Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 18, the CFTC announced it filed a complaint in the U.S. District Court for the Southern District of New York against a United Kingdom-based bitcoin trading and investment company and its principal (collectively, “defendants”) for allegedly fraudulently obtaining and misappropriating almost 23,000 bitcoin from more than 1,000 customers. The CFTC alleges the defendants violated the Commodity Exchange Act by fraudulently soliciting customers to purchase bitcoin with cash and then deposit the bitcoin in accounts controlled by the defendants. The CFTC alleges that the defendants misrepresented that they “employed expert virtual currency traders who earned guaranteed daily trading profits on customers’ Bitcoin deposits.” Additionally, the CFTC alleges the defendants also fabricated weekly trade reports and “manufactured an aura of profitability” by depositing new customer bitcoin purchases to other customer accounts. The scheme, according to the CFTC, obtained almost 23,000 bitcoins “from more than 1,000 members of the public,” “which reached valuation of at least $147 million.” The CFTC is seeking civil monetary penalties, restitution, rescission, disgorgement, trading and registration bans, and injunctive relief against further violations of the federal commodity laws.
CFTC, SEC settle with foreign trading platform conducting Bitcoin transactions without proper registration
On March 4, the CFTC resolved an action taken against a foreign trading platform and its CEO (defendants) for allegedly offering and selling security-based swaps to U.S. customers without registering as a futures commission merchant or designated contract market with the CFTC. The CFTC alleged that the platform permitted customers to transact in “contracts for difference,” which were transactions to exchange the difference in value of an underlying asset between the time at which the trading position was established and the time at which it was terminated. The transactions were initiated through, and settled in, Bitcoin. The CFTC alleged that these transactions constituted “retail commodity transactions,” which would have required the platform to receive the proper registration.
According to the CFTC, the defendants, among other things, (i) neglected to register as a futures commission merchant with the CFTC; and (ii) failed to comply with required anti-money laundering procedures, including implementing an adequate know-your-customer/customer identification program. The consent order entered by the U.S. District Court for the District of Columbia imposes a civil monetary penalty of $175,000 and requires the disgorgement of $246,000 of gains. The consent order also requires the defendants to certify to the CFTC the liquidation of all U.S. customer accounts and the repayment of approximately $570,000 worth of Bitcoins to U.S. customers.
In a parallel action, the SEC entered into a final judgment the same day to resolve claims that, among other things, the defendants failed to properly register as a security-based swaps dealer. The defendants are permanently restrained and enjoined from future violations of the Securities Act of 1933 and are required to pay disgorgement of approximately $53,393. This action demonstrates the potential application of CFTC and SEC registration requirements to non-U.S. companies engaging in covered transactions with U.S. customers.
OFAC announces cyber-related designations, releases digital-currency addresses to identify illicit actors
On November 28, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against two Iran-based individuals for allegedly helping to facilitate the exchange of ransom payments made in Bitcoin into local currency. For the first time, OFAC also identified two digital currency addresses associated with the identified financial facilitators who are designated “for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of” ransomware attacks that threaten the “national security, foreign policy, or economic health or financial stability of the [U.S.]” According to OFAC, the provided digital currency addresses should be used to assist in identifying transactions and funds to be blocked as well as investigating potential connections.
Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker stated, “We are publishing digital-currency addresses to identify illicit actors operating in the digital-currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and [anti-money laundering/countering financing of terrorism] safeguards to further their nefarious objectives.” OFAC issued a warning that persons who engage in transactions with the identified individuals “could be subject to secondary sanctions” and that “[r]egardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same.” As a result, all property and interests in property belonging to the identified individuals subject to U.S. jurisdiction “or within or transiting” the U.S. are blocked, and U.S. persons are generally prohibited from entering into transactions with them. OFAC also released new FAQs to provide guidance for financial institutions on digital currency.
View here for additional InfoBytes coverage on Iranian sanctions.
Ohio governor enacts legislation recognizing blockchain transactions as enforceable electronic transactions
On August 3, the governor of Ohio signed into law SB 220, which codifies that records or contracts and signatures secured through blockchain technology are enforceable electronic transactions. Specifically, SB 220 amends Ohio’s Uniform Electronic Transactions Act to state that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature” and that a “signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” The amendments also create an affirmative defense or “safe harbor” to tort actions against businesses alleged to have failed to implement reasonable information security controls leading to a data breach of personal or restricted information. To qualify for the safe harbor, a business must implement and comply with a written cybersecurity program that contains specific safeguards for either the protection of personal information or the protection of both personal and restricted information.
Georgia Department of Banking and Finance issues cease and desist over licensing violation involving bitcoin
On July 26, the Georgia Department of Banking and Finance (Department) announced the issuance of a cease and desist order against a bitcoin trading platform. According to the Department, the company allegedly engaged in the sale of payment instruments and money transmissions without first acquiring a valid license or applicable exemption in violation of the state’s financial institutions code. Licensure requirements in the state apply to persons engaged in transactions involving virtual currency.
House Financial Services Committee holds hearing on potential regulation of cryptocurrencies and ICOs
On March 14, the House Financial Services Subcommittee on Capital Markets, Securities, and Investment held a hearing entitled “Examining Cryptocurrencies and ICO Markets” to discuss recommendations for Congress concerning the regulation of cryptocurrencies and initial coin offering ("ICO") markets. Subcommittee Chairman Bill Huizenga, R-Mich., opened the hearing by stating that “[c]ryptocurrencies and ICOs provide an innovative vehicle for startups to potentially access capital and grow their businesses,” and emphasized that potential regulation of this market should not stifle innovation in the area of digital currencies and capital formation.
