Virtual Asset Regulation Moving Toward Specialized Legislation — Scholars Call for Attention to Two Major Issues
- In recent years, Taiwan has made significant progress in regulating virtual assets. The Executive Yuan has designated the Financial Supervisory Commission (FSC) as the lead agency for virtual asset oversight. The FSC has introduced anti-money laundering measures, principles, self-regulatory guidelines, and supported the formation of trade associations. This year, it is considering specialized legislation. Scholars emphasize that fraud and cybersecurity are two key issues the government must address in the future.
- Lin Meng-Hsiang, board member and convener of the Consumer Foundation’s Financial Insurance Committee and associate professor and director at Ming Chuan University’s College of FinTech, stated that assigning the FSC as the competent authority for virtual assets with financial investment or payment characteristics is appropriate. However, virtual assets are not uniformly defined and may not always serve financial purposes. For example, Security Token Offerings (STOs) are considered securities using the “technology + investment contract” (Howey Test) framework. Beyond STOs, what other types of virtual assets could fall under financial investment? What qualifies as a payment-related virtual asset? The FSC should establish clear mechanisms so that businesses and consumers understand what products or services are regulated, which would support broader government anti-fraud efforts.
- Does establishing a specialized law automatically protect investors? Lin points out that legislation alone is not the only path to consumer protection. Emerging technologies evolve rapidly, making dynamic regulation difficult. The FSC has adopted international practices, centering on anti-money laundering (AML), integrated STOs into the Securities and Exchange Act, and issued guiding principles and promoted self-regulation in September last year. All these efforts are focused on consumer rights. Taiwan is using a dual-track regulatory approach that combines top-down rules with bottom-up self-regulation to align with current industry practices and gradually incorporate additional laws or a specialized legal framework.
- There are concerns that specialized laws may hinder the development of virtual asset platforms. Lin asserts that technology is neutral — to avoid stifling innovation, regulation should separate the technology itself from its use cases. Issues like fraud and cybersecurity related to virtual assets require differentiated oversight, which is often misunderstood or missing today.
- Lin suggests the government leverage cross-sector collaboration among industry, government, academia, and research institutions. For instance, FinTech Space can support startups working with financial institutions under the FinTech Development Roadmap 2.0. Through pilot projects and sandbox testing, stakeholders can identify and address risks related to virtual currency transactions and cybersecurity.
- Lin also reminds that in regulating virtual asset platforms, the government must be prepared to tackle fraud and cybersecurity. Regarding fraud, there are four key risks: 1) misleading consumers by claiming trust via banks, suggesting financial institution endorsement; 2) face-to-face trades of virtual currency leading to fraud or robbery; 3) using unverified platforms that result in leaked account credentials or failed transactions; 4) luring investors with promises of high returns to buy worthless “junk coins.”
- On the cybersecurity front, Lin outlines four concerns: 1) absence of standardized oversight and usage regulations, resulting in uneven technical standards and regulatory gaps; 2) unclear sources of code or smart contracts, which may include vulnerabilities or intentional flaws compromising user data and rights; 3) improper handling of private keys and passwords — services like custodial exchanges or hot wallets are still vulnerable to theft and hacking without standardized guidelines, leading to unclear liability; 4) operators may lack the qualifications required of financial institutions, creating imbalanced risks for users.
- Lin concludes that while the FSC has initiated self-regulatory measures and subsequent formal rules, the next step is to establish technical standards for cybersecurity and anti-fraud principles through collaboration between tech firms, the government, and legal authorities. These guidelines would support the FSC or the Ministry of Digital Affairs in developing legal frameworks, helping businesses comply and ensuring supervisory standards across markets, products, and services. Ultimately, the system should be reinforced through financial literacy education to create lasting impact.
Source: Commercial Times. https://www.ctee.com.tw/news/20240312701405-430301
