Bitcoin, Europe and digital colonisation: an analysis of the EBA report

The European Banking Authority (EBA) recently published its opinion on virtual currencies (they include Linden Dollars and other gewgaws in the definition, but it’s really only Bitcoin that is of consequence). The EBA’s considered opinion is that European financial institutions should shun Bitcoin like a dead skunk and go nowhere near it until the ‘scheme operators’ are persuaded to change Bitcoin to be managed by a wise and omniscient regulator. To understand why their opinion is so ridiculous we have to delve into the report and uncover just what paucity of understanding there is within the EBA of how things work.

1. One of the tasks of the EBA, in accordance with Article 9 of its founding regulation, is to monitor new and existing financial activities and to adopt guidelines and recommendations with a view to promoting the safety and soundness of markets and convergence in regulatory practice.

The EBA was founded in 2011, two years before the banking crisis in Cyprus led to capital controls and bank deposit confiscations. This failure happened on the EBA’s watch yet when listing a large number of risks (which are actually very few, as we shall see) there is a portrayal that “more than 70 risks” are uniquely risks to do with Bitcoin. It’s possible that the EBA has some kind of institutional blindness to this because of the general failure of European regulators in the financial crisis.

The EBA doesn’t demonstrate a strong grasp of how Bitcoin works:

3. In their decentralised variant, VC schemes tend to be created online using powerful computer hardware, which allows users to ‘mine’ small amounts of the currency by solving deliberately complex algorithms.

Bitcoin doesn’t ‘solve algorithms’. Sloppy wording of technical matters of this kind betrays the facile understanding of a non-technical person. The uncertain tentative wording used in some places confirms this. For example:

The increase in the supply of VC units in the decentralised VC schemes that exist is said to be fixed by a mathematical protocol.

So it is ‘said to be fixed’? Does this mean the authors spoke to someone with expertise but couldn’t really follow them or didn’t really trust them? Or because they tried to read a newspaper article about how Bitcoin works but didn’t really understand it? If the latter this is inexcusable since for some time there have been some very good articles that in general terms but with precision explain how Bitcoin works.

Similar hesitant language is used throughout the report:

For Bitcoins, the total process time is said to be between 10 and 60 minutes.

Again and again through the report there are misunderstandings of how Bitcoin works:

Only small amounts are released over time, and the computing power required to mine a unit increases over that time.

This isn’t true: the computing power required is scaled up or down to ensure a fixed transaction rate. The only reason is has been increasing is that mining has become a gold rush. One day in the future it’s perfectly possible to see the computing power of the Bitcoin network to fall. How mining plays out in the final stages is difficult to foresee and there are different scenarios possible. This doesn’t prevent the EBA from drawing its own conclusions based on no particular knowledge of mining:

Other subtle aspects of Bitcoin seem not to be understood at the EBA:

23. VCs can be (i) transferred from one user to another via electronic means, (ii) stored on an electronic device or server and (iii) traded electronically. However, it does not exclude physical transfers, the storage of copies in other forms (e.g. paper, minting and engraving) or that the VC is traded in other ways.

Bitcoins cannot be ‘copied’ by physical means. The private key used to sign a transaction can be given to someone on paper, but all this does is let them transfer bitcoins – it does not prevent the sender doing so beforehand (because there is no way to prove they have not retained a copy of the key). Physical embodiments of bitcoins are merely a novelty for amusement purposes only (or for providing stock photography to illustrate newspaper articles). This is a subtle issue that will not be understood by a cursory examination of Bitcoin and goes to the heart of precisely how Bitcoin is secure.

This apparent lack of understanding of how a blockchain is secure then leads the EBA to draw some bizarre conclusions:

46. Due to the absence of intermediaries, VC transactions can currently be achieved at lower costs than other means of payment, such as payment cards or bank transfers. This is partly due to the absence of any regulatory requirements that would guarantee the safety of those means.

In other words, Bitcoin can’t be secure because it’s not being told to be secure and therefore it’s skimping on essential compliance and that’s why it’s cheaper.

Such a bizarre lack of perspective by a regulator is commonplace through the report. It’s almost as if the EBA cannot conceive of a finance world that is not structured as it always has been. For example the EBA gives this crazy view of how Bitcoin is controlled:

34. A scheme governance authority is a legal person establishing and governing the rules for the use of a VC scheme, maintaining a central payment ledger, and who is responsible for the integrity of the scheme.

