BIS-加密货币、代币和去中心化金融：监管指引

FinancialStabilityInstituteFSIInsightsonpolicyimplementationNo49Crypto,tokens

and

DeFi:navigatingtheregulatorylandscapeByDeniseGarciaOcampo,

NicolaBranzoliandLucaCusmanoMay2023JELclassification:F30,G18,G28,O38Keywords:

cryptoasset,

cryptoasset

service

provider,decentralised

finance,

DeFi,

DLT,

global

stablecoin,stablecoin,

token,

tokenised

asset,

virtual

asset,

virtualassetserviceprovider.FSI

Insights

are

written

by

members

of

the

Financial

Stability

Institute

(FSI)

of

the

Bank

for

InternationalSettlements

(BIS),

often

in

collaboration

with

staff

from

supervisory

agencies

and

central

banks.

The

papersaim

to

contribute

to

international

discussions

on

a

range

of

contemporary

regulatory

and

supervisorypolicy

issues

and

implementation

challenges

faced

by

financial

sector

authorities.

Theviews

expressed

inthem

are

solely

those

of

the

authors

and

do

not

necessarily

reflect

those

of

the

BIS

or

the

Basel-basedcommittees.Authorisedby

the

ChairoftheFSI,FernandoRestoy.This

publication

is

available

on

the

BIS

website

().

To

contact

the

BIS

Media

and

PublicRelations

team,

please

email

press@.

You

can

sign

up

for

email

alerts

at/emailalerts.htm.©Bank

for

International

Settlements

2023.

All

rights

reserved.

Brief

excerpts

may

be

reproduced

ortranslated

provided

the

source

is

stated.ISSN2522-249X(online)ISBN978-92-9259-656-9(online)ContentsExecutivesummary

4Section1–Introduction

6Section2–Definitions

and

criteriaforclassifyingpolicymeasurescoveredin

thispaper

8Section3–Policymeasuresoncentrallymanagedcryptoassetactivities13Section4–Policymeasuresoncommunity-managed

cryptoasset

activities30Section5–Policymeasuresonusers’directexposures

tocryptoassetsandrelated

activities

37Section6–Futurechallengesand

concludingremarks

39References42AnnexA:Glossary48OnlineAnnexB:Referencesofregulatory

andpolicyresponsescoveredinTable650Crypto,tokensandDeFi:navigatingtheregulatorylandscapeiiiCrypto,tokens

andDeFi:navigatingthe

regulatorylandscape1ExecutivesummaryAddressing

the

risks

posed

by

cryptoassets

has

become

a

pressing

issue

for

policymakers.Cryptoasset

markets

have

experienced

cycles

of

growth

and

collapse,

often

resulting

in

large

losses

forinvestors.

These

markets

pose

risks

which,

if

not

adequately

addressed,

might

undermine

consumerprotection,

financial

stability

and

market

integrity.

While

the

turmoil

experienced

in

these

markets

at

theend

of

2022

has

so

far

not

led

to

wider

contagion,

the

outcome

might

have

been

worse

had

the

cryptoassetmarketsandthetraditional

financialsystembeenmoreinterconnected.Policymakersareconsideringtheirresponsetocrypto-relatedrisks.Potential

lines

of

action,which

are

not

mutually

exclusive,

include

banning

specific

activities,

isolating

cryptoasset

markets

fromthe

traditional

financial

system,

regulating

cryptoasset

activities

in

a

manner

akin

to

traditional

finance

anddeveloping

alternatives

that

improve

the

efficiency

of

the

traditional

financial

sector

(Aquilina

et

al

(2023)).These

lines

of

action

will

be

contingent

on

the

risks

posed

to

the

provision

of

financial

services

by

thevarious

activitiesinvolving

cryptoassets

and

their

underlying

technology,

referred

inthis

paper

under

theumbrella

term

of

distributed

ledger

technology

(DLT).

For

lines

of

action

which

consider

regulatingcryptoasset

activities,

the

question

depends

on

policymakers’

assessment

of

which

risks

posed

bycryptoassetsandrelatedactivities

should

becaptured

by

regulationandwhether

those

risksarecapturedbyexistingregulationoriftherearegapsthatneedto

beaddressed.Thispaper

providesan

overview

ofpolicy

measurestaken

in

19

jurisdictionsto

addresstherisks

associated

with

activities

that

incorporate

cryptoassets

and

DLT

programmability

capabilitiesinfinancial

services.

