As described in Part I, crypto token exchanges can be either centralized projects reliant on intermediaries (centralized exchanges, or “CEXs”) or decentralized protocols composed of code (decentralized exchanges, or “DEXs”). This briefing paper focuses on centralized exchanges and, in conjunction with Part I on decentralized exchanges, proposes crypto marketplace regulatory policy sensitive to the distinctions between CEXs and DEXs.

Part I described how bona fide DEXs mitigate by design many of the intermediary risks that traditional financial marketplace regulations seek to address, provided definitions for decentralized and decentralizing exchanges, and explained why DEX registration should be strictly voluntary. Part II describes centralized exchanges and proposes tailored registration and disclosure pathways for centralized and decentralizing crypto marketplaces.

Background on Centralized Crypto Marketplaces

The first major centralized bitcoin exchange, Mt. Gox (founded in 2010), left an infamous legacy, filing for bankruptcy after revelations that hackers had stolen more than half a million bitcoin from the exchange.1 Its story is indicative of the risks facing exchange intermediaries, namely those related to custody, security, and the treatment of customer assets during bankruptcy. Although a later generation of crypto exchanges has sought to mature the industry, the bankruptcy of centralized crypto exchange FTX demonstrates that not all have provided trustworthy solutions to intermediary risks.2

Contemporary centralized crypto token exchanges, such as Coinbase (launched in 2012) and Binance (launched in 2017), allow users to buy, sell, and trade a variety of crypto tokens.3 While offerings vary, typical CEXs have several core attributes. They allow users to exchange cryptocurrencies for fiat currencies and typically custody assets on users’ behalf.4 In addition, CEXs typically organize sales with central limit order books, which match willing buyers and sellers at the best price (i.e., the highest bid and lowest ask touchlines).5 CEXs also maintain the capacity to list or delist tokens and permit or block users’ ability to trade. Last, CEXs’ back-end software and transaction histories are not inherently public. Operationally, CEXs are a continuation of traditional intermediated exchanges for financial instruments.

Tailored Registration for Centralized Exchanges

Modern U.S. exchange regulations seek to address the “intermediary risks” posed by the middlemen that make up secondary markets for financial instruments.6 Rules regarding intermediary risks ought to be narrowly targeted to relevant hazards. In the case of centralized crypto exchanges, customers may reasonably ask what standards these intermediaries will apply for custodying their assets, implementing cybersecurity safeguards, providing best price information, and protecting them against fraudulent and deceptive trading practices. Existing financial regulations, especially when their application to crypto exchanges is left vague or inconsistent, have been obstacles to a robust crypto ecosystem with rational consumer protections, including those incentivized by private market competition.7

It is a common misconception that crypto marketplaces are unregulated. In general, crypto securities and crypto commodities are financial instruments, which typically are tightly controlled in the United States. As such, crypto marketplaces in the United States are governed by, among other things, a patchwork of state money transmitter laws, the Federal Trade Commission and Consumer Financial Protection Bureau’s respective authorities to regulate unfair and deceptive acts and practices, and the perennial sword of Damocles of regulation by enforcement from the Commodity Futures Trading Commission (CFTC) and Securities and Exchange Commission (SEC).8

The multistate money transmitter regime creates, at best, compliance redundancies and, at worst, conflicting obligations. For example, New York’s requirements for maintaining crypto holdings on behalf of customers (e.g., that platforms hold crypto tokens of the same type and amount that they owe their customers) are directly at odds with Hawaii’s (e.g., that platforms hold cash, not crypto tokens, against customers’ deposits).9 Unsurprisingly, notable crypto marketplaces avoid Hawaii.10

With respect to CFTC and SEC regulation by enforcement, de jure legal ambiguity has not led to a light-touch or straightforward approach to crypto markets regulated by private contract, property rights, and common law fraud remedies but rather to de facto blanket compliance risk, as regulators make ad hoc policy through enforcement actions and vague public pronouncements. The SEC takes the position that virtually all crypto marketplaces likely are operating as unregistered securities exchanges and “have an obligation to come in and register” with the SEC to avoid sanction and ongoing investigations.11 Similarly, the CFTC has leveled enforcement actions against crypto marketplaces that allegedly engaged in certain covered retail commodity or commodity derivatives transactions without registering as designated contract markets or futures commission merchants.12 Regulators apply legacy rules to crypto marketplaces but, practically speaking, have not provided avenues for marketplaces to operate at scale without undue enforcement risk.13

Conflicting, unpredictable, and unworkable rules, as well as regulation by enforcement, have a chilling effect on U.S. market participants.14 To overcome these impediments, Congress should alleviate the regulatory redundancy and uncertainty plaguing crypto commodity marketplaces.

