• Team Sygnum

Part 1: Crypto Licences: A lack of regulatory oversight?

What institutional investors need to know about licenced digital asset service providers

  • Crypto is facing a credibility crisis, as many “licenced” service providers lack the necessary regulatory oversight and requirements to operate with responsible business conduct

  • Regulators are clamping down on crypto companies by revoking thousands of licences as they begin imposing more rigorous licencing regimes and cryptocurrency laws

Investing your capital with a licenced financial service provider would seem like a smart investment decision for many. It means you are investing via a company that is certified by some form of recognised authority, which should also mean that the business is trustworthy, sustainable and adheres to strict regulatory practices. When investing via a licenced digital asset service provider (DASP), this conception is somewhat blurred as they may not necessarily follow the same criteria as traditional licenced businesses (i.e., banks, securities firms, etc.).

This may sound confusing at first since financial authorities are responsible for issuing licences to DASPs. But the reality is, DASP licences vary depending upon the country and/or jurisdiction of issuance, the licence type, and how authorities classify DASPs or digital assets within their respective regulatory frameworks.

For example, Switzerland classifies crypto financial services as “financial intermediaries” which means they are subject to the same traditional licencing requirements as say, a bank or other financial institution. On the other hand, Estonia classifies crypto financial services as virtual asset service providers (VASP) and are thus, required to hold a “VASP licence” to service digital assets.

DASP licences may be easier to obtain, particularly in countries that are more lenient towards crypto-native businesses (i.e., Estonia, Lithuania, off-shore countries). They are cheaper, require less organisational, financial and risk-minimisation requirements, and in many cases, can be managed from abroad. The lower requirements led to an influx of new DASPs who were now suddenly “licenced.”

Regulators are now tightening licencing requirements

From 2019 onwards, many would argue that holding a licence became the “norm” amongst crypto businesses. Some businesses began bending rules by aggressively marketing themselves as regulated entities, whereas some would even falsely market themselves as licenced services entirely (i.e., Hello Lending in Australia). The central issue is that most of these companies are, and were, not subject to proper regulatory oversight.

It has only been in the last 6-12 months that regulators (i.e., Estonia, Lithuania, Thailand, Singapore, Thailand, Hong Kong) began imposing stricter frameworks around licenced DASPs. Recent market events have further pressured regulators to clamp down on unregulated DASPs, but it was the collapse of some of crypto’s largest “licenced” lending and currency providers that led to a series of heavy financial losses across the industry. Although licenced, these companies (until now) operated largely without regulatory oversight. This questions the credibility of such companies and may require some licences to tighten their conditions in order to satisfy their purpose.

So why did these companies fail? Previously managing billions of dollars in customer assets, these crypto services lacked a number of central components (i.e., risk management, sound governance, healthy capital adequacy ratios, internal control systems) that licenced financial institutions are required to follow. For example, as markets became more turbulent, these “licenced” lenders and currency providers were not adequately capitalised to absorb a string of losses, and without reliable risk-minimisation procedures in place, this ultimately led to their downfall and collapse.

From lenient to less

The rapid developments of blockchain technology may have caused a lag between innovation and regulatory developments. Some would argue that applying traditional legal regimes (or legacy criteria) to crypto may hinder its innovation. In Estonia, however, the spike in licenced DASPs correlated with a spike in financial crime and money laundering operations, which consequently need to be managed by Estonian financial authorities.

Once a country with an extremely lenient crypto licencing framework, Estonia’s Financial Intelligence Unit (FIU) has begun clamping down heavily on licenced DASPs by revising the criteria needed (primarily higher capital requirements, domestically based, auditing controls, etc.) to obtain or maintain their licencing status. This led to the FIU revoking over 1800 licences[1] in the last 12 months alone, with circa 350-400 remaining that are either under investigation, in processes, and/or approved to continue their operations.

Why should institutional and professional investors care?

A country does not need to lax its laws to be considered “crypto-friendly” as applying well-known regulatory elements are primarily used to integrate security, accountability, reliability and customer protection into a company’s operations. These are elements that derive from what economies have historically learnt and should be imposed on businesses in order to fully appropriate blockchain technology and digital assets in a secure and stable manner. Without them, businesses may be unreliable and less inclined to execute responsible business conduct. They may collapse and fail during periods of market turbulence and unfortunately, it is the customers who pay the price.

For institutional and professional investors, these elements are essential before committing any capital via a DASP. However, investors should be extending their assessments by asking the following questions, irrespective of a DASP’s licence type and status:

Regulated, licenced DASPs should have the capacity to “take on the burden” of incorporating DeFi and crypto use cases into their service offerings. This allows investors to take advantage of high-risk opportunities, albeit in a secure and regulated manner. Should markets become volatile, these services should have the capacity to mitigate and absorb these risks, notify clients quickly and always acting in the customer’s best interest.

If not, are they simply a registered DASP with a licence to operate a service in a particular jurisdiction? Or is there an investigative and disciplinary authority to impose strict conditions to ensure they carry out responsible business conduct? Institutions and professional investors need to cement these questions into their investment evaluations.

The case of Celsius Network:

Celsius Network was able to offer services similar or identical to those of a bank (or other regulated financial institutions). Even though they were not subject to the same regulatory requirements, Celsius Network were taking deposits, giving out loans, and managed around USD 11.7 billion in customer assets from 1.7 million users as recently as May 2022[2].

