Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 6, the Colorado Governor signed SB 19-23, which provides limited exemptions from the state’s securities registration and licensing requirements for persons dealing in certain types of digital tokens. The “Colorado Digital Token Act” (the Act) provides issuer exemptions for digital tokens sold for a “consumptive purpose”—the token is used in exchange for a good, service, or content—rather than a “speculative or investment purpose.” Specifically, the Act attempts to reduce regulatory uncertainty by providing a safe harbor from state securities laws for persons that meet the specified conditions. Subject to the filing of a referendum petition, the Act will take effect August 2.
On February 19, the Wyoming Governor signed HB 57, which creates a fintech sandbox program in the state for companies to test innovative financial products and services. Wyoming is the second state to introduce a regulatory sandbox program, following Arizona’s sandbox introduction last March. (Previously covered by InfoBytes here.) Under the “Financial Technology Sandbox Act” (the Act), the state’s sandbox will be open to innovative financial products and services, including those focused on blockchain and cryptocurrencies, and will allow testing of these products for up to two years with the possibility of an additional 12 month extension before requiring participants to apply for formal licensure. Additionally, under certain conditions, the Act—which grants various supervisory and enforcement power to the state banking commissioner and the secretary of state, including revocation and suspension rights—will authorize (i) limited waivers of specified statutes or rules, and (ii) reciprocity agreements with other regulators. The Act takes effect January 1, 2020.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
On December 21, the New York governor signed A08783, which creates a digital currency task force to conduct a comprehensive review related to the regulation of cryptocurrencies in the state. The act requires the task force to issue a report by December 15, 2020, with recommendations to “increase transparency and security, enhance consumer protections, and to address the long-term impact related to the use of cryptocurrency.” The report will also contain a review of laws and regulations on digital currency, including those used by other states, the federal government, and foreign countries.
On November 27, the U.S. District Court for the Southern District of California denied the SEC’s motion for a preliminary injunction against a cryptocurrency company, concluding the agency failed show the currency tokens were “securities” as defined under federal securities laws. According to the order, the SEC filed a complaint against the company in October alleging it falsely claimed its initial coin offering (ICO) was registered and approved by the SEC and other regulators, including using the agency’s seal in marketing materials. At the time of the filing, the SEC claimed the company had already raised more than $2.5 million in pre-ICO sales. The SEC moved for a preliminary injunction to freeze the company’s assets and prevent the company’s owner from buying or selling securities and other digital currency during the pendency of the case. Upon review, the court noted the SEC must establish the company previously violated federal securities laws and there is a reasonable likelihood that it will happen again. The SEC argued the allegedly fraudulent marketing materials used to raise money from 32 “test investors” violated federal securities laws, while the company argued the investors did not have an expectation to receive profits as they were working with the company on the exchange’s functionality and therefore, the currency tokens were not “securities.” The court denied the SEC’s motion, concluding that it could not determine whether the tokens were “securities” under federal law without full discovery as there were disputed issues of material facts, including what the test investors relied on in terms of marketing materials before they purchased the cryptocurrency tokens.
On November 16, the SEC announced cryptocurrency-related settlements imposing civil money penalties against two companies that allegedly offered and sold digital tokens through initial coin offerings (ICO). The settlements are the SEC’s first cases imposing civil money penalties based solely on alleged ICO securities offering registration violations. According to the SEC, the two companies allegedly violated the Securities and Exchange Act of 1934 by offering and selling ICO tokens without (i) registering them pursuant to federal securities laws; or (ii) qualifying for an exemption to registration requirements. Under the terms of the settlement agreements (available here and here), the companies—who have neither admitted nor denied the findings—have each agreed to pay a $250,000 civil money penalty, and will also (i) return funds to impacted investors; (ii) register the digital tokens as securities; and (iii) file periodic reports with the SEC.
On November 8, the SEC announced its first enforcement action settlement with a digital currency platform for allegedly operating as an unregistered national securities exchange. According to the cease-and-desist order, the founder of the digital currency exchange, who has since sold the exchange to foreign buyers, allegedly violated federal securities laws by providing an online platform for secondary market trading of digital assets, including ERC20 tokens, without registering with the Commission or operating pursuant to a registration exemption. ERC20 tokens are digital assets issued and distributed on the Ethereum Blockchain using the ERC20 protocol, which, according to the SEC, is the standard coding protocol currently used by a significant majority of issuers in initial coin offerings. The order emphasizes that 92 percent of the trades on the exchange took place after the SEC released its Report of Investigation Pursuant To Section 21(a) Of The Securities Exchange Act of 1934: The DAO (the DAO Report) in July 2017, advising that non-exempt digital currency exchanges must register with the Commission. Without admitting or denying the findings, the founder agreed to pay $300,000 in disgorgement plus interest and a $75,000 penalty.
