Read full biography at www.orrick.com

Posts by: Daniel Forester

Crypto Regulation Marches On With Potential Consequences for Trading Systems

A flurry of recent activity has reinforced the SEC’s commitment to regulate crypto assets, including trading systems that trade crypto asset securities.

WHAT HAPPENED?

The SEC shared additional information in April 2023 on whether and how its proposal to expand the definition of “exchange” would affect trading systems for crypto asset securities. The SEC initially issued the proposal in January 2022. This revised proposal responds to comments the agency received requesting clarity on the application of existing rules and the proposal related to crypto asset security trading platforms that meet the proposed definition of an exchange or trading systems that use distributed ledger or blockchain technology, including DeFi systems.

WHAT DOES IT MEAN?

If the proposals take effect, they may require many crypto asset security trading platforms to register as national securities exchanges or as broker-dealers that must comply with Regulation ATS, which governs alternative trading systems. As currently drafted in the proposal, this would include decentralized exchanges operating on order book or automated-market-maker models.

WHAT DOES THE PROPOSAL SAY?

Current regulations say that a trading system must bring together “orders” to qualify as an exchange. The proposal would categorize a trading system as an exchange if it brings together “trading interest.”

Also, the rule now says an exchange must have “established, non-discretionary methods … under which such orders interact with each other, and the buyers and sellers entering such orders agree to the terms of a trade.” The SEC’s proposal would require only that an exchange include “communication protocols” for the interaction of trading interest.

WHAT’S THE CONTEXT?

When the SEC shared additional information on how expanding the definition of “exchange” could affect trading systems, it was just the latest of several signs of the SEC’s stance on regulating crypto assets.

  • SEC Chair Gary Gensler said in a statement that “many crypto trading platforms already come under the current definition of an exchange and thus have an existing duty to comply with the securities laws.”
  • In a statement at a House Financial Services Committee hearing on SEC oversight, Chair Gensler also reiterated his view that, “given that most crypto tokens are securities, it follows that many crypto intermediaries are transacting in securities and have to register with the SEC.”
  • The hearing also touched on the SEC’s proposed $2.15 billion budget for fiscal year 2023, which represents an increase of almost $240 million to what it sought in fiscal year 2022. Notably, fintech accounted for half of the six key areas identified in its budget justification, including goals to:
    • prevent fraud concerning crypto assets.
    • ensure crypto assets register and comply with securities laws where appropriate.
    • craft the right regulatory and enforcement approach to fintech startups.

The SEC’s focus on enforcement of crypto matters does not appear to be slowing. Its Crypto Asset and Cyber Unit was initially envisioned as a 20-person operation but has doubled in size. Moreover, just a few weeks ago, the SEC also shared job postings for additional positions in the unit.

CFPB Makes an Entrance: Crypto Products Targeted

Ending doubts regarding its interest in the space, the Consumer Financial Protection Bureau (CFPB) has for the first time publicly acknowledged its investigation of a crypto company — and it’s likely a sign of things to come.

The agency hinted at increased enforcement in a summary of consumer crypto complaints in November 2022. The CFPB acknowledged an investigation for the first time that same month, when it published a decision in the case.

Crypto companies with direct-to-consumer products should take note — and consider steps to mitigate risk.

What Happened?

The CFPB sent a Civil Investigative Demand (CID) for testimony in December 2021 to Nexo, a cryptocurrency platform that offers an earned-interest product and lets customers make deposits.

The CID focused on whether Nexo made “false or misleading representations to consumers” about its safeguards used to protect crypto assets. The CFPB also stated that the investigation included potential violations of the Electronic Funds Transfer Act, confirming its view that the law applies to crypto assets.

Nexo filed a petition to set aside or modify the CID. It argued that the SEC views interest-bearing crypto accounts as securities that are subject to SEC regulation and exempt from CFPB jurisdiction.

CFPB Director Rohit Chopra denied the petition. He noted that Nexo had been unwilling to fully concede that its product was a security subject to SEC regulation and that “it [was] too early to tell whether Nexo … was required to be registered with the SEC,” and exempt from the CFPB’s jurisdiction.

Since then, Nexo announced it had made “the regrettable but necessary decision” to phase out its products and services in the U.S. after “inconsistent and changing positions among state and federal regulators.”

What does this mean?

Though this is the first publicly identified CFPB crypto investigation, there are likely more on its docket.

