Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI announces $22.5 million multistate settlement with crypto platform
On January 26, the California Department of Financial Protection and Innovation (DFPI) announced that it entered into a $22.5 million settlement agreement with a Cayman Islands digital asset firm to resolve a securities enforcement action regarding its interest-bearing virtual currency account. As previously covered by InfoBytes, in September 2022, the New York attorney general sued the firm for allegedly offering unregistered securities and defrauding investors. A North American Securities Administrators Association working group—composed of the DFPI and state regulators from Washington, Kentucky, New York, Oklahoma, Indiana, Maryland, South Carolina, Vermont, and Wisconsin—collaborated in the investigation into the firm. The states alleged that the platform failed to register as a securities and commodities broker but told investors that it was fully in compliance. According to the New York AG’s complaint, the platform promoted and sold securities through an interest-bearing virtual currency account that promised high returns for participating investors. The New York AG said that a cease-and-desist letter was sent to the platform in October 2021, and that while the platform stated it was “working diligently to terminate all services” in the state, it continued to handle more than 5,000 accounts as of July. The complaint charges the platform with violating New York’s Martin Act and New York Executive Law § 63(12), and seeks restitution, disgorgement of profits, and a permanent injunction. The announcement also noted the SEC entered into a separate settlement with the firm for the same penalty amount, alleging that it to register the offer and sale of its retail crypto-asset lending product (covered by InfoBytes here).
Warren, Wyden urge PCAOB to crack down on crypto auditors
On January 25, Senators Elizabeth Warren (D-MA) and Ron Wyden (D-OR) sent a letter to the chair of the Public Company Accounting Oversight Board (PCAOB) urging the board to make sure it was taking sufficient measures to hold registered audit firms accountable for their work with cryptocurrency clients. The letter highlighted the recent turmoil in the crypto market following the collapse of a major crypto exchange last November, and inquired about “the role that auditors may have played in misleading the public about the financial soundness and safety of crypto companies.” Referring to reports of “scandalous accounting practices” within the industry, the senators urged the PCAOB to take action to ensure accountability. “When PCAOB-registered auditors perform sham audits—even for firms that may lay outside of the PCAOB’s jurisdiction—they tarnish the credibility of the PCAOB and undermine confidence in the PCAOB-registered auditors that investors and the public rely on when making investment decisions,” the senators wrote, adding that “misleading financial reports shake our confidence in the entire auditing industry.”
The senators asked the PCAOB to respond to several questions concerning alleged misleading auditing practices related to the exchange’s collapse, including whether the PCAOB is taking steps to mitigate risks facing retail investors, whether it was aware of any potential conflicts of interest or other concerning behavior, and whether it has “the authority to strip auditors of their PCAOB-registered status if they provide services or engage in conduct that fall short of PCAOB standards and rules, even if those actions are taken in relation to private, non-SEC registered companies.” The senators also asked the PCAOB to describe the standards that auditors must comply with “when evaluating the risk of exposure to crypto firms or validating the valuation of crypto investments.”
SEC commissioner discusses state of the crypto industry
On January 20, SEC Commissioner Hester M. Peirce spoke before the Digital Assets at Duke Conference discussing cryptocurrency lessons for the future. In her remarks, Peirce discussed the current state of cryptocurrency, stating that “the crypto world is burning.” She encouraged the audience to “not wait for regulators to fix the problems that bubbled to the surface in 2022” within the crypto industry, and instead incentivize good behavior. She also emphasized “the point of crypto,” which she considers “is not driving up crypto prices so that you can dump your tokens on someone else. Digital assets need to trade, so centralized venues or decentralized exchange protocols are necessary, but trading markets are not the ultimate point.” Among other things related to crypto, she said lessons from traditional finance are equally applicable in crypto. For example, she noted that “[h]igher returns come with higher risks.” She also suggested that the SEC should conduct some form of notice and comment process to resolve the thorniest crypto-related policy issues.
Peirce noted that “sandboxing is coming.” She then explained that SEC Chair Gary Gensler has requested “‘staff to sort through how we might best allow investors to trade crypto security tokens versus or alongside crypto non-security tokens,’ which is an area in which experimentation through no-action letters and exemptions would be possible.” She also strongly agrees with his sentiment that “‘[g]iven the nature of crypto investments . . . it may be appropriate to be flexible in applying existing disclosure requirements.’”