This view is carried over to their recommendations for regulation of Bitcoin:

155. A governance authority may, at first, appear incompatible with the conceptual origins of VCs as a decentralised scheme that does not require the involvement of a central bank or government. However, the mandatory creation of a scheme governance body does not imply that VC units have to be centrally issued. This function can remain decentralised and be run through, for example, a protocol and a transaction ledger.

When you have a hammer, everything looks like a nail. When you’re a regulator, everything looks like it can be regulated by an authority. The EBA doesn’t accept that a blockchains can be secure (obviously, given the hesitant cursory understanding demonstrated earlier) but it believes that dominant participants can emerge to control Bitcoin anyway:

If it is true that the decentralised VC schemes are secure, it should be possible for market participants to establish themselves as scheme governance authorities.

But if nothing can control these participants then don’t go blaming the regulator:

However, if a legal person is not able to exercise authority over market participants and is therefore unaccountable to a regulator for compliance purposes, it would be unreasonable to expect a regulator to guarantee integrity in their place.

In other words it’s a case of “Don’t come telling us that Bitcoin has no central control. That’s crazy. Someone must be in charge, and we’ll tell them what to do. But if they don’t obey, it’s not our fault, OK?”

It’s all very odd. I suspect that this huge misunderstanding of Bitcoin stems from a lack of expertise within the EBA. Of course, lack of competence within a regulator is not an unknown problem.

The EBA doesn’t seem to understand Bitcoin fees:

VCs can also be less expensive for merchants as payees as well as for payers to whom transaction costs may be partially passed on. Although reliable and independent data on the exact costs of VC transactions is difficult to ascertain, some anecdotal suggestions have been made that average transaction fees on the Bitcoin network tend to be less than 0.0005 BTC, or 1% of the transaction amount.

The transaction fee market in Bitcoin is still nascent because at present miners are incentivised by minting new bitcoins rather than fees. At present transactions can be run for no fee at all, but in no case are fees a percentage of the transaction. It’s inexplicable how the EBA arrives at this view of fees.

49. However, several caveats need to be made about these alleged benefits. Firstly, the cost advantages are not guaranteed, as miners of popular decentralised VCs such as Bitcoins currently tend to be compensated by both transaction fees and a share in recently mined VC units. It is reasonable to assume that, as the number of newly issued VC units decreases over time, miners will have to rely more on transaction fees to recoup their investment of processing power. It is therefore reasonable to assume that transaction fees will increase in the future.

The use of the passive tense “it is reasonable to assume” is a giveaway that unjustified assertions are being sneaked in. The truth is that it’s not reasonable to assume this. Even a cursory examination of the economics of mining today show that the investment in hardware is amortised over a period measured in weeks rather than months. Quite how mining plays out in the end game where no new coins can be minted is open to debate. I wrote at length about the energy consumption of mining because one of the end-game issues is whether mining will turn into a commodity business driven by comparative advantage on electricity and cooling costs (e.g. data centres in Iceland). One view of fees comes from seeing them as bids in a transaction auction, where pending transactions compete for transaction slots. Another view says that current transaction rate limits will be lifted in the future making them cheap (amortising marginal mining costs over a much larger number as Bitcoin becomes widely adopted, thereby lowering fees). Regardless of the outcome, one thing is certain: it’s not reasonable to assume that fees will increase in the future.

Secondly, most merchants that accept VCs tend to convert them immediately into their local FC, an activity that also incurs costs (estimated to be 1% of the amount to be exchanged).

The high spreads on Bitcoin conversions is due in part to limited liquidity. This would be improved by more participation in the market by existing financial institutions – something the EBA seeks to prevent with this report. It is a little like the son who murdered his parents asking the court for clemency because he’s an orphan.

For the EBA, Bitcoin isn’t doing anything new but rather cheating the system:

Thirdly, the higher fees for other means of payment transactions are partly due to the regulatory requirements imposed on the regulated entities that provide them, as a result of security measures, corporate governance, internal control measures, prudential requirements and more.

Should VCs schemes be regulated as a financial service, associated (although perhaps not identical) costs will inevitably impact upon VC service providers as well. These compliance costs will negate at least some of the cost advantages that VC systems are currently enjoying.