2

In

this

papercryptoasset

activities

are

classifiedintothree

categories

based

on

theproposed

taxonomy

by

the

FSB:3

(a)

issuance;

(b)

operation

of

a

DLT

infrastructure;

and

(c)

service

provision(eg

wallet,

custody,

payment,

exchange,

lending).

For

the

overview

of

policy

measures,

initiatives

areclassified

into

three

categories

depending

on

whether

they

address

the

risks

associated

with

(i)

centrallymanaged

cryptoasset

activities;

(ii)

community-managed

cryptoasset

activities;4

or

(iii)

users’

directexposurestocryptoassetsandrelatedactivities.Different

types

of

policy

measure

across

jurisdictions

include

bans,

restrictions,clarifications,

bespoke

requirements

and

initiatives

to

facilitate

innovation.

As

these

measures

tendto

reflect

the

evolution

of

market

developments,

most

current

initiatives

target

centrally

managedcryptoassetactivities,withaparticularfocusonserviceprovision.1Denise

Garcia

Ocampo

(Denise.GarciaOcampo@),

Bank

for

International

Settlements,

Nicola

Branzoli(Nicola.Branzoli@bancaditalia.it)andLucaCusmano(Luca.Cusmano@bancaditalia.it),BankofItaly.The

views

expressed

in

this

paper

are

those

of

the

authors

and

not

necessarily

those

of

the

BIS,

the

Basel-based

standardsetters,

the

Bank

of

Italy

or

the

authorities

of

the

jurisdictions

covered

within

it.

The

authors

thank

Patrizia

Baudino,

CarlosCantú,

Stijn

Claessens,

Emma

Claggett,

Renzo

Corrias,

Juan

Carlos

Crisanto,

Nicole

Detering,

Sebastian

Doerr,

Tomas

Edlund,Daniel

Eidan,

Johannes

Ehrentraud,

Jon

Frost,

Leonardo

Gambacorta,

Martin

Hood,

Wenqian

Huang,

Eva

Hupkes,

DooyoungKim,

Ayu

Kinanti,

Priscilla

Koo

Wilkens,Anneke

Kosse,Theodora

Mapfumo,Amelie

Monteil,Iota

Nassr,Liz

Owen,

Jermy

Prenio,Tara

Rice,

Hyun

SongShin,

JoonSukPark,

GregSutton,

Jatin

Taneja,ToshioTsuiki,

CarolinaVelasquez,OliverWray,

John

Yeo,KeanYongandcontactsattheauthoritiesfromthejurisdictionscoveredinthispaper.2The

jurisdictions

covered

in

this

paper

are

Australia,

Belgium,

Canada,

China,

the

European

Union,

France,

Germany,

Hong

KongSAR,

Italy,

Japan,

the

Netherlands,

the

Philippines,

Singapore,

South

Africa,

Spain,

Switzerland,

the

United

Arab

Emirates,

theUnitedKingdomandtheUnitedStates.34SeeFSB(2022c).These

refer

to

activities

managed

(ie,

operated

and

governed)

by

a

community

of

participants

in

public

DLT

networks

organisedunderdecentralisedarrangements.4Crypto,tokensandDeFi:navigatingtheregulatorylandscapeFor

centrally

managed

issuance

activities,

current

regulatory

initiatives

focus

mainly

onissuers

of

security

tokens

and

stablecoins.

All

the

jurisdictions

we

cover

here

requireissuers

of

securitytokens

to

comply

with

securities

regulation.

Some

are

developing

frameworks

for

issuers

of

stablecoinsused

for

payment.

The

proposed

initiatives

introduce

licensing,

capital

and

reserve

requirements

but

differacross

countries

in

terms

of

terminology,

type

of

license,

redemption

rights

and

standards

for

governanceandriskmanagementpractices.Only

asmallnumber

haveadopted

aregulatoryframeworkforissuersofstablecoins

used

for

other

purposes.

