FINRA

Cryptocurrencies: Are They Securities?

Cryptocurrencies, including Bitcoin, have been in the news a lot lately, but many people still don’t know what they are—or whether they’re regulated.  Here’s a quick rundown.

What Are Cryptocurrencies?

Cryptocurrencies are decentralized digital cash systems.  Eschewing centralized control, such as a bank or government, cryptocurrencies instead rely on pseudonymous peer-to-peer networks—think Napster of yore—in which all actors in the network must recognize and reflect a transaction.  To illustrate how this works, if Person A has an apple and trades it to Person B for her orange, Person A cannot thereafter trade that apple to Person C because everyone knows from a public ledger that Person A has already traded his one apple.

The security of the public ledger is then of paramount importance—so how do cryptocurrencies ensure ledger security?  They rely on people called miners.  Miners are basically the bookkeepers of the public ledger, and anyone with the time, energy, and equipment can be a miner.  When a transaction occurs, it is not immediately added to the public ledger; instead, a miner must first confirm it.  To do so, miners generate a complicated code that: (1) memorializes the data relating to the transaction; (2) refers to the previous confirmed transaction in the system (a sequential timestamp of sorts); and (3) complies with the particular cryptocurrency’s specific requirements.  This is a challenging and necessary task that protects the public ledger—a transaction won’t be confirmed if a code can’t be generated that aligns with previous ledger entries.  Using the earlier example, once Person A’s apple-orange trade has been confirmed, he can’t trade the apple again because any code generated after that reflects that he has already traded his apple.  Without an acceptable code, no new transaction can be confirmed.

Miners race against each other to confirm transactions because each confirmation earns the miners a specified amount of the cryptocurrency, which is finite in supply.  Once confirmed, the transaction is permanently recognized and irreversible.  In essence, cryptocurrencies attempt to ensure legitimacy through a crowd-sourced ledger in which lines may not be deleted and may be added sequentially only after users, who are paid for their efforts, solve recognized and complicated puzzles.

Are Cryptocurrencies Regulated as Securities?

Cryptocurrency values have skyrocketed this year: Bitcoin has tripled in value and the value of Ethereum, another cryptocurrency, has jumped by more than 2,000 percent.  The resulting buzz has attracted government attention around the globe.  Recognizing both the potential risks and rewards, many countries have begun attempts to regulate cryptocurrencies, to varying degrees.

In the US, both the SEC and FINRA have warned investors about the greater risks—due to anonymity, volatility, and lack of central authority—surrounding any investment in cryptocurrencies.  More recently, the SEC has also issued guidance on digital coin sales, or initial coin offerings (ICOs), and has taken the position that “offers and sales of digital assets by ‘virtual’ organizations are subject to the requirements of the federal securities laws.”

For example, in its Report of Investigation of Slock.it UG, a German corporation, and the DAO, an affiliated “virtual” organization, the SEC “stress[ed] that the U.S. federal securities law may apply to various activities, including distributed ledger technology, depending on the particular facts and circumstances . . . .”  It then “demonstrate[d] the application of existing U.S. federal securities law to this new paradigm” by using Slock.it and the DAO’s ICO as an example:

The DAO was created by Slock.it and [its] co-founders, with the objective of operating as a for-profit entity that would create and hold a corpus of assets through the sale of DAO Tokens to investors, which assets would then be used to fund “projects.” The holders of DAO Tokens stood to share in the anticipated earnings from these projects as a return on their investment in DAO Tokens.

Analyzing these facts in the context of federal law, the agency concluded that the DAO tokens constituted securities.  The securities laws therefore applied “to those who offer and sell [the tokens] in the United States,” regardless “whether the entity is a traditional company or decentralized autonomous organization,” “whether . . . purchased using U.S. dollars or virtual currencies,” or “whether [the tokens] are distributed in certificated form or through distributed ledger technology.”  While the SEC did not bring charges in this instance, its report was intended to send the message that the SEC is keeping its eye on cryptocurrencies, and that we may see future enforcement actions in this area.

Foreign governments have likewise increased regulation, though to differing degrees and with different goals.  China, home to one of the largest cryptocurrency trading markets, has taken steps to clamp down on such trading.  Just last week, Chinese authorities ordered all domestic cryptocurrency exchanges to immediately cease trading.  Exchanges were also directed to come up with a plan for the orderly return of funds to investors.  By contrast, Russia has taken the opposite approach.  Despite skepticism from the central bank, President Vladimir Putin has signaled his support of cryptocurrencies and more widespread adoption.

FINRA Issues Largest Fine Regarding Variable Annuities Contracts

Gavel and Hundred-Dollar Bill

On May 3, 2016, the Financial Industry Regulatory Authority announced that MetLife Securities, Inc. agreed to pay $25 million to settle allegations that the company misled its customers in tens of thousands of variable annuity replacement applications.  The sanction represents FINRA’s largest fine related to variable annuities.

