Safeguarding in crypto: protecting customer funds

Safeguarding in crypto: protecting customer funds Safeguarding in crypto: protecting customer funds

Introduction

Electronic money institutions (EMIs) and crypto platforms are both on the rise and offering services customers aren’t receiving from traditional banking. However, with the rise of financial services companies also comes significant differences from banks regarding risks and how they are managed.

Indeed, as FTX and other stories have taught us, many platforms are willing to speak out both sides of their mouths. This is why it’s essential to understand all the procedures and security measures that are – and aren’t in place to protect users in their journey into the crypto world.

What is safeguarding?

An EMI is an organization that has been given regulatory approval in its jurisdiction to operate and disburse electronic money. Electronic money, in turn, is a digital version of cash (it is not the same thing as digital currency). Functionally, an EMI allows users to use electronic money for purely transactional objectives. The central difference between an EMI and a bank is that while a bank takes customer deposits and uses a portion of these to provide lending facilities, electronic money institutions must entirely isolate client funds from their own and cannot offer lending services. This isolation of funds is called safeguarding.

This is of the utmost importance as it ensures that customer funds and the issuer’s funds are kept secure and separate to protect the customer’s funds if the business suffers financial issues, including insolvency. Since EMIs are not banks, they do not get the same protection from regulators.

A safeguarding account is an account either at an authorized credit institution (i.e. a bank) or an account at a central bank. Both the EMI and the bank providing the safeguarding account sign a letter to acknowledge that the funds held within the account are effectively held on trust of the customers and should not be used to meet the debts of the EMI (including such funds that the EMI may owe directly to the bank).

For example, in the UK, bank deposits are protected through the Financial Services Compensation Scheme (FSCS) up to a value of £85,000. No such deposit protection exists for EMIs, as the safeguarding measures ensure that customer funds are protected in full.

The safeguarding requirements for EMIs of the EU and the UK currently do not widely differ, given that the UK electronic money regulations and the payment services regulations were created while the UK was still in the EU under Payments Services Directive 2, which also sets the framework for similar regulation across the bloc. In the future, these may diverge, perhaps when the EU publishes its Payments Services Directive 3.

The importance of safeguarding

Safeguarding serves numerous vital functions.

Customer funds are protected: Safeguarding serves as an extra layer of security. It ensures that customer funds and the issuer’s funds are kept separate so that, for example, if the business becomes insolvent, customers’ funds cannot be used to pay debts.

Compliance with regulations: EMIs are required by law to safeguard funds. Failing that, they could risk losing their license.

Reputation: Customers and regulators must trust the different roles EMI occupies from banks. In addition to the immediate benefits to the company, it strengthens the industry.

Stability: Electronic money is issued to meet ongoing transactional demands, and the issuing of electronic money is not a deposit-taking activity. Unlike banks, which use their deposits to lend, EMIs do not lend customer funds. In case of a “run” where many customers wish to spend, withdraw, or otherwise redeem their electronic money, all funds are on hand to meet customer demand.

The challenges of traditional safeguarding accounts

Safeguarding is both necessary and vital. But it can be incredibly challenging. Here are some of the top challenges

One business day window: Customer funds may be received either directly into a safeguarded account or into a settlement account (for example, through a payments provider that offers a specific service used by the EMI and its customers). After receiving customer funds into a settlement account, EMIs have one business day to safeguard them. This settlement account must be wholly separate from the providers’ funds.

Safeguarding Bank Accounts: EMIs must find a bank that is comfortable with operating a safeguarding account, as it places special demands on how the account is handled (that it cannot be subject to any charge or security and needs to be protected from any claims on the EMI). Most banks will hold safeguarded accounts as liquid assets and not engage in any lending on the funds beneath due to the nature of the account.

Constant tracking, reconciliation, and monitoring: The importance of independent, safeguarded funds necessitates stringent monitoring on behalf of the EMI. EMIs must constantly reconcile all transactions to ensure the correct amounts are segregated on at least a daily basis.

What will it look like to safeguard crypto?

Unlike the more precise guidelines for financial services companies, the quickly evolving crypto industry faces unique challenges in safeguarding customer funds. There are a few reasons for this. The main reason is the absence of standardized frameworks globally. However, in other cases, there is upcoming regulation, but it is yet to be clarified, interpreted, and implemented – before changing anything fundamental about safeguarding funds in crypto. The most notable example is MiCA in the EU (more on that now). Therefore, it is worth a brief overview of the current state of regulatory clarity.

