InfoBytes Blog

FTC says consumers lost more than $1 billion to crypto fraud

On June 3, the FTC reported that consumers lost over $1 billion to fraud involving cryptocurrencies from January 2021 through March 2022. The FTC’s recent Consumer Protection Data Spotlight found that cryptocurrency is becoming the payment of choice for many scammers and that most reported cryptocurrency losses involved fake investment opportunities (totaling $575 million in reported losses since January 2021). The spotlight stated that nearly four out of every ten dollars reported lost to a fraud originating on social media was lost in crypto, far more than any other payment method. Following losses related to cryptocurrency schemes, the next largest losses involved romance scams ($185 million) and business and government impersonation scams ($133 million collectively).

Federal Issues Digital Assets FTC Cryptocurrency Consumer Finance Fraud Consumer Protection

DFPI requests comments on oversight of crypto asset-related financial products and services

On June 1, the California Department of Financial Protection and Innovation (DFPI) issued a request for public comments from stakeholders on developing guidance related to the oversight of crypto asset-related financial products and services. DFPI will proceed with rulemaking under the authority of the California Consumer Financial Protection Law (CCFPL). The request is in accordance with an executive order issued by the California governor last month, which called on the state to create a transparent and consistent framework for companies operating in blockchain, cryptocurrency, and related financial technologies. (Covered by InfoBytes here.) DFPI’s request outlines various topics and questions concerning regulatory priorities, CCFPL regulation and supervision, and marketing monitoring functions, but notes that stakeholders “may comment on any potential area for rulemaking relating to crypto asset-related financial products and services,” including under other statutes administered or enforced by DFPI such as the Corporate Securities Law, Escrow Law, California Financing Law, or Money Transmission Act. The deadline to submit comments is August 5.

State Issues State Regulators DFPI California Digital Assets Cryptocurrency CCFPL Fintech

Brainard discusses central bank digital currency at House hearing

On May 25, Fed Governor Lael Brainard spoke before the U.S. House Financial Services Committee in a virtual hearing titled “Digital Assets and the Future of Finance: Examining the Benefits and Risks of a U.S. Central Bank Digital Currency.” According to the Committee’s memorandum regarding the hearing, the Fed defines a central bank digital currency (CBDC) as a “digital liability of a central bank that is widely available to the general public,” and though definitions vary, “understanding what distinguishes cryptocurrency from fiat government-issued currency is fundamental.” The memorandum also discussed the Fed’s publication of a discussion paper in January, Money and Payments: The U.S. Dollar in the Age of Digital Transformation, which calls for public comments on questions related to the possibility of a U.S. CBDC (covered by InfoBytes here). In Brainard’s prepared statement, she noted that the “rapid ongoing evolution” of digital assets “should lead us to frame the question not as to whether there is a need for a central bank-issued digital dollar today, but rather whether there may be conditions in the future that may give rise to such a need.” Brainard also stated that “there are risks of not acting, just as there are risks of acting.” While there has not been a decision on creating a U.S. CBDC, Brainard stated that “it is important to undertake the necessary work to inform any such decision and to be ready to move forward should the need arise.” Additionally, Brainard pointed to recent pressure on two widely used stablecoins and resulting market turmoil that “underscore the need for clear regulatory guardrails to provide consumer and investor protection, protect financial stability, and ensure a level playing field for competition and innovation across the financial system.” Brainard further stated that a U.S. CBDC could be a potential “way to ensure that people around the world who use the dollar can continue to rely on the strength and safety of the U.S. currency to transact and conduct business in the digital financial system.”

Federal Issues House Financial Services Committee Privacy/Cyber Risk & Data Security Digital Assets Cryptocurrency Federal Reserve Bank Regulatory CBDC Fintech

Hsu is self-described “crypto skeptic”

