Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI issues recommendations for engaging in crypto technologies
In December, the California Department of Financial Protection and Innovation (DFPI) issued a report identifying six recommendations for how California should engage with blockchain and Web3 industries. The report follows a May 2022 Executive Order (E.O.) from the California governor to create a regulatory and business environment for blockchain and cryptocurrency companies that balances the benefits and risks to consumers. As previously covered by InfoBytes, one of the priorities of the E.O. included for DFPI to, among other things, engage in a public process, including with federal agencies, to “develop a comprehensive regulatory approach to crypto assets harmonized with the direction of federal regulations and guidance” and “exercise its authority under the California Consumer Financial Protection Law (CCFPL) to develop guidance and, as appropriate, regulatory clarity and supervision of private entities offering crypto asset-related financial products and services” in California. The report made six recommendations to “encourage the continued growth and adoption of blockchain technology.”
- Engagement with stakeholders. The state should “continue dialogue with industry, advocates, and regulators to stay apprised of new technologies, products, definitions and risks.”
- Consumer protection and education. The state should promote consumer protection and consumer education about blockchain and crypto products, which includes, among other things: (i) training staff to better supervise regulated entities, products, and services; (ii) increasing efforts to educate Californians on how to use certain crypto-asset related financial products and services; and (iii) developing and publishing “standards for use in reviewing crypto asset-related securities to help provide more meaningful investor disclosures and to allow companies who wish to offer such securities more quickly and efficiently.”
- Legislation and regulation. The state should identify legislative gaps and clarify statutory authority regarding crypto assets. DFPI will attempt to harmonize California’s regulatory approach with federal regulators, other states, and local jurisdictions.
- Government use. The state should consider ways to use blockchain technology to “increase efficiencies, improve access, and reduce costs.”
- Environmental protection. The state should encourage more environmentally efficient blockchain technologies and explore policy interventions to reduce energy use.
- Workforce and economic development. The state should tap its higher education systems to help support and grow the blockchain sector and related technologies.
SEC brings charges in connection with alleged $45 million crypto fraud
On January 4, the SEC filed a complaint in the U.S. District Court for the Eastern District of Michigan against a cryptocurrency operation and connected individuals and entities (collectively, defendants), alleging that they were involved in a fraudulent scheme that generated more than $45 million. According to the complaint, the defendants falsely claimed that investors could generate extravagant returns by investing in a blockchain technology that would be sold for trillions of dollars. More specifically, from at least 2019 to 2022, the defendants allegedly disseminated false and misleading statements to investors regarding the purported value of the blockchain technology, the parties involved in the supposed sale of the blockchain technology, and the use of investment proceeds. The complaint further alleges that the defendants collectively misappropriated millions of dollars of investor funds for personal use. These activities violated the antifraud and registration provisions of the Securities Act and Exchange Act and other requirements, according to the SEC. The SEC’s complaint seeks disgorgement plus pre-judgment interest, penalties, and permanent injunctions against all defendants, and officer and director bars against the individuals, in addition to a conduct-based injunction against one of the individuals.
Crypto platform reaches $100 million settlement to resolve alleged compliance failures
On January 4, NYDFS issued a consent order against a cryptocurrency trading platform for engaging in alleged violations of New York virtual currency, anti-money laundering, transaction monitoring, and cybersecurity regulations. According to the consent order, in 2020, NYDFS found significant deficiencies across the respondent’s compliance program, including its Know-Your Customer/Customer Due Diligence (KYC/CDD) procedures, Transaction Monitoring System (TMS), OFAC screening program, and AML risk assessments. As a result of these findings, the respondent agreed to improve its BSA/AML and OFAC compliance programs, including engaging an independent consultant to develop a remediation plan and improve its compliance program.
In 2021, NYDFS launched an investigation to determine whether the respondent’s compliance deficiencies had resulted in any legal violations. The investigation found “substantial lapses in [the respondent’s] KYC/CDD program, its TMS, and in its AML and OFAC sanctions controls systems, as well as issues concerning [the respondent’s] retention of books and records, and with respect to meeting certain of its reporting obligations to the Department.” NYDFS noted that in late 2020 and 2021, the respondent took steps to remediate the issues identified by the Department and the independent consultant; however, substantial weaknesses remained, and its compliance system was inadequate to handle the growing volume of the respondent’s business.
Under the terms of the consent order, the respondent must pay a $50 million civil penalty to NYDFS and invest $50 million in its compliance program. Additionally, an independent third party will continue to work with the respondent for another year, which may be extended at the Department’s sole discretion. NYDFS noted that the respondent has already taken steps to build a more effective and robust compliance program under the supervision of NYDFS and the NYDFS-appointed independent monitor. According to the respondent’s press release, the company “has taken substantial measures to address these historical shortcomings” and “remains committed to being a leader and role model in the crypto space, including partnering with regulators when it comes to compliance and other areas.”
