Cover

Apr 08 2021

A Day in the Life of Indie Filmmaker Jordyn Romero

Whether you’re raising funds for a creative project or a new business idea, running your own crowdfunding campaign is no easy feat. It takes a healthy dose of passion, discipline, and commitment to bring your ideas and concepts to life, and get your backer community excited about them. Ever wondered what a day in the life of a creative entrepreneur on Indiegogo is like? We’re here to give you an exclusive glimpse into 24 hours of their day.

Juggling film production and a crowdfunding campaign can be challenging, so we’re always inspired when we encounter someone who can do it all. Meet California-based indie filmmaker Jordyn Romero who is in Sri Lanka, filming on location right now. Together with producer Leah de Leon, they are running a campaign to fund their documentary We Are Like Waves — a film that adapts the true story of Sanu, one of the first professional female surfers in Sri Lanka.

This documentary film explores and captures the struggles and breakthroughs of Sanu in an industry dominated by the culture of patriarchy:

“We Are Like Waves is an intimate, powerful story that the world needs now. This story will shed light on the continued push for gender equality in the sport of surfing, and demonstrates how surfing can be used as a tool for women’s empowerment. Not only is Sanu a role model for the young girls in her village, but through the screen, she will become a role model for girls and women. We aim to create a platform for deeper discussions around gender norms, beauty standards, and family expectations within the context of surfing. This story is not just Sanu’s, it is the story of many female surfers around the world.“

[embedded content]

Your contribution to their campaign will allow Jordyn and Leah to conclude filming and finish their movie, getting this must-see story out to screens everywhere, in a world where the stories of women of color are missing some real representation.

Read on to see how Jordyn spends 24 hours in her day, working as an indie filmmaker on location in Sri Lanka Then scroll down for a brief Q&A to get to know her better, learn more about We Are Like Waves, and get inspired!

7 A.M. Wake up and make a glass of warm lemon water. Then I read the daily excerpt from “The Daily Stoic” and I journal. Sometimes it’s a few pages, but other days it’s just some bullet points of gratitude.

8 A.M. I go on a nice walk. I like to bring a cup of tea and listen to a podcast. Everyday I try to mix it up too and find new paths in my neighborhood.

9 A.M. I eat a light breakfast. I call it breakfast #1 and it’s typically a bowl of fruit. Then, I check my calendar, email, and social media. I have a work journal where I write down my To-Do’s.

10 A.M. This is when I start doing the creative part of my work. It’s when I’m most motivated and in flow. Most of the time, I am writing and editing my film. Sometimes I am creating pitch materials for future films, updating my website, or other graphic work.

12 P.M. Begin to shift towards business-minded tasks and away from creative ones — unless the flow is still going. I try to ride that as long as I can. This means taking calls and meetings, posting on Instagram, and more email.

1 P.M. I eat lunch at this time, and continue doing business tasks!

4 P.M. Always have an afternoon adventure. Sometimes I go surfing, take a hike, do a workout class, or hangout with friends (weird to think about with COVID). This is the most important time of the day to me. I’ve never accepted the burnout mentality, and so I embrace this time to have fun and enjoy every single day.

7 P.M. Dinner time! I have really gotten into cooking lately — everything from curries to grilling. Typically with a good playlist and eating outside if it’s warm enough.

8 P.M. Love to have a cup of tea. My friend blends her own loose leaf tea, and I love it. Sometimes I watch some TV, or have a good read. Other times, I have a creative boost and will lean into that and work a little more.

9 P.M. Around this time, I start to get ready for bed. I’m definitely someone who needs 9-10 hours a night. It’s prioritized because I literally cannot perform with any less.

Now that you’ve gotten a glimpse of what her day is like running a crowdfunding campaign for a film, get more inspiration in our exclusive Q&A with Jordyn!

INDIEGOGO: How and why did you and Leah become documentary filmmakers? Was it something you always intended for yourselves?

