SBF: "Draft of Digital Asset Industry Standards" (Full Text)

Author: Sam Bankman-Fried, Founder and CEO of FTX

Compiled by: Leo, BlockBeats

This document contains a draft set of standards that the cryptocurrency industry should adopt to create transparency and protect customers while waiting for a complete federal regulatory framework. It serves as a manual for industry norms, attempting to establish consensus. The author of this article is Sam Bankman-Fried, but neither he nor FTX is certain that these standards are entirely correct—this is merely a draft.

Ideally, some industry groups should carefully consider these topics, revise them, and publish a set of community norms they deem appropriate! It is clear that: there is no legal advice in this document, nor does it intend to supersede any relevant laws. We simply want to maintain clarity and protect users as much as possible during this period.

Sanctions, Whitelists, and Blacklists

I fundamentally believe that blacklisting is the correct way to comply with sanctions in the blockchain.

Possible options are:

- Allow all transfers.

- Prohibit transfers between sanctioned parties (i.e., declare these transfers illegal and hold violators accountable), while allowing other peer-to-peer transfers.

- Prohibit all transfers unless specifically permitted by institutions.

Allowing all transfers opens the door to significant financial crime, while prohibiting all transfers (unless permitted by institutions) stifles business and innovation, excluding economically disadvantaged groups. Maintaining a blacklist format strikes a good balance: prohibiting illegal transfers, freezing funds related to financial crimes, while still allowing commercial activities.

It is worth emphasizing: if you need a whitelist to conduct transactions, all commercial activities will come to a halt. Want to buy a bagel at the corner store? You better be ready with your passport, proof of address, phone number, email, and SSN! I really wish 7-11 were a brokerage. (Imagine what would happen if buying a bagel required a passport—what about those who fail to hold one?)

Maintaining the presumption of freedom for peer-to-peer transfers and decentralized blockchains (unless there is specific evidence of fraud, illegal finance, etc.) is absolutely necessary. Meanwhile, the biggest loophole in current sanctions compliance is timing—what happens if illegal financial activities occur and are discovered only after funds have been transferred to all platforms?

What does this actually mean? (To clarify, "actually" here refers to "how things should ideally and logically work.") Everyone should respect the OFAC sanctions list (btw, this is already law).

To make everything clearer and more transparent:

• There should be a real-time updated on-chain list of sanctioned addresses maintained by OFAC or a designated authority. The Treasury should clearly disclose which addresses are on the sanctions list and how to interpret them.

• Then, centralized applications can query the list of sanctioned addresses in real-time to avoid transferring funds to and receiving funds from these addresses.

• This list should be transferable: if A is sanctioned and B transfers $1 million to A, then B's address itself should be flagged. By leveraging the public blockchain ledger, we can ensure that sanctioned entities cannot transfer funds to new wallets to evade sanctions. However, this is not simple; we must ensure that dusting attacks do not harm innocent people.

• If flagged funds are unilaterally transferred to your address, there should also be a way to rectify your address: since the transfer is unilateral, receiving funds from a sanctioned address may not be your decision. Therefore, there should be a "frozen funds" address (which may also be a burn address), possibly maintained by OFAC, to which you can send previously received flagged funds to rectify your address; your address should not be flagged unless you attempt to transfer sanctioned assets to another address. In other words: transferring sanctioned funds will be sanctioned; receiving them provides an opportunity to restore your account.

• Additionally, trusted participants should maintain their own on-chain address lists that may be suspected of being related to financial crimes. There should be a standardized format. It should be noted that these addresses are different from sanctioned addresses; there should be no legal prohibition against transacting with these addresses. However, many may find it useful to reference these lists. This also aids cooperation between exchanges.

• This will help strengthen sanctions compliance and ensure that we, as an industry, can effectively maintain blacklists while still allowing overall economic freedom.

Finally: we should attempt to implement a system similar to the one described above to help us respond quickly to events. If this is rapidly and instantaneously updated on-chain, we can better respond to events and effectively freeze assets.

Hacks and Accountability

Hacking is extremely destructive to the digital asset ecosystem. The hacker community is too large. Meanwhile, the industry has done quite well in identifying and flagging addresses carrying funds, so even if funds go missing, hackers may not be able to exploit most of them.