On May 24, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the 2022 DC Blockchain Summit focusing on the vulnerabilities in the cryptocurrency framework and recent volatility with stablecoins. In his remarks, Hsu described that he has “been a crypto skeptic,” and that it has become clear to him that the crypto economy depends on “hype” to “generate the interest and investment that are key to creating the ‘flywheel’ of growth that crypto projects seem to need to get off the ground.” In his speech, he discussed his three high level observations surrounding recent events from the perspective of a bank regulator. First, Hsu described “deep vulnerabilities in the crypto system,” noting that “[c]rypto is highly fragmented and prone to hacks,” and that “[c]ontagion risks are real.” He also argued that ownership rights are underdeveloped for the size, scope, and ambitions of the industry, explaining that “[f]or a technology and industry so focused on promoting an ‘ownership society,’ the lack of clarity on ownership rights, modes of ownership, and custody of digital assets seems like a fundamental problem that needs to be solved.” Second, Hsu observed that “recent events have shown the value of the OCC’s ‘careful and cautious’ approach to banks seeking to engage in crypto activities.” Hsu explained that there has been no contagion from cryptocurrencies to traditional banking and finance, stating that “[n]o banks are under stress or even rumored to be under stress due to crypto exposure.” Lastly, he warned “that hype is not harmless.” Hsu noted that a hype-driven economy has challenges for individuals interested in truly productive innovation and in protecting consumers. He recognized the possibility “for positive and transformative change with digital assets,” but warned that “the hype and the associated vulnerabilities noted above make the crypto space very dangerous for investors of modest means.” Hsu stated that while he remains a “a crypto skeptic,” he sees “its potential and understand[s] why there is excitement around it.” He also stated that the agency “will continue to take a careful and cautious approach to crypto in order to ensure that the national banking system is safe, sound, and fair.”

Bank Regulatory Fedral Issues Digital Assets OCC Privacy/Cyber Risk & Data Security Cryptocurrency Fintech

NYDFS commits to mitigating virtual currency risks

On May 20, NYDFS Superintendent Adrienne A. Harris emphasized the role regulation plays in protecting consumers from cybercriminals in the virtual currency marketplace. According to Harris, NYDFS is committed to mitigating risks in this space by guarding against sanctions evasion and illicit activity and making sure corporate infrastructure and consumer data are well protected from bad actors. Harris stressed that NYDFS “will continue to improve upon [its] regulation and supervision; engage with key stakeholders on important trends and issues; collaborate with state, federal and international regulators; and strive to be a forward-looking, innovative regulator, including through [its] VOLT initiative,” which supports the department’s efforts to increase transparency and enhance supervision related to virtual currency.

State Issues Digital Assets Virtual Currency State Regulators NYDFS New York Consumer Protection Financial Crimes Fintech

OFAC announces first-ever sanctions against virtual currency mixer

On May 6, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13722 against a virtual currency mixer used by the Democratic People’s Republic of Korea (DPRK) to support its cyber activities and money-laundering. According to OFAC, in March, a DPRK state-sponsored cyber-hacking group carried out the largest virtual currency heist to date, worth almost $620 million, from a blockchain project linked to an online game. The virtual currency mixer was used to process over $20.5 million of the illicit proceeds. OFAC noted that the sanctions are the first-ever sanctions on a virtual currency mixer. As a result of the sanctions, all property and interests in property belonging to the sanctioned entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.

Financial Crimes OFAC Department of Treasury North Korea SDN List Virtual Currency Digital Assets OFAC Sanctions OFAC Designations Of Interest to Non-US Persons

California governor orders state to create blockchain regulatory framework

On May 4, the California governor issued an executive order calling on the state to create a transparent and consistent framework for companies operating in blockchain, cryptocurrency, and related financial technologies. This framework, the governor stated, should harmonize federal and California laws and balance innovation with consumer protection. The executive order outlined several priorities, including:

• The framework should include input from a range of stakeholders for potential blockchain applications and ventures;
• The Department of Financial Protection and Innovation (DFPI) should engage in a public process, including with federal agencies, to “develop a comprehensive regulatory approach to crypto assets harmonized with the direction of federal regulations and guidance” and should “exercise its authority under the California Consumer Financial Protection Law (CCFPL) to develop guidance and, as appropriate, regulatory clarity and supervision of private entities offering crypto asset-related financial products and services” in the state;
• DFPI should publish consumer protection principles that include model disclosures, error resolution, and other criteria, and “seek input from stakeholders and licensees in order to publish guidance for California state-chartered banks and credit unions”;
• DFPI should engage in actions to protect consumers, including initiating enforcement actions to enforce the CCFPL, enhancing its review of consumer complaints related to crypto asset-related financial products and services and working with companies to remedy such complaints, and publishing consumer education materials;
• GovOps should issue a request for innovative ideas to explore opportunities for deploying blockchain technologies that address public-serving and emerging needs; and
• Members of the Governor's Council for Postsecondary Education should “identify opportunities to create a research and workforce environment to power innovation in blockchain technology, including crypto assets” to “expose students to emerging opportunities.”

The governor emphasized that while blockchain technology over the past decade “has laid the foundation for a new generation of innovation, spurring a rise in entrepreneurialism in sectors including financial technology,” among others, its impact “is both uncertain and profound” and carries risks and legal implications.

