What policymakers should know about web3 regulation

The rapid expansion of cryptocurrencies – or other forms of payment based on distributed ledger technology – caught the world by surprise in 2021, reaching nearly $3 trillion in 2021 before falling to under $1 trillion by the end of 2022. These currencies have begun appealing to a highly diverse group of consumers – many of whom have purchased crypto as an alternative investment. 

However, every technology can be abused and misused, so it’s no surprise that bad actors, ranging from Terra/Luna to FTX, have engaged in fraudulent behavior. Such behavior, crucially, does not reflect on the underlying technology, but rather the incentives and regulatory framework. The most flagrant ethical violations in the crypto community have actually been among centralized entities, not the decentralized ones: Sam Bankman-Fried, for example, ran FTX as a centralized exchange where he effectively functioned as a depository institution (i.e., bank) without adhering to any of the regulation that traditional depository institutions face. 

Crypto and web3 are not dead

Although cryptocurrencies are down, every asset experiences fluctuations. Prices are a function of fundamental value and expectations on future performance. But the web3 market – broadly referring to applications of distributed ledger technologies – is bigger than just cryptocurrencies; it also includes non-fungible tokens (NFTs) and decentralized autonomous organizations (DAOs). 

These other segments of the web3 market have been booming. For example, over the past month, a new NFT marketplace called Blur launched and recorded $1.04 billion in trading volume, relative to the current market incumbent, OpenSea, which recorded $479 million in trading volume. Furthermore, new research has found that DAOs have led to improvements in organizational performance, bringing together geographically disparate people around common objectives. My research has also found that the use of airdrops – especially those that endow governance tokens to users, or rights to vote and participate as stakeholders in a community – have played a major role in the expansion of decentralized finance.

Regulatory guidance

Given that web3 technologies are not going away, policymakers must establish more predictable and economically competitive regulatory guidance so that the United States becomes a hub for legitimate web3 innovation. (Sadly, part of the reason we’ve experienced some of the fraudulent behavior in the web3 community is specifically because of the absence of clear guidelines in the U.S., which has led to some regulatory arbitrage and ambiguities that bad actors have exploited.)

Here are at least five general recommendations for policymakers approaching web3 regulation.

1.Impose licensing requirements on centralized cryptocurrency exchanges and other digital currency services that behave like banks.

Cryptocurrency exchanges – even though they do not hold traditional fiat currencies – can still be considered depository institutions if they behave as a custodian of consumer assets and lend the deposits to others. Even if the regulations that depository institutions are subject to are potentially excessive (up for debate), there are still problems when there is regulatory arbitrage and inconsistent application of regulation because it stifles competition. Policymakers need to think more deeply about what creates systemic risk and how the patchwork of regulations should be streamlined for both crypto and non-crypto depository institutions; that requires meaningful collaboration between federal agencies, rather than turf wars and a “wait and see” approach to what gets enforced.

What does adherence to regulatory requirements look like? For starters, it could involve capital requirements of the form laid out in the recent current and expected credit loss framework that requires that banks use “reasonable and supportable” forecasts to derive the amount of capital reserves they need to hold out in case of adverse economic events. Or it could involve basic cybersecurity and financial security regulatory requirements, like SOC 2 compliance.

2. Provide regulatory clarity about the specifics of legal web3 behavior.

Unfortunately, there is no single source that specifies the legal requirements for web3 builders. And, in some cases, the regulatory guidance is conflicting. Most notably, the Department of Justice has referred to tokens as commodities in its enforcement actions, whereas the Securities and Exchange Commission (SEC) has called them securities and enforced them as such. Creating guideposts for legal activity will promote not only greater innovation since more companies will build within the U.S. regulatory sandbox, but also more consumer protection since enforcement will have more legal precedent and the bright line for legal activity will be clearer.

The U.S. has the luxury of experimenting with different approaches because of the varying state-level capabilities. For example, Wyoming recognizes certain types of cryptocurrencies and blockchain tokens as legal property and created a new type of bank specifically for cryptocurrency companies, which allows them to operate in a more permissive regulatory environment. Similarly, Tennessee recently began recognizing DAOs as limited liability corporations or nonprofits, depending on their specifics, which provides additional liability coverage for DAO members.

