Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Adrienne Harris, Superintendent of the New York State Department of Financial Services (“DFS”) issued an update on the VOLT initiative, an ongoing project to enhance DFS’s role as a virtual currency regulator. Superintendent Harris published proposed guidance adopting enhanced criteria for procedures to list and de-list virtual currencies as well as updated guidance for designating virtual currencies to the DFS “Greenlist.”
The new General Framework for Greenlisted Coins sets (i) heightened risk assessment standards for coin-listing policies and enhances requirements for consumer-facing products; and (ii) new requirements associated with coin-delisting policies. Under the new guidance, a virtual currency entity that seeks to self-certify coins must create a coin-listing policy and may not self-certify any coins until such possibly has a written approval from DFS. A coin-listing policy must contain and be based on a robust governance structure; comprehensive risk assessment; consideration of factors to identify and mitigate risks involved in each coin and its uses; and policies and procedures to conduct continued monitoring of the coin to ensure consistent safety and soundness compliance.
The new framework does not require prior approval from the DFS to list coins included on the Greenlist, but does require virtual currency entities that choose to list such coins to (i) provide advance notification to DFS and (ii) have a DFS-approved coin-delisting policy.
On August 29, the D.C. Circuit overturned the SEC’s denial of a company’s application to convert its bitcoin trust into an exchange-traded fund (ETF). In October 2021, the company applied to convert its bitcoin trust to an ETF pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 19b-4 thereunder, a proposed rule change to list and trade shares. In June 2022, the SEC denied the company’s application on the basis that the burden under the Exchange Act and the SEC’s Rules of Practice, which requires among other things, that the rules of national securities exchange be “designed to prevent fraudulent and manipulative acts and practices” and “to protect investors and the public interest.”
The company promptly appealed, alleging that the SEC “acted arbitrarily and capriciously by denying the listing of [the company]’s proposed bitcoin ET[F] and approving the listing of materially similar bitcoin futures ET[F]s”. The three-judge panel held that the SEC “failed to provide the necessary “reasonable and coherent explanation” for its inconsistent treatment of similar products” and “in the absence of a coherent explanation, this unlike regulatory treatment of like products is unlawful.”
This decision does not mean that the SEC must approve the company’s application. However, the SEC must review the application again.
On August 28, the SEC entered an order against a Los Angeles-based media and entertainment company charging them with conducting an unregistered offering of crypto asset securities in the form of non-fungible tokens (NFTs). According to the order, the company offered and sold different tiers of NFTs to hundreds of investors between October and December of 2021, and ultimately raised approximately $30 million from the sales. The SEC alleged that the company encouraged potential investors to purchase the unregistered NFTs in return for an investment in the business, promising “tremendous value” to the purchasers if the company was successful in its attempts to “build the next Disney” and launch other creative projects. The order found that the NFTs were ultimately investment contracts and therefore securities, and that the company subsequently violated federal securities laws by offering and selling crypto assets in an unregistered securities offering that was not otherwise exempt from registration requirements.
The SEC noted that all securities, in whatever form, are required to be registered and that when companies fail to register securities, “investors of all types are deprived of the protections afforded them by the robust disclosures and other safeguards long provided by our securities laws.” The company did not admit or deny the findings set forth in the order but agreed to cease-and-desist from violating registration provisions of the 1933 Act and pay a combined penalty of over $6.1 million in fees. The order also establishes a “Fair Fund” to return money to investors who paid to purchase NFTs.
On the same day, the SEC released a statement from Republican commissioners, Hester M. Peirce and Mark T. Uyeda, underscoring the significance of the commission’s first NFT enforcement action. “People are experimenting with a lot of different uses of NFTs,” said the commissioners in their partial dissents. “Consequently, any attempt to use this enforcement action as precedent is fraught with difficulty.” The commissioners further criticized the SEC’s failure to provide guidance on NFTs when they first started proliferating and raised several questions.
On August 11, a split U.S District Court of the Southern District of New York partially granted and partially denied a crypto platform’s (defendant) motion to dismiss most charges for failure to state a claim upon which relief can be granted. Four months after plaintiff opened an account with defendant, a hacker siphoned approximately $5 million worth of Bitcoin from the account. Between the time the hacker accessed the account and withdrew the Bitcoin, plaintiff contacted the platform about being locked out of the account, to which defendant responded that the password change email could be in plaintiff’s spam folder. The complaint alleged that had the company locked the account, plaintiff would still have access to their Bitcoin, and that the platform has a duty to protect its customers’ assets and accounts. Among other things, the complaint also alleged that the platform violated the Electronic Fund Transfer Act (EFTA), the New York General Business Law, and the Michigan Consumer Protection Act.
