Regulatory and enforcement activity has been brisk since nine federal agencies issued a “Comprehensive Framework for Responsible Development of Digital Assets” in response to President Biden’s Executive Order to collaborate on a “whole of government approach.” As previously described, the Framework has done little to affect what federal agencies were already doing: asserting their jurisdictions, monitoring investor-related and market risks, and aggressively applying and enforcing rules on illicit finance and compliance violations.
The intensity is up. There are many voices across the spectrum competing for attention – a consequence of many factors, among them (i) the current and dramatic volatility in the digital asset markets that included losses estimated at $2 trillion in market value over the last year, (ii) the unfolding bankruptcy of crypto exchange FTX, (iii) state actors (both legislators and regulators) seeking to fill the void created by the lengthy federal deliberative process, and (iv) a national election, which has implications for both administrative and legislative developments on crypto.
The following topics are some of the latest regulatory and enforcement developments on our radar right now.
FSOC Reports on Crypto Risk and Regulation
In an October Report on digital asset financial stability risks and regulation, the Financial Stability Oversight Council (“FSOC”) identified gaps in the regulation of crypto asset activities. The FSOC membership includes the heads of Treasury, the Federal Reserve, OCC, CFPB, SEC, and CFTC as well as advisors that include a designated state insurance commissioner, a designated state banking supervisor, and a designated state securities commissioner. In the report, FSOC recognized that the existing regulatory system covers large parts of the crypto asset ecosystem, but then identified three gaps in that regulation.
First, the report found that “crypto-asset businesses do not have a consistent or comprehensive regulatory framework and can engage in regulatory arbitrage.” The Council stated that some of the businesses have affiliates or subsidiaries that may operate under different regulatory frameworks. The identified risk was that no one regulator would have visibility into the risks across the entire business. Second, FSOC found that “the spot markets for crypto-assets that are not securities are subject to limited direct federal regulation;” and would not be subject to regulations to “ensure orderly and transparent trading [or] prevent conflicts of interest and market manipulation.”
Third, FSOC questioned whether “vertically integrated market structures can or should be accommodated under existing law.” FSOC stated its concern that retail investors could be exposed to risky practices used by such trading platforms (for example, “automated liquidation”).
In an effort to address the gaps, the Council made recommendations to (i) enact legislation that would strengthen member agencies rulemaking authority over the spot market for crypto assets that are not securities; (ii) address regulatory arbitrage (including legislation on stable coins) and provide agencies with the authority to oversee the activities of all crypto asset entities; and (iii) bolster member agencies capacities related to crypto asset data and expertise.
CFPB Reviews Consumer Crypto Complaints
In a November report, the CFPB analyzed more than 8,300 consumer complaints for crypto assets covering the period between 2018 through 2022. The CFPB described how crypto is increasingly marketed to consumers and incorporated in financial products such as credit cards, debit cards, prepaid cards (offering crypto “rewards”) and various other product offerings on crypto payment platforms. The CFPB said that the rate of complaints increased over those years with the greatest number coming from California. The agency reported that crypto complaints and fraud reports have increased at other federal agencies, citing the SEC, which received 23,000 tips, complaints, and referrals since 2019 and the FTC, which reported a sixty-fold increase over the amount of crypto asset losses since 2018.
The CFPB found fraud (more than 50 percent of all complaints) to be the top issue, with a large number related to scams inducing consumers to turn over account access. Schemes cited include: romance scams (accounting for the highest individual reported losses), “pig butchering” (fraudsters posing as financial successes and “coaching victims through setting up crypto asset accounts,” and scams involving social media influencers that lure in victims. The CFPB also highlighted transaction issues that made up about 25 percent of the complaints. Schemes cited included: “SIM swap” hacking, which allows fraudsters “to intercept SMS messages to exploit two-factor authentication,” phishing attacks, and other social engineering hacks. The CFPB highlighted complaints against platform exchanges, as well with customers raising account access issues, liquidation policy issues, customer service issues, and unexpected fees and other costs.
Treasury Requests Comment on Digital Asset Illicit Finance
In late September, the Treasury Department asked for input on digital-asset-related illicit finance risks as part of its response to the Executive Order and Framework (previously mentioned). Among the subjects included in the Request for Comment were general questions on a broad range of topics, including the scope of illicit financing risks associated with digital assets; how technological innovation might present new risks or mitigate existing ones; how to “more effectively deter, detect, and disrupt the misuse of digital assets;” the relevancy of existing AML/CFT regulatory obligations or additional alternative obligations that should be imposed; and how to improve state-state and state-federal coordination for AML/CFT regulation and supervision. SIFMA, in a notable response, argued that banks and broker-dealers have the experience and know-how to effectively monitor the use of digital assets and that they are in the best position to take advantage of new technologies to manage illicit financing risks. SIFMA highlighted that AML regulations over money transfer transactions are effectuated by these intermediaries and with some modification can apply to all digital transactions. SIFMA cited emerging distributed ledger technologies as potentially helping manage illicit finance risks through tracking customer and transaction data.