This is a theme repeated through the report: that Bitcoin has nothing new to offer because all it’s doing is avoiding the necessary costs of doing business. That is, of course, a complete misunderstanding of how Bitcoin works (although a natural conclusion if you believe that Bitcoin is really controlled by Satoshi in his lair). As an aside, it is nice for the EBA to so clearly lay out that in the end the cost of regulation falls squarely on the users of financial services rather than the financial institutions – something they might like to tell their colleagues who are forcing through the Financial Transaction Tax.

The “Bitcoin has nothing really new to offer” conclusion is augmented by a shameless “we don’t need Bitcoin in Europe anyway because the banks here are going to be wonderful” self-promotion:

As of spring 2014, the SEPA consists of 34 countries, including the 28 EU member states. Furthermore, the EU regulation on the equality of charges for cross border payments eliminates the differences in charges for cross- border and national payments in euros. As a result, the costs arising for payers and payees when making cross-border transactions through conventional payment services is already low or, indeed, free, therefore significantly reducing the cost advantages of VCs in Europe.

I am sure ordinary people in Cyprus will be thrilled to hear this.

The EBA seems very confused about Bitcoin transactions being irrevocable:

53. VC schemes allow merchants to avoid having to refund transactions, particularly those that are based on an alleged non-fulfilment of a contract. In conventional FC payment systems in some jurisdictions, merchants have been reported to complain about large numbers of consumer-initiated payment charge backs that were based on false claims that a product had not been delivered.

54. The downside of this benefit is that, for payers, the irrevocability of transactions does not allow consumers to be protected against error or fraud resulting from the merchant or other actors.

Already today a huge number of payments have no recourse: cash. The world gets along with cash and knows the risks of paying with cash. For large sums, people use electronic payments with some kind of insurance and recourse for when things go wrong. Bitcoin in its basic use is no different to cash, but unlike cash it also allows for counter-signing of transactions. This means a third-party dispute resolution service could exist to either enforce a refund or enforce payment to a merchant. Because Bitcoin is in a nascent state this isn’t happening yet, but we are already beginning to see cloud wallet services use countersigning (by the customer) as a mechanism to stop systematic fraud and theft.

These features of Bitcoin are largely unknown to ordinary people (I’ve never seen them discussed in newspaper articles) but they will become more and more important as Bitcoin becomes more widely adopted. Damning Bitcoin today because of ignorance of the possibilities is not what we are entitled to expect from a regulator that should have acquired expertise in the topic.

One of the consistent themes in the EBA report that clearly worries the authors is of anyone being able to create a virtual currency:

User suffers loss when the exchange they interact with does not exchange VC against FC (A02)
71. The risk can arise because anyone can anonymously create (and subsequently change the functioning of) a VC scheme.

It’s clearly astonishing to them that Dogecoin, Stalwartbucks and Dr. Evil Dollars can be created at whim. It doesn’t seem to have occurred to them that running up “Bank of Toytown” notes on an inkjet fools no-one and that similarly no-one is going to be fooled into thinking Stalwartbucks are worth anything either. Selling a cow for a pocketful of magic beans is a fairy tale, not the foundation of a financial risk assessment system. In any case, it’s not a risk for Bitcoin since it has already been created and Satoshi Nakamoto can’t change the scheme rules.

Most of the reports I have read on the EBA opinion cite ’70 risks’ for Bitcoin:

67. Approximately 70 risks can be identified as arising from VCs. Some of these are similar, if not identical, to risks arising from conventional financial services or products, such as payment services or investment products, while others are specific to VCs.

In fact, many of the 70 or so risks are in fact general financial risks. For example:

User experiences drop in value of VCs due to significant or unexpected exchange rate fluctuation (A03)
72. Several different drivers can create this risk, including that VC markets, and the price formation therein, are relatively opaque, and that the VC price formation on exchanges can easily be manipulated, including by a concerted effort of a small number of large VC holders.

Is there anyone that doesn’t understand that exchange rates can be volatile? Yet this forms part of the basis for an opinion that the institutions that knew this already should stay clear of Bitcoin. But shouldn’t institutions with expertise in forex actually be encouraged to participate in a Bitcoin exchange market and thereby improve it (by providing more liquidity, for example)?

