InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Biden administration presents roadmap for mitigating crypto risks
On January 27, the Biden administration presented a roadmap for mitigating cryptocurrency risks to ensure that cryptocurrencies do not undermine financial stability, investors are protected, and bad actors are held accountable. At President Biden’s direction, the administration previously laid out a comprehensive framework for developing digital assets in a safe, responsible way that also identifies clear risks. (Covered by InfoBytes here.) The administration identified clear risks taken by some crypto entities, such as ignoring applicable financial regulations and basic risk controls, misleading consumers, having conflicts of interest, failing to provide adequate disclosures, or committing fraud. The roadmap also outlined actions taken by the federal banking agencies, including a recently issued joint interagency statement that highlighted key risks banks should consider when choosing to engage in crypto-related services and a notice of proposed rulemaking issued by the FDIC warning companies against making false or misleading claims about digital assets being insured by the agency (covered by InfoBytes here and here). The administration also noted that agencies across the government are developing public-awareness programs to help consumers understand the risks associated with digital assets.
The administration stressed, however, that further action is needed. Priorities for digital asset research and development will be unveiled in the coming months, the administration said, adding that Congress should also step up efforts in this space. This includes expanding regulators’ powers to prevent misuses of customers’ assets, “strengthen[ing] transparency and disclosure requirements for cryptocurrency companies so that investors can make more informed decisions about financial and environmental risks,” “strengthen[ing] penalties for violating illicit-finance rules and subject cryptocurrency intermediaries to bans against tipping off criminals,” and limiting crypto risks to the financial system by following steps outlined in a recent Financial Stability Oversight Council report (covered by InfoBytes here), the administration said.
Fed says limits on banking activities will apply regardless of insurance status
On January 27, the Federal Reserve Board issued a policy statement providing guidelines on how the agency evaluates requests from supervised uninsured and insured banks seeking to engage in novel activities, such as those involving crypto assets. Recognizing that in recent years the Fed has received numerous inquiries, notifications, and proposals from banks seeking to engage in new or unprecedented activities, the Fed clarified that when evaluating such inquiries, uninsured and insured banks supervised by the Fed would be subject to the same limitations that are currently imposed on OCC-supervised national banks, including crypto-asset-related activities. According to a board memo published the same day, the Fed said it “will presumptively exercise its authority to limit state member banks to engaging as principal in only those activities that are permissible for national banks—in each case, subject to the terms, conditions, and limitations placed on national banks with respect to the activity—unless those activities are permissible for state banks by federal law.” This “equal treatment” is intended to “promote a level playing field and limit regulatory arbitrage,” the Fed said.
The Fed reiterated that banks must be able to ensure that any activities they plan to engage in are permitted by law and conducted in a safe and sound manner. A bank should implement risk management processes, internal controls, and information systems that are “appropriate and adequate for the nature, scope, and risks of its activities,” the Fed noted. The Fed, however, explained that the policy statement does “not prohibit a state member bank, or prospective applicant, from providing safekeeping services, in a custodial capacity, for crypto-assets if conducted in a safe and sound manner and in compliance with consumer, anti-money laundering, and anti-terrorist financing laws.”
The policy statement was issued the same day the Fed denied a request from a Wyoming-based digital asset firm to become a member of the Federal Reserve System. The Fed explained that the firm—a special purpose depository institution chartered by the state of Wyoming that “proposed to engage in novel and untested crypto activities that include issuing a crypto asset on open, public and/or decentralized networks…“ presented significant safety and soundness risks.” Additionally, the Fed determined that the digital asset firm’s risk management framework failed to sufficiently address heighted risk concerns, including its ability to mitigate money laundering and terrorism financing risks.
DFPI announces $22.5 million multistate settlement with crypto platform
On January 26, the California Department of Financial Protection and Innovation (DFPI) announced that it entered into a $22.5 million settlement agreement with a Cayman Islands digital asset firm to resolve a securities enforcement action regarding its interest-bearing virtual currency account. As previously covered by InfoBytes, in September 2022, the New York attorney general sued the firm for allegedly offering unregistered securities and defrauding investors. A North American Securities Administrators Association working group—composed of the DFPI and state regulators from Washington, Kentucky, New York, Oklahoma, Indiana, Maryland, South Carolina, Vermont, and Wisconsin—collaborated in the investigation into the firm. The states alleged that the platform failed to register as a securities and commodities broker but told investors that it was fully in compliance. According to the New York AG’s complaint, the platform promoted and sold securities through an interest-bearing virtual currency account that promised high returns for participating investors. The New York AG said that a cease-and-desist letter was sent to the platform in October 2021, and that while the platform stated it was “working diligently to terminate all services” in the state, it continued to handle more than 5,000 accounts as of July. The complaint charges the platform with violating New York’s Martin Act and New York Executive Law § 63(12), and seeks restitution, disgorgement of profits, and a permanent injunction. The announcement also noted the SEC entered into a separate settlement with the firm for the same penalty amount, alleging that it to register the offer and sale of its retail crypto-asset lending product (covered by InfoBytes here).
