Citing a “growing interest” amongst the public in “blockchain-based digital assets,” the Malaysia Securities Commission has issued a proposed regulatory framework for the issuance of ICO’s (initial coin offerings) and is asking for the public’s feedback.
The proposal actually contains many cogent suggestions that improve upon the dangerous status quo so far demonstrated in the world of ICOs.
The paper’s introduction however, is off-putting, because it reads at times like an ICO-promoting commercial document and contains arguably naive claims about “blockchain’s” power and significance as a technology.
While it is true that digital tokens, “have the potential to act as an alternative asset class for investors…(and that their use) is in line with the SC’s mandate to promote the development of the capital market,” cryptocurrencies and digital tokens should not be overestimated and have been systematically abused by an “ecosystem” that has so far largely ripped off investors (claims by vociferous crypto haters like Nouriel Roubini are largely true, alas).
Before I question some of the claims in the introduction to the Malaysia Security Commission’s Proposed Regulatory Framework, I will list some of the proposed definitions and rules.
First, the document contains a definition of securities similar to that laid out in the American Howey test, namely that an ICO is a security if investors pay money for tokens if the issuer pools investor funds and also gives the impression that a return will result from the transaction.
Any such product will have to be approved by the SC under it’s proposed framework.
The SC lists the following risks involved in ICO-issuance and investing:
- issuers may be offshore and difficult to authenticate/hold accountable
- unregulated/unlicensed individuals (and platforms) increase the risk of pump-and-dumps/asset manipulation
- ICO may be structured to limit issuers’ liability
- online circulation exposes the token to theft by hacking
…and prudently responds to these risks by proposing that ICO issuers:
- be locally incorporated
- have a minimum capital of RM 500,000 ($122,635 USD)
- not be publicly listed
The SC is also requiring that the Board and senior management collectively hold 50% equity holding in the ICO and not be able to sell their tokens for 18 months.
I would recommend a longer holding period because ICO monies have often been spent on hype procedures (including glamorous parties, vanity purchases, publicity stunts involving expensive props like models and high end cars).
These hype trains can carry for some time in typically irrational ICO culture pervaded virus-like across social media.
It should also be noted that companies like ConsenSys are still struggling to deliver colloquially “revolutionary” products that also have proven market appeal and user adoption.
The Ethereum ICO was conducted in 2014.
The SC also proposes that half an ICO-issuing company’s board be Malaysian.
The ICO issuer should also have conflict-of-interest-mitigating policies in place, should have a “cyber resiliency” framework and should ensure KYC/AML compliance.
The SC is also proposing a ceiling of RM 100 million raised ($24,527,000 USD).
These funds should be deposited in a separate trust account maintained by an independent custodian at a licensed bank.
Withdrawals of ICO funds should also only be permitted as a company meets milestones set out in the white paper.
The SC also proposes a prohibition against 3rd party endorsement (ie. celebrity endorsements) and proposes that annual and quarterly reports be provided.
The proposal also includes thorough disclosure terms for the white paper.
The framework also seeks “to mitigate instances of fraud while protecting market integrity…(via a) two-pronged approach…(entailing) authorization for the offering…of the ICO and…registration of a disclosure document (the white paper)…”
The SC, which directly regulates crowdfunding platforms now, says it “intends to apply a similar approach for ICOs,” whereby trading platforms are obligated to vet listed projects:
This due diligence includes:
“…amongst others, taking reasonable steps to conduct background checks on the issuer with a view to ensure the fit and properness of the issuer, its directors, senior management and controller. Furthermore, the platform operator must also verify the business proposition of the issuer.”
All the above guidelines sound quite good, and the Malaysian SC seems to understand how to reasonably regulate the markets it is familiar with.
I do take exception to some of the overly-sanguine claims around “blockchain” contained in the proposal, which almost read like they come directly from ICO marketing materials.
“Blockchain technology is based on the concept of a distributed ledger.The distributed ledger is maintained and updated by independent nodes within a network and is secured by cryptography. It provides an ecosystem where the network participants can confirm and create ledger entries without the need for a centralised party or intermediary. The ledger entries are then recorded in ‘blocks’ and the blocks are ‘chained’ together in sequence providing an auditable and tamper-proof history.”
First of all, any privately-controlled crypto-token network does not have “independent nodes.”
Arguably, Bitcoin is the only truly public blockchain, and some have questioned even this, although Bitcoin does seem to be the most “distributed” and anarchic crypto network.
If a crypto network is private, this means it is in fact orchestrated by a central authority.
Critiques of ‘enterprise blockchains’ and ‘shitcoins’ (private crypto tokens) have come mainly, but not exclusively, from the Bitcoin camp.
“Blockchain” critics like Bitcoin programmer Jimmy Song would argue that companies like IBM, which are selling “enterprise blockchain” solutions, appear not to have created real blockchains, but have instead improved their shared database products by adding encryption features available since the 1970s.
If a crypto network is not really decentralized, they don’t need a blockchain. They just need a database with some encryption features, Song and others argue.
Bitcoin was created to operate publicly and by consensus. Data entries there are logged via an expensive and slow process of gamed encryption.
Computers on the network compete to guess a number used to encrypt the latest data. If they win, they get a reward of Bitcoins.
This procedure is absurd any time a database can be administered by a trusted party in a private business.
The Malaysian SC should also note that most “blockchain” ventures, including the majority of ICO-funded projects, have now either failed or have not realized the tech and customer relevance they promised.
Perhaps I have to swallow that the inaccurate use of the term “blockchain” has simply been cemented in public discourse. But regulators should seek to know better.
Malaysia’s ICO-regulatory proposal also makes mistakes regarding debunked “blockchain’s” powers to “immutably” record data:
“Examples of such applications include being used as a form of proof of ownership and provenance (for example land titles or the sourcing of ethical goods), record-keeping (for example storing university certificates and medical records) and in the case of finance, to facilitate remittances and trade finance, or to effect clearing and settlement activities. The technology is applicable across industries and is not limited by sector.”
The above, unfortunately, are very naive claims.
First, if a blockchain is privately administered (as they must be in any competitive and commercial setting), system administrators can override the sanctity of the code to change or alter records.
This famously occurred when Ethereum administrators decided to modify Ethereum’s blockchain after the DAO hack.
A number of art galleries have sold “tokenized shares” of important artworks, but there is really no-one ensuring that they even possess these works.
Many other projects have promised that the “digital assets” they sell are backed by gold or diamonds or land, etc.
Can exchange platforms really be expected to assure these projects hold these items and for how long?
With regards to the integrity of supply chains: who will ongoingly assure that people who possess the encryption keys to log certain data on a blockchain do not eventually start taking bribes to compromise the accuracy of the records, for example?
These are just databases. They might be better in some ways, but they do not obsolete the need for oversight.
An ocean of consumer class actions awaits if regulators and investors continue to fall for the hype in the “blockchain” sector.