Furthermore,

only

a

few

have

clarified

whether

securities

laws

applytoissuersofutilitytokens.Initiatives

related

to

centrally

managed

infrastructure

activities

mainly

explore

the

benefitsand

risks

from

traditional

financial

intermediaries’

use

of

DLTs

and

their

programmabilitycapabilities.

Some

jurisdictions

are

collaborating

in

pilot

testing

use

cases

of

DLT-based

infrastructuresfor

the

clearing

and

settlement

of

payments

and

securities.

Others

are

facilitating

innovation

in

a

controlledenvironment

through

bespoke

licensing

regimes

and

sandboxes.

Only

one

jurisdiction

has

issued

DLT-specificguidance.Initiatives

related

to

centrally

managed

service

provision

activities

often

extend

theregulatory

perimeter

to

newnon-bankcentralisedintermediaries.

Most

jurisdictions

have

introducedauthorisation,

prudential,

anti-money

laundering/combating

the

financing

of

terrorism

(AML/CFT)

andconsumer

protection

requirements.

Regulatory

approaches

include

establishing

bespoke

frameworks,introducing

specific

derogations

from

the

applicable

legislation,

issuing

clarifications

on

how

existingpaymentsorsecuritiesregulationapply,andrestricting

or

prohibitingcertain

activities.In

relation

to

community-managed

activities,

policy

measures

aim

at

addressing

the

risksposed

by

native

tokens

and

DeFi

protocols.

For

activities

where

native

tokens

are

involved,

someauthorities

rely

on

a

broad

interpretation

of

“rights”

attached

to

a

native

token

to

define

if

it

is

a

securityand

thus

clarify

the

application

of

securities

regulation.

Others

use

concrete

examples

for

additionalguidance.

For

DeFi

protocols,

most

initiatives

were

in

the

form

of

analytical

papers.

At

present,

only

oneauthority

in

the

covered

jurisdictions

has

issued

guidance

on

the

adoption

of

smart

contracts.

Another

hasclarified

the

applicable

requirements

related

to

decentralised

exchanges

and

staking

activities.

A

fewauthorities

have

taken

enforcement

actions

addressing

AML/CFT

and

investor

protection

risks

posed

bycertain

protocols.

A

small

number

have

introduced

initiatives

to

facilitate

the

adoption

of

protocols

withcertainfeaturesbytraditionalfinancialintermediariesunderatrusted

environment.For

risks

associated

with

users’

direct

exposures

to

cryptoassets

and

related

activities,initiatives

tend

to

reflect

the

evolution

of

cryptoasset

markets.

All

the

jurisdictions

covered

haveissued

warnings

to

retail

investors

about

the

risks

posed

by

cryptoassets,

and

some

of

these

warningstarget

specific

types

of

cryptoasset

(eg

native

tokens,

security

tokens

and

non-fungible

tokens).

A

fewjurisdictions

have

banned

the

distribution

of

certain

cryptoassets

to

retail

investors

and

others

haveimposed

restrictions

on

promotional

activities.

For

wholesale

investors,

no

jurisdiction

has

so

farintroduced

rules

to

mitigate

risks

stemming

from

traditional

financial

institutions

investing

in

cryptoassets.Policymakers

may

face

further

challenges

as

cryptoasset

markets

evolve

and

DLTprogramming

capabilities

are

applied

to

new

use

cases.

Continuous

efforts

will

be

needed

tounderstand

novel

business

models

and

their

underlying

risks,

to

build

or

maintain

the

skills

and

capacitytoadequately

assesspotentialimplicationson

financial

markets

andto

adjustpolicyresponsespromptly.Only

with

sufficient

resources

and

access

to

timely

and

reliable

information

will

authorities

be

able

toassessfutureriskstothefinancialsystem.The

global

nature

of

cryptoassets

poses

significant

challenges

that

require

effectivecooperation

and

coordination

among

national

and

international

regulators.

Jurisdictions

cannotentirely

mitigate

the

risks

associated

with

cryptoassets

if

policy

measures

are

susceptible

to

gaps

andinconsistencies

across

borders.

A

coordinated

response

is

essential.