Quite a few of the risks cited are caused by regulators acting unfairly. For example:

User holding VCs may unexpectedly become liable to tax requirements (A04)
73. The legal and regulatory treatment of VCs is unclear and inconsistent, as is their tax treatment. The taxable event and geographic location of the taxable event may also be unclear. This may potentially lead authorities to treat VCs as property, forcing users to track and pay capital gains.

Most amusing is that identity requirements to meet regulatory compliance rules might lead to identity theft:

User’s identity may be stolen when providing identification credentials (A13)
83. Some VC schemes require users to identify themselves on the internet or at VC cash machines when buying/selling VCs, through passport scans, iris scans or finger printing.

This, of course, never ever happens with existing financial institutions.

More bizarrely is:

However, these identification measures are not subject to regulations or data protection laws,


nor is the underlying IT software subject to safety standards.

I’ve never seen a bank IT system built to safety standards (are they conformant to IEC61508? I don’t think so).

Other risks reflect a bizarre worry about ordinary business relationships. The EBA is strangely fixated on miners in a consortium getting paid:

However, a fair distribution of the mined units (or the equivalent in converted FC) to which each member is entitled might be subject to manipulation by the mining pool owner.
Similarly, members might be exposed to other forms of unequal treatment, due to a lack of transparency in business practices.

Should songwriters be ordered to steer clear of dealing with recording studios because royalty payments might not be fair or transparent?

Other risks include generate IT risks applying to any business:

75. Any automated, IT-based distribution mechanism may, in turn, be subject to errors, fraud and hacking

Risks the EBA has chosen to ignore include tornadoes, earthquakes, civil insurrection and the Year 2038 bug.

Some of the risks are due to a misunderstanding of how Bitcoin works and the role of companies offering Bitcoin services. For example, custodian risk:

Market participants suffer losses of VC units held in custody by others (A17)
87. The risk arises because the custodian is insolvent, behaves negligently or fraudulently, lacks adequate governance arrangements to oversee transactions, fails to keep adequate records, or has inadequate own funds to repay creditors. Also, transactions are not reversible. The priority of the risk is medium.

This is very odd, since there are no custodians necessary with Bitcoin (it’s possible that someone else holds your private keys – a cloud-hosted wallet for example – but that’s not a custodian in this sense). It’s almost as if the EBA has misunderstood the very essence of Bitcoin and the whole purpose of the blockchain.

Similarly counterparty risk is listed:

Market participants suffer losses due to counterparties/intermediaries failing to meet contractual settlement obligations (A16)
86. The risk arises due to the anonymity of (some) counterparties, which can undermine the enforcement of any legal contracts that may exist, the lack of ‘payment vs. payment’ procedures, the lack of settlement finality, the decentralised set-up of VC schemes, the fact that counterparties have insufficient own funds, and that VC markets become temporarily illiquid. The priority of the risk is high.

As highlighted earlier, this seems to be down to not understanding how Bitcoin transactions can be more complex than just simple push payments, and can allow for different types of settlement (Richard Gendal discusses this in more detail).

Of course, counterparty risk is something that is always going to be an issue in any financial system. It’s not a risk of Bitcoin per se.

Another class of risks listed can be called “people are too stupid to work stuff out for themselves”. For example, it’s a risk that an ATM machine breaks:

User experiences loss of FC units when using a VC cash machine (A22)
90. When exchanging VCs for FCs at a VC cash machine, users cannot guarantee that the VC or FC units will be correctly credited to their benefit.

A customer could spend bitcoins on an espresso macchiato and then find that they got a latte macchiato instead. That’s a risk too. In reality a customer would simply complain and get a refund (with the slight risk that the operator went bust in the short time between the fault and the complaint). Or maybe they wouldn’t because:

No effective complaints or redress procedures are in place either.

People are also too stupid to ask if a merchant takes bitcoins:

User has no guarantee that VCs are accepted by merchants as a means of payment on a permanent basis (A23)
91. The risk arises because merchants are required to accept only legal tender in notes and coins, but they are not required to accept non-legal tender such as VCs. Furthermore, merchants may decide to vary the acceptance of alternative VCs over time, switching between various VC schemes. Merchants may also deem the overall costs and risks of VCs too high or too uncertain. The priority of the risk is high.