Warren, Wyden urge PCAOB to crack down on crypto auditors
On January 25, Senators Elizabeth Warren (D-MA) and Ron Wyden (D-OR) sent a letter to the chair of the Public Company Accounting Oversight Board (PCAOB) urging the board to make sure it was taking sufficient measures to hold registered audit firms accountable for their work with cryptocurrency clients. The letter highlighted the recent turmoil in the crypto market following the collapse of a major crypto exchange last November, and inquired about “the role that auditors may have played in misleading the public about the financial soundness and safety of crypto companies.” Referring to reports of “scandalous accounting practices” within the industry, the senators urged the PCAOB to take action to ensure accountability. “When PCAOB-registered auditors perform sham audits—even for firms that may lay outside of the PCAOB’s jurisdiction—they tarnish the credibility of the PCAOB and undermine confidence in the PCAOB-registered auditors that investors and the public rely on when making investment decisions,” the senators wrote, adding that “misleading financial reports shake our confidence in the entire auditing industry.”
The senators asked the PCAOB to respond to several questions concerning alleged misleading auditing practices related to the exchange’s collapse, including whether the PCAOB is taking steps to mitigate risks facing retail investors, whether it was aware of any potential conflicts of interest or other concerning behavior, and whether it has “the authority to strip auditors of their PCAOB-registered status if they provide services or engage in conduct that fall short of PCAOB standards and rules, even if those actions are taken in relation to private, non-SEC registered companies.” The senators also asked the PCAOB to describe the standards that auditors must comply with “when evaluating the risk of exposure to crypto firms or validating the valuation of crypto investments.”
SEC commissioner discusses state of the crypto industry
On January 20, SEC Commissioner Hester M. Peirce spoke before the Digital Assets at Duke Conference discussing cryptocurrency lessons for the future. In her remarks, Peirce discussed the current state of cryptocurrency, stating that “the crypto world is burning.” She encouraged the audience to “not wait for regulators to fix the problems that bubbled to the surface in 2022” within the crypto industry, and instead incentivize good behavior. She also emphasized “the point of crypto,” which she considers “is not driving up crypto prices so that you can dump your tokens on someone else. Digital assets need to trade, so centralized venues or decentralized exchange protocols are necessary, but trading markets are not the ultimate point.” Among other things related to crypto, she said lessons from traditional finance are equally applicable in crypto. For example, she noted that “[h]igher returns come with higher risks.” She also suggested that the SEC should conduct some form of notice and comment process to resolve the thorniest crypto-related policy issues.
Peirce noted that “sandboxing is coming.” She then explained that SEC Chair Gary Gensler has requested “‘staff to sort through how we might best allow investors to trade crypto security tokens versus or alongside crypto non-security tokens,’[] which is an area in which experimentation through no-action letters and exemptions would be possible.” She also strongly agrees with his sentiment that “‘[g]iven the nature of crypto investments . . . it may be appropriate to be flexible in applying existing disclosure requirements.’”
She also expressed that “[r]egulation is not a silver bullet, but understanding whether, by whom, and how the company is regulated can help you calibrate your own due diligence.” Peirce said that the SEC “needs to conduct better, more precise, and more transparent legal analysis” in crypto. She noted that its continued use of the precedent from the 1946 U.S. Supreme Court case in SEC v. W.J. Howey Co. has “fleshed out the investment contract subcategory of securities, we repeat the mantra that all, or virtually all, tokens are securities,” calling the SEC’s application of the test to crypto tokens “askew.” She then noted that “an initial fundraising transaction involving a crypto token can create an investment contract, but the token itself is not necessarily the security even if it is sold on the secondary market.” Peirce also noted that the SEC often “refers to the crypto assets themselves as securities.”