JORDYN ROMERO: I came to filmmaking because of my passion for the outdoors. I grew up making ski edits of my friends and I with a GoPro Hero 4. I went to Chapman University for college which ranks as one of the top film schools in the country – I came in undeclared. I will never forget one night in the dorms I rented the most beautiful surf film, and knew that I wanted to make one like it one day. The next week, I applied to the documentary program with those ski films and have never looked back since. Today, I continue with my passion — redefining and amplifying diverse women on screen in the outdoor industry.

INDIEGOGO: What makes your Indiegogo project unique?

JORDYN: Our Indiegogo is unique because We Are Like Waves has already been shot and is nearly finished. After confirming that I was going to make this film, I was in Sri Lanka two months later. This wasn’t nearly enough time to raise money to fund the film, instead I took out a personal loan and self-funded the trip. It was a huge risk, but I was confident in the story and knew that we would be able to raise money after production to pay back the loan and cover post-production costs. We are so thankful that we didn’t wait to raise money to go, because just a week after we finished shooting, the world shut down.

INDIEGOGO: How did you come across this project and Sanu’s life story?

JORDYN: I found the story through a podcast that featured one of the co-founders of Sea Sisters Sri Lanka, a nonprofit dedicated to teaching local women how to swim and surf. After listening to the episode, I learned that in Sri Lanka there is a cultural mindset that surfing is not meant for girls. Fathers are afraid of what might happen to their daughters, women are taught to stay close to home and they never learn. The stories and social issues shared on the podcast just stuck with me. I reached out to Sea Sisters in an Instagram message and two months later, the film was in full production on the South Coast of Sri Lanka.

INDIEGOGO: What’s your biggest piece of advice for women who want to make movies or have a career in the film industry?

JORDYN: It’s amazing to think about everything you’ve ever watched in your life. I bet almost everything has been made by a man. This means that the entire point of view was through a male’s lens. Nothing wrong with that, but imagine how those stories could be told if through the female lens? How would you see things differently? How would our world be different? Your voice matters and what you have to say matters.

INDIEGOGO: What tools would you recommend to anyone starting their own crowdfunding campaign or project?

JORDYN: The success of our crowdfunding campaign came from our strong email campaigns. Canva was another great tool to build beautiful and engaging content to promote our campaign on social media, Instagram stories in particular. Tools like Slack, Google Drive and UNUM were used often for communication, organization, and social media planning (obsessed with our instagram feed). And of course, Facetime. Leah (Producer) and I would spend so much time cheering each other on – spending a lot of time together even though we can’t “be together” in the pandemic.

INDIEGOGO: What’s next for you and Leah after this campaign fundraising round?

JORDYN: Next it’s time to finish the film! We’re at the rough cut stage of the film – so we are really, really close. After we hit picture lock, the film will be scored, colored, sound mixed. We’ll have a polished film and the best part can begin – film festivals and screenings! We will have a year long film festival tour and a small California film tour, hitting our favorite places along the coast, building community and sharing this story with the world.

Want to help Jordyn and Leah complete their film We Are Like Waves? Donate to their Indiegogo campaign page or follow them on Instagram.

<!–

Comments are closed

–>

Source

Apr 07 2021

European B2B Wealthtech Allfunds Set to List on Euronext Amsterdam Stock Exchange

Madrid-based Allfunds, a B2B Wealthtech solution provider, will reportedy be listing on the Euronext Amsterdam stock exchange.

Allfunds has developed a comprehensive ecosystem that aims to cover the complete fund distribution value chain and related investment cycles, including through Allfunds Connect, which is a suite of software-as-a-service or SaaS-powered digital, data and analytics software tools.

Allfunds had more than €1.2 trillion of assets under administration, as of December 2020. The company reports around €370 million in turnover and about €263 million adjusted Ebitda. The group also reports a growth rate of 13% during the last 3 months.