In

this

context,

international

standardsthat

promote

a

consistent

regulatory

framework

will

play

a

key

role

in

preventing

regulatory

arbitrage

andafragmentedregulatoryenvironmentthatcouldunderminefinancialstability.Crypto,tokensandDeFi:navigatingtheregulatorylandscape5Section1–Introduction1.Advances

in

cryptography,

computing

science

and

computing

power

have

transformeddigital

ledgers.

Thesedevelopments

haveenabledthecreation

oftechnologies,

referredto

inthispaperunder

the

umbrella

term

of

distributed

ledger

technology

(DLT),5

that

allow

a

network

of

participants

toestablish

a

shared

and

immutable

record

of

ownership

–

a

ledger

with

functionalities

that

go

far

beyondthose

of

traditional

ledgers.

DLTs

allow

participants

to

share

a

database

of

electronic

records

and

buildconsensus

for

transaction

validity

through

cryptographic

algorithms6

without

a

central

coordinating

entity.Transactions

can

berecorded

by

one,

some

or

all

participants,

regardless

of

their

reliability,

according

tothe

rules

agreed

by

the

network,

and

any

change

is

replicated

in

all

copies

in

minutes

or

even

seconds.SomeDLTsalsoenabletheprogrammingorautomationoftransactionswithinthe

ledger.2.DLTs

have

enabled

the

creation

of

cryptoassets

and

decentralised

finance

(DeFi).

Althoughthe

concept

of

DLT

existed

before

Bitcoin

and

blockchain

(Rauchs

et

al

(2018)),

it

was

not

until

thepublication

of

Satoshi

Nakamoto’s

whitepaper

in

2008

that

this

technology

started

to

attract

attention.Cryptoassets

emerged

when

Bitcoin

developers

combined

various

technological

components

to

create

anew

way

to

represent

and

transfer

value

between

multiple

parties

without

the

need

to

trust

each

other.Bitcoin

blockchain

provided

a

basic

framework

which

served

as

the

foundation

for

different

types

of

DLTand

DLT-based

application.

Asthe

technology

evolved,

someDLTs

incorporated

newfunctionalities

suchas

so-called

smart

contracts.

Building

on

cryptoassets

and

publicpermissionless

DLTs

that

support

smartcontracts,

DeFi

emerged

as

an

alternative

way

to

offer

financial

services

such

as

borrowing,

lending

orinvestingwithoutrelyingon

atraditionalcentralisedfinancialintermediary(Auer

etal(2023)).3.DLTscanalso

be

usedtorepresent

andtransferdifferenttypesofreal-worldassets.Aimingtolower

costs,

increaseefficiencies

andoffernewservices,sometraditional

intermediariesareleveragingthe

use

of

DLT

programmability

capabilities

for

the

representation

and

transfer

of

traditional

assets.7Similarly,

several

exchanges

and

market

operators

are

also

exploring

the

use

of

DLTs

as

a

new

type

offinancialmarketinfrastructurethatmayenablereal-timesettlement

andautomationofprocessesrelatedtocross-borderpayments

andsecuritiesclearing,settlementandtradingprocesses.4.Activities

that

incorporate

cryptoassets

and

DLT

programmability

capabilities

promise

toopen

up

opportunities

for

the

provision

of

financial

services

but

come

with

risks

and

challenges.For

example,

holding

cryptoassets

may

poseanumber

of

risks

for

investors

including

liquidity

risk,

creditrisk,

market

risk,

operational

risk

(including

fraud

and

cyber

risks),

money

laundering

and

terrorist

financingrisk,

and

legal

and

reputational

risks

(BCBS

(2019)).

Also,

economic,

legal

and

technical

challenges

mayarise

in

relation

to

transferring

assets

from

traditional

ledgers

to

representations

on

DLT

programmableledgers(Aldasoroetal(2023)).5.Cryptoassets

and

DeFi

ecosystems

show

structural

flaws

and

pose

risks

that,

if

notaddressed,

might

undermine

consumer

protection,

financial

stability

and

market

integrity.

Theturmoil

faced

in

2022

(also

referred

to

as

the

“crypto

winter”)

revealed

that

cryptoasset

and

DeFiecosystems

exhibit

many

of

the

vulnerabilities

familiar

from

the

traditional

financial

system,

such

asoperational

fragilities,

liquidityand

maturity

mismatches,

leverageand

interconnectedness

(Aquilinaetal(2023),

FSB

(2023)).

