Christine Hanley, Author at On the Chain

Posts by: Christine Hanley

FinCEN Sends Message to the Virtual Currency Industry: The Travel Rule Applies to You, Too

FinCEN Director Ken Blanco addressed this year’s Consensus Blockchain Conference on May 13, 2020. In a set of prepared remarks, Blanco recognized the unprecedented challenges that the COVID-19 pandemic has created for anti-money laundering compliance personnel, particularly in addressing virtual currency transactions. To meet those challenges and combat the increased risk of criminal exploitation of virtual currency markets, Blanco emphasized that U.S. authorities continue to expect that financial institutions comply with the “Travel Rule” – that is, the requirement to transmit certain identifying information regarding transaction counterparties to the next financial institution in the transaction chain – with respect to virtual currency transactions, among others.

Cybercriminals Have Adapted to the Pandemic – You Need to as Well

Blanco recited the principal ways in which cybercriminals have adapted to exploit vulnerabilities created by COVID-19. For example, cybercriminals have taken advantage of security vulnerabilities in remote working applications, including VPNs and remote desktop protocols, that are central to the new work-from-home paradigm. Scams intended to undermine “know your customer” processes, including deep-fake and credential-stuffing attacks, have also increased in recent months, as have scams involving virtual currency payments, extortion, ransomware, fraudulent medical products sales, and initial coin offerings. Blanco expects this illegal conduct to continue to increase during the pandemic, and he advised financial institutions to calibrate their security measures to those threats.

Blanco explained that the “entire AML community has been adapting in real time” to the COVID-19 pandemic and its economic fallout, and he urged financial institutions to stay alert for malicious or fraudulent transactions. FinCEN issued notices on March 16 and April 3 advising financial institutions of their AML obligations during the COVID-19 pandemic and provided a direct contact mechanism to report urgent COVID-19 related issues. Blanco also advised that FinCEN is publishing advisories highlighting common types of fraud, theft, and money laundering activities related to the pandemic. Orrick’s May 27, 2020 Client Alert details steps that the Financial Action Task Force (“FATF”) – the global money laundering and terrorist financing watchdog – has advised that financial institutions consider taking to ensure continued compliance with their AML obligations.

The End of an Era? Regulators Expect to Know Who Is Transacting in Virtual Currencies

Turning to his “primary theme,” Blanco stated that the United States expects financial institutions to comply with the Travel Rule – full stop. There is no exception for virtual currency transactions. The Rule requires institutions processing virtual currency transactions valued at $3,000 or more to pass on and retain certain identifying information – including names, addresses, and account numbers – of both transaction counterparties to the next financial institution in the transaction chain. Blanco praised steps taken by FATF last June to establish international standards that are consistent with the U.S. Travel Rule.

The Travel Rule’s application to virtual currency transactions has been a source of resentment for Blockchain advocates who view the technology’s unique ability to facilitate anonymous transactions as one of its most revolutionary attributes. However, others have embraced the Rule for the role it has played in legitimizing the use of virtual currencies by law-abiding, mainstream actors as a safe alternative to traditional currencies.

Blanco’s comments make clear that FinCEN is firmly in the latter camp and views the Travel Rule as a key enforcement tool to prevent the proliferation of black markets and other illicit uses of Blockchain technology. In his words, “[a]ny asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”

Blanco reported that recordkeeping violations – such as violations of the Travel Rule – are the most common violations that FinCEN’s delegated IRS examiners have found being committed by money services businesses engaged in virtual currency transmission. Nevertheless, he stated that he is optimistic about the growth of cross-sector organizations and working groups focused on improving compliance with the Travel Rule and developing complementary international standards. Blanco stressed the importance of collaboration between government, law enforcement, and private companies, both during the COVID-19 pandemic and beyond. Blanco explained that it is the shared responsibility of the public and private sectors to ensure that virtual currency “technology does not get hijacked by criminals” to become a “conduit for crime, hate, and harm.”

