Keyword: virtual currency

New York Looks Like it Might Loosen Up on Its Virtual Currency Regulation

On June 25, the New York State Department of Financial Services (NYDFS) published a “Conditional BitLicense” proposal for reforming its licensing framework that would make it easier for virtual currency businesses to obtain permission to operate in New York. The proposal was developed as part of a broader effort to respond to industry changes and concerns that NYDFS identified in its five-year review of its cryptocurrency licensing regime (which originally took effect in June 2015) under which more than two dozen cryptocurrency companies have been approved to do business in New York. Under the proposed regulations, a virtual currency firm will be authorized to operate in New York even if it does not have a full BitLicense from the state if it obtains a “conditional BitLicense” and partners with a firm that does have a full license. (To note, the conditional BitLicense has always existed, but this is the first time that the NYDFS has announced clear rules to help companies access the license.)

The NYDFS’s proposal is likely a welcome development. New York’s process for obtaining a full BitLicense is considered one of the toughest in the country and has long been unpopular with blockchain startups. Among the complaints: steep paperwork requirements and lengthy approval times. Under the proposed conditional licensing regulation, a cryptocurrency firm that wishes to operate in New York can bypass the difficulties of applying for a full license and instead apply for a conditional BitLicense, which would grant it operational privileges so long as it partners with another cryptocurrency firm that is fully licensed. Currently, the NYDFS envisions that under such a partnership, the licensed firm can assist in providing various services and support, including “those relating to structure, capital, systems, personnel, or any other support needed.”

The proposed application process is simple: In order to apply for such a license, the unlicensed cryptocurrency firm would need to inform the NYDFS of its intention to apply and provide a copy of the service agreement between the unlicensed cryptocurrency firm and the licensed cryptocurrency firm, as well as additional documentation. It is clear, however, that the NYDFS views this licensing framework as a temporary stepping stone; the NYDFS stated that it expects firms who obtain such conditional licenses to then apply for a full license within 2 years.

It is not entirely clear how the conditional license will operate in practice. It does not appear that any other state makes conditional licenses available. To that end, the NYDFS is inviting comments on its proposed regulation, including:

  1. What type of cryptocurrency firms would benefit the most from such a conditional license?
  2. What type of licensed firms would be best and most effectively able to partner with unlicensed firms under the terms of a conditional license?
  3. What types of services and support should a licensed firm provide for the firm with the conditional license?
  4. Should there be limits placed on the types of services that a licensed firm can provide?
  5. Should there be caps and limits on the total number of conditional arrangements that a licensed firm can enter? What other checks should be in place?
  6. Should the licensed firm be held accountable for initial due diligence of the firm wishing to obtain a conditional license and to what extent?
  7. Should ongoing due diligence be required?
  8. How should the licensed firm and firm with the conditional license divide responsibilities and obligations for ensuring compliance with legal and regulatory requirements?
  9. What is the best way to check for and resolve conflicts of interest between the two firms involved?
  10. What is the best way to structure such collaboration to limit any potential adverse effect on the markets?
  11. Are there other methods besides a conditional license that the NYDFS should consider?

NYDFS requests that all comments by submitted by August 10, 2020. Given that cryptocurrency regulation is generally uncharted territory, virtual currency firms should consider submitting comment to the NYDFS to assist it in developing this regulation further so that it is effective and workable.

FinCEN Sends Message to the Virtual Currency Industry: The Travel Rule Applies to You, Too

FinCEN Director Ken Blanco addressed this year’s Consensus Blockchain Conference on May 13, 2020. In a set of prepared remarks, Blanco recognized the unprecedented challenges that the COVID-19 pandemic has created for anti-money laundering compliance personnel, particularly in addressing virtual currency transactions. To meet those challenges and combat the increased risk of criminal exploitation of virtual currency markets, Blanco emphasized that U.S. authorities continue to expect that financial institutions comply with the “Travel Rule” – that is, the requirement to transmit certain identifying information regarding transaction counterparties to the next financial institution in the transaction chain – with respect to virtual currency transactions, among others.

Cybercriminals Have Adapted to the Pandemic – You Need to as Well

Blanco recited the principal ways in which cybercriminals have adapted to exploit vulnerabilities created by COVID-19. For example, cybercriminals have taken advantage of security vulnerabilities in remote working applications, including VPNs and remote desktop protocols, that are central to the new work-from-home paradigm. Scams intended to undermine “know your customer” processes, including deep-fake and credential-stuffing attacks, have also increased in recent months, as have scams involving virtual currency payments, extortion, ransomware, fraudulent medical products sales, and initial coin offerings. Blanco expects this illegal conduct to continue to increase during the pandemic, and he advised financial institutions to calibrate their security measures to those threats.

Blanco explained that the “entire AML community has been adapting in real time” to the COVID-19 pandemic and its economic fallout, and he urged financial institutions to stay alert for malicious or fraudulent transactions. FinCEN issued notices on March 16 and April 3 advising financial institutions of their AML obligations during the COVID-19 pandemic and provided a direct contact mechanism to report urgent COVID-19 related issues. Blanco also advised that FinCEN is publishing advisories highlighting common types of fraud, theft, and money laundering activities related to the pandemic. Orrick’s May 27, 2020 Client Alert details steps that the Financial Action Task Force (“FATF”) – the global money laundering and terrorist financing watchdog – has advised that financial institutions consider taking to ensure continued compliance with their AML obligations.