So

far,

these

vulnerabilities

have

not

affected

the

traditional

financial

system

due

tothe

relatively

small

size

of

cryptoasset

markets

and

their

limited

interconnectedness

with

traditional56AnnexAcontainsaglossaryofterms.Cryptographic

algorithms

are

the

basic

building

blocks

of

cryptographic

systems.

They

are

mathematical

functions

oralgorithms

used

toensure

the

security,

integrity

and

privacy

ofelectronic

records.Examples

include

hash

functions,

symmetricandasymmetrickeycryptography,digitalsignatures,Merkletreesandconsensusmechanisms.

SeeRauchsetal(2018).7In

the

past

few

years,

some

banks

and

international

organisations

have

issued

tokenised

versions

of

bonds,

including

the

WorldBank,

the

European

Investment

Bank,

Nomura

and

Société

Générale.

Several

intermediaries

have

experimented

with

thetokenisationofavarietyofreal-worldfinancialassets(egJPMorgan,HSBC,

MitsubishiUFJ

FinancialGroup).See

OECD(2020).6Crypto,tokensandDeFi:navigatingtheregulatorylandscapemarkets.However,

shouldinvestorinterest

notdeclinefollowingthe“cryptowinter”and

consideringthatinterconnectedness

and

market

concentration

in

the

cryptoasset

ecosystem

is

expected

to

intensify,

afuture

scenario

of

turmoil

in

a

larger

cryptoasset

market

could

have

implications

for

financial

stability(Aquilina

et

al

(2023),

FSB

(2023)).

Moreover,

cryptoassets

may

also

pose

a

threat

to

the

monetarysovereignty

of

statesthat

areless

macroeconomically

stable(Aquilina

et

al

(2023))

and

maycreateissuesofcryptoisation(ie,thesubstitutionoflocal

currencies

withcryptoasset-basedones)(IMF

(2021)).6.Against

this

background,

discussions

among

policymakers

have

intensified

over

how

anappropriate

regulatory

framework

should

look.

Fornewbusinessmodelsthat

arenot

yetcapturedbyexisting

regulatory

frameworks,

the

overarching

question

is

whether

they

should

beinsideor

outsidetheregulatory

perimeter.8

If

they

are

inside,

the

question

is

how

regulatory

requirements

should

apply.

Foractivities

or

entities

that

are

already

subject

to

existing

regulations,

the

question

is

whether

adjustmentscan

foster

innovation

that

could

benefit

society

while

not

compromising

other

policy

objectives;

orwhetherstricterrequirementsarecalledfor.7.Regulation

of

cryptoassets

and

related

activities

present

policymakers

with

a

number

ofchallenges.

First,

cryptoassets

and

related

activities

are

within

the

purview

of

many

financial

and

non-financial

authorities,

each

with

its

own

mandate

and

policy

objectives,

requiring

enhanced

cooperation.Second,

the

pseudonymous

and

borderless

nature

of

DLT-based

applications

deployed

in

publicpermissionless

networks

make

it

challenging

for

authorities

to

identify

the

applicable

legal

jurisdiction

andthe

entities

or

individuals

accountablefor

meeting

regulatory

obligations.

Third,

the

lackof

transparency,consistency

and

the

unreliability

of

data

make

it

difficult

for

authorities

to

monitor

and

assess

risksstemmingfromtheseactivitiesandtheirpotentialspilloverstothefinancialsystem.9

Fourth,thespeedofinnovationmakesit

difficult

forregulatorstorespondpromptlytodevelopmentsinthemarket.8.Cryptoassets

have

also

been

at

the

forefront

of

the

regulatory

agenda

atthe

internationallevel.

International

standard-setting

bodies

(SSBs)

have

undertaken

a

number

of

initiatives

to

capture

risksnot

previously

covered

in

their

frameworks,

clarify

the

application

of

existing

principles

and

promote

thedevelopment

of

effective

and

internationally

consistent

regulatory

frameworks.

