Global framework for digital asset regulation: Financial Stability Board releases final recommendations

The Financial Stability Board ("FSB"), an international organization that coordinates the work of national financial authorities and international standard-setting bodies ("SSBs") to develop and promote effective regulatory, supervisory and other financial sector policies at the global level, recently published its international regulatory framework for digital (cryptographic) asset activities (the "Framework"). The Framework follows the FSB's October 2022 release of questions for consultation, which were disseminated in the midst of significant market events impacting the digital asset industry (the "Consultation"). Taking into account both feedback from the Consultation and stakeholder outreach, the Framework is published through final reports primarily regarding crypto-asset activities and markets and stablecoins, along with an accompanying umbrella public note and an overview of responses to the Consultation.

Key takeaways

Highlights from the Framework include:

• Nine recommendations for the regulation, supervision and oversight of activities and markets in digital assets with respect to cross-border information sharing amongst regulatory authorities and comprehensive regulation for digital asset service providers with multiple functions within the same entity or group of related entities.
• Ten recommendations for the regulation, supervision, and oversight of global stablecoin arrangements ("GSCs") for local regulatory authorities to require GSC arrangements to have effective stabilization mechanisms and clear redemption rights.
• Details of a coordinated work plan for 2023 and beyond developed by the FSB and sectoral SSBs, which includes the Basel Committee on Banking Supervision, the International Organization of Securities Commissions, the International Monetary Fund ("IMF") and the Financial Action Task Force.
• Plans for the FSB, in consultation with relevant SSBs, to conduct a review of the implementation of the recommendations set out in the Framework, and further assess the need for updates in emerging areas with respect to "decentralized finance" or "DeFi" and the impacts of digital assets on developing economies.

Overview

The FSB received 54 responses to the Consultation, which concluded on Dec. 15, 2022. The responses came from a diverse range of stakeholders, including regulated financial institutions, digital-asset companies, trade groups, research centres and individuals. The resulting Framework, prepared as a report for the G20 group of countries, has the stated purpose of promoting comprehensive and internationally consistent regulation and supervision of market participants in the digital asset space. Employing a guiding principle of "same activity, same risk, same regulation" for the digital asset industry as in traditional finance, the Framework is intended to be high-level and flexible. It is also designed to be technology neutral, applicable across various technologies which may be employed in activity and economic functions within the digital asset space, primarily being distributed ledger blockchain technology. The FSB describes the borderless nature of digital assets entreating coordinated cross-border jurisdictional practices from local authorities, including securities and banking regulators, to curb the practice of regulatory arbitrage, or market participants engaging in more favorable jurisdiction shopping.

Crypto-asset activities and markets

The Framework underscores the importance of a proactive, coordinated and comprehensive approach to digital asset regulation to ensure the stability and integrity of the global financial system. The FSB's recommendations set out key objectives that an effective regulatory and supervisory framework should achieve, allowing for incorporation into a wide variety of existing regulatory regimes rather than replacing them. More specifically, the Framework provides nine high-level recommendations to local regulatory authorities for supervising and overseeing crypto-asset market activities:

1. Regulatory powers and tools: Authorities should have the necessary powers, tools and resources to effectively regulate, supervise and oversee digital or crypto-asset activities and markets. This includes the ability to enforce relevant laws and regulations and address risks from crypto-asset issuers and service providers who seek to evade regulations, and may include restrictions on domestic users' access to foreign crypto-asset issuers that do not comply with domestic standards and may not otherwise be regulated to international standards.
2. General regulatory framework: Authorities should locally adopt a "same activity, same risk, same regulation" framework applied on a functional basis, proportionate to the risk posed by crypto-assets. Focus should be on the activities conducted rather than just the specific entities involved. Protection should be provided to all relevant parties, including consumers and investors, regardless of the decentralized nature of certain crypto-asset activities.
3. Cross-border cooperation, coordination and information sharing: Authorities should cooperate and coordinate internationally to ensure effective communication, information sharing and consultation. The FSB expressed that it will continue to monitor issues related to the cross-border nature of crypto-assets and consider mechanisms that facilitate the exchange of information about compliance levels among service providers operating across borders.
4. Governance: Authorities should require crypto-asset issuers and service providers to have a comprehensive governance framework with clear lines of responsibility and accountability for all functions and activities they conduct. This should apply even in cases where it may be difficult to identify one responsible entity (e.g. DeFi protocols).
5. Risk management: Authorities should require crypto-asset service providers to have an effective risk management framework in place and have a qualified risk management team to address material risks associated with their activities. This framework should be proportionate to an entity's risk, size, complexity and systemic importance, and be overseen by a reputable and qualified management team with adequate resources allocated to risk management, compliance and internal auditing functions that are independent of business activities.
6. Data collection, recording, and reporting: Authorities should require crypto-asset issuers and service providers to have measures in place to maintain accurate and comprehensive records of their activities and transactions, proportionate to their risk, size, complexity and systemic importance. Authorities should have full, timely and ongoing access to relevant data to enable them to regulate, supervise and oversee crypto-asset activities and markets.
7. Disclosures: Authorities should require crypto-asset issuers and service providers to provide clear, accurate and timely disclosures to users, authorities and the public, including information about their governance framework, operations, risk profiles, financial conditions as well as the products they provide and activities they conduct. Authorities should require issuers and service providers disclose any material risks associated with the underlying technologies, including cyber security risk, environmental and climate risks, and impacts, as appropriate.
8. Addressing financial stability risks: Authorities should address financial stability risks arising from interconnections and interdependencies within the digital asset market itself as well as between the crypto-asset ecosystem and the wider financial system. They should also assess and take remedial actions if these activities present a systemic risk to the broader financial system.
9. Comprehensive regulation of crypto-asset service providers with multiple functions: Authorities should ensure crypto-asset service providers, particularly those with multiple functions (such as facilitating transactions, settlement and clearing, wallet provisioning, market making, lending and borrowing, trading and issuance, etc.) are comprehensively regulated. Crypto-asset service providers (and their affiliates) that combine multiple functions should be subject to appropriate supervision and oversight that addresses the risks associated with each individual function as well as the risks arising from the combination of functions, including requirements regarding conflicts of interest and separation of certain functions or activities.

Stablecoins

The Framework sets out three characteristics that distinguish a GSC from other forms of digital assets, including:

1. Existence of a "stabilization" mechanism;
2. Usability as a means of payment and/or a store of value; and
3. Potential reach and adoption across multiple jurisdictions.

The FSB provides the following 10 recommendations for local regulatory authorities designed to help protect consumers from the risks associated with GSCs:

1. Authorities' readiness to regulate and supervise GSC arrangements: Authorities should have and utilize the appropriate powers and tools to comprehensively regulate, supervise and oversee a GSC arrangement and enforce relevant laws and regulations.
2. Comprehensive oversight of GSC activities and functions: Authorities should apply comprehensive requirements consistent with international standards to GSC arrangements on a functional basis that is proportionate to their risks, in accordance with the authorities' mandate.
3. Cross-border cooperation, coordination and information sharing: Authorities should cooperate with each other domestically and internationally to ensure comprehensive regulation, supervision, and oversight of a GSC arrangement across borders and sectors, and promote consistency of regulation and supervision.
4. Governance structures: Authorities should require GSC arrangements to have and disclose a comprehensive governance framework with clear lines of responsibility and accountability for all their functions and activities.
5. Risk management: Authorities should require GSC arrangements have effective risk management frameworks in place for all the material risks associated with their functions, particularly operational resilience, cyber security and AML/CFT measures, as well as "fit and proper" requirements, if applicable.
6. Data storage and access to data: Authorities should require GSC arrangements to have robust frameworks for the collecting, storing, safeguarding, and timely and accurate reporting of data.
7. Recovery and resolution of the GSC: Authorities should require that the GSC arrangements have appropriate disaster recovery and resolution plans.
8. Disclosures: Authorities should require that GSC issuers and other participants provide users and relevant stakeholders with comprehensive and transparent information regarding the GSC arrangement, including with respect to the governance framework, any conflicts of interest, redemption rights, operations, risk management framework and financial condition.
9. Redemption rights, stabilization, and prudential requirements: Authorities should require GSC arrangements provide a robust legal claim to all users against the GSC issuer and/or underlying reserve assets that guarantee timely redemption. For GSCs referenced to a single fiat currency, redemption should be at par value. Authorities should require GSC arrangements to have an effective stabilization mechanism, clear redemption rights and meet prudential requirements.
10. Conformance with regulatory, supervisory and oversight requirements before commencing operations: Authorities should require that GSC arrangements meet applicable regulatory, supervisory and oversight requirements of a particular jurisdiction before commencing operation in that jurisdiction and adapt new regulatory requirements as necessary.