And people fall for Ponzi schemes:

User suffers loss when investing in a fraudulent or Ponzi VC investment scheme (A44)
101.The risk arises because the individuals involved in the underlying asset can conceal their identity and are therefore not subject to any probity requirements, nor are they required to disclose the risks to which the investor is exposed, etc. Furthermore, the nature of VCs leaves investors more vulnerable to abuse by a Ponzi scheme based on VCs than other, regulated forms of investments. Finally, the user may have no access to redress schemes. The risk is of medium priority.

Correct me if I’m wrong, but the first Ponzi scheme didn’t rely on not being able to identify Charles Ponzi.

Another class of risk listed where no laws exist that didn’t come from financial regulators. For example:

User cannot access their VCs on an exchange that is a going concern (A27)
95. The user may temporarily store their VC units on an exchange that is a ‘going concern’ i.e. is still functioning without an immediate threat of liquidation. However, they may find themselves unable to access them, because the exchange is not bound by any legal contract

So if a Bitcoin exchange isn’t regulated, no legal contract exists – no tort law, no implied contract, nothing?

Then there are risks that have just plain weird assertions thrown in:

User cannot execute the VC exchange order at the expected price (A46)
103. The risk arises because VC exchanges tend to be cash poor.

Or the more bizarre:

After accepting VCs for payment, the merchant is not reimbursed (B21)
108.The risk arises because of the ‘double-spending problem’: unlike FC that has a physical representation in coins and notes, VC units are only digital files. Therefore, the act of spending a VC unit does not remove its data from the ownership of the original holder.

And yet:

By design, no central authority exists in a VC scheme. To prevent double-spending, VC schemes tend to use a decentralised system with separate nodes that follow the same protocol. The authenticity of each transaction is verified by adding it to a transaction ledger, called the block chain, which is to ensure that the inputs for the transaction have not previously been spent.
110. However, there is no guarantee that a particular VC scheme uses this verification approach, nor is it certain that if this approach is used, it is completed securely and is not compromised,
for example through ‘blocking’ individual users from the VC network.

I don’t know what to say. This is such a bizarre view of Bitcoin and blockchains.

There are of course the risks of the usual suspects: terrorists, criminals and tax evaders. For example:

Criminals are able to launder proceeds of crime because they can deposit and transfer VCs anonymously (C01)
118. The risk arises because senders and recipients can carry out VC transactions on a peer-to- peer basis that do not require personal identification as there are no names attached to wallet addresses. Furthermore, there is no intermediary that could notify authorities of suspicious transactions. The priority of the risk is high.

It’s a complete myth, peddled mostly by newspaper articles, that assert Bitcoin is anonymous. It’s not anonymous largely because the blockchain is a public ledger and easily inspected for data patterns. Indeed, this is how the winning bid in the recent US Marshal auction of Dread Pirate Roberts bitcoins was uncovered.


Tax evaders are able obtain income denominated in VCs, outside monitored FC payment systems (C19)
133.VC transactions are not recorded and are anonymous, global and irrevocable. Also, decentralised VC transactions are not dependent on entities on which financial regulations could be imposed. The priority of the risk is medium.

With the NSA’s access to IP traffic, Bitcoin is pretty much an open book. I’m sure the security services would be only too pleased to see terrorists shift from cash to bitcoins. And I’m sure the tax authorities would love tax evaders to hide all their transactions in plain sight in a public ledger.

I also note that it was a supposed risk of Bitcoin that personal identification information was at risk of leaking to identity thieves, and yet here no personal identification information is needed at all.

The most amusing class of risk is the risk the regulators won’t get it right:

140. The risk can arise if the analysis of the risks and the identification of the regulatory response have been incomplete, if the regulatory approach was arbitraged by market participants acting from outside the regulator’s jurisdiction, or if the regulatory measures chosen were not suitable to mitigate the risks. The priority of the risk is medium.

With all these bizarre risks and misunderstanding of how Bitcoin works, it’s no surprise that the EBA has a very confused proposal for long-term regulation of Bitcoin. We saw earlier how “someone take charge of Bitcoin” is the risible approach proposed. Naturally the EBA expects fitness and probity standards for these superheroes who will run Bitcoin, and that these people should be incorporated.

Some of the proposed regulations are quite sensible. The Know Your Customer rules should to apply to exchanges etc.:

156. The risk driver b), which concerns the anonymity of payers and payees could be addressed, at least within the EU, by requiring exchanges, and any other non-user market participants that interact with FC, to comply with CDD requirements.