DFPI orders online platform to cease offering crypto-related products
On December 21, the California Department of Financial Protection and Innovation (DFPI) announced it has ordered an online platform offering several crypto-related services and products to desist and refrain from violating the California Securities Law and the California Consumer Financial Protection Law. According to DFPI, the company, which is registered with the California Secretary of State, offers services including (i) a peer-to-peer loan brokering service in which it claims that loans are secured by borrowers’ crypto assets; (ii) an interest-bearing crypto asset account that promises a fixed annual percentage rate yield; and (iii) an interest-bearing fiat account that promises a fixed annual percentage interest rate return. DFPI maintained that the company engaged in unlicensed loan brokering by offering and providing brokering services for personal loans made from one consumer to another (known as peer-to-peer lending), and conducted the unregistered sale of securities, in which consumers’ assets were pooled together with the stated purpose of generating passive returns. DFPI claimed that the company was and is not registered to offer investment contracts or to operate in this capacity with any relevant authority. Finding that these peer-to-peer lending services and interest-bearing accounts violate state law, including a prohibition against engaging in unlawful acts or practices, DFPI ordered the company to stop offering the services and products in California.
FSOC annual report highlights digital asset, cybersecurity, and climate risks
On December 16, the Financial Stability Oversight Council (FSOC or the Council) released its 2022 annual report. The report reviewed financial market developments, identified emerging risks, and offered recommendations to mitigate threats and enhance financial stability. The report noted that “amid heightened geopolitical and economic shocks and inflation, risks to the U.S. economy and financial stability have increased even as the financial system has exhibited resilience.” The report also noted that significant unaddressed vulnerabilities could potentially disrupt institutions’ ability to provide critical financial services, including payment clearings, liquidity provisions, and credit availability to support economic activity. FSOC identified 14 specific financial vulnerabilities and described mitigation measures. Highlights include:
- Nonbank financial intermediation. FSOC expressed support for initiatives taken by the SEC and other agencies to address investment fund risks. The Council encouraged banking agencies to continue monitoring banks’ exposure to nonbank financial institutions, including reviewing how banks manage their exposure to leverage in the nonbank financial sector.
- Digital assets. FSOC emphasized the importance of enforcing existing rules and regulations applicable to the crypto-asset ecosystem, but commented that there are gaps in the regulation of digital asset activities. The Council recommended that legislation be enacted to grant rulemaking authority to the federal banking agencies over crypto-assets that are not securities. The Council said that regulatory arbitrage needs to be addressed as crypto-asset entities offering services similar to those offered by traditional financial institutions do not have to comply with a consistent or comprehensive regulatory framework. FSOC further recommended that “Council members continue to build capacities related to data and the analysis, monitoring, supervision, and regulation of digital asset activities.”
- Climate-related financial risks. FSOC recommended that state and federal agencies should continue to work to advance appropriately tailored supervisory expectations for regulated entities’ climate-related financial risk management practices. The Council encouraged federal banking agencies “to continue to promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to consider climate-related financial risks in their investment and lending decisions.”
- Treasury market resilience. FSOC recommended that member agencies review Treasury’s market structure and liquidity challenges, and continue to consider policies “for improving data quality and availability, bolstering the resilience of market intermediation, evaluating expanded central clearing, and enhancing trading venue transparency and oversight.”
- Cybersecurity. FSOC stated it supports partnerships between state and federal agencies and private firms to assess cyber vulnerabilities and improve cyber resilience. Acknowledging the significant strides made by member agencies this year to improve data collection for managing cyber risk, the Council encouraged agencies to continue gathering any additional information needed to monitor and assess cyber-related financial stability risks.
- LIBOR transition. FSOC recommended that firms should “take advantage of any existing contractual terms or opportunities for renegotiation to transition their remaining legacy LIBOR contracts before the publication of USD LIBOR ends.” The Council emphasized that derivatives and capital markets should continue transitioning to the Secured Overnight financing Rate.
CFPB Director Rohit Chopra issued a statement following the report’s release, flagging risks posed by the financial sector’s growing reliance on big tech cloud service providers. “Financial institutions are looking to move more data and core services to the cloud in coming years,” Chopra said. “The operational resilience of these large technology companies could soon have financial stability implications. A material disruption could one day freeze parts of the payments infrastructure or grind other critical services to a halt.” Chopra also commented that FSOC should determine next year whether to grant the agency regulatory authority over stablecoin activities under Dodd-Frank. He noted that “[t]hrough the stablecoin inquiry, it has become clear that nonbank peer-to-peer payments firms serving millions of American consumers could pose similar financial stability risks” as these “funds may not be protected by deposit insurance and the failure of such a firm could lead to millions of American consumers becoming unsecured creditors of the bankruptcy estate, similar to the experience with [a now recently collapsed crypto exchange].”