The current state of regulatory clarity

Lack of regulation and ambiguity across different jurisdictions

Outside of MiCA in the EU, the current state of regulations regarding safeguarding funds as it relates to cryptocurrency investments is far from established, let alone clear. This ambiguity is ripe ground for fraud. For example, in the US, Voyager Digital LLC, a crypto-based financial services provider, claimed that user deposits were FDIC-insured. The Federal Deposit Insurance Corporation (FDIC) protects user funds up to $250,000 if the bank fails. However, not only was Voyager never an FDIC-issued bank, but FDIC doesn’t – nor has it ever – cover cryptocurrency investments. Unfortunately, when Voyager eventually failed, users were unprotected from losing money.

Impact on crypto platforms and crypto security

Regulatory ambiguity proves disastrous for crypto platforms. The ambiguity means platforms are uncertain about the required compliance and security measures. In practice, this means that even the largest cryptocurrency wallets and exchanges, such as Coinbase of Crypto.com, have little to no safeguards to protect the end users.

Without that extra layer of security, users are left exposed to all the risks entailed by a crypto exchange collapse. Users may lose their assets, which has a knock-on effect: it impacts the reputation of the crypto industry, drives down prices, and accelerates web3 users’ churn.

Despite this, some cases of crashes turn out for the better because of pre-existing legal precedents and avenues. When cryptocurrency exchange FTX crashed, it looked like the end of the road for user funds. However, because FTX declared bankruptcy, control of digital assets was handed over to lawyers and insolvency experts. Now, it looks like users might just receive repayment for lost funds. Similarly, the Celsius network also went into bankruptcy proceedings and is now commencing repayment of over $3 billion in crypto and fiat to creditors.

However, all of this could have been avoided, and such happy endings are improbable, especially in cases where mismanagement and fraud are concerned. For this reason, upcoming regulatory challenges, such as MiCA in the EU, may provide some much-needed clarity.

How will MiCA affect safeguarding for crypto companies in the EU?

What is Markets in Crypto-Assets regulation (MiCA)?

Currently, crypto companies in Europe are regulated regarding things like Anti-Money Laundering (AML) and transaction monitoring. However, they are not specifically required to safeguard fiat funds as described above. That is set to change with the EU’s MiCA regulation coming into effect later this year.

It covers crypto-assets that are not currently regulated by existing financial services legislation. The main aim is to provide a legal framework to ensure the crypto market’s transparency and stability. MiCA is a first-of-its-kind regulation, and hopefully, it will lead the way in regulating digital assets and currency worldwide.

MiCA effects on safeguarding practices

MiCA is expected to impact safeguarding practices and introduce prudential requirements for crypto companies in many ways: capital requirements, custody policy, and segregation of assets.

Capital requirements: All crypto-asset service providers (CASPs) must meet a minimum capital requirement of €125,000 (for comparison, EMIs must hold minimum capital of €350,000).

Custody policy: CASPs must have a custody policy for the safekeeping or control of crypto assets. This policy must be made available to users upon request.

Segregation of assets: This rule is similar to the EMI safeguarding requirements. Users’ crypto assets must be separated from the custodian’s own assets so that creditors of the CASP don’t have recourse against user crypto assets, especially in the case of insolvency. For example, this could mean holding the user’s crypto assets in separate wallets to a custodian’s crypto assets held for liquidity purposes.

These are all positive steps, and overall, the need for adaptation and compliance has been visible across the EU crypto landscape for some time.

How do you prepare for MiCA coming into force?

In order to harmonize and speed up the approach as much as possible, the EU is introducing MiCA as a Regulation rather than as a Directive (which is then interpreted into local law, as with the application of PSD2 into the Electronic Money Regulations and Payment Service Regulations in the UK, for example). However, despite the regulation applying equally across the bloc, it will still be up to the local regulators to interpret and enforce the regulations. Consequently, crypto platforms might face challenges in implementing the MiCA requirements as the position of local regulators is currently unclear.

How do we overcome these challenges?

– Keeping tabs on the latest MiCA-related news is essential, especially around critical deadlines.

– Consult legal specialists ahead of time

– Bank with crypto-first providers compliant with the EU regulation

– Be part of the discourse – take part in consultations and be proactive in advocating for clarity in MiCA’s interpretations in different jurisdictions

Global perspectives on crypto safeguarding

Safeguarding practices beyond the EU

Although the EU is leading the charge with MiCA, it’s worth briefly looking at what other countries are – or aren’t – doing.

The American government has abstained mainly from regulating the crypto industry. In some instances, government bodies such as the SEC have chosen to take companies they deem as having acted improperly to court. However, for most, policies and regulations ultimately come from Congress. And while Congress has undoubtedly been more proactive in rulemaking following the previous crypto winter, little formal rulemaking in safeguarding has occurred.

