The loss of about $190 million of investor money resulting from the death of the founder of crypto-currency exchange Quadriga CX demonstrates the regulatory gaps and necessity for better oversight, say lawyers active in the area of blockchain technology.
“I think Quadriga CX is going to be the case that turns things in Canada and kick-starts regulation because this problem could very well happen again,” says Chetan Phull, founder of Smartblock Law PC, a cyber-tech law firm in Toronto focused on blockchain, data privacy, IT contracts and litigation.
“Quadriga CX, I think, will trigger Parliament to act and regulate crypto-exchanges more like banks,” he says.
On Feb. 5, the Supreme Court of Nova Scotia granted Quadriga CX creditor protection for 30 days, under the Companies’ Creditors Arrangement Act. The company is represented by Maurice Chiasson and Sara Scott of Stewart McKelvey and the court appointed Ernst & Young Inc. as monitor of the process, which will be represented by Elizabeth Pillon and Lee Nicholson of Stikeman Elliott LLP.
In a statement made Feb. 5, the company said it filed for creditor protection because it has been unable to access its customers’ crypto-currency and could not get the funds to settle customer withdrawal requests.
Historically, the threat to cybersecurity in crypto-platforms has typically been a breach from an outside third party. What makes the case of Quadriga CX unique, says Phull, is that the exact opposite is the problem. The money is locked, as if in an indestructible safe with no way to open it. The security of blockchain technology became its peril, as the only way to access the wallets containing the digital currency died with the owner of the exchange, Gerry Cotten, who left no password behind.
“I'm hoping this case illustrates the importance of not just data security from the standpoint of breaches but also data security from the standpoint of putting these impenetrable locks on data that can never be accessed again because of irresponsible conduct,” says Phull, whose firm focuses on data privacy and cybersecurity.
Regulators around the world wrestle with crypto-currency’s ambiguous status — certain types in certain contexts can take the form of a currency, commodity or security, all of which apply different regulatory frameworks. In Canada, crypto-currency does not meet the legal definition of money and most regulators are treating it as a commodity, but it can also be used as an investment contract, for example, to raise funds for a startup, in which case it is a security, says Phull.
“There really isn't anything in our laws that would regulate a company like Quadriga CX," says Mike Stephens, a partner at Fasken Martineau DuMoulin LLP in Vancouver.
Though Quadriga CX was run without the contingency measures that would have protected its customers, Stephens says, there was not much regulators could have done, as the company exists in the gap between the jurisdiction of securities regulators and the jurisdiction of the Financial Transactions and Reports Analysis Centre of Canada, which regulates money transmitters.
Crypto-graphic instruments are not defined as securities, though some regulators in Canada “infill the definition of securities” to include them by applying the Pacific-Coin test, he says.
To determine if an investment is a security and, therefore, needs to be registered with a provincial securities regulator, Canadian courts apply the 1970 Supreme Court case Pacific Coast Coin Exchange v. Ontario Securities Commission. The case produced a test: A financial arrangement is an investment contract if it includes an investment of money in a common enterprise, with the expectation of profit from the efforts of others. Pacific Coast Coin follows closely the 1946 U.S. Supreme Court case Securities and Exchange Commission v. W.J. Howey Co., which applies a nearly identical test.
“Quadriga CX, having been the first major exchange in Canada, was the first entry point for many Canadian early adopters, and so this entire situation came as a shock to many of us,” said Aaron Grinhaus of Grinhaus Law Firm PC.
Grinhaus, who wrote the textbook A Practical Guide to Smart Contracts and Blockchain Law, says he expects that recent amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act will be helpful but until the Canada Revenue Agency, securities regulators and FINTRAC get on the same page, there will be ambiguities that will be exploited by practitioners but will be “remarkably detrimental” to regulators.
“In a perfect world, the securities regulators would be regulating crypto-exchanges,” says Stephens. “But we need to have the regulation to kind of bring it under their jurisdiction, for sure. And then we don't have Quadrigas in the future.”
In responding to the Quadriga CX matter, Stephens says Canadian authorities need to undergo a process of “education, evaluation and, ultimately, legislation,” in order to mandate internal processes of crypto-businesses.