She also expressed that “[r]egulation is not a silver bullet, but understanding whether, by whom, and how the company is regulated can help you calibrate your own due diligence.” Peirce said that the SEC “needs to conduct better, more precise, and more transparent legal analysis” in crypto. She noted that its continued use of the precedent from the 1946 U.S. Supreme Court case in SEC v. W.J. Howey Co. has “fleshed out the investment contract subcategory of securities, we repeat the mantra that all, or virtually all, tokens are securities,” calling the SEC’s application of the test to crypto tokens “askew.” She then noted that “an initial fundraising transaction involving a crypto token can create an investment contract, but the token itself is not necessarily the security even if it is sold on the secondary market.” Peirce also noted that the SEC often “refers to the crypto assets themselves as securities.”
NYDFS gives custodial guidance on crypto insolvency
On January 23, NYDFS reiterated expectations for sound custody and disclosure practices for entities that are licensed or chartered to custody or temporarily hold, store, or maintain virtual currency assets on behalf of customers (virtual currency entities or “VCEs”). NYDFS explained that under the state’s virtual currency regulation (23 NYCRR Part 200), VCEs operating under the BitLicense and Limited Purpose Trust Charter are required to, among other things, “hold virtual currency in a manner that protects customer assets; maintain comprehensive books and records; properly disclose the material terms and conditions associated with their products and services, including custody services; and refrain from making any false, misleading or deceptive representations or omissions in their marketing materials.”
The regulatory guidance on insolvency clarifies standards and practices intended to ensure that VCEs are providing high levels of customer protection with respect to licensed asset custody. Specifically, the guidance addresses customer protection concerns regarding:
- The segregation of and separate accounting for customer virtual currency. VCEs “should separately account for, and segregate a customer’s virtual currency from, the corporate assets of the VCE Custodian and its affiliated entities, both on-chain and on the VCE Custodian’s internal ledger accounts.”
- VCEs limited interest in and use of customer virtual currency. VCEs that take possession of a customer’s assets should do so “only for the limited purpose of carrying out custody and safekeeping services” and must not “establish a debtor-creditor relationship with the customer.”
- Sub-custody arrangements. VCEs may choose, after conducting appropriate due diligence, to safekeep a customer’s virtual currency through a third-party sub-custody arrangement provided the arrangement is consistent with regulatory guidance and approved by NYDFS.
- Customer disclosures. VCEs are “expected to clearly disclose to each customer the general terms and conditions associated with its products, services and activities, including how the VCE Custodian segregates and accounts for the virtual currency held in custody, as well as the customer's retained property interest in the virtual currency.” Additionally, a customer agreement should be transparent about the parties’ intentions to enter into a custodial relationship as opposed to a debtor-creditor relationship.
Company to pay $45 million to SEC, states for unregistered crypto-lending product
On January 19, the SEC charged a Cayman Islands digital asset firm for allegedly failing to register the offer and sale of its retail crypto-asset lending product. According to the SEC’s cease-and-desist order, the company’s product allowed U.S. investors to tender certain crypto assets with the company, which were then deposited in interest-yielding accounts and used by the company to generate income and fund interest payments to investors.
The SEC maintained that the company’s product was marketed as an opportunity for investors to earn interest on their crypto assets, and that company actions “included staking, lending, and engaging in arbitrage on purportedly ‘decentralized’ finance platforms; investing in certain crypto assets; loaning funds to retail and institutional borrowers; and entering into options and swap contracts with respect to the crypto assets tendered”— resulting in the company acquiring $2.7 billion in assets from approximately 112,000 investors. The SEC found that because the product qualified as a security and did not qualify for an exemption from registration under the Securities Act of 1933, the company was required to register its offer and sale of the product, which it failed to do.
The company did not admit or deny the SEC’s findings, but agreed to pay $22.5 million to the SEC, and said it would stop offering and selling the unregistered lending product to U.S. investors. The SEC considered remedial actions promptly taken by the company, as well as its cooperation with Commission staff in determining the settlement amount. The SEC reported that the company voluntarily stopped offering its product to new U.S. investors and ceased paying interest on new funds added to existing accounts after the SEC announced charges against a different company that offered a similar crypto investment product. The company also announced that the product would stop being offered in certain states and that it was phasing out all of its products and services in the U.S.