State Issues California Digital Assets Blockchain Fintech DFPI CCFPL

SEC to expand crypto asset and cyber unit team

On May 3, the SEC announced it will nearly double the size of its Crypto Assets and Cyber Unit within the Division of Enforcement. “By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity,” SEC Chair Gary Gensler stated. Since the unit’s inception, more than 80 enforcement actions have been brought against actors related to fraudulent and unregistered crypto asset offerings and platforms, resulting in monetary relief totaling more than $2 billion. The unit has also “brought numerous actions against SEC registrants and public companies for failing to maintain adequate cybersecurity controls and for failing to appropriately disclose cyber-related risks and incidents.” The expanded unit will focus on investigations related to: crypto asset offerings, crypto asset exchanges, crypto asset lending and staking products, decentralized finance platforms, non-fungible tokens, and stablecoins.

Securities Digital Assets Cryptocurrency Privacy/Cyber Risk & Data Security Enforcement

DOJ to strengthen kleptocracy asset recovery

On April 28, the DOJ issued a fact sheet outlining legislative proposals to strengthen kleptocracy asset recovery as part of the Biden administration’s efforts “to isolate and target the crimes of Russian officials, government-aligned elites, and those who aid or conceal their unlawful conduct.” The proposed measures would “streamline asset forfeiture proceedings in certain circumstances” and also:

• Enable the DOJ and Treasury and State Departments to work together to return forfeited kleptocrat funds to remediate harms caused to Ukraine;
• Expand forfeiture authorities under the International Emergency Economic Powers Act (IEEPA) to include property used to facilitate the violations of sanctions and “amend IEEPA’s penalty provision to extend the existing forfeiture authorities to facilitating property, not just to proceeds of the offenses”;
• Expand the definition of “racketeering activity” in the Racketeer Influenced and Corrupt Organizations Act to include criminal violations of IEEP and the Export Control Reform Act to improve the U.S.’s ability to investigate and prosecute sanctions evasion and export control violations;
• Extend the statute of limitations for prosecuting sanctions violations and the statute of limitations for seeking forfeitures based on foreign offenses from five years to 10 years; and
• Improve the U.S.’s ability to work with international partners to facilitate enforcement of foreign restraint and forfeiture orders for criminal property and improve the ability to take these actions in the U.S.

As previously covered by InfoBytes, the DOJ launched “Task Force KleptoCapture,” an “interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export restrictions, and economic countermeasures that the United States has imposed, along with allies and partners,” in order to “isolate Russia from global markets” in March. The task force has since engaged in numerous transatlantic efforts to sanction numerous Russian elites, Russia’s largest privately-owned aircraft, and one of the world’s largest superyachts (covered by InfoBytes here), and has “seized approximately $625,000 associated with sanctioned parties held at nine U.S. financial institutions.”

Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.

Financial Crimes DOJ Digital Assets Russia Ukraine Ukraine Invasion Of Interest to Non-US Persons Biden RICO OFAC Sanctions Department of Treasury Department of State

Hsu discusses stablecoin standards

On April 27, acting Comptroller of the Currency Michael J. Hsu issued a statement regarding stablecoin standards after appearing before the Artificial Intelligence and the Economy: Charting a Path for Responsible and Inclusive AI symposium hosted by the U.S. Department of Commerce, National Institute of Standards and Technology, FinRegLab, and the Stanford Institute for Human-Centered Artificial Intelligence. According to Hsu, the internet has “technical foundations” that “provide for an open, royalty-free network.” He further noted that “[t]hose foundations did not emerge on their own. They were developed by standard setting bodies like IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium), which had representatives with differing perspectives, a shared public interest ethos, and a strong leader committed to the vision of an open and inclusive internet.” Hsu further stated that stablecoins do not have “shared standards and are not interoperable.” However, to make stablecoins “open and inclusive,” Hsu said that he believed that “a standard setting initiative similar to that undertaken by IETF and W3C needs to be established, with representatives not just from crypto/Web3 firms, but also from academia and government.” As previously covered by InfoBytes, Hsu discussed stablecoin policy considerations earlier this month in remarks before the Institute of International Economic Law at Georgetown University Law Center, calling for the establishment of an “intentional architecture” for stablecoins developed through principles of “[s]tability, interoperability and separability,” as well as “core values” of “privacy, security, and preventing illicit finance.”

Bank Regulatory Federal Issues OCC Digital Assets Cryptocurrency Stablecoins Risk Management Fintech