On September 18, at approximately 1:00pm Eastern, the golden age of cryptocurrencies came to an abrupt end. At that time, the Office of the New York Attorney General dropped a report on the operations of many major cryptocurrency exchanges that found serious faults with both specific firms and the industry as a whole. Most ominously, the report stated that it had referred three platforms that had declined to provide information voluntarily to the NY AG to the “Department of Financial Services for potential violation of New York’s virtual currency regulations”.[1]

For a field that has thrived for nearly a decade in an environment where regulators generally tried to have a soft touch, this report was a rude awakening. Yet, the report and the response to it also shows the two paths that lay open to crypto currency in the years ahead: increased engagement with regulators in a way that leads to mutually acceptable regulation, or an escalating series of confrontations that just may kill this new product class in its cradle.

In many ways, it’s surprising that a US regulator hasn’t dropped a similarly tough report or package of regulations yet on cryptocurrency. Even after a burst of negative events, significant volatility, and a number of hacking events, there was no crackdown on crypto from any one body or swiftly called congressional hearing to question the utility of cryptocurrencies. Instead, Members of Congress raced to join Blockchain caucuses, prudential regulators didn’t try to find a fatal flaw in the products, and the SEC and CFTC under both Democratic and Republican Chairs declined to throw tough new regulations on cryptocurrencies.

Yet, into that vacuum of regulation ran the New York Attorney General. In mid-April of this year, then-New York Attorney General Eric Schneidermann announced that his office was launching the “Virtual Markets Integrity Initiative”, a fact-finding inquiry into the policies and practices of platforms used by consumers to trade virtual or “crypto” currencies like bitcoin and ether.”[2]As part of that initiative, Schneidermann’s office announced that it had sent “sent letters to 13 major virtual currency trading platforms requesting key information on their operations, internal controls, and safeguards to protect customer assets”.

The response to this effort was relatively muted. While Kraken publicly and loudly refused to comply with the NY AG’s information request, there were no other public objections to the inquiry. In fact, Gemini quickly announced that it “applauds the Attorney General’s focus on this industry and the Virtual Markets Initiative”, and Coinbase “applaud[ed] the OAG for taking action to bring further transparency to the virtual currency markets”.[3]With the industry largely adopting a stance of publicly complying with the information requests and Schneiderman himself forced to resign less than a month later following allegations of physical and sexual abuse, the probe seemed more likely to fizzle out than anything else.

Yet, the NY AG’s report that dropped last week ended up containing more than a few incendiary bombshells. Across over 40 pages, the NY AG provided a comprehensive diagnosis of problems within the cryptocurrency industry, focused on the 10 firms that voluntarily provided information. Perhaps most disconcerting was the report’s claims that many exchanges were not doing enough to confirm users’ identities and prevent unauthorised access. As the report notes, many of the 10 exchanges are prohibited from operating in a number of states, with two, BitFinex and Tidex, “prohibited in all of the United States”.[4]However, the report alleges that eight of the exchanges don’t block the use of masked virtual private networks (VPN) addresses to access their systems, and several firms require users to turn over only a minimal amount of personal information before they may trade. One firm, Tidex, only asks users for a name, email and mobile number. Given that one of the primary complaints about cryptocurrencies has been the risk that it could be used as a means of money laundering or evading sanctions, the report suggests that at least some of those fears may be grounded in reality.

The report also raised serious concerns about operations at many firms. According to the report, only four of the 10 firms have formal policies in place to deal with market manipulation. Given the overall lack of prohibitions on traders using VPN to access these firms’ systems, the report implies that all the firms may have difficulties actually preventing and stopping market manipulation. “Where a platform – for example, Bitfinex – neither requires documentation to execute a virtual currency trade nor takes active measures to block access via VPN, there is reason to question the effectiveness of that platform’s efforts to address manipulative or abusive trading activity.”[5]

The report further suggests that conflicts of interest abound in the industry. Per the report, only one firm, HBUS, prohibits employees from trading on its platform, and half the firms engaged in some variation of proprietary trading on their own venues.[6]

Additionally, “No platform articulated a consistent methodology used to determine whether and why it would list a given virtual asset.”[7]The report does make clear that many of the firms have some policies in place to disclose information that touches on some potential conflicts of issue. Yet, the report consistently compares cryptocurrency firms unfavourably to more established financial markets on these points, and the report suggests that the exchanges’ primary response to complaints about conflicts is to stress that “their trading desks had no informational or other trading advantage over customers”.[8]

However, not all the alleged issues that the report alleged with cryptocurrency platforms seem to be borne out as actual problems. At various times, the NY AG report seems to find fault with cryptocurrency platform practices that are common in other financial markets. For instance, the report expresses concern that “several platforms reported that they had no formal policies governing automated trading”, despite the fact that no major US regulator has finalised regulations on algorithmic trading in any major financial market.[9]Similarly, the report also suggests that the ability for professional traders to utilise co-location and complex tools on these platforms means that there is a “preference” given to professional traders over  “other platform customers”.[10]Yet here again, the report seems to be discovering issues with cryptocurrency exchanges that are endemic to other major financial markets.

While some observers may read these complaints as evidence of a lack of knowledge within the NY AG’s Office about financial markets and grounds to ignore this report’s conclusion, such a perspective may miss the forest for the trees. The NY AG isn’t the entity responsible for most financial regulation in New York. That responsibility belongs to the New York Department of Financial Services. It is possible that experienced financial regulators may find other major issues with those firms if they also undertake their own serious review.

And it appears such reviews are likely to begin in the near future. As mentioned above, the NY AG announced that it was referring three of the four firms that didn’t provide the request for information to the Department of Financial Services for further review. While at least one of those three firms, Kraken, has responded volcanically to this news, these actions are likely to only increase the scrutiny all cryptocurrency firms will face. After all, the general view among regulators is that any firm that seeks to refuse a request to engage with regulators must have something to hide.

Meanwhile, some employees of at least one major federal financial regulator were sharing the details of the report on social media, and the head of CME Group said last week that the report’s allegations were concerning. It is likely that the report’s findings of issues with many platforms’ policies on unauthorised access and operations will spur additional investigations by the major financial regulatory bodies, if only to show that the regulators are not ignoring potential risks. Other state attorneys general or state securities regulators may create their own cryptocurrency initiatives. There may also be increased scrutiny from Capital Hill in the new year as a likely bevy of new, more liberal Members look for issues to champion that are in the news.

The greatest danger posed by the report, however, is the possibility that the Treasury Department increases its scrutiny of whether cryptocurrency is being used as a growing means of money laundering and sanctions evasion. Many of the issues flagged by the NY AG report suggest that cryptocurrency platforms may not be adequately protected from such illicit activities. There is a real danger that key actors in the Treasury Department, which is less invested in the success of cryptocurrencies than the market regulators, may decide that the risks of cryptocurrencies to current anti-money laundering and sanctions reforms outweigh their benefits and begin pushing to crack down on cryptocurrency platforms.

Regardless, the report heralds the end of an era for crypto. For nearly a decade, cryptocurrency was allowed to develop relatively free from government oversight and regulation. Now, cryptocurrency is in the spotlight for a host of regulators and law enforcement agencies. How the cryptocurrency responds to this change will determine the next 10 years for the industry. Engagement with the regulators may be somewhat costly, but likely will allow the industry to keep growing and in a way that is more amenable to institutional investors. Efforts to stonewall the newly interested and skeptical regulators could result in the industry being killed in its cradle. One way or another, there’s about to be a sea change for crypto currencies in America.