InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC orders cryptocurrency company to register tokens as securities or pay more than $30 million fine
On August 9, the SEC issued a cease and desist order to a cryptocurrency company accused of allegedly holding an unregistered securities offering. The company raised approximately $30.9 million by selling cryptocurrency tokens to investors through an initial coin offering from November 2017 to January 2018. The SEC asserted, however, that the tokens were offered and sold as investment contracts (and therefore should be considered securities), and that the company’s offering constituted an unregistered securities offering. “A purchaser in the offering of [the tokens] would have had a reasonable expectation of obtaining a future profit based upon [the company’s] efforts in using the proceeds from the offering to create an online identity attestation system that would increase the token’s value on crypto asset trading platforms,” the SEC said in the order, which alleged violations of Sections 5(a) and 5(c) of the Securities Act. While at the time of the offering the company required certain purchasers to agree that they were buying the tokens for “utility” rather than an investment, the SEC argued that the company’s marketing promotions and statements made by early purchasers indicated that purchasers “had a reasonable expectation of profit.” Under the terms of the order, the company agreed to register its tokens with the SEC and notify purchasers in its offering that they may be able to claim a refund on their token purchases. The company also agreed to pay a $300,000 civil penalty. If the company fails to take these actions it faces a $30.9 million fine, minus the amount already paid to the SEC or to token purchasers, the order stated. The SEC noted that the company has already voluntarily taken steps to prepare for registration.
NYDFS imposes $30 million fine against trading platform for cybersecurity, BSA/AML violations
On August 2, NYDFS announced a consent order imposing a $30 million fine against a trading platform for alleged violations of the Department’s Virtual Currency Regulation (23 NYCRR Part 200), Money Transmitter Regulation (3 NYCRR Part 417), Transaction Monitoring Regulation (3 NYCRR Part 504), Cybersecurity Regulation (23 NYCRR Part 500), and for failing to maintain adequate Bank Secrecy Act/anti-money laundering (BSA/AML) obligations. According to a Department investigation, the platform’s BSA/AML compliance program contained significant deficiencies, including an inadequate transaction monitoring system. Among other things, the platform failed to timely transition its manual system to an automated transaction monitoring system, which was unacceptable for a program of its size, customer profiles, and transaction volumes, and did not devote sufficient resources to adequately address risks. The Department also found “critical failures” in the platform’s cybersecurity program, which failed to address operational risks, and that specific policies within the program did not fully comply with several provisions of the Department’s cybersecurity and virtual currency regulations. According to the press release, pursuant to NYDFS’s Transaction Monitoring Regulation and Cybersecurity Regulation, companies should only file a Certificate of Compliance with the Department if their programs are fully compliant with the applicable regulation.
In light of the program’s deficiencies, NYDFS stated that the platform’s 2019 certifications to the Department attesting to compliance with these regulations should not have been made and thus violated the law. The platform also “failed to comply with the Supervisory Agreement by failing to promptly notify the Department of (a) actual or material potential actions, proceedings, or similar process that were or may have been instituted against [the platform] or any affiliated entity by any regulatory body or governmental agency; and (b) of the receipt by [the platform], or any affiliated entity, of any subpoena from any regulatory body or governmental agency in which [the platform], or any affiliated entity, was the target of the investigation.” NYDFS determined that in addition to the penalty, the platform will be required to retain an independent consultant that will perform a comprehensive evaluation of its compliance with the Department’s regulations and the platform’s remediation efforts with respect to the identified deficiencies and violations.
A Buckley Special Alert is forthcoming.
FDIC, Fed issue CDO against crypto brokerage firm
On July 28, the FDIC and the Federal Reserve Board issued a joint letter demanding that a crypto brokerage firm cease and desist from making false and misleading statements regarding the company’s FDIC deposit insurance status and take immediate corrective action to address these false statements. The agencies claimed that the firm made false and misleading representations online, including on its website, stating or suggesting that: (i) it is FDIC–insured; (ii) customers who invested with the firm’s cryptocurrency platform would receive FDIC insurance coverage for all funds provided to, and held by, the firm; and (iii) the FDIC would insure customers against the failure of the firm. The FDIC noted that the false and misleading statements Violate the FDIC Act. The FDIC demanded that the firm take corrective actions by removing the misrepresentations or false statements and provide written confirmation to the FDIC and Board of Governors that it has fully complied with the removal request within two days.
FDIC issues advisory on crypto companies’ deposit insurance claims
On July 29, the FDIC announced an advisory addressing certain misrepresentations about FDIC deposit insurance made by some crypto companies. The advisory, among other things, reminded insured banks that they must be aware of how FDIC insurance operates as well as the need to assess, manage, and control risks arising from third-party relationships, including those with crypto companies. The advisory noted that recently “some crypto companies have suspended withdrawals or halted operations," and that in certain cases, "these companies have represented to their customers that their products are eligible for FDIC deposit insurance coverage, which may lead customers to believe, mistakenly, that their money or investments are safe.” In dealing with crypto companies, the agency cautioned that “FDIC-insured banks should confirm and monitor that these companies do not misrepresent the availability of deposit insurance.” The FDIC also issued a Fact Sheet reminding the public that the FDIC only insures deposits held in insured banks and savings associations and only in the event of an insured bank’s failure. The FDIC does not insure assets issued by non-bank entities, such as crypto companies.
