Keyword: Uncategorized

Executive Order on Digital Assets Means Industry-Shifting Regulation Is Closer Than Ever

On March 9, 2022, Bitcoin prices surged and many in the crypto community celebrated as the Biden administration announced a sweeping executive order that acknowledges the key role digital assets will play in global financial systems. While the Order embraces crypto as the wave of the future, it calls for an intense focus on the industry that will undoubtedly lead to increased oversight and enforcement. Businesses that have believed themselves to be operating in a legal gray area may soon find themselves more explicitly subject to many of the same regulations as traditional financial service providers. The Order provides a simple rationale for aligning the new industry with existing regulatory standards: “same business, same risks, same rules.”

There is no cookie-cutter approach to analyzing how the coming changes will impact a business. We are tracking developments to help our clients look over the horizon and plan ahead. Below are the key takeaways from the Order:

  • The Order calls for an “unprecedented focus of coordinated action” to address the illicit use of digital assets. This will likely lead to increased criminal enforcement—including holding companies accountable for illegal activity perpetrated through their networks.
  • Numerous agencies have been tasked with developing policies and regulatory frameworks to protect consumers, investors, and businesses in the crypto sphere, with additional reporting to come as soon as within 90 days.
  • The administration supports responsible innovation related to digital assets, meaning technological advances that address privacy, security, controls against exploitation, and environmental responsibility.
  • These directives build on initiatives that have been pursued at the agency level, such as the creation of a DOJ task force to investigate and prosecute crypto crime.

******

The Biden administration’s move towards more digital asset oversight is now directed from the top. President Biden’s March 9 Executive Order calls for an “unprecedented focus of coordinated action” across all government agencies to mitigate the risks posed by the illicit use of digital assets. And this focus is not just domestic; the Order also directs agencies to work with foreign partners to align international frameworks and coordinate responses to risks—which may involve cross-border investigations and prosecution of misconduct. While the Order suggests the government will embrace digital assets in an unprecedented way, there is no doubt that increased criminal and regulatory enforcement will soon follow.

1. The sweeping Order outlines a “whole-of-government approach” to setting policy, establishing regulatory frameworks, and mitigating risks associated with digital assets.

Citing the explosive growth in digital assets, the Order makes the case for stronger oversight and increased regulation of cryptocurrencies. It announces six key priorities:

  • Protecting Consumers, Investors, and Businesses: The Treasury Department and other agency partners will develop policy recommendations to address the risks and opportunities of digital assets. Additionally, the Attorney General and others will report on the role of law enforcement agencies in detecting, investigating, and prosecuting crypto crime, and recommend appropriate regulatory or legislative actions.
  • Protecting U.S. and Global Financial Stability: The Financial Stability Oversight Council will identify economy-wide financial risks posed by digital assets and develop proposals to address such risks and any associated regulatory gaps.
  • Mitigating Illicit Finance and National Security Risks: The Order emphasizes the growing use of digital assets to facilitate cybercrime, money laundering, terrorist and proliferation financing, fraud, theft, and corruption. Building on the Treasury Department’s National Strategy for Combating Terrorist and Other Illicit Financing, a group of agencies will evaluate “opportunities to mitigate such risks through regulation” and develop a coordinated action plan. This plan will, among other things, address the role of law enforcement to increase compliance with AML/CFT, focusing on decentralized financial ecosystems, peer-to-peer payment activity, and obscured blockchain ledgers.
  • Reinforcing U.S. Leadership in the Global Financial System: The Department of Commerce will work with other agencies on a framework to drive U.S. competitiveness and leadership in, and leveraging of, digital asset technologies. The Treasury Department will similarly work across government to establish a framework for international engagement on issues such as foreign assistance, global compliance, and the promotion of international standards.
  • Promoting Access to Safe and Affordable Financial Services: The Treasury Department and other relevant agencies will produce a report on the future of money and payment services, recognizing the national interest in ensuring access to safe and affordable financial services.
  • Supporting Responsible Innovation: Various agencies will study and support technological advances in the responsible development, design, and implementation of digital asset systems. This means ensuring that digital asset technologies include privacy and security in their architecture, integrate controls to defend against illicit exploitation, and reduce negative climate impacts and environmental pollution from cryptocurrency mining.

Additionally, the Order places the “highest urgency” on research and development into the creation of a U.S. Central Bank Digital Currency (CBDC),[1] which it says has the potential to support efficient and low-cost transactions and foster greater access to the financial system. The Treasury Department and other agencies have been tasked with analyzing the potential implications of launching a U.S. CBDC.