The End of an Era? Regulators Expect to Know Who Is Transacting in Virtual Currencies

Turning to his “primary theme,” Blanco stated that the United States expects financial institutions to comply with the Travel Rule – full stop. There is no exception for virtual currency transactions. The Rule requires institutions processing virtual currency transactions valued at $3,000 or more to pass on and retain certain identifying information – including names, addresses, and account numbers – of both transaction counterparties to the next financial institution in the transaction chain. Blanco praised steps taken by FATF last June to establish international standards that are consistent with the U.S. Travel Rule.

The Travel Rule’s application to virtual currency transactions has been a source of resentment for Blockchain advocates who view the technology’s unique ability to facilitate anonymous transactions as one of its most revolutionary attributes. However, others have embraced the Rule for the role it has played in legitimizing the use of virtual currencies by law-abiding, mainstream actors as a safe alternative to traditional currencies.

Blanco’s comments make clear that FinCEN is firmly in the latter camp and views the Travel Rule as a key enforcement tool to prevent the proliferation of black markets and other illicit uses of Blockchain technology. In his words, “[a]ny asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”

Blanco reported that recordkeeping violations – such as violations of the Travel Rule – are the most common violations that FinCEN’s delegated IRS examiners have found being committed by money services businesses engaged in virtual currency transmission. Nevertheless, he stated that he is optimistic about the growth of cross-sector organizations and working groups focused on improving compliance with the Travel Rule and developing complementary international standards. Blanco stressed the importance of collaboration between government, law enforcement, and private companies, both during the COVID-19 pandemic and beyond. Blanco explained that it is the shared responsibility of the public and private sectors to ensure that virtual currency “technology does not get hijacked by criminals” to become a “conduit for crime, hate, and harm.”

Help Us to Help You

Blanco closed with an invitation to the private sector to strengthen its collaboration with regulators and law enforcement to combat illegal uses of virtual currencies. Since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (“SARs”) involving virtual currency exploitation, over half of which came from the virtual currency industry. Those SARs are critical to FinCEN’s and law enforcement’s efforts to combat criminality and FinCEN’s efforts to educate industry participants about trends in illicit virtual currency use through its advisory and FinCEN Exchange programs.

Despite these efforts, Blanco explained that “[r]isks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions.” FinCEN and its delegated IRS examiners are taking a close look at the AML/CFT controls on transactions in virtual currencies, and Blanco advised his audience to consider whether their controls are adequate to fulfill their duties to maintain risk-based AML programs. Blanco explained that FinCEN is also taking seriously the rise in foreign money services businesses seeking to do business with U.S. persons or operating in the U.S. without complying with U.S. AML regulations. Put simply, “[i]f you want access to the U.S. financial system and the U.S. market, you must abide by the rules.”

In or Out? – The CFTC Explains When Virtual Currencies Come Within Its Jurisdiction

On March 24, the Commodity Futures Trading Commission (CFTC) issued final interpretive guidance (the Guidance) regarding retail commodity transactions involving virtual currency. In short, this Guidance clarifies when “actual delivery” of virtual currency (such as bitcoin and ether) occurs under the test determining whether a leveraged arrangement is exempt from regulation by the CFTC as, effectively, a futures contract. This important Guidance demonstrates the proactive and leading role that the CFTC has taken in connection with understanding and addressing developments in the fintech sector. In the Guidance, the CFTC explains the exemption clearly and places it in the context of the CFTC’s regulatory mandate, its somewhat tortured history in obtaining jurisdiction over leveraged retail transactions in commodities, and its interest in preventing abusive practices. As part of its commitment to assisting the industry in adjusting to the evolving interpretations, the CFTC also announced that it would impose a 90-day moratorium on initiating enforcement actions that address aspects of the Guidance that, according to Chairman Tarbert’s accompanying statement, “were not plainly evident from prior CFTC guidance, enforcement actions, and case law.”

The Guidance in effect enables those transacting in leveraged virtual currency (often referred to as “cryptocurrency”) to understand whether they are subject to CFTC jurisdiction. As noted in the release, the CFTC has exclusive jurisdiction over commodity futures, options and swaps – which encompasses a broad range of derivatives – and has broad anti-fraud and anti-manipulation authority over any contract of sale of any commodity in interstate commerce, as well as swaps and futures. This jurisdiction includes certain speculative commodity transactions involving leverage or margin, which are also treated by the CFTC as futures. The CFTC’s jurisdiction over leveraged retail transactions remained uncertain until passage of the Dodd-Frank Act in 2010.

Before the Dodd-Frank Act, it was possible that a retail transaction in a commodity entered on a leveraged or margined basis, or financed by the counterparty, could avoid regulation by the CFTC even though it was economically indistinguishable from a futures contract. In his statement, Chairman Tarbert offers this example: suppose that someone decides to purchase a commodity with some money down, with delivery and final payment to be made at some future date, but is also able to trade out of the position at any time to lock in any gains or losses incurred to date; “that starts to look an awful lot like a futures contract—with identical economics but without any regulation.” The Dodd-Frank Act addressed this regulatory gap, with a particular application to abusive sales practices involving foreign currency and precious metals, and now the Guidance provides interpretation to apply the same principles to virtual currency.