DOJ reports on cybersecurity and announces seizure of $500,000 from hackers
On July 19, Deputy Attorney General Lisa O. Monaco spoke before the International Conference on Cyber Security (ICCS) 2022 regarding DOJ’s efforts to combat the increase of cyberattacks. Monaco also announced the release of the Comprehensive Cyber Review, which reflects “the need to prioritize prevention, to ensure we are doing all we can to help victims, and above all else – to use all the tools at our disposal, working with partners here and around the globe, across the government and across the private sector.” The report noted that the “failure of certain technology companies” to meet their legal obligations “is a major factor in allowing criminals to escape detection and apprehension.” The report also noted that over the last decade,” companies have “proactively taken independent actions” against cybercriminals without prior coordination with U.S. law enforcement officials. The report argues that “there is no reason that criminal activities in the cyber context should be handled differently than in the real world, where it would almost be unheard of for private companies to observe criminal activity” without informing law enforcement as soon as possible and then working with law enforcement to further identify and disrupt the criminal activity. The report recommends that the Justice Department and U.S. technology companies “develop a voluntary set of principles regarding the proactive and systematic reporting of cybercriminal activities using their platforms.”
Monaco also announced that the FBI and DOJ “disrupted” a North Korean state-sponsored hacking group that targeted U.S. medical facilities and other public health sector organizations. According to the DOJ’s press release, the Department seized $500,000 in cryptocurrency paid as ransom to North Korean hackers who used a ransomware strain to encrypt the files and servers of a medical center in Kansas. After more than a week of being unable to access encrypted servers, the Kansas hospital paid approximately $100,000 in Bitcoin to regain the use of their computers and equipment. Because the Kansas medical center notified the FBI and cooperated with law enforcement, the FBI was able to identify the never-before-seen North Korean ransomware and trace the cryptocurrency to China-based money launderers.
FSB releases statement on crypto-asset activities
On July 11, the Financial Stability Board (FSB) released a statement regarding international regulation and supervision of crypto-asset activities following the “recent turmoil in crypto-asset markets.” The FSB called for “an effective regulatory framework” to “ensure that crypto-asset activities posing risks similar to traditional financial activities are subject to the same regulatory outcomes, while taking account of novel features of crypto-assets and harnessing potential benefits of the technology behind them.” The statement also called for, among other things: (i) crypto-assets and markets to be subjected to effective regulation and oversight relative to their domestic and international risks; (ii) cryptocurrency service providers to ensure compliance with existing legal obligations in the jurisdictions where they operate; and (iii) stablecoins to be subject to “robust” regulations and supervision if they are to be adopted as a widely used means of payment or play an important role in the financial system. The FSB noted the “ongoing work of the FSB and the international standard-setting bodies to address the potential financial stability risks posed by crypto-assets,” and highlighted that member authorities will implement applicable international standards into national regulatory and supervisory frameworks “to the extent not already reflected and will adopt guidance, recommendations and best practices of international standard-setting bodies.”
Brainard stresses need for crypto regulation
On July 8, Fed Vice Chair Lael Brainard warned that “[r]ecent volatility has exposed serious vulnerabilities in the crypto financial system.” Speaking before a Bank of England conference, Brainard explained that while crypto-assets are presented as a “fundamental break from traditional finance,” they are still susceptible to leverage, settlement, opacity, and maturity and liquidity transformation risks. The recent bankruptcy of a prominent crypto hedge fund and failed projects in the cryptocurrency space demonstrate that the crypto ecosystem faces many of the same challenges that are well known from traditional finance, she said. Brainard acknowledged that a “digital native form of safe central bank money could enhance stability by providing the neutral trusted settlement layer in the future crypto financial system,” but she also stressed that it is important “that the foundations for sound regulation of the crypto financial system be established now before the crypto ecosystem becomes so large or interconnected that it might pose risks to the stability of the broader financial system.” Novel crypto products often come with new risk factors, she said, adding that it may also be difficult “to distinguish between hype and value.” A strong regulatory framework that imposes “guardrails for safety and soundness, market integrity, and investor and consumer protection will help ensure that new digital finance products, platforms and activities are based on genuine economic value and not on regulatory evasion,” Brainard stated. She also noted that strong regulatory guardrails would also help investors and developers build “a resilient digital native financial infrastructure” and help banks, payments providers, and fintech companies “improve the customer experience, make settlement faster, reduce costs, and allow for rapid product improvement and customization.”
