Crypto is here to stay. Last year, the cryptocurrency exchange platform global market size was $927.4 million. This year, there are over 320 million cryptocurrency users in the world. And by 2030, it is expected to grow to $2,411 million. This clearly shows the popularity that cryptocurrency enjoys.
But even as it grows in popularity, there is a huge section of users that still view crypto with mistrust. What crypto companies need to continue on their upward growth trajectory is to instill more confidence in their users. Regulatory compliance seems to be just the thing cryptocurrencies need.
Cryptocurrency & Compliance Regulation
For the longest time, crypto companies have resisted regulation. Crypto was originally popularized as being permission-less, borderless, and without government interference. The crypto crowd has always aimed to disrupt traditional financial structures and top-down governance. Bringing in regulation for crypto was thus vehemently opposed and even seen as a hindrance to its growth. In addition to this, since it works in a decentralized manner, regulation has also been difficult to impose.
Enforcing regulations for crypto is complex and regulators have disparate views on the regulatory approach. At a fundamental level, they even have conflicting views on determining whether cryptocurrencies should be treated as securities, commodities, or payment tokens.
Cryptocurrency uses blockchain for verification and the transactions don’t go through financial institutions. In case of theft or fraud, it is hard to track the crime and recover stolen funds. Thus, users are increasingly seeing regulation as a way to create trust and confidence in the crypto sphere. Also, due to the decentralized nature of crypto, there are still a high number of exchanges in digital currency that are not registered.
The Growing Need for Trust in the Crypto World
However, with the growing risks to the crypto industry, having verifiable regulation is becoming an urgent need. As users become more concerned about information security, the crypto industry now must embrace regulatory compliance to gain their stakeholders’ confidence.
“Trust is required more and more…and will continue to be for some time. Crypto projects that are running in this supposedly trustless space are building systems that require the users of those systems to trust the team to not do anything malicious or even just a mistake. Most people don’t have the technical know-how to understand and evaluate these details themselves. So that’s why things like KYC and code audits exist in this space, and are essential to establish trust in these teams by professionals that can evaluate these technical details that the regular user cannot themselves.”
– Kama from Prisma Shield, which offers Deep Logic smart contract auditing services for Web3 investors
And this is where the importance of compliance audits and attestations come in. Crypto companies must understand that regulatory compliance and third-party assessments is now a key requirement for success. Not only will it bring trust from the users but also help tackle money laundering, fraud, mining, pyramid schemes, pump-and-dump scams and other financial crimes. Compliance not only builds customer confidence but also gives crypto projects a competitive edge over other players.
How Traditional Compliance Can Work for Blockchain Projects Too
As the crypto economy continues its rise, it has also been marred by fraud and scams such as the OneCoin Ponzi scheme, the recent FTX scandal involving founder Sam Bankman-Fried. From phishing scams to fake cryptocurrency exchanges, the industry has its fair share of risks. While traditional regulation of the crypto sphere seems to be the need of the hour, there’s no doubt that we need to take an innovative approach here.
Let’s start by looking at how some tried-and-true regulatory standards are currently being applied to crypto projects right now.
SOC 1
System and Organization Controls 1 (SOC 1) is a certification related to financial operations at an organization. SOC 1 compliance indicates that a company has cleared the examination and received the certification. SOC 1 evaluates the effectiveness of a company’s internal controls. It’s particularly relevant where a high number of complex financial transactions are involved.
There are two types of SOC 1 reports used for auditing and awarding certification. SOC 1 Type 1 verifies whether the company has implemented system controls to achieve the control objectives at a specific point in time. SOC 1 Type 2 evaluates how effective the controls are over a period of time to achieve the control objectives. In this context, the control objectives are related to the potential risks that the controls aim to reduce.
SOC 1 evaluates controls related to the data security of a company’s customers and clients. It evaluates how the services impact a customer’s financial reporting. In this context, SOC 1 differs from SOC 2, which we will cover next.