Senate Banking holds hearing on crypto
On December 14, the Senate Banking Committee held a hearing to hear from witnesses about how customer and investor protections should apply to cryptocurrencies, among other topics. Committee Chairman Sherrod Brown (D-OH) opened the hearing by emphasizing that it is the committee’s job “to keep learning more about the collapses” of crypto firms, and that there should be collaboration with regulators to put consumers—not the crypto industry—first. Brown warned that crypto has “ushered in a whole new dimension of fraud and threats to national security.” Senator Elizabeth Warren (D-MA) expressed similar concerns, stating that the “dark underbelly of crypto is its critical link to financing terrorism and human trafficking and drug dealing and helping rogue nations like North Korea and Iran.” Warren went on to describe her bipartisan bill, the Digital Asset Anti-Money Laundering Act, noting that it “requires crypto to follow the same money laundering rules” that every bank and every broker are subjected to. Senator Cynthia Lummis (R-WY) also advocated for the regulation of digital asset trading, and providing consumers with adequate bankruptcy protection, disclosures, and stable coin regulation. Ranking Member Pat Toomey (R-PA) expressed openness to the possibility of regulations tailored to crypto, including more disclosure from issuers and oversight of secondary market trading. Toomey argued against pausing cryptocurrency before legislation. Additionally, some witnesses discussed drafting potential cryptocurrency legislation. One witness told the committee that when crypto assets are made from thin air, they can be “used to obscure financial realities.” Another witness said cryptocurrencies are “at best a vehicle for speculation, an exercise in a zero-sum game of chance, much like online poker,” but, “at worst, they are an instrument of crime.”
CFTC, DOJ, SEC file charges in crypto fraud scheme
On December 13, the SEC filed a complaint against the former CEO/co-founder (defendant) of a collapsed crypto exchange for allegedly orchestrating a scheme to defraud equity investors. According to the SEC, from May 2019 to November 2022, the defendant raised over $1.8 billion from investors who bought an equity stake in his company in part because they believed his representations that the platform had “top-notch, sophisticated automated risk measures in place.” The complaint alleged, among other things, that the defendant orchestrated “a massive, years-long fraud” to conceal (i) the undisclosed diversion of customers’ funds to the defendant’s privately-held crypto hedge fund; (ii) the undisclosed special treatment afforded to the hedge fund on the company platform, including providing it with a virtually unlimited “line of credit” funded by the platform’s customers; and (iii) the undisclosed risk stemming from the company’s exposure to the hedge fund’s significant holdings of overvalued, illiquid assets, such as the platform-affiliated tokens. The complaint further alleged that the defendant used commingled funds at his hedge fund to make undisclosed venture investments, purchase lavish real estate purchases, and give large political donations. The SEC’s complaint charged the defendant with violating the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934. The SEC is seeking injunctions against future securities law violations; an injunction that prohibits the defendant from participating in the issuance, purchase, offer, or sale of any securities, except for his own personal account; disgorgement of his ill-gotten gains; a civil penalty; and an officer and director bar.
The defendant was also indicted by a grand jury in the U.S. District Court for the Southern District of New York on wire fraud, commodities fraud, securities fraud, money laundering, and campaign finance charges.
The CFTC also filed a complaint against the former CEO/co-founder, in addition to the collapsed crypto exchange and the hedge fund for making material misrepresentations in connection with the sale of digital commodities in interstate commerce. Specifically, the CFTC alleged that the exchange’s executives, at the former CEO’s direction, created a number of exceptions to benefit his hedge fund, including adding features in the underlying code to permit the hedge fund to “maintain an essentially unlimited line of credit” on the trading platform through an “allow negative flag,” which allowed the hedge fund to withdraw billions of dollars in customer assets from the company. The CFTC is seeking restitution, disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further violations of the Commodity Exchange Act and CFTC regulations, as charged.
Later, on December 21, the SEC and CFTC filed charges (see here and here) against the former CEO of the hedge fund and the former chief technology officer of the collapsed crypto exchange for their roles in the scheme to defraud equity investors. The agencies stated that investigations into other securities law violations and into other entities and persons relating to the alleged misconduct are ongoing.
SEC issues guidance for disclosing crypto-asset risks
Recently, the SEC's Division of Corporation Finance issued guidance accompanied by a illustrative letter containing sample comments that the Division may issue to companies following the recent “widespread disruption” in the crypto asset markets. The Division said it “believes that companies should evaluate their disclosures with a view towards providing investors with specific, tailored disclosure about market events and conditions, the company’s situation in relation to those events and conditions, and the potential impact on investors.” Companies with ongoing reporting obligations “should consider whether their existing disclosures should be updated.”