Regulatory Clarity for Centralized Crypto Commodity Exchanges

Heretofore, many proposals for regulating the crypto commodity spot market would expand the remit of the SEC to regulate commodity financial instruments, in addition to securities, or subject crypto commodity exchanges to granular requirements from the CFTC.15 The latter would have the CFTC micromanage exchange personnel and policies and subject the crypto commodities they trade to oversight resembling merit-based regulation, giving the CFTC relatively broad authority to disapprove token listings.16 Neither of these approaches is desirable. As described in Cato Briefing Paper no. 140, “Practical Legislation to Support Cryptocurrency Innovation,” SEC jurisdiction should be strictly limited to those crypto tokens that present risks related to managerial bodies (i.e., not crypto commodities).17 In addition, quasi-merit-based regulation of crypto commodities would lead to increased paternalism, with the CFTC having stricter standards for crypto commodities than the SEC ostensibly does for securities.

A better approach is to neither expand the SEC’s jurisdiction nor empower the CFTC to be a micromanager (see Table 1). Barring the replacement of the financial regulatory leviathan with uniform freedom to privately contract for financial instruments and remedy breaches of contract, property rights, and common law fraud prohibitions through private actions, if there must be a federal regulator of the crypto commodity spot market, Congress should delegate exclusive but strictly limited authority for that purpose to the CFTC.18

The first step would be making technical amendments to the Commodity Exchange Act (7 U.S.C. Section 1a) to define “crypto commodities” as those decentralized and decentralizing intangible assets that fulfill the criteria of the proposed 15 U.S.C. Sections 77b(a)(20), 77c(a)(15), and 78c(a)(81) provided in Cato Briefing Paper no. 140.19

The next step would be to provide for tailored registration by centralized crypto commodity exchanges that narrowly addresses intermediary risks. Crypto commodity exchange registration would leverage transparency and competition to drive consumer protection by requiring centralized, and voluntarily registered decentralized, crypto commodity exchanges to disclose their consumer protection standards. A disclosure-based approach allows consumers to choose their preferred level of protections and makes marketplaces’ compliance a matter of providing truthful and nonmisleading information about their own practices.

Congress should, for example, amend the Commodity Exchange Act (7 U.S.C. Section 1 et seq.) by providing a new Section 5i containing the following provisions:

(a) REGISTRATION.

(1) Subject to the exception provided in subsection (2), any market places or facilities for purchasing, selling, or trading crypto commodity tokens shall register with the Commission as crypto commodity exchanges.

(2) Notwithstanding the requirements of subsection (1), and without prejudice to prohibitions against fraud, registration with the Commission by a decentralized crypto commodity exchange shall not be required and shall be strictly voluntary.

(b) PRINCIPLES.

(1) DISCLOSURE. To maintain registration as a crypto commodity exchange, such exchange shall disclose its policies regarding the core principles described in this subsection. An exchange shall be able to exercise reasonable discretion regarding the manner and design of such policies. The good-faith effort by a voluntarily registered decentralized crypto commodity exchange to disclose such policies shall not be construed as a basis on which to render such exchange ineligible for fulfilling the definition of a decentralized crypto commodity exchange.

(2) TRANSPARENCY. To maintain registration as a crypto commodity exchange, such exchange shall provide an application programming interface to allow third parties, including users, to access best price and transaction volume data for traded tokens. A decentralized crypto commodity exchange under section 1a of this title shall be deemed to be compliant with this subsection.

(3) INSIGNIA. Registered crypto commodity exchanges shall be permitted to display an insignia of their registration with the Commission, which shall be unlawful to display where unregistered.

(4) PRINCIPLES. Registered crypto commodity exchanges shall disclose their standards and procedures, including such relevant automated configurations, controls, and protocols to, as applicable:

(A) CUSTODY. Where maintaining custody over customer assets, securely custody, segregate, provide proof of reserves, liabilities, and solvency for, separately account for, and, for purposes of the U.S. Bankruptcy Code, treat as customer property, such customer assets.20

(B) SECURITY. Maintain cybersecurity, incident response, emergency preparedness, and disaster recovery configurations, controls, and safeguards.

(C) FREE MARKET. Maintain a free, open, and competitive market that protects the price discovery process from fraudulent and bad-faith trading practices, such as trades that are false, fabricated, in violation of fiduciary or agency duties, or that misappropriate protected or nonpublic information.

(c) Possession of tokens conferring decentralized exchange governance rights shall not, without more, be construed to create liability for the token holder for any action or omission of another token holder or of the decentralized exchange.