The hearing’s four witnesses offered numerous insights into the shaping of regulation in the crytopcurrency and ICO markets. The witnesses discussed emphasizing the potential of ICOs for U.S. investors, disclosures in the ICO market, and the need for regulation to be clear with definitive classification guidelines. Additionally, witnesses commented on the unanticipated negative consequences of regulation, including the risk associated with developing a regulatory framework around the cryptocurrency market since the market is still emerging. The hearing included discussion on the functions of cryptocurrency and the ICO market, including distinguishing an ICO offering from a traditional Initial Public Offering (IPO) and the different uses of “scarce tokens,” such as bitcoin, which would impact whether cryptocurrencies were regulated as commodities or securities.
On February 15, the Commodity Futures Trading Commission (CFTC) issued a Consumer Protection Advisory on virtual currency “pump-and-dump” schemes, which offers eligible whistleblowers between 10 and 30 percent of enforcement actions of $1 million or more, which result from the shared information. The notice cautions consumers against falling for the fraudulent “pump-and-dump” schemes, which capitalize on consumers’ fear of missing the potentially lucrative—yet volatile—cryptocurrency market. The advisory warns consumers that many of the perpetrators of these schemes use social media to promote false news reports and create fake urgency for consumers to buy the cryptocurrency immediately. Then, after the price reaches a certain level, the schemers sell their virtual currency and the price begins to fall.
On January 4, the Chair of the CFTC, J. Christopher Giancarlo, issued a statement emphasizing the CFTC’s commitment to effectively regulating virtual currency and reiterated the CFTC’s view that virtual currency is a “commodity,” as defined by the Commodity Exchange Act (CEA), and thus is subject to CFTC regulation. Giancarlo noted that it would be irresponsible to ignore virtual currency and that the CFTC is following steps to effectively and responsibly regulate the risks, specifically, “consumer education, asserting CFTC authority, surveilling trading in derivative and spot markets, prosecuting fraud, abuse, manipulation and false solicitation and active coordination with fellow regulators.” Giancarlo’s statement also noted an upcoming meeting of the CFTC Technology Advisory Committee to discuss virtual currencies on January 23.
The CFTC also published a backgrounder on the oversight of the virtual currency futures market, which describes the “heightened review” for the self-certification process as applied to virtual currency futures products, and explains the extent to which the CFTC “not only has clear legal authority, but now also will have the means to police certain underlying spot markets for fraud and manipulation.”
On December 14, the Financial Stability Oversight Council (FSOC) released its 2017 annual report. The report reviews financial market developments, identifies emerging risks, and offers recommendations to enhance financial stability. Highlights include:
- Cybersecurity. The report notes that financial institutions need to work with regulators to improve cybersecurity resilience and better understand risks. FSOC encourages the creation of a private sector council of senior executives to work with government officials and focus on ways cyber incidents may affect business operations.
- Marketplace Lending. FSOC acknowledges that marketplace lending is still an evolving model with potential risks, such as the misalignment of incentives. However, the report notes the platform’s potential to reduce costs and expand access to credit.
- New Technology. The report discusses challenges for supervision and regulation of virtual currencies and distributed ledger technology. FSOC observes that current regulatory practices were designed for more centralized systems, in comparison to the decentralization of data storage in this new landscape.
CFTC Issues Proposed Interpretation of “Actual Delivery” in Virtual Currency Transactions; Launches Virtual Currency Resource Page
On December 15, the Commodity Futures Trading Commission (CFTC) announced a proposed interpretation concerning its authority over transactions involving virtual currency, which includes its view regarding the term “actual delivery” in the context of retail virtual currency transactions. According to the proposed interpretation, the CFTC claims that it has “explicit oversight authority” over “retail commodity transactions” under Section 2(c)(2)(D) of the Commodity Exchange Act. Applying a broad definition of the term virtual currency, the CFTC believes that these type of currencies are commodities, which means that certain transactions in virtual currencies are subject to CFTC oversight.
The proposed interpretation sets forth two primary factors that market participants must demonstrate to prove “actual delivery” of virtual currency in connection with retail commodity transactions:
- a customer has the ability to “(i) take possession and control of the entire quantity of the commodity, whether it was purchased on margin, or using leverage, or any other financing arrangement, and (ii) use it freely in commerce (both within and away from any particular platform) no later than 28 days from the date of the transaction”; and
- “the offeror and counterparty seller (including any of their respective affiliates or other persons acting in concert with the offeror or counterparty seller on a similar basis) does not retain any interest in or control over any of the commodity purchased on margin, leverage, or other financing arrangement at the expiration of 28 days from the date of the transaction.”
Comments on the proposed regulation must be received on or before March 20, 2018.
In October, the CFTC’s LabCFTC released “A CFTC Primer on Virtual Currencies,” which discusses potential use-cases for virtual currencies, outlines the agency’s role and oversight of virtual currencies, and highlights the risks associated with virtual currencies. The CFTC also launched its own webpage with virtual currency resources and a customer advisory warning of the risks of virtual currency trading.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference