Latest news with #VirtualAssetsOrdinance
Business Recorder
25-07-2025
- Business
- Business Recorder
GENIUS Act, 2025 versus VAO, 2025
The global proliferation of crypto and virtual assets has triggered an urgent regulatory response across jurisdictions. The ability of digital assets to democratize finance and fuel innovation is matched only by the risks they pose in the hands of bad actors, including money launderers, terrorist financiers, and unregulated entities. Against this backdrop, legislative efforts in the United States and other regions have focused on a dual goal, fostering innovation while protecting consumer interests and financial stability. The United States' recently enacted Guiding and Establishing National Innovation for US Stablecoins Act, commonly referred to as the Genius Act, 2025 ['the Act'], is emblematic of this delicate balancing act. As Pakistan begins its regulatory path with the Virtual Assets Ordinance, 2025 [VAO, 2025], it is important to adopt a comparative perspective. The Act, signed into law in July, is a significant piece of legislation establishing a robust federal framework for issuance and oversight of payment stablecoins. At its core, the Act delineates a categorical distinction between 'permitted payment stablecoin issuers' and all other actors, mandating that only federally or state-qualified issuers are legally allowed to issue stablecoins in the United States. The Act explicitly prohibits issuance or sale of stablecoins by non-permitted entities after a three-year transition period, thereby closing the door on regulatory arbitrage and unlicensed operations. The legislative architecture of the Act places enormous emphasis on prudential regulation. The Act mandates a 1:1 reserve backing for all issued stablecoins, allowing only specific high-quality liquid assets such as treasury bills, insured deposits, and overnight repurchase agreements. Rehypothecation of reserves is strictly prohibited, and issuers must maintain monthly disclosures verified by registered public accounting firms. Moreover, stablecoin issuers are bound by strict anti-money laundering (AML), sanctions compliance, and customer due diligence obligations under the Bank Secrecy Act. These standards position stablecoins more akin to bank-issued financial products than unregulated digital tokens. The Act further carves out the scope of permissible activities for issuers, limiting their operations to issuance, redemption, and reserve management, and explicitly prohibits offering interest or yield on stablecoins. This restriction is aimed at preventing the emergence of quasi-banking entities and ensuring that stablecoins are used solely for payments and settlements. Furthermore, the Act establishes a rigorous vetting process for public companies seeking to issue stablecoins, particularly those not primarily engaged in financial services, thereby safeguarding integrity of the financial system from commercial exploitation of user data and behavioral analytics. A unique feature of the Act is its embrace of federal-state dualism. State-qualified issuers are permitted, provided their regulatory frameworks are substantially like the federal regime. The Stablecoin Certification Review Committee, comprising top federal financial authorities, oversees certification and annual recertification of state regimes. This structure balances federal uniformity with state innovation, fostering a harmonized yet flexible regulatory environment. On the contrary, jurisdictions like the European Union (EU) and the United Arab Emirates (UAE) have taken parallel, yet distinct, regulatory approaches. EU's Market in Crypto-Assets (MiCA) Regulation is comprehensive, covering a broad spectrum of crypto assets including utility tokens, asset-referenced tokens, and e-money tokens. Unlike the Act's laser focus on stablecoins, MiCA provides a pan-European licensing regime and subjects issuers to capitalization, governance, and whitepaper disclosure requirements. Meanwhile, UAE's Virtual Assets Regulatory Authority (VARA) in Dubai offers a layered licensing model, emphasizing operational segregation, cybersecurity, and real-time audit requirements. VARA's risk-based approach is technologically agile and emphasizes regulatory sandboxes to foster innovation. Additionally, MiCA and VARA address the same foundational concerns, consumer protection, market integrity, and financial stability, but they adopt divergent tactics. MiCA leans toward harmonization and centralized oversight via the European Securities and Markets Authority (ESMA), whereas VARA champions bespoke compliance, dynamic risk scoring, and modular regulation. The Genius Act, on the contrary, injects a strong banking ethos into the crypto realm, creating a regulatory perimeter that closely mirrors traditional financial institutions. Turning to Pakistan's VAO, 2025, one finds a nascent but ambitious attempt at entering the regulated crypto economy. The Ordinance establishes a dedicated regulatory authority with powers to license, supervise, and sanction Virtual Asset Service Providers (VASPs). It introduces registration requirements, capital adequacy norms, and fit-and-proper criteria for directors and