Allfunds has hired BNP Paribas, Credit Suisse Securities, Citigroup Global Markets and Morgan Stanley Europe as its joint bookrunner, for this latest offering, which includes a private placement of 25% of the firm’s outstanding shares that are held by LHC3, BNP Paribas and Credit Suisse.

Although AllFunds won’t be getting any proceeds from the sale, the firm thinks that the listing could potentially provide access to diversified sources of financing and enhance its profile and general brand awareness.

Juan Alcaraz, founder and CEO of Allfunds, stated:

“We have built an ecosystem that covers the entire fund distribution value chain and investment cycle, integrated into a simple one-stop-shop for our clients. This listing provides us with the flexibility to accelerate the digital transformation of the wealth management industry and the growth of our best-in-class global platform.”

Allfunds may expand it business operations into other regions where it maintains a relatively smaller market presence, including in Asian and North American markets.

Allfunds, which claims to be the largest fund platform and world leader in the wealthtech space, recently launched a new mobile app for its digital eco-system Connect.

As mentioned in a company blog post:

“With the Connect App users will be able to track funds, manage portfolios wherever they are and never miss a critical alert. Users will be able to access information on their funds or adjust their portfolios at any time.”

Some other notable functions include:

Search, analyze, compare and monitor, from more than 200,000 funds at ETFs
Set-up and “access multiple alerts”
Stay “on top of watchlists that track funds”
Manage and “maintain control of portfolios accessing performance, risk, asset allocation and transactions”
With the Connect mobile app, users “leverage the power of Allfunds to manage funds and portfolios anytime, anywhere.”

Source

Mar 16 2021

Ant Group, the Fintech Division of Digital Commerce Giant Alibaba, Aims to be Carbon Neutral by 2030

Ant Group, the Fintech division of digital commerce giant Alibaba Group Holding Limited (NYSE: BABA), has made a commitment to become carbon neutral by 2030.

Ant Group’s management stated that to achieve the carbon neutral target within the coming decade will involve establishing a carbon neutrality fund. This will be done to support the ongoing research and development (R&D) of renewables and other new “green” technologies. The digital payments firm will also be working cooperatively with other industry participants to support green finance initiatives.

Ant Group further noted that it would be looking into ways to leverage blockchain or distributed ledger tech (DLT) solutions to support the ongoing climate effort. These initiatives may involve using DLT to more accurately track the carbon reduction process.

Ant Group’s management stated that it has outlined a roadmap to neutralize direct and indirect emissions that are associated with the purchase of electricity (starting in 2021). By 2030, the firm intends to completely cancel out carbon emissions from other sources it doesn’t actually own or manage. This may cover key areas including business travel and supply chain.

Ant’s pledge or commitment to lower carbon emissions has come after the announcement of the resignation of the firm’s CEO Simon Hu.

Ant Group’s Alipay virtual payment platform had launched the Ant Forest green project back in 2016. It was found within the app and aimed to encourage its users to actively participate in low-carbon emission activities, like making utility bill payments via online platforms and walking to work or other places instead of driving. Green energy points that are earned by users taking part in the project may be used for planting more trees or for protecting a particular area of land for biodiversity conservation.

Other large firms have also made commitments to become carbon neutral within the next 10-20 years. These efforts are all part of an international focus and effort to reduce the harmful effects of climate change.

Apple (NASDAQ: AAPL) stated in July 2020 that it intends to become carbon neutral across all its main businesses by 2030.

Microsoft (NASDAQ: MSFT) previously pledged to become “carbon negative” in the coming decade. The tech giant said it plans to cut more carbon from the environment than it produces.

Amazon.com Inc. (NASDAQ: AMZN) co-founded The Climate Pledge in 2019. It’s basically a pledge to become net-zero carbon across its different businesses within the next 20 years, – which would be 10 years ahead of the Paris Agreement.

Source

Mar 04 2021

Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps

Abstract

When approaching the development of a mobile application, one of the key design decisions revolves around the server side aspect of the application. Specifically, storage of information relevant to the app’s usage, as well as the backend API’s allowing the app to query the server for information in real time (as opposed to static data that’s stored in files).