In its motion to dismiss, defendant argued that Regulation E does not apply to the platform because the EFTA language does not explicitly cover cryptocurrency and only references denominations of the U.S. dollar. Although a separate case against the same defendant determined EFTA did apply to the platform since the statute’s “funds” reference could reasonably cover cryptocurrency (covered by InfoBytes here), the judge’s order focused on, “electronic fund transfer”. The court more closely considered the purpose of the account, expressing uncertainty as to whether it was for personal, family, or household purposes. The court found that the definition of an “account” under EFTA does not include plaintiff’s electronic fund transfer account which was established for investment purposes. In the previous case against the same defendant, the court held that the defendant deceived the users regarding its security measures, but the judge presiding over this case disagreed. The court cut the claims of misrepresentation finding that plaintiff failed to allege that the statements were false at the time they were made. The order denies two claims: (i) that the defendant misrepresented its security level; and (ii) that the defendant failed to meet EFTA requirements and its implementing Regulation E, because investment purposes accounts are precluded from the statute’s protections. The court granted the other four counts.
On August 4, Senators Elizabeth Warren (D-MA), Tim Kaine (D-VA), and Chris Van Hollen (D-MD) sent a letter to the White House National Security Advisor and the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence regarding their concerns over North Korea’s use of cyberattacks and cryptocurrency theft to skirt international sanctions and embargos. The letter urges the Treasury to provide details on its plan to stop North Korea from using digital assets to evade sanctions and continue with the development of nuclear weapons and ballistic missiles. The senators noted that a UN report found that in 2016, “North Korea exhibited a ‘clear shift’ to attacking cryptocurrency exchanges for the purposes of ‘generating financial revenue’” that is difficult to trace and subject to less government oversight. The letter highlights the effects of the cyberattacks, including how they have generated about $2 billion, which is then used to fund the North Korean military. The extent of the cybercrime and cryptocurrency thefts show its use is “key” to the regime’s survival, and notes that the regime has a workforce of thousands of IT workers who operate out of many different countries. The senators asked for a response to their five questions by August 16.
On August 8, the U.S. Government Accountability Office (GAO) released letters sent to the OCC, SEC, FDIC and the Fed to provide an update on GAO’s “priority open recommendations” for each regulator. Priority open recommendations refer to suggestions from GAO to bank regulators that have the potential for cost savings, elimination of mismanagement, fraud, and abuse, or addressing high-risk or duplication issues. GAO suggested that all four agencies follow its recommendation to coordinate oversight of blockchain technology. GAO referenced recent “volatility, bankruptcies, and instances of fraud in the crypto asset markets” and underscored the dangers to consumers and investors without safeguards. GAO suggests regulators jointly establish a formal coordination method to promptly identify and address risks tied to blockchain.
For the three banking regulators in particular—the OCC, FDIC, and Fed—GAO noted that in 2011 it recommended that the three banking regulators implement noncapital triggers for early regulatory intervention tied to risky banking practices, but that such triggers had not yet been implemented. GAO also suggested that banking regulators and the “communicate the appropriate use of alternative data in the underwriting process with banks that engage in third-party relationships with fintech lenders.”
GAO’s letter to the Fed restated GAO’s 2016 recommendation that the Fed design “a process to communicate information about the uncertainty surrounding post-stress capital ratio estimates” and “articulate tolerance levels for key risks identified through sensitivity testing and for the degree of uncertainty in the projected capital ratios.” GAO also recommended that the Fed revisit its “prompt corrective action framework” by “adopting noncapital triggers that would require early and forceful regulatory actions tied to unsafe banking practices.”
On July 18, Federal Reserve Vice Chair for Supervision Michael Barr delivered a speech on adjusting the Fair Housing Act and ECOA in response to the increasing relevance of artificial intelligence. Barr explained how the digital economy offers many great utilizations, such as accessing the creditworthiness of individuals without credit history and facilitating wider access to credit for those who may otherwise be excluded. Along with a digital economy, Barr cautioned, comes negative implications where technologies can potentially violate the fair lending laws and may perpetuate existing disparities and inaccuracies, among other things. Barr highlighted Special Purpose Credit Programs as a tool to address discrimination and bias in mortgage credit transactions. In addition, Barr highlighted two recent initiatives taken by the Fed to tackle appraisal discrimination and bias in housing mortgage credit transactions—one involved inviting public feedback on a proposed rule to uphold credibility and integrity in automated valuation models, and the other sought input on guidance addressing risks related to deficient home appraisals, emphasizing "reconsiderations of value" in the process. (Covered by InfoBytes here and here.) Barr also commented that through the Fed’s supervisory process, it is evaluating whether firms have proper risk management and controls, including with respect to these new technologies.
