Cryptocurrency: An Overview of Global, Regional and National Regulations
By Robert Gaines, Director
Cryptocurrencies are used by over 400 million people around the globe, but most countries don’t have regulations for cryptocurrencies, and for those that do, each has a different approach to how cryptoassets are treated and regulated. Businesses and individuals using cryptocurrencies must navigate a complex patchwork of laws and regulations depending on where they are and where their transactions are conducted.
Global Governance Institutions
In addition to national regulatory agencies, several global institutions have policies influencing cryptoasset regulations as a component of their positioning within the global economy.
- The Group of Twenty (G20) is the premier forum for international economic cooperation. It plays an important role in shaping and strengthening global architecture and governance on all major international economic issues.
- India has made cryptoasset regulation a significant goal of its G20 presidency this year.
- The International Monetary Fund (IMF) is a financial agency of the United Nations consisting of 190 countries. Its mission is “working to foster global monetary cooperation, secure financial stability, facilitate international trade, promote high employment and sustainable economic growth and reduce poverty around the world.”
- In 2023, the IMF laid out a nine-point action plan for how countries should treat cryptoassets, with point number one a plea not to give cryptocurrencies legal tender status.
- The Financial Stability Board (FSB) is an international body that monitors and makes recommendations about the global financial system.
- In 2022, the Financial Stability Board (FSB) published a proposed framework and recommendations for the international regulation of cryptoassets and global stablecoin arrangements. These recommendations will take effect in 2023.
- The Basel Committee on Banking Supervision (BCBS) provides global standards for the prudential regulation of banks, which requires financial firms to control risks, hold adequate capital and liquidity and have in place workable recovery and resolution plans.
- In 2022, it published rules for the prudential treatment of cryptoassets to go into effect in 2025. According to the final standard, banks are required to classify cryptoassets into groups based on their calculated risk-ratings.
- Financial Action Task Force (FATF) sets global standards for Anti-Money Laundering for all virtual asset service providers.
- In 2021, the Financial Action Task Force (FATF) issued updated guidance for a risk-based approach to virtual assets and virtual asset providers.
- FATF created the “Travel Rule” in 2021, which requires VASPs (Virtual Asset Service Providers) to share the beneficiary and originator information for all transactions. This rule is controversial and very few jurisdictions have implemented it.
- Committee on Payments and Market Infrastructures (CPMI) sets global standards for payments, clearing and settlement arrangements.
- CPMI is the primary platform for international cooperation between central banks.
- In 2022, CPMI provided industry guidance for stablecoin arrangements.
- International Organization of Securities Commissioners (IOSCO) sets global standards for securities market regulation.
- In July 2022, IOSCO’s Fintech Task Force issued a Cryptoasset Roadmap for 2022-2023, which outlines issues relating to market integrity, investor protection and financial stability, as well as managing crypto and DeFi (decentralized finance) risks within regulatory frameworks.
- The Egmont Group is a coordinating body supporting 166 financial intelligence units. It is the primary platform for financial intelligence sharing that supports domestic and international AML/CFT measures.
- The group issues a new Strategic Plan every three years. The 2022 plan looks to grow resources for combatting terrorist financing and grow partnerships in Africa and Asia.
Country and Regional Regulations
There are currently no dominant standards for cryptocurrency regulation, primarily because different countries treat cryptocurrencies differently. The dominant questions underlying current regulations center around three questions:
- Is cryptocurrency a recognized legal tender?
- Is cryptocurrency a security (like stocks)?
- Is cryptocurrency a commodity (like gold)?
Policymakers around the globe are trying to develop a consensus around these questions so regulations can provide clear guidance to both the financial sector and the crypto/blockchain industry, and to not stifle innovation. Below is a breakdown of countries with regulations relative to cryptocurrencies or laws related to the use of cryptocurrencies.
- United States
- The U.S. has a dual banking system: digital assets can be regulated at the state level or the federal level.
- The Securities Exchange Commission (SEC) views a majority of cryptocurrencies as securities.
- The Internal Revenue Service (IRS) views cryptocurrency as property.
- Financial Crimes Enforcement Network (FinCEN) views cryptocurrency exchanges as money transmitters subject to their jurisdiction.
- The Commodities and Futures Trading Commission (CFTC) views cryptocurrency as a commodity.
- The Federal Trade Commission (FTC) investigates cryptocurrency fraud as a component of consumer protection.
- The Office of Foreign Asset Control (OFAC) provides a sanctions list for cryptocurrency businesses in the U.S.
- Transactions of cryptocurrency are covered by the Bank Secrecy Act of 1970 (BSA) and The Anti-Money Laundering Act of 2020 (AML).
- Executive Order 14067, officially titled Ensuring Responsible Development of Digital Assets, instructs federal agencies to conduct a comprehensive assessment of existing policies relating to digital assets, but there is no action or change to current regulations.
- Canada was the world’s first country to enact cryptoasset legislation.
- The Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC) require that crypto trading platforms and dealers in the country register with provincial regulators.
- Canada classifies all crypto investment firms as money service businesses (MSBs) and requires that they register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
- Each member state is responsible for enforcing cryptocurrency regulations within its borders.
- 5th Anti-Money Laundering Directive (5AMLD) requires cryptocurrency exchanges and custodian wallet providers to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
- The 6th Anti-Money Laundering Directive (6AMLD) further strengthens AML regulations and includes provisions for virtual assets.
- Markets in Cryptoassets Regulation (MiCA) covers cryptoassets not currently regulated by existing financial services legislation.
- The Financial Conduct Authority (FCA) regulates crypto exchanges and wallet providers, requiring them to comply with AML and KYC regulations.
- The Financial Services and Markets Bill 2022 (FSMB) recognizes crypto as a regulated activity and stablecoins as a means of payment under existing laws.
- Cryptocurrencies are not yet regulated in Russia, but any transaction exceeding 600,000 rubles must be reported to the tax authorities.
- Cryptocurrencies are classified as an asset and not a currency.
- The central government banned trading platforms, exchanges and Initial Coin Offerings (ICOs) in 2017 and cryptocurrency mining in 2021.
- Ownership of cryptocurrency is allowed and is treated as property.
- China is exploring the development of a central bank digital currency (CBDC).
- Hong Kong
- While Mainland China has restrictions on cryptocurrencies, Hong Kong’s new regulations will allow retail trading as soon as the second half of 2023.
- Cryptocurrency is regulated by the Securities and Futures Commission.
- Cryptocurrency is regulated based on its function and uses.
- Security tokens are regulated under the Financial Instruments and Exchange Act (the FIEA).
- Cryptocurrencies and stablecoins are regulated under the Bill for Partial Amendment to the Act on Payment Services Act, etc. for the Purpose of Establishing a Stable and Efficient Funds Settlement System (the Amendment Act).
- Cryptocurrencies are recognized as legal property for payments and transactions under the Payment Services Act (the PSA).
- South Korea
- Cryptocurrency exchanges and other virtual asset service providers must register with the Korea Financial Intelligence Unit (KFIU), a division of the Financial Services Commission (FSC).
- Cryptocurrency exchanges must comply with AML and KYC regulations and are subject to licensing requirements.
- Cryptocurrencies are classified as an asset and not a currency.
- Proposed legislation is pending for 2024, but there currently are no regulatory controls in place.
- Tax provisions are in place for cryptocurrency, but they were recently introduced and have very little guidance.
- The Monetary Authority of Singapore (MAS) has regulatory authority over cryptoassets.
- The Payment Service Act of 2019 gives MAS oversight authority for cryptocurrency exchanges, license distribution and enforcement of AML/CFT requirements.
- Classifies cryptocurrency as property but not legal tender.
- Cryptoassets are considered securities and regulated by the Securities Commission Malaysia (SCM) under the Capital Markets and Services Order 2019.
- Cryptocurrency is not recognized as legal tender.
- New Zealand
- Legislations in New Zealand are technology-neutral, and as such, no legislation is specifically dedicated to the regulation of cryptocurrencies in the country, but tax laws apply.
- The New Zealand Financial Markets Authority (FMA) regulates cryptocurrencies via The Financial Markets Conduct Act 2013 (FMCA) and only applies to digital currency if the digital currency is offered in New Zealand.
- Cryptocurrency is considered property and subject to income tax.
- Comprehensive cryptocurrency legislation is expected at the end of 2023, but cryptocurrency is currently regulated by the Australian Securities and Investments Commission.
- Exchanges must register with the Australian Transaction Reports and Analysis Centre (AUSTRAC) and meet specific AML/KYC requirements.
- Australia classifies cryptocurrencies as legal property, making them subject to capital gains tax.
- Dubai, United Arab Emirates
- Virtual assets are regulated by the Virtual Asset Regulatory Authority (VARA).
- VARA claims to be the world’s first independent regulator for virtual assets, looking to create a framework that can be used to regulate the industry.
- The regulatory framework involves four compulsory rulebooks for service providers and seven activity-based rulebooks that set out requirements by the type of service offered.
- The Nigerian Security and Exchange Commission (SEC) published the New Rules on Issuance, Offering Platforms and Custody of Digital Assets in 2020 which classifies cryptoassets as securities under their jurisdiction.
- All exchanges have to be regulated under the SEC.
- Nigeria has its own digital currency, the eNaira.
- Digital assets are regulated through the Virtual Asset and Initial Token Offering Services Act, with oversight from the Financial Services Commission.
- South Africa
- The Financial Advisory and Financial Intermediary Services Act (FAIS) creates licensing, AML/CFT guidance and consumer protections.
- New rules from Advertising Regulatory Board in 2023 require that crypto advertisers warn users of risks.
- Cryptoassets are recognized as financial products.
- Digital tokens are regulated under the Digital Assets and Registered Exchanges Bill, 2020 (DARE Bill, 2020).
- After the collapse of FTX in 2022, several bills are expected to increase oversight of stablecoins, proof-of-work mining and exchanges.
- Cayman Islands
- Virtual assets are regulated under the Virtual Asset (Service Providers) Act, 2020 (the VASP Act).
- Currently, only the AML features of the law are being enforced.
- Stablecoins and Service tokens are excluded.
- Bill No. 697 regulates the commercialization and use of cryptoassets.
- The bill covers the trading and use of cryptoassets, issuance of digital securities, new payment systems and the tokenization of precious metals.
- Panamanians may use cryptoassets as means of payment for any civil or commercial operation.
- El Salvador
- Virtual assets are regulated by the Digital Securities Law.
- The law provides a regulatory framework for tokenized securities, altcoins and businesses that wish to transact or offer services focused on digital assets other than Bitcoin.
- The law does not cover digital currencies issued by central banks of any country or territory, digital assets that by law are legal tender and non-fungible tokens.
- Brazil’s Chamber of Deputies approved a regulatory framework legalizing the use of cryptocurrencies as means of payment in the country.
- Tokens considered securities would remain under the Brazilian Securities and Exchange Commission (CVM) jurisdiction.
- Bitcoin is not a legal tender in Brazil, but the country passed a law legalizing cryptocurrencies as payment methods throughout the country.
The lack of consensus around cryptocurrency standards translates directly into additional risk for any individual or organization that wishes to make investments or transactions utilizing cryptocurrency. Regulatory questions about how cryptocurrency is treated (tender, securities or commodities) have an immediate effect not only on how investments are treated, but how investigations are conducted should fraud be suspected.
Conducting business or investing in cryptocurrency within this complex regulatory environment is very difficult. Conducting investigations when fraud or theft of cryptocurrency is involved can be a nightmare as transactions often traverse multiple jurisdictions. Experts at PKF O’Connor Davies can help you properly navigate cryptocurrency and blockchain regulations for both your business and investigative needs.
For more information on how PKF O’Connor Davies’ experts can assist you with regulatory compliance, investigations, or an audit, contact your client engagement partner or any of the following:
Robert Gaines, CISSP, CECI, CCFI, CIPP/US
Director, Cybersecurity and Privacy Advisory
425.518.1974 | [email protected]
Manager, Cybersecurity and Privacy Advisory
215.809.9542| [email protected]
Partner, Cybersecurity and Privacy Advisory
646.546.7871| [email protected]