Help Us to Help You

Blanco closed with an invitation to the private sector to strengthen its collaboration with regulators and law enforcement to combat illegal uses of virtual currencies. Since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (“SARs”) involving virtual currency exploitation, over half of which came from the virtual currency industry. Those SARs are critical to FinCEN’s and law enforcement’s efforts to combat criminality and FinCEN’s efforts to educate industry participants about trends in illicit virtual currency use through its advisory and FinCEN Exchange programs.

Despite these efforts, Blanco explained that “[r]isks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions.” FinCEN and its delegated IRS examiners are taking a close look at the AML/CFT controls on transactions in virtual currencies, and Blanco advised his audience to consider whether their controls are adequate to fulfill their duties to maintain risk-based AML programs. Blanco explained that FinCEN is also taking seriously the rise in foreign money services businesses seeking to do business with U.S. persons or operating in the U.S. without complying with U.S. AML regulations. Put simply, “[i]f you want access to the U.S. financial system and the U.S. market, you must abide by the rules.”

They Did It for the Gram: SEC and Telegram File Dueling Expert Reports

Daniel Nathan, Christine Hanley and Sunny Hwang

The battle in federal court between the SEC and Telegram continues to progress at breakneck speed. The SEC commenced its action less than four months ago, on October 11, 2019, by seeking a temporary restraining order against Telegram Group Inc. and TON Issuer Inc. (collectively, “Telegram”). That same day, Judge Castel in the Southern District of New York granted the SEC’s TRO request and ordered expedited discovery. Months of intensive discovery ensued that culminated with both parties filing cross motions for summary judgment on January 15, 2020.

At the center of the dispute is whether issuers of digital tokens can avoid registering their sale with the SEC by issuing them pursuant to “SAFTs,” or Simple Agreements for Future Delivery. SAFTs are commercial instruments used to convey rights to digital tokens to sophisticated investors prior to the development of the functionality of the platform on which the tokens are designed to operate. Issuers usually treat SAFTs as securities and offer and sell them pursuant to the exemption from registration in Rule 506(c) of Regulation D under the Securities Act of 1933. The digital tokens are later issued pursuant to the SAFTs once the platform for which the tokens were designed to use is “fully functional.” The theory is that once use-cases exist for the tokens, they no longer constitute securities, but rather utility tokens that can be distributed as commodities or currency without being subject to regulation as securities by the SEC. The SEC action against Telegram based upon its SAFTs and intended issuance of Grams is the first litigated case to contest that theory.

According to the SEC, from January 2018 to March 2018 Telegram entered into SAFTs with sophisticated investors for the future delivery of Grams. Grams have not yet been delivered. In its TRO motion, the SEC argued that the Grams were securities at the time the SAFTs were executed and the temporal separation between the signing of the SAFTs and delivery of the Grams upon the launch of the fully functional Telegram platform (the “TON Blockchain”) is immaterial and does not change the nature of the Grams themselves. The SEC further argued that upon delivery of the Grams to the SAFT investors, those investors will be able to resell the Grams without restrictions. “Once these resales occur, Telegram will have completed its unregistered offering” for which no exemption from registration exists.

In opposition, Telegram argued that the Grams must be separately analyzed from the SAFTs under the federal securities laws. Telegram contended that the Grams are not securities because they “do not exist and may never exist.” Rather, under the SAFTs, Telegram represented that it will create and distribute Grams only upon the launch of a “fully functional TON Blockchain,” which will provide Gram’s use-cases; that is, once the TON Blockchain is launched, Grams will be able to be used for, among other things, payment for physical and digital products and services, commission paid to TON validators for processing transactions and smart contracts, voting on parameters of the protocol, and payment for services provided by third-party applications on the TON Blockchain.

