Regulatory and Compliance Issues

Executive Summary

Satoshi Nakamoto’s 2008 whitepaper on Bitcoin ushered in a new era in technological and human history. The emergence of cryptocurrencies, decentralized finance, and non-fungible tokens has revolutionized all aspects of monetary policies and financial services. However, it has also created back doors that have been exploited by bad actors to achieve ends diametrically opposed to those of the mainstream cryptocurrency community.

Despite their many benefits, cryptocurrencies and their ecosystems enable a vast array of criminal activities. These include (but are not limited to) bribery and corruption, drug, sex, arms, and human trafficking, tax evasion, counterfeiting, market manipulation, fraud, and ransomware. As a result, multiple US regulatory agencies have been aggressively expanding their jurisdiction, surveillance, and enforcement activities in the cryptocurrency space. More troubling is a trend towards strict personal liability – meaning that regulators are increasingly willing to prosecute the individual officers, developers, and/or users of cryptocurrency platforms if they enable third-party criminal activity, as evidenced by the indictments of Arthur Hayes and other officers of BitMEX. Similarly, the SEC made history by personally naming Brad Garlinghouse and Chris Larson as co-defendants in their billion-dollar lawsuit against Ripple Labs.

Further complicating the issue is the fact that the regulatory environment is itself a mosaic of overlapping and sometimes contradictory regimes. For example, US Know Your Customer (KYC) requirements might conflict with FTC, and/or European General Data Protection Regulation (GDPR) privacy requirements, depending on how a solution is implemented. While KYC has become a well understood requirement in the crypto community, it is only a single facet of a larger program necessary for financial regulatory compliance. An alphabet soup of federal and state agencies have claimed jurisdiction and initiated enforcement actions covering various aspects of cryptocurrency platforms, including the SEC, CFTC, IRS, OCC, DHS, FBI, FTC, DFS, FinCEN, OFAC, to name a few.

A further complication is that the rules themselves are often suboptimal and ineffective. A notable example of this is the Office of Foreign Asset Controls (OFAC) Specially Designated Nationals (SDN) list, which uses names and dates of birth to identify individuals. In certain regions of the world, common names are shared by millions of people and birth records are difficult or impossible to verify, making adherence to regulatory requirements extremely difficult and wildly ineffective.

The final complication is that most fintech professionals are not familiar with the vast patchwork of regulators and requirements governing financial services and transactions. And, most regulatory experts do not understand cryptocurrency, decentralized finance, or fintech.

Against the backdrop of these challenges, we are witnessing the emergence of an incredibly innovative and intelligent community of crypto developers, advocates, organizations, and projects. It is our opinion therefore that the future of crypto depends on whether this community applies the same level of effort, intelligence, and innovation to regulatory and illicit use prevention that it does to the development of the other functional aspects of the ecosystem.

It is also our opinion that the decentralized finance community has a limited time window to get ahead of regulators through the introduction of innovative, superior, and compliant solutions to identify and prevent illicit activity. If the community fails to achieve this goal, we fully expect regulators to continue to expand their jurisdiction and enforcement powers, and to do so in a way that is highly likely to be detrimental to decentralized finance in general, as well as its contributors.

Recent Public Quotes from Regulators:

“If the crypto industry doesn’t evolve or is more responsible, then we will be headed for a potential rerun of 2008” - Michael Hsu acting Comptroller of the Currency Treasury official: Crypto 'needs adults in the room,' should embrace regulation before crisis hits

“Criminals continue to exploit virtual currency to support illegal activity, money laundering, and other behavior endangering U.S. national security, including through entities facilitating its anonymous use.” FinCEN Advisory FIN-2019-A003 https://www.fincen.gov/sites/default/files/advisory/2019-05-10/FinCEN%20Advisory%20CVC%20FINAL%20508.pdf

“Gensler [US SEC chief] has set up some 50 teams involving about 200 people to write rule proposals…” Bloomberg - Are you a robot?

"Talk to us, come in… There are a lot of platforms that are in operation today that would do better engaging and instead there is a bit of… begging for forgiveness, rather than asking for permission… regulators and exchanges need to work together to ensure new rules don’t add a lot of friction to crypto, killing the use for it in the first place. " – Gary Gensler SEC chief Gary Gensler says cryptocurrency platforms are too big to survive without regulation | Currency News | Financial and Business News | Markets Insider

What This Means for Harmony

As a developing and cutting-edge distributed organization that has the potential to revolutionize all facets of evolving crypto exchanges, wallets, apps and gateways, Harmony must take a leadership role in identifying and mitigating potential regulatory challenges. Only through a structured thoughtful approach can Harmony avoid the inevitable crack down of US and EU regulators and protect the financial interests of the ecosystem.

In the absence of a comprehensive framework, Harmony and its officers, directors, and management risk being held personally liable – up to and including civil and criminal liability - for the actions or omissions of any developers or projects on its ecosystem.

Furthermore, even if Harmony manages to avoid such liability, it is subject to significant regulatory risk. This is because US and international regulators are rapidly developing regulations that could govern significant parts of its ecosystem in the near future. If the defi industry does not provide its own regulatory leadership, regulators are likely to miss the mark and apply old or misaligned regulatory paradigms to defi, potentially undermining its future and imposing massive costs on the industry.

Areas of Regulatory Concern

From a US perspective, major areas of regulatory concern for Harmony include the following in approximate order of priority:

Overarching Regulatory Ownership Architecture: A technological, legal, and organizational architecture that clearly delineates responsibility for various aspects of regulatory compliance among and between Harmony, other projects, and other developers within the Harmony ecosystem.

FinCEN, DHS: Comprehensive AML, KYC, and CFT (Countering the Financing of Terrorism) coverage, MSB / Money Transmitter Regulations. Identifying and preventing various types of illicit financial activities.

OFAC: Compliance with sanctions

SEC: Market Manipulation, Securities Laws (including ICO, issuance, securitization, wrapped products, etc.), Fund and Advisor Regulations, Emerging Stablecoin regulations; Yield and staking products.

FBI: Traceability of transactions for law enforcement purposes

FTC: Consumer privacy and fraud regulations

Fed: Financial stability regulations, emerging regulations on stablecoins; CBDC’s, and their relationship to cryptocurrencies.

OCC: Banking regulations as they apply to staking and depository projects.

IRS: Basic tax reporting (1099-INT, 1099-DIV, 1099-B, etc), tax evasion, revenue recognition issues

Solution Phase 1: Overall Regulatory Risk Assessment

As an initial step, we are proposing a high level regulatory risk assessment that reviews existing and proposed projects within the Harmony ecosystem vis a vis the existing US regulations governing them. The objective of this phase will not be to design or implement solutions to regulatory risk, but rather to simply identify, characterize, and rank risks according to their immediacy, severity, and difficulty to resolve.

We also propose to draft a set of guidelines and/or educational materials to educate developers of Harmony-funded projects on the various regulations that govern their projects.

Solution Phase 2: High Level Regulatory Architecture

Our next proposed step is to review and design, at the regulatory and organizational levels, possible solutions within the Harmony ecosystem to facilitate the explicit management and assignment of regulatory responsibility among its participants.

Concurrent with this effort, we will review the underlying technology of the Harmony ecosystem and the many projects it is funding, and propose high level technology and information architectures to facilitate regulatory compliance in the areas of exposure discovered in Phase 1.

Subsequent Phases

We propose subsequent phases to develop comprehensive compliance programs within and among Harmony participants that rise the the level of regulatory compliance. The exact nature and scope of these phases will depend on the outcomes and discoveries of prior phases.