NYDFS gives custodial guidance on crypto insolvency
On January 23, NYDFS reiterated expectations for sound custody and disclosure practices for entities that are licensed or chartered to custody or temporarily hold, store, or maintain virtual currency assets on behalf of customers (virtual currency entities or “VCEs”). NYDFS explained that under the state’s virtual currency regulation (23 NYCRR Part 200), VCEs operating under the BitLicense and Limited Purpose Trust Charter are required to, among other things, “hold virtual currency in a manner that protects customer assets; maintain comprehensive books and records; properly disclose the material terms and conditions associated with their products and services, including custody services; and refrain from making any false, misleading or deceptive representations or omissions in their marketing materials.”
The regulatory guidance on insolvency clarifies standards and practices intended to ensure that VCEs are providing high levels of customer protection with respect to licensed asset custody. Specifically, the guidance addresses customer protection concerns regarding:
- The segregation of and separate accounting for customer virtual currency. VCEs “should separately account for, and segregate a customer’s virtual currency from, the corporate assets of the VCE Custodian and its affiliated entities, both on-chain and on the VCE Custodian’s internal ledger accounts.”
- VCEs limited interest in and use of customer virtual currency. VCEs that take possession of a customer’s assets should do so “only for the limited purpose of carrying out custody and safekeeping services” and must not “establish a debtor-creditor relationship with the customer.”
- Sub-custody arrangements. VCEs may choose, after conducting appropriate due diligence, to safekeep a customer’s virtual currency through a third-party sub-custody arrangement provided the arrangement is consistent with regulatory guidance and approved by NYDFS.
- Customer disclosures. VCEs are “expected to clearly disclose to each customer the general terms and conditions associated with its products, services and activities, including how the VCE Custodian segregates and accounts for the virtual currency held in custody, as well as the customer's retained property interest in the virtual currency.” Additionally, a customer agreement should be transparent about the parties’ intentions to enter into a custodial relationship as opposed to a debtor-creditor relationship.
Company to pay $45 million to SEC, states for unregistered crypto-lending product
On January 19, the SEC charged a Cayman Islands digital asset firm for allegedly failing to register the offer and sale of its retail crypto-asset lending product. According to the SEC’s cease-and-desist order, the company’s product allowed U.S. investors to tender certain crypto assets with the company, which were then deposited in interest-yielding accounts and used by the company to generate income and fund interest payments to investors.
The SEC maintained that the company’s product was marketed as an opportunity for investors to earn interest on their crypto assets, and that company actions “included staking, lending, and engaging in arbitrage on purportedly ‘decentralized’ finance platforms; investing in certain crypto assets; loaning funds to retail and institutional borrowers; and entering into options and swap contracts with respect to the crypto assets tendered”— resulting in the company acquiring $2.7 billion in assets from approximately 112,000 investors. The SEC found that because the product qualified as a security and did not qualify for an exemption from registration under the Securities Act of 1933, the company was required to register its offer and sale of the product, which it failed to do.
The company did not admit or deny the SEC’s findings, but agreed to pay $22.5 million to the SEC, and said it would stop offering and selling the unregistered lending product to U.S. investors. The SEC considered remedial actions promptly taken by the company, as well as its cooperation with Commission staff in determining the settlement amount. The SEC reported that the company voluntarily stopped offering its product to new U.S. investors and ceased paying interest on new funds added to existing accounts after the SEC announced charges against a different company that offered a similar crypto investment product. The company also announced that the product would stop being offered in certain states and that it was phasing out all of its products and services in the U.S.
The company also agreed to pay another $22.5 million to state regulators from California, Kentucky, Maryland, New York, Oklahoma, South Carolina, Vermont, and Washington in a parallel action claiming the company offered interest-earning accounts without first registering the investment products as securities. According to the announcement, the company allegedly failed to comply with state securities registration requirements, and, among other things, deprived investors “of critical information and disclosures necessary to understand the potential risks of the [product].”
CFTC commissioner discusses crypto exchange’s collapse
On January 18, CFTC Commissioner Christy Goldsmith Romero spoke before the Wharton School and the University of Pennsylvania Carey Law School on lessons learned from the recent bankruptcy of a cryptocurrency exchange, calling the collapse a “violation of trust.” Specifically, Goldsmith Romero mentioned that the digitization of financial services and products brought convenience but also a presumed trust in crypto exchanges with name recognition, which was violated by the collapse. She pointed to the collapsed exchange’s reliance on the name recognition it made through marketing campaigns and explained that such advertising “played up the exchange’s safety and convenience for people that may be new to crypto.”
