Finance
Specials
On-chain Eco
Entry
Podcasts
API/RSS
Social
What industry consensus is included in the "Draft Digital Asset Industry Standard" launched by SBF?
Summarized by AI
Original author: SBF, founder of FTX
Original compilation: Leo , BlockBeats
On October 20, the FTX official website released the "Reasonable Digital Asset Industry Standard" written by SBF ( Possible Digital Asset Industry Standards), discussion topics include: "Sanctions, Allowlists and Blocklists", "Hacking and Accountability", "Asset Inventory, Security Definition", "Tokenized Stocks", "Customer Protection, Information Disclosure and Applicable Sex”, “DeFi” and “Stablecoin”. The SBF said the set of standards is only a draft, but while we wait for a comprehensive federal regulatory regime, we as an industry can provide transparency and protect customers, and we should treat it as an industry codebook that seeks to build consensus. SBF also said that ideally, some industry group would carefully study the topics in the paper, revise them, and publish a set of community norms deemed reasonable. Otherwise, this article does not constitute legal advice, nor is it intended to override any relevant laws. This article is only intended to call on the industry to build consensus and provide transparency and protection within its capabilities.
The following is the full text:
The document contains a draft set of standards that encryption as an industry should promulgate to create transparency and protect customers while awaiting a full federal regulatory regime , as an industry specification manual, trying to build consensus. The author of this article is Sam Bankman-Fried, but neither he nor FTX is sure that this standard specification is completely correct-this is only a draft.
Ideally, some industry group should mull over these topics, revise them, and publish them Consider the appropriate set of community norms! To be clear: there is no legal advice in this article, nor is it meant to override any relevant laws. We just want to maintain as much clarity and protection as possible during this time.
Sanctions, whitelists and blacklists
Basically, I believe that< a href="https://twitter.com/SBF_FTX/status/1574560415170035712" target="_blank">Blacklisting is the proper way to comply with sanctions in the blockchain.
Possible choices are:
- Allow all transfers.
-Prohibit transfers between sanctioned parties (i.e. declare these transfers illegal and hold violators accountable), otherwise allow other peer-to-peer transfers.
- All transfers are prohibited unless specifically permitted by the institution.
Allowing all transfers opens the door to major financial crimes, banning all transfers (unless institutions allow it) Stalls commerce and innovation, and shuts out the economically disadvantaged. Maintaining a blacklist format is a fine balance: banning illegal transfers, freezing funds related to financial crimes, while allowing commercial activity.
Worth emphasizing: If you need a whitelist for transactions, all commerce will grind to a halt. Want to buy a bagel at the corner store? It is best to prepare your passport, proof of address, telephone, email, and SSN! I wish 7-Eleven was a broker-dealer. (Imagine if a passport is required to buy a bagel, what happens to people who don't have one?)
< /p>
Maintaining the presumptive freedom of peer-to-peer transfers and decentralized blockchains (unless there is concrete evidence of fraud, illicit finance, etc.) is absolutely essential. At the same time, the biggest hole in sanctions compliance right now is timing - what happens if illicit financial activity is discovered after it has occurred but before the funds are transferred to all platforms?
What does this actually mean? (To clarify, "actually" here means "how things should work in a perfect and logical way"). Everyone should respect OFAC's Sanction List (btw, this is already the law).
To make everything clearer and more transparent:
- There should be a real-time updated on-chain list of sanctioned addresses, maintained by OFAC or a responsible person. The Ministry of Finance should clearly disclose which address exists on the sanctions list and how to resolve it.
- The centralized application can then query the list of sanctioned addresses in real-time to avoid sending These addresses transfer and receive funds from these addresses.
- this list should be transitive: if A is sanctioned, B goes to A $1 million, then B's address itself should be tokenized. By utilizing a public blockchain ledger, we can ensure that sanctioned entities cannot transfer funds to new wallets to evade sanctions. However, this is not easy; we must ensure that the dust attack does not harm innocent people.
- If flagged funds are unilaterally transferred to your address there should also be a way To fix your address: Because transfers are unilateral, it may not be your decision to receive funds from a sanctioned address. Therefore, there should be a "frozen funds" address (and possibly a burn), possibly maintained by OFAC, where you can send previously received marked funds, repairing your address; unless you are trying to transfer sanctioned assets to another An address, otherwise your address should not be tagged. In other words: transferring sanctioned funds is sanctionable; receiving them is a chance to restore one's account.