FATF updates standards to prevent misuse of virtual assets; reviews progress on jurisdictions with AML/CFT deficiencies
On October 19, the Financial Action Task Force (FATF) issued a statement urging all countries to take measures to prevent virtual assets and cryptocurrencies from being used to finance crime and terrorism. FATF updated The FATF Recommendations to add new definitions for “virtual assets” and “virtual asset service providers” and to clarify how the recommendations apply to financial activities involving virtual assets and cryptocurrencies. FATF also stated that virtual asset service providers are subject to Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) regulations, which require conducting customer due diligence, such as ongoing monitoring, record-keeping, and suspicious transaction reporting, and commented that virtual asset service providers should be licensed or registered and will be subject to compliance monitoring. However, FATF noted that its recommendations “require monitoring or supervision only for purposes of AML/CFT, and do not imply that virtual asset service providers are (or should be) subject to stability or consumer/investor protection safeguards.”
The same day, FATF announced that several countries made “high-level political commitment[s]” to address AML/CFT strategic deficiencies through action plans developed to strengthen compliance with FATF standards. These jurisdictions are the Bahamas, Botswana, Ethiopia, Ghana, Pakistan, Serbia, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, and Yemen. FATF also issued a public statement calling for continued counter-measures against the Democratic People's Republic of Korea due to significant AML/CFT deficiencies and the threats posed to the integrity of the international financial system, and enhanced due diligence measures with respect to Iran. However, FATF will continue its suspension of counter-measures due to Iran’s political commitment to address its strategic AML/CFT deficiencies.
On October 10, the Financial Stability Board (FSB) published a report, which asserts that although “crypto-assets do not pose a material risk to global financial stability at this time,” there may be implications for financial stability in the future as market developments evolve. The newest report, “Crypto-asset markets: Potential channels for future financial stability implications,” follows a July report discussing the FSB’s framework for monitoring and assessing vulnerabilities in the financial system resulting from developments in the crypto-asset markets. (See previous InfoBytes coverage here.) According to the October report, the FSB conducted an assessment which considered the primary risks present in crypto-assets and their markets, such as “low liquidity, the use of leverage, market risks from volatility, and operational risks,” and determined that, “[b]ased on these features, crypto-assets lack the key attributes of sovereign currencies and do not serve as a common means of payment, a stable store of value, or a mainstream unit of account.” However, the October report discussed challenges to assessing and monitoring potential risks and commented on the following implications that may arise from the evolving use of crypto-assets: (i) reputational risks to financial institutions and their regulators; (ii) risks from direct or indirect exposures of financial institutions; (iii) risks resulting from the use of crypto-assets in payments and settlements; and (iv) risks from market capitalization and wealth effects.
Colorado regulator exempts certain cryptocurrency exchanges from money transmitter licensing requirements
On September 20, the Colorado Department of Regulatory Agencies Division of Banking (Division) issued interim guidance exempting certain types of cryptocurrency exchanges from the state’s money transmitter licensing requirements. Under the interim guidance—which outlines the Division’s interpretation of Colorado’s existing Money Transmitters Act (the Act)— the Division determined that the Act regulates the transmission of money, meaning legal tender, and that cryptocurrencies are not legal tender under the Act. As a result, virtual currency exchanges operating in Colorado do not require a license if transmitting only cryptocurrencies without any legal tender issued and backed by a government (fiat currency) involved in the transaction. However, if fiat currency is present in a transaction, then a virtual currency exchange may require a license. Additionally, a virtual currency exchange must obtain a license when it performs all of the following: (i) it engages in the business of selling and buying cryptocurrencies for fiat currency; (ii) it allows a Colorado customer to transfer cryptocurrency to another customer within the exchange; and (iii) it allows the transfer of fiat currency through the medium of cryptocurrency within the exchange. If a virtual currency exchange offers the ability to transfer fiat currency through the medium of cryptocurrency, the Division encourages the exchange to contact the Division to determine whether it must obtain a license.
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program