The important exception to the CFTC’s jurisdiction over leveraged retail commodity transactions is for a contract of sale that “results in actual delivery within 28 days…” The determinative factor as to whether a transaction in virtual currency is subject to CFTC jurisdiction is whether actual delivery occurs within 28 days of trade execution. (Note that, for retail foreign currency transactions, the delivery period is only two days.) In its 2015 Coinflip Order, the CFTC clarified that virtual currency constitutes a “commodity” under the Commodity Exchange Act. Although virtual currency is an intangible commodity, the CFTC has jurisdiction over other types of intangible commodities, including rate indices and renewable energy credits. Multiple federal courts have also held that virtual currencies are commodities under the Commodity Exchange Act. The CFTC broadly defines virtual currencies as follows:

a digital asset that encompasses any digital representation of value or unit of account that is or can be used as a form of currency (i.e., transferred from one party to another as a medium of exchange); may be manifested through units, tokens, or coins, among other things; and may be distributed by way of digital “smart contracts,” among other structures.

In the Guidance, the Commission interprets “actual delivery” in the context of virtual currency as taking place when (a) a customer (i) secures possession and control of the entire quantity of the commodity – whether it was purchased on margin, or using leverage, or any other financing arrangement – and (ii) has ability to use the entire quantity of the commodity freely in commerce, no later than 28 days from the date of the transaction; and (b) the offeror and counterparty seller do not retain any interest in, legal right, or control over any of the purchased commodity after 28 days from the date of the transaction. While this interpretation is carefully drafted to avoid permitting any “sham delivery” to qualify, the Guidance states that the simplest definition of actual delivery is the ability of a purchaser to use the virtual currency immediately as a unit of exchange. And while the 28-day period is provided as the outside time limit to constitute actual delivery, as a practical matter, it typically takes much fewer than 28 days for a virtual currency transfer to complete. To determine whether the seller no longer retains any interest in the virtual currency, the CFTC may look to whether the seller retains any ability to access or withdraw any quantity of the virtual currency from the purchaser’s account or virtual wallet. The Guidance essentially reaffirms guidance that the CFTC provided in 2013, in a non-virtual currency context, as to the “functional approach” that the CFTC would apply in determining whether actual delivery had occurred.

In the Guidance, the CFTC emphasizes the importance of virtual currencies and their underlying blockchain technologies, and highlights its efforts to take a “deliberative and measured approach” in this area, to avoid stifling technological innovation. The CFTC points to its efforts in this area, including the LabCFTC initiative, which seeks to promote market-enhancing innovation. It also notes that several derivatives contracts based on virtual currency are listed on CFTC registered entities. The Guidance also reports that the CFTC continues to follow the evolution of the cash market for virtual currencies, since cash markets affect related derivatives markets. It is because the technology, market structures and law are evolving so quickly that, as discussed by several Commissioners in their accompanying statements, issuing interpretive guidance is more appropriate than rulemaking at this time. We encourage readers to refer to the CFTC’s full Guidance, which is clearly written with helpful examples.

Cryptocurrency and OFAC: Beware of the Sanctions Risks

A recent federal criminal action shows the depth of the U.S. government’s concern about the use of cryptocurrency (or virtual currency) to violate economic sanctions laws and the lengths to which it will go to charge such violations. The U.S. government is particularly concerned that sanctioned countries and parties have used cryptocurrency to avoid sanctions designed to isolate them, and to facilitate illicit activities, including money laundering and ransomware attacks. The U.S. Office of Foreign Assets Control of the Treasury Department (OFAC), which administers U.S. economic sanctions programs, indicated recently that it intends to devote more resources to cryptocurrency issues. Over the past year or so, OFAC has issued a number of subpoenas to virtual currency businesses, such as exchanges, regarding possible customers and transactions involving parties in sanctioned countries. OFAC will probably announce its first enforcement actions involving virtual currency at some point this year. In addition, as discussed in Orrick’s recent blog post, the U.S. Commodity Futures Trading Commission, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), and the U.S. Securities and Exchange Commission remain focused on AML risks presented by cryptocurrency.

In an unusual application of economic sanctions law, in November 2019 a U.S. citizen was arrested and charged by the U.S. Attorney for the Southern District of New York with violating U.S. sanctions after he traveled to North Korea and delivered a presentation and technical advice related to the use of cryptocurrency and blockchain technology. In the case, which did not involve cryptocurrency transactions, the U.S. Attorney charged Virgil Griffith, an Ethereum Foundation staff member, with conspiring to violate U.S. sanctions laws that generally prohibit the provision of unlicensed services to North Korea. According to the U.S. Attorney’s Office, Mr. Griffith had traveled to North Korea to attend and speak at the Pyongyang Blockchain and Cryptocurrency Conference, despite the U.S. government’s denial of his request for authorization to attend. The U.S. government alleges that at the conference Mr. Griffith and other attendees discussed how North Korea could use blockchain and cryptocurrency technology to launder money and evade sanctions.

