Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFTC’s subcommittee report on decentralized finance highlights its findings and recommendations

    Privacy, Cyber Risk & Data Security

    On January 8, the CFTC issued a report on decentralized finance ahead of the CFTC’s event on artificial intelligence, cybersecurity, and decentralized finance. Authored by the CFTC’s Subcommittee on Digital Assets and Blockchain Technology, which is a group of fintech experts selected by the CFTC, the report urged government and industries to work together and advance the developments of decentralized finance in a responsible and compliant way.

    The report lists many key findings and recommendations for policymakers to implement. For example, the report highlights how policymakers should keep in mind customer and investor protections, promotion of market integrity and financial stability, and efforts to combat illicit finance when creating regulations, among others. Recommendations for policymakers include increasing their technical understanding of this space, surveying the existing regulatory “perimeter,” identifying and cataloging risks, identifying the range of regulatory strategies, and applying regulatory framework on digital identity, KYC and AML regimes, and calibration on privacy in decentralized finance.

    For further learning on decentralized finance, IOSCO released a publication on its nine recommendations, which was previously covered by InfoBytes here.

    Privacy, Cyber Risk & Data Security CFTC Decentralized Finance Blockchain IOSCO Financial Stability

  • GAO calls for enhanced oversight of blockchain, alternative data


    On August 8, the U.S. Government Accountability Office (GAO) released letters sent to the OCC, SEC, FDIC and the Fed to provide an update on GAO’s “priority open recommendations” for each regulator. Priority open recommendations refer to suggestions from GAO to bank regulators that have the potential for cost savings, elimination of mismanagement, fraud, and abuse, or addressing high-risk or duplication issues. GAO suggested that all four agencies follow its recommendation to coordinate oversight of blockchain technology. GAO referenced recent “volatility, bankruptcies, and instances of fraud in the crypto asset markets” and underscored the dangers to consumers and investors without safeguards. GAO suggests regulators jointly establish a formal coordination method to promptly identify and address risks tied to blockchain.

    For the three banking regulators in particular—the OCC, FDIC, and Fed—GAO noted that in 2011 it recommended that the three banking regulators implement noncapital triggers for early regulatory intervention tied to risky banking practices, but that such triggers had not yet been implemented. GAO also suggested that banking regulators and the “communicate the appropriate use of alternative data in the underwriting process with banks that engage in third-party relationships with fintech lenders.”

    GAO’s letter to the Fed restated GAO’s 2016 recommendation that the Fed design “a process to communicate information about the uncertainty surrounding post-stress capital ratio estimates” and “articulate tolerance levels for key risks identified through sensitivity testing and for the degree of uncertainty in the projected capital ratios.” GAO also recommended that the Fed revisit its “prompt corrective action framework” by “adopting noncapital triggers that would require early and forceful regulatory actions tied to unsafe banking practices.”

    Fintech Blockchain Examination Congress CFPB Risk Management OCC SEC FDIC Federal Reserve GAO

  • Hsu tells banks to approach AI cautiously

    On June 16, Acting Comptroller of the Currency Michael J. Hsu warned that the unpredictability of artificial intelligence (AI) can pose significant risks to the financial system. During remarks presented at the American Bankers Association’s Risk and Compliance Conference, Hsu cautioned that banks must manage risks when adopting technologies such as tokenization and AI. Although Hsu reiterated his skepticism of cryptocurrency (covered by InfoBytes here), he acknowledged that AI and blockchain technology (where most tokenization efforts are currently focused) have the potential to present “significant” benefits to the financial system. He explained that trusted blockchains may improve settlement efficiency through tokenization of real-world assets and liabilities by minimizing lags and thereby reducing related frictions, costs, and risks. However, he warned that legal frameworks and risk and compliance capabilities for tokenizing real-world assets and liabilities at scale require further development, especially considering cross-jurisdictional situations and ownership and property rights.

    With respect to banks’ adoption of AI, Hsu flagged AI’s “potential to reduce costs and increase efficiencies; improve products, services and performance; strengthen risk management and controls; and expand access to credit and other bank services.” But there are significant challenges, Hsu said, including bias and discrimination challenges in consumer lending, fraud, and risks created from the use of “generative” AI. Alignment is also the core challenge, Hsu said, explaining that because AI systems are built to learn and may not do what they are programed to do, governance and accountability challenges may become an issue. “Who can and should be held accountable for misaligned, unexpected, and harmful outcomes?” Hsu asked, pointing to banks’ use of third parties to develop and support their AI systems as an area of concern.

    Hsu advised banks to approach innovation “responsibly and purposefully” and to proceed cautiously while keeping in mind three principles for managing risks: (i) innovate in stages, expand only when ready, and monitor, adjust and repeat; (ii) “build the brakes while building the engine” and ensure risk and compliance professionals are part of the innovation process; and (iii) engage with regulators early and often during the process and ask for permission, not forgiveness.