Goldsmith Romero urged Congress to avoid permitting newly-regulated crypto exchanges to self-certify products for listing under the current process that limits CFTC oversight. She stressed it “is critical to institute guardrails against regulatory arbitrage," including prohibiting self-certification.
Goldsmith Romero also called on lawyers, accountants, compliance professionals, and other gatekeepers to “step up and call for compliance, controls, and other governance.” She expressed that these gatekeepers failed their “essential duties” to protect crypto customers and market integrity, and noted that they have allowed “the promise of riches and the company’s marketing pitch to silence their objections to obvious deficiencies.” Ultimately, Goldsmith Romero advised that “[s]ound custody practices and strong cybersecurity are necessary to restore trust and protect customers.”
FinCEN prohibits engagement with virtual currency exchange connected to Russian finance
On January 18, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act to identify a Hong Kong-registered global virtual currency exchange operating outside of the U.S. as a “primary money laundering concern” in connection with Russian illicit finance. FinCEN announced that the virtual currency exchange offers exchange and peer-to-peer services and “plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia.” A FinCEN investigation revealed that the virtual currency exchange facilitated deposits and funds transfers to Russia-affiliated ransomware groups or affiliates, as well as transactions with Russia-connected darknet markets, one of which is currently sanctioned and subject to enforcement actions that have shuttered its operations. The investigation also found that the virtual currency exchange failed to meaningfully implement steps to identify and disrupt the illicit use and abuse of its services, and lacked adequate policies, procedures, or internal controls to combat money laundering and illicit finance.
Recognizing that the virtual currency exchange “poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” FinCEN acting Director Himamauli Das emphasized that “[a]s criminals and criminal facilitators evolve, so too does our ability to disrupt these networks.” He warned that FinCEN will continue to leverage the full range of its authorities to prohibit these institutions from gaining access to and using the U.S. financial system to support Russian illicit finance. Effective February 1, covered financial institutions are prohibited from engaging in the transmittal of funds from or to the virtual currency exchange, or from or to any account or CVC address administered by or on behalf of the virtual currency exchange. Frequently asked questions on the action are available here.
Concurrently, the DOJ announced that the founder and majority owner of the virtual currency exchange was arrested for his alleged involvement in the transmission of illicit funds. Charged with conducting an unlicensed money transmitting business and processing more than $700 million of illicit funds, the DOJ said the individual allegedly “knowingly allowed [the virtual currency exchange] to become a perceived safe haven for funds used for and resulting from a variety of criminal activities,” and was aware that the virtual currency exchange’s accounts “were rife with illicit activity and that many of its users were registered under others’ identities.” While the virtual currency exchange claimed it did not accept users from the U.S., it allegedly conducted substantial business with U.S.-based customers and advised users that they could transfer funds from U.S. financial institutions.
Deputy Secretary of the Treasury Wally Adeyemo issued a statement following the announcement, noting that the action “is a unique step that has only been taken a handful of times in Treasury’s history for some of the most egregious money laundering cases, and is the first of its kind specifically under new authorities to combat Russian illicit finance.” He reiterated that the action “sends a clear message that we are prepared to take action against any financial institution—including virtual asset service providers—with lax controls against money laundering, terrorist financing, or other illicit finance.”
SEC charges companies for offering and selling unregistered crypto asset securities
On January 12, the SEC filed a complaint in the U.S. District Court for the Southern District of New York against two companies (collectively, defendants), alleging that they were involved in the unregistered offer and sale of securities through a crypto asset lending program. According to the complaint, in December 2020, one defendant entered into an agreement with the other defendant to offer customers, including retail investors in the U.S., an opportunity to loan their crypto assets to the defendant in exchange for its “promise to pay interest on those investors’ crypto assets.” The complaint further alleged that in February 2021, the defendants began offering the program to retail investors, which included that there was no minimum investment amount to be eligible to participate, and that investors tendered their crypto assets to one of the defendants acting as the agent to facilitate the transaction. The SEC noted that the defendant deducted an agent fee, sometimes as high as 4.29 percent. The complaint also alleged that the defendant then exercised its discretion in how to use investors’ crypto assets to generate revenue and pay interest to investors. In November 2022, the company announced that it would not allow its investors to withdraw their crypto assets because the company did not have sufficient liquid assets to meet withdrawal requests following volatility in the crypto asset market. These activities violated Section 5(a) and 5(c) of the Securities Act the SEC said. The SEC’s complaint seeks permanent injunctive relief, disgorgement of ill-gotten gains, prejudgment interest, and civil penalties.