OFAC has issued frequently asked questions emphasizing that compliance obligations remain the same regardless whether transactions are denominated in virtual currency or fiat, and has started to include in its Specially Designated Nationals and Blocked Persons List (SDN List) virtual currency addresses that are linked to sanctioned persons. Sanctions are enforced with the help of U.S. businesses, in particular banks and other financial institutions, which have implemented systems and internal controls to detect the involvement of designated persons or prohibited jurisdictions in transactions. The U.S. government expects a similar level of commitment from entities dealing in cryptocurrency. It is critical that U.S. virtual currency users, exchangers, administrators and other persons engaging in virtual currency transactions with any U.S. nexus take steps designed to ensure that they do not deal with U.S. sanctions targets, which include providing financial or other services to such parties. OFAC has advised technology companies, administrators, exchangers, and users of virtual currencies, and other payment processors, to implement risk-based compliance programs, which generally should include sanctions list screening. This is consistent with OFAC’s recommendations included in A Framework for OFAC Compliance Commitments issued in June 2019.

Because a strict liability standard applies to unauthorized dealings with sanctioned parties and jurisdictions, U.S. persons dealing in cryptocurrency cannot avoid potential liability simply because they do not know the identity of the person with whom they are interacting. And the risk of dealing with sanctioned persons and jurisdictions when conducting virtual currency transactions will likely increase should nations like Iran and Russia further embrace cryptocurrency to try to avoid sanctions. In 2018, Iran reportedly acknowledged cryptocurrency mining as a legitimate industry, and in December 2019, Iran’s President reportedly proposed creation of a Muslim cryptocurrency to decrease reliance on the U.S. dollar. The U.S. government acted in 2018 to prohibit transactions involving Venezuela’s state virtual currency, the “Petro.”

To protect against potential sanctions violations, there are key steps that cryptocurrency users and exchanges can take. Crypto exchanges operating in the United States are required to register with FinCEN as money services businesses, to license themselves in the states in which they operate, and to exclude users in sanctioned jurisdictions and those on OFAC’s SDN List from transacting on the exchange. These exchanges should adopt and implement Know Your Customer procedures, including sanctions screening, to identify parties trading on their exchanges, and can employ geo-IP blocking to prohibit access by parties from sanctioned jurisdictions. They should perform transaction monitoring to detect suspicious activity and file required reports with FinCEN. U.S. persons trading in cryptocurrency should use exchanges committed to complying with U.S. sanctions requirements. If the exchange allows sanctioned parties to participate, a U.S. person could end up unknowingly trading with such a party and thus violating U.S. law. Exchanges operating outside the United States that want to attract U.S. users should also consider implementing such measures, to exclude targets of U.S. sanctions from trading. Non-U.S. exchanges that permit access to certain U.S. sanctions targets may risk imposition of U.S. “secondary sanctions” designed to deter non-U.S. persons from engaging in business with targets of U.S. sanctions.

The SEC’s Second No-Action Relief for Digital Tokens: Meaningful Relief or a Wolf in Sheep’s Clothing?

Pocketful of Quarters, Inc. (PoQ) is the second-ever recipient of no-action relief from the Division of Corporation Finance of the Securities and Exchange Commission for the issuance of “Quarters.” Quarters are a digital arcade token that is usable, like its conventional physical counterparts, across participating games and platforms. This no-action relief evidences a more thoughtful and sophisticated approach to the regulation of digital tokens and, in that respect, is welcome news to an industry that has been adrift since SEC Chairman Clayton’s statement in December 2017 that “[b]y and large, the structures of initial coin offerings that [he has] seen promoted involve the offer and sale of securities.” This no-action relief, though arguably unnecessary because Quarters are clearly not securities, confirms that certain classes of tokens are not subject to the requirements of the federal securities laws. Moreover, the conditions and restrictions imposed by the no-action letter on the issuance and use of Quarters are so onerous that the relief granted, while reaffirming, is not groundbreaking.

In the no-action relief, the Chief Legal Advisor to FinHub indicated that, subject to conditions, the Division would not recommend enforcement action to the Commission if PoQ offers and sells Quarters without registering the tokens as securities under Section 5 of the Securities Act and Section 12(g) of the Exchange Act. Some of the more significant conditions are:

  • The Quarters will be immediately usable for their intended purposes (gaming) at the time they are sold;
  • PoQ will restrict the transfer of Quarters through technological and contractual provisions governing the Quarters and the Quarters Platform that restrict the transfer of Quarters to PoQ or to wallets on the Quarters Platform;
  • Gamers will only be able to transfer Quarters to addresses of Developers with Approved Accounts or to PoQ in connection with participation in e-sports tournaments;
  • Only Developers and Influencers with Approved Accounts will be capable of exchanging Quarters for ETH at pre-determined exchange rates by transferring their Quarters to the Quarters Smart Contract;
  • Quarters will be made continuously available to gamers in unlimited quantities at a fixed price;
  • PoQ will market and sell Quarters to gamers solely for consumptive use as a means of accessing and interacting with Participating Games.

Considered as a whole, these conditions are so restrictive and duplicative that they raise doubt as to the necessity of the relief. For example, since Quarters will be made continuously available in unlimited quantities at a fixed price, no reasonable purchaser can expect the price of Quarters to increase and therefore cannot expect to profit from the purchase of Quarters. Accordingly, the transfer and secondary market trading restrictions are superfluous, and by highlighting them as a condition of the relief, CorpFin is effectively imposing conditions on a non-security.

