I. INTRODUCTION
Cryptocurrency is still a highly unregulated asset and there are a plethora of concerns regarding its custodial aspects. One major area for concern is digital wallets. The lack of regulation for digital wallets should be a primary point of focus for regulators in the cryptocurrency space. A digital wallet is a software/application program that “securely” stores your cryptocurrency assets. Digital wallets can also be used to send, convert, and receive cryptocurrency from other users. Similar to a physical wallet your digital wallet must be secured. However, unlike having a secure checking or savings account with a bank , it is your responsibility to adopt good practices in order to protect your crypto assets. There are some subtle differences to this point when you hold your crypto in online exchanges such as Coinbase. Many exchanges and online wallets experience security issues and generally do not provide enough insurance and security to be used to store money like a bank. Part II of this post will proceed by (1) explaining in more depth what digital wallets are and the different types of digital wallets that exist; (2) why a lack of regulation for digital wallets is so concerning; and (3) the issues with relying on online exchanges to store your crypto assets. Part III will analyze different regulatory frameworks that could possibly be implemented to regulate digital wallets and who should be regulating them. Part IV will conclude.
II. DIGITAL WALLETS, ONLINE EXCHANGES, AND THE ISSUES OF A LACK OF REGULATION
Before we can truly begin to analyze who should regulate digital wallets, it is essential to understand what they are, the most commonly used types, and their function in the cryptocurrency space. Wallet technology is based on private keys. These keys are complex and lengthy passwords (a string of letters and numbers) that correspond to a specific wallet and are used to access the coins in that wallet. Without the specific private key, it is virtually impossible to get access to assets that you have stored on the blockchain. “Cryptocurrency is under the sole control of whomever has the private key to a bitcoin address; only the person possessing the private key of a receiving account has any power over the funds received.” However, private keys are still vulnerable to both cyber and traditional theft. For instance, “At least 10% of Bitcoin—the most prevalent cryptocurrency in the world—has been stolen and recirculated.”
In cryptocurrency, wallets can be both software and hardware devices. Hardware wallets are based on technology that is referred to as cold storage. This is generally considered the safest method for storing cryptocurrency. Hardware wallets are not accessible via the Internet and are therefore much more difficult to crack. With a hardware wallet, you do not need to trust third parties. However, individual control over your crypto funds requires an equal measure of personal responsibility. The essential question boils down to whether you trust yourself enough to use a hardware wallet. Otherwise, you then have to ask yourself whether you trust a third party custodian, such as Coinbase, to take custody of your crypto assets. The most commonly used digital wallet – a software wallet is a non-physical software program for users to store their cryptocurrencies. Software wallets are more readily accessible, and are often stored online or via the cloud. These characteristics of the software wallet make them more of a logical option for individuals that are only storing a relatively small amount of cryptocurrency, and need to access it regularly. As a consequence of software wallets being accessible via the Internet, they are less secure than other wallet options. This is in part because the private keys required to secure an individual’s assets are generated online. Software wallets contain your key on your computer, and, as we all know, if your computer is connected to the internet, it is susceptible to hacks and malware attacks. “This new “digital gold” is particularly attractive to thieves, who need only purloin the private key to gain control of hundreds of millions of dollars in virtual wealth.” Included in the realm of software wallets are online exchanges. You can purchase, trade, or invest in Cryptocurrency online using centralized crypto exchanges. Some popular exchanges include Binance, Coinbase, Kraken, etc. There are many security issues with online exchanges such as these. Exchanges are basically custodial accounts that are provided by these platforms to store your crypto assets in. The exchanges mentioned above, such as Coinbase, are centralized exchanges. In other words, they are simply third party intermediaries between buyers and sellers. The reality of these centralized platforms is that you never possess the private key associated with your cryptocurrency assets. However, unlike banks, these online exchanges are not fully regulated and not nearly as secure. For example, “There is a guideline called Regulation E, and it was established by the Federal Reserve to protect all electronic funds transfers (ETFs), banking included. This guideline makes banking customers liable for up to only $50 in losses if they notify their bank right away (typically, within 2 days of receiving the statement with the fraudulent charge). Even if they wait up to 60 days, losses are still capped at only $500–and the bank carries most of the liability.” On the other hand, when you are dealing with cryptocurrency and exchanges, you are your own bank and the responsibility falls on you. Coinbase is insured against a hack on Coinbase, but not on a hack of an individual’s account. Therefore, the security of your account is mostly your responsibility. This reality stems from the fact that all cryptocurrency transactions are done on the blockchain and are thus consequently irrevocable. “And once a thief with a private key transfers digital funds, those criminal transactions cannot be undone unless the recipient account’s private key holder can be identified.” The issue here is that all crypto transactions deal in anonymity which makes it very difficult to know the identity of the parties to any particular transaction. In short, an individual must be very aware of the risks associated with leaving their cryptocurrency in software wallets including online exchanges. In April, 2021, Fortune reported that there have been approximately $2.5 billion worth of cryptocurrency thefts in the last decade. A significant proportion of this amount has been compromised from exchanges.
