Melissa Baal Guidorizzi

Partner

Washington, D.C.


Read full biography at www.orrick.com

Drawing on nearly two decades in enforcement at the Consumer Financial Protection Bureau (CFPB) and in-house at a global diversified financial services corporation, Melissa Baal Guidorizzi advises traditional financial institutions and emerging financial technology (fintech) companies on consumer financial services compliance, regulatory investigations and enforcement actions and litigation.

During Melissa's tenure at the CFPB's Office of Enforcement, she developed supervision and enforcement priorities, identifying subjects for examinations and investigations. She also shaped federal consumer financial laws that impact cryptocurrency markets, new payment technologies, and established financial institutions, including the Electronic Fund Transfer Act (EFTA), the Truth in Lending Act (TILA), Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) and the Fair Credit Reporting Act.

Melissa also spent nearly a decade in-house at a large multinational financial institution, where she was responsible for implementing regulatory compliance initiatives, defending enforcement actions and managing regulatory examinations.

Posts by: Melissa Baal Guidorizzi

European Crypto Regulation on the Verge of Enactment

The EU’s Markets in Crypto-Assets (MiCA) regulations are now all but final and may take effect this year. MiCA will provide new regulatory frameworks, including licensing and disclosure obligations, for participants in the cryptocurrency ecosystem, including token issuers, financial intermediaries (exchanges, brokers, etc.) and custodians.

What Happened

The Economic and Monetary Affairs Committee of the European Parliament gave its approval to MiCA on October 10, 2022, the latest step in a process that has lasted more than two years.

What’s Next

This paves the way for the larger European Parliament plenary to approve the regulations, a step that often is merely procedural. Once the plenary approves MiCA, it will become effective and mark the beginning of 18 months in which firms must become compliant, with the regulations coming into full effect in the second or third quarter of 2024.

While the text of MiCA helps provide regulatory certainty for crypto-asset businesses and consumers in the EU, additional practical guidelines for implementation will also be drafted to further elaborate MiCA.

MiCA’s Goals

MiCA’s main objective is to provide a level of regulatory and economic harmonization to crypto-asset businesses and consumers across Europe. Guiding principles of MiCA include:

  • Providing legal certainty through clear definitions of crypto assets and activities in relation to those crypto assets that are in scope;
  • Providing for consumer protection and market integrity alongside financial stability of crypto-asset businesses; and
  • Encouraging innovation and fair competition in the European crypto-assets markets and avoiding regulatory arbitrage between member states.

Businesses engaged in activities that are within the scope of MiCA will, at a minimum, be required to register with the competent regulatory authorities and produce a detailed white paper for their business, in a form and content specified by MiCA.

MiCA will not apply in the United Kingdom or Switzerland as they are not member states of the European Union. While similar principles of regulation may apply in these two jurisdictions, separate analysis is needed to understand what crypto-asset businesses must do to achieve compliance with local regulation.

What MiCA Missed

The final text of MiCA omits treatment of Non-Fungible Tokens, Decentralised Finance, Decentralized Autonomous Organizations and Proof of Work consensus mechanisms. European regulators are expected, however, to treat fractionalized NFTs as utility tokens governed by MiCA.

How Will MiCA Impact the U.S. Market?

MiCA reflects the EU’s acknowledgement that digital assets are a persistent part of a modern financial system. Whether the EU’s steps to define and regulate digital assets will influence U.S. regulators remains to be seen.

The Biden Administration’s March 2022 Executive Order on Ensuring Responsible Development of Digital Assets remains the most comprehensive U.S. policy statement on the topic. While there are numerous proposed legislative efforts in the U.S. Congress, the U.S. has yet to produce comprehensive legislation or regulatory guidance. Instead, regulators have relied on enforcement actions and individual agency guidance to inform market participants. We expect the U.S. regulatory regime to continue, at least in the short term, to take coordinated but separate action aligned with the Executive Order’s primary objectives of protecting consumers and investors.