2. The Executive Order comes on the heels of a new DOJ task force, the National Cryptocurrency Enforcement Team, aimed at investigating and prosecuting crypto crime.

In October 2021, Deputy Attorney General Lisa Monaco announced the creation of a National Cryptocurrency Enforcement Team (NCET) to “tackle complex investigations and prosecutions of criminal misuses of cryptocurrency,” including money laundering, ransomware and extortion schemes, and trading on dark markets for illegal drugs, weapons, and hacking tools.[2] The NCET is staffed by DOJ prosecutors with backgrounds in cryptocurrency, cybercrime, money laundering, and forfeiture. They work closely with various DOJ sections, U.S. Attorneys’ Offices, and the FBI. According to NCET Director Eun Young Choi, “the NCET will play a pivotal role in ensuring that as the technology surrounding digital assets grows and evolves, the department in turn accelerates and expands its efforts to combat their illicit abuse by criminals of all kinds.”[3] The creation of this task force suggests that the DOJ has both the resources and the will to investigate allegations of wrongdoing in the crypto sphere, and companies must remain vigilant in light of the increased risk of regulatory scrutiny.

3. The SEC has expressed a strong interest in regulating crypto trading platforms, while other agencies have announced a series of “policy sprints” focused on crypto assets.

For the SEC, the question of whether the agency will regulate cryptocurrency exchanges is not a matter of if, but when. When asked by reporters in January whether 2022 will be the year that the SEC starts regulating crypto trading platforms, SEC Chairman Gary Gensler responded: “You shouldn’t put timelines on yourself, but I will say I sure hope so.”[4] He went on to caution: “To the extent that folks are operating outside the regulatory perimeter, but are supposed to be inside, we will bring enforcement actions.”[5] This calls to mind the question of whether cryptocurrencies are securities, which, if answered in the affirmative, brings them well within the reach of the SEC’s Enforcement Division. While the answer may differ depending on the currency, Chairman Gensler has expressed a view that most cryptocurrencies are indeed securities and thus subject to regulation by the SEC.[6]

4. Nearly every relevant agency is marching towards more regulation.

The SEC and the Treasury Department are leaders in this space, but it seems that no agency wants to be left behind when it comes to regulating cryptocurrencies. At the same time that the DOJ and SEC were pursuing their own crypto strategies, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency conducted a series of interagency “policy sprints” focused on crypto assets.[7] Their goal was to analyze the applicability of existing regulations to crypto activities and establish a road map for further guidance. They promised to “provide greater clarity on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible” and articulate expectations for compliance with existing laws. Other regulatory initiatives being pursued at the agency level, including by the Treasury Department’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN), are detailed in our 2021 Year-End Crypto Roundup.

5. Up until now, regulators have had to address misconduct in the crypto market using outdated laws that didn’t always fit. This is about to change—giving regulators more tools (and power) than ever.

Even without a coordinated strategy or crypto-specific regulatory framework, agencies have found ways to hold companies and individuals accountable for crypto-related misconduct. For example, the SEC has brought numerous enforcement actions for fraudulent and unregistered digital asset offerings,[8] and the DOJ recently arrested two individuals in connection with an attempt to launder $4.5 billion in stolen cryptocurrency.[9] Last year, FinCEN and the Commodity Futures Trading Commission (CFTC) reached a $100 million settlement with cryptocurrency exchange BitMEX, and BitMEX founders recently pled guilty to criminal Bank Secrecy Act (BSA) regulations stemming from the company’s willful failure to establish, implement, and maintain an AML program. But despite these efforts, without tailored regulation, illicit activity is bound to fall through the cracks. The current landscape is bound to change dramatically as a result of the Biden administration’s Executive Order, and even companies operating entirely within the law need to be ready to shift how they do business to adapt to changing regulations. Whatever comes next, we are tracking developments closely to help our clients navigate these changes and mitigate regulatory and enforcement risk.

[1] See Board of Governors of the Federal Reserve, Money and Payments; The U.S. Dollar in the Age of Digital Transformation (Jan. 2022).

[2] U.S. Dep’t of Justice, Press Release, Deputy Attorney General Lisa O. Monaco Announces National Cryptocurrency Enforcement Team (Oct. 6, 2021).

[3] U.S. Dep’t of Justice, Press Release, Justice Department Announces First Director of National Cryptocurrency Enforcement Team (Feb. 17, 2022).

[4] Jennifer Schonberger, SEC’s Gensler wants crypto exchange regulation in 2022, warns on stablecoin, Yahoo Finance (Jan. 20, 2022).

