Chair Brown, Ranking Member Toomey, and distinguished members of the United States Senate Committee on Banking, Housing, and Urban Affairs, my name is Jennifer Schulp, and I am the Director of Financial Regulation Studies at the Cato Institute’s Center for Monetary and Financial Alternatives.

I thank you for the opportunity to take part in today’s hearing entitled, “Crypto Crash: Why the FTX Bubble Burst and the Harm to Consumers.”

The focus of my testimony is on the regulatory lessons to be learned in the wake of the FTX bankruptcy.

Background

On November 11, 2022, FTX Trading Ltd. (and approximately 130 related entities) filed for bankruptcy protection, after a series of events beginning in late October 2022 exposed numerous issues with the crypto exchange platform and resulted in the platform’s inability to meet demand for customer withdrawals. FTX, established in 2019 and currently headquartered in the Bahamas, was a platform that allowed users to exchange cryptocurrencies, including via leveraged and margined crypto trading.1 FTX also offered its own crypto token, FTT, which offered certain holders discounts on FTX trading fees.2 FTX offered crypto trading to U.S. customers via a separate entity, West Realm Shires Services Inc., doing business as FTX US, which was registered as a money services business with the Treasury Department’s Financial Crimes Enforcement Network and conducted business in most states as a money services business.3

In brief, the common narrative about the events directly precipitating the bankruptcy petition begins with a tweet from Sam Bankman-Fried (co-founder and CEO of FTX) critical of the CEO of a rival cryptocurrency exchange. That exchange, Binance, held a significant amount of FTT from a now-exited investment in FTX. Shortly thereafter, it was reported that Mr. Bankman-Fried’s crypto trading firm, Alameda Research, held significant amounts of FTT, raising questions about the relationship between FTX and Alameda.4 Following these reports, Binance’s CEO announced that Binance would liquidate its FTT. FTX customers, concerned about what a drop in price of FTT would mean for FTX in light of the potential relationship between Alameda and FTX, began to increase asset withdrawals from FTX. The price of FTT declined significantly, and FTX was unable to meet the demand for customer withdrawals. By November 10, the Securities Commission of the Bahamas froze the assets of FTX in the Bahamas, and despite assurances about the liquidity of the U.S. exchange (FTX US) by Mr. Bankman-Fried, FTX commenced voluntary bankruptcy proceedings on November 11 for almost all related entities, including the U.S. exchange. Documents filed in the bankruptcy proceeding indicate that FTX Trading owes its creditors at least $3.1 billion.5 At a minimum, FTX customer assets were commingled with Alameda assets and Alameda used client funds to engage in margin trading, resulting in massive losses.6

This is an oversimplification, of course, because the facts surrounding FTX’s demise continue to develop. Follow-on effects are continuing, including the bankruptcy of BlockFi, a crypto company that offered exchange and interest-bearing custodial services, which had received a credit facility from FTX after its own liquidity crisis earlier in 2022.7 Many aspects of FTX’s relationship with Alameda and the actions of both enterprises in the crypto market also are under investigation.8 Indeed, investigations into aspects of these events are being conducted by the Department of Justice, the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC), in addition to congressional inquiries, state regulatory investigations, and private litigation.9

Given the evolving situation, it is premature to definitively diagnose the causes of FTX’s decline and the appropriate regulatory remedies. Courts of law should determine what crimes and violations took place here, and claims of fraud and contractual breaches—wherever ripe—should be vigorously pursued.

But, for policymakers, two relevant things seem clear. First, the issues with FTX do not appear to be intrinsically tied to cryptocurrencies or other blockchain technologies. John J. Ray III, who was hired to replace Mr. Bankman-Fried as FTX’s CEO to shepherd the company through bankruptcy, described the state of FTX as follows: “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here.”10 These risk management failures—whether the result of intentionally fraudulent practices or the product of gross negligence—should reflect on the perpetrators themselves, not on the crypto ecosystem.