Crypto companies that achieve SOC 1 compliance can effectively demonstrate to their clients that they take data security seriously. For crypto projects, this framework can also be used to cover customer reporting controls of cryptocurrency exchange. For this reason, crypto teams and blockchain services are actively getting their projects certified through third-party auditors. These include:
SOC 2
System and Organization Controls 2 (SOC 2) is the highest level of security compliance and is split into two examinations – SOC 2 Type 1 and SOC 2 Type 2. While the former verifies the presence of appropriate controls at a given point in time, the latter evaluates the efficiency of these controls and their operation over a period of time.
While SOC 2 does sound similar to SOC 1, it is different and specific to meeting the service commitments. So, the controls being evaluated are focused on service and based on five trust principles. These principles are:
- Privacy
- Security
- Availability
- Processing Integrity
- Confidentiality
SOC 2 compliance very simply means clearing the examination and getting the certification. The compliance demonstrates that the crypto company is using appropriate controls for managing client data based on the five trust principles.
As the crypto and fintech startups are viewed with skepticism, SOC 2 reporting can help increase trust and confidence in data security. With SOC 2, a crypto company not only claims to take data security seriously but also has evidence to prove it. In fact, there has been an influx of crypto groups working to become SOC 2 certified in the last two years. SOC exams provide blockchain startups a range of advantages, from helping them to better undertake due diligence on their own vendors to meeting regulatory compliance and contractual requirements of clients.
Projects in the blockchain sphere that have already become SOC 2 certified, or which are approaching certification include:
ISO 20022
ISO 20022 is a standard for exchanging electronic messages between financial institutions. When institutions use different languages and codes, international transfers can become a mess. ISO 20022 consolidates different messaging formats into XML and brings order to chaos. The messaging in this context covers information on payment transactions, card transactions, settlement of securities, etc.
Conventional international money transfers are centralized whereas cryptocurrency comes in as a decentralized money transfer option across borders. While both these concepts have been at opposite ends, the ISO standard can create an environment where both these methods of money transfer coexist.
ISO 20022 sets the stage for a future where interbank communication on a global level is standardized. At the same time, with many believing that cryptocurrency will take the center stage in the future, ISO 20022 and cryptocurrency become inevitably linked together. And the shift has already begun! Several cryptocurrencies are already ISO 20022 compliant, including:
The Society for Worldwide Interbank Financial Telecommunications (SWIFT) supports ISO 20022 and its members were supposed to migrate to the ISO standard in November 2022. While this has now been delayed to March 2023, it is expected that all members would migrate to the new standard by 2025. This is an important update for the crypto industry since crypto companies can integrate with SWIFT via ISO 20022. Once this happens, the trust factor for these companies will ultimately go up.
SEC
The Securities and Exchange Commission (SEC) has been assigned the power to bring about regulation in the crypto industry. The idea behind this move was to protect investors’ information irrespective of the technology being used. With the crypto sector being viewed as the ‘wild, wild west’, the SEC is likely to come down hard on cryptocurrencies to slow down the pace at which new coins are coming up.
The chairman of the SEC, Gary Gensler, has called upon crypto exchanges to register as securities trading platforms. The increased regulatory scrutiny will continue as SEC is beefing up its cryptocurrency enforcement unit. In view of this, it would be a good idea for crypto companies to comply with securities laws.
Final thoughts
Cryptocurrency has been around for over a decade now and has proudly been anti-regulation. In fact, regulation was seen as an impediment to the growth of the crypto industry. However, now, there’s a real need for regulation and the companies also seem to have identified the need and are taking steps to comply with different standards.
Part of the reason for this shift is that cryptocurrencies are moving from being niche products to having a mainstream presence. The other reason is the frauds and scams that make users skeptical. From regulations being viewed as an impediment to the growth of cryptocurrencies, we have come to a point where the absence of regulations can threaten the increasing adoption of cryptocurrency.
SOC 1®, SOC 2® and SOC 3® are registered trademarks of the AICPA (American Institute of Certified Public Accountants). The AICPA® Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy is copyrighted by the Association of International Certified Professional Accountants. All rights reserved.
