In October 2008, Satoshi Nakamoto published "Bitcoin: A Peer-to-Peer Electronic Cash System" – the white paper that promulgated blockchain technology. Almost a decade later, in February 2017, the combined market value of all cryptocurrencies was $20 billion, topping out at $750 billion in November 2017.

As blockchain built momentum from 2009 to 2016, outsiders who previously watched from the sidelines, jumped headfirst into the space as investors, developers, creators and issuers. In 2017 and early 2018, approximately 197 crypto-focused hedge funds were created with approximately $4 billion under management,1 80 crypto-focused exchanges were set up and approximately $7 billion was raised through initial coin offerings.2 Like the tech-boom of the 1990s, this boom was orchestrated by younger entrepreneurs with limited professional experience. For example, the average fund manager age was 26 in November 2017.3

Since there is no centralized regulatory body for crypto, international governments and regulatory bodies within each country are taking different approaches to cryptocurrencies, which is complicating the regulatory space.

Each federal government has been choosing its own regulatory approach. Some, like the United States, are mindful of hampering potential growth and evolution in the space. Others, like Bolivia and Cambodia, have made all decentralized crypto/digital currencies illegal.4 In contrast, Japan and Estonia have fully embraced cryptocurrencies by accepting them as true currencies or putting citizen services such as voting, healthcare and banking on the blockchain.

Within each country, the various governing bodies have been offering overlapping policies, definitions and statements. In the United States, cryptocurrencies are considered property by the IRS, money by the Treasury Department / FinCEN, commodities by the CFTC and securities by the SEC (if issued via initial coin offering).

Security in the space is as jumbled as the state of the regulatory soup. Digital asset theft, as we knew it, involved the replication of an owner's digital assets (e.g., a musician's song shared illegally on Napster) unless the theft was physical (e.g., stealing a hard drive) or attacking (e.g., malware which deletes original copies of files).

In the world of cryptocurrency, that risk has shifted to one similar to physical robbery. Once a cryptocurrency is stolen in a breach, that cryptocurrency becomes inaccessible to the victim, much like stealing cash.

As such, simple mistakes due to a lack of controls can yield disastrous outcomes.

Industry participants that want to "get it right" and protect their investors, assets and reputation must institute best-in-class regulatory compliance and security standards. Those seeking the longevity and continuity of their businesses must do the following three things well to ensure they are prepared:

  1. Focus on consistently improving compliance / security procedures;
  2. Be proactive in the ordinary course of business to upgrade to best practices; and
  3. Have regular, third-party reviews of security policies and procedure.

Mitigating catastrophic events is of utmost importance as the value of cryptocurrencies grow, and regulators continue developing their understanding of the space, issue new guidelines and impose new regulations. Duff & Phelps is here to provide advice, educate clients on best practices and help protect client assets and reputation.

Crypto participants looking to "get it right" must focus on regulatory compliance and information security to increase the chances of longevity.

Footnotes

1. https://next.autonomous.com/cryptofundlist/

2. http://bitcoinist.com/icos-raised-1-billion-2018-february/

3. https://www.wired.com/story/cryptocurrency-mania-fuels-hype-and-fear-at-venture-firms/

4. China has banned exchanges from providing services to Chinese citizens.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.