The SEC is expending significant resources in this case. It recently submitted to the Court expert opinions to support its position that token sales are offerings of securities subject to its regulation. Together, these opinions are intended to buttress the SEC’s argument that Telegram’s offering satisfied the Howey test and qualified for no exemption from registration:

A financial economist at the SEC’s Division of Economic and Risk Analysis, Carmen A. Taveras, Ph.D., provided an opinion that the price at which Grams are sold increases exponentially over time and is a function of the total number of Grams in circulation. As a result, the price at which purchasers who bought Grams pursuant to the SAFTs is significantly discounted to the price at which Grams will be available for purchase by subsequent buyers. The opinion also disputed Telegram’s representation in promotional materials that it will maintain price stability following the launch of the TON Blockchain by setting up a “TON Reserve” to strategically buy and sell Grams. Taveras concluded that the TON Reserve’s ability to buy and sell Grams would likely have a limited effect on curbing sudden spikes and dips in the price of Grams.
A blockchain data scientist in private practice, Patrick B. Doody, opined that while it is reasonable for private placement purchasers to buy Grams expecting to profit by selling them in the secondary market, Grams are unlikely to attract investors seeking a “realistic currency option to buy goods and services.” Telegram’s promotional materials appealed to potential investors seeking to profit through resales, while providing short shrift to factors that would enhance Grams’ viability as a currency, including fraud prevention, theft, integration with existing banking relationships, compliance with financial regulations, and price stability such as that which can be achieved by pegging the price of Grams to a fiat currency.
An expert in the field of computer science at Brown University, Maurice P. Herlihy, Ph.D., opined that the publicly released version of the TON Blockchain code lacks critical components that would be required in a fully developed and running system, and users cannot evaluate the security and effectiveness of the TON Blockchain in its current state. Moreover, the TON Blockchain is not yet mature enough to support the suite of services described in TON public documents.

Taken together, the SEC’s experts took the position that (1) Telegram SAFT investors reasonably expected to profit from Telegram’s efforts to develop the TON Network, and (2) that the current state of the TON Network reveals it is not yet mature enough to support the suite of services promised by TON’s public documents.

Telegram also retained its own expert, Stephen McKeon, who holds a Ph.D. in management with a finance focus and a master’s degree in economics. McKeon’s expert report rebuts the SEC’s experts by opining that (1) the profit expectations of SAFT investors is independent from, and not relevant to, the expectations of purchasers following the TON Blockchain launch, and (2) that most TON Network “components are complete or nearing their completion and will be fully available to the TON blockchain users at the launch of the mainnet.”

As further evidenced by the filing of amicus briefs by the Chamber of Digital Commerce and the Blockchain Association, the stakes for the industry in this case are high.

In Case You Needed A Reminder – AML/CFT Regulations Apply to Transactions in Cryptocurrencies

Christine Hanley

Earlier this month, the leaders of the U.S. Commodity Futures Trading Commission, the Financial Crimes Enforcement Network, and the U.S. Securities and Exchange Commission released a joint statement reminding individuals engaged in transactions involving digital assets of their obligations under the Bank Secrecy Act (BSA) to guard against money laundering and counter the financing of terrorism.

Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regulations apply to all entities that the BSA defines as “financial institutions,” including futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. To comply with AML/CFT regulations, financial institutions are required to, among other things, implement anti-money laundering programs and comply with recording keeping and reporting requirements, including suspicious activity reporting (SAR) requirements.

The joint statement emphasized that AML/CFT regulations apply to financial institutions engaged in activities involving “digital assets,” including instruments that may qualify under applicable U.S. laws as securities, commodities, and security- or commodity-based instruments such as futures or swaps. Because digital assets and financial transactions in digital assets are referred to by many names – including “cryptocurrencies,” “digital tokens,” “virtual assets” and “initial coin offerings” – the regulators issuing the joint statement reminded financial institutions that commonly used labels may not necessarily align with how an asset, activity or service is defined under the BSA or under laws and rules administered by the CFTC and the SEC. The nature of the digital asset, activity or service, including underlying “facts and circumstances” and the asset’s “economic reality and use,” determines how it is regulated under federal laws and regulations.

By reminding industry participants that the nature of a digital asset and the manner in which it is used – and not industry lingo – determines how the digital asset is regulated, the CFTC, FinCEN and the SEC signaled that they are adopting the same framework courts already use to determine how to classify other types of assets under the federal securities laws. The joint statement indicates that regulators are continuing to take steps toward applying existing federal securities laws and regulations to digital currencies.