Celsius Network marketed itself as a licenced DASP after receiving a financial lender licence in California and a credit loan licence in Missouri. But the fact was, until now, the crypto lending giant was operating largely without regulatory oversight. State regulatory agencies were even attempting to issue cease-and-desist orders against Celsius Network as early as September 2021[3], claiming that Celsius unlawfully offered unregistered securities in the form of high interest-bearing accounts used to fund their lending operations and proprietary trading.

Since Celsius did not hold a money transmitter licence and failed to register its accounts as securities, customers “did not receive critical disclosures about its financial condition, investing activities, risk factors, and the ability to repay its obligations to depositors and other creditors” - Vermont’s Department of Financial Regulation (DFR)[4].

In this regard, it would be more accurate to state that Celsius Network operated as an “unregulated crypto bank” and regrettably, its collapse has led the former crypto lending giant into bankruptcy proceedings and owing USD 4.7 billion to its customers according to its bankruptcy filing[5].

The case of Sygnum Bank:

In Switzerland, crypto service providers are subject to Anti-Money Laundering (AML) requirements and must either hold a Financial Supervisory Market Authority (FINMA) licence or become members of a self-regulatory organisation (SRO) recognised by FINMA. There are no special “DASP” licences hence, they must meet the same stringent criteria as any other Swiss financial service provider.

There are a variety of licences that may be applicable for crypto services, but in fact, almost all DASPs in Switzerland have pursued an SRO affiliation. This means they are not subject to further regulatory obligations as say, a bank or securities firm, both of which pertain to the strictest variants of conduct rules and other regulatory obligations that have been introduced since the 2007 Financial Crisis.

Sygnum holds a FINMA banking and securities firm licence and is thus, subject to prudential supervision. This supervision is determined by FINMA’s rating system which performs regular evaluations on financial institutions (a negative rating score means more oversight). This type of supervision is essential as its sole purpose is to protect creditors and maintain financial stability whilst ensuring the financial, legal and regulatory requirements are always respected.

Being a regulated bank also means that Sygnum is subject to regulatory obligations such as the Financial Market Supervision Act (FINMASA), the Banking Act (BankA) and the Financial Services Act (FinSA) - the latter which focuses on standards that strengthen investor protection, business conduct rules and transparency for clients.

Only 2 banking licences have been granted by FINMA to service crypto.

Concluding Remarks

Licence requirements vary upon country and jurisdiction so there is no systemic framework to assess the credibility of all licenced DASPs. But as an investor, you can improve your assessments by asking firm questions about their regulatory obligations and challenge their licencing status. Start by looking into their jurisdiction of issuance, and/or if there are any customer protection policies available. Note that as regulatory developments take shape, any DASP licencing policy may be subject to change as regulators begin revising conditions and cryptocurrency laws.

Switzerland is unique in its approach as there are no special treatments or licencing leniencies for DASPs. In simple terms, Sygnum is a licenced bank, so it must adhere to all regulatory variants of conduct rules and legal obligations of a Swiss bank.

Learn more about digital asset banking at Sygnum here.

[1] Krista Severev, Kätlin Krisak, Monika Tomberg. Virtual currency service providers to face further obstacles under a proposed new legislative act in Estonia. February 11, 2022: https://www.sorainen.com/publications/virtual-currency-service-providers-to-face-further-obstacles-under-a-proposed-new-legislative-act-in-estonia/

[2] Wayne Duggan: What Is Celsius? Why Is It Crashing The Crypto Market? Fortune. July 18, 2022: https://www.forbes.com/advisor/investing/cryptocurrency/what-is-celsius/

[3] Joe Light: Crypto Lender Celsius Told to Stop Offering Accounts in Kentucky. Bloomberg. September 23, 2021: https://www.bloomberg.com/news/articles/2021-09-23/kentucky-hits-crypto-lender-celsius-with-cease-and-desist-order#xj4y7vzkg

[4] Reuters: U.S state regulator says it believes crypto lender Celsius is “deeply insolvent”. Reuters. July 13, 2022. https://www.reuters.com/business/finance/us-state-vermont-regulator-says-celsius-lacks-assets-repay-customers-creditors-2022-07-13/

[5] Official Form 201: Voluntary Petition for Non-Individuals Filing for Bankruptcy. Southern District of New York. July 17th 2022: https://cases.stretto.com/public/x191/11749/PLEADINGS/1174907142280000000003.pdf


This document is purely for educational purposes and has been issued by Sygnum Group. It is not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful, nor is it aimed at any person or entity to whom it would be unlawful to address such a marketing communication. It does not constitute an offer or a recommendation to subscribe, purchase, sell or hold any security or financial instrument. It contains the opinions of Sygnum Group, as at the date of issue. These opinions and the information contained herein do not take into account an individual‘s specific circumstances, objectives, or needs. No representation is made that any investment or strategy is suitable or appropriate to individual circumstances or that any investment or strategy constitutes personalized investment advice to any investor. Therefore, you must verify the above and all other information provided in the document or otherwise review it with your external advisors. Some investment products and services, including custody, may be subject to legal restrictions or may not be available worldwide on an unrestricted basis. The information and analysis contained herein are based on sources considered as reliable. Sygnum Group uses its best efforts to ensure the timeliness, accuracy, and comprehensiveness of the information contained in this document. Nevertheless, all information indicated herein may change without notice.