Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 25, Senators Elizabeth Warren (D-MA) and Ron Wyden (D-OR) sent a letter to the chair of the Public Company Accounting Oversight Board (PCAOB) urging the board to make sure it was taking sufficient measures to hold registered audit firms accountable for their work with cryptocurrency clients. The letter highlighted the recent turmoil in the crypto market following the collapse of a major crypto exchange last November, and inquired about “the role that auditors may have played in misleading the public about the financial soundness and safety of crypto companies.” Referring to reports of “scandalous accounting practices” within the industry, the senators urged the PCAOB to take action to ensure accountability. “When PCAOB-registered auditors perform sham audits—even for firms that may lay outside of the PCAOB’s jurisdiction—they tarnish the credibility of the PCAOB and undermine confidence in the PCAOB-registered auditors that investors and the public rely on when making investment decisions,” the senators wrote, adding that “misleading financial reports shake our confidence in the entire auditing industry.”
The senators asked the PCAOB to respond to several questions concerning alleged misleading auditing practices related to the exchange’s collapse, including whether the PCAOB is taking steps to mitigate risks facing retail investors, whether it was aware of any potential conflicts of interest or other concerning behavior, and whether it has “the authority to strip auditors of their PCAOB-registered status if they provide services or engage in conduct that fall short of PCAOB standards and rules, even if those actions are taken in relation to private, non-SEC registered companies.” The senators also asked the PCAOB to describe the standards that auditors must comply with “when evaluating the risk of exposure to crypto firms or validating the valuation of crypto investments.”
On January 20, SEC Commissioner Hester M. Peirce spoke before the Digital Assets at Duke Conference discussing cryptocurrency lessons for the future. In her remarks, Peirce discussed the current state of cryptocurrency, stating that “the crypto world is burning.” She encouraged the audience to “not wait for regulators to fix the problems that bubbled to the surface in 2022” within the crypto industry, and instead incentivize good behavior. She also emphasized “the point of crypto,” which she considers “is not driving up crypto prices so that you can dump your tokens on someone else. Digital assets need to trade, so centralized venues or decentralized exchange protocols are necessary, but trading markets are not the ultimate point.” Among other things related to crypto, she said lessons from traditional finance are equally applicable in crypto. For example, she noted that “[h]igher returns come with higher risks.” She also suggested that the SEC should conduct some form of notice and comment process to resolve the thorniest crypto-related policy issues.
Peirce noted that “sandboxing is coming.” She then explained that SEC Chair Gary Gensler has requested “‘staff to sort through how we might best allow investors to trade crypto security tokens versus or alongside crypto non-security tokens,’ which is an area in which experimentation through no-action letters and exemptions would be possible.” She also strongly agrees with his sentiment that “‘[g]iven the nature of crypto investments . . . it may be appropriate to be flexible in applying existing disclosure requirements.’”
She also expressed that “[r]egulation is not a silver bullet, but understanding whether, by whom, and how the company is regulated can help you calibrate your own due diligence.” Peirce said that the SEC “needs to conduct better, more precise, and more transparent legal analysis” in crypto. She noted that its continued use of the precedent from the 1946 U.S. Supreme Court case in SEC v. W.J. Howey Co. has “fleshed out the investment contract subcategory of securities, we repeat the mantra that all, or virtually all, tokens are securities,” calling the SEC’s application of the test to crypto tokens “askew.” She then noted that “an initial fundraising transaction involving a crypto token can create an investment contract, but the token itself is not necessarily the security even if it is sold on the secondary market.” Peirce also noted that the SEC often “refers to the crypto assets themselves as securities.”
On January 23, NYDFS reiterated expectations for sound custody and disclosure practices for entities that are licensed or chartered to custody or temporarily hold, store, or maintain virtual currency assets on behalf of customers (virtual currency entities or “VCEs”). NYDFS explained that under the state’s virtual currency regulation (23 NYCRR Part 200), VCEs operating under the BitLicense and Limited Purpose Trust Charter are required to, among other things, “hold virtual currency in a manner that protects customer assets; maintain comprehensive books and records; properly disclose the material terms and conditions associated with their products and services, including custody services; and refrain from making any false, misleading or deceptive representations or omissions in their marketing materials.”