3. Harmonize international standards.

Many web3 entrepreneurs and companies have decided to locate outside the U.S. for business and residence because of rigid and uncertain U.S. web3 regulation. Much like developed countries meet to coordinate economic policy through the G20 annual meetings, and the OECD has published international guidelines around the ethical use of artificial intelligence, U.S. regulatory agencies should cooperate with others to identify a common set of principles and standards.

Although many look to the SEC for guidance, they too can learn a lot from international counterparts. For example, they could work with the European Securities and Markets Authority (ESMA) to share information and coordinate regulatory efforts to combat fraud and protect investors in both regions. Similarly, the U.S. could learn from best practices in other countries, including Switzerland’s regulatory sandbox, which not only provides much more clarity on the distinction between security tokens and their counterparts, but also safety in piloting a token as long as the amount raised and transacted upon is below 1 million Swiss francs.

4. Foster dialogue with researchers and industry practitioners.

Regulators rarely have the subject matter expertise to understand all the intricacies of technology, so it is necessary for regulatory bodies to participate in the web3 community and promote dialogue with researchers and practitioners. For example, the U.S. Commodity Futures Trading Commission (CFTC) could regularly hold public meetings with industry leaders, academics and other experts to discuss the latest developments and trends in the cryptocurrency space.

Fortunately, there are many platforms for facilitating these dialogues. For example, the Center for Digital Finance and Transformation at Columbia University frequently brings industry practitioners and academics together, and sometimes helps convene and participates with federal and state policymakers. Policymakers, especially in the SEC, CFTC and DOJ, should seek opportunities to work with and delve into details with practitioners and researchers.

5. Promote best practices and standards over regulation.

The debate about standards versus regulations is not new, but blockchain technology provides an interesting new perspective on the relative costs and benefits of the two approaches. Standards are best when there is uncertainty about a promising technology. Blockchain is a general purpose technology, meaning that it is an enabling technology that applies across sectors.

Rather than “regulating by op-ed” or “regulation by enforcement,” as some crypto enthusiasts have framed it, a better strategy would be for developers, investors and regulatory agencies to work together at least around common standards that can raise the quality of projects overall and establish best practices that the entire community of web3 participants will benefit from.

Standards have an important role to play in markets. They establish a predictable threshold for minimum quality. The best types of standards are those that emerge organically as a result of demand and coordination in a community whereby members recognize everyone is better off by adhering to a set of best practices. A common set of open-source and organic standards is perhaps best demonstrated by the W3C standards, which cover the spectrum of application development.

In particular, the W3C standards for verifiable credentials and decentralized IDs have proven to be principal sources for coordination and adoption in global education. Organizations, ranging from governments to large publicly traded companies, need interoperable technologies that do not lock them into specific vendors or systems that could create unnecessary risk— (e.g., if one system goes down or a business fails. These types of standards become a requirement for true global adoption; without them, pioneering technologies will remain bespoke and never reach scale.

We are seeing how open-source standards within the use case of education provide an opportunity for anyone, regardless of where they are in the world, to scrutinize a technology and ensure that it has passed through rigorous trials for privacy, security and interoperability, providing clarity and comfort for large-scale institutional partners who can bring new technologies to the masses. The question for policymakers is whether they can help contribute to an ecosystem that promotes such standards and best practices, which will implicitly achieve the aims of otherwise stringent regulation.

Concluding thoughts

These recommendations are far from not exhaustive, but they reflect a general set of governing principles that would improve U.S. economic and social competitiveness, while simultaneously mitigating against the risk of tail outcomes, like those observed over the past year in the crypto community. Most importantly, regulators should be wary of a one-size-fits-all approach to web3 regulation, but to understand the context and allow for experimentation and dialogue.

Christos A. Makridis is a research affiliate at Stanford University and University of Nicosia, among other institutions, and holds doctorates in economics and management science & engineering from Stanford University.