Commissioner Hester Pierce raised a similar concern regarding the staff’s issuance of the first token no-action letter to TurnKey Jet, a charter jet company that sought to tokenize gift cards that could be used to charter its jet services. She stated that the offering of Turnkey tokens is so “clearly not an offer of securities that I worry the staff’s issuance of a digital token no-action letter . . . may in fact have the effect of broadening the perceived reach of our securities laws.” She continued by stating that the Turnkey no-action letter “effectively imposed conditions on a non-security.” Nevertheless, the Quarter’s no-action relief should be touted because it reestablishes the possibility of issuing a digital token that is not a security.

There are three additional aspects of PoQ’s letter requesting no-action relief that merit special attention: (i) the two-tiered token approach used by PoQ; (ii) the built-in token economics managed by a smart contract; and (iii) the condition that KYC/AML compliance reviews must be made at account initiation and on an ongoing basis.

First, Quarters are the second class of tokens that PoQ will issue, but the only one for which it sought no-action relief. PoQ conceded that the first class of tokens PoQ issued, “Q2 Tokens,” are securities, which were sold to investors through an exempt offering to raise funds to build the Quarters platform. The holders of the Q2 Tokens will benefit from the sale of Quarters by receiving, ratably, 15% of the funds collected from the sale of Quarters. This, or a similar, structure could prove beneficial to other investors that purchased tokens through an exempt offering and are now waiting for a return on their investment.

Next, the no-action relief implicitly approves the token economics of the PoQ network. According to PoQ’s letter requesting no-action relief, a portion of the funds received from the sale of Quarters will be used to compensate developers, influencers and Q2 Token holders in ETH. The funds distribution process will be managed by a smart contract. If Quarters are purchased with fiat currency, PoQ will transfer an equivalent amount of ETH to the Quarters Smart Contract upon such purchases for the purposes of such compensation.

Last, the no-action request raises, but leaves unanswered, a question pertinent to all token issuers: whether PoQ or any participant on the Quarters Platform must register with FinCEN as a money services business. Although this question is left unanswered, it appears that PoQ has built in some processes that would be required if it were a registered MSB. For example, a condition of the no-action relief states that: “to create an Approved Account, Developers and Influencers will be subject to KYC/AML checks at account initiation as well as on an ongoing basis.” In addition, the no-action request explains that purchases of Quarters through the PoQ Website “will occur via a licensed payment processor.” Similarly, purchases made through the Apple App store and Google Play store will occur via the standard payment processing solutions generally applicable to purchases made through those platforms; it is possible that this system was put in place to take advantage of one of the money transmitter exemptions such as the payment processor exemption. For the time being, however, it appears that PoQ has not registered with FinCEN; PoQ does not appear as a registered entity on FinCEN’s MSB Registrant database.

Though restrictive in its terms, the Quarters no-action relief demonstrates the SEC’s willingness to engage with token issuers and permit use of cryptocurrency outside of the SEC’s regulation, although the agency does not appear ready to give the concept free reign.

FinCEN Shows a Little Bite to Go with Its Bark

Last week, the Financial Crimes Enforcement Network (FinCEN) backed up its strong public statements about enforcing the anti-money laundering (AML) laws with respect to cryptocurrency by bringing an enforcement action against an individual for violating the Bank Secrecy Act (BSA).

FinCEN, a bureau within the U.S. Department of Treasury tasked with safeguarding the financial system from illicit use and combating money laundering, has not been shy about expressing interest in blockchain and cryptocurrency issues. In a recent speech, Director Kenneth A. Blanco explained that “FinCEN has been at the forefront of ensuring that companies doing business in virtual currency meet their AML/CFT obligations regardless of the manner in which they do business.” He added that FinCEN “will continue to work with the SEC and CFTC to ensure compliance in this space and will not hesitate to take action when we see disregard for obligations under the BSA.” But FinCEN enforcement actions involving cryptocurrency activities have been infrequent. Since its landmark action against Ripple Labs in 2015, FinCEN’s only enforcement proceeding in this area was brought in 2017 against virtual currency exchanger BTC-e and its owner.

That changed last week when FinCEN assessed a civil penalty against Eric Powers, a “peer-to-peer exchanger” of virtual currency, for violations of the BSA. In agreeing to pay a $35,350 penalty, Powers admitted that he willfully violated the BSA by failing to (i) register as a money services business (MSB), (ii) implement written policies and procedures for ensuring BSA compliance, and (iii) report suspicious transactions and currency transactions.

The Powers action does not provide much insight into one of the more difficult questions a company whose business involves virtual currency faces: whether it qualifies as an MSB that is subject to the BSA. FinCEN guidance from 2013 indicates that the BSA generally will apply to “exchangers” and “administrators” of convertible virtual currencies. Unlike many virtual currency companies, Powers seems to have clearly fit within FinCEN’s definition of an exchanger – through online postings he advertised his intention to purchase and sell bitcoin for others, and he completed purchases and sales by delivering or receiving currency in person, through the mail, or via wire transfer. But in establishing that the BSA applied to Powers, FinCEN leans heavily on the 2013 guidance. That guidance in many ways is imprecise or unclear and it continues to create uncertainty as blockchain technology and virtual currency business models continue to evolve. But the Powers assessment confirms that other entities operating in the cryptocurrency space nevertheless should continue to evaluate their BSA obligations through the lens of that guidance to the extent possible.