The regulatory guidance on insolvency clarifies standards and practices intended to ensure that VCEs are providing high levels of customer protection with respect to licensed asset custody. Specifically, the guidance addresses customer protection concerns regarding:
- The segregation of and separate accounting for customer virtual currency. VCEs “should separately account for, and segregate a customer’s virtual currency from, the corporate assets of the VCE Custodian and its affiliated entities, both on-chain and on the VCE Custodian’s internal ledger accounts.”
- VCEs limited interest in and use of customer virtual currency. VCEs that take possession of a customer’s assets should do so “only for the limited purpose of carrying out custody and safekeeping services” and must not “establish a debtor-creditor relationship with the customer.”
- Sub-custody arrangements. VCEs may choose, after conducting appropriate due diligence, to safekeep a customer’s virtual currency through a third-party sub-custody arrangement provided the arrangement is consistent with regulatory guidance and approved by NYDFS.
- Customer disclosures. VCEs are “expected to clearly disclose to each customer the general terms and conditions associated with its products, services and activities, including how the VCE Custodian segregates and accounts for the virtual currency held in custody, as well as the customer's retained property interest in the virtual currency.” Additionally, a customer agreement should be transparent about the parties’ intentions to enter into a custodial relationship as opposed to a debtor-creditor relationship.
On January 19, the SEC charged a Cayman Islands digital asset firm for allegedly failing to register the offer and sale of its retail crypto-asset lending product. According to the SEC’s cease-and-desist order, the company’s product allowed U.S. investors to tender certain crypto assets with the company, which were then deposited in interest-yielding accounts and used by the company to generate income and fund interest payments to investors.
The SEC maintained that the company’s product was marketed as an opportunity for investors to earn interest on their crypto assets, and that company actions “included staking, lending, and engaging in arbitrage on purportedly ‘decentralized’ finance platforms; investing in certain crypto assets; loaning funds to retail and institutional borrowers; and entering into options and swap contracts with respect to the crypto assets tendered”— resulting in the company acquiring $2.7 billion in assets from approximately 112,000 investors. The SEC found that because the product qualified as a security and did not qualify for an exemption from registration under the Securities Act of 1933, the company was required to register its offer and sale of the product, which it failed to do.
The company did not admit or deny the SEC’s findings, but agreed to pay $22.5 million to the SEC, and said it would stop offering and selling the unregistered lending product to U.S. investors. The SEC considered remedial actions promptly taken by the company, as well as its cooperation with Commission staff in determining the settlement amount. The SEC reported that the company voluntarily stopped offering its product to new U.S. investors and ceased paying interest on new funds added to existing accounts after the SEC announced charges against a different company that offered a similar crypto investment product. The company also announced that the product would stop being offered in certain states and that it was phasing out all of its products and services in the U.S.
The company also agreed to pay another $22.5 million to state regulators from California, Kentucky, Maryland, New York, Oklahoma, South Carolina, Vermont, and Washington in a parallel action claiming the company offered interest-earning accounts without first registering the investment products as securities. According to the announcement, the company allegedly failed to comply with state securities registration requirements, and, among other things, deprived investors “of critical information and disclosures necessary to understand the potential risks of the [product].”
On January 18, CFTC Commissioner Christy Goldsmith Romero spoke before the Wharton School and the University of Pennsylvania Carey Law School on lessons learned from the recent bankruptcy of a cryptocurrency exchange, calling the collapse a “violation of trust.” Specifically, Goldsmith Romero mentioned that the digitization of financial services and products brought convenience but also a presumed trust in crypto exchanges with name recognition, which was violated by the collapse. She pointed to the collapsed exchange’s reliance on the name recognition it made through marketing campaigns and explained that such advertising “played up the exchange’s safety and convenience for people that may be new to crypto.”
Goldsmith Romero urged Congress to avoid permitting newly-regulated crypto exchanges to self-certify products for listing under the current process that limits CFTC oversight. She stressed it “is critical to institute guardrails against regulatory arbitrage," including prohibiting self-certification.
Goldsmith Romero also called on lawyers, accountants, compliance professionals, and other gatekeepers to “step up and call for compliance, controls, and other governance.” She expressed that these gatekeepers failed their “essential duties” to protect crypto customers and market integrity, and noted that they have allowed “the promise of riches and the company’s marketing pitch to silence their objections to obvious deficiencies.” Ultimately, Goldsmith Romero advised that “[s]ound custody practices and strong cybersecurity are necessary to restore trust and protect customers.”