Additionally, existing financial services providers in the US are under no obligation to provide an extra layer of security through safeguarding funds. Unlike Europe, rather than an EMI license, businesses need a money transmitter license (MTL) in each state in which they wish to conduct business. Funds that are held by entities operating under MTLs across the US are not protected in case the business fails, although some entities will, in addition, operate a trust to hold customer funds in a protected state.

For the most part, the UK government intends to bring cryptoassets within existing financial regulation, introduce a new authorization process, and set out a new disclosure and liability regime. Specifically, the government has proposed to define a new regulated activity for custody that will allow for safeguarding. The HM Treasury (HMT) published a consultation paper and call for evidence in March 2023 and its response in October.

The next step is to lay these proposals before parliament this year.

Distinct safeguarding approaches under different jurisdictions

The EU has a “revolutionary” and codified approach focused on maximizing safety, similar to how TradFi works. Notably, the EU has quickly implemented MiCA as a regulation rather than a directive. Some commenters thus see MiCA as both rushed and having little regard for cryptocurrencies’ novel and unique technology.

On the other hand, the USA and the UK are more “evolutionary” and act cautiously to strike a balance between fostering innovation and guaranteeing safety.

What should you look for in safeguarding partners as a crypto company?

Effective safeguarding practices and robust security measures benefit both crypto companies and their users. But ultimately, there are still better and worse ways to safeguard crypto wallets.

There are a few critical things to consider when looking for the best provider with whom crypto companies can safeguard funds.

Crypto-friendly but protected by established institutions

It is essential to have a safeguarding partner that is crypto-friendly. You could be doing everything right, but if you are working with risk-averse institutions that don’t understand crypto, there is an unpalatable amount of uncertainty about the continuation of your relationship.

Equally, an ideal partner should provide access to secure Tier 1 banking connections for fiat capital to ensure the highest level of capital protection for cryptocurrency exchanges and platforms. Crypto businesses can establish their own secure banking relationships, but it is effort- and time-consuming; thus, it’s best to rely on the infrastructure provider.

A robust audit trail

Another critical step in compliance is always to record everything. So, it is good to look for a provider that is not only capable of meeting this (an annual audit is a minimum requirement) but has the potential to improve upon the reporting process.

Conclusion

In the rapidly evolving landscape of EMIs and cryptocurrency platforms, safeguarding has emerged as a critical pillar for protecting customer funds and maintaining trust in these financial ecosystems. EMIs have long adhered to stringent safeguarding protocols to separate customer funds from their own, a practice that crypto platforms increasingly recognize as essential amidst regulatory ambiguities and insolvency risks.

As the industry looks towards implementing MiCA in the EU, the importance of adopting safeguarding and robust security measures has never been more apparent. This regulation promises to bring clarity and standardization to the crypto market, emphasizing the need for crypto asset service providers to meet specific capital requirements, establish custody policies, and ensure the segregation of assets to protect users.

Globally, approaches to safeguarding digital wealth in the crypto space vary, with some jurisdictions like the EU leading with proactive and comprehensive regulations while others remain in flux. This disparity underscores crypto platforms’ need to comply with current rules and stay ahead of emerging legal frameworks to safeguard customer assets effectively. By adopting best practices from EMIs and preparing for regulations like MiCA, crypto platforms can enhance their resilience against financial instability and fraud, safeguarding their customers’ digital assets and contributing to the overall stability of the digital asset market.

Looking forward, crypto companies must carefully select their safeguarding partners, prioritizing those that are not only crypto-friendly but also backed by robust financial institutions. Establishing strong banking relationships and maintaining a rigorous audit trail are indispensable for compliance and building a trustworthy platform.

As the regulatory landscape evolves, proactive engagement with legal specialists and participation in regulatory discussions will be crucial for navigating the complexities of safeguarding in the crypto world. Cryptocurrency platforms can ensure the longevity of customer funds and foster a safer, more reliable digital financial ecosystem by prioritizing the protection of customer funds through effective safeguarding practices.

Does your safeguarding partner speak bank?

As a crypto platform, you may face undue scrutiny from banks and have trouble managing those relationships. Indeed, as you scale and your fiat access needs increase, so does your dependency. It’s thus important to be partnered with a provider that understands the needs and issues specific to crypto platforms and how to translate crypto platform activity and transactions into information banks can understand. That way, not only do you get the specific security of safeguarding, but you also get the much larger security of trust. Get in touch.

Cookies Policy

Our website uses cookies. You can change the rules for their use or block cookies in the settings of your browser. More information can be found in the Cookies Policy. By continuing to use the website, you agree to the use of cookies.