Unlike those assessed against Ripple and BTC-e, the financial penalty assessed against Powers was relatively small. This might be because Powers was a natural person (potentially with a lesser “ability to pay” than larger incorporated entities), conducted a fairly small-scale operation, and paid larger sums as part of an earlier civil forfeiture action brought by the Maryland U.S. Attorney. While those considerations warranted a lesser penalty in Powers’s case, FinCEN very well could apply the same law, guidance, and reasoning underlying the assessment to more extensive cryptocurrency operations. Director Blanco’s recent comments regarding FinCEN’s priorities and this latest enforcement action suggest that FinCEN likely will do just that. In other words, we wouldn’t be surprised if FinCEN brings more enforcement actions – levying more severe penalties – to enforce the BSA in the cryptocurrency industry. Persons and entities operating in this industry thus should focus on assessing their potential BSA obligations early and take affirmative steps to comply if required.

NYDFS to Virtual Currency Exchange: Don’t Let the Door Hit You on Your Way Out

The New York Department of Financial Services virtual currency license is back in the spotlight after NYDFS announced that it had rejected the application of Bittrex Inc., a virtual currency exchange, to conduct virtual currency business in the Empire State. The NYDFS virtual currency license, or BitLicense, is notoriously difficult to obtain, having been granted to only 19 companies since it was implemented in July 2014. Although all BitLicense application denials are technically publicly available (but not published), the announcement of Bittrex’s application denial in such a public way is a first for the regulator. The rejection letter states that “Bittrex has failed to demonstrate responsibility, financial and business experience, or the character and fitness to warrant the belief that its business will be conducted honestly, fairly, equitably and carefully. . . .” The denial, coupled with the requirement that Bittrex immediately close up shop in New York, marks a very public rebuke of the exchange, which Bittrex met with a prompt and strongly worded response of its own.

Bittrex submitted its BitLicense application on August 10, 2015. On April 10, 2019, NYDFS publicly announced the rejection of Bittrex’s application. New York allowed Bittrex to operate in the state during the three and a half year application process under the terms of a safe harbor. According to NYDFS’s public rejection letter, the prolonged application process culminated in a four-week on-site review of Bittrex’s operations by NYDFS in February 2019. As a result of the on-site review, NYDFS rejected Bittrex’s BitLicense application based primarily on “deficiencies in Bittrex’s Bank Secrecy Act (BSA), Anti-Money Laundering (AML) and Office of Foreign Assets Control (OFAC) compliance program; a deficiency in meeting the Department’s capital requirement; and deficient due diligence and control over Bittrex’s token and product launches.” This long list of deficiencies, after such a long and laborious application process, appears at odds with the Department’s statement that “throughout Bittrex’s application process, the Department worked steadily with Bittrex” to address deficiencies in some of the very same areas found to be deficient during the February 2019 review.

According to the rejection letter, Bittrex has approximately 35,000 New York-based users who must now find a new exchange on which to trade. This is not going to be an easy task because Bittrex is a market leader listing 212 digital assets on its exchange. By way of comparison, Coinbase, which received its BitLicense in January 2017, lists six digital assets on its exchange (not including the digital assets listed on Coinbase Pro).

Within hours Bittrex responded to the public rejection with its own statement asserting that the rejection “harms rather than protects New York customers,” and stating that “Bittrex fully disputes the findings of the NYDFS” in its rejection letter. According to Bittrex, the NYDFS rejection letter contains “several factual inaccuracies” which Bittrex addresses in its response letter.

Given the public nature of this confrontation and the status of New York as a major financial hub, it is unlikely that we have heard the last of this from the parties involved. In the interim, industry participants should review the NYDFS rejection letter and Bittrex’s response, both of which provide helpful insight into the BitLicense application process and the requirements that digital asset companies have to meet if they seek to offer services in New York.

The 2019 Token Taxonomy Act: A Path to Consumer Protection and Innovation Takes Shape

We’ve previously written that the Token Taxonomy Act first introduced to Congress by Representatives Warren Davidson (R-OH) and Darren Soto (D-FL) on December 20, 2018, was a welcome legislative initiative designed to provide a regulatory “light touch” to the burgeoning digital asset industry. The bill expired, however, with the termination of the 115th Congress, leaving open the question of what any future blockchain regulatory proposals, would look like. The industry’s questions were answered on April 9, 2019 when Representatives Davidson and Soto introduced the Digital Taxonomy Act of 2019 (DTA) and the Token Taxonomy Act of 2019 (TTA) to the 116th Congress. The DTA and TTA represent expanded efforts to clarify regulation and spur blockchain innovation in the United States.

According to Representatives Davidson and Soto, the DTA is meant to add jurisdictional certainty to efforts to combat fraudulent behavior in the digital asset industry. As such, the DTA grants the FTC $25,000,000 and orders it to prepare reports on its efforts to combat fraud and deceptive behavior. The DTA also specifically carves out from its purview the authority of the CFTC to regulate digital assets as commodities subject to the Commodities Exchange Act.

