top of page

FinTech & Financial Services Business Innovation and Digital Asset Regulation

Updated: Nov 26, 2021

Companies Look to Gain an “Unfair” Competitive Advantage via Innovation

The main purpose of business is to gain competitive advantage and leverage innovative business models and creative use of technology to deliver compelling value to customers. Incumbents traditionally achieve this through business transformation, acquisitions and outcomes of specialized R&D initiatives. Those operating in regulated industries, such as financial services, healthcare, and insurance, are traditionally slower to innovate. This is partly due to time consuming and costly regulatory compliance requirements. It is also important to note, though, that the barrier to entry regulations cause, also significantly reduces the threat of competition. This is why highly regulated industries, have traditionally, insulated those operating in them from highly disruptive threats. When threats emerge, incumbents expect regulations and regulators to dampen the impact of such threats by setting a high-bar to enter the sector.

This has been the traditional model for most disruptive technologies. The internet, mobile, cloud, etc. we can all think of incumbents that were disrupted, some out of business. However, regulated sectors such as financial institutions, healthcare providers, insurance firms, etc. took decades to adapt and still survived, This is why, the Canadian healthcare system still uses faxes as a predominant means of communications; we are still working on payments modernization to settle payments in seconds instead of days, support rich data, and the most basic of banking APIs to enable a handful of open-banking applications. Incumbents were able to get away with this approach, as regulations helped hinder any serious competition.

Enter a new era of decentralization with Web3 and blockchain technologies that enable intrinsic means to transfer value, make payments, invest and trade instantly in almost any manner you would in traditional finance, and do so in digital assets globally, and from pretty much anywhere in the world.

Businesses, especially start-ups like FinTechs can leverage the trifecta advantage of decentralized blockchain technology; ability to exchange value in form of digital assets without threat of double-spend; and create new business models to differentiate themselves.

As such, businesses have many options, as illustrated below, from investing treasuries in cryptocurrencies to fund raising via a token offering, to launching new products and services. Public sector organizations from state/central banks to municipalities are exploring the technology alongside the business model innovation blockchain provides. However, unlike most technology plays, when it comes to the use of digital assets and blockchain, regulations and compliance are an integral part of the equation.

Regulators want to Protect Consumers while Encouraging Innovation and Economic Development, However, ...

Regulators insist that their view to regulation is to balance protecting consumers while encouraging innovation, however, the current situation makes innovating very difficult, costly and the notion of compliance highly unpredictable. As illustrated below, companies must go through a series of considerations including legal, regulatory and compliance to determine their corporate strategy.

Startup businesses as well as incumbents must consider regulations, in some cases, similar to those that large financial institutions, such as banks, payment networks and securities exchanges have to. This can make compliance in these cases to be highly costly and time consuming.

The myriad of regulations a business may need to comply with in the blockchain and digital assets space is also large. The table below only covers a subset of all possible regulations businesses may have to meet.

The cost of which for a start-up can range from tens-of-thousands of dollars at the low end to several hundreds-of-thousands of dollars and even more, specially if there is any possibility that the use of digital asset can be termed a security or if prudential requirements to protect consumers apply.

Regulators must rethink how this makes innovation accessible to everyone in every corner of the world. It simply doesn't.

And this leads to regulatory arbitrage and a tendency to focus on de-risking exposure rather than compliance, as even the term compliance is questionable in such circumstances.

The types of regulatory requirements and costs depends on many factors, including:

  • How the regulator(s) interpret the digital asset's use, its function, design, transmission;

  • The dynamic nature of digital assets. The fact that digital assets are programmable in code, and their characteristics are not always static. That is, gold is gold, a dollar is a dollar, but a token can take on different forms from being used as a simple utility to perform an essential function within the platform, like video game credit, to a store of value, collateral for yield farming, security to raise investments, a derivative, etc.;

  • The jurisdiction. For some regulations like taxation, the location of the business determines its tax regulations, for securities it depends on the location of the investors and also the business. All it may take is one unintended investor to allow that jurisdiction's security regulator to consider the business within their nexus of regulation;