Regulatory Clarity for Centralized Crypto Security Exchanges

For years, the SEC has pursued a regulation by enforcement approach to crypto, substituting discretionary enforcement actions for formal notice and comment rulemaking. This approach subjects crypto marketplaces to ill-fitting legacy regulations and makes it exceedingly difficult, if not impossible, for marketplaces to operate without undue compliance risk.

The Securities Exchange Act defines an “exchange” as the provider of a “market place or facilities” for bringing together purchasers and sellers of securities or otherwise performing the functions typical of a stock exchange.21 Subject to limited exceptions, the Exchange Act makes it unlawful for securities brokers, dealers, and exchanges to transact in securities using exchange facilities, unless the exchange is registered as a “national securities exchange.”22 Relatedly, only registered brokers or dealers are allowed to be members of national securities exchanges (i.e., transact on the exchange).23 Securities traded on registered exchanges must themselves be registered with the exchange by their issuer.24

The model of broker-intermediated transactions on national securities exchanges does not suit the reality of crypto securities marketplaces. Unlike national securities exchanges, crypto securities marketplaces provide direct access to retail customers, more closely resembling brokers than exchanges. In addition, when CEXs custody customers’ crypto tokens, it resembles the practice of broker-dealers registering securities using their firms’ “street names” (i.e., holding the security in the broker’s name instead of the owner’s).25

In the 1990s, with the growth of network communication technologies enabling broker-dealers to provide their own trading venues to compete with the New York Stock Exchange (NYSE) and NASDAQ, the SEC promulgated Regulation ATS to exempt alternative trading systems (ATSs) from the requirement to register as national securities exchanges, as long as they registered as broker-dealers and complied with ATS-specific requirements.26 Regulation ATS offers a model for exempting crypto securities marketplaces from antiquated exchange rules.27

Congress should amend the Exchange Act and instruct the SEC to tailor Regulation ATS to exempt crypto securities broker-dealers from inapt requirements and to provide a streamlined registration path for crypto securities CEXs. As discussed in Part I, registration of crypto securities DEXs, like crypto commodities DEXs, should be strictly voluntary.

Because crypto securities, unlike crypto commodities, involve managerial risks at the level of the token issuer, registered crypto securities marketplaces—whether CEXs or voluntarily registered DEXs—should have the capability to delist crypto securities tokens where the issuers have engaged in fraud or breached their obligations. As proposed below, delisting standards should allow the market to provide a range of solutions, such as voluntarily registered DEXs leveraging third-party oracle nodes.

Amending the Exchange Act

First, Congress should amend the Exchange Act (15 U.S.C. Section 78c) to define crypto securities, consistent with the criteria proposed in Cato Briefing Paper no. 140, as well as to define crypto securities brokers and dealers:

  • The term “crypto securities broker” means a market place or facilities for effecting transactions in crypto securities for the account of others, including by bringing together purchasers and sellers of crypto securities, as part of a regular business.
  • The term “crypto securities dealer” means any provider of a market place or facilities for buying and selling crypto securities for such provider’s own account, through a crypto securities broker or otherwise, as part of a regular business.

Second, Congress should amend the Exchange Act’s provisions on the registration and regulation of brokers and dealers and, except for anti-fraud requirements, make them optional for crypto securities DEXs. For example, Congress should create a new 15 U.S.C. Section 78o-12 based on 15 U.S.C. Section 78o, applying relevant standards, such as the prohibitions on fraud and deception (15 U.S.C. Section 78o(c)) to crypto securities brokers and dealers, but subject to, for instance, the following amendments and deletions:

  • Replace all references to “broker” and “dealer” with “crypto securities” broker and dealer, respectively.
  • Expand the registration exemption to cover DEXs by adding to the end of subsection (a)(1): “or is a decentralized crypto securities exchange, in which case, compliance with the requirements of this section, with the exception of subsection (c), shall be strictly voluntary. Voluntarily registered decentralized crypto securities exchanges shall be permitted to effect compliance with this section and the regulations promulgated hereunder through automated configurations, controls, and protocols, including, but not limited to, (i) delisting unregistered securities by reference to an oracle node and (ii) in lieu of, where applicable, written policies.”
  • Amend subsections (b)(1)(B) and (c)(2)(A) and delete subsection (b)(8) to make clear that a crypto securities broker-dealer is not required to be a member of a national securities association or national securities exchange.
  • Amend subsection (b)(7) to require that any Commission standards for qualifying crypto securities brokers or dealers or associated persons shall not be imposed in the absence of an evidence-based identification of the material risks necessitating such standards and the market failure causing qualified individuals not to be employed in such roles, and to provide a pathway such that a history of carrying out covered duties without incident may satisfy requirements related to prescribed tests or credentials.
  • Amend subsection (c)(2)(E) to replace language that the Commission may propose certain rules at odds with determinations of the Secretary of the Treasury where they are necessary and appropriate “in furtherance of the purposes of this section” with “in furtherance of a free market for crypto securities.”
  • Amend subsection (c)(5) to exempt automated market makers from the scope of market makers described therein.
  • Amend subsection (c)(6) regarding Commission prescriptions with respect to the legacy clearance and settlement system for non-tokenized securities to instead address the requirement that registered crypto securities broker-dealers disclose and adhere to their policies regarding the custody of tokenized securities, including with respect to segregating, separately accounting for, and providing proof of reserves for such customer assets.