1. We should formalize this by allowing major trusted parties to add addresses related to security vulnerabilities to their public list of suspicious addresses. Thus, both centralized and decentralized protocols can quickly freeze the relevant addresses.

2. Whenever a security vulnerability arises, negotiations typically occur between the hacker and the protocol; hackers often propose to return part (but not all) of the funds in exchange for some form of immunity.

a. Theoretically, such transactions are feasible: they can protect customers, save companies and protocols, and still provide a generous bounty to the party that discovers the vulnerability.

b. However, in practice, every negotiation is fraught with pressure and controversy. (We know that, typically, the victim here is the hacked protocol, and the hacker is not the "good guy.") In many cases, the lines between vulnerabilities, hacks, market manipulation, and trades can become blurred, as the perspectives of both parties differ significantly. Additionally, there is often no consensus on how much should be returned.

c. Therefore, I propose a new community standard: the 5-5 standard. Suppose there is a gap, and A takes x dollars from the abc protocol. Suppose abc has y dollars in reserves:

• First, protect the customers. A should not receive anything until customers are compensated, meaning if x > y, then at least x-y dollars must be returned to abc. For example, if A took $1 million and abc only has $800,000 in reserves, then A must return at least $200,000 to ensure that abc's reserves and abc's customers are relatively matched. This is the most important part. Customers must receive the highest protection.

• Second, the only constructive solution is for A to work in good faith and intend to cooperate by returning most of the assets from the beginning. No negotiations or insistence, and using this standard as a backup plan.

• Third, assuming the previous two points (first and second) are met, A must return at least 95% of the assets. Specifically, A is allowed to keep 5% of x dollars and the lesser of $500,000. The remainder is returned to abc. For example, if A took $1.5 million, they would keep $75,000 and return $1.425 million; if they took $150 million, they would keep $5 million and return $145 million.

• Fourth, if A follows the 5-5 standard, maintaining the integrity of abc protocol's customers, they keep the minimum amount (5% of the amount taken, $500,000), and return the rest, then the amount they keep is considered a (potentially very generous) vulnerability bounty: in reality, they did not harm the protocol's customers, returned most of what they took, and helped alert abc (publicly) to a vulnerability.

• Fifth, by default, A has one day to return (according to the 5-5 standard) the portion they should not have received. So, to be clear, A cannot insist and then use 5-5 as a fallback; A must intend to return the assets from the beginning.

• Sixth, if A does not follow the 5-5 standard, meaning if they keep more than their "fair share," they will be viewed as a "bad actor" by the community.

• Seventh, please note that there are no legal or regulatory statements here; this is merely a proposal regarding norms in the crypto community.

3. The key is: to create and adhere to a clear consensus standard to clarify the role of exploiters; ensure customer protection; and incentivize those who discover security vulnerabilities in protocols to follow the consensus standard, ensuring they will do so.

4. Why the 5-5 standard?

• I do not know what the correct numerical ratio is and am very open to supporting other options!

• But historically, following the 5-5 standard would reduce the impact of hacks by over 98%.

• This is a huge improvement—my intuition is that accepting a 2% cost is very worthwhile to solve the vast majority of issues. I believe it is very important to create a standard that can significantly reduce the impact of security vulnerabilities on the industry. I am also not sure what the correct standard is and am very open to suggestions in this regard!

Asset Listings; Also, What is a Security?

So far, a core question that industry insiders sometimes have to answer is: is a specific asset a security? Generally speaking, BTC and ETH are not considered securities; many long-tail tokens that are investment contracts are securities. However, there are some that remain unclear.

Ultimately, this question may receive clarification through legislation, regulation, or judicial means. Until then, FTX at least plans as follows:

• First, our legal team will analyze assets based on the Howey test and other relevant case law and guidelines. If the analysis finds it to be a security, we will treat it as such.

• If the analysis finds it is not a security, we will generally treat it as a non-security commodity unless the asset is identified as a security by the SEC and/or an appropriate court with jurisdiction.

• If we do find that an asset may become a security, we will not list it in the U.S. unless/until there is an appropriate registration process for that asset.

For all assets listed on our federal regulatory platform, we intend to publish an overview of assets similar to an (informal) registration statement. Click for details.