The company also agreed to pay another $22.5 million to state regulators from California, Kentucky, Maryland, New York, Oklahoma, South Carolina, Vermont, and Washington in a parallel action claiming the company offered interest-earning accounts without first registering the investment products as securities. According to the announcement, the company allegedly failed to comply with state securities registration requirements, and, among other things, deprived investors “of critical information and disclosures necessary to understand the potential risks of the [product].”
CFTC commissioner discusses crypto exchange’s collapse
On January 18, CFTC Commissioner Christy Goldsmith Romero spoke before the Wharton School and the University of Pennsylvania Carey Law School on lessons learned from the recent bankruptcy of a cryptocurrency exchange, calling the collapse a “violation of trust.” Specifically, Goldsmith Romero mentioned that the digitization of financial services and products brought convenience but also a presumed trust in crypto exchanges with name recognition, which was violated by the collapse. She pointed to the collapsed exchange’s reliance on the name recognition it made through marketing campaigns and explained that such advertising “played up the exchange’s safety and convenience for people that may be new to crypto.”
Goldsmith Romero urged Congress to avoid permitting newly-regulated crypto exchanges to self-certify products for listing under the current process that limits CFTC oversight. She stressed it “is critical to institute guardrails against regulatory arbitrage," including prohibiting self-certification.
Goldsmith Romero also called on lawyers, accountants, compliance professionals, and other gatekeepers to “step up and call for compliance, controls, and other governance.” She expressed that these gatekeepers failed their “essential duties” to protect crypto customers and market integrity, and noted that they have allowed “the promise of riches and the company’s marketing pitch to silence their objections to obvious deficiencies.” Ultimately, Goldsmith Romero advised that “[s]ound custody practices and strong cybersecurity are necessary to restore trust and protect customers.”
FinCEN prohibits engagement with virtual currency exchange connected to Russian finance
On January 18, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act to identify a Hong Kong-registered global virtual currency exchange operating outside of the U.S. as a “primary money laundering concern” in connection with Russian illicit finance. FinCEN announced that the virtual currency exchange offers exchange and peer-to-peer services and “plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia.” A FinCEN investigation revealed that the virtual currency exchange facilitated deposits and funds transfers to Russia-affiliated ransomware groups or affiliates, as well as transactions with Russia-connected darknet markets, one of which is currently sanctioned and subject to enforcement actions that have shuttered its operations. The investigation also found that the virtual currency exchange failed to meaningfully implement steps to identify and disrupt the illicit use and abuse of its services, and lacked adequate policies, procedures, or internal controls to combat money laundering and illicit finance.
Recognizing that the virtual currency exchange “poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” FinCEN acting Director Himamauli Das emphasized that “[a]s criminals and criminal facilitators evolve, so too does our ability to disrupt these networks.” He warned that FinCEN will continue to leverage the full range of its authorities to prohibit these institutions from gaining access to and using the U.S. financial system to support Russian illicit finance. Effective February 1, covered financial institutions are prohibited from engaging in the transmittal of funds from or to the virtual currency exchange, or from or to any account or CVC address administered by or on behalf of the virtual currency exchange. Frequently asked questions on the action are available here.
Concurrently, the DOJ announced that the founder and majority owner of the virtual currency exchange was arrested for his alleged involvement in the transmission of illicit funds. Charged with conducting an unlicensed money transmitting business and processing more than $700 million of illicit funds, the DOJ said the individual allegedly “knowingly allowed [the virtual currency exchange] to become a perceived safe haven for funds used for and resulting from a variety of criminal activities,” and was aware that the virtual currency exchange’s accounts “were rife with illicit activity and that many of its users were registered under others’ identities.” While the virtual currency exchange claimed it did not accept users from the U.S., it allegedly conducted substantial business with U.S.-based customers and advised users that they could transfer funds from U.S. financial institutions.
Deputy Secretary of the Treasury Wally Adeyemo issued a statement following the announcement, noting that the action “is a unique step that has only been taken a handful of times in Treasury’s history for some of the most egregious money laundering cases, and is the first of its kind specifically under new authorities to combat Russian illicit finance.” He reiterated that the action “sends a clear message that we are prepared to take action against any financial institution—including virtual asset service providers—with lax controls against money laundering, terrorist financing, or other illicit finance.”