Authorisation would be required for exchanges:

162. To address risk driver p), market participants such as scheme governance authorities and exchanges (and perhaps others) would need to be registered and authorised before beginning to provide VC services.

And capital requirements would be placed on any deposit-holding institution:

164. To ensure that market participants have sufficient funds to meet financial obligations in VC as well as FC, to compensate creditors during bankruptcy (risk driver l), and to absorb losses and facilitate an orderly wind-down, capital requirements will need to be placed on those participants that hold VC units on behalf of others. The requirements should consist of a fixed as well as a variable component that increase with business volume. The capital should to be held in a FC.

(I’m not sure holding it in ordinary currency alone is wise, but still).

Client funds should be separated:

165. To address risk driver m), market participants that hold VC units on behalf of others would be required to segregate their client VCs from their own VCs, complete periodic reconciliations of VC trading systems and VC stock held, and to keep appropriate records of reconciliations and transactions.

There is also a call for proper IT:

Evidence of secure IT systems
166. Given the exclusively digital-based nature of VCs, the IT security of a VC scheme is of utmost importance. Scheme governance authorities would be required to document the way in which they intend to guarantee the integrity of the transaction ledger, the protocol, the IT infrastructure and any other relevant components.

Good luck with that.

Related requirements may also need to be placed on other market participants, such as exchanges and e-wallet providers.

This is more sensible. Shockingly bad IT was a major factor in the Mt. Gox collapse, and Bitcoin has suffered in general from very amateurish IT development. However:

It will be a resource intensive task for regulators to check the adequacy of the systems and controls.

I suspect this is the major stumbling block with the EBA proposals. Some international cooperation and joint industry efforts would help (since every participant has the incentive for the market as a whole to be free of the shoddy systems). The regulators could confine themselves to requiring recognised certification from groups with necessary IT expertise.

There is also a requirement for refunds on error:

Payment guarantee and refunds
167. In the case of an unauthorised VC transaction, market participants involved in the transfer of the funds are required to refund to the payer immediately the amount of the unauthorised payment transaction and, where applicable, to restore the debited VC account to the state it would have been in had the unauthorised VC transaction not taken place.

A number of implementations for this are suggested (with ‘proxy’ intermediaries). Counter-signatory approaches aren’t mentioned (unsurprisingly).

A Glass-Steagal for Bitcoin is proposed:

Separation of VC schemes from conventional payment systems
169. Risk driver r) regarding the interconnectivity between VC and FC schemes should mainly be addressed by the mitigation measures in pre-existing oversight requirements for payment systems. However, complete mitigation can only be assured by requiring regulated financial institutions that decide to provide VC services to establish a separate entity for the VC- related business. This is to make sure that VC activities do not impair the financial soundness and settlement obligations of the regulated financial entity.

The merits of this are questionable, particularly when the size of the Bitcoin market is so tiny: eliminating the possibility to diversify risk over a much larger financial institution arguably reduces the identified risks of being unable to make good on guarantees and refunds.

The Bitcoin central authority is expected to develop standards and quality marks:

170.Risk driver l), regarding the lack of definitions and standards, could be addressed by regulators defining broader terms, and for the scheme governance authority to develop more specific standards, quality marks and definitions, and to make this party responsible for public information. Drivers n) and o) could be mitigated by requiring firms to set up complaints and redress schemes that are akin to those already in place for regulated VCs.

This might be a good role for an industry body where participants in Bitcoin act collectively and members agree to define and apply such quality marks. There might even be a plurality of bodies, and it would be for the market as a whole to decide how things developed.

The EBA also proposes market and other information be published, suspicious transactions be reported, etc.:

171. Drivers k) and q) regarding the lack of reporting requirements and resultant non-objective information could be addressed by requiring relevant market participants to submit specified
documents to regulators, including the results of their transaction monitoring, data on the amount and exchange rate applied to executed transactions, in addition to an obligation to report suspicious transactions. The data and information provided can be used to produce more objective and reliable information for market participants. Some market participants would also be required to disclose terms and conditions of their services to consumers.