Ideally, the eventual classification of digital assets as securities is not a bad thing: it provides a clear registration process for digital asset securities while protecting customers and allowing innovation. We are still very eager to constructively cooperate with regulators in developing and taking action on security-type tokens within a regulatory framework.

Tokenization of Stocks

I believe that ultimately, blockchain technology has great potential in improving traditional market infrastructure.

On January 28, 2021, retail investors purchased large amounts of specific stocks, such as AMC and GME, on multiple trading platforms, including Robinhood. As these stock prices rose, investors made a lot of money based on market prices, but this also posed a problem for the market: stock settlements take two days (while dollars may take months, especially ACH and credit cards), during which there is some uncertainty and the risk that the other party cannot fulfill. This means that on January 28, retail investors had billions of dollars in unsettled gains.

For example, a typical retail stock trade goes through many entities:

• A's mobile agent

• A's securities settlement company

• A's bank

• PFOF (Payment for Order Flow) company B

• B's clearing company

• B's bank

• DTCC (Depository Trust & Clearing Corporation)

• Darkpool C

• C's clearing company

• C's bank

• DTCC (again)

• PFOF company D

• D's clearing company

• D's bank

• DTCC (again)

• The stock exchange

• DTCC (again)

• And then more to the other side

Over 15 entities for a single investment! Each entity carries a certain settlement risk. Therefore, if retail investors make billions of dollars in a day, you have hundreds of entities, each of which may require billions of dollars in backup capital in case any one of them later fails to deliver.

Once the profits of investors exceed the regulatory capital of brokers with poorer capital conditions, these traders are shut down and, in some cases, liquidated to ensure they do not make more money—money that the brokers cannot guarantee. Under the current stock market structure, there are limits to how much retail can earn!

But on January 28, digital assets maintained trading liquidity. Why?

Because if A wants to buy SOL from B in exchange for USDC, A sends the USDC on-chain to B, who returns SOL, and within seconds—at a cost of only $0.0005—the transaction is fully resolved, with no unresolved settlement uncertainty or risk, thus requiring virtually no regulatory capital. If there is a transfer or trade between two platforms, they simply send the appropriate assets on the blockchain to the other platform, again eliminating settlement risk within seconds.

In summary: I believe that stock tokenization helps simplify securities settlement and provides a stronger, fairer market structure for retail.

What is hindering all of this? I believe the most important factor is regulatory transparency: for example, what does the clearing, custody, registration, issuance, disclosure, etc., of tokenized AMZN stock look like?

Customer Protection, Disclosure, and Suitability

The most straightforward way to help protect investors is to provide transparency and prevent fraud. Investors should receive clear and understandable information about the assets they are concerned with, and regulators should crack down on any false statements or significant misleading marketing claims.

I also believe that, generally, systems should not intentionally rely on credit to operate—especially for retail. Generally speaking, retail investors' losses should not exceed the amount they deposited on a platform, and if any loans on the platform could lead to the socialization of losses for other innocent investors, they should be subject to strict scrutiny. This is one of the core elements of the clearing model we proposed in the DCO amendment.

If you have sufficient information disclosure and transparency, do not allow investors to take on more risk than their deposits, and regulate against fraud, then the remaining core part of customer protection is suitability. In other words, who is the appropriate user for a specific product? People can determine suitability in various ways, often balancing economic freedom with risk.

There is no single perfect procedure to determine suitability, but overall, I believe that a knowledge-based test is an appropriate method for customers and much better than a wealth-based standard.

Here are various methods to determine who can access specific products:

a. Only investors with a net worth of at least x dollars can invest in the product.

b. Only investors with earnings of at least y dollars can invest in the product.

c. There is a test based on platform and product mechanisms: only investors who pass the test can invest in the product.

d. Anyone can access any product as long as it is not a scam.

e. Platforms should choose who can access their products.

The issues with (a) and (b) are twofold. First, they may reinforce class barriers: only the wealthy can truly enter the financial ecosystem, thus only those who already have significant money are allowed to make money, exacerbating economic, racial, and rural disparities. Second, it is still unclear how well it protects investors. I find that those users who have to work the hardest in life for economic stability are often the most knowledgeable, experienced, and informed users, and I do not believe that claims of excluding the poor from financial freedom constitute effective customer protection.