Second, the types of problems at play here—lending customer assets to an affiliated entity and hiding such transfers11—are risks of a particular type of cryptocurrency exchange, a centralized exchange, which custodies customer assets and maintains non-public ledgers. Indeed, several other noteworthy crypto bankruptcies this year, including of hedge fund Three Arrows Capital and lenders Voyager Digital and Celsius Network, were of entities more akin to traditional centralized financial entities than to software applications facilitating decentralized finance (DeFi), a capability made possible by the advent of crypto.12 DeFi, which includes decentralized crypto exchanges, seeks to mitigate these risks related to recordkeeping and asset custody through technology that affords, for example, public transaction data and the ability to self-custody assets. Policies designed to mitigate risks posed by centralized financial intermediaries should not be blindly applied to decentralized projects.

The Path Forward

With this in mind, I suggest three takeaways for policymakers in the wake of the FTX bankruptcy.

Differentiate Decentralized Projects from Centralized Exchanges

First, there are important distinctions to be drawn between a centralized entity, like FTX, and decentralized projects that seek to minimize the role of human financial intermediaries. Lawmakers should draw clear lines between centralized and decentralized exchanges, not subject them to rules that are not tailored to relevant risks.

Cryptocurrencies are innovative because they allow users to store and send value all over the world without the intermediation of trusted third parties. Cryptocurrencies seek to address the risks of financial frauds like unauthorized transfers and false bookkeeping by offering alternatives to the banks and brokers traditionally relied on to faithfully hold and transfer assets and to keep honest ledgers. In broad strokes, cryptocurrencies replace “the books” with a public digital ledger for recording and verifying transactions with cryptographic proof (a “blockchain”). They also replace “the bookkeepers” with software running on computers that check each other’s work.

DeFi takes this innovation a step further, disintermediating not only token transfers but also a variety of other financial transactions—from making and taking out loans, to trading different types of crypto tokens, to creating novel insurance arrangements.13 In lieu of financial middlemen, DeFi uses self-executing software programs (“smart contracts”) deployed on cryptocurrency blockchains to deliver financial instruments when specified conditions are met.14 DeFi has revolutionary potential because it is permissionless and composable, allowing for projects to be more creatively adapted and recombined.

Situations like FTX can cause people to question crypto’s ability to mitigate risks by removing the middleman. But without greater context, such questioning can mischaracterize FTX, which is at its heart a traditional middleman. Like a traditional bank or broker, FTX took possession of peoples’ assets, including both cash and crypto by controlling customers’ “private keys.”15 And FTX kept the books, however poorly.

Such centralized exchanges are a continuation of traditional intermediated exchanges for financial instruments. They allow users to exchange cryptocurrencies for fiat currencies and typically custody assets on users’ behalf. Centralized exchanges typically organize sales with central limit order books, which match willing buyers and sellers at the best price (i.e., the highest bid and lowest ask touchlines), and their backend software and transaction histories are not inherently public. Centralized exchanges maintain the capacity to list or delist tokens and permit or block users’ ability to trade.

Decentralized exchanges, or DEXs, are alternatives to such centralized marketplaces.16 DEXs break with history by replacing intermediaries with open-source software. While designs vary, in their purest form, DEXs decentralize core exchange services: custody, market making or order book matching, and settlement. DEXs allow users to self-custody their tokens17 and employ different solutions to organize sales, including automated market maker pools (AMMs) and on-chain order books.18 DEXs composed of auditable smart contracts written in open-source code also are public by design and document transactions directly on a public blockchain ledger.19 DEX protocols generally allow users to list their own tokens—provided the tokens’ underlying blockchain infrastructure is compatible with the relevant DEX smart contracts. While the providers of certain front-end graphical user interfaces for DEX protocols can effectively delist certain tokens from their front ends, because DEX smart contracts can be freely copied and iterated on, the choices of one front end do not determine the capabilities of an entire DEX protocol.