- Additionally, trusted participants should maintain their own list of on-chain addresses that Addresses may be suspected of being linked to financial crimes. There should be a standardized format. To clarify, these addresses are not the same as sanctioned addresses; there should be no laws against transacting with these addresses. However, many people may find it useful to refer to these lists. This also facilitates cooperation between exchanges.
- This will help strengthen sanctions compliance and ensure we as an industry can Efficiently maintain blacklists while still allowing economic freedom in general.
Finally: We should try to implement a system similar to the previous one to help us respond to events quickly. If this is quickly and instantly updated on-chain, we can better respond to events and effectively freeze assets.
Hacking and accountability
Hacking of digital assets Ecosystems are extremely destructive. The hacker community is too large. At the same time, the industry does a pretty good job of identifying and labeling addresses carrying funds, so even if the funds are gone, hackers may not actually be able to take advantage of most of them.
1, we should formalize this so that the primary trusted party will Associated addresses are added to their public list of suspicious addresses. Therefore, both centralized and decentralized protocols are able to quickly freeze the relevant addresses.
2, Whenever there is a security breach, there is usually a negotiation between the hacker and the protocol; usually the hacker will offer to return the part ( but not all) funds in exchange for some kind of immunity.
a. In theory, such a transaction is feasible: it can protect Clients, saving companies and protocols, can still give generous bug bounties to the party that finds them.
b. But in fact, every negotiation It's all stressful and controversial. (We know that usually, the victim here is the hacked protocol, and the hacker is not a "good actor") In many cases, the lines between bugs, hacks, market manipulation, and transactions can become blurred, Because the two sides have very different views on it. Also, there is no consensus on how much should be returned.
c. So, I propose a new Community Standards: 5-5 standards. Suppose there is a gap and A takes x dollars from the abc agreement. Suppose abc has y dollars in reserves on hand:
-First , to protect customers. A should not get anything until the client is compensated, which means that if x > y, then at least x-y dollars must be returned to abc. For example, if A takes $1 million and abc has only $800,000 in reserves, then A must return at least $200,000 to ensure that abc's reserves and abc's customers are relatively matched. This is the most important part. Clients must be afforded the utmost protection.
-Second, the only constructive solution is A working in good faith and intending to cooperate, giving back from the start most assets. There is no negotiation or insistence, and an attempt to use this standard as a backup plan.
-Third, assuming that the previous two (first and second) are satisfied, A at least To return 95% of the assets. In particular, A is allowed to keep the lesser of 5 percent of $x or $5 million. The rest is returned to abc. For example, if A takes $1.5 million, he keeps $75,000 and returns $1.425 million; if she takes $150 million, she keeps $5 million and returns $145 million.
-Fourth, if A follows the 5-5 standard and maintains the integrity of the abc agreement customer, He keeps the minimum amount (5 % of what she took, $5 million) and returns all the rest, then the amount she keeps is considered a (possibly very generous) bug bounty: he actually did no harm to the protocol client, He returned most of what was taken and helped alert the abc (publicly) to a loophole.
-Fifth, by default, A has one day to return (according to 5- 5 standard) the portion he does not deserve. So, to be clear, A can't hold out and then take 5-5 as a fallback; A intends to return the asset from the start.
- Sixth, if A does not follow the 5-5 standard, that is, if she Keep more than his "fair share" and she'll be seen as a "bad character" by the community.
- Seventh, please note that to be clear there are no legal or regulatory claims here; this is just A proposal for norms for the crypto community.
3, the key is: Create and follow a clear consensus standard to identify exploiters functions; ensuring clients are protected; incentivizing those who find security holes in the protocol to follow consensus standards, ensuring they will.
4, why the 5-5 standard?
- I have no idea what the correct number ratio is and would love to support alternatives!
-butIf you follow the 5-5 standard, historically, the impact of hacking attacks will be reduced by more than 98%.
- this is a huge improvement - my hunch is that accepting the 2% cost is well worth it for the vast majority of problems of. I think it's very important for the industry to create a standard that can drastically reduce the impact of a security breach. I'm also not sure what the correct standard is, and am more than open to suggestions on that!
A list of assets; also, what is a security?
So far, the industry A central question that investors sometimes have to answer is whether a particular asset is a security. In general, BTC and ETH are not considered securities; many long-tail tokens that are investment contracts are securities. However, some are unclear.
Ultimately, there may be legislative, regulatory or judicial clarity on this issue. Until then, at least FTX plans to:
- First, our legal team will Assets are analyzed against the Howey test and other relevant case law and guidelines. If the analysis finds it to be a security, we treat it as a security.