The issue with (d) is that you will find people exploiting those who do not understand the platforms they are using, taking on risks they do not know or wish to bear.

(e) could mean many things, but "platform choice" is often filled with bias and exclusion, creating an ivory tower of financial access.

In my view, (c) is the most appropriate. It does not make assumptions about economically disadvantaged groups or condescend to any specific group but directly addresses users' biggest concern: people will use products they do not understand and take on risks they do not wish to bear. Overall, America is built on freedom and individual choice, both economically and financially. But this does not allow platforms to exploit consumers through misleading, deceptive, or hasty products. Therefore, I support implementing knowledge-based tests rather than asset-based tests to determine product suitability.

If our amendment is approved, to demonstrate our plan to launch FTX US Derivatives, we have already established a website containing a full suite of customer protection measures—from disclosures to interpreters to knowledge-based quizzes.

DeFi

In the context of the current regulatory framework, DeFi is crucial for the potential innovations that digital assets may bring. This is also one of the more challenging issues to consider.

But there will never be a perfect answer; all we can do is move forward step by step. Here is an immature regulatory heuristic suggestion regarding the use of DeFi.

On one hand, your actions feel more like freedom of speech, freedom of expression, and mathematical constructs: those who purely write code, deploy it to decentralized blockchains, or validate blocks according to the chain's rules. Decentralized code is like speech. On the other hand, your structure looks more like centralized financial services: hosting a website, authorizing and facilitating access for U.S. retail investors to DeFi protocols or products. Centralized GUIs and marketing resemble regulated financial activities.

This means:

• Uploading code to the blockchain does not require a financial license (as long as it is not illegal/evil).

• Similarly, the primary responsibility of validators is to correctly validate blocks, not to judge or oversee them.

• However, the following activities may require some licenses/registrations, etc.: hosting a website on AWS that provides a retail front end for decentralized protocols; marketing DeFi products to U.S. retail investors.

For example:

• You can write code for a DEX and upload it to the blockchain without a license.

• You can trade on a DEX without a license as long as you are purely using your own money and not managing a fund.

• You can conduct peer-to-peer transfers without a license, but you still need to avoid sending to sanctioned addresses.

• The goal of the validators themselves is merely to confirm whether proposed blocks comply with the rules of the blockchain, not to individually parse and govern regulatory content.

• If you have a website that allows U.S. retail to easily connect to a DEX and trade on it, you may need to register it as a broker/FCM, etc., and also conduct KYC verification.

• If you actively market products to U.S. retail investors, you may need some registration—either from you or from the products you are marketing.

• Purely on-chain DAOs do not need licenses—similar to individuals, however, DAOs controlling centralized GUIs or targeting the U.S. retail market may.

• It is extremely important to keep on-chain code and DeFi free, open, and uncensored.

This is a compromise, and it is not perfect on any firm stance. But I think it is reasonable. It allows core technologies to continue innovating, allows people to express their freedom, while requiring retail marketing or activities similar to traditional financial brokerage to obtain licenses, creating a layer for regulators to enhance consumer protection and market integrity.

I am very open to suggestions in this regard! There can be many variations of a thing. But most importantly: how and where is suitable (or unsuitable) for DeFi and related regulatory environments is a difficult question and one that has not yet reached a conclusion. Without establishing a reasonable and responsible standard for this, we should be cautious in making decisions.

Stablecoin

Click here to view the proposal for community standards on Stablecoin (before a clear regulatory framework is established).

Stablecoins offer tremendous opportunities for modernizing and democratizing payments, both domestically and internationally. We should adopt regulatory policies that support them while guarding against any systemic risks.

In short, any Stablecoin pegged to the dollar should be backed by at least the amount of circulating Stablecoins in dollars (or U.S. government-issued treasury bonds/bills) and should maintain up-to-date public information and audit proof.

Additionally, there should be KYC for traders involved in the entry/exit process (i.e., KYC for individuals and entities creating and redeeming Stablecoins). This is very easy to accomplish, and we believe there are many suitable regulatory frameworks under which Stablecoin projects can operate (provided that the operating entity maintains information about the assets and executes appropriate KYC requirements). It should be clear that this does not mean that a passport and SSN are necessary to buy a bagel from 7-11, but the issuance and redemption of Stablecoins should be BSA-level KYC activities.