SEC/FINRA Joint Statement on Digital Asset Securities Does Not Address Regulatory Log Jam

Christine Hanley

Last week, the Staffs of the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) (collectively, the Staffs) released a Joint Statement concerning the application of the SEC’s Customer Protection Rule and other federal laws and regulations to transactions in digital asset securities. The Joint Statement is the result of months of dialogue among the Staffs and industry participants regarding the practical application of the federal securities laws to emerging digital technologies. Nonetheless, it gives no indication as to when FINRA expects to begin working down its backlog of applications from broker-dealers seeking to facilitate markets in digital asset securities.

The Customer Protection Rule

The Joint Statement primarily addresses the application of SEC Rule 15c3-3, the Customer Protection Rule, to federally registered broker-dealers taking custody over their customers’ digital asset securities. The Customer Protection Rule requires broker-dealers to segregate customer assets in specially protected accounts, thereby increasing the likelihood that customers will be able to withdraw their assets even if the broker-dealer becomes insolvent. To comply with the rule, broker-dealers must either physically hold customers’ fully paid and excess margin securities or deposit them at the Depository Trust Company, a clearing bank, or other “good control location” free of any liens or encumberments. This infrastructure additionally protects customers by allowing mistaken or unauthorized transactions to be reversed or canceled.

While the Customer Protection Rule applies to both traditional and digital asset securities, the Staffs advised that broker-dealers taking custody over digital asset securities may need to take additional precautions to respond to unique risks presented by these emerging technologies. For instance, there may be greater risk that a broker-dealer maintaining custody of digital asset securities could become the victim of fraud or theft or could lose the “private key” required to transfer a client’s digital asset securities. Further, another party could hold a copy of the private key without the broker-dealer’s knowledge and transfer the digital asset security without the broker-dealer’s consent. The Staffs noted that an estimated $1.7 billion worth of digital assets was stolen in 2018, of which approximately $950 million resulted from cyberattacks on bitcoin trading platforms. These risks could cause customers to suffer losses and create liabilities for the broker-dealer and its creditors.

The Staffs noted that broker-dealer activities that do not involve custody functions do not trigger the Customer Protection Rule. Examples of such activities include the facilitation of bilateral transactions between buyers and sellers similar to traditional private placements or “over the counter” secondary market transactions. These transactions do not “raise the same level of concern among the Staffs” as do transactions in which the broker-dealer assumes custody over the securities.

Other Federal Regulations

The Staffs advised broker-dealers to consider how distributed ledger technology may impact their ability to comply with broker-dealer recordkeeping and reporting rules. Because transactions in digital asset securities are recorded on distributed ledgers such as blockchains rather than traditional ledgers, broker-dealers may find it more difficult to evidence the existence of these digital asset securities on financial statements and to provide sufficient detail about these assets to independent auditors.

Finally, the Staffs discussed the application of the Securities Investor Protection Act (SIPA) to broker-dealers exercising custody over digital assets. In the event a broker-dealer is liquidated, SIPA gives securities customers first-priority claims to securities and cash deposited with the broker-dealer. However, the Joint Statement notes that SIPA’s definition of “security” is different than the federal securities laws definitions. For example, the definition in SIPA of “security” excludes an investment contract or interest that is not the subject of a registration statement with the Commission pursuant to the provisions of the Securities Act of 1933. Consequently, customers whose digital assets are subject to the Customer Protection Rule and other federal regulations may only have an unsecured general creditor claim against their broker-dealer’s estate in the event their broker-dealer fails. The Staffs found that such outcomes are likely inconsistent with the expectations of investors in digital assets that do not qualify for SIPA protection.

Waiting Game

Absent from the Joint Statement is a clear answer to the question at the forefront of many industry participants’ minds: When will FINRA begin approving the dozens of applications of existing broker-dealers and new registrants seeking authority to offer a variety of custodial and non-custodial services with respect to digital assets? Applicants seeking to engage only in non-custodial activities, such as market-making, may be encouraged that the Staffs have indicated that those activities pose the least concern to federal regulators, and, presumptively, may be more readily approved. Nonetheless, the Staffs have given no indication that FINRA will prioritize processing applications seeking authority to provide only non-custodial services currently in its backlog, or when such applications will once again be approved.