Regulation “ATS‑C”: A Crypto Counterpart to Regulation ATS

In addition to the recommended amendments to the Exchange Act, Congress should provide detailed instructions to the SEC to modify Regulation ATS, as originally promulgated, such that its requirements are made optional for decentralized crypto securities broker-dealers and pared back where they are not suited to the operation of crypto securities broker-dealers generally. For example, Congress should instruct the SEC to promulgate a proposed rule regarding alternative trading systems for crypto securities (Regulation ATS‑C) based on and in parallel to Regulation ATS subject to, for instance, the following amendments and deletions.28

The general rules and regulations under the Exchange Act (17 C.F.R. Section 240.3a1‑1) should be amended to exempt decentralized crypto securities exchanges and registered alternative trading systems for crypto securities (ATS-Cs) from the definition of the term “exchange” under the Exchange Act (15 U.S.C. Section 78c(a)(1)) and from any requirement that such marketplaces be operated by a national securities association. In addition, the proposed Regulation ATS‑C itself (Sections 242.X01(a) and 242.X01(b)(1)) should provide that registration as a crypto securities broker-dealer under the amended Exchange Act (15 U.S.C. Section 78o-12), registration under Regulation ATS‑C, and compliance with the requirements of Regulation ATS‑C shall be strictly voluntary for decentralized crypto securities exchanges.

In Regulation ATS‑C, the definition of “alternative trading system for crypto securities” should include crypto securities broker-dealers and voluntarily registered decentralized crypto securities exchanges, and the definition of “covered security” should include only crypto securities. In addition, it should be clarified that automated market makers are not considered “exchange market makers” and that the definition of “control” is not applicable in the context of decentralized crypto securities exchanges. All references to “alternative trading system” should be replaced with “covered alternative trading system for crypto securities,” all references to “shares” should be replaced with “tokens,” and all references to “subscribers” should be replaced with “users.”

Filing an initial operation report, for example, a “Form ATS‑C” (Section 242.X01(b)(2)), should be electronic, allowing exchanges to submit relevant uniform resource locators for any landing pages, as well as copies of any applicable terms of use, terms of service, bylaws, articles of incorporation, trading policies, information security programs, and policies materially related to marketplace operations, such as listing and delisting criteria and procedures and customer asset and crypto security token custodial, asset segregation, account separation, and proof of reserve procedures and arrangements. Voluntarily registered decentralized crypto securities exchanges shall provide sufficient information to allow for the audit of their constituent smart contracts.

ATS-Cs that provide application programming interfaces for third parties, including users, to access best price and order size data for their crypto securities transactions, along with decentralized crypto securities exchanges, shall be deemed compliant with requirements regarding the dissemination of quotations with respect to crypto securities (Section 242.X01(b)(3)).

Further technical amendments should include removing the applicability thresholds designed for legacy, non-tokenized securities from the provisions regarding fair access, system capacity, security, and integrity (Sections 242.X01(b)(5)(i) and 242.X01(b)(6)(i)); providing that information regarding grants or denials of access shall be kept on file for access by the Commission upon lawful request but need not be provided proactively or with Form ATS‑C (Section 242.X01(b)(5)(ii)(D)); and eliminating requirements to quarterly file Form ATS‑R (covering non-tokenized security transaction volumes) where ATS-Cs provide application programming interfaces allowing third parties, including users, to access crypto securities transaction dollar and token volume data (Section 242.X01(b)(9)).

In addition, ATS-Cs should be allowed to use the term “exchange” in their names; registered ATS-Cs should be permitted to display to their end users an insignia of their registration with the Commission; and it should be unlawful for unregistered exchanges to display such an insignia (Section 242.X01(b)(11)).

Procedurally Sound SEC Rulemaking

Last, Congress should make clear that no rule or regulation regarding brokers or dealers as originally defined under the Exchange Act or new rule or regulation promulgated under the proposed 15 U.S.C. Section 78o-12 shall apply to crypto securities brokers or dealers without additional notice and comment rulemaking specifically ensuring such rule’s relevance and necessity.

