InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court sends cryptocurrency hack suit to arbitration
On August 24, the U.S. District Court for the Eastern District of New York granted a motion to compel arbitration in an action claiming that a mobile communications company’s failure to protect the personal information of a cryptocurrency company founder allowed a hacker to steal $8.7 million in cryptocurrency. The cryptocurrency company and its founder sued the defendant citing violations of the Federal Communications Act and the New York Consumer Protection Act, along with numerous negligence claims. Plaintiff alleged that due to lack of safeguards, a hacker conducted an unauthorized “SIM swap” and used the plaintiff’s personal information to access his cryptocurrency wallets and exchange accounts. Plaintiff further claimed that even though it reported the SIM swap to the defendant, “[m]ore attacks continued to succeed over the following years.” The defendant moved to compel arbitration claiming that the plaintiff electronically signed receipts agreeing to terms and conditions which require the arbitration of disputes unless a customer opts-out. The plaintiff countered that “he was not shown the full terms and conditions to his service; that he could not conduct a ‘complete review and inspection’ of the digital receipt because of the screen’s small size, resolution, and inadequate backlighting; that the displayed receipt did not permit hyperlinked review of the full terms; that the display did not affirmatively seek his consent to arbitration by requiring he press a button or check a box; that the full terms were not separately provided in another form; and that his consent was not otherwise confirmed by [defendant] personnel.”
The court found that had the plaintiff “simply thought he was signing a receipt for equipment purchases–and had no idea that any terms and conditions were displayed on the digital device he signed–the court might have concluded that there remained a question of fact suitable for resolution by a jury.” However, the court found that the plaintiff “never claimed that he was unaware that his transactions with [defendant] carried terms and conditions” nor did he allege that he never received “a notice indicating the existence of the terms” even though the court specifically asked the parties to establish these facts in limited discovery. Accordingly, the court ruled that the plaintiff was on notice of defendant’s terms and agreed to them, thus compelling arbitration.
House Republican concerned about Treasury sanctions on virtual currency mixer
On August 23, Representative Tom Emmer (R-MN) sent a letter to Treasury Secretary Janet Yellen raising privacy and due process concerns related to recent “first-of-their-kind” sanctions issued against a virtual currency mixer accused of allegedly laundering more than $7 billion in virtual currency, including more than $455 million stolen by a Democratic People’s Republic of Korea state-sponsored hacking group that is separately subject to U.S. sanctions (covered by InfoBytes here). The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) said the sanctions resulted from the company “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” (Covered by InfoBytes here.)
Emmer stressed, however, that adding the company to OFAC’s Specially Designated Nationals and Blocked Persons (SDN) List seemed to diverge from previous OFAC precedent since several of the company’s designated “smart contract addresses” do not appear to be a person, entity, or property, but rather are distributed technological tools that are not controlled by any entity or natural person. “OFAC has a long, commendable history of utilizing financial sanctions to enhance the national security of the United States,” the letter said. “Nonetheless, the sanctioning of neutral, open-source, decentralized technology presents a series of new questions, which impact not only our national security but the right to privacy of every American citizen.” Emmer referenced May 2019 guidance issued by FinCEN (covered by InfoBytes here), which he said drew “a distinction between ‘providers of anonymizing services’ (including ‘mixers’)” which are subject to Bank Secrecy Act obligations and “‘anonymizing software providers’” which are not. Emmer recognized that OFAC is not bound by FinCEN regulations, but said it is his understanding that the sanctioned company is “simply the anonymizing software deployed on the blockchain.”
Emmer requested clarification from Treasury on several questions, including the factors OFAC considers when designating technology to the SDN List and how OFAC plans to “uphold the appeals process for the sanctioned addresses that have no ability to appeal the sanction to OFAC” because they “are smart contracts with no agency, corporate or personal, and as such cannot speak for themselves or those whose funds they hold.”