The EBA distrusts Bitcoin so much that even after regulation (and even with the Bitcoin central authority) people will have to be warned it’s not legal tender. Scottish banknotes aren’t legal tender in England yet the Bank of England doesn’t run full-page advertisements in newspapers to tell us this (and in fact shops take the notes anyway, an indication that money doesn’t have to be officially legal to still be money).

Clear and transparent regulation
172. The risk driver of unclear regulation (h) would be addressed implicitly once the other risk drivers have been addressed and regulatory requirements along the proposal above have been put in place. However, even in this scenario, continued warnings to the public are likely to be required to make them aware of those risks that remain deliberately unmitigated, such as VC not being legal tender.

Most of the activities proposed by the EBA above are already being done (or in the process of being adopted) by the serious players in the Bitcoin market. And yet the EBA thinks:

175. The comprehensive regulatory approach outlined above would be highly resource-intensive. Moreover, this approach may take considerable time to develop, fine-tune and implement, depending (amongst other things) on the development of the VC market.

Either this is a call to expand the funding of the EBA, or else it is extra specially ill-equipped to examine the Bitcoin market. Perhaps it has its hands full with the Cajas and Länder banks? Who knows. Nevertheless, for an easy life the EBA recommends:

that national supervisory authorities discourage credit institutions, payment institutions, and e-money institutions from buying, holding or selling VCs, thereby ‘shielding’ regulated financial services from VCs.

The Bitcoin market is a tiny pinprick compared to the regulated financial services market. It’s hard to see how any kind of Bitcoin risk could exceed that already present in the market. This notwithstanding, legislators must deal with exchanges right now:

178. The EBA also recommends that EU legislators consider declaring virtual currency exchanges as ‘obliged entities’ that must comply with anti-money laundering and counter terrorist financing requirements set out in the EU Anti Money Laundering Directive.

But legislators mustn’t go too far because that would give credibility to Bitcoin:

79. Furthermore, the EBA cautions against drawing similarities between existing payment and payment-related services and some VC-based services. The decentralised nature of many VC schemes, the fact that the functioning and rules of a VC scheme can be changed, and the absence of a redeemer of last resort means that VCs are not comparable to conventional payment or electronic money services. As a result, they give rise to risks that do not exist in these services. Declaring some actors as falling into the remit of a specific national or EU law may therefore lend credibility to these actors and, by implication, to VC schemes themselves that may not necessarily be warranted.

In short, the EBA doesn’t really understand Bitcoin, is worried by the unknown, has exaggerated the risks, wants Bitcoin to go away and not be part of the European financial system in any way (except for all those annoying ID checks to open accounts).

A few days after the EBA report was published was a piece in the FT about how the European Commission is very concerned that Europe is being ‘digitally colonised’ by the US and other countries and how can Europe fight back. Duh.

If you liked this fisking of the EBA report then feel free to chuck me some bitcoins in my tip jar (hurry, because when all that lovely new SEPA banking stuff is in place I’m sure I’ll be switching to an EBA-regulated tip jar):



17 thoughts on “Bitcoin, Europe and digital colonisation: an analysis of the EBA report

  1. I think you’re misunderstanding the EBA report a bit. They are not confused about what Bitcoin is and how it works. (Okay, they miss some of the details, but overall they have a good understanding.)

    What they are doing is laying out how they would want Bitcoin and cryptocurrencies to work so they can regulate them in the same way they regulate other financial services. They don’t care the least bit whether we find those rules reasonable or even possible to implement.

    Their mandate is to manage risk in the European financial sector. So in that context, of course, anyone starting a cryptocurrency with whatever features they desire is a risk. They are not saying that scheme governing authorities are ‘how Bitcoin is controlled’. They are saying that this kind of thing would be necessary for them to have the same regulatory control they currently have. Again, they don’t care if this is even possible. (Which, of course, it is not.)

    We did a podcast episode discussing the EBA’s opinion in depth:

    • “They are not confused about what Bitcoin is and how it works. (Okay, they miss some of the details, but overall they have a good understanding.)”


      “What they are doing is laying out how they would want Bitcoin and cryptocurrencies to work so they can regulate them in the same way they regulate other financial services.”

      It’s clear to me that they have a political philosophy hard-wired into their Weltanschauung that dictates not only that their view of regulation must prevail but that no other forms of financial operation are valid (or even exist).

      “They don’t care the least bit whether we find those rules reasonable or even possible to implement.”