  • Licensing requirements. Its not just about the digital asset and its use, but what the business is enabling to be done with the asset. For instance, while a cryptocurrency trading platform may only be trading native cryptocurrencies - which some regulators (such as, in the US) consider a commodity and tax authorities treat as either an intangible asset or property depending on where you are and who the regulator is - the platform itself may well be treated as a securities exchange, and hence securities laws would apply to the platform;

  • In addition to this, many countries and regions are looking to employ banking laws and regulations such as prudential rights of asset holders, especially for stablecoins, to ensure that the assets are protected - much like the FDIC/CDIC insurance against holder default, liquidity of assets specially for stablecoins, and transparency of governance

Challenges in Digital Asset Regulations Drive Innovators Towards a “Minimize Risk” Mindset vs. Compliance

In many instances, regulations are fluid, uncertain and conflicting. And in some cases, such as in the United States, regulatory agencies like the SEC and CFTC are in the midst of what looks like a turf war over who should be the prime regulator of digital assets. The market capitalization of over $2 Trillion is likely aiding this.

There are three main reasons why regulators and regulations are struggling, each of which impact innovators differently as illustrated below.

  1. An emerging and evolving asset class. As noted earlier, digital assets are programmable and hence can be dynamic in design, use and function. This means they can behave as a commodity in one instance (i.e., ether in a wallet or exchange), and a security in another (the same ether now used to fund synthetic tokens and derivative trades) - As this makes for a moving target as far as regulators are concerned, multiple regulations can get invoked, making compliance costly, uncertain and complex, and potentially impeding innovation;

  2. Regulator mandate and scope . The lack of regulatory clarity, further complicated by the dynamic nature of some digital assets as described previously, can lead to multiple regulators fighting a turf war over who is the prime regulator. Take for example, the case in the US where the SEC and CFTC have had several public fall-outs on who the prime regulator is, as well as whether digital assets are securities or commodities. In some cases, a token may be considered a security token in the US be the SEC and a utility token in the EU under the newly proposed MiCA regulation. The case of Ripple vs. the SEC in US court will be a landmark ruling, as it will, hopefully, bring some clarity to this. All of this again makes compliance costly and also very confusing. One sometimes wonders what compliance actually means - compliant as per what regulation, under which regulator, where, for whom, when, and under what circumstance?

  3. Local vs. global (decentralized). While regulators and regulations generally tend to be bound to a country or region, by design, public-permissionless blockchains, their decentralized application, decision making, governance, and digital assets are designed to be decentralized and distributed. Users are generally distributed globally also. While what constitutes the "minimal level of decentralization" to be considered a commodity rather than a security is not well defined from a regulatory perspective, what makes something "decentralized enough" seems to be a combination of the following:

    • Timing. Did the project achieve significant scale prior to regulation, like ether with the Ethereum blockchain?

    • Decentralized Infrastructure. How distributed is the blockchain infrastructure and topology?

    • Decentralized governance. Is the blockchain itself public and permissionless? i.e., anyone can join, and read/write, without a subset of nodes controlling access and rights;

    • Decentralized Autonomous Organization (DAO). Is the entire set-up of the functioning and governance of the organization in software (decentralized application - dApp) or does a company or specific individuals make decisions and have control?

    • Monetary gains. Is there a central entity who gains monetarily or are the gains made within the system between the makers and the takers, who are many and distributed? and

    • Jurisdiction. Which jurisdiction and agency is considering nexus - for instance, under the newly proposed European Commission's Markets in Crypto Assets* (MiCA) regulation what is considered a utility token, may be considered a security token by the SEC. The current Ripple vs. SEC case illustrates the point and the decision will set a precedence in this regard, at least in the US

So what are Innovators Doing?

Without commending or recommending any of these approaches, we are sharing some of what has been observed. Clearly, there is a spectrum of approaches ranging from the absolute violators of any regulatory policy from those that just give up as a result of costs and regulatory uncertainty. We do not discuss these extreme cases here.