DFPI orders crypto lender to cease offering unqualified securities
On August 8, the California Department of Financial Protection and Innovation (DFPI) issued a desist and refrain order to a now-bankrupt cryptocurrency lender and its CEO after determining that the company allegedly made material misrepresentations and omissions in the offering of crypto interest accounts, particularly with respect to understating the risks of depositing digital assets with the company. According to DFPI, since June 2018, the company funded part of its lending operations and proprietary trading through the sale of unqualified securities in the form of digital asset interest-earning accounts known as “Earn Rewards” accounts. DFPI found that the company allegedly offered these accounts to consumers without first qualifying them as securities in compliance with California’s Corporate Securities Law. Additionally, DFPI contended that the company failed to fully disclose material aspects of its business and Earn Rewards accounts, and claimed that the CEO failed to disclose material aspects of the company’s business, made materially misleading statements, or omitted material facts necessary to ensure the statements were not misleading. In June, the company suspended the fulfillment of customer withdrawals from its crypto interest accounts and filed for Chapter 11 bankruptcy reorganization on July 13.
DFPI ordered the company and CEO to desist and refrain from further offers and sale of securities in California, including but not limited to the Earn Rewards accounts, unless such sale has been qualified under California law or unless the security or transaction is exempt from qualification. The company and CEO were also both ordered to desist and refrain from offering securities in California by means of untrue statements of material fact or omissions of material fact.
FDIC issues CDO against five crypto companies
On August 19, the FDIC issued letters (see here, here, here, here, and here) to five companies demanding that they cease and desist from making crypto-related false and misleading statements regarding their FDIC deposit insurance status and take immediate corrective action to address these false statements. The FDIC noted that “each of these companies made false representations—including on their websites and social media accounts—stating or suggesting that certain crypto-related products are FDIC-insured or that stocks held in brokerage accounts are FDIC-insured.” Specifically, the FDIC noted that “a company offering a so-called cryptocurrency also registered a domain name that suggests affiliation with or endorsement by the FDIC,” calling such representations “false and misleading.” The FDIC said that the companies’ actions violated the FDI Act, which “prohibits any person from representing or implying that an uninsured product is FDIC–insured or from knowingly misrepresenting the extent and manner of deposit insurance,” and “further prohibits companies from implying that their products are FDIC–insured by using ‘FDIC’ in the company’s name, advertisements, or other documents.” The FDI Act authorizes the FDIC to enforce this prohibition against any person. The FDIC demanded that the companies take corrective actions by removing the misrepresentations or false statements and providing written confirmation to the FDIC that they have fully complied with the removal request.
CFTC commissioner seeks increased digital assets oversight
On August 19, CFTC Commissioner Kristin N. Johnson delivered remarks discussing digital asset policy, innovation, legislation, and regulation before a roundtable at the CFTC. In her prepared remarks, Johnson highlighted the “increasingly diverse crypto-investing community,” including historically underserved groups who are drawn to digital asset markets by “promises of financial inclusion” and opportunities to “increase income, wealth, and resources – a promise that, if realized, may enable them to transition from fragile financial circumstances to achieving the American dream.” Johnson noted, however, that instability in these markets have led the CFTC to examine closely “the specific implications of crypto-investing for diverse communities and the potential benefits of well-tailored, carefully crafted regulation.” Johnson referenced Treasury Secretary Janet Yellen’s April 7, 2022 remarks at American University’s Kogod School of Business Center for Innovation, which said that while regulations should be “tech-neutral,” they should also ensure that innovation does not cause disparate harm or exacerbate inequities.
Johnson also discussed President Biden’s March 9 Executive Order (covered by InfoBytes here), Ensuring Responsible Development of Digital Assets, which stressed the need for “steps to reduce the risks that digital assets could pose to consumers, investors, and business protections” and mitigate “illicit finance and national security risks posed by misuse of digital assets,” including money laundering, cybercrime and ransomware, terrorism and proliferation financing, and sanctions evasion. While the E.O. “marked an important step towards greater cooperation and coordination among cabinet-level agencies, market regulators and prudential regulators,” Johnson called for an “increase [in] investor education and outreach to empower consumers and contemporaneously combat illicit activity and safeguard the integrity and stability of our financial markets.”
Johnson also discussed pending legislation intended “to better protect consumers and enhance market structure and market integrity in digital assets and cryptocurrency markets,” such as the Digital Commodities Consumer Protection Act of 2022 (DCCPA), which “seeks to give the CFTC jurisdiction over digital asset spot market transactions by expanding the definition of ‘commodity’ in the CEA to include ‘digital commodities.’” She further explained that the DCCPA, among other things, “would require the CFTC to conduct a study on the impact of digital assets on diverse communities.” Johnson also mentioned the Responsible Financial Innovation Act, calling it “a comprehensive reform measure that introduces the concept of ‘ancillary assets’ as a pathway for clearly defining oversight of digital assets and cryptocurrencies as securities or commodities.” Johnson emphasized that market participants have expressed heightened cybersecurity concerns regarding attacks on cryptocurrency exchanges or trading platforms, and stressed that “[i]t is vital for the U.S. to bolster its role as a leader in the global financial system by developing a strong regulatory framework for digital assets[.]”