Treasury releases fact sheet on digital asset international engagement
On July 7, the Secretary of the Treasury released a Fact Sheet on the Framework for International Engagement on Digital Assets. The Fact Sheet was delivered to President Biden, as directed in the Executive Order on Ensuring Responsible Development of Digital Assets (E.O.) and in consultation with the Secretary of State, the Secretary of Commerce, and the heads of other relevant agencies. The E.O. outlined an interagency approach to address the risks and harness the potential benefits of digital assets and their underlying technology, and directed the Administration to promote the “development of digital asset and central bank digital currencies (CBDC) technologies consistent with [the Treasury’s] values and legal requirements.” According to the announcement, “the framework is intended to ensure that, with respect to the development of digital assets, America’s core democratic values are respected; consumers, investors, and businesses are protected; appropriate global financial system connectivity and platform and architecture interoperability are preserved; and the safety and soundness of the global financial system and international monetary system are maintained.” The announcement also noted that “a history of robust engagement provides a strong foundation for expanded, strategic engagement going forward” and highlighted other key international engagements.
DOJ charges six with crypto fraud
On June 30, the DOJ charged six individuals in four separate cases for allegedly playing a role in several cryptocurrency-related fraud schemes. In its press release announcing the indictments, the DOJ said these schemes include “the largest known Non-Fungible Token (NFT) scheme charged to date, a fraudulent investment fund that purportedly traded on cryptocurrency exchanges, a global Ponzi scheme involving the sale of unregistered crypto securities, and a fraudulent initial coin offering.”
- Crypto NFT Scheme: The DOJ charged a Vietnamese national with one count of conspiracy to commit wire fraud and one count of conspiracy to commit international money laundering related to his involvement in an NFT project, in which the individual and his co-conspirators allegedly engaged in a “rug pull” that ended the investment project and stole roughly $2.6 million from investors. Shortly after the rug pull, the DOJ said in its announcement that the individuals allegedly “laundered investors’ funds through ‘chain-hopping,’ a form of money laundering in which one type of coin is converted to another type and funds are moved across multiple cryptocurrency blockchains.” The individuals also allegedly used decentralized cryptocurrency swap services to hide the trail of investors’ stolen funds.
- Crypto Ponzi and Unregistered Securities Scheme: The DOJ charged two Brazilian nationals and a Florida resident with one count of conspiracy to commit wire fraud and one count of conspiracy to commit securities fraud in connection with a global cryptocurrency-based Ponzi scheme that generated approximately $100 million from investors. The Brazilian nationals were also charged with conspiracy to commit international money laundering. According to the DOJ, the individuals fraudulently promoted a cryptocurrency investment platform and unregistered securities offering by misrepresenting a purported proprietary trading bot and falsely guaranteeing returns to investors. The Brazilian nationals allegedly laundered investors’ funds through a foreign-based cryptocurrency exchange and paid earlier platform investors with money obtained from later investors, the DOJ said. The SEC also filed a lawsuit against all three individuals and their company in the U.S. District Court for the Southern District of Florida.
- Crypto Initial Coin Offering Scheme: A California resident who founded a cryptocurrency investment platform was charged by the DOJ with one count of securities fraud for his role in a cryptocurrency fraud scheme involving the platform’s initial coin offering (ICO), which raised roughly $21 million from investors globally. According to the DOJ, the individual falsified information in company white papers for prospective investors, promoted fake testimonials, and fabricated purported business relationships with the Federal Reserve Board and dozens of major companies to appear legitimate.
- Crypto Commodities Scheme: The DOJ charged the owner of a cryptocurrency investment platform with one count of conspiracy to commit wire fraud, four counts of wire fraud, one count of conspiracy to commit commodities fraud, and one count of obstruction of justice. The Nevada resident allegedly raised approximately $12 million from investors by using the platform to solicit investors’ participation in an unregistered commodity pool (“a fund that combines investors’ contributions to trade on the futures and commodity markets”), told investors that he used a trading bot that “could execute over 17,000 transactions per hour on various cryptocurrency exchanges” to earn profits, and falsely represented that this trading bot would generate between 500 to 600 percent returns on the amount invested.
“Our office is committed to protecting investors from sophisticated scammers seeking to capitalize on the relative novelty of digital currency,” U.S. Attorney Juan Antonio Gonzalez for the Southern District of Florida stated. “As with any emerging technology, those who invest in cryptocurrency must beware of profit-making opportunities that appear too good to be true.”
U.S.-UK partnership exchanges views on crypto, digital assets
On July 1, the U.S. Treasury Department issued a joint statement providing an overview of recent meetings of the U.S.-UK Financial Innovation Partnership (FIP) where Regulatory and Commercial Pillar participants exchanged views “on topics of mutual interest in the U.S. and UK regarding crypto and digital asset ecosystems.” Participants also discussed options for deepening ties between U.S. and UK financial authorities on financial innovation. As previously covered by InfoBytes, the FIP was created in 2019 as a way to expand bilateral financial services collaborative efforts, study emerging fintech innovation trends, and share information and expertise on regulatory practices. The first meeting of the FIP took place in August 2020 (covered by InfoBytes here). Topics discussed in the most recent meeting included, among other things, crypto-asset regulation and market developments, including recent developments related to stablecoins and the exploration of central bank digital currencies, and other recent market developments on digital assets. Participants acknowledged “the continued importance of the ongoing partnership on global financial innovation as an integral component of U.S.-UK financial services cooperation.”