On January 18, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act to identify a Hong Kong-registered global virtual currency exchange operating outside of the U.S. as a “primary money laundering concern” in connection with Russian illicit finance. FinCEN announced that the virtual currency exchange offers exchange and peer-to-peer services and “plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia.” A FinCEN investigation revealed that the virtual currency exchange facilitated deposits and funds transfers to Russia-affiliated ransomware groups or affiliates, as well as transactions with Russia-connected darknet markets, one of which is currently sanctioned and subject to enforcement actions that have shuttered its operations. The investigation also found that the virtual currency exchange failed to meaningfully implement steps to identify and disrupt the illicit use and abuse of its services, and lacked adequate policies, procedures, or internal controls to combat money laundering and illicit finance.
Recognizing that the virtual currency exchange “poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” FinCEN acting Director Himamauli Das emphasized that “[a]s criminals and criminal facilitators evolve, so too does our ability to disrupt these networks.” He warned that FinCEN will continue to leverage the full range of its authorities to prohibit these institutions from gaining access to and using the U.S. financial system to support Russian illicit finance. Effective February 1, covered financial institutions are prohibited from engaging in the transmittal of funds from or to the virtual currency exchange, or from or to any account or CVC address administered by or on behalf of the virtual currency exchange. Frequently asked questions on the action are available here.
Concurrently, the DOJ announced that the founder and majority owner of the virtual currency exchange was arrested for his alleged involvement in the transmission of illicit funds. Charged with conducting an unlicensed money transmitting business and processing more than $700 million of illicit funds, the DOJ said the individual allegedly “knowingly allowed [the virtual currency exchange] to become a perceived safe haven for funds used for and resulting from a variety of criminal activities,” and was aware that the virtual currency exchange’s accounts “were rife with illicit activity and that many of its users were registered under others’ identities.” While the virtual currency exchange claimed it did not accept users from the U.S., it allegedly conducted substantial business with U.S.-based customers and advised users that they could transfer funds from U.S. financial institutions.
Deputy Secretary of the Treasury Wally Adeyemo issued a statement following the announcement, noting that the action “is a unique step that has only been taken a handful of times in Treasury’s history for some of the most egregious money laundering cases, and is the first of its kind specifically under new authorities to combat Russian illicit finance.” He reiterated that the action “sends a clear message that we are prepared to take action against any financial institution—including virtual asset service providers—with lax controls against money laundering, terrorist financing, or other illicit finance.”
On January 12, the SEC filed a complaint in the U.S. District Court for the Southern District of New York against two companies (collectively, defendants), alleging that they were involved in the unregistered offer and sale of securities through a crypto asset lending program. According to the complaint, in December 2020, one defendant entered into an agreement with the other defendant to offer customers, including retail investors in the U.S., an opportunity to loan their crypto assets to the defendant in exchange for its “promise to pay interest on those investors’ crypto assets.” The complaint further alleged that in February 2021, the defendants began offering the program to retail investors, which included that there was no minimum investment amount to be eligible to participate, and that investors tendered their crypto assets to one of the defendants acting as the agent to facilitate the transaction. The SEC noted that the defendant deducted an agent fee, sometimes as high as 4.29 percent. The complaint also alleged that the defendant then exercised its discretion in how to use investors’ crypto assets to generate revenue and pay interest to investors. In November 2022, the company announced that it would not allow its investors to withdraw their crypto assets because the company did not have sufficient liquid assets to meet withdrawal requests following volatility in the crypto asset market. These activities violated Section 5(a) and 5(c) of the Securities Act the SEC said. The SEC’s complaint seeks permanent injunctive relief, disgorgement of ill-gotten gains, prejudgment interest, and civil penalties.
On January 10, Federal Reserve Governor Michelle W. Bowman spoke before the Florida Bankers Association Leadership Luncheon regarding the economy and bank supervision. In her remarks, Bowman said that inflation is “much too high” and that her focus is on “bringing it down toward our 2 percent goal.” Bowman stated it is a “hopeful sign” that unemployment has remained low. However, she acknowledged that it is likely that as a part of the process, “labor markets will soften somewhat before we bring inflation back to our 2 percent goal.”
Regarding crypto, Bowman said that crypto activities may “pose significant risks to consumers, businesses, and potentially the larger financial system.” She also said that there is “dysfunction” in cryptomarkets, “with some crypto firms misrepresenting that they have deposit insurance.” She also mentioned “the collapse of certain stablecoins, and, most recently, the bankruptcy of [a cryptocurrency exchange platform].”