    Bank Regulatory Federal Issues Fintech OCC Artificial Intelligence Tokens Compliance Risk Management Blockchain

  • CFTC shuts down illegal trading platform


    The U.S. District Court for the Northern District of California recently granted the CFTC’s motion for default judgment in an action accusing a decentralized autonomous organization of violating the Commodity Exchange Act (CEA) by operating an illegal trading platform and unlawfully acting as a futures commission merchant. (See also CFTC press release here.) The CFTC maintained that the organization’s platform and its blockchain-based software “protocol” enables users to engage in retail commodity transactions but does not provide protections or other requirements mandated under the statute. In addition to unlawfully offering leveraged and margined retail commodity transactions outside of a registered exchange, the organization is charged with failing to comply with Bank Secrecy Act obligations applicable to future commission merchants, including implementing a customer information program or conducting know your customer procedures. The default judgment requires the organization to shutter its website and remove its content from the internet, and orders permanent trading and registration bans. The organization also must pay a $643,542 civil money penalty and is enjoined from future violations of the CEA.

    Courts Digital Assets Cryptocurrency CFTC Commodity Exchange Act Blockchain Enforcement Bank Secrecy Act

  • SEC opens comment period on defining “exchange”

    Agency Rule-Making & Guidance

    On April 14, the SEC reopened the comment period on proposed amendments to the statutory definition of “exchange” under Exchange Act rule 3b-16, which now includes systems that facilitate the trading of crypto asset securities. (See also SEC fact sheet here.) The comment period was reopened in response to feedback requesting information about how existing rules and the proposed amendments would apply to systems that trade crypto asset securities and meet the proposed definition of an exchange, or to trading systems that use distributed ledger or blockchain technology, including such systems characterized as decentralized finance (DeFi). The SEC also provided supplement information and economic analysis for systems that would now fall under the new, proposed definition of exchange. The reopened comment period allows an opportunity for interested persons to analyze and comment on the proposed amendments in light of the supplemental information. Comments are due 30 days after publication in the Federal Register.

    “[G]iven how crypto trading platforms operate, many of them currently are exchanges, regardless of the reopening release we’re considering today,” SEC Chair Gary Gensler said. “These platforms match orders of multiple buyers and sellers of crypto securities using established, non-discretionary methods. That’s the definition of an exchange—and today, most crypto trading platforms meet it. That’s the case regardless of whether they call themselves centralized or decentralized.” He added that crypto-market investors must receive the same protections that the securities laws afford to all other markets. Commissioners Mark T. Uyeda and Hester M. Peirce voted against reopening the comment period. Uyeda cautioned against expanding the definition of an “exchange” in an “ambiguous manner,” saying it could “suppress further beneficial innovation.” Peirce also dissented, arguing that the proposal stretches the statutory definition of an “exchange” beyond a reasonable reading in an attempt to “reach a poorly defined set of activities with no evidence that investors will benefit.”

    Agency Rule-Making & Guidance Federal Issues Digital Assets Securities SEC Securities Exchange Act Decentralized Finance Blockchain Cryptocurrency Fintech

  • SEC brings charges in connection with alleged $45 million crypto fraud


    On January 4, the SEC filed a complaint in the U.S. District Court for the Eastern District of Michigan against a cryptocurrency operation and connected individuals and entities (collectively, defendants), alleging that they were involved in a fraudulent scheme that generated more than $45 million. According to the complaint, the defendants falsely claimed that investors could generate extravagant returns by investing in a blockchain technology that would be sold for trillions of dollars. More specifically, from at least 2019 to 2022, the defendants allegedly disseminated false and misleading statements to investors regarding the purported value of the blockchain technology, the parties involved in the supposed sale of the blockchain technology, and the use of investment proceeds. The complaint further alleges that the defendants collectively misappropriated millions of dollars of investor funds for personal use. These activities violated the antifraud and registration provisions of the Securities Act and Exchange Act and other requirements, according to the SEC. The SEC’s complaint seeks disgorgement plus pre-judgment interest, penalties, and permanent injunctions against all defendants, and officer and director bars against the individuals, in addition to a conduct-based injunction against one of the individuals.

    Securities SEC Enforcement Digital Assets Courts Securities Exchange Act Cryptocurrency Blockchain

  • NY passes crypto mining bill

    State Issues

    On November 22, the New York governor signed AB 7389, which establishes a moratorium on cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transaction. Among other things, the bill also establishes a section on the moratorium on air permit issuance and renewal that states that the state cannot approve a new application, or issue a new permit, for an electric generating facility that utilizes carbon-based fuel and that provides behind-the-meter electric energy consumed or utilized by cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transactions. The bill is effective immediately.

    State Issues Digital Assets State Legislation New York Cryptocurrency Climate-Related Financial Risks Blockchain

  • District Court says blockchain network’s token is a security


    On November 7, the U.S. District Court for the District of New Hampshire ruled that digital tokens sold by a blockchain network qualify as securities under the Securities Act of 1933. The SEC sued the company in 2021, claiming that by issuing the tokens, the company conducted an unregistered offering of securities. The company countered that its tokens are not securities because they are not being offered as an investment opportunity on its platform, but rather are designed to be used by content creators and users. The company also argued that the tokens are not securities because they function as “an essential component” of the company’s blockchain and that investors acquired them for use on the company’s network, rather than with the intention of holding them as an investment. Further, the company claimed that it did not receive fair notice that its token offerings are subject to securities laws.

