Woman sitting at desk wearing AR Goggles with hand outstretched for a handshake.

Regulations In The Metaverse: What Rules Will Apply?

The metaverse has fast moved from the realms of science fiction to a potential driver of trillions in revenue. But, what does an ongoing lack of regulation of this abstract medium mean for regulated organizations and their compliance obligations?

22 June 2022 5 mins read
By Jennie Clarke

The metaverse, defined in its most simple terms as, “…the next-generation version of the internet”1 could be worth up to $5 trillion by 2030, according to a report recently published by McKinsey & Company.

In a valuation that its report, Value creation in the metaverse: The real business of the virtual world calls “too big to be ignored” by companies, the firm explores a variety of current and future use cases for the metaverse by industry, as well as how its investment in the first half of 2022 has doubled that through all of 2021 (at over $120bn).2

As an environment that propels interactivity to greater heights of realism to revolutionize the online user experience, the metaverse’s application to industries such as media and gaming is obvious, and well documented. But the metaverse is more than just video games. It is also an emergent digital economy where virtual and real worlds collide.

Moving forward, it will be an important component in rising Decentralized Finance (DeFi) models, where users can access a range of financial services via public blockchains – from lending and borrowing, to trading and investments – using next-gen cryptocurrencies and non-fungible tokens (NFTs), without needing to interact with a bank or exchange as a central institution.

While the concept of a highly immersive virtual world where people gather to socialize, play, and work is one of the key selling points of the metaverse, so too are the projected revenues. Earlier this year, JPMorgan became the first bank to debut in the metaverse with its online bank and Onyx lounge, housed within popular metaverse, Decentraland, in a move the bank hopes could raise up to $1 trillion in revenue.

Potential pitfalls of the metaverse for highly regulated business

While the metaverse presents revenue and growth potential for firms that embrace it, like many tech-led innovations within the financial services, its development and adoption so far precedes any overarching regulation or governance parameters.

Here are just some examples where highly regulated financial services in particular need to consider how the absence of a regulatory framework may affect their participation:

1. Business communications and team collaboration

Optimizing the metaverse to create new ‘connected environments’ for internal and remote collaboration is one clear point of entry for financial institutions. With the rise in hybrid working, new virtual meeting rooms create an opportunity to reduce video call fatigue, and bring more engaging and immersive qualities to the 2D meeting format. In fact, Microsoft has already announced intentions to integrate virtual experiences directly into Microsoft Teams from next year.

However, with regulators such as the SEC and FINRA intensifying their focus on how firms monitor and apply recordkeeping rules when using new and emerging channels, caution will be needed. This is especially true as the devices people use – or even wear – to connect to these environments will be varied and unlikely to be covered by existing policy, so how information would be retained and stored from a recordkeeping standpoint must considered. While valuable compliance lessons have been learned from firms’ increased use of channels like social media, the metaverse is likely to present even more complex challenges from a data governance standpoint.

2. Legacy stretch

Many financial firms are still working on legacy architectures, or a hybrid of legacy and cloud, as they advance their digital transformation strategies. This may bring limitations in terms of accessing metaverse environments and applications. Third parties may offer a point of entry but could add to, or create, supply chain complexity as well as questions concerning data accountability, especially in such a largely unregulated space.

3. A reliance on self-regulation

It is widely accepted that the globality of the metaverse, combined with the different rules and requirements (for instance over data privacy) across it, make a one-size-fits-all approach to regulating the metaverse impossible. Like most tech innovations, it’s also already living, breathing, and operating across multiple platforms and markets.

Many experts suggest that, certainly in the short term, self-regulation is the only answer with the onus put on the ‘most reputable players’ in the metaverse to join forces and self-govern or draw up their own robust codes of conduct. Longer term, the ambition is for other key stakeholder groups and representatives from participating industries to contribute and help inform and deliver safeguards relevant to their specific obligations and use cases. Clearly, this is not an ideal roadmap to regulation, particularly for those organizations subject to high levels of scrutiny in the interim. However, participants proactively guiding any process towards a regulatory framework will ultimately mean that governments and policymakers have a level of context when looking to accommodate the demands across the user base and seek to create clear rules, embed specific policy, and make the metaverse more resilient and a beneficial place for everyone to be.

1. Source: The Metaverse: The Next Generation of the Internet (americancentury.com) American Century Investments

2. Source: Value-creation-in-the-metaverse.pdf (mckinsey.com) McKinsey & Company, June 2022