III. WHO SHOULD REGULATE DIGITAL WALLETS, AND WHY
The question of who should regulate digital wallets is one that has yet to be answered, but a question that is nonetheless of utmost importance. Courts are limited in their power to force the illegitimate wielder of a private key to return stolen cryptocurrency, due to the qualities of this intangible asset. Cryptocurrencies ignore physical borders, transaction quantity limits, or other traditional currency controls. And cryptocurrency transactions, once completed, are essentially irreversible due to the lack of a controlling authority that can undo transactions. Regardless of the clear need for regulation of digital wallets, the answer to this question is not readily available. Governments seem to be the most obvious and well-equipped choice to regulate digital wallets. Governments can apply the same regulation and identification requirements to digital wallets as it does to bank accounts. For instance, banking regulations require identifiable bank accounts. However, in order to achieve the same type of regulation on digital wallets, a centralized governmental authority will probably need to be established to monitor the use of digital wallets. This suggestion would not be in favor with many of the proponents of cryptocurrency because it was originally designed to act as a decentralized currency free of government intervention. The whole premise behind why cryptocurrency was created was fueled by the collapse of the global economy in 2008. In short, a failure of the Government to closely regulate banks allowed them to take on risky investments which ultimately led to the crash of the housing market. At the end of the day it was the everyday citizen who had to pay the price for the ramifications of these risky investments while the banks were given a slap on the wrist from the government. Catalyzed by a lack of trust in the banks and the government, the idea of a decentralized currency quickly gained steam and eventually became mainstream with the creation of Bitcoin. This background begs the question, why trust governments to regulate digital wallets?
Individuals can be safeguarded from financial loss with their cryptocurrencies if their digital wallets are sufficiently protected. The government can introduce regulation to protect these wallets. “While the transactions between digital wallets are recorded on a public ledger, the wallet owners can remain anonymous—enabling criminal groups to solicit ransom payments and blacklisted states to evade sanctions, for example. The widespread use of unregulated digital wallets could undermine financial stability. Policymakers should respond with prudent regulation.” The idea that governments can regulate digital wallets should perhaps be limited to just that, digital wallets. People may be more willing to accept this idea if the government’s regulatory authority is strictly limited to the oversight of digital wallets rather than to digital currencies more broadly. Historical regulations used in the regulation of banks could act as guidelines in creating a framework for digital wallets. Government intervention to require the authorisation, use and regulation of identifiable digital currency wallets would catalyze the development of the safe, legitimate digital currency economy. U.S. regulators can use existing laws to regulate and supervise digital wallets without new legislation. Regulatory bodies such as the Securities and Exchange Commission (SEC), the Financial Crimes Enforcement Network (FinCEN), and the Commodity Futures Trading Commission (CFTC) could implement already existing laws and frameworks to guide the regulation of digital wallets. For example, FinCEN implemented the Anti Money Laundering Act (AML) to work together with centralized banks to help prevent criminals from exchanging money obtained through illegal activities—i.e. “dirty money”—into legitimate income, or “clean money.” Anti-money laundering (AML) efforts consist of the laws, regulations and procedures, designed to prevent such criminal activities. The government could take some of these procedures and laws from the AML and apply them to digital wallets. The easiest way to stop money laundering is to implement “know your customer” (KYC) rules at financial institutions. If money is associated with one person or organization and each transaction is traceable, then it becomes nearly impossible to launder money. FinCEN has actually proposed new rules that obligate banks and money service businesses to perform identity verification, keep records, and keep reports on the transactions made over 3,000 USD related to digital wallets that are non-hosted. The proposal suggests that service providers must report the name and addresses of all their clients. They should also report the type of virtual currency, its amount, and the legal tender status of the digital assets used in the transaction. Time of the transactions, the value of the transaction in the USD, the name, and address of each party involved in the transaction should also all be reported. All other information that identifies the transaction, account, the user, and all the parties involved must be provided as well. Forms and registrations regarding the transactions must be signed by the customer. These regulations would only apply to banks and online exchanges that fit within the definition of money service businesses. Indeed, popular exchanges such as Coinbase are registered as money service businesses with FinCEN and thus must comply with FinCEN’s rules and regulations. Of course, however, there are still ways to avoid the reach of FinCEN and other possible governmental intervention when it comes to money laundering or other criminal activities utilizing crypto transactions. For instance, the user of a hardware wallet is practically their own mobile financial institution and does not need to rely on a centralized institution such as Coinbase to carry out their crypto transactions. The government could attempt to regulate and implement AML policies on hardware wallet companies like it does with online exchanges and banks. However, it is much harder to do so considering that this type of wallet does not require internet connection and these transactions involving cold storage take place on decentralized exchanges. Another U.S. regulatory agency, The SEC, for example, could regulate crypto wallet providers like Coinbase as clearing agencies. Clearing agencies are broadly defined under Section 3(a)(23)(A) of the Exchange Act and undertake a variety of functions. Two common functions of registered clearing agencies are the functions of a central counterparty (“CCP”) or a central securities depository (“CSD”). Under Rule 17Ad-22(a)(2), a clearing agency performs the functions of a CCP when it interposes itself between the counterparties to securities transactions, acting functionally as the buyer to every seller and the seller to every buyer. However, this would require that cryptocurrencies be considered securities and they would therefore need to fit within the elements of the Howey test. At the moment this is not the case, as cryptocurrencies are still mostly considered to be commodities. This is why the CFTC might be the most well-equipped U.S. regulatory agency to oversee digital wallets. Perhaps the best option is to have a number of different U.S. regulatory agencies work together to regulate digital wallets.
IV. CONCLUSION
In sum, there are still a plethora of unresolved questions and issues when it comes to regulating digital wallets in the cryptocurrency space. Not only are people’s financial assets at stake, but there is also the prevalent issue of money laundering and other criminal activities. The anonymity and irrevocability of cryptocurrency transactions that take place on the blockchain has created unprecedented problems. Although Government intervention and regulation would receive pushback in the cryptocurrency space, it is the most viable solution to many of the issues associated with the lack of regulation for digital wallets. FinCEN and the AML Act is an example of how the government can implement already existing regulatory frameworks to regulate centralized exchanges that act as custodians of cryptocurrency. If digital wallets are ever going to be truly secure, however, much more is going to have to be done.
