InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI cracks down on crypto-asset Ponzi schemes
On September 27, the California Department of Financial Protection and Innovation issued desist and refrain orders against 11 entities, including nine crypto asset trading platforms, one metaverse software development company, and one decentralized finance platform for violating California securities laws. While each of the 11 entities allegedly offered and sold unqualified securities through their platforms and promised various fixed rates of return to investors, DFPI claimed that the entities actually engaged in Ponzi-like schemes and used investor funds to distribute supposed profits and returns to other investors. Additionally, DFPI accused the entities of “luring” new investors through referral programs that operated like pyramid schemes in which investors would be paid commissions to recruit new investors. Referring to these as “high yield investment programs (HYIPs),” DFPI claimed the entities provided investors with few details about the people operating the HYIPs, how the HYIPs make money, or how the HYIPs facilitate deposits and withdrawals with crypto assets, among other things. DFPI also accused 10 of the 11 entities of making material representations and omissions to investors about the qualifications of their securities under California law as well as the purported risks. DFPI said in its announcement that it had been directed by an executive order issued by the governor in May (covered by InfoBytes here) to initiate enforcement actions to stop violations of consumer financial laws and to increase residents’ awareness of the benefits and risks associated with crypto asset-related financial products and services.
States accuse crypto platform of offering unregistered securities
On September 26, the New York attorney general sued a cryptocurrency platform for allegedly offering unregistered securities and defrauding investors. New York was joined by state regulators from California, Kentucky, Maryland, Oklahoma, South Carolina, Washington, and Vermont who also filed administrative actions against the platform. The states alleged that the platform failed to register as a securities and commodities broker but told investors that it was fully in compliance. According to the New York AG’s complaint, the platform promoted and sold securities through an interest-bearing virtual currency account that promised high returns for participating investors. The NY AG said that a cease-and-desist letter was sent to the platform last year, and that while the platform stated it was “working diligently to terminate all services” in the state, it continued to handle more than 5,000 accounts as of July. The complaint charges the platform with violating New York’s Martin Act and New York Executive Law § 63(12), and seeks restitution, disgorgement of profits, and a permanent injunction.
California’s Department of Financial Protection and Innovation (DFPI) said in a press release announcing its own action that it will continue to take “aggressive enforcement efforts against unregistered interest-bearing cryptocurrency accounts.” DFPI warned companies that crypto-interest accounts are securities and are therefore subject to investor protection under state law, including disclosure of associated risks.
Treasury discusses future of digital assets, says CBDC may take years
On September 23, the U.S. Treasury Department’s Under Secretary for Domestic Finance Nellie Liang discussed ways in which digital assets could alter the future of money and payments in the U.S. Speaking at the Brookings Institution, Liang highlighted recommendations presented in an agency report released earlier in September as part of President Biden’s Executive Order on Ensuring Responsible Development in Digital Assets (covered by InfoBytes here). The report, Crypto-assets: Implications for Consumers, Investors, and Businesses, outlined several significant areas of concern, including “frequent instances of operational failures, market manipulation, frauds, thefts, and scams.” The report advised federal agencies, including the CFPB, SEC, CFTC, and DOJ, to (i) continue to aggressively pursue enforcement actions focused on the crypto-asset sector; (ii) clarify existing authorities to ensure they are appropriately applied to crypto-assets; (iii) coordinate efforts to increase compliance; and (iv) take collaborative measures to improve the quality of information about crypto-assets for consumers, investors, and businesses.
Liang also commented on the potential benefits of adopting a U.S. central bank digital currency (CBDC), “such as preserving the uniformity of the currency, or providing a base for further innovation,” but warned that further research and development on the technology needed to support such a currency may take years. “There are many important design choices that would require additional consideration,” Liang said, stating, for example, “a retail CBDC would be broadly available to the public, while a wholesale CBDC would be limited to banks and other financial institutions.” Liang said Treasury plans to lead an inter-agency working group to advance further work on a possible CBDC and “consider the implications of CBDC in areas such as financial inclusion, national security and privacy.”
Liang also discussed other recommendations made in the report related to the possible establishment of a federal regulatory framework for nonbank providers of payment services. “A federal framework could provide a common floor for minimum financial resource requirements and other standards that may exist at the state level,” Liang pointed out. “It also would complement existing federal [anti-money laundering/combating the financing of terrorism] obligations and consumer protection requirements that apply to nonbank payment providers,” and “could work in conjunction with a U.S. CBDC or with instant payment systems.” She also commented on Treasury’s work to develop a faster, cheaper cross-border international payment system and noted the agency will consider potential risks, such as privacy and human rights considerations.