The sample comments, which are not exhaustive, are designed to help companies meet their disclosure obligations by “consider[ing] the need to address crypto asset market developments in their filings generally, including in their business descriptions, risk factors, and management’s discussion and analysis.” The Division urged companies to “take these sample comments into consideration” as they prepare disclosure documents that may not typically be subject to review by the Division before their use, such as automatically effective registration statements and prospectus supplements for takedowns from existing shelf registration statements.
The sample comments “focus on the need for clear disclosure about the material impacts of crypto asset market developments, which may include a company’s exposure to counterparties and other market participants; risks related to a company’s liquidity and ability to obtain financing; and risks related to legal proceedings, investigations, or regulatory impacts in the crypto asset markets.”
OCC warns of crypto-asset and cybersecurity risks facing the federal banking system
On December 8, the OCC released its Semiannual Risk Perspective for Fall 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that, in the aggregate, banks “remain well capitalized” and have “ample liquidity and sound credit quality, although macroeconomic headwinds are a concern.” The OCC highlighted interest rate, operational, compliance, and credit risks as key risk themes. Observations include: (i) the rising rate environment has adversely impacted bank investment portfolios; (ii) operational risk, including evolving cyber risk, is elevated, with “threat actors continuing to target the financial services industry with ransomware and other attacks”; (iii) compliance risk remains heightened as banks navigate significant regulatory changes; and (iv) credit risk in commercial and retail loan portfolios remains moderate and demonstrates resiliency, “but signs of potential weakening in some segments warrant careful monitoring.”
The report discussed emerging risks related to innovation and the adoption of new products and services, including crypto-assets. Highlighting risks arising from banks’ expansion into digital offerings and the “heightened” threat of fraud risk associated with innovative peer-to-peer payment platforms, the OCC noted that banks should be “clearly communicating risks, educating customers on potential scams, and enhancing internal fraud monitoring capabilities” to mitigate threats and protect consumers. The report noted that “[b]anks may require additional or different controls to safeguard against fraud, financial crimes, violations of Bank Secrecy Act, anti-money laundering, and Office of Foreign Assets Control (BSA/AML/OFAC) requirements, and consumer protection or fair lending laws, or operational errors,” and should “maintain comprehensive operational resilience frameworks commensurate with the size and complexity of products, services, and operations being supported.”
The OCC reiterated the importance of taking a “careful and cautious approach” toward banks’ engagement with the crypto-related firms. Recent events in the crypto market have also “revealed a high degree of interconnectedness between certain crypto participants through a variety of opaque lending and investing arrangements,” which has led to “a high risk of contagion among connected parties.” The report noted that national banks and federal savings associations interested in engaging in crypto-asset activities should discuss the activities with their supervisory office before engaging the activities. Some activities may require a supervisory non-objection under OCC Interpretive Letter #1179.
The report cited risks related to cybersecurity and partnerships with fintech and other third parties. The OCC said it is applying a “heightened supervisory focus” to its scrutiny of banks’ oversight of third-party relationships and flagged an upward trend in ransomware attacks targeting banks’ service providers and other third parties. Partnering with fintechs to support operations or provide opportunities for customers to enter the digital asset market can “increase the risk of unfair or deceptive acts or practices because of the coordination, communication, and disclosure challenges involved in these partnerships,” the report said, adding that “[u]nclear or arbitrary partnership agreements may result in implementation breakdowns, untimely resolution of issues, or failure to deliver products or services as intended, and may result in significant customer remediation.” The OCC cautioned that banks must “conduct appropriate due diligence” before entering a partnership with a third party. “The scope and depth of due diligence, as well as ongoing monitoring and oversight of the third party’s performance, should be commensurate with the nature and criticality of the proposed activity.”
The report also discussed forthcoming climate risk management guidelines applicable to banks with more than $100 billion in total consolidated assets. As previously covered by InfoBytes, the OCC, Federal Reserve Board, and the FDIC announced they intend to issue final interagency guidance to promote consistency.
Senators ask federal agencies about banks’ ties to crypto firms
On December 7, Senators Elizabeth Warren (D-MA) and Tina Smith (D-MN) sent letters to the heads of the Federal Reserve Board, FDIC, and OCC seeking information on how the agencies assess risks associated with banks’ relationships with cryptocurrency firms. The senators expressed concerns related to recent revelations that “crypto may be more integrated into the banking system than regulators are aware.” The senators asked the agencies a series of questions, including (i) whether the regulators plan to conduct a review of crypto firms’ relationships with banks; (ii) the names of regulated banks engaged in crypto-related activities, such as providing crypto custody services and acting as nodes to verify customer payments; and (iii) the estimated total dollar volume for each specific activity per bank. The responses were requested by December 21.