Centralized cryptocurrency exchanges (CEX) and decentralized cryptocurrency exchanges (DEX) are one of the main entry points for people into the crypto and web3 space. People use them to buy virtual assets, exchange virtual assets, trade cryptocurrencies, and perform many other kinds of transactions. A successful CEX or a DEX project should comply with all the financial and crypto regulations to be a place where people can safely perform their transactions and keep their assets secure.
This guide aims to provide an overview of how CEX and DEX are regulated from a legal standpoint and what legal requirements (e.g., authorizations and licenses) are needed to launch an exchange.
The information here is relevant as of November 29, 2022, and amid the recent FTX collapse that has shaken the whole industry, we suspect that some regulations for CEXs and DEXs might change in the coming months. Additionally, the upcoming MiCA (Market in Crypto-Assets) regulation in the EU will make virtual asset exchanges comply with more strict regulations after its adoption in 2023.
This article will first explore the key differences between CEXs and DEXs and then analyze how approaches to legal structuring differ for each project. To simplify this guide, we will not explore other differences between CEXs and DEXs, like liquidity, commissions, certain features, security risks, etc.
What is the main difference between CEXs and DEXs?
From a legal structuring standpoint, the key difference between CEXs and DEXs lies in the answer to the question, "Who owns the users' assets?".
In CEXs, users' assets are controlled by the exchange's owners as the user transfers them to a custodial wallet of the exchange. In DEXs, users control their assets by holding custody of their wallets, while the token swap protocol only manages user transactions autonomously.
📚 Read more: A legal guide to custodial and non-custodial wallets
How is the legal structuring of a CEX different from a DEX?
Owners of the CEX bear the responsibility for the assets stored in the centralized custodial wallet of the exchange. This is quite similar to how banks operate with their client's funds. That's why CEXs need to obtain special crypto licenses and implement customer verification procedures, like Know-Your-Customer (KYC) and Anti-Money Laundering (AML) procedures. These requirements include, but are not limited to:
- drafting certain policies and procedures like AML/KYC, cyber security, private key storage, risk management, and data protection policies;
- appointing an auditor;
- appointing an anti-money laundering officer or officers (the requirements of which depend on the jurisdiction);
- appointing a qualified manager (the requirements of which depend on the jurisdiction); and
- regularly providing submissions to the regulator (audited financial statements, reports on KYC/AML, etc.).
In the case of a DEX, neither the company nor the owners can access the user's assets. The token swap protocols of the DEX are, in most cases, ownerless and non-custodial. That's why the regulations that apply to CEXs don't apply to DEXs. But that doesn't mean there's no legal structure needed for a DEX.
Behind the DEX protocols, there's usually a Decentralized Autonomous Organisation (DAO) (like Uniswap DAO and Sushi DAO), the members of which vote for the protocol's strategy (the principles of its work, commission sizes, etc.) and manage the Treasury (e.g., issue grants) in a decentralized way.
These DAOs are usually registered as ownerless legal entities like foundations, and the entity is often referred to as DAO Legal Wrapper. These legal wrappers aim to protect DAO members from unlimited liability and implement the decentralized governance of the DAO.
The most common approach to the legal structuring of a DEX is to register three legal entities: a Development Laboratory Company (DevLab), a Product & Token Distribution Company (TokenCo), and a DAO Legal Wrapper. You can read more about this type of legal structure here.
What regulations apply to CEXs?
Since centralized exchanges hold custody of users' assets, similar to how traditional banks do, many regulations and licensing schemes will apply to them.
A legal professional should define the exact list of the regulations that apply to the specific exchange upon examining the exchange's business model, and this will also be influenced by the jurisdiction for incorporation that the founders will choose.
The list below outlines the most common regulations that will apply to a centralized cryptocurrency exchange, and includes examples of each.
Centralized exchanges should comply with recent AML regulations like FATF recommendations (on the global level) and AMLD5 (local level). The company that wants to comply must implement KYC/AML procedures and appoint an AML officer.
Sometimes, founders may also need to register with a regulator for the purposes of AML compliance and reporting. Examples include:
- FIU Authorization in Estonia;
- FinTRAC Registration in Canada; and
- Registration with the Central Bank in Ireland.
This is a more sophisticated regulation for exchanges and wallets introduced recently in certain jurisdictions to create special regimes for crypto projects. Usually, financial regulatory authorities in specific countries grant crypto licenses.
Considering that these licenses are more sophisticated than authorizations, there are more requirements for those who want to obtain them, like required authorized capital, AML/KYC compliance, and annual audits.
Examples of crypto licenses include:
- A crypto license in Luxembourg (as obtained by Bitstamp in 2017).
- Financial Services Permission License by ADGM in the United Arab Emirates.
- A DLT License in Gibraltar (as obtained by Huobi in 2018).
- A VASP regime in the Cayman Islands.
- A registration as a Digital Asset Business in the Bahamas (as obtained by FTX in 2020).
These licenses are a part of regulations that help wallets and exchanges to allow conversions from crypto to fiat and vice versa. Among fintech licenses, there are EMI (Electronic Money Institutions) and Payment Services licenses. The usual requirements to obtain them are similar to the ones for crypto licenses and include required authorized capital, AML/KYC compliance, and annual audits.
Examples of fintech licenses include the Money Transmitter License in the US and the Electronic Money Institution (EMI) License in the UK.
Upcoming regulatory changes
The Markets-in Crypto Assets regulation set to be adopted in the EU in 2023 (and expected to come into effect in 2024) will also tighten the regulatory pressure for centralized exchanges. In the current draft of the legislation, crypto exchanges will become equal to traditional broker and exchange activity and will bear full responsibility for any tokens listed on it that aren't issued via a dedicated legal entity.
In October 2022, OECD released a new framework for global crypto tax reporting, which, if adopted, may oblige crypto exchanges to collect and share information on taxpayers' crypto transactions with local tax authorities. This may also increase the regulatory burden on centralized exchanges.
Legally structuring a crypto exchange project: where should you start?
All these regulations may seem like a lot of things to research, and it truly is a challenge - understanding all the requirements for a project and choosing the right legal course of action.
At Legal Nodes, we help founders of Web3 projects solve the challenges of creating cross-jurisdictional legal structures by pairing them with best-in-class Virtual Legal Officers (VLOs). By having access to all the up-to-date regulations and legal best practices in Web3, VLOs help create a legal structure that will consider all aspects of the project: the business model, features, plans like launching a DAO, etc. After confirming the legal structure and initial legal tasks, VLOs select and manage local legal providers in all the countries where the project operates to offload this process from a founder.
Request a demo of Legal Nodes platform to learn how we can help legally structure your Web3 project.
Disclaimer: the information in this guide is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice. Mentioning any of the assets in this article is not an endorsement to purchase them.
Taras is a Web3-focused Virtual Legal Officer at Legal Nodes. Since 2018, he has had various projects under his belt, ranging from M&A transactions and ICO management to handling matters concerning Ukrainian laws on virtual assets. Taras loves writing helpful guides on Web3 legal topics and draws his inspiration from doing sports and reading books (his passion is the history of the 20th century).