Keyword: CFPB

6 Questions Blockchain Founders Should Ask When Launching a Product or Token

As any founder knows, operating in the blockchain space requires navigating a myriad of regulatory regimes. While every product and token are different, below are 6 key questions that any founder should ask themselves as they launch their product or token:

  1. Are you advertising to the public? If a company advertises to the public, anti-fraud and consumer protection laws are relevant. Regulators in the U.S. from the Federal Trade Commission and the Consumer Financial Protection Bureau, along with state attorneys-general, enforce rules to ensure advertisements and public statements do not contain (among other things) statements or promises that are false, misleading, or deceptive. Companies should screen public messages with their counsel before publishing them.
  2. Where do you plan to launch your product or token? Companies should be aware of sanctions programs in jurisdictions in which they plan to operate. In the U.S., the Office of Foreign Asset Control (“OFAC”) enforces compliance with U.S. sanctions programs. Conducting transactions with sanctioned persons or in a sanctioned jurisdiction is an offense and OFAC may impose penalties on a “strict liability standard.”  This means that OFAC can hold violators civilly liable regardless of whether they knew they participated in a transaction with a sanctioned person or entity. Many companies have policies and internal controls (e.g., customer screening and IP address blocking) meant to prevent prohibited transactions.
  3. Would a person reasonably rely on the Company’s efforts to profit from their purchase? If a blockchain company issues or plans to issue tokens or other digital assets, it is imperative that the company complies with securities laws. The lodestar for determining whether a token is an “investment contract” (one type of security) is the Howey Test. In short, pursuant to the Howey Test, a token is a security if a purchaser could reasonably depend on the efforts of a third party (i.e., the company) to generate a profit. While the interpretation of the Howey Test is more nuanced than that, understanding how consumers are going to think about your token is important in assessing the level of risk that launching the token might impose. The actual application of the Howey Test is fact intensive, and therefore requires comprehensive review and application of the token and the Company’s distribution plans.
  4. Will employees have access to sensitive information that could impact prices? If a company’s employees will have access to material, non-public information regarding prices of the company’s publicly traded digital asset or any other asset trading on a platform controlled by the company, the company should implement policies to prevent employees or other insiders from profiting off of that information (by implementing, for example, insider trading policies). These policies should dictate how and when an employee, consultant, or director is allowed to buy and sell the company’s digital assets or any other asset trading on the company’s platform.
  5. Will the Company transmit someone’s money? Blockchain companies acting as an “administrator” or “exchanger” of “convertible virtual currency” (“CVC”) may be deemed a money transmitter under federal law. In short, if a company has the authority or power to issue, remove, or exchange a cryptocurrency or virtual currency, the company may be required to register as a “money services business” under the federal Bank Secrecy Act, which requires companies to assist the U.S. government in detecting and preventing money laundering. In addition, 49 states also have “money transmission laws.” Each state has different laws with respect to CVC, so a state-by-state analysis will be required to determine where the company should file for money transmission licenses.
  6. Will the Company collect customer information? Consumer data protection has received a sizable amount of attention from both legislatures and regulators over the past several years, including the implementation of GDPR in the EU and the CCPA in California (just to name a couple prominent laws).  Any company that is collecting, storing, or transmitting consumer information should review its online privacy policy and terms of use, as well as its internal policies around how that information is stored and where that information is transmitted.  Even if still under the control of the company, data transferred from one jurisdiction to another may violate applicable data privacy laws.

The 6 questions above will help frame some of the more common regulatory issues that companies in the blockchain space need to pay attention to, but that list is certainly not exhaustive.  With an increased focus on blockchain companies by regulatory agencies, it’s important that founders operate within and understand existing regulations, and also make a plan for how they will adapt as those regulations change.

CFPB Makes an Entrance: Crypto Products Targeted

Ending doubts regarding its interest in the space, the Consumer Financial Protection Bureau (CFPB) has for the first time publicly acknowledged its investigation of a crypto company — and it’s likely a sign of things to come.

The agency hinted at increased enforcement in a summary of consumer crypto complaints in November 2022. The CFPB acknowledged an investigation for the first time that same month, when it published a decision in the case.

Crypto companies with direct-to-consumer products should take note — and consider steps to mitigate risk.

What Happened?

The CFPB sent a Civil Investigative Demand (CID) for testimony in December 2021 to Nexo, a cryptocurrency platform that offers an earned-interest product and lets customers make deposits.

The CID focused on whether Nexo made “false or misleading representations to consumers” about its safeguards used to protect crypto assets. The CFPB also stated that the investigation included potential violations of the Electronic Funds Transfer Act, confirming its view that the law applies to crypto assets.

Nexo filed a petition to set aside or modify the CID. It argued that the SEC views interest-bearing crypto accounts as securities that are subject to SEC regulation and exempt from CFPB jurisdiction.

CFPB Director Rohit Chopra denied the petition. He noted that Nexo had been unwilling to fully concede that its product was a security subject to SEC regulation and that “it [was] too early to tell whether Nexo … was required to be registered with the SEC,” and exempt from the CFPB’s jurisdiction.

Since then, Nexo announced it had made “the regrettable but necessary decision” to phase out its products and services in the U.S. after “inconsistent and changing positions among state and federal regulators.”

What does this mean?

Though this is the first publicly identified CFPB crypto investigation, there are likely more on its docket.

This matter also reveals that CFPB crypto investigations have been ongoing since at least the fourth quarter of 2021. Less than two weeks before issuing the Nexo decision, the CFPB issued a Crypto-asset Complaint Bulletin. The CFPB typically uses these bulletins to notify a market of its plans to address certain types of consumer harm. Three top crypto complaint themes likely to trigger CFPB interest include:

  1. Fraud: 40% of consumer complaints in the bulletin were a result of having been victimized by fraudulent activity or scams in the crypto ecosystem.
  2. Access to Funds: Many consumers reported struggling to access their funds due to issues with crypto platforms and the freezing of funds before filing for bankruptcy protection.
  3. Poor Customer Service: A major issue cited in the complaint bulletin was the inherent lack of customer service provided to consumers in the crypto market. Consumers described company customer service as non-responsive or non-existent. The CFPB launched an initiative to improve customer service this year with Director Chopra’s stated goal “to ensure the legally enshrined right to obtain basic customer service.”

Looking Forward

We expect increased enforcement action aimed at addressing the themes in the Crypto-asset Complaint Bulletin. Crypto companies that have not affirmatively subjected themselves to SEC or CFTC authority may be more vulnerable to CFPB scrutiny. In an environment of increased regulatory risk, we recommend that crypto companies review their products and services from a consumer/end user perspective and pay attention to customer complaints.

Contact Melissa Baal Guidorizzi and Daniel Forester if you have any questions regarding recent regulatory trends and best practices for building compliance programs if your company is subject to the CFPB’s enforcement and examination powers.