      Yes, and they don’t find this in the least bit troublesome.

      “Their mandate is to manage risk in the European financial sector. So in that context, of course, anyone starting a cryptocurrency with whatever features they desire is a risk. ”

      This is very Continental: that which is not specifically permitted is not permitted, and anything that is new has not been specifically permitted and it cannot be permitted without mitigating all possible risks. Within this model progress is only made by pressure to copy innovation that flourishes outside of this model.

      This would matter less if the EBA were doing a good job of mitigating risk within Eurozone banking and therefore were worth listening to about digital currencies, but just this week we see what an omnishambles they have presided over (BES passed EBA stress tests recently).

      I do agree that a simple fisking of the EBA report doesn’t (and wouldn’t) cover the issues you raise – looking at the way in which Europe operates politically and financially is a topic worthy of a PhD thesis. But it doesn’t really matter: Europe (Continental) will do what Europe always does – reject ‘Anglo-Saxon’ innovation and then bitch about being colonised by US culture. More interesting is what the US will do about Bitcoin regulation.

      • I wouldn’t call it a political philosophy as much as it is bureaucrats doing their job. (Which has nothing to do with innovation or economic growth or whatever. Their job is managing financial risk.) I don’t know how good of a job they’ve done at that – after all they were created after the financial crisis – but I wouldn’t be surprised if it’s not great. But that’s besides the point.

        Your point regarding ‘continental’ vs ‘anglo-saxon’ I find a bit misplaced. I’m not sure what makes you consider Bitcoin an anglo-saxon innovation. Moreover, however shitty the EBA opinion is it is not nearly as bad as the BitLicense proposal. And it’s just an opinion. The EBA has no legislative power.

        It looks very likely that Europe will be a far better place for cryptocurrency startups over the coming years.

      • “I wouldn’t call it a political philosophy as much as it is bureaucrats doing their job”

        But them even having jobs with such a remit is a political philosophy 🙂

        “I’m not sure what makes you consider Bitcoin an anglo-saxon innovation.”

        I’m not: I’m mocking a common French insult (from that perspective Bitcoin is a US thing).

        “Moreover, however shitty the EBA opinion is it is not nearly as bad as the BitLicense proposal. And it’s just an opinion.”

        I haven’t looked at Bitlicense (I wrote about the EBA report because it wasn’t well-covered, perhaps because of the 4th July thing the podcast mentioned).

        “The EBA has no legislative power.”

        That’s not the way things work in the EU: it’s about building a consensus for action, and the EBA is very much the outrider for consensus (among national bureaucrats) for future legislation.

      • “I’m not: I’m mocking a common French insult (from that perspective Bitcoin is a US thing).”

        Okay, then I missed that joke:)

        “I haven’t looked at Bitlicense”

        The BitLicense stuff is so much worse. But let’s not go there here.

        I’m not saying the EBA is not influential. It is very likely that this opinion will somehow flow into future legislation (which will be done by the European Parliament – not the EBA) and it will probably influence national regulators in the meantime. But the EBA is a very different kind of beast from the NYDFS.

        Here is another crucial difference: The EBA said that until a long-term regulatory framework is in place, cryptocurrency startups need to do almost nothing. Only exception being AML for exchanges. And, of course, it will be at least 2-3 years until the regulation comes. This is very positive.

        On the other hand, with the BitLicense stuff we may have extremely prohibitive rules that are binding perhaps even this year).

      • “Here is another crucial difference: The EBA said that until a long-term regulatory framework is in place, cryptocurrency startups need to do almost nothing. Only exception being AML for exchanges. And, of course, it will be at least 2-3 years until the regulation comes. This is very positive.”

        Yes, if we look at the concrete outcomes then the EBA report is very positive. AML for exchanges seems pretty reasonable to me, particularly since the traceability through the blockchain gives much more for law enforcement to go on than cash.

        And yes (as your podcast discussed) the 2-3 year timeframe means the world will be a different place by the time anyone looks at legislation and by then the issues will be much clearer (especially amongst voters).

      • Yes, AML & KYC for exchanges was expected anyway.

        The 2-3 years are definitely very valuable, but Sian Jones pointed out on the podcast that the process of drafting those regulations will start very soon. And once the direction is set it will be difficult to change it radically, even if the ecosystem changes…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s