InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC: Banks may use independent node verification networks and stablecoins for payment activities
On January 4, the OCC published an interpretive letter addressing the legal permissibility of certain payment-related activities involving the use of new technologies, including using independent node verification networks (INVN) and related stablecoins to conduct payment activities and other bank-permissible functions. Specifically, the letter clarifies that a national bank or federal savings association “may validate, store, and record payments transactions by serving as a node on an INVN,” and may also “use INVNs and related stablecoins to carry out other permissible payment activities” provided the bank or federal savings association complies with applicable laws and safe, sound, and fair banking practices. Due to the decentralized nature of INVNs—which not only “allows a comparatively large number of nodes to verify transactions in a trusted manner” but also “limits tampering or adding inaccurate information to the database because information is only added to the network after consensus is reached among the nodes validating the information”—the OCC believes that INVNs may enhance payment activities’ efficiency, effectiveness, and stability within the federal banking system. The letter also outlines potential risks associated with INVN-related activities, such as operational and compliance risks and fraud related to the possibility of money laundering and terrorist financing, and warns banks and federal savings associations to expand their programs to ensure compliance with Bank Secrecy Act reporting and recordkeeping requirements and to address cryptocurrency transaction risks.
Representatives question the OCC’s cryptocurrency and stablecoin efforts
On November 10, six members of the U.S. House of Representatives wrote to Acting Comptroller of the Currency Brian Brooks raising concerns about the OCC’s recent unilateral actions to regulate cryptocurrencies. In the letter, the members question the OCC’s regulatory priorities. For example, the members highlight that, through recent actions, such as its advance notice of proposed rulemaking on digital activities (covered by InfoBytes here), the OCC has sought “to serve those ‘already-banked’ with better payments options” while potentially “overlooking opportunities for assisting the unbanked and underbanked to participate in the economy and the banking system.” Additionally, the members note that the OCC’s interpretive decisions, which authorize financial institutions to hold cryptocurrency and stablecoins for customers (covered by InfoBytes here and here), may have “broad implications for the future of banking” and “are best made in collaboration with your fellow regulators and with Congress to ensure we avoid potential harms to institutional safety and soundness and equity and inclusion.” In closing, the members ask the OCC to answer a number of questions, including (i) whether stablecoin reserves will be segregated from calculating the capital requirements of large banks; (ii) what consumer protections the agency will impose on stablecoin providers; and (iii) whether the OCC has collaborated with other federal regulators on their recent decisions.
NYDFS urges regulating social media companies following hacks
On October 14, NYDFS released a report detailing the Department’s investigation into the July 2020 social media hacks of public figures and cryptocurrency firms, concluding that the social media platform lacked adequate cybersecurity protections and recommending increased regulation of large social media companies. The investigation, which was requested by New York Governor Andrew Cuomo, determined, among other things, that (i) the social media hackers obtained log-in credentials from four employees by pretending to be from the company’s IT department; (ii) the hackers stole over $118,000 worth of bitcoin from consumers by tweeting “double your bitcoin” with a link to send bitcoin payments from celebrity accounts and several bitcoin companies; (iii) certain Department-regulated cryptocurrency companies blocked attempted transfers to the hacker’s addresses; and (iv) the social media company lacked adequate cybersecurity protection, including not having “a chief information security officer, adequate access controls and identity management, and adequate security monitoring.” The report recommends that the largest social media companies be designated as “systemically important institutions” subject to an analogue council of the Financial Stability Oversight Council. The report suggests the social media companies should be subject to enhanced regulation, including “stress test[]” scenarios covering cyberattacks and election interference.
NYDFS issues first “conditional Bitlicense”
On October 21, NYDFS announced authorization for a digital payments company to launch a service for U.S. customers to buy, sell, and hold certain NYDFS-approved cryptocurrencies. Under the terms of the “conditional Bitlicense,” the payments company will partner with a New York-chartered trust company responsible for providing cryptocurrency trading and custodial services. According to NYDFS Superintendent Linda Lacewell, this first conditional Bitlicense represents the state regulator’s efforts “to encourage, promote, and assist interested institutions to have a well-regulated way to access the New York virtual currency marketplace in a way that is both timely and protective of New York consumers.” NYDFS first announced the proposed conditional licensing framework in June (covered by InfoBytes here).