senior management. Like the Act, the VAO, 2025 mandates AML compliance and allows for enforcement actions against non-compliant actors. However, its scope is broader in defining 'virtual assets', encompassing not just stablecoins but all forms of digital tokens. Despite its breadth, the VAO, 2025 suffers from operational and structural deficiencies. Unlike the Act, which delineates the exact composition of permissible reserves, redemption procedures, and auditing norms, Pakistan's framework remains vague on critical prudential aspects. There is no explicit requirement for 1:1 reserve backing or a monthly third-party audit. Moreover, the VAO, 2025 lacks a clearly defined licensing pipeline with timelines, appeal mechanisms, or transparency in decision-making. The Act, on the contrary, stipulates defined review periods, hearing rights, and judicial recourse, making it procedurally robust and constitutionally sound. Another fundamental shortfall in VAO, 2025 is the absence of tiered regulatory pathways for different scales or types of VASPs. The Act allows for a threshold-based transition to federal oversight when stablecoin issuance surpasses US$10 billion, preserving scalability and regulatory proportionality. In Pakistan's case, theVAO, 2025 does not differentiate between fintech startups and large-scale platforms, thereby imposing a one-size-fits-all compliance burden that could stifle innovation. From a critical standpoint, while the Act advances the regulatory frontier by establishing clear lines of authority, prudential discipline, and enforcement tools, it also leans heavily toward centralization. The exclusion of non-permitted entities, prohibition of interest-bearing features, and constraints on product design might overturn the growth of DeFi applications and algorithmic stablecoins. The Act, in essence, privileges safety over innovation, a trade-off that may not sit well with proponents of crypto-native decentralization. However, the VAO, 2025 reflects an intent to integrate into the global regulatory fabric, but lacks the depth and precision necessary for effective enforcement and industry confidence. Absence of granular compliance obligations, definitional clarity, and regulatory sandboxes indicates a policy framework still in its formative stage. Without substantive revisions, the Ordinance risks being perceived as an aspirational document rather than an enforceable regulatory instrument. To enhance its standing as a crypto-friendly jurisdiction, Pakistan must pivot toward a more standardized and dynamic regulatory architecture. This includes codifying explicit reserve management protocols, enabling tiered licensing models, establishing sandbox environments for innovation testing, and ensuring alignment with Financial Action Task Force (FATF) standards on virtual assets. Pakistan should also consider bilateral cooperation with regulatory authorities in advanced jurisdictions to foster knowledge sharing and cross-border compliance harmonization. Only through such comprehensive reforms can Pakistan transform its VAO, 2025 into a credible, innovation-friendly, and enforcement-ready framework that attracts investment, safeguards consumers, and fortifies financial integrity in the digital asset space. (Huzaima Bukhari & Dr Ikramul Haq, lawyers and partners of Huzaima & Ikram, are Adjunct Faculty at Lahore University of Management Sciences (LUMS), members Advisory Board and Visiting Senior Fellows of Pakistan Institute of Development Economics (PIDE) and Abdul Rauf Shakoori is a corporate lawyer) Copyright Business Recorder, 2025
Business Recorder
18-07-2025
- Business
- Business Recorder
Virtual assets law: a faulty approach
The emergence of Pakistan's regulatory framework for crypto assets unfolds not through a linear evolution but as a series of abrupt pivots, uncertain mandates, and fragmented institutional posturing. Initial state responses oscillated between prohibition and passive ambiguity, particularly crystallized through the State Bank of Pakistan's 2018 circular barring financial institutions from engaging with crypto-related activity. However, a noteworthy departure has occurred with the promulgation of the Virtual Assets Ordinance, 2025 ('the Ordinance') on July 8, 2025. This Presidential Ordinance, issued under Article 89 of the Constitution becoming effective immediately, defies parliamentary process and oversight as no emergency existed for not presenting it as a Bill before the Parliament. It reveals an institutional attempt to assert authority over a previously unregulated domain. Yet rather than embodying a product of rigorous legislative deliberation, the Ordinance resembles an amalgam of foreign statutes hastily adapted to domestic soil, lacking coherence and structural fidelity to Pakistan's socio-legal ecosystem. The Ordinance introduces a licensing and regulatory regime under which Virtual Asset Service Providers (VASPs) are to operate drawing clear inspiration from frameworks such as the European Union's Markets in Crypto Assets (MiCA) Regulation, the United Arab Emirates' VARA rulebook, and Singapore's Payment Services Act. For instance, the classification of VASP categories, as outlined in