Toomey pressures FDIC to respond to alleged anti-crypto actions
On August 16, Senator Pat Toomey (R-PA) informed FDIC acting Chairman Martin Gruenberg that information provided by whistleblower communications suggest that the agency may be asking banks to “refrain from expanding relationships with crypto-related companies, without providing any legal basis.” Toomey’s letter expressed concerns about the ramifications of banks restricting services to legal crypto-related companies, stressing that “[g]iven the FDIC’s involvement under [Gruenberg’s] leadership in the Obama administration’s notorious Operation Choke Point, which sought to coerce banks into denying services to legal yet politically disfavored businesses, it is important to better understand the actions the FDIC is now taking and the legal basis for them.” He commented that regional offices allegedly received draft letters to send to banks requesting that they refrain from expanding relationships with crypto-related companies, and cited an example of a bank that planned to provide customers access to a crypto-related trading platform through the bank’s mobile app. “This arrangement appears similar to the common practice of banks partnering with third-parties so customers can access services like stock-trading platforms,” Toomey said, adding that the bank was going to send customers clear disclosures warning them that neither the trading platform nor their digital assets were insured by the FDIC. He cited another alleged incident where FDIC-headquartered employees purportedly urged regional examination staff to downgrade their classification of a specific loan that a bank made to a crypto-related company. “It is my understanding that it is highly atypical for FDIC headquarters personnel to be involved in reviewing an individual loan,” Toomey said. “FDIC regional office staff reportedly interpreted the involvement of FDIC headquarters in this matter as an effort to change how loans to crypto-related companies are generally classified and to deter banks from extending such loans in the future.” Claiming that the agency “may be abusing its supervisory powers to deter banks from extending credit to crypto-related companies,” Toomey asked the FDIC to respond to several questions pertaining to its alleged behavior by August 30.
Fed discusses technology, innovation, and financial services
On August 17, Federal Reserve Governor Michelle W. Bowman spoke before the VenCent Fintech Conference in Arkansas regarding technology, innovation, and financial services. In her remarks, Bowman discussed the importance of technology and how it is leading to new bank business models, including application programming interfaces and other technologies that allow nonbank technology firms to provide financial services. Bowman also discussed why customers engage more in crypto assets, such as that there has been “significant consumer demand for engagement in these types of services,” and that “banks have observed their deposits flowing to nonbank crypto-asset firms and, understandably, would like to stem that outflow by offering the services themselves.” Bowman also noted that the Fed is “working to articulate supervisory expectations for banks on a variety of digital asset-related activities,” such as custody of crypto-assets and loans collateralized by crypto-assets, among other things. She addressed supervisory guidance recently released by the Fed (covered by InfoBytes here), which “provide[s] banks with additional information about the risks of crypto activities and remind[s] them to ensure that the activities are legal and [that] they should have adequate systems, risk management, and controls in place to conduct the activities in a safe and sound manner consistent with applicable law.” Bowman also discussed the Fed’s involvement in artificial intelligence (AI), noting that last year, the Fed joined with other financial agencies to issue a Request for Information (RFI) on input on financial institutions’ use of AI (covered by InfoBytes here) and has received over 100 responses. As noted in the RFI, banks are using AI in a variety of ways, including fraud monitoring, personalization of customer services, credit decisions, risk management, and textual analysis. As covered by a Buckley Special Alert, in May, the Fed issued a final rule for its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. Bowman contended that FedNow “will enable financial institutions of every size, and in every community across America, to provide safe and efficient instant payment services,” and that it is “a flexible, neutral platform that will support a broad variety of instant payments.” In regard to novel charters and access to federal reserve account services, Bowman closed by highlighting the Fed’s final guidelines governing how Reserve Banks will evaluate requests for account access. Bowman explained that “[t]he guidelines take into account the Board's goals to (1) ensure the safety and soundness of the banking system; (2) effectively implement monetary policy; (3) promote financial stability; (4) protect consumers; and (5) promote a safe, efficient, inclusive, and innovative payment system.”