On July 17, SEC Chair Gary Gensler spoke before the National Press Club, where he discussed opportunities and challenges stemming from the use of artificial intelligence (AI)-based models. While Gensler acknowledged that AI has the potential to promote greater financial inclusion and enhance user experience, he warned that there are also challenges associated with AI advancements that need to be considered at both the individual and broader economic levels. At the individual (micro) level, Gensler explained that AI’s predictive capabilities allow for personalized communication, product offerings, and pricing. However, this individualized approach (also known as “narrowcasting”) also raises questions about how individuals will respond to tailored messages and offers, he said, pointing out that when AI models are used to make important decisions such as job selection, loan approvals, credit decisions, and healthcare allocation, issues related to explainability, bias, and robustness become a concern. Gensler elaborated that AI models often produce unexplainable decisions and outcomes due to their nonlinear and hyper-dimensional nature. Furthermore, AI may also make it more difficult to ensure fairness and can inadvertently perpetuate biases present in historical data or use latent features that act as proxies for protected characteristics, Gensler said, adding that “the challenges of explainability may mask underlying systemic racism and bias in AI predictive models.”
Gensler explained that these data analytics challenges are not new and that in the late 1960s and early 1970s, the Fair Housing Act, FCRA, and ECOA were, in part, driven by similar issues. He warned advisers and brokers that as they incorporate these technologies into their services, they must ensure that when offering advice and recommendations (whether or not based on AI) they consider the best interests of their clients and retail customers and not place their interests ahead of investors’ interests.
On July 17, the Financial Stability Board (FSB) released its global regulatory framework for promoting comprehensive, international consistency of regulatory and supervisory approaches for crypto-asset activities and stablecoins, while also supporting responsible innovations potentially brought by technological changes. Based on the principle of “same activity, same risk, same regulation,” FSB’s framework consists of two distinct sets of recommendations. The first set of recommendations focuses on regulating, supervising, and overseeing crypto-asset activities and markets at a high level. The recommendations establish a global regulatory baseline for promoting a framework that is technology-neutral and focuses on underlying activities and risks (FSB notes that some jurisdictions may choose to take more restrictive regulatory measures). The second set provides revised high-level recommendations specifically for the regulation, supervision, and oversight of “global stablecoin” arrangements. The recommendations also seek to promote consistent and effective regulation, supervision and oversight of global stablecoin arrangements across jurisdictions to address potential financial stability risks posed at both the domestic and international level, while further “supporting responsible innovation and providing sufficient flexibility for jurisdictions to implement domestic approaches.”
The final recommendations “take account of lessons from events of the past year in crypto-asset markets, as well as feedback received during the public consultation of the FSB’s proposals,” the announcement said, noting that central bank digital currencies are not subject to these recommendations. The FSB and sectoral standard-setting bodies (SSBs) will continue to coordinate work to promote the development of a comprehensive and coherent global regulatory framework that is appropriate for the risks associated with crypto-asset market activities, including providing more detailed guidance through SSBs and monitoring and public reporting.
On July 13, the Biden administration published the National Cybersecurity Strategy Implementation Plan (NCSIP), outlining a roadmap for carrying out the administration’s National Cybersecurity Strategy. The strategy was released earlier this year to introduce several key pillars for countering threats to the digital ecosystem and improving the nation’s digital security (covered by InfoBytes here). Designed to build and enhance collaboration, the NCSIP identifies 65 federal initiatives assigned to various agencies with timelines for completion. According to the announcement, 18 agencies are spearheading initiatives in this “whole-of-government” plan, which also factors in “continued collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments.”
Pillars include measures to:
- Defend critical infrastructure (the Cybersecurity and Infrastructure Security Agency will implement measures to update the National Cyber Incident Response Plan to, among other things, provide clear guidance to external partners on the roles and capabilities of federal agencies in incident response and recovery);
- Disrupt and dismantle threat actors (including focusing on virtual asset providers that enable the laundering of ransomware proceeds);
- Shape market forces and drive security and resilience;
- Invest in a resilient future (the National Institute of Standards and Technology will convene an interagency working group to coordinate major issues in international cybersecurity standardization); and
- Forge international partnerships to facilitate coordination with partner nations. The administration expects to update the plan annually.