SEC charges companies for offering and selling unregistered crypto asset securities
On January 12, the SEC filed a complaint in the U.S. District Court for the Southern District of New York against two companies (collectively, defendants), alleging that they were involved in the unregistered offer and sale of securities through a crypto asset lending program. According to the complaint, in December 2020, one defendant entered into an agreement with the other defendant to offer customers, including retail investors in the U.S., an opportunity to loan their crypto assets to the defendant in exchange for its “promise to pay interest on those investors’ crypto assets.” The complaint further alleged that in February 2021, the defendants began offering the program to retail investors, which included that there was no minimum investment amount to be eligible to participate, and that investors tendered their crypto assets to one of the defendants acting as the agent to facilitate the transaction. The SEC noted that the defendant deducted an agent fee, sometimes as high as 4.29 percent. The complaint also alleged that the defendant then exercised its discretion in how to use investors’ crypto assets to generate revenue and pay interest to investors. In November 2022, the company announced that it would not allow its investors to withdraw their crypto assets because the company did not have sufficient liquid assets to meet withdrawal requests following volatility in the crypto asset market. These activities violated Section 5(a) and 5(c) of the Securities Act the SEC said. The SEC’s complaint seeks permanent injunctive relief, disgorgement of ill-gotten gains, prejudgment interest, and civil penalties.
Fed’s Bowman discusses the economy and bank supervision
On January 10, Federal Reserve Governor Michelle W. Bowman spoke before the Florida Bankers Association Leadership Luncheon regarding the economy and bank supervision. In her remarks, Bowman said that inflation is “much too high” and that her focus is on “bringing it down toward our 2 percent goal.” Bowman stated it is a “hopeful sign” that unemployment has remained low. However, she acknowledged that it is likely that as a part of the process, “labor markets will soften somewhat before we bring inflation back to our 2 percent goal.”
Regarding crypto, Bowman said that crypto activities may “pose significant risks to consumers, businesses, and potentially the larger financial system.” She also said that there is “dysfunction” in cryptomarkets, “with some crypto firms misrepresenting that they have deposit insurance.” She also mentioned “the collapse of certain stablecoins, and, most recently, the bankruptcy of [a cryptocurrency exchange platform].”
Bowman additionally discussed the Fed’s push for a real-time payments system. Since 2019, the Fed has been working to launch FedNow, a new faster payments system that will be available in the first half of 2023. According to Bowman, “FedNow will help transform the way payments are made through new direct services that enable consumers and businesses to make payments conveniently, in real time, on any day, and with immediate availability of funds for receivers.” As previously covered by a Buckley Special Alert, in June, the Fed issued a final rule on its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. She also noted that FedNow will enable depository institutions of every size to provide “safe and efficient” instant payment services.
Regarding climate change, Bowman noted that the Fed views its role on climate “as a narrow focus on supervisory responsibilities and limited to our role in promoting a safe, sound and stable financial system.” She also noted that the Fed’s recent climate guidance only applies to banks with more than $100 billion in assets. Bowman also disclosed while “climate supervision effort is a new area of focus, it has been a longstanding supervisory requirement that banks manage their risks related to extreme weather events and other natural disasters that could disrupt operations or impact business lines.”
Additionally, Bowman provided a Community Reinvestment Act (CRA) update. She said that the CRA, which requires the Fed and other banking agencies to encourage banks to help meet the credit needs of their communities, “was last updated 25 years ago.” As previously covered by InfoBtytes, in May, the Fed, FDIC, and OCC issued a joint notice of proposed rulemaking on new regulations implementing the CRA to update how CRA activities qualify for consideration, where CRA activities are considered, and how CRA activities are evaluated. The CRA proposal, which she is fully supportive of, “reflects these industry changes, including recognizing internet and mobile banking services, it also attempts to provide clarity and consistency, and it could enhance access to credit for these low- and moderate-income communities
District Court stays stablecoin suit pending arbitration proceedings
On January 6, the U.S. District Court for the Northern District of California granted a defendant cryptocurrency exchange’s motion to compel arbitration in a class action alleging the exchange, along with the issuer of a stablecoin cryptocurrency, misrepresented the stability of the coin when offering it on the exchange’s platform. The defendants filed separate motions to compel arbitration, however, the plaintiffs claimed, among other things, that since they opened their accounts, the exchange’s user agreement, which contains an arbitration agreement, “has been unilaterally modified more than 20 times.” They further maintained that the exchange’s motion to compel arbitration should be denied because the arbitration provision is “unconscionable and thus unenforceable” and “the delegation clause is inapplicable and unconscionable.”
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit