What started out as a scholarly review of current U.S. regulatory oversight of the digital asset space soon took on a life of its own.
Our team − partner Peter Malyshev and counsel Michael Ena − found that the burst of digital activity has forced U.S. regulatory agencies into overdrive to keep up with all the market activity. But what agencies have responsibility for what activities? And, in addition to setting regulatory policy, how are they actually enforcing both existing and new guidelines? And, at the core, what is the right balance between regulatory policy and enforcement?
In the first of our two-part “In Depth” article, Peter and Michael examine questions around jurisdiction for the digital asset space. Next week, their attention will turn toward enforcement activities − what’s currently happening and what we can expect to see in the months to come.
There’s more to read this week, including a look at an announcement from five U.S. regulatory agencies on “assessing customer relationships and conducting customer due diligence.”
Feel free to drop us a note on this week’s issue of Cabinet News and Views or other topics of interest. We’d love to hear from you.
Daniel Meade and Michael Sholem
Co-Editors, Cabinet News and Views
On July 6, five federal agencies − the Board of Governors of the Federal Reserve System (“FRB”), Federal Deposit Insurance Corporation (“FDIC”), Financial Crimes Enforcement Network (“FinCEN”), National Credit Union Administration (“NCUA”), and Office of the Comptroller of the Currency (“OCC”), collectively, the “Agencies” − issued a Joint Statement on the Risk-Based Approach to Assessing Customer Relationships and Conducting Customer Due Diligence to “remind [banks, thrifts, credit unions and other covered institutions] of the risk-based approach to assessing customer relationships and conducting customer due diligence (CDD).”
In the Statement, the Agencies reinforced their view that no particular customer type should be viewed as presenting a single level of uniform money laundering, terrorist financing or other illicit financing risk. Thus, the Agencies reiterated that they “continue to encourage banks to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers.”
The Agencies also reiterated that appropriate risk-based CDD procedures should “enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”
The Agencies also noted that the discussion of particular customer types in the FFIEC BSA/AML Examination Manual should not be read as an indication that banks should avoid large categories of customers or view them as uniformly higher risk, but rather it is meant as guidance to examiners conducting assessments of a bank’s compliance with the Bank Secrecy Act.
On July 4, the UK’s Financial Conduct Authority (“FCA”) updated the “next steps” section on its webpage on the discussion paper on Sustainability Disclosure Requirements and investment labels (DP21/4). In its discussion paper, the FCA sought feedback on the Sustainability Disclosure Requirements for asset managers and certain FCA-regulated asset owners, together with views on a proposed labelling system for sustainable investment products. The deadline for stakeholders to submit a response was in January 2022.
The FCA has updated its “next steps” to indicate that it now intends to consult on its proposed policies in this area in Autumn 2022 rather than, as originally suggested, during Q2 2022. The FCA will use the feedback to its discussion paper to help inform the development of the proposals. The FCA wants to use the additional time to take account of international policy initiatives and to ensure that stakeholders also have sufficient time to consider the issues.
As more market participants, from retail consumers to major financial institutions and central banks of various countries, become active in the digital asset space, the U.S. regulators are ramping up their oversight activity related to digital assets. In the absence of a consistent and comprehensive legislative framework for digital assets, federal and state regulators, operating within their mandates, attempt to fill that void by asserting their jurisdiction over digital assets through public policy statements, enforcement actions and investigations. A major part of the current regulatory actions by various government agencies is conducted through prosecution of unlawful activity. As a result, there is a lack of clear guidance on how transactions in digital assets can be conducted lawfully. Meanwhile, the question of which federal regulator will be primarily responsible for overseeing digital asset activities remains open.
In the first of our two-part “In Depth” article, we will examine jurisdiction of federal and state regulators in the digital asset space and congressional initiatives aimed at creating a federal-level framework for their regulation.
CFTC’s Jurisdiction
The Commodity Futures Trading Commission (the “CFTC”) has two levels of jurisdiction: (a) a broad non-exclusive enforcement jurisdiction over interstate transactions in “commodities,” and (b) an exclusive regulatory authority over the U.S. commodity derivatives markets (including futures, swaps, and certain types of options). These transactions are subject to CFTC’s regulation which prescribes who can trade certain derivatives, where, how and under what conditions and provides a set of rules for the orderly operation of commodity derivatives markets. The National Futures Association (“NFA”), a self-regulatory organization, registers and regulates market intermediaries. The Dodd-Frank Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 amended the CEA to provide to the CFTC additional authority to regulate over the counter (“OTC”) markets in swaps and options, which regulations apply in equal measure to OTC derivative transactions involving digital assets. Specifically, only eligible contract participants (“ECP”) may trade swaps on cryptocurrency unless these swaps are traded on a registered exchange.
In addition to regulating exchange markets or professional markets, the CFTC also regulates “retail” commodity markets. Section 2(c)(2)(D) of the Commodity Exchange Act (the “CEA”) makes commodity transactions entered into with, or offered to, a person that is not an ECP on a leveraged, margined or financed basis (referred to in the statute as “retail commodity transactions”) subject to enumerated provisions of the CEA, including on-exchange trading and broker registration requirements applicable to fully-regulated futures contracts. Under a very narrow exception, contracts of sale of a commodity that result in “actual delivery” of such commodity within 28 days from the date of the transaction, or that create an enforceable obligation to deliver the commodity between a seller and a buyer that have the ability to deliver and accept delivery in connection with their respective lines of business − excepted from most of CFTC regulations.
As noted, the CFTC shares it general enforcement authority for fraud and market manipulation in the commodity spot markets underlying the derivatives market with other regulators, such as the SEC, the FERC, or U.S. Prudential Regulators. Therefore, in the absence of leverage, margining, or financing, spot commodity trades would generally be outside of the CFTC’s exclusive jurisdiction. Even though the CEA includes the federal preemption for commodity derivatives, State anti-fraud and bucket shop laws would still apply to spot and non-derivative transactions in commodities.
Even though digital assets and cryptocurrency are not included in the definition of “commodity” in the CEA, and currently there is no formal process for designating new assets as “commodities” subject to CFTC’s regulation, in a September 17, 2015 settlement order, the CFTC expressed its view that Bitcoin and other virtual currencies are commodities under the CEA, and, therefore, are subject to the CFTC’s enforcement authority for fraud and market manipulation. That position was upheld in 2018 by a decision of the U.S. District Court for the Eastern District of New York in Commodity Futures Trading Commission v. McDonnell. However, in that decision, the court also pointed out that federal agencies may have concurrent or overlapping jurisdiction over a particular issue or area, such as virtual currencies. Nevertheless, the CFTC continues to pursue a full regulatory authority over the spot market for digital assets. On May 11, 2022, in his keynote address at the International Swaps and Derivatives Association’s annual meeting in Madrid, the CFTC chairman Rostin Behnam stated, “I will continue advocating for and supporting legislative authority for the CFTC to develop a regulatory framework for the cash digital asset commodity market.”
SEC’s Jurisdiction
The Securities and Exchange Commission (the “SEC”) has an exclusive jurisdiction over U.S. public securities markets and financial reporting of public companies. Unlike the CFTC, the SEC has exclusive enforcement and regulatory jurisdiction with respect to all transactions in securities, be these in spot markets or a derivatives.
In his remarks before at the International Swaps and Derivatives Association annual meeting in Madrid on May 11, 2022, the SEC chairman Gary Gensler confirmed the SEC’s position that only some digital tokens might be commodities, while most of them involve a group of entrepreneurs raising money from the public in anticipation of profits, and therefore, these instruments would meet the definition of an investment contract under the Supreme Court’s Howey Test and fall under the SEC’s jurisdiction.
Further, if a swap references a digital asset that is a security, it is a security-based swap that is subject to the SEC regulation and must only be entered into between ECPs. Thus, the SEC intends to register and regulate all platforms, whether in the decentralized or centralized finance space, which offer digital assets that the SEC considers to be securities as well as security-based swaps referencing those assets. In addition, as with the CFTC, transactions involving retail participants are afforded a much greater scrutiny, and an offering of digital asset securities to retail market participants must be registered under the Securities Act of 1933 and subject to regulatory disclosures.
Prudential Regulators
Prudential regulators, like other financial services regulators, recognize that the growing links between traditional financial institution with the digital asset market may present a threat to global financial stability. Unlike the CFTC and the SEC, however, prudential regulators are still working on appropriate regulatory supervision of banking organizations’ activities relating to digital assets. In November 2021, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency issued their “Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps” where they described their plans as follows:
“Throughout 2022, the agencies plan to provide greater clarity on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible, and expectations for safety and soundness, consumer protection, and compliance with existing laws and regulations related to:
The agencies also will evaluate the application of bank capital and liquidity standards to crypto-assets for activities involving U.S. banking organizations and will continue to engage with the Basel Committee on Banking Supervision on its consultative process in this area.”
In furtherance of the goals outlined in the statement, on April 7, 2022, FDIC issued a letter that requires all FDIC-supervised banking organizations that are engaged or intend to engage in activities involving or relating to digital assets to notify FDIC and provide required information.
One of the central concerns of prudential regulators is addressing the risks relating to stablecoins. The recent implosion of the Luna and Terra stablecoins underscores the importance of enacting appropriate regulation of stablecoin issuers. Michael Hsu, the Acting Comptroller of the Currency, recently presented his “Thoughts on the Architecture of Stablecoins” before the Institute of International Economic Law at Georgetown University Law Center where he argued for a single banking-style regulation of blockchain-based activities, including stablecoin issuance and stablecoin-based payments. In his view, this approach would provide a better safeguards against implosion of risky issuers that may cause a chain reaction across their peers in the digital asset market.
State Jurisdiction
The growing interest in digital assets and a lack of a comprehensive federal-level framework for their regulation prompted a number of state legislative and executive branches of government to take legislative and enforcement actions.
Many states require businesses that engage in transmission of virtual currencies obtain money transmission licenses. In addition, or instead of requiring money transmission licenses, some states have enacted separate laws to require licensing of virtual currency business activity in the state. For example, in New York, engaging into any virtual currency business activity in addition to a money transmission license, generally requires a “BitLicense” from the New York’s Department of Financial Services, obtaining which proved to be a very lengthy, time-consuming and expensive process.
Some states used a different approach. For example, in Wyoming, “[b]uying, selling, issuing, or taking custody of payment instruments in the form of virtual currency or receiving virtual currency for transmission to a location within or outside the United States by any means” is exempt from licensing as money transmission. On April 21, 2021, the State of Wyoming enacted the Wyoming Decentralized Autonomous Organization Supplement the Wyoming Limited Liability Company Act that provides a legal framework for formation and existence of decentralized autonomous organizations (“DAOs”) in the state, makes it clear that members of a DAO are not personally liable for its debts and liabilities and requires DAOs to continuously maintain a registered agent in the state. Generally, DAOs are intended to be entities that handle digital assets and implement certain actions through the use of blockchain technology and smart contracts. The articles of organization of a DAO may define it as either a member managed or an algorithmically managed. Accordingly, management of a DAO may be vested in its members, if member managed, or a smart contract, if algorithmically managed, unless otherwise provided in its articles of organization or operating agreement. Formation of algorithmically managed DAOs is allowed if the underlying smart contracts are able to be updated, modified or otherwise upgraded. DAOs do not have obligations to furnish any information concerning their, financial condition or other circumstances to the extent the information is available on an open blockchain.
California Governor Gavin Newsom also used a different approach. On May 4, 2022, he signed Executive Order N-9-22 (EO) intended to bolster responsible development of digital asset technology and protect consumers in California by engaging with stakeholders and encouraging regulatory clarity.
Congressional initiatives
Recognition of the importance of digital assets for the financial system and risks they present led to a number of recent legislative initiatives in the U.S. Congress and Senate intended to address certain aspects of the issuance and use of digital assets or to provide a more comprehensive regulatory framework for blockchain-based digital asset activities.
On April 6, 2022, Senator Pat Toomey released a draft of the “Stablecoin Transparency of Reserves and Uniform Safe Transactions Act.” The proposed bill introduces a definition of “payment stablecoin” that must be redeemable for fiat currency and requires issuers of payment stablecoins to operate in one of the three separate licensing regimes, (i) as a state-licensed stablecoin issuer, (ii) as a national limited payment stablecoin issuer (a new licensing regime introduces by the bill), or (iii) as an insured depository institution within the meaning of the Federal Deposit Insurance Act.
On May 26, 2022, Senators Tom Cotton, Mike Braun, and Marco Rubio introduced the “Defending Americans from Authoritarian Digital Currencies Act” that would prohibit persons that own or control app stores in the United States from supporting or enabling transactions in digital yuan or carrying or supporting any apps that support or enable transactions in China’s digital yuan, a digital currency payment system operated by the Government of the People’s Republic of China. The bill is intended to address concerns that the use of digital yuan would enable China to infiltrate the U.S. financial system and has a potential for facilitating illicit money flows.
On June 7, 2022, Wyoming Senator Cynthia Lummis and New York Senator Kirsten Gillibrand introduced the “Responsible Financial Innovation Act” that is intended to provide a complete regulatory framework for digital assets. The bill creates a set of definitions for digital assets and a standard for determining which types of digital assets are commodities and which types are securities. It assigns regulatory authority over spot markets for digital assets to the CFTC, defines requirements for stablecoins, imposes disclosure requirements on digital asset service providers, creates a taxation structure for digital assets and addresses the need for additional studies of various issues relating to the use and regulation of digital assets.
Conclusion
As the volume of transactions involving digital assets increases, as well as the volume of fraud and the resulting market losses of U.S. customers investing in these assets, the consensus is emerging in Washington that the market in digital assets has developed beyond the point of a mere oddity and it is imperative to amend existing regulations that are not fully equipped to regulate these markets. U.S. Federal regulators and courts can only do so much without Congressional action. It is expected that additional bills will be introduced in the near future both in the Senate and the House and eventually a bipartisan legislation will be finalized to delineate U.S. Federal regulators’ respective jurisdictional reach over spot and derivative markets in digital assets. Next week, we will take a closer look at recent enforcement actions undertaken by federal and state regulators in the digital asset space.