Meanwhile, the Joint Statement underscores that considerable uncertainty remains regarding the application of existing laws and regulations to broker-dealer activities involving the custody of digital assets. While the Staffs invite broker-dealers and other industry participants to continue to engage with federal regulators to develop workable methodologies for securely carrying customers’ digital assets, industry participants hoping to get a firm answer as to when secondary market trading in digital asset securities will gain federal regulators’ seal of approval will have to keep waiting.

NY AG Accuses Bitfinex and Tether of Covering Up $851 Million Loss in Investor Funds

Blake Ilstrup and Christine Hanley

On April 25, 2019, New York’s Attorney General secured a preliminary injunction against Bitfinex, a cryptocurrency trading platform, and Tether, the company behind tether (USDT), one of the world’s most popular cryptocurrencies. In papers filed with the court last Wednesday, the state AG accused the companies of misleading investors about their financial well-being while using Tether’s bank account to prop up Bitfinex with $700 million in undisclosed loans. The injunction requires Bitfinex and Tether to temporarily cease drawing down Tether’s cash reserves and to turn over detailed information about their finances and client accounts to the state AG as it investigates them for financial fraud.

As we have discussed in previous blog posts, courts and regulators have determined that some virtual currencies are securities or commodities that are subject to state and federal laws and regulations. Last week’s developments serve as a reminder to cryptocurrency exchanges and token distributors alike that they may be subject to the laws and regulations of any jurisdiction in which they operate. In this case, although Bitfinex purportedly no longer permits U.S. traders to use its platform and is not a licensed exchange in New York, the state AG’s office argued that it and Tether are subject to New York law because some New York residents still use the platform, just as some New York residents own USDT. The companies’ connections to New York subject them to scrutiny under the Martin Act, New York’s powerful “blue sky” securities law that gives the state AG the authority to investigate and prosecute securities fraud regardless of fraudulent intent.

In papers submitted to the court, New York’s AG alleged that Bitfinex dipped into Tether’s cash holdings to prop itself up after $851 million was seized from one of its bank accounts. Bitfinex had deposited the cash with an entity called Crypto Capital Corp., who was engaged by Bitfinex to process its clients’ withdrawals. In late 2018, Crypto Capital reported to Bitfinex that it could no longer process withdrawals or return Bitfinex’s funds to it because they had been seized by authorities in Portugal, Poland, and the U.S. To cover up the loss, Bitfinex allegedly caused Tether to extend it a $900 million line of credit, of which Bitfinex has accessed approximately $700 million. Neither Bitfinex nor Tether publicly disclosed these transactions. The state AG alleges that Bitfinex was able to borrow the funds from Tether because the two companies are operated by the same individuals and share the same parent company.

The New York AG has accused Bitfinex and Tether of misleading investors about the security of their investments and of engaging in self-dealing by causing Tether to transfer hundreds of millions of dollars to Bitfinex, taking on enormous amounts of risk without receiving anything of value in return. Tether has long represented that it holds one U.S. dollar in reserve for each of the 2.6 billion outstanding USDT, and that holders of USDT can redeem them at any time for U.S. dollars at a rate of one USDT to one U.S. dollar. Although Tether has recently disclosed that outstanding USDT may be backed by “other assets and receivables” in addition to U.S. dollars, the state AG is investigating, among other questions, whether Tether’s transactions with Bitfinex have rendered Tether’s public statements misleading. The New York AG has also accused the companies of misleading state investigators by purporting to cooperate in the AG’s investigation while secretly transferring funds from Tether to Bitfinex.

Bitfinex responded on Friday with a forcefully worded denial of the allegations brought against it and Tether and reiterated that the companies “are financially strong – full stop.”

Although the New York AG has stated that it does not want its investigation to harm Tether investors or Bitfinex clients, it’s possible that information revealed during the investigation could affect confidence in the companies or in cryptocurrency markets generally. Bitcoin’s price fell seven percent immediately following the announcement of the AG’s investigation on Thursday, perhaps providing a window into the volatility that will come if Bitfinex’s assurances that it and Tether are financially sound are found to be misleading.