Enforcement Activity Ramps Up
Federal agencies have zoomed in on pursuing enforcement actions involving crypto assets. The CFTC issued its annual enforcement results that highlighted 18 actions involving digital assets, [which] represents “more than 20% of all actions filed during FY 2022.” The CFTC-cited examples where that it charged (i) a digital asset exchange with illegally offering futures transactions on its unregistered platform, with attempting to manipulate the price of its native token and for failing to implement a Customer Identification and Anti-Money Laundering program; (ii) a registered entity with making false or misleading statements of material facts during an evaluation of the potential self-certification of a bitcoin futures contract; (iii) an unregistered software company for illegally offering leveraged and margined retail commodity transactions in digital assets and for failing to adopt a customer identification program as part of a Bank Secrecy Act (BSA) compliance program.
The SEC issued its own enforcement report which noted developments in the crypto asset securities space. The report stated that in May, 2022, the SEC doubled the size of the staff dedicated to a group it renamed the Crypto Assets and Cyber Unit. The SEC highlighted three cases – the first against a lending platform for failing to register a retail crypto product. This type of case continues to reflect the agency’s ongoing contention that crypto assets are securities under the legal Howey test. A recent decision handed down by a U.S. District Court determined that tokens sold by digital asset company LBRY were securities requiring registration with SEC because the offerings of LBC tokens led investors to have “a reasonable expectation of profits derived from the entrepreneurial or managerial efforts of others.” The SEC Report also highlighted an enforcement action against individuals in a fraudulent crypto-ponzi scheme, and an insider-trading case against individuals touting crypto assets about to be offered on a crypto trading platform.
In addition, FINRA recently announced a targeted examination on crypto assets. In letters sent to targeted firms, FINRA stated that it will be examining retail communications concerning a firm or its affiliates’ crypto assets, or services involving a transaction or a holding of a crypto asset. The examinations will focus on the period July 1, 2022 through September 30, 2022.
Notable Recent Crypto Enforcement Actions: Virtual Currency Exchange
The Treasury’s Office of Foreign Assets Control (“OFAC”) and FinCEN settled actions against Bittrex, Inc., a virtual currency exchange based in Bellevue, Washington. The cases represented the largest actions against a virtual currency company and the first parallel enforcement action by OFAC and FinCEN. The agencies found “willful violations” of sanctions compliance programs and BSA/AML risk-based compliance control requirements, including SARs reporting and transaction monitoring failures. Bittrex agreed to settle with OFAC its potential civil liability for 116,421 violations of sanctions programs for $24,280,829.20. It agreed to settle with FinCEN for $29,280,829.20 for violations of the BSA and FinCEN’s implementing regulations.
Virtual Currency Mixer
Back in August, OFAC sanctioned Tornado Cash, a virtual currency mixer that was accused of laundering more than $7 billion worth of virtual currency since 2019. The virtual currency mixer is a decentralized technology (“DeFi”) protocol designed to increase the privacy of its users and operated through smart contracts on the Ethereum blockchain. OFAC alleged that the protocol facilitated illegal and anonymous transactions “by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin.” According to OFAC, the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”
The decision to designate the protocol remains controversial. On October 12, 2022, Coin Center, a non-profit advocacy group focusing on cryptocurrency and decentralized technologies, sued the Treasury Department and OFAC over sanctioning Tornado Cash, claiming that the decision to do so was unlawful, was arbitrary and capricious, and that it violated the constitutional right to privacy. Coin Center argued that OFAC did not have the authority to sanction “an idea, a tool or a technology.”
In lieu of a comprehensive plan across all government sectors on digital assets, policy debates are playing out through regulatory and enforcement activity. The President’s efforts to create such a plan are made ever more difficult by the current market conditions including the recent bankruptcy of the FT crypto exchange, the speed of technological developments, and the hardening of the positions of the agencies – each elbowing the other for a share of the oversight (as the FSOC risk report suggests.)
The nine individual reports that make up the Framework served to articulate the core issues and national interests at stake. The recent activity highlighted above – the reports, Treasury’s request for information, the enforcement determinations – activity that does not even cover state or federal legislative efforts (more on that to come) – are generating momentum that serves the status quo. Such evidence, whether it’s the latest tallying of consumer complaints or the jurisprudence being developed in the name of investor protection or national security or combatting illicit finance, will be of continued use in bolstering or tweaking existing positions. All of it may or may not be affected by the results of the election. In the interim, Bates will continue to monitor developments.
Bates Group has been a trusted partner to our non-banking financial institutions and financial services clients and their counsel for over 40 years, delivering superior quality and results on a cost-effective basis. With a full professional staff and a roster of over 175 financial industry and regulatory compliance experts, Bates offers services in AML and compliance, regulatory enforcement and internal investigations, litigation consultation and testimony, forensic accounting, damages, and big data consulting.
Bates Group’s MSB, FinTech and Cryptocurrency team provides a full suite of Bank Secrecy Act, Anti-Money Laundering and Office of Foreign Assets Control (BSA/AML/OFAC) compliance consulting services, state money transmitter licensing acquisition and maintenance support, independent reviews, and corporate compliance training.