[5] Id.

[6] Cheyenne Ligon, Gensler’s Crypto Testimony: 6 Key Takeaways, CoinDesk (Oct. 6, 2021).

[7] Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps (Nov. 23, 2021).

[8] See U.S. Securities & Exchange Commission, Cyber Enforcement Actions.

[9] U.S. Dep’t of Justice, Press Release, Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency (Feb. 8, 2022).

Non-U.S. Crypto and Other Money Services Businesses: Have Customers in the U.S.? Beware of AML and Sanctions Compliance Risk

Two recent guilty pleas involving a cryptocurrency exchange serve as a reminder to all money services businesses (“MSBs”)—including those ostensibly located outside the United States but that conduct business there—of the importance of implementing anti-money laundering (“AML”) programs and registering as MSBs with the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”). Last week, two founders and executives of BitMEX—a virtual currency derivatives exchange whose parent company was registered in the Seychelles but operated globally, including in the United States—pled guilty to criminal Bank Secrecy Act (“BSA”) violations stemming from the company’s willful failure to establish, implement, and maintain an AML program.[1]

The BitMEX enforcement action also highlights sanctions non-compliance risks. Without a Know Your Customer (“KYC”) program, BitMEX carried out transactions for customers based in Iran, a jurisdiction comprehensively sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As OFAC has made clear, sanctions compliance obligations remain the same regardless of whether transactions are denominated in virtual currency or fiat. A focus on sanctions compliance may become even more critical for cryptocurrency companies in the wake of the new far-reaching Russia-related sanctions imposed by the United States, the EU, and the UK, among other governments, in response to Russia’s invasion of Ukraine. OFAC and the New York State Department of Financial Services (“NYSDFS”) have warned that as sanctioned persons and jurisdictions “become more desperate for access to the U.S. financial system,” they are likely to turn to cryptocurrency to minimize the crippling effect of sanctions.

BitMEX Founders’ Guilty Pleas

The two BitMEX founders’ guilty pleas on February 24, 2022 follow the company’s settlement with U.S. regulators in August 2021, which was one of the largest-ever resolutions with a cryptocurrency exchange. While BitMEX was incorporated in the Seychelles, it had connections to the United States, including maintaining offices there and soliciting and accepting orders from U.S. customers. FinCEN and the Commodity Futures Trading Commission found that BitMEX was operating as an unregistered futures commission merchant under the BSA, and that it failed to comply with the BSA’s AML program requirements, including by failing to maintain an adequate customer identification program.  BitMEX resolved the allegations for $100 million, with a $20 million suspended penalty pending the company’s remediation and prevention measures, including ending all operations within the United States and no longer serving any U.S. customers.

The Department of Justice charged four of the company’s founders and executives in October 2020. In announcing that two of them, Arthur Hayes and Benjamin Delo, had pled guilty to willfully violating the BSA, the Department of Justice alleged that these two founders “closely” followed the U.S. regulatory developments and were aware of their BSA obligations due to U.S. customers’ trading on BitMEX. Yet, they allegedly took affirmative steps purportedly designed to exempt BitMEX from the application of U.S. laws like AML requirements and KYC requirements. For example, according to prosecutors, “the defendants caused BitMEX to formally incorporate in the Seychelles, a jurisdiction they believed had less stringent regulation, and from which they could still serve U.S. customers and operate within the United States without performing AML and KYC.” Without “even basic” AML policies in place, BitMEX became “in effect a money laundering platform” and a “vehicle for sanctions violations.”

Takeaways

This development illustrates the significant risks to which foreign-located MSBs expose themselves if they have U.S. customers but fail to comply with the BSA. Incorporating in a “friendlier” jurisdiction, like the Seychelles in the BitMEX case, does not protect an MSB from BSA liability if it operates in the United States. The BSA applies to MSBs “wherever located” if they conduct business “wholly or in substantial part within the United States.” Thus, all MSBs, including those transmitting cryptocurrency—with any U.S. nexus—should take note of the BSA requirements. Those include registering with FinCEN; implementing a written AML program with policies, procedures, and internal controls, including regarding customer identification and verification; and controls to detect and report suspicious activity. The AML programs must be commensurate with the risks posed by the location, size, nature and volume of the services provided by the MSB and be effective in preventing the MSB from being used to facilitate money laundering and the financing of terrorist activities.

An effective AML/KYC program will also help ensure compliance with sanctions regulations. As noted, cryptocurrency exchanges will likely face increased sanctions risks due to the sweeping sanctions recently imposed against Russian banks, entities, and individuals by the United States, EU, UK, and other governments, and additional measures that may be imposed in the coming days or weeks. As such, cryptocurrency exchanges may face, and must address, “unique risks.”

