Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 10, NYDFS announced that it denied a company’s applications to engage in virtual currency business and money transmission activity in New York due to the company’s alleged deficiencies in BSA/AML and Office of Foreign Assets Control (OFAC) compliance requirements, capital requirements, and token and product launches. According to the denial letter, the company applied for a virtual currency business activity license in August 2015, and had been operating under NYDFS’ virtual currency “safe harbor” ever since. Additionally, in July 2018, the company applied to engage in money transmission activity with the state. According to NYDFS, the state’s licensing law requires an applicant to demonstrate the ability to comply with the provisions of the licensing requirements, including “implementing an effective BSA/AML/OFAC compliance program as well as other measures to protect customers and the integrity of the virtual currency markets.” Based on NYDFS’ four-week on-site review of the company’s operations, NYDFS concluded, among other things, that the company’s BSA/AML/OFAC compliance program lacked (i) adequate internal policies, procedures and controls; (ii) a qualified, effective compliance officer; (iii) adequate employee training; (iv) adequate independent program testing; and (v) adequate customer due diligence. The company is required to immediately cease operating in New York State and doing business with New York residents and has 60 days to wind down or transfer its positions and transactions.
On March 6, the Colorado Governor signed SB 19-23, which provides limited exemptions from the state’s securities registration and licensing requirements for persons dealing in certain types of digital tokens. The “Colorado Digital Token Act” (the Act) provides issuer exemptions for digital tokens sold for a “consumptive purpose”—the token is used in exchange for a good, service, or content—rather than a “speculative or investment purpose.” Specifically, the Act attempts to reduce regulatory uncertainty by providing a safe harbor from state securities laws for persons that meet the specified conditions. Subject to the filing of a referendum petition, the Act will take effect August 2.
On February 26, the Wyoming Governor signed SF 125, which classifies digital assets, including virtual currency, as personal property. Specifically, the bill divides digital assets into three categories of intangible personal property within the existing Wyoming Uniform Commercial Code: (i) digital consumer assets are considered “general intangibles”; (ii) digital securities are considered “intangible personal property” and classified as securities and investment property; and (iii) virtual currency is classified as money. Among other things, SF 125 also establishes an opt-in framework for banks to provide custodial services for digital assets as custodians (and authorizes supervision fees for banks that provide such services), and clarifies the jurisdiction of Wyoming courts to hear claims related to digital assets.
On February 20, the SEC announced a cease-and-desist order with a cybersecurity startup for conducting an unregistered Initial Coin Offering (ICO), which the company self-reported. According to the order, in late 2017, the startup conducted an unregistered ICO, which raised approximately $12.7 million in digital assets. The money was used to finance the startup’s plan to “develop a network in which participants could rent spare bandwidth and storage space on their computers and servers to others for use in defense against certain types of cyberattacks.” The SEC noted that the tokens offered and sold were considered securities because a purchaser would have a reasonable expectation of obtaining a future profit from the investment. The startup did not register the ICO nor did it qualify for an exemption to the registration requirements. The SEC did not impose a monetary penalty because, according to the order, in the summer of 2018 the startup self-reported the unregistered ICO and offered to take prompt remedial actions. The order requires the startup to return the funds to investors who purchased the tokens and register the tokens as securities.
Virtual currency is not considered “money” in Pennsylvania; platforms do not need money transmitter license
The Pennsylvania Department of Banking and Securities recently published guidance stating that virtual currency, including “Bitcoin,” is not considered “money” under the state’s Money Transmitter Act (MTA). According to the guidance, only “fiat currency,” or currency issued by the U.S. government is considered “money” under the MTA and that to transmit money under the MTA, (i) fiat currency must be transferred with or on behalf of an individual to a third party; and (ii) the money transmitter must charge a fee for the transmission. Because virtual currency trading platforms (along with virtual currency kiosks, ATMs, and vending machines) never directly handle fiat currency and there is no transfer of money from a user to a third party, they are not money transmitters under the MTA and therefore do not need a license in order to operate in the state.