CFTC orders unregistered respondents to pay $250,000 for CEA violations
On September 22, the CFTC announced a settlement with a cryptocurrency business and its founders (collectively, respondents) for allegedly violating the Commodity Exchange Act (CEA), Commission regulations, and Bank Secrecy Act compliance requirements. According to the CFTC, the respondents allegedly “designed, deployed, marketed, and made solicitations concerning a blockchain-based software protocol that accepted orders for and facilitated margined and leveraged retail commodity transactions.” The protocol allowed users to leverage positions, where the value was determined by the price difference between two digital assets from the time the position was established to the time it was closed. The protocol, according to the CFTC, “purported to offer users the ability to engage in these transactions in a decentralized environment.” The CFTC found that the respondents were not registered with the CFTC and had engaged in unlawful activities that could only be lawfully performed by a registered designated contract market and other activities that could only lawfully be performed by a registered futures commission merchant (FCM). Additionally, the respondents did not comply with the Bank Secrecy Act when they failed to conduct know-your customer diligence on their customers as part of a customer identification program, as required of FCMs. The order requires the respondents to pay a $250,000 civil monetary penalty and to cease and desist from further violations of the CEA and CFTC regulations. Simultaneously, the CFTC filed a complaint in the U.S. District Court for the Northern District of California charging a decentralized autonomous organization and successor to the cryptocurrency business that operated the same software protocol with violating the same laws as the respondents. The CFTC is seeking restitution, disgorgement, civil monetary penalties, trading and registration bans, and injunctions against further violations of the CEA and CFTC regulations.
The same day, CFTC Commissioner Summer K. Mersinger published a dissenting opinion, stating that though she does “not condone[s] individuals or entities blatantly violating the CEA or our rules,” we “cannot arbitrarily decide who is accountable for those violations based on an unsupported legal theory amounting to regulation by enforcement while federal and state policy is developing.” She further argued that there is no provision in the CEA that holds members of a for-profit unincorporated association personally liable for violations of the CEA or CFTC rules committed by the association based solely on their membership status.
SEC targets crypto developer and influencer for sale of unregistered securities
On September 19, the SEC issued a cease and desist order against a software development company and its founder (collectively, “respondents”) for the unregistered offer and sale of crypto asset securities. The SEC also announced charges against a crypto influencer involved in promoting the company. According to the SEC’s order, from April 2018 into July 2018, the respondents allegedly conducted an unregistered securities offering of crypto asset securities, which raised approximately $30 million from nearly 4,000 investors. The SEC noted that the respondents told investors that the crypto asset securities would raise in value, that the company’s management would continue to improve the company, and that they would make the tokens available on a crypto trading platform. The order also found that the crypto asset securities were not registered with the SEC and were not applicable for a registration exemption. The SEC alleged the respondents violated the offering registration provisions of Sections 5(a) and 5(c) of the Securities Act of 1933.
According to the SEC’s complaint against the influencer, which was filed in the U.S. District Court for the Western District of Texas, the influencer purchased $5 million worth of the company’s crypto asset securities and promoted it on social media platforms from approximately May 2018 to July 2018. He also allegedly failed to disclose that the company had agreed to provide him a 30 percent bonus on the tokens that he purchased, as consideration for his promotional efforts. Additionally, the SEC alleged that he also organized an investing pool, despite not registering the offering with the SEC. The complaint alleged violations of the offering registration provisions of Section 5(a) and (c) of the Securities Act, as well as violations of Section 17(b) of the Act, and seeks injunctive relief, disgorgement plus prejudgment interest, and civil penalties.
Without admitting or denying the allegations, the company agreed to pay $30 million in disgorgement, $4 million in prejudgment interest, and a $500,000 civil penalty. The company also agreed to destroy its remaining tokens, request the removal of its tokens from trading platforms, and publish the SEC’s order on its website and social media channels. The founder, without admitting or denying the SEC’s findings, agreed to refrain from participating in offerings of crypto asset securities for a period of five years and will pay a $250,000 civil penalty.
White House presses regulators on framework for digital assets
On September 16, the White House published a comprehensive framework for the responsible development of digital assets, calling on federal regulators to “provide innovative U.S. firms developing new financial technologies with regulatory guidance, best-practices sharing, and technical assistance.” The framework follows an executive order (E.O.) issued by the Biden administration in March (covered by InfoBytes here), which outlined the first “whole-of-government” strategy for coordinating a comprehensive approach to ensuring responsible innovation in digital assets policy. Consistent with the E.O.’s deadline, nine reports have been submitted to President Biden to date that “call on agencies to promote innovation by kickstarting private-sector research and development and helping cutting-edge U.S. firms find footholds in global markets.” The reports also “call for measures to mitigate the downside risks, like increased enforcement of existing laws and the creation of commonsense efficiency standards for cryptocurrency mining.”