In addition to the examples above, significant numbers of apps have started to rely on cloud based databases (such as Firebase), allowing the app developer to focus on storing and accessing the data without being concerned about infrastructure and APIs.

There are several popular “go to” cloud solutions providing the services described above that are widely used: AWS by Amazon, Azure by Microsoft, Google Storage and Google Firebase to name a few.

The stated purpose of all of these services is to reduce the complexity of configuring access to the relevant storage container, and allow the app developer to “focus on the important things.”

However, the process of securing these cloud containers used by mobile applications tends to be overlooked by app developers while the impact of a misconfigured cloud container on the app developer, their business and their users can be extremely high.

This blog will cover the latest research uncovered by Zimperium’s zLabs Team, including our findings on thousands of mobile apps with unsecured cloud containers throughout global markets and across both major mobile operating systems (iOS and Android).

In our analysis, 14% of mobile apps that use cloud storage had unsecure configurations and were vulnerable to the risks described in this post. In apps around the world and in almost every category, our analysis revealed a number of significant issues that exposed PII, enabled fraud and/or exposed IP or internal systems and configurations.

We will shed light on how widespread these types of configuration errors are, and how the different aspects of the leaked information can be exploited by a malicious attacker.

Another goal of this blog is to create an “aha!” moment for app developers, as one of the biggest challenges we have encountered was actually reporting our findings to the specific app developers who have unsecured cloud storage. Very few publishers have a clear path for vulnerability disclosures, so risks may remain unreported and unresolved (and possibly actively exploited).

So, in addition to helping app developers assess the current security status of apps’ cloud containers, and providing them with the tools and solutions needed to effectively secure the cloud container of choice and prevent information from leaking, we would like to raise awareness from an industry standpoint on the need for mobile app develops to be more accessible so they can receive and address security concerns stemming from the app being developed.

Overview of cloud storage services

In today’s world, apps have become ubiquitous. We have an app for everything we want to do.

How many steps you’re taking in a day? There’s an app for that.

Need to listen to your favorite playlist. App for that.

Get the latest news. You get the idea.

But, apps need data. Constantly available. Redundant. Scalable. Enter “the cloud.”

App developers rely heavily on several service providers that provide cloud infrastructure allowing access to data through a variety of forms – – from static files, to full-fledged databases to APIs.

Our zLabs research focused specifically on four main cloud storage services:

All of these services allow you to easily store data and make it accessible to your apps. But, herein lies the risk, the ease of use of these services also makes it easy for the developer to misconfigure access policies – – potentially allowing anyone to access and in some cases even alter data.

The main allure of these services is that they allow the developer to turn over the “burden” of thinking about anything but the app they are developing, with security, access controls and an overall approach to securing data being relegated to the cloud provider’s default settings.

And even though the cloud providers provide very detailed guidelines on how to secure access, most app developers neglect to follow them.

When Data Leaks

In the following section, we’ll explore what kind of data leaks when cloud storage is unsecured, and provide examples of real leaks from misconfigured cloud storage used by apps.

Leaking Information Types

Before providing examples of apps with unsecure cloud storage, it is useful to describe the types of data that we discovered to be leaking. We can divide the information into:

PII Information

This is personally identifiable information (PII), such as profile pictures, personal details (addresses, financial information etc), medical details (medical test data), etc.

The risks of this information leaking are pretty self-evident – there is a potential legal risk of leaking PII data (i.e. the people whose data is leaking might sue the app developers) and also brand damage (i.e., App X is leaking its users data, therefore all users stop using App X).

Configuration Information

This type of information leak exposes various configuration information relevant for the normal operation of the app and the infrastructure it uses. For example, we detected apps that leak their entire cloud infrastructure scripts, definitions (including SSH keys), etc. Other types of configurations are web server config files, installation files and even passwords to payment kiosks.