Variable annuities (“VAs”) are highly complex and highly regulated insurance contracts that guarantee their holders—typically retirees—a minimum payment at the end of an accumulation stage.  When a consumer seeks to replace one VA for another, her broker must complete an Annuity Replacement and Transfer Disclosure (ARTD) setting forth the comparative cost and guarantee information about existing and proposed annuity contracts.  In New York, brokers must also complete a “Regulation 60 Disclosure,” which contains a hypothetical illustration of death benefits and surrender values for existing and proposed contracts under various hypothetical market growth rates.

READ MORE

Chamber of Commerce Airs Grievances Related To Internal Controls Inspections

In recent months, issues related to internal control systems and reporting have taken on an increased profile and significance.  For example, as previously noted by the authors here and here, the SEC has sought to prioritize compliance with internal controls by initiating a growing number of investigations into companies based on allegations of inadequate internal controls.

READ MORE

FINRA Offers 11.7 Million Reasons To Maintain Adequate Supervisory Controls

Stack of Money

As noted previously in this blog, the SEC and other regulatory agencies continue to display an increased interest in the issue of internal and supervisory controls.  The Financial Industry Regulatory Authority (“FINRA”) has continued this trend, recently bringing charges against a number of member firms related to allegedly inadequate supervisory controls.

READ MORE

Going for Brokerage: SEC Report Highlights Best (and Worst) Practices in Cybersecurity Preparedness

cybersecurity

On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts.  FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.

The National Exam Program Risk Alert, “Cybersecurity Examination Sweep Summary” summarizes cybersecurity practices and policies of 57 registered broker-dealers, and 49 registered investment advisers based on examinations conducted by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”).  These findings should be reviewed by CISOs and CIOs who have responsibility for cybersecurity protection because they highlight best practices and areas ripe for improvement.  It is reasonable to assume that both the SEC and FINRA will expect firms to review the findings and tailor their own internal assessments and practices to improve their cybersecurity posture, accordingly.  They also underscore that the simplest cyber-related scams (phishing, fraudulent e-mail scams, etc.) are still remarkably successful.

READ MORE

Investment Advisors Would Pay For Some SEC Oversight

Congress continues to struggle with the issue of proper oversight for investment advisors. Despite catastrophes like the Bernie Madoff scheme, SEC budget constrictions have resulted in only a handful of investment advisors being reviewed by the Commission each year (as compared to over half of all broker-dealers). Various bills have been floated to remedy the situation.

In April, the Investment Adviser Oversight Act of 2012 was introduced in the House. Proposed as an amendment to the 1940 Investment Adviser Oversight Act, the new act seeks to regulate investment advisors by requiring them to join a new self-regulatory organization (SRO) that would be funded by their membership fees. Though not explicitly set forth by the Act, the Financial Industry Regulatory Authority (FINRA) was expected to create and oversee the new governing SRO. READ MORE

New SEC Rule Requires Securities Exchanges and FINRA to Work Together to Improve Monitoring of Trading Activity in the U.S.

On July 11, 2012, the Securities and Exchange Commission (SEC) approved a new rule, which will require the national securities exchanges and self-regulatory organizations like the Financial Industry Regulatory Authority (FINRA) to establish a market-wide consolidated audit trail. The new consolidated audit trail will improve regulators’ ability to monitor and analyze trading activity. With the approval of Rule 613, the exchanges and FINRA must jointly submit to the SEC a comprehensive plan of how they plan to develop, implement, and maintain the consolidated audit trail. Rule 613 also requires that the consolidated audit trail collect and identify every order, cancellation, modification, and trade execution for all exchange-listed equities and equity options in all U.S. markets. READ MORE

GAO Tells the SEC Its FINRA Oversight is B-A-D

A recent report released by the Government Accountability Office (“GAO”) last week concluded that the SEC can improve its oversight of the Financial Industry Regulatory Authority (“FINRA”), a self-regulatory organization charged with policing securities broker-dealers. The GAO’s criticism of the SEC is a politically hot issue because Congress is currently considering whether to shift authority for overseeing investment advisors from the SEC to FINRA—the subordinate organization the SEC is purportedly doing a poor job of overseeing.

The GAO report was a product of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which required the GAO to study the SEC’s oversight of FINRA. In particular, the report examined (1) how the SEC has conducted its oversight of FINRA in the past; including FINRA rule proposals and the effectiveness of its rules; and (2) how the SEC plans to enhance its oversight of FINRA.

The report concluded that that while the SEC routinely inspects many of FINRA’s programs, it does not conduct any retrospective review, i.e., it does not review whether FINRA’s rules are actually effective.  In fact, the report concluded that the SEC does not even have a process for retrospective review.

Significantly, the GAO report also concluded that the SEC had conducted virtually no review of FINRA operations aimed at executive compensation and corporate governance issues. The SEC claimed it had purposefully overlooked compensation and governance operations because of competing priorities and resource constraints, and instead had focused its resources on FINRA’s regulatory departments, which the SEC perceived as programs with the greatest impact on investors.

Given these and other conclusions, the GAO recommended that the SEC “encourage FINRA to conduct retrospective reviews of its rules” as well as establish its own process for examining FINRA reviews. It further recommended that the SEC utilize a risk-management framework in developing its future oversight plans.