Future work plan

In September 2023, a joint report is anticipated to be delivered to the G20 that synthesizes the Framework and findings from the IMF's work on macroeconomic monetary issues, furthering an internationally coordinated, comprehensive and consistent approach to digital assets. By the end of 2024, depending on the outcome of the FSB's analysis of the potential risks to financial stability stemming from DeFi and crypto-asset service providers that combine multiple functions, the FSB will consider the regulatory implications in these areas and assess whether additional policy work is warranted. Also under review from the FSB through 2023 and 2024 is the tokenization of real-world assets, the future of payments and monitoring the creation of individual state central bank digital currencies (CBDCs). By the end of 2025, the FSB states that it will conduct a review of the status of the implementation of the Framework at the jurisdictional level, taking stock of the various regulatory process and challenges across jurisdictions with multiple SSBs.

Insights

Unlike typical traditional financial assets, digital assets are global in nature. While the development of consistent regulatory regimes for such assets is emerging in numerous jurisdictions at varied cadences, market events have demonstrated the need for prompt and conscientious cross-border coordination. Using the Framework as a barometer, the regulatory landscape of individual jurisdictions can be examined with greater scrutiny.

As both G20 representatives and members of the FSB, Canadian regulators and industry participants are expected to be monitoring international developments, particularly from FSB members. Prior to the release of the Framework, in February 2023 the Canadian Securities Administrators ("CSA") published Staff Notice 21-322 "Crypto Asset Trading Platforms: Pre-Registration Undertakings Changes to Enhance Canadian Investor Protection" (the "SN 21-332"), which provided a variety of guidance including how crypto trading platforms ("CTPs") licensed by applicable Canadian securities regulators may permit clients to engage with stablecoins, or what are referred to in SN 21-332 as "value-referenced crypto assets" ("VRCAs"). Similar to some of the recommendations from the FSB on GSCs, the CSA imposed requirements on CTPs to address the risks associated with VRCAs. For example, to be in compliance with the CSA's expectations for continued licensing and offer client trading in any particular stablecoin, a CTP must be in a position to demonstrate to the CSA that it conducted sufficient due diligence to ensure certain enumerated VRCA-related risks are addressed. CTPs must examine whether the VRCA in question is fiat-backed, and whether the issuer maintains a segregated reserve of highly-liquid assets held by a qualified custodian with a market value at least equal to the value of the outstanding units of the digital asset at the end of each day, with redemption rights clearly articulated in publicly disclosed policies and procedures along with appropriate disaster recovery and business continuity plans.

For contrast, new rules governing digital assets were approved in April 2023 by finance ministers of the European Union ("EU") counsel representing its 27 member states. Known as the Markets in Crypto Assets regulation (or "MiCA"), the legislation sets out a comprehensive regulatory framework for issuers of certain types of digital assets that are tied to blockchain or distributed ledger technology, as well as licensing and oversight of market intermediaries, operators, custodians and those which may provide trading market infrastructure connected to persons or entities in the EU. While there are many similarities between MiCA and the Framework, the Framework takes into account certain recent developments in the digital asset space that were not substantively addressed in MiCA. In particular, the framework addresses multi-activity organizations that look to provide numerous functions such as trading, custody and central depository services all within the same entity or group of related entities, demonstrating the challenge for legislators and policy-markers to keep pace with and respond to emerging and dynamic market activity.

The Framework may also be seen as a tool by which legislators and authorities may level-set their individual country's approach to regulation, including members of the G20 that may not have a developed and consistent regulatory regime governing their local digital asset ecosystem. In the United States, for example, where a cohesive regulatory regime for licensing and oversight of the digital asset industry is yet to be established, the Lummis-Gillibrand Responsible Financial Innovation Act ("RFIA") was recently re-introduced into the 118^th congressional session. The bill, which is stated to "provide for consumer protection and responsible financial innovation" and "to bring crypto assets within the regulatory perimeter," while comprehensive in scope, would require bi-partisan political support to advance into codified law, a process which can take years to accomplish even if such support is available.

While the Framework does not cover all specific risk categories related to crypto-asset activities, it advances the aim of harmonization towards further stability in digital assets globally, while addressing potential gaps in regulation which may exist even in countries with more robust legislation for such activity. In the years leading up to 2025, it will be seen whether the Framework has served as an impetus for developed and developing countries to implement and advance relevant legislation and coordinate in a proactive manner, as the FSB and SSBs prepare to conduct a review of the Framework's implementation across its members around the world.

For questions or further information on the staff notice or on the matters discussed in this article, please reach out to a member of Gowling WLG's Blockchain and Smart Contracts Group.