Among other things, the reports (i) direct the Federal Reserve Board to continue its research and experimentation on issuing a central bank digital currency, and request the creation of a U.S. Treasury Department-led interagency working group to support Fed efforts; (ii) encourage the SEC and CFTC to “aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space”; (iii) urge the CFPB and FTC to address consumer complaints related to unfair, deceptive, or abusive practices in the crypto space; (iv) encourage agencies to issue guidance and rules for addressing current and emergent risks in the digital asset ecosystem; (v) urge agencies and law enforcement to take joint measures to address digital asset risks impacting consumers, investors, and businesses; and (vi) encourage agencies to share data on consumers’ digital asset complaints. To promote access to safe and affordable financial services, the administration said it plans to explore how crypto-related technologies can bolster financial inclusion, and will encourage the adoption of instant payment systems, weigh recommendations for creating a federal framework for non-bank payment service oversight, and prioritize efforts to improve cross-border payment efficiency. Additionally, the administration said it is exploring the possibility of amending the Bank Secrecy Act and other related statutes to “explicitly” apply to digital asset exchanges and non-fungible token platforms, and is considering a legislative request to toughen penalties for unlicensed money transmitters and give the DOJ more jurisdictional digital asset prosecution authority.
The Treasury released three reports addressing the future of money and payment systems, consumer and investor protection, and illicit finance risks in response to the E.O. The reports, The Future of Money and Payments, Crypto-Assets: Implications for Consumers, Investors, and Businesses, and Action Plan to Address Illicit Financing Risks of Digital Assets call on regulators to mitigate crypto-related risks to consumers, investors, and businesses. “Innovation is one of the hallmarks of a vibrant financial system and economy,” Treasury Secretary Janet Yellen said. “But as we have learned painfully from the past, innovation without appropriately addressing the impact of these developments can result in significant disruptions and harm to the financial system and individuals, especially our more vulnerable populations.” The reports examine the future of digital assets and offer recommendations to address consumer and investor protection concerns, combat illicit finance risks, and improve the payments system to support a more competitive, efficient, and inclusive landscape.
The same day, the DOJ also released a report in response to the E.O. The Role Of Law Enforcement In Detecting, Investigating, And Prosecuting Criminal Activity Related To Digital Assets examines ways illicit actors exploit digital asset technologies and addresses challenges posed by digital assets to criminal investigations. The report provides recommendations to further enhance law enforcement’s ability to address digital asset crimes, such as strengthening criminal penalties and extending the statutes of limitations for crimes involving digital assets from five to ten years, and identifies three priorities: (i) “expanding to virtual asset service providers the laws preventing employees of financial institutions from tipping off suspects to ongoing investigations”; (ii) “strengthening the law criminalizing the operation of unlicensed money transmitting businesses”; and (iii) “extending the statute of limitations of certain statutes to account for the complexities of digital assets investigations.” The DOJ also launched the Digital Asset Coordinator Network, which will serve as the agency’s primary source for obtaining and disseminating information related to digital assets crimes.
OFAC publishes additional guidance related to sanctioned virtual currency “mixer”
On September 13, the U.S. Treasury Department’s Office of Foreign Assets Control published new cyber-related frequently asked questions concerning transactions involving a virtual currency mixer sanctioned last month for allegedly laundering more than $7 billion in virtual currency since 2019. As previously covered by InfoBytes, the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis,” and provided financial, material, or technological support for, or in support of, cyber-enabled activity contributing to a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S. The FAQs outline requirements for completing virtual currency transactions without violating U.S. sanctions regulations, discuss whether OFAC reporting obligations apply to transactions involving unsolicited and nominal amounts of virtual currency, and reiterate that transactions involving identified virtual currency wallet addresses are prohibited absent a specific OFAC license. The FAQs noted that as part of the SDN List entry, OFAC included as identifiers certain virtual currency wallet addresses associated with the company as well as the company’s URL address. OFAC provided additional clarification on interactions with open-source code that does not involve a prohibited transaction with the sanctioned company.