Schedule 1, closely mirrors MiCA's broad taxonomy of crypto-asset services. Inclusion of custody, exchange, and token issuance services under one regulatory umbrella reflects a consolidation seen in Singapore's Monetary Authority guidelines. Furthermore, capital requirements imposed under Schedule 2 strongly resemble United Arab Emirates' licensing prerequisites. Despite these parallels, the Ordinance suffers from superficial mimicry rather than thoughtful transposition. The Ordinance appears to have been drafted in undue haste, attempting to regulate a highly volatile and technically nuanced sector without erecting a solid and reliable institutional or legal foundation. References made to other existing Pakistani laws within the Ordinance, such as Anti-Money Laundering Act, 2010, Securities Act, 2015, and Companies Act, 2017, are broadly worded failing to adequately address issues specific to virtual currencies. These laws, originally fashioned for traditional financial instruments and corporate structures, lack definitional clarity and enforcement mechanisms appropriate for digital assets. Moreover, to date, no substantive amendments have been made to these foundational statutes to incorporate the realities and peculiarities of blockchain-based assets. Mere invocation of these statutes in the Ordinance does not bridge this gap. The use of generic cross-references to legacy financial legislation creates interpretive ambiguity, risking inconsistent application and regulatory arbitrage. The resulting legal uncertainty may inhibit development of a stable and predictable crypto-asset ecosystem. Ordinance's overreliance on non-specific statutory references undermines its credibility as a standalone regulatory framework exposing it to challenge both from a constitutional and administrative perspective. Inclusion of Schedule 1 in the Ordinance categorizing 'Virtual Asset Services' deserves scrutiny. The definitions employed, such as 'broker-dealer services' and 'exchange services', are broadly phrased and lack operational precision. For example, classification of 'broker-dealer services' in clause (c) as including trading on one's own account may inadvertently encompass individuals or businesses engaged in proprietary trading for treasury management purposes, creating overregulation and deterring legitimate activity. The exemption carved out for sole-account dealers is not sufficiently delineated and could be manipulated to escape oversight. Such drafting anomalies reflect a limited understanding of digital asset market dynamics. The category of 'custody services', defined as safekeeping or controlling virtual assets or means of access on behalf of customers, lacks an articulation of technical standards for security, segregation of assets, and recovery protocols in the event of platform insolvency or cyber compromise. In jurisdictions such as Switzerland and Germany, regulations include specific custody protocols and operational audits, with agencies like BaFin requiring compliance with these standards. Absence of these benchmarks in the Ordinance reveals a superficial regulatory posture. The 'exchange services' classification aggregates fiat-to-crypto and crypto-to-crypto conversions, as well as matching orders and maintaining order books. However, it provides no indication of technical, operational, or liquidity benchmarks for functioning as an exchange. No clear definition and requirements are laid down regarding prevention of wash trading or liquidity mirroring. The oversight of algorithmic trading and market manipulation risks, well-acknowledged internationally, is glaringly missing. The lack of granularity in these definitions may lead to both overreach and under-enforcement. Inclusion of lending and borrowing services appears forward-thinking, yet the clause fails to distinguish between collateralized, over-collateralized, and algorithmic lending models. Given the global controversies surrounding platforms like Celsius and Terra-Luna, the omission of risk buffers and liquidity thresholds in such definitions may lead to replication of failures within Pakistan's regulatory purview. The provision on derivatives services also lacks clarity on permissible underlying assets, leverage caps, margining, and clearing obligations. The Schedule's provision on fiat-referenced token issuance services, analogous to stablecoin issuance, requires a more robust framework. The Ordinance mandates establishment and administration of reserve assets but fails to define the nature, composition, and auditability of such reserves. This is in stark contrast to frameworks like MiCA, which require regular attestation of reserves, segregation of backing assets, and mandatory redemption rights. Without such safeguards, Pakistani consumers and investors remain exposed to systemic vulnerabilities. The capital requirements prescribed in Schedule 2 amplify the Ordinance's exclusionary tendencies. Imposing a minimum paid-up capital of billion on exchanges and token issuers effectively prohibits startups, SMEs, and even well-established fintechs from entering the market. This figure, though inspired by UAE and EU standards, disregards the local financial and technological