The

BCBS

has

publishedprudential

standards

for

banks’

activities

and

exposuresrelated

to

cryptoassets.10

The

FATFhas

amendedthe

scope

of

their

standards

and

recommendations

to

apply

to

financial

activities

involving

cryptoassetsandcryptoassetserviceproviders.11

TheCPMI-IOSCOhasclarifiedtheapplicationof

existingprinciplesoffinancial

market

infrastructures

to

stablecoin

arrangements

primarily

used

for

payments

that

areconsidered

systemically

important

financial

market

infrastructures.12

The

FSB

has

published

high-level89The

regulatory

perimeter

describes

the

boundary

that

separates

regulated

and

unregulated

financial

services

activities

anddetermines

the

type

and

scope

of

rules

(eg

on

licensing,

safety

and

soundness,

consumer/investor

protection

and/or

marketintegrity)applicabletofirmsconductingregulatedactivities.According

to

a

recent

report

by

the

FSB,

data

on

cryptoasset

markets

in

general,

and

DeFi

in

particular,

are

opaque,

inconsistent,and

unreliable.

This

is

due

to

the

difficulty

of

aggregating,

reconciling

and

analysing

the

vast

amount

of

data

available

ondistributed

ledgers;

the

pseudonymous

nature

of

information

on

publicledgers,

which

limits

the

abilityto

determine

the

typesof

crypto-asset

investor

involved;

the

large

number

of

off-chain

transactions

and

other

off-chain

data;

complex

ownershipstructures

and

loan/investment

relationships;

and

the

lack

of,

or

non-compliance

with,

reporting

requirements

producingconsistentresults.SeeFSB

(2023).101112SeeBCBS(2022).SeeFATF(2019,2021).A

stablecoin

arrangement

(SA)

is

an

arrangement

that

combines

a

range

of

functions

to

provide

an

instrument

that

purportsto

be

used

as

a

means

of

payment

and/or

store

of

value.

The

CPMI-IOSCO

guidance

on

the

Application

of

the

Principles

forFinancial

Market

Infrastructures

(PFMI)

to

stablecoin

arrangements

covers

systemically

important

SA

primarily

used

forpayments.

The

transfer

function

of

a

SA

is

comparable

to

the

transfer

function

performed

by

other

types

of

financial

marketinfrastructure

(FMI).As

a

result,

an

SA

that

performs

this

transfer

function

is

considered

an

FMI

for

the

purpose

of

applying

thePFMIand,ifdeterminedbyrelevantauthoritiestobesystemicallyimportant,theSAasawholewouldbeexpectedtoobserveallrelevantprinciplesinthePFMI.SeeCPMI(2022).Crypto,tokensandDeFi:navigatingtheregulatorylandscape7recommendations

for

the

regulation,

supervision

and

oversight

of

global

stablecoin

arrangements13

anda

proposal

for

the

framework

for

the

international

regulation

and

supervision

of

cryptoassets

activities

andtheirmarkets.149.This

paper

provides

an

overview

of

policy

measures

by

financial

authorities

in

19jurisdictions

and

global

SSBs.

Policy

measures

refer

to

initiatives

which

aim

to

address

the

risksassociated

with

the

different

activities

which

incorporate

cryptoassets

and

smart

contract

functionalities

intheprovisionoffinancialservices(referredinthispaperas“cryptoassetactivities”).

Thepaperisbasedonan

extensive

review

of

publicly

available

information15

of

policy

measures

by

authorities

in

the

19jurisdictions

covered16

asofend-March2023as

wellasanalysisbytheauthors.1710.The

remainder

of

this

paper

is

structured

as

follows.

Section

2

describes

the

criteria

used

toclassify

the

policy

measures

covered

in

the

paper.

Section

3

presents

policy

measures

on

centrallymanagedcryptoassetactivities.Section

4describes

policy

measures

oncommunity-managed

cryptoassetactivities.

Section

5

describes

policy

measures

on

users’

direct

exposures

to

cryptoassets

and

relatedactivities.Section6outlinesfuturechallengesandconcludes.Section2–Definitionsandcriteriaforclassifyingpolicymeasurescoveredinthispaper11.At

present,

there

is

no

universal

definition

of

a

“cryptoasset”.

Authorities

covered

in

thispaper

use

different

terms,

definitions

and

taxonomi