In one of my favourite James Bond movies, Casino Royale, the villain Le Chiffre sells stocks short in an aerospace company and then tries to sabotage the launch of a new super-airliner by blowing it up. Bond eventually prevents the terrorist attack and saves the day, but had the attack succeeded, the company would have become worthless and Le Chiffre would have made a fortune (that is at least the logic of the movie). It’s a great, though hopefully not very realistic example of Market Abuse by manipulating a market.
What’s that to do with the blockchain? Well, some time around June 17 someone stole $60 million worth of a cryptocurrency called ether from an organisation called the DAO. To explain it in very few words, the DAO is an organisation built on smart contracts and funded through a cryptocurrency called ether, everything based on the blockchain technology. Not long after the attack, rumours started to circulate that a short bet on ether was placed on one exchange for cryptocurrencies shortly before the attack. One has to bear in mind that because a particularity in the DAO, the drained funds cannot be withdrawn for at least a week, maybe more, and that in the meantime the organisation will launch some form of counterattack (leaving details how exactly this might happen aside) to recoup the ether. That means that from the start it seemed unlikely that the attacker would ever have access to the funds, raising the questions about the motives.
Hence, the short bet seems to be a plausible explanation (however, there have been messages by people claiming to be the attackers insisting that merely a loophole in the DAO’s code was legally exploited or intermediaries indicating that the attackers are holding out for a ransom in exchange for the frozen ether), though it might just be an early conspiracy theory and it remains to be seen what comes out of it. In any case, it would be a classic example of market abuse through manipulating devices or “Trash and Cash” (also known as “Short and Distort”). The martial term of Trash and Cash basically means taking a short position in a stock in a company and then disseminating misleading negative information about the company with a view to driving down its price, though usually limited to expressing very bearish views on the stock price or even distributing false information out. However, the rise of the Internet and subsequently the increasing number of cyberattacks might make it more common in the future that, for example, a planned attack on a company website or its services could be used for this form of market abuse (just like Javier Bardem’s villain Silva in Skyfall suggested: “destabilize a multinational by manipulating stocks? Bip. Easy! […] Just point and click.”)
Obviously, this is covered by laws and regulation such as criminal law in respect of the attack itself (disregarding the view of the attacker expressed in an open letter that in the actual DAO attack no rules where broken, but merely a loophole in the code exploited), but then there is also the regulatory aspect, which, for example in the UK, is governed by the Market Abuse Regime (to be precise MAR 1.7 of the Financial Conduct Authority’s Handbook).
But the concept of punishing someone for making a profit by illicitly driving a share price down based on false information or comparable actions can be found in other legal systems, too. In Japan market abuse is regulated through the Financial Instruments and Exchange Act. In Australia market abuse practices like market manipulation and other market misconduct practices are expressly prohibited under the Corporations Act as amended by the Financial Services Reform Act. Although the concept of market abuse is not expressly and statutorily defined in the US, the regulation and prohibition of market abuse practices is covered by several different US federal securities laws like the Securities Act, the Securities Exchange Act, the Insider Trading Sanctions Act or the Securities Fraud Enforcement Act to name a few legal sources. To get back to the UK example though, it is important to remember that its Market Abuse Regime is to a large extent based on EU legislation, in particular the Market Abuse Directive of 2003 (section 118 of the UK Financial Services and Markets Act 2000 is another important source) and that this is currently undergoing significant changes: regardless the UK’s recent vote to leave the EU, the new Market Abuse Regulation will become applicable on 3 July (please note that all EU legislation will remain applicable in the UK until the separation is concluded, which is likely to take at least two years), which itself further add to the protection against and the enforcement of market abuse.
One question that comes up though is whether a short option on a virtual currency traded on a cryptocurrency exchange is covered by the respective market abuse regime. For example, the current Market Abuse Directive focuses on equity instruments, while the new Market Abuse Regulation (MAR) seeks to extend the scope of financial instruments significantly. MAR itself doesn’t talk about virtual currencies and the most recent discussion paper of the European Securities and Markets Authority (ESMA), a European Union financial regulatory institution and European Supervisory Authority, that discusses the role of Distributed Ledger Technology applied to securities markets, recognized that MAR could be relevant as well but are not discussed in this paper given that ESMA is of the view that initially the DLT will primarily be explored for post-trading activities, i.e. clearing, settlement, and securities servicing. Having said this, one shouldn’t assume that national and EU regulators aren’t looking into this. The working group on virtual currencies of the French government already highlighted in a report published in June 2014 that virtual currency exchanges present problems for users due to the risk of market abuse. The European Banking Authority (EBA) reflected these concerns in a report on Virtual Currencies shortly after, pointing out that to address the risk drivers of opaque price formation and market abuse, exchanges would need to be subject to market abuse requirements to prevent insider dealing and market manipulation.
The HM Treasury published a report in March 2015 “Digital currencies: response to the call for information”, which states that the UK government intends to apply AML regulation to digital currency exchanges and considering further regulation.
On the other side of the Atlantic, the U.S. Commodity Futures Trading Commission (CFTC) did explore whether Bitcoin would fall under the definition of commodities and thus within the market abuse regulation like the Commodity Exchange Act.
These examples are very much in line with the general approach of regulators around the globe, which can currently seen when it comes to the question of regulation of FinTech aspects: authorities try to get a better understanding of the technology, how it fits in under existing regulations in order to decide whether and which kind of amendments to current rules or new ones are required.
But we’re getting carried away since the point was to establish that market abuse is a punishable offence by law in many jurisdictions. However, what jurisdiction applies when an attack occurs on an organisation that takes pride in being nowhere and everywhere? At the core of a DAO, which stands for Distributed Autonomous Organization, lies the principle that it is governed not by people but coded computer programs called smart contracts, which are distributed through a network of connected computers that could basically be anywhere on the planet, so which laws should apply? All? None? Well, even though machines decide in DAOs, someone still has to be responsible, or in liable in legal terms, for this construction, like who designed or wrote the first code, and a court is likely to use that to decide the question.
So, the bottom line is that despite the apparent lack of clear and straightforward rules that deal with market abuse and cryptocurrencies, the questions surrounding jurisdiction in case of a potential violation, it is very likely that regulators would find a way to persecute the kind of market manipulation as outlined above. I would even say that offenders shouldn’t take too much comfort in technology and means to disguise their identities either. After all, for a long time people felt that online black markets like the Silk Road where safe places for illegal activities until its founder, Ross Ulbricht got caught by the FBI and sentenced to a life in prison (in addition to drug dealers that used the Silk Road for drug dealing and were convicted).
Thus, regardless the open legal and regulatory questions and though it may take time for enforcement agencies to catch up, chances are they will get you and they might not even need the help of James Bond!