environment. The Rs 100 million requirements for broker-dealer services and Rs 200 million for custody services are similarly prohibitive, especially when coupled with compliance, infrastructure, and legal costs. The Ordinance appears designed for incumbents and well-capitalized foreign players, erecting entry barriers that stifle domestic innovation. The economic impact of these high thresholds is likely to be severe. Startups and small and medium enterprises (SMEs) constitute the bulk of Pakistan's fintech and blockchain innovation ecosystem. By mandating paid-up capital far exceeding industry norms within Pakistan's own regulatory infrastructure (e.g., NBFCs, mutual funds), the Ordinance reflects a protectionist rather than enabling character. It renders Pakistan's virtual asset environment an exclusive domain for the privileged, in direct contradiction to the digital financial inclusion objectives articulated in the National Financial Inclusion Strategy (NFIS). The designation of 'Significant Issuers' under sections 26-27 [Schedule-3] and related threshold market capitalization exceeding Rs 5 billion or five million domestic users introduces further complications. Though the intention to impose enhanced governance on systemic actors is commendable, the provision is poorly calibrated. The mandatory requirement for significant issuers to maintain 3% of reserve assets as own funds, capped at Rs. 2 billion, does not consider market volatility or token model diversity. In the absence of clear stress testing frameworks or audit requirements, such thresholds may inadvertently penalize token issuers experiencing organic growth rather than managing genuine systemic risks. The Ordinance's regulatory philosophy appears inherently conservative, prioritizing compliance and capital buffers over innovation, inclusion, and agility. The pace of technological evolution in the blockchain domain renders such rigid structures counterproductive. The sandbox rules sections, 42-44, lack clear eligibility criteria, transparent evaluation metrics, and defined procedures for transitioning successful innovations to full licensing, creating uncertainty for innovators. The no-action relief mechanism offers limited legal certainty, as relief letters can be withdrawn arbitrarily without safeguards, potentially deterring participation. Enforcement powers granted to the Authority are broad but lack procedural oversight, risking overreach. Penalties, including fines up to Rs 100 million or 5% of turnover, may disproportionately burden firms. The Authority should clarify sandbox participation and exit criteria, strengthen legal certainty around no-action relief, introduce independent oversight of investigatory powers, scale penalties appropriately, define emergency intervention protocols, ensure tribunal independence, and provide detailed transitional guidelines. Additionally, the Ordinance does not distinguish between low-risk innovation (such as community tokens) and high-risk instruments (such as leveraged derivatives), thereby imposing a one-size-fits-all model that is bound to fail. The overarching legal inconsistencies further delegitimize the Ordinance. Although the document cites Prevention of Electronic Crimes Act 2016,Anti-Money Laundering Act 2010, and other laws, they do not specifically address blockchain traceability, private key security, or decentralized finance activities. Similarly, Income Tax Ordinance 2001 is silent on the classification of gains from crypto trading, whether they constitute business income, capital gains, or speculative gains, resulting in tax ambiguities that may lead to litigation and non-compliance. The lack of legislative amendments to the underlying laws renders the Ordinance an isolated and unsupported enactment. This legal vacuum prevents consistent enforcement and frustrates expectations of VASPs seeking certainty. The result is an underdeveloped ecosystem governed by disconnected laws. Provisions related to 'closed ecosystems' or 'closed-loop systems', and critical analysis of definitions e.g., consumer protection, AML-CFT framework, and taxation-related provisions will be analyzed in our coming articles. Failure to integrate the Ordinance with a broader digital economy vision dilutes its impact. The uncoordinated insertion of regulatory obligations, unsupported by infrastructure, legal amendments, or tax clarity, will most likely hinder rather than harness the potential of crypto technologies. Implementation of the Ordinance, in its current form, could entrench systemic challenges, deter foreign direct investment, and exclude domestic talent from participating in the digital asset revolution. The absence of consultative processes and empirical market assessments reveals a policy framework reactive to compliance optics rather than developmental objectives. The government must reconsider its approach by (i) introducing a risk-based, tiered licensing regime; (ii) aligning existing laws through amendments specific to virtual assets; and (iii) developing consultative mechanisms with industry stakeholders and technical experts to ensure adaptive regulation in this dynamic field. Copyright Business Recorder, 2025
