There are two main approaches to running a crypto exchange in 2022:
- You set up a centralized exchange in some country. You form a corporation, the corporation runs the exchange, it opens accounts and holds crypto for customers, and you try to be a good corporate citizen. You follow the country’s laws as much as possible, and you lobby to change the ones you don’t like. Exactly how regulated you are (and how much lobbying clout you have) depends on the country, and this approach encompasses both “incorporate in the US and beg the Securities and Exchange Commission for permission to do anything at all” and “incorporate in a small island nation, buy its political system and do whatever you want.” Both have pluses and minuses: The buy-an-island approach gives you a lot of flexibility and probably nice weather; the US approach gives you access to a lot of customers and, arguably, the confidence-boosting value of US regulatory oversight.
- You set up a decentralized exchange with no legal entities at all, or at least none that run the exchange. The exchange consists of smart contracts that run permanently on some blockchain; people can interact with the exchange in a purely decentralized, permissionless way. You might try to avoid personal criminal liability by not coding or advertising the exchange in a way that is going to get you obviously arrested by US authorities, or alternatively by being anonymous and staying away from the US. But even if you do get arrested, the exchange is open and decentralized and hard to shut down. It exists not in a corporate entity but in code on a decentralized censorship-resistant blockchain.
I have suggested in the past — very much without giving legal advice! — that the second approach, empirically, works: US regulators abstractly, and sometimes concretely, do not like the idea that decentralized finance is insulated from regulatory oversight, but in practice it seems to be kind of true. The exchanges that are most subject to regulation are the ones that pick up the phone when regulators call. If you don’t have a phone number, they can never call you.
Anyway I guess a third approach is: Set up a centralized exchange, form like 100 corporations in different countries, and don’t tell anyone which one runs the exchange? That is extremely not legal advice but here’s Reuters on Binance:
Described on its website as an “ecosystem” with over 120 million users, Binance has set up at least 73 companies across the world, according to corporate filings and company organisation charts. [Founder Changpeng “CZ”] Zhao owns or partly controls at least 59. He declines to give details of the location or entity behind the main exchange, which makes money by charging fees on crypto trades. …
One example of his oversight came in early 2020. A London-based payments partner called Checkout.com asked Binance to state on its website that one of Binance’s British units “shall be responsible for transactions” conducted using traditional money. A Checkout.com spokesperson said the request was “completely standard across the payments and commerce worlds.”
A Binance employee raised a warning about the requested statement in a message exchange that included Zhao and other executives. The employee cautioned that the statement would leave a “paper trail” linking the British unit to the main exchange, which Binance has shielded from global regulators by not providing details of its location.
You know US regulators won’t like this, but you can distract them by giving them a US entity to chew on:
Harry Zhou ran a U.S. crypto trading firm that Binance had invested in. He sent a proposal to a Binance executives’ message group to address “Binance-specific risks in the US.” Zhou suggested what he described as a “Tai-Chi entity,” a reference to a martial art with defensive virtues. …
Binance would restrict U.S. customers’ access to the main platform, the presentation said. But Binance would enable “strategic” use of virtual private networks, which obscure the location of internet users, to “minimize economic impact” of the changes. This would leave a loophole: U.S.-based traders would still be able to access the main exchange, with its greater liquidity and broader range of products, by using a VPN connection.
Zhou’s presentation explained the burdens of the main exchange being regulated: “active outreach to regulators can result in lengthy inquiries and requests for excessive disclosures; settlement costs can be substantial.” But the Tai Chi structure would “insulate Binance from legacy and future liabilities” and “retard and resolve built-up enforcement tensions.” The Tai Chi entity – and not Binance itself – would become “the target” of U.S. authorities.
Here is Zhao’s response to the article, which notes that the “Tai Chi” idea was never adopted, and “Eventually, Binance.US was set up based on advice from leading US law firms. Today, Binance.US is licensed to operate across the United States, and operates independently from Binance.com.” It also notes that, generally, Binance has a lot of compliance and know-your-customer checks and works with regulators to stop crime. And:
Why Don’t We Share the Location of Our Offices?
This is actually similar to the argument about why I don’t want my family to be in the media. Over the last two years, we have worked with global law enforcement to seize assets of countless criminal organizations across the globe, which has directly resulted in cleaner crypto markets. So, we are careful when disclosing office locations, wearing Binance branding, or representing ourselves as Binance employees for security purposes. I want to keep our employees safe. However, regulators in each jurisdiction where we operate have our local address and contact details on file and we have announced major offices in Paris and Dubai. We have also set up a special part of the Binance website specifically for Law Enforcement.
There is something very crypto about this. If you built a bond trading platform and went out to asset managers to sign them up, they would ask you questions like “where is this platform incorporated?” And if you said “oh that’s a secret,” that would be a gigantic red flag and no one would sign up. In crypto, though, permissionless anonymous decentralized finance is a goal, and “we don’t want to get any regulated legal entities involved in our exchange” is a natural thing to say. Sometimes this involves actual DeFi — exchanges that are open-source smart-contract protocols running on a blockchain — but sometimes it involves centralized exchanges that are companies, but secret.