This kind of information could enable an attacker to understand how the computing infrastructure of a company is built. Having access to all of the infrastructure information can also allow an attacker to take over the backend infrastructure of the company, which in turn can allow the attacker to potentially “jump” to other infrastructure and hurt other products.

Examples of Apps with Unsecured Storage Vulnerabilities

In our analysis, 14% of iOS and Android apps that use cloud storage had unsecure configurations and were vulnerable to a number of significant issues that exposed PII, enabled fraud or exposed IP or internal systems. A few examples of each include:

Exposing PII

Medical Apps: Exposing personal medical information including test results, full details and profile images of users.
Social Media Apps: Exposing photos, phone numbers and other personal information of some users.
Major Game App: Exposing server configuration assists the attacker in gaining further intelligence on the target to be used for a potential attack.
Fitness App: Exposing the developer’s server app including versions of the mobile app for both Android/iOS, allowing potential reverse engineering or manipulation of the app.

Enabling Fraud

Fortune 500 Mobile Wallet: Exposing session and payment information that could lead to fraud.
Major City Transportation App: Exposing access to the payment system, this can potentially allow an attacker to obtain personal financial information of customers.
Major Online Retailer: Exposing blank checks can enable identity theft and fraudulent transactions.
Gambling App: Leaking user information (including emails, phone numbers and login information) enables attackers to login on behalf of any of the exposed users.

Putting IP or Systems at Risk

Major Music App: Exposing detailed server information that could be leveraged to gain further system access.
Major News Service: Exposing news stories, personal photos with locations and other information.
Fortune 500 Software Company: Exposing debug versions of the software or internal documentation, easing reverse engineering of product.
Major Airport: Exposing systems allow attackers to obtain, change or delete internal airport information.
Major Hardware Developer: Leaking APIs and encryption keys enables access to servers and all the information they contain.
Asian Government Travel App: Their firebase database is unsecured, exposing contained records and potentially allowing manipulation of data.

Impacted App Categories

App Categories With Unsecured Cloud Storage

The image below shows the distribution of categories (verticals) for the apps with unsecure storage issues. We can see that the bigger verticals are: Business, Shopping, Social, Communications and Tools.

Examples of Apps with Unsecured Cloud Storage

Exposing PII

During our review, we encountered several apps relying on both Google and Amazon storage that was accessible without any security. In one example, the information we were able to obtain included profile pictures and other PII information.

Since many apps revolve around people sending information to one another, the fact that specific information – not intended to be shared – can be accessed by an unauthorized third party, can cause damage to the app developer and the privacy of their users.

Enabling Fraud

Other apps leak information that enables fraud. In one example, an app shows images containing physical payment implements such as checks. These contain personal and financial information (account numbers, addresses, valid account holder names etc) and can be used to perpetuate forgery and other real-world crimes:

Another popular use-case for business/financial apps is online shopping. One online shopping app was exposing customer ID’s, login session ID’s and even payment related information (in the form of tokens). An attacker can actually use this to perform payments, steal money and even hijack accounts:

Putting IP or Systems at Risk

Another category of apps exposes configuration information that could be used for further investigation or penetration. For example, one may think music apps don’t have any important information to protect, however, we identified cases where the entire server infrastructures, scripts, servers and much more was exposed publicly. An attacker gaining access to this information can easily compromise the entire server infrastructure of the app developer.

The screenshot above shows a script that adds an SSH key to the list of authorized users. By having the ability to see SSH keys, an attacker can have access to the app developer’s servers.

To make matters worse, an attacker could obtain a full list of all of the backend resources (servers, caches, databases etc) used by the app’s infrastructure, which could allow an attacker to potentially compromise the entire infrastructure.

What you can do to avoid leaks

The simplest thing you can do is make sure your cloud storage/database is not accessible from the outside world without any sort of security around it (each cloud provider has full documentation on how to achieve this).

