate crypto exchanges says Commissioner

The risks posed by cyber attacks and lack of meaningful oversight of cryptocurrencies should result in regulatory intervention, says CFTC Commissioner.

Cybersecurity and cryptocurrencies were in the spotlight at the Futures Industry Association, Asia Derivatives Conference in Singapore where CFTC Commissioner Christy Goldsmith Romero delivered a speech that focused on emerging technologies and their associated risks.

According to Goldsmith Romero the “threat of a cyber-related shock to global financial markets is growing” with attacks by nefarious players that not only include criminals, but also state-sponsored hackers. Her comments echo those made earlier this year by Sam Draddy, head of FINRA’s Insider Trading Investigations Unit, who identified “the proliferation of hacking, phishing and cyber intrusions” as the biggest trend in insider trading.

The Commissioner singled out third party service providers, zero-day vulnerabilities and ransomware as being of particular concern to regulators with many cyber incidents having “elements of all three of these trends”. Third party providers are in the regulatory cross-hairs globally because even where financial firms or businesses have implemented strong cybersecurity measures these are “only as strong as their most vulnerable third-party service provider”.

“The threat of a cyber-related shock to global financial markets is growing.”

Christy Goldsmith Romero, Commissioner, CFTC

Because of continuing consolidation in the technology space the threat to the financial system is compounded by the fact that many firms use software or services from the same provider. Consultations on increased scrutiny of outsourcing operations in financial services are under way in the US, EU and UK.

The CFTC is also “tightening its cyber incident notification requirements” because an “immediate two-way flow of information between market participants and regulators will help counter and contain cyber threats”. There is a renewed focus on intelligence and knowledge sharing in order to counteract and more effectively fight cyber threats globally. For example, as we recently reported, the FSB is consulting on improving cyber incident reporting.

Explosive growth in blockchain on the cards

In an interesting aside Goldsmith Romero says that she predicts “explosive growth” in blockchain and distributed ledger technologies outside the cryptocurrency use case. In particular she believes that these technologies hold “great promise for commodities” and the agricultural industry in particular by improving safety, limiting waste and saving both time and money. Fulfilling the promise of these new technologies is dependent, however, on successfully operationalising them and providing the promised “trust and transparency … without any significant tradeoffs.”

Crypto is a serious risk to market stability

The Commissioner and the CFTC have been “warning against growing risks in crypto assets” for some time now, drawing parallels between the lack of insight by regulators into the risks and exposures that led directly to the 2008 financial crisis and the current situation in cryptocurrencies. Systemic risk is clearly of concern here as is the fact that it is a “market where there are a lot of retail customers who have exposure.”

To address these risks the Commissioner is proposing two measures – a redefinition of retail customers and enhanced supervision of the crypto exchanges.

Two categories of retail customer

A redefinition of what constitutes a retail customer would create “two categories of retail customers, separating household retail from professional and high net worth individuals.” The CFTC would provide different levels of protection to each group. According to Goldsmith Romero a “new Office of Retail Investor Advocate” analogous to that already in existence at the SEC should be established to help represent the views of such investors.

The Commissioner is wary of a completely “disintermediated model” of market access seeing brokers as fulfilling an essential role in determining the suitability of investments and also establishing customer risk profiles. Given the increasing user expectation, particularly among the younger demographic groups, of being able to obtain direct market access this will be a regulatory area worth watching. This is especially true in connection with cryptocurrencies.

According to the Commissioner the regulation of crypto exchanges lies “well within [the CFTC’s] existing authority for derivatives exchanges.” Supervision of the crypto exchanges should, at a minimum, involve “frequent examinations, and heightened focus on cybersecurity, conflicts of interest, and a safety and soundness financial review.” Unregulated affiliates of the crypto exchanges should also fall under this supervision regime with the CFTC increasing its access rights and being able to “demand information, perform risk-based reviews, and limit risks”.