How Should Regulators Think About Consumer Protections over Bitcoin?
According to Andreas Antonopoulos, that depends on:
- The business model of the entity engaging with Bitcoin transactions, and
- Who has control of the funds: the business or the consumer?
There's a stronger case for regulators to enforce consumer protections when the business provides services similar to a traditional bank like custodial role and wallet services. For instance, before it filed for bankruptcy in 2014, Japan-based Mt. Gox hosted the largest bitcoin exchange while having custody of customer Bitcoin assets. Under this centralized model, Mt. Gox had control of customer assets on its exchange (70 percent of global bitcoin transactions), and those funds weren't insured against catastrophic events including insolvency or liquidity risks.
Since the virtual currency exchange wasn't regulated, and customers didn't have guarantees to claiming money back unless the exchange goes bankrupt, customers were left to fend for themselves. Woes with crypto exchanges didn't stop with Mt. Gox; major competitors including Bitfinex and Bitstamp suffered security breaches with customers bearing the brunt, causing further reputation risks and concerns from public officials.
On the other spectrum is if consumers are in direct control of their Bitcoins and manage their own private key through cold storage of assets (offline), that affords them consumer protections and security over their own funds. Under this operating model, there's a weaker case for external regulators to get involved.
Source: LedgerWallet (Ledger Nano S example of cold storage device)
Lastly, there are cases without clear regulatory implications, like a multi-signature business model, where an entity acts merely as a signatory or an extra layer of authentication for a transaction. That entity wouldn't have direct custody over customer Bitcoin. In this scenario, it's unclear whether external regulations are needed.
Bottom line: The first line of defense for consumer protections is an educated consumer aware of the business she's dealing with, as well as best practices for securing her assets against fraud and other cybersecurity risks. Bitcoin, and more broadly cryptocurrency, is fundamentally a different model than money payment services like Paypal, which is a centrally controlled entity dealing with fiat currency on existing financial rails. Therefore, the risk management framework guiding consumer protections should be evaluated carefully by external regulators before taking formal actions.
Below, Andreas offers regulators a risk management framework to weigh benefits vs. costs of consumer protections, privacy and security