DEXs do not solve every problem or eliminate every risk. For example, they let users swap between certain cryptocurrencies but do not let them buy cryptocurrencies with debit or credit cards. Smart contracts also can be vulnerable to hacking. But while DEXs do have human programmers, DEXs do not rely on a middleman keeping his word because they are composed of smart contracts that are open and auditable. In addition, because bona fide DEXs are written in open-source code, if users do not like every nuance of one DEX version, they can iterate on it and start anew.

This is not to say that DeFi is always preferable to centralized finance. Such a determination will almost certainly vary by a user’s needs. Nor is it to predict the success of DeFi, centralized finance, or any particular project. Rather, the point is to help elucidate DeFi’s unique capabilities, so that policies looking to address financial risks understand the differences between centralized firms and DeFi projects. This means not only understanding the risks of decentralized exchanges—including complex (if public) transaction histories, and cybersecurity vulnerabilities20—but also understanding decentralization’s capacity to counteract other risks by opening up transaction data and allowing individuals to self-custody digital assets. Different risks ought to be treated differently.

Understanding these risks also means understanding that forcing DEXs to comply with one-size-fits-all rules designed for traditional intermediaries undermines what makes DEXs unique.21 It also is counterproductive because, unsurprisingly, complying with rules designed for intermediaries tends to require delegating tasks to intermediaries, reintroducing some of the very risks that DEXs seek to mitigate.

Establish Clear Rules for the Regulation of Crypto Marketplaces and Token Issuers

Second, whether one believes that the SEC was asleep at the switch or that FTX’s operating out of the Bahamas meant that no U.S. regulation could have prevented its collapse,22 the lack of clarity in U.S. regulation continues to be a problem that leaves known risks unaddressed and can drive innovation offshore to jurisdictions where regulatory requirements are less ambiguous.23

For both crypto exchanges and token issuers, a rational regulatory framework should distinguish between projects that reproduce the risks of traditional finance and those that mitigate those risks through disintermediation.

Crypto Marketplaces: With respect to exchanges, modern exchange regulation in the United States seeks to address the “intermediary risks” posed by the middlemen that make up secondary markets for financial instruments.24 To this end, regulations under the Commodity Exchange Act of 1936, as amended by the Commodity Futures Trading Commission Act of 1974, and the Securities Exchange Act of 1934, require, among other things, exchanges to register with and comply with the rules of their primary federal regulator (e.g., the CFTC or SEC) and to surveil and police members’ conduct. Both regulators seek to address risks related to asset custody, market transparency, market manipulation, and fraud. These risks, however, are not the same across centralized and decentralized marketplaces.

Outright fraud should be prohibited regardless of the type of marketplace in which it occurs. Securities laws and regulations already address this, making it unlawful to defraud or make untrue statements or misleading omissions of material fact in connection with the purchase or sale of any security.25 The same is effectively true in the commodities context, where it is unlawful to intentionally or recklessly defraud or make any untrue or misleading statement or omission of material fact in connection with a contract of sale of any commodity in interstate commerce.26

Beyond anti-fraud authorities, however, applying legacy securities and commodity futures exchange rules to crypto marketplaces creates regulatory uncertainty, which undermines those marketplaces and fails to distinguish between centralized and decentralized exchanges. Regulations to address intermediary risks do not make sense for software designed to achieve disintermediation.27 For example, requirements to hold customer property in a manner that minimizes the risk of loss are not relevant to DEXs where users self-custody their tokens. Similarly, requirements to make information regarding trading data public are, at best, superfluous when applied to DEXs, and, at worst, counterproductive, potentially requiring information to be provided in formats achievable only with more active management of DEX projects.

To provide rules that are narrowly targeted to relevant risks, Congress should provide a pathway for centralized marketplaces to register with their relevant regulator, the CFTC for crypto commodities marketplaces and the SEC for crypto securities marketplaces. Congress should also define decentralized exchanges and permit qualifying DEXs to voluntarily register with their relevant regulator. Voluntary, as compared to mandatory, DEX registration recognizes the capacity of DEXs to address intermediary risks through technology; promotes innovation in DEX design, including with respect to consumer protections; is adapted to the rapid pace of DEX iteration; and provides a wide berth for the capabilities of DEXs (e.g., their openness and interoperability).

Token Issuers: Addressing regulation of marketplaces, though, is only part of the task. It also is important to draw clear lines with respect to whether crypto projects trigger securities regulation to determine which regulator has jurisdiction over the trading of such instruments, as well as to determine what customer protections are appropriate. If a crypto project is not subject to regulation as a security, it should be considered a commodity.

Much like in the exchange context, decentralization plays an important role in determining whether crypto projects should be subject to the existing federal securities law regime. At a high level, federal securities law seeks to ensure that public representations regarding potential investment opportunities are accurate. Securities laws evolved in no small part to address the risks posed to investors by a managerial body’s ability to possess information that investors do not and its capacity to act at odds with investors’ best interests.28 Securities rules are therefore appropriately applied to address the specific risks of fraud, deception, and manipulation by developers, sellers, or promoters who remain active managers of a crypto project.29

Congress should clarify that securities laws do not apply to decentralized crypto projects. This means that securities laws would not apply to tokens where the developer, seller, or promoter does not promise to undertake efforts necessary to deliver the token and its benefits, i.e., act like a manager. For example, such efforts could include building software or promoting its adoption by users or merchants. Where developers promise to do these things, the crypto project is centralized, and it is appropriate to apply securities safeguards. However, if the project can work as intended without managers’ efforts, it is decentralized, and securities laws would not apply to sales of its tokens.

Where a cryptocurrency project is on the path to decentralization but is not sufficiently decentralized to avoid application of the securities laws, Congress should provide a streamlined disclosure option that covers information relevant to crypto purchasers. Even SEC Chair Gary Gensler, who has been averse, to say the least, to providing further guidance relating to crypto, has acknowledged that crypto projects may warrant different disclosure requirements than traditional securities like stocks.30

It is necessary to clearly define when the securities laws apply to crypto projects in order to achieve effective regulation in this space. Without clear and rational answers, legal uncertainty will continue to confound developers and users, stifling innovation or driving it offshore and leaving unaddressed risks comparable to those addressed by existing law.

The Market Should Decide Crypto’s Promise

Finally, following FTX’s bankruptcy, there have been the usual calls to “protect consumers” from risks by banning crypto, by subjecting crypto, without differentiation, to onerous regulations designed for the traditional banking sector, or paradoxically, by declining to regulate crypto in order to delegitimize it.31 This type of “protection”—premised on a value judgement about the worth of the crypto ecosystem—takes the choice to engage in technological innovation out of the hands of consumers, investors, and entrepreneurs, and instead places it squarely into the hands of the government, where it does not belong.

While circumspection around a novel class of asset and technology is more than fair, it is entirely different from actively preventing individuals from accessing an instrument that approximately one in five Americans by some measures already have chosen to use for diverse purposes, from trading to sending remittances.32 Investment in cryptocurrencies has been disproportionately popular with underrepresented populations, who may be looking for solutions to problems not offered by the traditional financial system.33 That crypto has yet to meet all of the goals that it—or others—have set for the ecosystem is not a reason to limit access to it. Regulatory interventions should not bias outcomes by stunting an industry’s natural development.

Moreover, the risk that some people will lose money by investing in crypto does not justify harsh regulation. Risk is a natural component of markets, and failure is often necessary for development. The government should not seek to protect people from loss. Americans should be able to participate in that process—for better and for worse—without the government’s attempts to protect them facing any risk of loss.34

* * *

Thank you for the opportunity to provide this information, and I welcome any questions that you may have.