Currently, for example, SEC Rule 15c2-11, which bars broker-dealers from transacting without certain information being available, can hinder broker-dealers transacting in crypto tokens, given the SEC’s argument that the relevant information does not exist for certain crypto tokens.29 In addition, the SEC’s Customer Protection Rule (SEC Rule 15c3‑3) raises obvious questions for intangible asset intermediaries by requiring broker-dealers to maintain customer securities in their “physical possession or control,” including indirectly at an adequate third-party control location, such as the Depository Trust Company.30 In February 2023, the SEC released a proposed rule on safeguarding investment adviser client assets, which asserted that most crypto assets “trade on platforms that are not qualified custodians.”31 The proposal itself acknowledged that it risks causing the movement of assets away “from an entity that has developed innovative safeguarding procedures for those assets, possibly putting those assets at a greater risk of loss.”32 The proposal only further underscores the need for rational crypto policies that do not undermine existing consumer-protective innovations.33

To ensure well-adapted regulations, Congress could, for example, pass into law instructions as follows:

  • No regulation promulgated under the Commission’s direct or delegated authority, including such rules for traditional broker-dealers, shall apply to crypto securities broker-dealers where such regulations: (i) inhibit the development of a free secondary market for crypto securities; and (ii) are not, as applicable, first introduced or re-introduced for express application to crypto securities broker-dealers as proposed rules that provide at least 90 days for accepting public comments thereon.
  • For each obligation under such rules, the Commission shall provide an estimate of its economic cost and impact, including with respect to both registered crypto securities broker-dealers and voluntarily registered decentralized crypto securities exchanges.
  • No obligation shall be imposed without a clear, evidence-based articulation of how and why the benefits thereof exceed the economic costs and do not substantially inhibit a free secondary market for crypto securities. Further, no such obligation shall be imposed that does not directly address an identified: (i) intermediary risk or (ii) market failure.
  • The Commission shall not impose any obligation on a decentralized crypto security exchange that undermines such exchange’s ability to qualify for the definition of a decentralized crypto security exchange at 15 U.S.C. Section 78c.

Tailored Registration for Decentralizing Exchanges

As discussed in Part I, Congress should provide a tailored registration option for decentralizing crypto exchanges. Exchange projects on the path to decentralization should be allowed the opportunity to progress to their decentralized end states by making tailored disclosures relevant to their primary risks, which stem from material control exercisable by a unified development team whose role has not yet receded or dissolved. These risks can be targeted by disclosures regarding that unified team’s role. These disclosures should be subject to anti-fraud authorities described in Part I.

Congress should, for example, include in the new sections of the Securities Exchange Act (15 U.S.C. Section 78o-12) and the Commodity Exchange Act (7 U.S.C. Section 5i) proposed above, the following provisions:

Decentralizing crypto [commodity/​security] exchanges shall be exempt from registration requirements applicable to crypto [commodity/​security] market places or trading facilities provided that:

(A) Such exchanges publicly disclose, or otherwise provide a means of cryptographically verifying, the on-chain and off-chain identities of any person or unified group (i) maintaining administrative privileges enabling discretionary, decisive, and practical control over the functionality of the exchange; (ii) possessing 10 percent or more of the exchange’s outstanding governance tokens, or rights thereto; or (iii) making to end users any implicit or explicit promises of performance, extrinsic to computer code, without which the planned decentralized crypto [commodity/​security] exchange would not operate or produce its promised benefits;

(B) Such exchanges publicly disclose a statement of their plans and timelines for satisfying the decentralization criteria described in subparagraphs (D) and (E) provided in the definition of decentralized crypto [commodity/​security] exchanges;

(C) Such exchanges publicly disclose a description of any promised benefits of the planned decentralized crypto [commodity/​security] exchanges; and

(D) Wherever any such exchanges (i) fail to satisfy the foregoing requirements; or (ii) satisfy the functional end-state criteria described in subparagraph (E) of the definition of decentralized crypto [commodity/​security] exchange without also satisfying the decentralized governance standard described in subparagraph (D) of such definition, they shall become ineligible for the exemptions described herein.

Conclusion

To allow consumers to choose the marketplaces that best serve their needs, regulations should narrowly target relevant risks. Accordingly, Congress should not subject disintermediated crypto exchanges to rules designed for financial intermediaries, but Congress should provide tailored registration and disclosure frameworks for centralized and decentralizing crypto marketplaces that address relevant intermediary risks. These policies would allow centralized and decentralized exchanges to lawfully operate and develop in the United States.