Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
On December 21, the New York governor signed A08783, which creates a digital currency task force to conduct a comprehensive review related to the regulation of cryptocurrencies in the state. The act requires the task force to issue a report by December 15, 2020, with recommendations to “increase transparency and security, enhance consumer protections, and to address the long-term impact related to the use of cryptocurrency.” The report will also contain a review of laws and regulations on digital currency, including those used by other states, the federal government, and foreign countries.
On November 27, the U.S. District Court for the Southern District of California denied the SEC’s motion for a preliminary injunction against a cryptocurrency company, concluding the agency failed show the currency tokens were “securities” as defined under federal securities laws. According to the order, the SEC filed a complaint against the company in October alleging it falsely claimed its initial coin offering (ICO) was registered and approved by the SEC and other regulators, including using the agency’s seal in marketing materials. At the time of the filing, the SEC claimed the company had already raised more than $2.5 million in pre-ICO sales. The SEC moved for a preliminary injunction to freeze the company’s assets and prevent the company’s owner from buying or selling securities and other digital currency during the pendency of the case. Upon review, the court noted the SEC must establish the company previously violated federal securities laws and there is a reasonable likelihood that it will happen again. The SEC argued the allegedly fraudulent marketing materials used to raise money from 32 “test investors” violated federal securities laws, while the company argued the investors did not have an expectation to receive profits as they were working with the company on the exchange’s functionality and therefore, the currency tokens were not “securities.” The court denied the SEC’s motion, concluding that it could not determine whether the tokens were “securities” under federal law without full discovery as there were disputed issues of material facts, including what the test investors relied on in terms of marketing materials before they purchased the cryptocurrency tokens.
On November 16, the SEC announced cryptocurrency-related settlements imposing civil money penalties against two companies that allegedly offered and sold digital tokens through initial coin offerings (ICO). The settlements are the SEC’s first cases imposing civil money penalties based solely on alleged ICO securities offering registration violations. According to the SEC, the two companies allegedly violated the Securities and Exchange Act of 1934 by offering and selling ICO tokens without (i) registering them pursuant to federal securities laws; or (ii) qualifying for an exemption to registration requirements. Under the terms of the settlement agreements (available here and here), the companies—who have neither admitted nor denied the findings—have each agreed to pay a $250,000 civil money penalty, and will also (i) return funds to impacted investors; (ii) register the digital tokens as securities; and (iii) file periodic reports with the SEC.
On November 8, the SEC announced its first enforcement action settlement with a digital currency platform for allegedly operating as an unregistered national securities exchange. According to the cease-and-desist order, the founder of the digital currency exchange, who has since sold the exchange to foreign buyers, allegedly violated federal securities laws by providing an online platform for secondary market trading of digital assets, including ERC20 tokens, without registering with the Commission or operating pursuant to a registration exemption. ERC20 tokens are digital assets issued and distributed on the Ethereum Blockchain using the ERC20 protocol, which, according to the SEC, is the standard coding protocol currently used by a significant majority of issuers in initial coin offerings. The order emphasizes that 92 percent of the trades on the exchange took place after the SEC released its Report of Investigation Pursuant To Section 21(a) Of The Securities Exchange Act of 1934: The DAO (the DAO Report) in July 2017, advising that non-exempt digital currency exchanges must register with the Commission. Without admitting or denying the findings, the founder agreed to pay $300,000 in disgorgement plus interest and a $75,000 penalty.
FATF updates standards to prevent misuse of virtual assets; reviews progress on jurisdictions with AML/CFT deficiencies
On October 19, the Financial Action Task Force (FATF) issued a statement urging all countries to take measures to prevent virtual assets and cryptocurrencies from being used to finance crime and terrorism. FATF updated The FATF Recommendations to add new definitions for “virtual assets” and “virtual asset service providers” and to clarify how the recommendations apply to financial activities involving virtual assets and cryptocurrencies. FATF also stated that virtual asset service providers are subject to Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) regulations, which require conducting customer due diligence, such as ongoing monitoring, record-keeping, and suspicious transaction reporting, and commented that virtual asset service providers should be licensed or registered and will be subject to compliance monitoring. However, FATF noted that its recommendations “require monitoring or supervision only for purposes of AML/CFT, and do not imply that virtual asset service providers are (or should be) subject to stability or consumer/investor protection safeguards.”
The same day, FATF announced that several countries made “high-level political commitment[s]” to address AML/CFT strategic deficiencies through action plans developed to strengthen compliance with FATF standards. These jurisdictions are the Bahamas, Botswana, Ethiopia, Ghana, Pakistan, Serbia, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, and Yemen. FATF also issued a public statement calling for continued counter-measures against the Democratic People's Republic of Korea due to significant AML/CFT deficiencies and the threats posed to the integrity of the international financial system, and enhanced due diligence measures with respect to Iran. However, FATF will continue its suspension of counter-measures due to Iran’s political commitment to address its strategic AML/CFT deficiencies.