Once you’ve closed off your cloud service to unauthorized external access, the next thing you can do is to use a service that assesses your secure software development lifecycle as part of your standard development process.

The leading solution for continuous mobile app security testing (MAST) is Zimperium’s zScan solution, part of the industry leading Zimperium Mobile Application Protection Suite (MAPS).

Not only is it going to help you prevent leaky cloud storage, but also other security pitfalls.

That’s where zScan comes in. It integrates as part of your CI/CD process, and scans your app each time it gets built. If there are any issues found, zScan will then highlight any security issues it finds. We’ve included some example reports below:

If you are a mobile app developer and would like to know if your apps have unsecured cloud storage issues like those described in this blog, please contact us for a free consultation.

If you’d like to learn even more about this, please register for our webinar we are conducting on March 24th at 11am EDT.

In conclusion, I’d like to thank Asaf Peleg for all of his efforts with this research. For any press wanting to learn more, please reach out to [email protected].

Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps

Source

Feb 04 2021

Justin Mart, Ryan Yi from Coinbase take a Closer Look at Ethereum, DeFi Growth, Also Review OCC, FinCEN Developments

Digital asset exchange Coinbase recently published its Around the Block #11: “A snapshot of decentralized finance (DeFi) and two sides of the crypto regulatory spectrum” (report), which aims to cover important issues in the crypto and blockchain industry.

In this latest edition, released on February 3, 2021, Justin Mart and Ryan Yi take a close look at the current state of DeFi and the evolving digital currency regulatory space.

During the current crypto bull market, DeFi has “continued its strong rise,” the report confirmed. It pointed out that starting in the summer of last year, DeFi initiatives experienced dramatic growth in Total Value Locked or TVL (as tracked by DeFi Pulse and many other sites).

Coinbase’s report noted that DeFi’s meteoric rise is still “spurred” by the yield farming phenomenon. According to the US-based exchange, this includes “a virtuous cycle: Yield farming mechanics induce participants to add capital → which increases TVL → which drives governance token valuations → which increases yield farming subsidies → which continues the cycle.”

As stated in the report:

“Nevertheless, true zero-to-one innovations in DeFi cannot be discounted as part of the growth story. These are things like synthetic assets (e.g. Synthetix, UMA, and Mirror), increased capital efficiency in financial products (e.g. Aave, Compound), open financial access (including flash loans and emerging remittance use cases), and composable protocols that layer DeFi projects together like Yearn.”

Total Value Locked in DeFi protocols (TVL) currently stands at over $32B at the time of writing, a remarkable 2700% growth year-over-year. Meanwhile, the number of DeFi users has grown to exceed 1.2M, as “defined by the number of unique addresses accessing DeFi services,” the report revealed. It also noted that mainstream protocols such as Uniswap and Compound now claim around 200–500K users, with “most other DeFi apps between 25–50K users.”

DEX (or decentralized / non-custodial crypto exchange) volume has also maintained its steady growth since July 2020. Total DEX volume has “surpassed most centralized exchanges, topping $10B per day in January 2021,” the report confirmed. It also mentioned that volume has been “driven by growth in DeFi, but also tailwinds from broader crypto bull markets and sustained traction in categories where DEXs enjoy competitive advantages.” These include “access to the long-tail of novel DeFi tokens; and efficient swaps between highly correlated assets (e.g. stablecoins),” the report added.

But DEXs today settle trades on the Ethereum mainnet, and are subject to “oppressive” gas prices during periods of increased activity. This “drives continued interest in scaling solutions, with a notable milestone as Synthetix has launched on Optimism (a rollup-based scaling solution),” the report added.

The report further noted:

“DeFi is moving too quickly for any single person to keep track.”