This matter also reveals that CFPB crypto investigations have been ongoing since at least the fourth quarter of 2021. Less than two weeks before issuing the Nexo decision, the CFPB issued a Crypto-asset Complaint Bulletin. The CFPB typically uses these bulletins to notify a market of its plans to address certain types of consumer harm. Three top crypto complaint themes likely to trigger CFPB interest include:

  1. Fraud: 40% of consumer complaints in the bulletin were a result of having been victimized by fraudulent activity or scams in the crypto ecosystem.
  2. Access to Funds: Many consumers reported struggling to access their funds due to issues with crypto platforms and the freezing of funds before filing for bankruptcy protection.
  3. Poor Customer Service: A major issue cited in the complaint bulletin was the inherent lack of customer service provided to consumers in the crypto market. Consumers described company customer service as non-responsive or non-existent. The CFPB launched an initiative to improve customer service this year with Director Chopra’s stated goal “to ensure the legally enshrined right to obtain basic customer service.”

Looking Forward

We expect increased enforcement action aimed at addressing the themes in the Crypto-asset Complaint Bulletin. Crypto companies that have not affirmatively subjected themselves to SEC or CFTC authority may be more vulnerable to CFPB scrutiny. In an environment of increased regulatory risk, we recommend that crypto companies review their products and services from a consumer/end user perspective and pay attention to customer complaints.

Contact Melissa Baal Guidorizzi and Daniel Forester if you have any questions regarding recent regulatory trends and best practices for building compliance programs if your company is subject to the CFPB’s enforcement and examination powers.

SEC Provides Expectations About Public Company Disclosures Regarding Crypto Ecosystem Impact

What Happened

The Division of Corporation Finance of the Securities and Exchange Commission (“SEC”) issued a sample letter on December 8, 2022, highlighting considerations that public companies that are in, or connected to, the crypto industry should keep in mind as they prepare their public disclosures, spanning the description of business, management’s discussion and analysis (“MD&A”) and risk factor disclosures.

What Public Companies Need to Consider

While the letter highlights additional points for consideration in the business and MD&A sections, the majority of the comments focus on risk factor disclosure, flagging nine key risks, including:

  • any material gaps identified with respect to risk management processes and policies,
  • the “possibility of regulatory developments related to crypto assets and crypto asset markets,” and
  • material risk of reputational harm from recent disruptions.

Additionally, the sample letter also calls for increased disclosure regarding whether any of the crypto assets held or issued by the company serve as collateral for certain activities, as well as any downstream effects experienced by the company as a result of certain bankruptcies in the crypto industry. The sample letter gives insights into general themes of disclosures that the SEC is focused on, including the following: (i) the risk exposure a company has to other actors in the blockchain and cryptocurrency ecosystem (interdependencies within the industry), and (ii) changes to the value of assets held by the company resulting from fluctuations in the larger blockchain market.

In light of the heightened scrutiny faced by companies with exposure to the crypto industry, careful consideration should be given to any public disclosures regarding their operations in order to address the SEC’s concerns of providing adequate information to make a company’s public disclosures not misleading.

Contact Alice Hsu, Daniel Forester, Joseph Perkins or Soo Hwang for guidance on whether your company could be impacted or if you have any questions about navigating this evolving regulatory landscape.

European Crypto Regulation on the Verge of Enactment

The EU’s Markets in Crypto-Assets (MiCA) regulations are now all but final and may take effect this year. MiCA will provide new regulatory frameworks, including licensing and disclosure obligations, for participants in the cryptocurrency ecosystem, including token issuers, financial intermediaries (exchanges, brokers, etc.) and custodians.

What Happened

The Economic and Monetary Affairs Committee of the European Parliament gave its approval to MiCA on October 10, 2022, the latest step in a process that has lasted more than two years.

What’s Next

This paves the way for the larger European Parliament plenary to approve the regulations, a step that often is merely procedural. Once the plenary approves MiCA, it will become effective and mark the beginning of 18 months in which firms must become compliant, with the regulations coming into full effect in the second or third quarter of 2024.

While the text of MiCA helps provide regulatory certainty for crypto-asset businesses and consumers in the EU, additional practical guidelines for implementation will also be drafted to further elaborate MiCA.

MiCA’s Goals

MiCA’s main objective is to provide a level of regulatory and economic harmonization to crypto-asset businesses and consumers across Europe. Guiding principles of MiCA include:

  • Providing legal certainty through clear definitions of crypto assets and activities in relation to those crypto assets that are in scope;
  • Providing for consumer protection and market integrity alongside financial stability of crypto-asset businesses; and
  • Encouraging innovation and fair competition in the European crypto-assets markets and avoiding regulatory arbitrage between member states.

Businesses engaged in activities that are within the scope of MiCA will, at a minimum, be required to register with the competent regulatory authorities and produce a detailed white paper for their business, in a form and content specified by MiCA.

MiCA will not apply in the United Kingdom or Switzerland as they are not member states of the European Union. While similar principles of regulation may apply in these two jurisdictions, separate analysis is needed to understand what crypto-asset businesses must do to achieve compliance with local regulation.