The 2019 TTA, with the backing of four bipartisan representatives in addition to Davidson and Soto, is similar to last year’s model. Besides defining digital assets and exempting them from certain securities law requirements, the 2019 TTA maintains proposals to amend the Investment Advisers Act of 1940 and the Investment Company Act of 1940 so that certain regulated entities can hold digital assets. Like the 2018 version of the TTA, the 2019 TTA would also allow the sale of digital assets to qualify for the benefits of Internal Revenue Code Section 1031 like-kind exchange provisions and for the first $600 dollars of profit from digital asset sales to be tax-free.

The TTA also has important updates. The most prominent change is the definition of a “digital asset.” As we’ve previously discussed, the 2018 version of the TTA required that a digital asset’s transaction history could not be “materially altered by a single person or group of persons under common control” to qualify for exemption from securities laws. Because of the unavoidable possibility of a 51% attack, which would alter a token’s transaction history, the language created the possibility that proof of work- and proof of stake-based tokens would not be eligible for regulatory relief, thus limiting the bill’s benefits.

In the re-proposed TTA, however, the newly proposed language of Section 2(a)(20)(B)(ii) requires that the transaction history, still recorded in a mathematically verifiable process, “resist modification or tampering by any single person or group of persons under common control.” Thus, any digital asset, even those subject to 51% attacks, may be exempt from certain securities law requirements, although the language appears to require that a governance or security system underline the token’s consensus system.

Another important update is the TTA’s proposed preemption of state regulation of the digital asset industry by federal authorities. While the TTA would still permit states to retain antifraud regulatory authority, it largely strips states’ rights to regulate digital assets as securities. Representative Davidson’s press release on the bill specifically cites the “onerous” requirements of the New York BitLicense regulatory regime as a reason for the inclusion of this provision.

Critics have been quick to point out that the bills, while well intentioned, leave many unanswered questions and therefore may not provide the regulatory certainty the bills’ authors hope to effect. And even a perfect bill would face an uphill battle in getting enacted these days. But the digital asset industry should nonetheless take comfort in the growing contingent of legislators who take seriously the imperative to balance consumer protection and blockchain innovation.

Appellate Court – Selling Bitcoin in Florida Requires a Money Services Business License

Following a recent opinion by a Florida appellate court, virtual currency dealers who do business in, from, or into Florida – even individuals in the business of selling their own virtual currency for cash – may be required to obtain a “money services business” license from Florida’s Office of Financial Regulation and maintain costly anti-money laundering programs in accordance with Florida and federal law or face criminal penalties.

On January 30, Florida’s Third District Court of Appeal reinstated criminal charges against Florida resident Michell Espinoza for money laundering and “unlawfully engaging in the business of a money transmitter and/or payment instrument seller without being registered with the State of Florida.” State v. Espinoza, No. 3D16-1860, slip op. (Fla. Dist. Ct. App. Jan. 30, 2019). The trial court had previously dismissed the charges against Espinoza, agreeing with his argument that selling Bitcoin does not qualify as “money transmitting” under Florida law because Bitcoin is not “money,” among other reasons. State v. Espinoza, No. F14-2923 (Fl. Cir. Ct. July 22, 2016). The appellate court disagreed and determined that even a person in the business of selling his own Bitcoin for cash is a “money transmitter” and “payment instrument seller” under Florida law and is therefore required to be licensed as a “money services business.”

The charges against Espinoza stem from a sting operation in 2013, in which undercover detectives contacted Espinoza through a Bitcoin exchange site, LocalBitcoins.com. Espinoza posted on that site that he would sell Bitcoins for cash through in-person transactions. Espinoza was not licensed or registered as a “money services business” with Florida or federal regulators. An undercover detective met Espinoza several times and paid him a total of $1500 cash for Bitcoin, earning Espinoza a profit. During those transactions, the undercover detective allegedly made clear his desire to remain anonymous and said he was involved in illicit activity. For example, the undercover detective allegedly told Espinoza that he needed the Bitcoin to buy stolen credit card numbers from Russians.

The Florida appellate court’s determination that Bitcoins are “monetary value” and “payment instruments” under Florida law fits within a line of cases finding that Bitcoin qualifies as “money” for the purposes of money laundering and anti-money laundering laws. For example, in 2014 Judge Rakoff, a United States District Judge for the Southern District of New York, found that Bitcoin clearly qualifies as “money” or “funds” for the purposes of the federal money transmitter statute because “Bitcoin can be easily purchased in exchange for ordinary currency, acts as a denominator of value and is used to conduct financial transactions.” United States v. Faiella, 39 F. Supp. 3d 544, 545 (S.D.N.Y. 2014) (citing SEC v. Shavers, 2013 WL 4028182, at *2 (E.D. Tex. Aug. 6, 2013)). Some states have also codified virtual currency into their anti-money laundering regulations. For example, after the trial court determined that Bitcoin was not a “monetary instrument” that could be laundered under Florida’s money laundering statute, the Florida legislature amended the statutory definition of “monetary instruments” to explicitly include the term “virtual currency.” Fla. Stat. § 896.101(2)(f) (2017). Other states, however, have taken a different approach. Pennsylvania’s Department of Banking and Securities (“DoBS”), for example, recently published guidance that virtual currency, including Bitcoin, is not considered money under Pennsylvania law. “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania Department of Banking and Securities (Jan. 23, 2019).