Fed urges banks to assess legality of crypto activities
On August 16, the Federal Reserve Board issued supervisory letter SR 22-6 recommending steps that Fed-supervised banking organizations engaging or seeking to engage in crypto-asset-related activities should take. The Fed stressed that organizations must assess whether such activities are legally permissible and determine whether any regulatory filings are required under the federal banking laws. Organizations should also notify the regulator and “have in place adequate systems, risk management, and controls to conduct such activities in a safe and sound manner” prior to commencing such activities. Risk management controls should cover, among other things, “operational risk (for example, the risks of new, evolving technologies; the risk of hacking, fraud, and theft; and the risk of third-party relationships), financial risk, legal risk, compliance risk (including, but not limited to, compliance with the Bank Secrecy Act, anti-money laundering requirements, and sanctions requirements), and any other risk necessary to ensure the activities are conducted in a manner that is consistent with safe and sound banking and in compliance with applicable laws, including applicable consumer protection statutes and regulations,” the supervisory letter explained, adding that state member banks are also encouraged to contact their state regulator before engaging in any crypto-asset-related activity. Organizations already engaged in crypto activities should contact the Fed “promptly” if they have not already done so, the agency said, noting that supervisory staff will provide any relevant supervisory feedback in a timely manner.
The supervisory letter follows an interagency statement released last November by the Fed, OCC, and FDIC (covered by InfoBytes here), which announced the regulators’ intention to provide greater clarity on whether certain crypto-asset-related activities conducted by banking organizations are legally permissible.
CFTC alleges crypto promoter’s digital asset trading scheme violates CEA
On August 12, the CFTC filed charges against an individual and his two Ohio-based cryptocurrency promotion companies for allegedly violating the Commodity Exchange Act and Commission regulations by soliciting more than $1 million in a digital asset trading scheme. The complaint alleged that the defendants made false and misleading statements in their solicitations to customers, including profit guarantees and claims concerning the individual defendant’s supposed success as a digital asset trader. According to the complaint, customers were guaranteed that they would not lose their initial investment and would be able to withdraw their initial investment and alleged profits at any time; however, defendants allegedly refused to allow existing customers to withdraw these funds, stopped communicating with customers, and manufactured excuses as to why funds were not returned. The complaint also contended, among other things, that the defendants omitted material facts, including that the defendants “misappropriated customer funds to pay purported profits to other customers in a manner akin to a Ponzi scheme,” misappropriated customer funds to pay for the individual defendant’s lifestyle, and commingled customer funds with personal bank and digital asset trading accounts. The CFTC seeks: (i) restitution for defrauded investors; (ii) disgorgement; (iii) civil monetary penalties; (iv) permanent registration and trading bans; and (v) a permanent injunction from future violations.
Democrats ask OCC to rescind crypto guidance
On August 10, four U.S. Democratic Senators sent a letter to acting Comptroller of the Currency Michael Hsu urging the OCC to rescind November 2021 guidance permitting national banks to engage in certain cryptocurrency activities. According to the letter, the Senators “are concerned that the OCC’s actions on crypto may have exposed the banking system to unnecessary risk, and ask that [Hsu] withdraw existing interpretive letters that have permitted banks to engage in certain crypto-related activities.” The letter noted that the OCC unilaterally released interpretive letters related to cryptocurrencies in July 2020 (Interpretive Letter 1170), October 2020 (Interpretive Letter 1172), and January 2021 (Interpretive Letter 1174). In the letters, the Senators noted, the OCC determined that banks were permitted to engage in certain crypto-related activities, which include, among other things: (i) “providing cryptocurrency custody service for customers”; (ii) “holding deposits that serve as reserves for certain stablecoins”; and (iii) “operating independent node verification networks [] and stablecoins for payment activities.” The Senators argued that the letters “granted banks unfettered opportunity to engage in certain crypto activities and remain problematic” after the OCC issued another interpretive letter (Interpretive Letter 1179) under Hsu attempting to limit the risks posed by the policies set forth in the earlier letters. The Senators asked Hsu to provide information so that they can “better understand banks’ exposure to the crypto market” by August 24. The Senators also urged Hsu to work with the Fed and FDIC on replacing his agency’s existing crypto guidance with a more “comprehensive approach.”