A fundamental shift is occurring in digital asset markets, evident in the relentless rise of bitcoin and crypto ETFs as well as the proliferation of meme coins, most recently $TRUMP, backed by the new US President himself. The appointment of Paul Atkins, known for favouring market-driven solutions over heavy-handed enforcement, as Chair of the Securities and Exchange Commission (SEC), has fuelled optimism that crypto can finally balance innovation with regulation.
But the crypto industry faces a stark choice that no amount of regulatory flexibility can overcome, we show in a new study coauthored with Robert M. Kirby. Either sacrifice the unlimited programmability that makes these systems revolutionary, or accept that their compliance with anti-money laundering regulations cannot be fully automated or built into the system. This isn’t a temporary technological limitation of one system or another. This is as fundamental as the laws of mathematics.
Automating market integrity
To begin to see why, we can think about an economy where shells are money. If we pass a law that nobody can transact more than 10 times per day or hold more than 10 percent of the shells, we have an enforcement problem. How do we know who holds which shells when? Information asymmetry stymies compliance and compliance devolves to a surveillance challenge.
Blockchain technology solves that problem. If everyone sees where all the shells are all the time, then enforcement works. We can build compliance into a system and deny banned transactions. Here, the transparency from the blockchain enables automated compliance.
But the long-held premise of Web3 is to automate stock exchanges and myriad complex interactions. Doing so requires moving beyond shells to a system where users create their own assets and upload their own programs. And permission-less access to publish these complex programs may expose users to malicious programs or scams, choke up the systems, and vex regulators who care about preventing financial crimes.
The core challenge lies in what computer scientists call “undecidability”. In traditional finance, banks can fulfil regulatory requirements like “no transactions with sanctioned entities” or “maintain capital adequacy ratios” through their existing control systems. But, in a truly decentralised system, it becomes mathematically impossible to verify in advance whether a new piece of code might violate these rules.
Take JPMorgan’s recent rebranding of Onyx to Kinexys. The platform now processes over US$2 billion in daily transactions, and participation is contingent on meeting regulatory criteria. Unlike typical cryptocurrency platforms where anyone can write and deploy automated trading programs (known as smart contracts), JPMorgan’s system maintains compliance by restricting what participants can do.
This approach has attracted major institutional players like BlackRock and State Street, which collectively have more than US$15 trillion in assets under management, although many crypto enthusiasts view such restrictions as betraying the technology’s promise. But these compromises are not just pragmatic choices – they’re necessary for any system that aims to guarantee regulatory compliance.
The SEC’s mandate to protect investors while facilitating capital formation has grown increasingly complex in the digital age. Under Gary Gensler’s leadership, the SEC took an enforcement-heavy approach to crypto markets, treating most digital assets as securities requiring strict oversight.
But even though Atkins’s anticipated principles-based approach might seem more accommodating, it cannot change the underlying mathematical constraints that make automated compliance impossible in permission-less, fully programmable systems.
The limitations of fully automated systems became painfully clear at MakerDAO, one of the largest decentralised lending platforms with over US$10 billion in assets. During March 2024’s market turbulence, when Bitcoin’s price swung 15 percent in hours, MakerDAO’s automated systems began triggering a cascade of forced liquidations that threatened to collapse the entire platform.
Despite years of refinement and over US$50 million spent on system development, the protocol required emergency human intervention to prevent a US$2 billion loss. Similar incidents at Compound and Aave, which together handle US$15 billion in assets, underscore that this wasn’t an isolated case or a mere technical failure. It demonstrates the impossibility of programming systems to handle every potential scenario while maintaining regulatory compliance.
Towards compliant crypto
As this market matures, it is crucial that investors understand these constraints for risk assessment and portfolio allocation. The industry now faces three paths forward, each with distinct implications for investors.
First, follow JPMorgan’s lead by building permission-based systems that sacrifice some decentralisation for clear regulatory compliance. This approach has already gained significant traction: Six of the top 10 global banks launched similar initiatives in 2024, collectively handling over US$2 trillion in transactions. The surge in regulated crypto products, from ETFs to tokenised securities, further validates this path.
Second, limit blockchain systems to simple, predictable operations that can be automatically verified for compliance. This is the approach adopted by Ripple with its newly launched RLUSD, designed to be compliant with the New York Department of Financial Services’ standards based on the limited purpose trust company framework. While this curbs innovation, it also enables decentralisation within carefully defined boundaries.
Third, continue pursuing unlimited programmability while accepting that such systems cannot provide strong regulatory guarantees. This path, chosen by platforms like Uniswap, whose total trading volume exceeded US$1 trillion in 2024, faces mounting challenges. Recent regulatory actions against similar platforms in Singapore, the United Kingdom and Japan suggest this approach’s days may be numbered in developed markets.
The current market enthusiasm, largely driven by regulated products like ETFs, indicates the industry is moving towards the first option. The evidence is already clear in market performance: Regulated crypto platforms delivered average returns of 156 percent over the past year. JPMorgan’s platform has reported a 127-percent increase in transaction volume so far this year.
The success stories in crypto’s next chapter will likely be hybrid systems that balance innovation with practical constraints. Investment opportunities exist in both regulated platforms that provide clear compliance guarantees and innovative projects with a carefully limited scope to achieve verifiable safety properties.
Atkins’s principles-based approach might offer more flexibility than Gensler’s prescriptive rules, but it cannot override the fundamental limits of automated compliance. Just as physics dictates what’s possible in the physical world, mathematical principles set immutable boundaries in financial technology. The impossible dream isn’t cryptocurrency itself – it’s the notion that we can have unrestricted programmability, complete decentralisation and guaranteed regulatory compliance all at once.
For the crypto industry to deliver on its revolutionary potential, it must first acknowledge these immutable constraints. The winners in this next phase won’t be those promising to overcome these mathematical limits, but those who design intelligent ways to work within them.
A version of this article was first published in Coindesk.
“INSEAD, a contraction of “Institut Européen d’Administration des Affaires” is a non-profit graduate-only business school that maintains campuses in Europe, Asia, the Middle East, and North America.”
Please visit the firm link to site
