Academic Centre of Excellence in Cyber Security

A 2-tiered legal framework to protect cryptocurrency users and innovation

December 11, 2014
by Dominic Hobson

A Call for Information relating to cryptocurrencies was put out by the UK government, available here. Naturally, we sent a response.

One idea I’ve been thinking of lately which I dropped in this response was that of a 2-tiered legal framework for cryptocurrencies. In summary, it involves a tier of “accredited” services, which require costly audits, surety bonds or capital holdings and other things required to protect the consumer and an implicit “unacceredited” set of services which would be cheaper, more innovative but higher risk.

Here are a few paragraphs from our response to the CfI relating to this:

“Many people have been the victim of accidental and intentional fraud with cryptocurrencies. The instances of fraud being referenced are those which involve a service provider which holds cryptocurrencies on behalf of users, be it an ewallet or an exchange, which has either intentionally run away with users funds or accidentally lost funds as part of a security breach. Such fraud has made up a large amount of media coverage relating to cryptocurrencies.

At current, many of these services are required to comply with anti-money laundering regulations, such as requiring formal identification documents from users to verify identities. However, these serve as barriers to entry, being costly to implement properly, making them unsuitable for a bedroom-programmer/entrepreneur such as those types who have lead early innovation with cryptocurrencies. These regulations may prevent a few cases of service providers running away with money and also make laundering more traceable, they do not present any protection in cases where the service has been breached and money has been stolen.

However, any measures put in place to insure against or prevent loss through breaches are going to be costly for the service provider and hinder innovation, typically pushing up the price of the service for the consumer.

For this reason, we suggest a 2 tiered regulator approach, in the form of an accreditation scheme. Merchants could opt in to become accredited. This would be a relatively costly endeavour, requiring external security audits, capital reserves or surety bonds and other measures to ensure that a breach is less likely and should one occur, ensure that the business has the funds available to fully reimburse customers. Due to the burden of accreditation, accredited services would likely be slightly more expensive and renewal of the accreditation in light of changes to the service may slow innovation. However, they would be able to market themselves as accredited and protected, attracting business and other customers who otherwise may not use cryptocurrency services due to security concerns or risks.

This would also create a tier of unaccredited services. Such services would be very loosely regulated. These services must explicitly warn users they are not heavily protected and that the user faces increased risks. However, an unaccredited business would be far quicker, cheaper and easier to legally establish, providing a faster and more dynamic service, typically at a cheaper price to represent the increased risks and lower overhead costs.

We believe this particular approach would present a balanced solution to the issue of consumer protection vs innovation. However, at current, unaccredited services would still be required to implement AML/KYC measures with the intention of reducing economic crimes such as laundering – these measures still serve as a barrier for entry.”

Whilst not a perfect solution, perhaps it could be a start point for some regulations which allows those who want to shoulder their own risk to do so, whilst protecting those less confident users.

Categories: General.

Leave a Reply

Your email address will not be published. Required fields are marked *