-If the analysis shows that it is not a security, we generally treat it as a non-security commodity, Unless the asset is deemed a security by the SEC and/or an appropriate court of competent jurisdiction.
- If we do discover that an asset may become a security unless/until proper registration process for this asset, otherwise we would not be listed in the United States.
For all assets listed on our federally regulated platform, we intend to publish a Similar to an (informal) registration statement, an overview of assets. Click for details
< /p>
Ideally, eventually digital assets becoming a security would not be a bad thing: while protecting customers and allowing innovation, there is a clear The digital asset securities registration process. We remain happy to work constructively with regulators to develop and act on security tokens within the regulatory framework.
Stock Tokenization
I think, in the end, blockchain technology will be in the < a href="https://twitter.com/SBF_FTX/status/1548292379488137218" target="_blank">There is great potential to improve traditional market infrastructure.
On January 28, 2021, retail investors traded on multiple trading platforms including Robinhood Buy a lot of specific stocks like AMC and GME. With these share prices going up, investors made a lot of money mark to market, but it also created a problem for the market, it took two days for shares to settle (USD could take months, especially with ACH and credit cards), There is a certain degree of uncertainty and the risk that the other party will not be able to deliver. This means that on January 28, retail investors had billions of dollars in unsettled gains.
For example, a typical retail stock trade goes through a large number of entities:
- A's Mobile Agent
- A's Securities Clearing Company
- A's Bank
- PFOF (Order Flow) Company B
- Clearing Company of B
- Bank of B
- DTCC (Depository and Clearing Corporation)
- Darkpool (dark pool) C< /p>
- Clearing Corporation of C
- Bank of C
- DTCC (again)
- PFOF Corporation D
< p>- D's Clearing Firm- D's Bank
- DTCC (again)
- Stock Exchange
- DTCC (again)
- then give the other side more
single stroke Invest in over 15 entities! Each entity has certain settlement risks. So if retail investors make billions in a day, you have hundreds of entities, each of which may need billions of dollars in spare capital in case any one entity in the process fails to deliver later .
Once an investor's profit exceeds the regulatory capital of a poorly capitalized broker, these Dealers are then shut down and in some cases liquidated to make sure they don't make more money - money that the broker can't guarantee. Under the current stock market structure, there is a limit to how much retail investors can earn!
< /p>
But on January 28, digital assets maintained trading liquidity. Why?
Because if A wants to buy SOL from B in exchange for USDC, A will ’s USDC is sent to B, B returns SOL, and seconds later—for a fee of only $0.0005—the transaction is fully settled, with no unresolved settlement uncertainty or risk, so essentially no regulatory capital is required. If there is a transfer or transaction between two platforms, they simply send the appropriate assets on the blockchain to the other platform, again eliminating settlement risk within seconds.
To sum up:I think stock tokenization will help simplify securities settlement , to provide a stronger and fairer market structure for retail.
What's holding this back? I think the most important thing is regulatory transparency: For example, what does the liquidation, custody, registration, issuance, disclosure, etc. of tokenized AMZN shares look like?
Client Protection, Disclosure and Suitability
Clarity to help protect investors The approach is to provide transparency and prevent fraud. Investors deserve clear and understandable information about the assets they care about, and regulators should crack down on any misrepresentation or materially misleading marketing claims.
I also think that in general, systems should not run on credit knowingly - especially For retail investors. In general, retail investors should not lose more than the amount they have deposited into a platform, and any loan failure by a platform that could socialize the losses of other innocent investors on that platform should be heavily scrutinized. This is one of the core elements of our liquidation model proposed in the DCO amendment.
If you have enough information disclosure and transparency, do not make investors bear more than their deposits risk, and to police fraud, then the remaining core part of customer protection is suitability. In other words, who are the right users for a particular product? One can determine suitability in a number of ways, usually a trade-off between economic freedom and risk.
There is no single perfect procedure for determining suitability, but in general, I think the Knowledge-based testing is the appropriate approach for clients and is much better than wealth-based criteria.