But some major themes include:

DeFi projects are embracing composability: New DeFi projects “either introduce new primitives, or bundle existing primitives to create net new products.” Think of these primitives “as lego bricks, 6 months ago we were designing and building single bricks.” Today we are “combining these bricks into cars, planes, and castles.”
Composability is “extending into DeFi versions of partnerships: DeFi projects are wrestling with key questions around moats, defensibility, and top-line growth.” Most projects seem to “embrace open community collaboration, believing communities create moats (you cannot fork a community).” This exact vision “initially led to the governance token and yield farming phenomenon, and today is evolving into creative partnerships and collaborations, most notable in Sushiswap’s 2021 roadmap.”
Scalability is “becoming a bottleneck, but solutions are coming: As the base Ethereum chain struggles under scale, several protocols are openly exploring integrations with Layer-2 networks or other blockchains.” Look for “significant progress in 2021, especially in Ethereum rollups.”
Regulatory uncertainty impacts development: “In tandem, the SEC lawsuit against Ripple and CFTC lawsuit against BitMEX demonstrate that regulatory bodies are paying close attention to crypto, and not afraid to charge the largest players in the space.” It’s reasonable to “expect increased attention on DeFi based projects, and this uncertainty continues to impact feature development in regulated jurisdictions.”

During the last quarter, FinCEN and the OCC have introduced several crypto regulatory policies, the report from Coinbase noted. While both are under the purview of the US Treasury Department, the guidance appears to be on “the opposite ends of the spectrum toward crypto friendliness,” Coinbase claims.

They explained that FinCEN is responsible for ensuring that companies follow applicable KYC/AML regulations, which are really important for digital currency exchanges (or VASPs — virtual asset service providers) such as Gemini, Kraken, Coinbase, among others. Digital asset exchanges must verify their users’ identities (KYC) and use blockchain or DLT forensic tools to examine digital currency transactions to ensure deposits don’t come from illicit sources.

FinCEN has proposed an amendment to the Bank Secrecy Act’s FBAR regulations, which is specific to cryptocurrencies or VASPs. The new amendment will require US residents to report their cryptoc-asset holdings and transfers valued at more than $10,000 regardless of where these assets are being held.

The amendment could require US citizens to report crypto holdings in excess of $10,000 that are maintained in overseas accounts, and also require exchanges or digital wallets to store client details related to any transfer valued at more than $3,000, and also report these details to FinCEN for any transfers valued at over $10,000.

The public notice only had a 15-day comment period over the recent US holiday break, which made it quite challenging for VASPs to respond properly.

Many crypto firms (Coinbase, Fidelity, Square, CoinCenter, ErisX, among others) have issued strong responses which have noted that the suggested rules may create issues. These companies or organizations have also criticized the rushed nature of the proposal. Since then, the US Treasury decided to extend the comment period, but the future still “remains unclear given the new administration,” Coinbase claims.

The Office of the Comptroller of the Currency (OCC), an independent bureau in the Treasury which is responsible for assisting with the “charter, regulation, and supervising banks,” appears to have “come out on the other end of the spectrum with recent guidance,” Coinbase stated in its report.

Federal Banks are allowed to operate public blockchain infrastructure (January 2021]
Federal Banks are permitted to engage in stablecoins (September 2020)
Federal Banks are allowed to custody crypto-assets (July 2020)

Coinbase added:

“It’s clear that national banks may now participate in the crypto economy through custody and settlement. Notably, Jan 2021 guidance which legitimizes public blockchains as settlement infrastructure, placing blockchains on par with ACH or SWIFT. … federal banks can serve as large validators on blockchains (e.g. miners), or more practically, banks may ultimately settle transactions on Bitcoin, Ethereum, or through stablecoins.”

The exchange further noted:

“This is the first step in regulatory action required to bridge the crypto economy into traditional financial infrastructure. … while the OCC is the federal regulator, it is not the only regulator. There will be an interplay between the interpretation of this guidance from the state vs federal level.”

The report concluded:

“Separately, adoption will take time — blockchains are still relatively new and lack some core features (e.g. privacy, scalability), but this is a promising development. To their credit the Treasury has since extended the comment period, and the proposal potentially hangs in limbo with the incoming Biden administration.”

Source