On October 10, the Financial Stability Board (FSB) published a report, which asserts that although “crypto-assets do not pose a material risk to global financial stability at this time,” there may be implications for financial stability in the future as market developments evolve. The newest report, “Crypto-asset markets: Potential channels for future financial stability implications,” follows a July report discussing the FSB’s framework for monitoring and assessing vulnerabilities in the financial system resulting from developments in the crypto-asset markets. (See previous InfoBytes coverage here.) According to the October report, the FSB conducted an assessment which considered the primary risks present in crypto-assets and their markets, such as “low liquidity, the use of leverage, market risks from volatility, and operational risks,” and determined that, “[b]ased on these features, crypto-assets lack the key attributes of sovereign currencies and do not serve as a common means of payment, a stable store of value, or a mainstream unit of account.” However, the October report discussed challenges to assessing and monitoring potential risks and commented on the following implications that may arise from the evolving use of crypto-assets: (i) reputational risks to financial institutions and their regulators; (ii) risks from direct or indirect exposures of financial institutions; (iii) risks resulting from the use of crypto-assets in payments and settlements; and (iv) risks from market capitalization and wealth effects.
Colorado regulator exempts certain cryptocurrency exchanges from money transmitter licensing requirements
On September 20, the Colorado Department of Regulatory Agencies Division of Banking (Division) issued interim guidance exempting certain types of cryptocurrency exchanges from the state’s money transmitter licensing requirements. Under the interim guidance—which outlines the Division’s interpretation of Colorado’s existing Money Transmitters Act (the Act)— the Division determined that the Act regulates the transmission of money, meaning legal tender, and that cryptocurrencies are not legal tender under the Act. As a result, virtual currency exchanges operating in Colorado do not require a license if transmitting only cryptocurrencies without any legal tender issued and backed by a government (fiat currency) involved in the transaction. However, if fiat currency is present in a transaction, then a virtual currency exchange may require a license. Additionally, a virtual currency exchange must obtain a license when it performs all of the following: (i) it engages in the business of selling and buying cryptocurrencies for fiat currency; (ii) it allows a Colorado customer to transfer cryptocurrency to another customer within the exchange; and (iii) it allows the transfer of fiat currency through the medium of cryptocurrency within the exchange. If a virtual currency exchange offers the ability to transfer fiat currency through the medium of cryptocurrency, the Division encourages the exchange to contact the Division to determine whether it must obtain a license.
New York Attorney General issues Virtual Markets Integrity Report, following cryptocurrency integrity initiative
On September 18, the New York Attorney General’s office announced the results of its Virtual Markets Integrity Initiative, a fact-finding inquiry into the policies and practices of platforms used by consumers to trade virtual or “crypto” currencies. As previously covered in InfoBytes, last April questionnaires were sent to 13 virtual asset trading platforms to solicit information on their operations, policies, internal controls, and safeguards to protect consumer assets. The resulting Virtual Markets Integrity Report finds that virtual asset trading platforms vary significantly in the comprehensiveness of their response to the risks facing the virtual markets, and presents three broad areas of concern: (i) the potential for conflicts of interest due to platforms engaging in various overlapping business lines that are not restricted or monitored in the same way as traditional trading environments; (ii) a lack of protection from abusive trading platforms and practices; and (iii) limited protections for customer funds, such as the insufficient availability of insurance for virtual asset losses and platforms that do not conduct any type of independent auditing of virtual assets. According to the report, the Attorney General’s office also referred three platforms to the New York Department of Financial Services for potential violations of the state’s virtual currency regulations.
On August 23, the U.S. District Court for the Eastern District of New York entered final judgment in favor of the Commodity Futures Trading Commission (CFTC) in its suit against a cryptocurrency trading advice company and its owner (defendants) for allegedly misappropriating investor money through a cryptocurrency trading scam. As previously covered by InfoBytes in March, the court granted the CFTC’s request for a preliminary injunction, holding that the CFTC has the authority to regulate virtual currency as a “commodity” within the meaning of the Commodity Exchange Act and that the CFTC has jurisdiction to pursue fraudulent activities involving virtual currency even if the fraud does not directly involve the sale of futures or derivative contracts. The final judgment orders the defendants to pay over $1.1 million in restitution and civil money penalties and permanently enjoins them from engaging in future activities related to commodity interests and virtual currencies.
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jessica L. Pollet to discuss "Law & compliance speedsmarts" at the American Financial Services Association Law & Compliance Symposium
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program