Issuer pays $5 million penalty for unregistered digital offering
On October 21, the SEC announced the U.S. District Court for the Southern District of New York entered a final judgment against a tech company issuer that raised approximately $100 million through an unregistered initial coin offering. As previously covered by InfoBytes, the SEC filed an action alleging the issuer failed to provide required disclosures to investors and did not register the offer or sale of its digital tokens with the SEC, as required by Section 5 of the Securities Act of 1933 (the Act). The SEC argued that the issuer marketed the digital tokens as an investment opportunity and told investors that they could earn future profits from the issuer’s efforts to create, develop, and support a digital “ecosystem.”
The court granted summary judgment in favor of the SEC at the end of September, concluding, among other things, that the issuer violated Section 5 of the Act when it conducted an unregistered offering of securities that did not qualify for any exemption from registration requirements. The final judgment (i) requires the issuer to pay $5 million in a civil penalty; (ii) permanently enjoins the issuer from violating Section 5 of the Act; and (iii) requires the issuer, for a period of three years, to provide notice to the SEC before engaging in any “issuance, offer, sale or transfer” of specified assets.
Financial Stability Board outlines global stablecoin recommendations
On October 13, the Financial Stability Board (FSB) published a report providing high-level recommendations for the regulation, supervision, and oversight of “global stablecoin” (GSC) arrangements. FSB defines “stablecoins” as a “specific category of crypto-assets which have the potential to enhance the efficiency of the provision of financial services, but may also generate risks to financial stability, particularly if they are adopted at a significant scale.” GSCs are those with multi-jurisdictional reach that “could become systemically important in and across one or many jurisdictions, including as a means of making payments.” The report, Regulation, Supervision, and Oversight of “Global Stablecoin” Arrangements, follows an analysis of financial stability risks raised by GSCs as well as a survey of FSB and non-FSB members’ approaches to stablecoins. Prior to issuing the report, FSB also conducted several outreach meetings with representatives from regulated financial institutions, fintech firms, academia, and the legal field. The October report, which takes into account public feedback received earlier in the year, outlines 10 high-level recommendations that “call for regulation, supervision and oversight that is proportionate to the risks, and stress the value of flexible, efficient, inclusive, and multi-sectoral cross-border cooperation, coordination, and information sharing arrangements among authorities that take into account the evolving nature of GSC arrangements and the risks they may pose over time.” However, the report stresses that because these recommendations primarily address financial stability risks, issues such as anti-money laundering/combating the financing of terrorism, data privacy, cyber security consumer and investor protection, and competition are not covered. These issues, which may present consequences for financial stability if not properly addressed, should be incorporated as part of a comprehensive supervisory, regulatory, and oversight framework, the report states.
Among other things, the report also provides regulatory authorities a guide “of relevant international standards and potential tools to address vulnerabilities arising from GSC activities,” and outlines a timeline of actions that will build a roadmap to ensure “any relevant international standard-setting work is completed.”
DOJ Cyber-Digital Task Force releases cryptocurrency enforcement framework
On October 8, U.S. Attorney General William P. Barr released his Cyber-Digital Task Force’s comprehensive overview of emerging threats and enforcement challenges associated with the increased use of cryptocurrencies. The report, titled Cryptocurrency: An Enforcement Framework, is divided into three parts and details the relationships that the DOJ has built with U.S. and foreign regulatory and enforcement partners, and summarizes the Department’s response strategies.
- Part I: Threat Overview. This section illustrates how malicious actors misuse cryptocurrency technology to harm users and commit crimes. The task force catalogs most illicit uses of cryptocurrency into the following three broad categories: (i) “financial transactions associated with the commission of crimes,” including soliciting funds to support terrorist activities; (ii) money laundering and the shielding of otherwise legitimate activity from tax, reporting, or other legal requirements; or (iii) crimes that directly implicate the cryptocurrency marketplace itself, such as stealing cryptocurrency or promising cryptocurrency to defraud investors.
- Part II: Law and Regulations. This section explores the various legal and regulatory authorities that the DOJ has used to bring cryptocurrency enforcement actions, and highlights its partnerships with other U.S. federal and state authorities and foreign enforcement agencies to prevent crime and provide investigatory assistance.
- Part III: Ongoing Challenges and Future Strategies. This section discusses the ongoing challenges presented by the misuse of cryptocurrency, as well as ongoing strategies to combat emerging threats. This includes an examination of certain business models and activities employed by cryptocurrency exchanges, including money service businesses, virtual asset and peer-to-peer exchanges and platforms, kiosk operators, and casinos.