The Orrick fintech team takes an international approach to digital asset markets. We will continue to monitor regulatory developments in both the U.S. and Europe to support our clients and innovation in crypto.

Federal Reserve Requires Banks to Provide Notice Regarding Crypto-Asset-Related Activities

Federal Reserve Requires Banks to Provide Notice Regarding Crypto-Asset-Related Activities

The Federal Reserve Board (“FRB”) announced a significant shift requiring FRB-supervised banking organizations to disclose any current crypto-asset-related activity and to notify FRB in advance of entering into any such business activities in the future. This notification requirement may add some friction to the bank adoption of crypto-asset activities. This announcement follows the OCC’s previous direction to its supervised entities to “notify its supervisory office, in writing of its intention to engage in a range of crypto related activities.” With similar direction aimed at Federal Reserve banks that more regularly interact with crypto projects, legal and regulatory compliance diligence will be even more important.

What Happened

  • On August 16, 2022, FRB issued a letter to all of its supervised banking organizations requiring those institutions to notify their lead FRB supervisory point of contact if such banking organization is engaged in or intend to engage in “crypto-asset-related activities” in order to “ensure such activity is legally permissible and determine whether any filings are required under applicable federal or state laws.”
  • “Crypto-asset-related activities” include crypto-asset safekeeping and traditional custody services; ancillary custody services; facilitation of customer purchases and sales of crypto-assets; loans collateralized by crypto-assets; and issuance and distribution of stablecoins.
  • The letter also specifically referenced stablecoins as potentially posing risks to financial stability if adopted at large scale.

How Will This Affect Banking Organizations?

Supervised banking organizations must:

  • Ensure the Activities Are Legally Permissible
    • Supervised banking organizations must assess the legality of the proposed crypto-asset-related activities under state and federal laws and determine whether any filings are required under federal banking laws, including The Bank Holding Company Act, Home Owners’ Loan Act, Federal Reserve Act, and Federal Deposit Insurance Act.
    • If permissibility is not clear, supervised banking organizations are directed to consult their point of contact at the FRB prior to the commencement of such activities.
  • Notify the Federal Reserve
    • If a supervised banking organization is already engaged in crypto-asset-related activity, it should disclose all activities to its lead supervisory point of contact promptly.
    • Supervised banking organizations must notify their lead supervisory point of contact prior to engaging in crypto-asset-related activity.
  • Enact and Maintain Proper Controls
    • FRB’s letter emphasizes the importance of supervised banking organizations enacting and maintaining adequate risk management and controls related to crypto-asset-related activities, including:
      • Having adequate systems in place to identify, measure, monitor, and control the risks associated with crypto-related activities on an ongoing basis; and
      • Ensuring that these systems cover “operational risks (for example, the risks of new, evolving technologies; the risk of hacking, fraud and theft; and the risk of third-party relationships), financial risk, legal risk, compliance risk (including, but not limited to, compliance with the Bank Secrecy Act, anti-money laundering requirements, and sanctions requirements), and any other risk necessary to ensure the activities are conducted in a manner that is consistent with safe and sound banking and in compliance with applicable law, including applicable consumer protection statutes and regulations.”
    • Consider Notifying State Regulators
      • FRB encourages state member banks to also notify their state regulators prior to engaging in crypto-asset-related activity.

Why Does This Matter?

  • If you are a supervised banking organization that is currently involved in active crypto-asset activities, re-confirm that your activities are compliant and take another look at your service providers to ensure their compliance;
  • If you are a potential partner of a supervised banking organization, expect an even more robust diligence process, time to execution may be extended, and you may face increased ongoing reporting and information disclosure requirements; and
  • For all participants in the crypto-asset space, this is another example of the growing all-hands on deck approach to the regulation of crypto spurred by the Executive Order from earlier this year. The Executive Order’s first objective was to “protect consumer, investors, and businesses,” and we expect to see further action from the FRB and other regulators.