The Florida appellate court found that Espinoza was operating as a “money transmitter” and therefore was a “money services business,” simply by engaging in the business of selling his own Bitcoin for cash and not otherwise acting as a middleman between parties. The trial court had applied the more common and narrow understanding that a “money transmitter” operates “like a middleman in a financial transaction, much like how Western Union accepts money from person A, and at the direction of person A, transmits it to person or entity B,” as explained by the appellate court.

To reach its conclusion, the Florida appellate court looked to the text of Florida’s money services business statute – which the court believes is critically different from federal regulations. Under both federal and Florida state law, a “money services business” is defined to include a “money transmitter.” Compare 31 C.F.R. § 1010.100(ff) with Fla. Stat. § 560.103(22). According to the Florida appellate court, the federal definition of “money transmitter” includes a third-party requirement. Under federal regulations, a “money transmitter” means a person engaged in the “acceptance of currency, funds or other value that substitutes currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” 31 C.F.R. § 1010.100(ff)(5(i)(A) (emphasis added). In comparison, the Florida statute defines a “money transmitter” as an entity “which receives currency, monetary value, or payment instruments for the purpose of transmitting the same by any means.” Fla. Stat. § 560.103(23). The Florida appellate court found that, in contrast to the federal regulations, the Florida statute’s “plain language clearly contains no third party transmission requirement in order for an individual’s conduct to fall under the ‘money transmitter’ definition” and, as such “decline[d] to add any third party or ‘middleman’ requirement.”

The appellate court’s interpretation of the text of Florida’s statute is disputable. From a statutory interpretation perspective, the middleman requirement is arguably inherent in the plain meaning of the word “transmit,” which is defined by Merriam-Webster as “to send or convey from one person or place to another.” (Notably, Pennsylvania’s DoBS recently issued guidance interpreting the word “transmitting” in a comparable state statute to include a third-party requirement. See “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania DoBS (Jan. 23, 2019) (interpreting statute that “[n]o person shall engage in the business of transmitting money by means of a transmittal instrument for a fee or other consideration with or on behalf of an individual without first having obtained a license from the [DoBS]” to impose a third-party requirement).) It would, therefore, be reasonable to interpret Florida’s statute as consistent with federal regulations. Moreover, the Florida appellate court’s interpretation of the statute could have broad and troubling consequences. Although dicta in the Florida appellate court’s decision make it seem like the court is making a distinction between “merely selling [one’s] own personal bitcoins” and “marketing a business,” the court’s statutory interpretation leaves open the possibility that the mere act of selling one’s own property – without registering as a “money services business” – could be a crime.

While we watch to see whether Espinoza will appeal this decision to the Florida Supreme Court, virtual currency dealers should be aware that selling virtual currency in, from or into Florida may require a money services business license and the maintenance of an anti-money laundering program.

The Token Taxonomy Act: A Fatal Drafting Ambiguity

As we’ve previously written, the Token Taxonomy Act (TTA) is an ambitious and potentially impactful piece of legislation that, by exempting digital tokens from the securities laws, might remove regulatory inhibitions from the maturing digital token industry. The bill is not without fault, however. As it stands, the language of the bill requiring that a digital token’s consensus be inalterable is ambiguously written and the SEC could use a strict interpretation to preclude many digital assets from qualifying as digital tokens.

The proposed additional language of Section 2(a)(20)(B) of the Securities Act of 1933 reads that to qualify for the exemption, a digital token:

(i) must be recorded in a distributed, digital ledger or digital data structure in which consensus is achieved through a mathematically verifiable process; and

(ii) after consensus is reached, cannot be materially altered by a single person or group of persons under common control.

In other words, a digital token must use an inalterable and objectively verifiable process. This language is designed to include in the definition only those digital tokens that are or will be in widespread enough use so that no one single party can influence the nature of the outstanding tokens in a way that adversely affects digital token holders.

The proposed language creates the possibility that the SEC could strictly apply the requirement that a token “cannot” be materially altered. As it stands, proof-of-work and even proof-of-stake digital assets are susceptible to a 51% attack, which could alter the digital token’s consensus. “Proof-of-work” and “proof-of-stake” refer to different systems used to verify and process transactions on a blockchain.

A “51% attack” is an event in which a party takes control of the requisite computer power underlying a token’s blockchain such that the party can control the token platform’s operation. Typically, a party seeking such control needs to possess 51% of the outstanding tokens, but the threshold amount can be lower for individual digital assets. A party that has successfully executed a 51% attack can change the ledger history so that it can, for example, double-spend tokens.

The SEC could negate the potential application of the TTA because the recent 51% attack against Ethereum Classic shows that the risk of attack against proof-of-work digital assets, especially those with a low market capitalization, is real. And although the proof-of-stake system makes a 51% attack prohibitively expensive, the SEC could justifiably claim that it is theoretically possible. An irrational, non-economic actor could still stage a 51% attack against a proof-of-stake digital asset with an intent to destroy it rather than to make profit.

In the end, the ambiguity in the bill’s language might not have a deleterious effect. It is hoped that a regulator would not strictly interpret the bill’s language to exclude the intended beneficiaries because of a hypothetical possibility of a 51% attack. So, too, the digital asset industry will likely continue to innovate new and more secure protocols that could potentially eliminate the threat of 51% attacks, making potential exclusion from the bill’s benefits a moot point. Nonetheless, as the TTA undergoes revision, the potential ambiguity in the proposed language should be remedied.