SEC opens crypto assets office
On September 8, SEC Chair Gary Gensler issued remarks before the Practising Law Institute to discuss cryptocurrency tokens and corresponding SEC regulation. During his remarks, Gensler stated his view that the “vast majority” of cryptocurrency tokens on the market are securities that are subject to SEC regulation. As a result, investors in cryptocurrencies “deserve disclosure to help them sort between the investments that they think will flourish and those that they think will flounder,” and that the law requires such protections. Gensler, also addressed stablecoins, which he also concluded raised significant policy issues. Gensler pointed out that depending on their attributes, stablecoins “may be shares of a money market fund or another kind of security,” and therefore require registration and deserve investor protections. Finally, addressing crypto intermediaries, Gensler noted that they are either engaging “in the business of effecting transactions in crypto security tokens for the account of others, which makes them brokers, or engage in the business of buying and selling crypto security tokens for their own account, which makes them dealers.” He warned that because crypto intermediaries often commingle other functions with a market, investors are inherently exposed to conflicts of interest and risks. To address this, Gensler noted that he encouraged SEC staff to collaborate “with intermediaries to ensure they register each of their functions—exchange, broker-dealer, custodial functions, and the like—which could result in disaggregating their functions into separate legal entities to mitigate conflicts of interest and enhance investor protection.” Gensler noted that legislation should be crafted in a way that maintains the SEC’s oversight of crypto security tokens, and added that these kind of assets make up most of the digital assets that are currently traded.
The same week, the SEC announced it is establishing an Office of Crypto Assets and an Office of Industrial Applications and Services to the Division of Corporation Finance’s Disclosure Review Program (DRP), which “has long had offices to review company filings by issuers.” According to the SEC, the offices will join the seven existing offices that provide focused review of issuer filings to continue the SEC’s efforts in promoting capital formation and protecting investors. The Office of Crypto Assets will permit “the DRP to better focus its resources and expertise to address the unique and evolving filing review issues related to crypto assets.”
District Court says tech company not liable for app in crypto theft
On September 2, the U.S. District Court for the Northern District of California granted a defendant California tech company’s motion to dismiss a putative class action filed by users who claimed their cryptocurrency was stolen after they downloaded a “phishing” program that posed as a legitimate digital wallet. Plaintiffs alleged that the illegitimate app (developed by a third-party and not the defendant) caused them to lose thousands of dollars in cryptocurrency. Claiming that the app was a spoofing and phishing program that obtained consumers’ cryptocurrency account information and routed that information to hackers’ personal accounts, plaintiffs sued, asserting claims under the federal Computer Fraud and Abuse Act, Electronic Communications Privacy Act, California Consumer Privacy Act, California’s Unfair Competition Law, California Consumer Privacy Act, California Consumer Legal Remedies Act, Maryland Wiretap and Electronic Surveillance Act, Maryland Personal Information Protection Act, and Maryland Consumer Protection Act. The defendant moved to dismiss, arguing that it was immune from liability under § 230(c)(1) of the Communications Decency Act. The court agreed with the defendant, ruling that it is granted protection under the Act because it qualifies as an “interactive computer service provider” within the meaning of the statute, is treated as a publisher, and provides information from another information content provider. “Here, plaintiffs’ computer fraud and privacy claims are based on [defendant’s] reproduction of an app [] intended for public consumption, via the App Store,” the court wrote. “But, as [defendant] notes, its review and authorization of the [] app for distribution on the App Store is inherently publishing activity.” Moreover, the court concluded that, among other things, the defendant’s liability provision contained within its terms, which states that it is not liable for conduct of a third party, is valid and enforceable.
Hsu focusing on fintech partnerships, crypto activities
On September 7, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the TCH + BPI Annual Conference in New York where he provided an update on agency priorities related to “guarding against complacency, addressing inequality, adapting to digitalization, and managing climate-related risk.” Among other things, Hsu’s prepared remarks highlighted the fact that while the banking industry needs to adapt to digitalization, it is important to maintain a “careful and cautious” approach to cryptocurrency activities. He referred to OCC Interpretive Letter 1179 (covered by InfoBytes here), which clarifies that national banks and federal savings associations should not engage in certain crypto activities unless they are able to “demonstrate, to the satisfaction of its supervisory office, that [they have] controls in place to conduct the activity in a safe and sound manner.” Hsu further noted in his remarks that the regulators’ careful and cautious approach helps explain, at least in part, why the federally-regulated banking system has been largely unaffected by the recent failure of several crypto platforms.
Hsu also stressed the need to develop a better understanding of bank-fintech arrangements, stressing that these partnerships are growing at an exponential rate and are becoming more complicated. While “[t]echnological advances can offer greater efficiencies to banks and their customers[,] [t]he benefit of those efficiencies… are lost if a bank does not have an effective risk management framework, and the effect of substantial deficiencies can be devastating,” Hsu said. He added that the OCC is “currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes” to “enable a clearer focus on risks and risk management expectations,” and stated that the agency is coordinating with other regulators to make sure there is “a shared understanding of how the financial system is evolving and that regulatory arbitrage and races to the bottom are minimized.” During his speech, Hsu also touched upon topics related to climate-related risks, economic inequality and structural barriers to financial inclusion, and the importance of maintaining strong risk management discipline.