CFTC commissioner wants new protections for crypto consumers, increased oversight of crypto exchanges
(Kitco News) - The U.S. Commodity Futures Trading Commission (CFTC) must have separate crypto regulations for household consumers and increased oversight of crypto exchanges to prevent future crises, according to CFTC Commissioner Christy Goldsmith Romero, who spoke at the Futures Industry Association Asia Derivatives Conference in Singapore on Nov. 30.
“How to harness the best that technology offers, while protecting against emerging threats to critical infrastructure, financial systems, and consumers, is the challenge of our day,” she said.
Goldsmith Romero focused her speech on cybersecurity and cryptocurrencies, “two areas with emerging global fintech threats that are front and center for financial regulators and markets around the world.”
She said that cybersecurity issues “may be the most critical and persistent threat to financial markets” and that the “threat of a cyber-related shock to global financial markets is growing and taking on new and increasingly sophisticated forms.” She listed three types of cyber threats of particular concern: third party service providers, zero-day vulnerabilities, and ransomware.
Regarding third-party service providers, Goldsmith Romero said even when financial firms have good security systems, “their cybersecurity is only as strong as their most vulnerable third-party service provider,” and that the threat is magnified when multiple firms use the same service.
She said that ransomware attacks have risen dramatically with a 93% global increase in attacks this year, and cited FBI Director Christopher Wray’s assertion that 14 of 16 critical U.S. infrastructure sectors saw ransomware incidents in 2021. Goldsmith Romero added that financial institutions were particularly targeted, with a 2022 CFTC survey of 130 global financial institutions showing that 74% experienced at least one ransomware attack in the past 12 months.
Turning to cryptocurrency, Goldsmith Romero listed previous statements and predictions she had made about the vulnerabilities in crypto firms before the collapse of FTX. The list included an Oct. 26 speech where she said “Crypto-related companies may serve multiple functions that are separated into different entities in traditional finance….In an unregulated environment, the full extent of these conflicts may not be disclosed or resolved, which could lead to cascading losses and contagion risk,” just two weeks before the exchange imploded.
“Recent events did not create risks; they revealed them, and how real people can be harmed,” she said. “So, what can be done right now to protect customers, particularly household retail customers?”
Goldsmith Romero offered two proposals: Redefining who is a retail investor and developing targeted customer protections for smaller investors, and increasing supervision and regulation of crypto exchanges.
The Commissioner said there are a lot of retail customers exposed in the current market. “Most are young, born after 1980, diverse, and make less than $50k a year,” she said. “That is not the typical customer that the CFTC is used to seeing. I do not propose that we halt access to crypto markets for retail customers. But we also should not let them be crushed, which will happen without meaningful and targeted customer protections.”
Goldsmith Romero said the CFTC’s current definition of retail is far too broad, “including regular household customers all the way up to millionaires and hedge funds.” She said the CFTC should create two separate categories for retail, one for household customers and another for professional and high net worth individuals.
“While some customer protections will apply to both groups, the CFTC could target additional customer protections to each group,” she said, adding that initial household customer protections would include “easy-to-understand disclosures, limitations on leverage, and bankruptcy priority.”
Turning to crypto exchanges, Goldsmith Romero said the agency needs to be more directly involved in oversight of their operations in light of recent events.
“Today, I am calling publicly for the first time for the CFTC to invoke heightened supervision of crypto exchanges—something I have called for internally within the CFTC for months,” she said. “It is well within our existing authority for derivatives exchanges.”
At a minimum, she believes this increased supervision should include “frequent examinations, and heightened focus on cybersecurity, conflicts of interest, and a safety and soundness financial review.” She said that since crypto firms increased their security, “cybercriminals are targeting ‘cross-chain bridges,’ which allow investors to transfer digital assets and data among different blockchains.”
Goldsmith Romero also wants the CFTC to increase their focus on conflicts of interest and contagion threats. “The Commission should explore the full measure of existing authorities in all areas related to crypto, including unregulated affiliates,” she said. “We should be able to demand information, perform risk-based reviews, and limit risks, as necessary related to unregulated affiliates where there are inter-affiliate contagion risk and/or conflicts of interest.”
The Commissioner said she hopes Congress delivers “a comprehensive regulatory framework that brings a ‘whole of government’ approach and does not create regulatory arbitrage. Although this will undoubtedly take time, what is most important is that Congress gets it right, and that the legislation can stand the test of time.”
She added that Congress must close existing loopholes and regulatory gaps, and should also ban the mixing of customer and company funds. “User agreements posted online for Coinbase and Kraken, two of the largest digital asset exchanges in the world, appear to authorize the commingling of customer and exchange assets,” she said. “This suggests that commingling is widespread throughout the unregulated crypto markets.”
She also said lawmakers need to provide customers with bankruptcy priority. “There is not enough awareness or attention on this critical threat to customers,” she said. “Customers are often unaware of their lack of protections.”
Goldsmith Romero concluded her speech with a call for a unified approach form global regulators. “The United States and other jurisdictions must resist the siren song of a race to the bottom or regulatory arbitrage,” she said. “There will always be a temptation and an incentive for firms to seek delays in implementing new laws or to call for weakening standards or bespoke treatment. As regulators, we must resist.”