On December 21, the New York governor signed A08783, which creates a digital currency task force to conduct a comprehensive review related to the regulation of cryptocurrencies in the state. The act requires the task force to issue a report by December 15, 2020, with recommendations to “increase transparency and security, enhance consumer protections, and to address the long-term impact related to the use of cryptocurrency.” The report will also contain a review of laws and regulations on digital currency, including those used by other states, the federal government, and foreign countries.
District Court rejects dismissal bid, determining plaintiff sufficiently alleged ICO tokens were unregistered stock
On December 10, the U.S. District Court for the District of New Jersey denied a motion to dismiss a putative class action, finding the plaintiff sufficiently alleged that a company’s sale of unregistered cryptocurrency tokens were “investment contracts” under securities law. According to the opinion, the plaintiff filed the proposed class action against the company alleging it sold unregistered securities in violation of the Securities Act after purchasing $25,000 worth of tokens during the company’s initial coin offering (ICO). The company moved to dismiss the complaint, arguing that the tokens were not securities subject to the registration requirements of the Act. The court applied the three-prong “investment contract” test from SEC v. W.J. Howey Co.—“the three requirements for establishing an investment contract are: (1) an investment of money, (2) in a common enterprise, (3) with profits to come solely from the efforts of others”—and determined the token sales met the requirements. Focusing on the second and third prongs, because the company acknowledged the first was satisfied, the court concluded that the plaintiff sufficiently alleged the existence of a common enterprise by showing a “horizontal commonality” from the pooling of the contributions used to develop and maintain the company’s tasking platform. As for the third prong, the court determined the investors had an expectation of profit rather than simply a means to use the tasking platform, as demonstrated by the company’s marketing of the ICO as a “‘unique investment opportunity’ that would ‘generate better financial returns[.]’”
OFAC announces cyber-related designations, releases digital-currency addresses to identify illicit actors
On November 28, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against two Iran-based individuals for allegedly helping to facilitate the exchange of ransom payments made in Bitcoin into local currency. For the first time, OFAC also identified two digital currency addresses associated with the identified financial facilitators who are designated “for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of” ransomware attacks that threaten the “national security, foreign policy, or economic health or financial stability of the [U.S.]” According to OFAC, the provided digital currency addresses should be used to assist in identifying transactions and funds to be blocked as well as investigating potential connections.
Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker stated, “We are publishing digital-currency addresses to identify illicit actors operating in the digital-currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and [anti-money laundering/countering financing of terrorism] safeguards to further their nefarious objectives.” OFAC issued a warning that persons who engage in transactions with the identified individuals “could be subject to secondary sanctions” and that “[r]egardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same.” As a result, all property and interests in property belonging to the identified individuals subject to U.S. jurisdiction “or within or transiting” the U.S. are blocked, and U.S. persons are generally prohibited from entering into transactions with them. OFAC also released new FAQs to provide guidance for financial institutions on digital currency.
View here for additional InfoBytes coverage on Iranian sanctions.
On November 27, the U.S. District Court for the Southern District of California denied the SEC’s motion for a preliminary injunction against a cryptocurrency company, concluding the agency failed show the currency tokens were “securities” as defined under federal securities laws. According to the order, the SEC filed a complaint against the company in October alleging it falsely claimed its initial coin offering (ICO) was registered and approved by the SEC and other regulators, including using the agency’s seal in marketing materials. At the time of the filing, the SEC claimed the company had already raised more than $2.5 million in pre-ICO sales. The SEC moved for a preliminary injunction to freeze the company’s assets and prevent the company’s owner from buying or selling securities and other digital currency during the pendency of the case. Upon review, the court noted the SEC must establish the company previously violated federal securities laws and there is a reasonable likelihood that it will happen again. The SEC argued the allegedly fraudulent marketing materials used to raise money from 32 “test investors” violated federal securities laws, while the company argued the investors did not have an expectation to receive profits as they were working with the company on the exchange’s functionality and therefore, the currency tokens were not “securities.” The court denied the SEC’s motion, concluding that it could not determine whether the tokens were “securities” under federal law without full discovery as there were disputed issues of material facts, including what the test investors relied on in terms of marketing materials before they purchased the cryptocurrency tokens.
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program