    In determining whether the tokens are securities, the court relied on the U.S. Supreme Court’s definition of an investment contract in SEC v. W.J. Howey Co., focusing on the issue of “whether the economic realities surrounding [the company’s] offerings of [the tokens] led investors to have a ‘reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.’” According to the court, multiple statements made by the company led potential investors to reasonably expect the tokens to grow in value as the company continued to oversee the development of its network. “[P]otential investors would understand that [the company] was pitching a speculative value proposition for its digital token,” the court said, rejecting the company’s argument that it had informed some potential investors that the company was not offering its token as an investment. “[A] disclaimer cannot undo the objective economic realities of a transaction,” the court stated, adding that “[n]othing in the case law suggests that a token with both consumptive and speculative uses cannot be sold as an investment contract.” Additionally, the court explained that, while this may be the first instance where securities laws are being “used against an issuer of digital tokens that did not conduct an ICO, [the company] is in no position to claim that it did not receive fair notice that its conduct was unlawful.”

    Securities SEC Enforcement Courts Digital Assets Cryptocurrency Blockchain Securities Act

  • California governor orders state to create blockchain regulatory framework

    State Issues

    On May 4, the California governor issued an executive order calling on the state to create a transparent and consistent framework for companies operating in blockchain, cryptocurrency, and related financial technologies. This framework, the governor stated, should harmonize federal and California laws and balance innovation with consumer protection. The executive order outlined several priorities, including:

    • The framework should include input from a range of stakeholders for potential blockchain applications and ventures;
    • The Department of Financial Protection and Innovation (DFPI) should engage in a public process, including with federal agencies, to “develop a comprehensive regulatory approach to crypto assets harmonized with the direction of federal regulations and guidance” and should “exercise its authority under the California Consumer Financial Protection Law (CCFPL) to develop guidance and, as appropriate, regulatory clarity and supervision of private entities offering crypto asset-related financial products and services” in the state;
    • DFPI should publish consumer protection principles that include model disclosures, error resolution, and other criteria, and “seek input from stakeholders and licensees in order to publish guidance for California state-chartered banks and credit unions”;
    • DFPI should engage in actions to protect consumers, including initiating enforcement actions to enforce the CCFPL, enhancing its review of consumer complaints related to crypto asset-related financial products and services and working with companies to remedy such complaints, and publishing consumer education materials;
    • GovOps should issue a request for innovative ideas to explore opportunities for deploying blockchain technologies that address public-serving and emerging needs; and
    • Members of the Governor's Council for Postsecondary Education should “identify opportunities to create a research and workforce environment to power innovation in blockchain technology, including crypto assets” to “expose students to emerging opportunities.”

    The governor emphasized that while blockchain technology over the past decade “has laid the foundation for a new generation of innovation, spurring a rise in entrepreneurialism in sectors including financial technology,” among others, its impact “is both uncertain and profound” and carries risks and legal implications.

    State Issues California Digital Assets Blockchain Fintech DFPI CCFPL

  • Hsu discusses stablecoins, pushes for crypto banks

    On April 8, acting Comptroller of the Currency Michael J. Hsu discussed stablecoin policy considerations in remarks before the Institute of International Economic Law at Georgetown University Law Center. Hsu called for the establishment of an “intentional architecture” for stablecoins developed along the principles of “[s]tability, interoperability and separability,” as well as “core values” of “privacy, security, and preventing illicit finance.” According to Hsu, one way to mitigate blockchain-related risks would be to “require that blockchain-based activities, such as stablecoin issuance, be conducted in a standalone bank-chartered entity, separate from any other insured depository institution [] subsidiary and other regulated affiliates.” Hsu also emphasized the need to evaluate whether stablecoin issuers should be required “to comply with a fixed set of safety and soundness-like requirements (as is the case with banks)” or be allowed to pick from a range of licensing options.

    Additionally, Hsu raised the question about how separable stablecoin issuers should be. “Blockchain-based money holds the promise of being ‘always on,’ irreversible, programmable, and settling in real-time,” he explained. “With these benefits, however, come risks, especially if commingled with traditional banking and finance.” Specifically, Hsu cited concerns that a bank’s existing measures for managing liquidity risks associated with traditional payments “may not be effective for blockchain-based payments,” which could conceivably accumulate over a weekend and “outstrip a bank’s available liquidity resources.” Hsu also raised concerns related to the current “lack of interoperability” should stablecoins expand from trading to payments, and stressed that “[i]n the long run, interoperability between stablecoins and with the dollar—including a [central bank digital currency]—would help ensure openness and inclusion.” He added that this “would also help facilitate broader use of the U.S. dollar—not a particular corporate-backed stablecoin—as the base currency for trade and finance in a blockchain-based digital future.”

    Bank Regulatory Federal Issues Digital Assets OCC Cryptocurrency Risk Management Stablecoins Fintech CBDC Blockchain


Upcoming Events