Here are some of what we've observed:

  1. Relocate to jurisdictions with "crypto-friendly" regulatory posture. These countries include the Bahamas, Estonia, Malta, Lithuania, and Switzerland to name a few. One has to be watchful though, as many of these jurisdictions are focused more on AML/CFT compliance regulations for exchanges and digital asset businesses. Locating here, doesn't mean all other regulations have been met, especially for issuance of digital assets to residents of other countries that may consider such assets to be securities. The benefit of being in the EU is that, as mentioned earlier, the European Commission has proposed new rules known as Markets in Crypto Assets (MiCA) to regulate currently out-of-scope digital assets like stablecoins as well as their service providers. Once achieved, this will do two things,. Firstly, it will offer a pan-EU regulation on digital assets applicable to all residents and businesses in the EU. Secondly, it will introduce rules that are not currently covered to protect consumers. These include Prudential regulations, which are being seen specially critical for stablecoin issuers and platforms to comply with. These new regulations can be expensive to comply with, but come with the advantage of covering an entire region of 27 countries in a go. MiCA proposes easy to get started with regulation processes. This includes proposals like - businesses start by issuing a public whitepaper on their website to initiate registration. This approach is far better than what we are seeing at this time in the US and elsewhere, and far more conducive to compliant innovation. However, in general, businesses should be cognizant of both local and international laws and regulations that may have extraterritorial effect on them - "market participants making inaccurate disclosures in connection with digital assets, whether by misleading statements or omission, may expose themselves to enforcement risk, even if investors do not actually suffer a loss."

  2. Prioritize product features to reduce exposure to regulations. Many startups that are in the early stages of fund-raising and developing their MVP and even post-MVP that want to reduce regulatory-exposure will prioritize product features to delay such capabilities that may expose them to regulations. Examples include AML/KYC or becoming a licensed crypto-exchange, etc. They often delay such capabilities until they have the funds to comply.

  3. De-risk by launching first in "lower risk" or "crypto-friendly" countries. Another way to reduce exposure that businesses are exploring is to offer their services only in countries where the regulatory exposure and risks are minimized. They may launch, at a later time, when they are better funded or when clarity of regulation exists in high-risk markets.

  4. Design-a-little, fund-a-little, build-a-little, comply-a-little, go-to-market, iterate! This basically sums up the startup process, with the addition of compliance. Some startups will raise the initial seed round through a private sale with a promise to comply with regulatory requirements once funded, as the costs for registration and compliance can be high.

  5. Decentralize and scale fast. Notwithstanding all of the previous observations, many Decentralized Finance (DeFi) offerings are focused on a Decentralized Autonomous Organization (DAO)-model where no humans or corporations are involved, instead a smart contract dApp is launched on a public-permissionless blockchain, typically accompanied with a decentralized governance model via governance tokens. In many cases, money is made by the participants and holders of the DAO tokens and not a single entity or business. All decisions are made in code and governed by a group of decentralized holders of tokens. In essence, there is no single "throat to choke" for regulators. These projects want to also scale their user and governance base quickly. Some view this as an approach prior to finalized regulations. However, as noted earlier, to what degree decentralization is required is undefined. The SEC in the US after the 2016 DAO tokens hack has stated that such issuances, despite being called a DAO will be treated as securities. We expect this area to be regulated and the holes to be addressed eventually. However, this will likely happen through several court cases and it will likely not be a short process.


In summary, the fragmented and gap-filled state of regulations is leading to regulatory arbitrage. While many regulators aim to balance innovation with protection of users, this is proving to be a tough task, despite intensions. As a result, compliance can become extremely costly and time consuming, making it inaccessible by startups and innovators in developing countries with lower buying power. We see a combination of approaches used by innovators to de-risk exposure to regulations through regulatory arbitrage, prioritizing product features and markets to first launch in.

For a more thorough understanding of blockchain and digital asset - from technology, product design, business strategy and planning, governance, and regulatory compliance you can take these live-streamed webinars anywhere globally or contact us for a consult.



bottom of page