What MiCA Missed

The final text of MiCA omits treatment of Non-Fungible Tokens, Decentralised Finance, Decentralized Autonomous Organizations and Proof of Work consensus mechanisms. European regulators are expected, however, to treat fractionalized NFTs as utility tokens governed by MiCA.

How Will MiCA Impact the U.S. Market?

MiCA reflects the EU’s acknowledgement that digital assets are a persistent part of a modern financial system. Whether the EU’s steps to define and regulate digital assets will influence U.S. regulators remains to be seen.

The Biden Administration’s March 2022 Executive Order on Ensuring Responsible Development of Digital Assets remains the most comprehensive U.S. policy statement on the topic. While there are numerous proposed legislative efforts in the U.S. Congress, the U.S. has yet to produce comprehensive legislation or regulatory guidance. Instead, regulators have relied on enforcement actions and individual agency guidance to inform market participants. We expect the U.S. regulatory regime to continue, at least in the short term, to take coordinated but separate action aligned with the Executive Order’s primary objectives of protecting consumers and investors.

The Orrick fintech team takes an international approach to digital asset markets. We will continue to monitor regulatory developments in both the U.S. and Europe to support our clients and innovation in crypto.

Federal Reserve Requires Banks to Provide Notice Regarding Crypto-Asset-Related Activities

Federal Reserve Requires Banks to Provide Notice Regarding Crypto-Asset-Related Activities

The Federal Reserve Board (“FRB”) announced a significant shift requiring FRB-supervised banking organizations to disclose any current crypto-asset-related activity and to notify FRB in advance of entering into any such business activities in the future. This notification requirement may add some friction to the bank adoption of crypto-asset activities. This announcement follows the OCC’s previous direction to its supervised entities to “notify its supervisory office, in writing of its intention to engage in a range of crypto related activities.” With similar direction aimed at Federal Reserve banks that more regularly interact with crypto projects, legal and regulatory compliance diligence will be even more important.

What Happened

  • On August 16, 2022, FRB issued a letter to all of its supervised banking organizations requiring those institutions to notify their lead FRB supervisory point of contact if such banking organization is engaged in or intend to engage in “crypto-asset-related activities” in order to “ensure such activity is legally permissible and determine whether any filings are required under applicable federal or state laws.”
  • “Crypto-asset-related activities” include crypto-asset safekeeping and traditional custody services; ancillary custody services; facilitation of customer purchases and sales of crypto-assets; loans collateralized by crypto-assets; and issuance and distribution of stablecoins.
  • The letter also specifically referenced stablecoins as potentially posing risks to financial stability if adopted at large scale.

How Will This Affect Banking Organizations?

Supervised banking organizations must:

  • Ensure the Activities Are Legally Permissible
    • Supervised banking organizations must assess the legality of the proposed crypto-asset-related activities under state and federal laws and determine whether any filings are required under federal banking laws, including The Bank Holding Company Act, Home Owners’ Loan Act, Federal Reserve Act, and Federal Deposit Insurance Act.
    • If permissibility is not clear, supervised banking organizations are directed to consult their point of contact at the FRB prior to the commencement of such activities.
  • Notify the Federal Reserve
    • If a supervised banking organization is already engaged in crypto-asset-related activity, it should disclose all activities to its lead supervisory point of contact promptly.
    • Supervised banking organizations must notify their lead supervisory point of contact prior to engaging in crypto-asset-related activity.
  • Enact and Maintain Proper Controls
    • FRB’s letter emphasizes the importance of supervised banking organizations enacting and maintaining adequate risk management and controls related to crypto-asset-related activities, including:
      • Having adequate systems in place to identify, measure, monitor, and control the risks associated with crypto-related activities on an ongoing basis; and
      • Ensuring that these systems cover “operational risks (for example, the risks of new, evolving technologies; the risk of hacking, fraud and theft; and the risk of third-party relationships), financial risk, legal risk, compliance risk (including, but not limited to, compliance with the Bank Secrecy Act, anti-money laundering requirements, and sanctions requirements), and any other risk necessary to ensure the activities are conducted in a manner that is consistent with safe and sound banking and in compliance with applicable law, including applicable consumer protection statutes and regulations.”
    • Consider Notifying State Regulators
      • FRB encourages state member banks to also notify their state regulators prior to engaging in crypto-asset-related activity.

Why Does This Matter?

  • If you are a supervised banking organization that is currently involved in active crypto-asset activities, re-confirm that your activities are compliant and take another look at your service providers to ensure their compliance;
  • If you are a potential partner of a supervised banking organization, expect an even more robust diligence process, time to execution may be extended, and you may face increased ongoing reporting and information disclosure requirements; and
  • For all participants in the crypto-asset space, this is another example of the growing all-hands on deck approach to the regulation of crypto spurred by the Executive Order from earlier this year. The Executive Order’s first objective was to “protect consumer, investors, and businesses,” and we expect to see further action from the FRB and other regulators.