By implementing a KYC program, which includes sanctions screening, cryptocurrency companies can help ensure they do not engage, directly or indirectly, in transactions prohibited by sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions. To ensure compliance, cryptocurrency exchanges should also employ geolocation and IP-address blocking to prohibit access by parties from sanctioned jurisdictions, perform transaction monitoring to detect suspicious activity, and file required reports with FinCEN and OFAC. Exchanges operating outside the United States that do not yet have but want to attract U.S. users should also consider implementing such measures.

[1] Also last week, on February 25, 2022, BitConnect founder Satish Kumbhani was indicted in a cryptocurrency Ponzi scheme, which the government alleges deprived investors worldwide, including in the United States, of over $2 billion. According to the indictment, to avoid regulatory scrutiny and conceal BitConnect’s fraudulent scheme, Kumbhani evaded and circumvented U.S. regulations, including those enforced by the FinCEN. Among other things, BitConnect never registered with FinCEN, as required under the BSA.

At Your Service: First-Ever On the Chain Survey Reflects a Steady Rise in Blockchain Awareness, Acceptance and Adoption

The results are in! Responses to Orrick’s first survey of the dedicated followers of On the Chain, our blockchain blog, revealed at least two things: (1) that blockchain technology is continuing to gain acceptance in and figure into plans of businesses across numerous industries, and (2) that during the holiday season people will take the time to respond to a survey if there is a prospect of receiving an Amazon gift card. Message received.

The 60+ survey responses came largely from senior personnel in a broad range of industries and regions, mostly working in technology, media, telecommunications, professional services, fintech and financial services, and mostly located in North America, Asia and Europe. Overall, almost all responders considered themselves moderately or very familiar with blockchain technology, which is not surprising given the nature of the blog’s steadily increasing readership. It is also not surprising, since one-third of the responders stated they work for companies that currently employ blockchain technology, including smart contracts. These uses include: payment processing and investments; buying, selling and exchanging digital currencies; data management and storage; maintaining data privacy; and gaming. For those companies not currently employing blockchain technology, about a third view it as a high priority or important to the organization; and about one-half of those view it as relevant to the company’s strategy but not a priority.

The overwhelming majority of responders believe that blockchain will achieve mainstream adoption in the next five years. This matches the observation of Orrick’s Blockchain Group, whose members from week to week seem to be working on or learning about a new or expanded application of blockchain technology in an existing industry. The greatest advantage to the adoption of blockchain technology, according to responders, is improved business efficiencies, while reduction of costs is viewed as a lesser benefit. The most significant barriers to mainstream adoption of blockchain technology are considered to be technological challenges to implementation, regulatory issues and the uncertain financial return on the investment. We received fewer responses that security threats, failure of companies to treat it as a priority, and unproven technology are barriers to adoption.

In sum, the survey results provide a snapshot – albeit unscientific – of how companies view blockchain technology at this point in time, and where they think it is going. The results help Orrick to focus its blockchain practice on the sectors where our advice and representation will most likely be useful. And, lastly, the results help us deliver our observations and analyses about “the state of blockchain” to our clients and other members of our audience. Survey responders expressed a preference for hearing from us through our electronic newsletter and our On the Chain blog, and we will continue to deliver content in those forms. Many responders also indicated that they would appreciate reading posts regarding success stories and practical uses of blockchain technology. We intend to start publishing regular pieces, so stay tuned for that. And many responders also sought human interaction with the charming and knowledgeable members of Orrick’s Blockchain Group – seminars and networking receptions – and we hope to announce such opportunities in the near future. Finally, we are grateful to those responders who provided ideas about the content for future blog posts (and those who appreciate the topics we have already offered). Look for content that is responsive to those requests.

Thanks again to all our survey respondents for taking the time to provide such useful information, and congratulations to our lucky prizewinner!

The NFA Enhances Reporting Requirements for Intermediaries Who Trade Virtual Currencies and Related Derivatives

Derivatives regulations have continued to evolve with the explosive growth of cryptocurrency in recent years. One of these earlier shifts transpired in late 2017, when the National Futures Association (NFA) issued three Notices to Members expanding the notifications and reporting requirements for financial derivatives intermediaries, citing similar actions by the CFTC along with the volatility in the underlying virtual currency markets.

Learn more about these regulatory shifts as well as perspectives on other derivatives regulators in this overview by our Securities Litigation team.