Here are various ways to determine who has access to a particular product:
a. Only investors with a net worth of at least x dollars can invest in this product
b. Only investors with at least y income Only USD investors can invest in this product
c. There is a test based on the platform and product mechanism: only investors who pass the test can invest in this product
d. Anyone can access any product as long as it is not a scam
e. The platform should choose its own The question of who can access their product
(a) and (b) is twofold. First, they may reinforce class barriers: Only the wealthy have real access to the financial ecosystem, so only those who already have a lot of money are allowed to earn money, exacerbating economic, racial, and rural disparities. Second, it's unclear whether it's doing a good job of protecting investors. I have found that the users who have had to do the most in their lives to achieve financial stability tend to be the most informed, experienced, and knowledgeable users, and I don't buy those who claim to exclude the poor from financial freedom Beyond that is the claim of effective customer protection.
The problem with (d) is that you'll find people taking advantage of people who don't know what they're using People on the platform, they take risks they don't know and don't want to take.
(e) can mean many things, but "platform choice" is often fraught with bias and exclusion, creating ivory towers of financial access.
In my opinion, (c) is the most appropriate. Instead of making assumptions about economically disadvantaged populations, or condescending to any particular group, it directly addresses users' biggest fears: that people will use products they don't understand and take risks they don't want to take. In general, America is founded on freedom and individual choice, economically, financially and rhetorically. But that doesn’t allow platforms to take advantage of consumers with misleading, deceptive, or sloppy offerings. Therefore, I support the implementation of knowledge-based testing rather than asset-based testing to determine product suitability.
If our amendment is approved, to demonstrate our plans to launch FTX US Derivatives, we've built a website that encompasses a full suite of customer protections - from disclosures to explainers to knowledge-based quizzes.
DeFi
In the context of the current regulatory framework, DeFi is ultimately The innovations that may result are critical. This is also one of the trickier questions to consider.
But there will never be a perfect answer; go forward. Here's a naive regulatory heuristic suggestion for using DeFi.
On the one hand, your behavior feels more like freedom of speech, freedom of expression, and mathematical constructs: Those are purely writing code, deploying it to a decentralized blockchain, or validating blocks against the chain's rules. Decentralized code is like speech. Your structure, on the other hand, looks more like a centralized financial service: hosting a website that empowers and facilitates access to DeFi protocols or products for U.S. retail investors. Centralized GUI and marketing are like regulated financial activities.
This means:
- Uploading code to the blockchain does not A financial license is required (as long as it is not illegal/evil)
- similarly, verify The main responsibility of the program is to correctly validate blocks, not to judge or monitor them
-However, Some licenses/registrations etc. may be required for the following activities: hosting a website on AWS, providing a US retail front end for a decentralized protocol; marketing DeFi products to US retail investors.
Example:
- You can write code for the DEX and upload to the blockchain without a license.
- You can trade on a DEX without a license, as long as you are purely using your own money, not managing a fund.
- You can do peer-to-peer transfers without a license, though you still want to avoid sending it to sanctioned addresses.
- The goal of the validator itself is simply to confirm whether the proposed block complies with the rules of the blockchain, rather than individually parsing and governing regulatory content.
- If you have a website that allows US retail to easily connect to and trade on a DEX, you may need to register it as a broker Merchant/FCM, etc., KYC verification is also required.
- If you are actively marketing to US retail investors, some registration may be required - either from you or from the product you are promoting.
- DAOs with pure on-chain activity do not need licenses - similar to individuals, however DAOs controlling a centralized GUI or to the US retail market might.
-It is extremely important that chaincode and DeFi remain free, open and free from censorship.
This is a compromise and not perfect in any firm position of. But I think it's reasonable. It allows for continued innovation in core technologies and freedom of expression, while requiring licenses for retail marketing or activities similar to traditional financial brokerage, creating a layer for regulators to strengthen consumer protection and market integrity.
I am very open to suggestions in this regard! A thing may have many variations. But most importantly: How and where it fits(or not) The regulatory environment for DeFi and things related to it is a difficult one The problem is also a problem that has not yet been settled. We should be cautious about making decisions without establishing a reasonable and responsible standard for this.
Stablecoin
Click to view proposals for community standards for Stablecoins (until there is a clear regulatory framework).
Stablecoin presents a huge opportunity to modernize and democratize payments, both at home and abroad . We should adopt regulatory policies that support them while guarding against any systemic risks.
In short, any stablecoin that is stable against the USD should be at least supported by the The Stablecoin is backed by an amount of U.S. dollars (or Treasury bills/bills issued by the federal government) and should be kept up to date with public information and audit proofs.
Original link
欢迎加入律动 BlockBeats 官方社群:
Telegram 订阅群:https://t.me/theblockbeats
Telegram 交流群:https://t.me/BlockBeats_App
Twitter 官方账号:https://twitter.com/BlockBeatsAsia
