Ex-BNY Mellon Exec: ‘Vague’ Crypto Security Regulations Are Ideal

Rules to bolster blockchain security critical to crypto adoption, says former head of digital assets technology at BNY Mellon

by Ben Strack /
article-image

vs148/Shutterstock modified by Blockworks

share

Vagueness and ambiguity might not always be the proper recipe to regulate an industry. 

But when it comes to crypto cybersecurity, guidelines that leave room for the self-regulation of an evolving sector is likely the best route, according to the former head of digital assets technology at BNY Mellon.

David Schwed joined blockchain cybersecurity firm Halborn as its chief operating officer in June 2022 after working for a year at BNY Mellon. He had, years earlier, spent time at the bank as a vice president of enterprise threat management. 

Aside from the stints at BNY Mellon, Schwed also formerly worked at traditional finance giants Citi and Merrill Lynch. He became the chief information security officer at Galaxy Digital in 2018.

Certain traditional financial risk management regulations, such as capital reserve requirements for custodians in the Dodd-Frank Act, can be easily ported over to crypto, the executive said.  

“When we get into [cybersecurity], that’s when things get a little bit trickier because, by design, regulations don’t necessarily dictate specific technologies or different tactics,” Schwed told Blockworks in an interview. “It’s meant to be broad enough that it’s changing. What was good today may not be good tomorrow, but you don’t want to keep changing regulation.”

Security is crucial, but what are appropriate guardrails?

Blockchain cybersecurity is crucial to mainstream adoption, Schwed said, as the prevalence of hacks can keep institutions on the sidelines and scare regulators.

But bank-level security for crypto doesn’t exist yet, and crypto’s “bearer asset” status attracts some of the most dangerous cyber crime groups, including North Korea’s Lazarus Group

“You’re not stealing credit card numbers and selling [them] on the black market,” Schwed said. “You steal it, you have it…and the best hackers in the world are now going after that.” 

Schwed pointed to the Gramm–Leach–Bliley Act (GLBA) — enacted in 1999 — as a potential model for blockchain cybersecurity regulation. The law requires financial institutions to safeguard customer data and reveal details to customers about their information-sharing practices.

The GLBA’s broad language around “maintaining appropriate safeguards,” for example, allowed financial companies to continue “raising the bar” around what the industry deemed to be acceptable, Schwed said. 

The same type of legislation with “vague and ambiguous” language could benefit the  crypto-related cybersecurity space, he added.  

“Once you kind of set that bar, you’re giving banking regulators the ability now to come in and maybe start setting that standard through banking examination,” Schwed said. “I don’t think explicit regulation is the way to go, because once you give people a framework and say you must do A, B, C and D, they’re only going to do A, B, C and D.”

States to lead on regulation?

Though there remains a lack of knowledge from regulators, as well as traditional technologists and security professionals, around crypto, “no one disagrees this is where the market’s headed,” Schwed said.

Larry Fink, the CEO of BlackRock, has emphasized the significance of tokenizing securities. This involves enabling the asset class to move on blockchains, and according to Fink, it represents the next generation for markets.

The SEC has launched various enforcement actions in recent months, alleging unregistered securities violations against industry firms. The CFTC has labeled various cryptocurrencies commodities, including ether (ETH) and tether (USDT) and litecoin — signaling a jurisdictional battle that adds another wrinkle to regulatory progress.  

“I believe in my heart of hearts that they want to come out with regulation, but they don’t want to do the wrong thing,” Schwed said. “I think they’re taking the time to figure things out.”

But as US policymakers and the country’s federal regulatory agencies move slowly, states could swoop in to fill in the gaps. 

Schwed called the cybersecurity policy within New York’s BitLicense regulation — implemented by the state’s Department of Financial Services in 2015 — “fairly comprehensive.”

“I think we saw a lot of companies running out of New York because they didn’t want to get the BitLicense, but I think we might start seeing the opposite,” Schwed said. “The BitLicense is a really great standard when it comes to cybersecurity, at least comparably, so maybe you start seeing some states stepping up and addressing where [the federal government’s] not coming in.”

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Analysis

Empire Newsletter: How US presidencies map to crypto markets

Plus, breaking down Donald Trump’s shifting crypto stance

by Katherine Ross&David Canellis /
article-image

DeFiMarkets

Mt. Gox customers to receive crypto assets after 10-year wait

Markets are holding relatively steady despite the supply shock

by Donovan Choy /
article-image

Markets

Markets brace for volatility as VIX rises to highest level since April 

Analysts are looking ahead to August, a historically volatile month made more interesting this year by the US presidential election

by Casey Wagner /
article-image

Analysis

On the Margin Newsletter: A notoriously rough month for markets is upcoming

Plus, a look into Lighting Labs’ newest feature

by Casey Wagner /
article-image

Opinion

Crypto investors must embrace new tax rules or risk falling behind

Crypto’s Wild West era is over — it’s time to embrace regulation to secure the future of digital assets

by Zac Townsend /
article-image

Analysis

Lightspeed Newsletter: Wine tokenization on Solana

Plus, Solana has now surpassed Ethereum in trailing 30-day decentralized exchange volume

by Jack Kubinec&Jeff Albus /