Proposed regulations on the right track, and what to watch out for in the meantime.
More security and regulations for service providers is required to protect South African consumers from losing access to their assets, as in the Canadian case of Quadriga.
Quadriga set off warning bells around the globe when it was revealed that millions of dollars’ worth of cryptocurrency could not be accessed because CEO Gerald Cotten was the only person with the recovery codes needed to withdraw the currency.
Marius Reitz, general manager of Africa for global cryptocurrency company Luno, agrees that the Quadriga case highlights the need for cryptocurrency regulation. Reitz says the proposed regulation is definitely the right starting point in terms of increasing protection for consumers. “However, the focus must shift to further regulating service providers. For example, business conduct requirements should be imposed upon crypto currency service providers.These should include a comprehensive overview of the security arrangements the service provider has in place, together with evidence that there are experienced personnel who can effectively implement and monitor such systems and processes,” he suggests.
“Regulation will provide consumers or potential consumers with the comfort that the service they are dealing with is held to defined regulatory standards. Imposing regulations will, in turn, enhance general trust in and stability of the market,” he says.
Dr Arif Ismail, head of fintech at the South African Reserve Bank, has previously confirmed that there is currently no recourse for consumers who find themselves defrauded in any scams related to crypto assets.
“The crypto industry is still in a developmental phase and there are related risks when dealing with assets that are created and largely managed over the internet. Some of these risks relate to the pseudonymous and in some cases anonymous nature of crypto assets as well as the safekeeping (custodianship) of public and private keys. These keys grant access to the assets. The safeguarding of the keys and access to assets are stored at different levels– offline (cold wallets) or online (hot wallets). Online wallets are more open to cyber theft. What’s clear from the Canadian case is that these processes require careful review by authorities,” he says.
Bridget King, director of finance and banking at Cliffe Dekker Hofmeyr, notes that the South African proposals for cryptoasset regulation include provisions that crypto service providers and their clients must comply with FICA requirements, which effectively bans anonymous purchase of crypto assets. “The comment period on the regulation proposals expired last month and after assimilating the comments received, South African authorities will have to decide if they are going to amend existing laws or promulgate new legislation. The registration requirements for service providers will protect consumers to a certain extent and there is also the suggestion of trade reporting requirements so that government can monitor the number of South Africans that are trading in cryptoassets and the volumes that are being traded,” she says.
Ismail confirmed this, saying that following review of comments and input received, the paper will inform a policy perspective on crypto assets and a potential regulatory regime, giving proportionate attention to the risks identified.
What you should be asking
Reitz says it is also important to check who the cryptocurrency service provider is partnering with and what business continuity arrangements are in place. “In the case of Quadriga, no business continuity arrangements were in place and that would have been critical to avoid the current situation,” he says.
Reitz suggests that consumers ask the following questions before conducting business with a cryptocurrency exchange:
- Do I trust the team building the product or service?
- Do they understand and implement secure key storage?
- Do they have a strong technical and engineering background?
- Do they have security features like two-factor authentication or integration with security partners?
- Do they undergo regular security and financial audits?