Bowman additionally discussed the Fed’s push for a real-time payments system. Since 2019, the Fed has been working to launch FedNow, a new faster payments system that will be available in the first half of 2023. According to Bowman, “FedNow will help transform the way payments are made through new direct services that enable consumers and businesses to make payments conveniently, in real time, on any day, and with immediate availability of funds for receivers.” As previously covered by a Buckley Special Alert, in June, the Fed issued a final rule on its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. She also noted that FedNow will enable depository institutions of every size to provide “safe and efficient” instant payment services.
Regarding climate change, Bowman noted that the Fed views its role on climate “as a narrow focus on supervisory responsibilities and limited to our role in promoting a safe, sound and stable financial system.” She also noted that the Fed’s recent climate guidance only applies to banks with more than $100 billion in assets. Bowman also disclosed while “climate supervision effort is a new area of focus, it has been a longstanding supervisory requirement that banks manage their risks related to extreme weather events and other natural disasters that could disrupt operations or impact business lines.”
Additionally, Bowman provided a Community Reinvestment Act (CRA) update. She said that the CRA, which requires the Fed and other banking agencies to encourage banks to help meet the credit needs of their communities, “was last updated 25 years ago.” As previously covered by InfoBtytes, in May, the Fed, FDIC, and OCC issued a joint notice of proposed rulemaking on new regulations implementing the CRA to update how CRA activities qualify for consideration, where CRA activities are considered, and how CRA activities are evaluated. The CRA proposal, which she is fully supportive of, “reflects these industry changes, including recognizing internet and mobile banking services, it also attempts to provide clarity and consistency, and it could enhance access to credit for these low- and moderate-income communities
On January 6, the U.S. District Court for the Northern District of California granted a defendant cryptocurrency exchange’s motion to compel arbitration in a class action alleging the exchange, along with the issuer of a stablecoin cryptocurrency, misrepresented the stability of the coin when offering it on the exchange’s platform. The defendants filed separate motions to compel arbitration, however, the plaintiffs claimed, among other things, that since they opened their accounts, the exchange’s user agreement, which contains an arbitration agreement, “has been unilaterally modified more than 20 times.” They further maintained that the exchange’s motion to compel arbitration should be denied because the arbitration provision is “unconscionable and thus unenforceable” and “the delegation clause is inapplicable and unconscionable.”
In December, the California Department of Financial Protection and Innovation (DFPI) issued a report identifying six recommendations for how California should engage with blockchain and Web3 industries. The report follows a May 2022 Executive Order (E.O.) from the California governor to create a regulatory and business environment for blockchain and cryptocurrency companies that balances the benefits and risks to consumers. As previously covered by InfoBytes, one of the priorities of the E.O. included for DFPI to, among other things, engage in a public process, including with federal agencies, to “develop a comprehensive regulatory approach to crypto assets harmonized with the direction of federal regulations and guidance” and “exercise its authority under the California Consumer Financial Protection Law (CCFPL) to develop guidance and, as appropriate, regulatory clarity and supervision of private entities offering crypto asset-related financial products and services” in California. The report made six recommendations to “encourage the continued growth and adoption of blockchain technology.”
- Engagement with stakeholders. The state should “continue dialogue with industry, advocates, and regulators to stay apprised of new technologies, products, definitions and risks.”
- Consumer protection and education. The state should promote consumer protection and consumer education about blockchain and crypto products, which includes, among other things: (i) training staff to better supervise regulated entities, products, and services; (ii) increasing efforts to educate Californians on how to use certain crypto-asset related financial products and services; and (iii) developing and publishing “standards for use in reviewing crypto asset-related securities to help provide more meaningful investor disclosures and to allow companies who wish to offer such securities more quickly and efficiently.”
- Legislation and regulation. The state should identify legislative gaps and clarify statutory authority regarding crypto assets. DFPI will attempt to harmonize California’s regulatory approach with federal regulators, other states, and local jurisdictions.
- Government use. The state should consider ways to use blockchain technology to “increase efficiencies, improve access, and reduce costs.”
- Environmental protection. The state should encourage more environmentally efficient blockchain technologies and explore policy interventions to reduce energy use.
- Workforce and economic development. The state should tap its higher education systems to help support and grow the blockchain sector and related technologies.