Get to Know This Acronym for a Crypto Regulatory Alternative: DAOs

Governmental authorities are moving toward tighter regulation on cryptocurrency projects. Decentralized autonomous organizations (DAOs) present a potential alternative, with many cryptocurrency projects planning to launch as, or convert into, DAOs.

At the most basic level, DAOs are organizations moderated by self-enforced rules encoded by software on behalf of their members—in many instances, the governance token holders. In theory, no single person or team manages the DAO; rather, this function is decentralized and conducted privately through various democratic on-chain voting mechanisms.

In practice, of course, different DAOs are at varying stages of decentralization from the team that created the DAO.

Where Do DAOs Fit in the Regulatory Scheme?

Given the novelty of this governance structure, at least from a legal perspective, it is not surprising that the regulatory response to date has largely been to try to fit DAOs within traditional corporate structures.

For example, Wyoming’s recent DAO law is designed to allow DAOs to fit within an LLC structure. This bill is designed with several benefits in mind, including protecting DAO participants from theories of liability based on general partnerships and giving a corporate form for recently passed legislation that allows DAOs to register as LLCs.

At first blush, this might appear to be a step in the right direction. However, structuring DAOs within this traditional corporate framework is in some ways counter to the original vision of DAOs as decentralized and democratic entities. Such LLCs may inevitably require managers to exercise a significant level of discretion while carrying out the voting of the members, akin to how traditional LLCs would function in a central manner.

Then how can a DAO—which may only exist in the ether—thrive in today’s society and regulatory frameworks? Key to answering this is to examine what off-chain (i.e., real world) functions DAOs can or cannot perform. We explore two examples.

Can a DAO Enter Into a Contract?

Generally, a DAO cannot enter into a traditional contract. However, a DAO can operate by using so-called “smart contracts,” which execute based on an internal, automated trigger—following rules that resemble basic “if then” statements. The “ifs” can be straightforward, objective benchmarks: if a stock achieves a certain threshold, then a payment corresponding to a fixed fee will be issued.

But when the “ifs” are more subjective and require nuanced judgments (e.g., achievement of a service provider milestone), these simple contracts face limitations. Moreover, an entity-less DAO is limited to cryptocurrency transactions, as it is not able to open a traditional bank account in its own name.

Solving these limitations of a DAO will be critical to presenting DAO as a true corporation alternative. For instance, with respect to the subjective evaluation that a DAO may perform, there is building acceptance of committee-based review and approval as a means to provide the if in a smart contract. The committee’s affirmative vote can trigger the execution of contract provisions whether directly or through a transfer of a token to signify the approval.

Regarding the fiat limitation of a DAO, continued proliferation of decentralized exchanges and increased adoption of stablecoins may provide a functional alternative.

Can a DAO Have Legal Rights?

DAOs may also struggle at enforcing their legal rights, as there is no entity to be a plaintiff in litigation. A key function of traditional contracts is enforceability. If a counterparty breaches, one can sue in court for damages.

Smart contracts, however, lack legal enforceability. This creates risk for parties relying on smart contracts, as legal recourse is unavailable if the counterparty breaches. Without traditional enforcement mechanisms, in the smart contract sphere, participants are primarily driven by reputational risk and financial incentive.

This structural distinction may also lead to DAOs and their counterparties utilizing structures designed to mitigate these risks, including extra-contractual forms of incentives to encourage desired performance by a counterparty (e.g., a carrot) and escrows for proof of payment (e.g., a stick).

Another important consideration is whether a DAO can legally own an asset that requires a corporate structure. For instance, can a DAO own intellectual property? Generally, no.

IP and other property must be owned by a legal entity or individual. Nonetheless, DAOs can look to some open source software communities to provide potential road maps for distributed ownership under a common framework.

While none of these provides the traditional legal framework of an enforceable contract, careful smart contract structuring could form the basis for approximating some key contract characteristics in a manner sufficient for many purposes.

The stronger the push to fit cryptocurrency projects into the existing corporate structure, the stronger the pushback will be from the cryptocurrency community. Rather than focusing solely on how to fit a DAO into the existing regulatory frameworks, sophisticated projects can identify and address legal and operational limitations of entity-less DAOs to achieve permissionless access, decentralization, and democratic governance.

Previously published by Bloomberg, September 24, 2021 with co-author Joon Kim (Mina Foundation)
Get to Know This Acronym for a Crypto Regulatory Alternative: DAOs (bloomberglaw.com)