This is the task force’s second report. The first report, published in 2018, provides a more general overview of cyber threats.
CFTC charges cryptocurrency derivatives platform and owners with AML violations
On October 1, the CFTC filed charges against five entities and three individuals for allegedly owning and operating an unregistered cryptocurrency derivatives platform and failing to implement required anti-money laundering procedures. The complaint alleges that the platform “illegally offer[ed] leveraged retail commodity transactions, futures, options, and swaps” on cryptocurrencies without implementing key safeguards required by the Commodity Exchange Act and several CFTC regulations compliance measures, such as know-your-customer procedures or actions designed to detect and prevent illicit activities. The CFTC also claims that the exchange operated as an unregistered futures commission merchant and did not have CFTC approval to operate as a designated contract market or swap execution facility. The complaint requests civil monetary penalties and remedial ancillary relief in the form of (i) permanent trading and registration bans; (ii) disgorgement; (iii) restitution; (iv); pre- and post-judgment interest; and (v) a permanent injunction from future violations.
In a parallel action, the U.S. Attorney for the District of New York indicted the three individuals along with a fourth individual on federal charges of violating, and conspiring to violate, the Bank Secrecy Act “by willfully failing to establish, implement, and maintain an adequate anti-money laundering [] program” at the exchange.
OCC: Banks may hold stablecoins in reserve accounts
On September 21, the OCC released Interpretive Letter 1172, stating that national banks may hold stablecoin in reserve accounts as a service to bank customers and may engage in activity incidental to receiving the deposits. According to the OCC, issuers of stablecoins—a type of cryptocurrency backed by an asset such as a fiat currency—have a desire to place assets in reserve accounts with national banks to “provide assurance that the issuer has sufficient assets backing the stablecoin in situations where there is a hosted wallet.” Hosted wallet, as defined by the OCC, is “an account-based software program for storing cryptographic keys controlled by an identifiable third party.” Because national banks are authorized to receive deposits and provide “permissible banking services to any lawful business they choose,” they may provide these services to issuers of stablecoins, as long as they comply with applicable laws and regulations. (In Interpretive Letter 1170, the OCC approved the holding of cryptocurrency on behalf of customers, covered by InfoBytes here.) Specifically, the OCC noted that national banks should ensure that deposit activities comply with the Bank Secrecy Act and anti-money laundering regulations. Moreover, a national bank must also “identify and verify the beneficial owners of legal entity customers opening accounts.” Lastly, the OCC emphasized that stablecoin reserves “could entail significant liquidity risks,” and national banks may consider entering into contractual agreements with stablecoin issuers to “verify and ensure that the deposit balances held by the bank for the issuer are always equal to or greater than the number of outstanding stablecoins issued by the issuer.” This guidance does not apply to stablecoin transactions involving un-hosted wallets.
CFTC charges multi-level cryptocurrency marketing scheme
On September 11, the CFTC filed a complaint in the U.S. District Court for the Southern District of Texas against four individuals accused of operating a purported multi-level marketing scheme involving the solicitation of nearly $100,000 in customer funds that were to be used to speculate in cryptocurrency. The CFTC alleged that the defendants violated the Commodity Exchange Act by, among other things, creating the false illusion that their business employed “master traders” with years of cryptocurrency trading experience, that customers’ earnings would increase based on the amount of their deposits, and that customers who made referrals would receive bonuses. Additionally, the defendants posted misleading trade statements online that failed to “accurately reflect the Bitcoin trading purportedly undertaken by [the d]efendants and led certain customers to believe they were earning significant amounts of money from [the d]efendants’ trading of Bitcoin on their behalf.” The CFTC further claimed that when customers tried to unsuccessfully withdraw their funds, the defendants would first claim their website or smartphone app were experiencing technical problems, but then eventually stopped responding to the customer requests. The CFTC seeks to enjoin the defendants’ allegedly unlawful acts and practices, to compel compliance with the Commodity Exchange Act and CFTC regulations, and to further enjoin the defendants from engaging in any commodity interest-related activity. In addition, the CFTC seeks civil monetary penalties, restitution, trading and registration bans, and other statutory, injunctive, or equitable relief as the court may deem necessary and appropriate.