An extract from The Virtual Currency Regulation Review, 3rd Edition

Introduction to the legal and regulatory framework

In the United States, multiple regulators may assert overlapping jurisdiction for market participants transacting in virtual currencies or other digital assets. Market participants must consider legal and regulatory regimes overseen at the federal level by the US Securities and Exchange Commission (SEC), the US Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Asset Control (OFAC) of the US Treasury Department and federal banking regulators. In addition, US states have legal and regulatory regimes that should be considered when undertaking virtual currency activities. These include state money transmitter requirements, state virtual currency licensing regimes and state 'blue sky' laws applicable to digital asset securities transactions. Market participants should also consider commercial, tax and bankruptcy laws before engaging in virtual currency transactions.

The SEC regulates digital asset transactions if they are offered or traded as securities or if they are offered through a collective investment fund. The SEC has published reports and guidance related to the offering of, secondary trading in and investing in digital asset securities. The Securities Act of 1933 (the Securities Act) makes it unlawful for any person to make use of the means or instrumentalities of interstate commerce to offer or sell a security unless such offering is registered with the SEC or there is an applicable exemption from the registration requirements. A threshold consideration in trading or investing in digital assets is whether the particular digital asset is a security and therefore subject to the federal securities laws. The inquiry into whether a particular digital asset is a security and thus subject to the federal securities laws is based on the facts and circumstances surrounding the offer and sale of each digital asset. Further, registration requirements under the Securities Exchange Act of 1934 (the Exchange Act) extend to market participants involved in the offer or secondary trading of digital asset securities. The SEC's digital asset guidance, settlement orders and enforcement actions help to shed light on how the legal and regulatory framework applies to different digital asset business models.

The CFTC, the primary federal derivatives regulator in the United States, regulates certain transactions in virtual currencies as commodities. To the extent that a virtual currency is deemed to be a 'commodity', the CFTC has regulatory jurisdiction over derivatives transactions with respect to the virtual currency and has anti-fraud and manipulation authority with respect to transactions in the virtual currency itself. The CFTC has brought civil enforcement cases against virtual currency derivatives trading facilities alleging failures to comply with the CFTC's requirements for regulated derivatives exchanges. The CFTC also has broad authority to bring civil enforcement actions where there is fraud or manipulation with respect to any commodity transaction in interstate commerce, even if the transaction is not a derivatives transaction (i.e., even if it is not a futures contract, swap or option). Because certain virtual currencies are commodities as the term is defined in the Commodity Exchange Act (CEA), the CFTC maintains that it can police any fraudulent, deceptive or manipulative activity involving virtual currency spot, cash and forward transactions, making the CFTC a key player in the US regulatory regime for virtual currencies.

FinCEN regulates money services transmitters and has issued interpretative guidance for virtual currency exchanges. Some states also require licensing of money transmitters, including those that facilitate the transmission of virtual currencies. The federal banking agencies have closely monitored banking activities involving virtual currencies. In mid-2018, the former Chair of the CFTC testified before Congress that there may be a gap in the oversight of virtual currencies that are not securities, stating that regulatory oversight through state money transmission regulations is not satisfactory and that the US Congress might consider giving the CFTC or another federal agency the authority to write new rules for spot digital asset markets, including new registration requirements. Each of the 50 states in the United States has its own securities and financial services regulator, many of which are involved in monitoring activities regarding virtual currencies and in some cases have brought enforcement actions where they found fraud or money laundering.

This chapter reviews the web of concurrent and overlapping regulatory jurisdiction and developments in the United States regarding virtual currency and digital assets, including regulatory requirements applicable to intermediaries and trading platforms.

Securities and investment laws

In this section, we discuss securities and commodities laws and regulations that apply to digital assets. See Section V (Regulation of Miners), Section VI (Regulation of Issuers and Sponsors) and Section VII (Criminal Fraud and Enforcement) for discussions that also implicate securities and commodities laws as they relate to digital assets.

i Digital asset securities

A threshold consideration in trading or investing in digital assets is whether the particular digital asset is a security and therefore subject to the federal securities laws. Section 5 of the Securities Act makes it unlawful for any person to make use of the means or instrumentalities of interstate commerce to offer or sell a security unless such security is registered with the SEC or there is an applicable exemption from the registration requirements.2 In July 2017, the SEC issued a Report of Investigation (the DAO Report) analysing whether the offer and sale of a digital asset was subject to the federal securities laws.3 The digital asset in question was a token issued by an entity known as the Decentralized Autonomous Organisation (DAO), an unincorporated organisation. The DAO was created by a German corporation named Slock.it UG, and by the time the DAO Report was issued, the DAO had offered and sold approximately 1.15 billion DAO tokens in exchange for a total of approximately 12 million Ether, a virtual currency used on the Ethereum blockchain, which had a value, at the time the offering closed, of approximately US$150 million.

The SEC analysed whether the DAO token was an investment contract, and therefore a security, as defined by the Supreme Court of the United States (the Court) in the seminal case, SEC v. WJ Howey Co,4 which involved the offer and sale of interests in an orange grove. The Court defined an investment contract as an investment of money in a collective enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. In the DAO Report, the SEC approvingly quoted from the Court's observation that this definition embodies a 'flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits'.5

The DAO token represented an ownership interest in a collective vehicle whereby monies raised by the token sales would be used to fund various blockchain projects that could provide holders with a return on their investment. DAO token holders could vote on which projects to fund; however, before a project could be voted on, it first had to be reviewed and approved by one of the DAO's curators, which was a group of individuals selected by Slock. These curators performed crucial security functions and maintained ultimate control over which proposals could be submitted to, voted on and funded by the DAO.

Presented with this fact pattern, the SEC concluded that the DAO token was an investment contract. There was (1) an investment of money (in this case, Ether) in (2) a common enterprise (the DAO platform), with the (3) expectation of profits (promotional materials informed investors that the DAO was a for-profit entity whose objective was to fund projects in exchange for a return on investment) (4) derived from the efforts of others (Slock.it and the curators). Although the DAO token holders did have voting rights, the SEC concluded that the voting rights were limited, and that the holders were substantially reliant on the managerial efforts of Slock.it and the curators. As an investment contract, the DAO Report noted that the offer and sale of the DAO token was required to be registered under the Securities Act (unless a valid exemption from registration applied), and that platforms trading DAO tokens that met the definition of an exchange would need to register as such under the Exchange Act.

Following the issuance of the DAO Report, blockchain market participants focused on the two elements of the investment contract test that could potentially lead to a different conclusion than the one reached by the SEC with respect to the DAO token. Under the Howey test, the first two elements would likely always be met: an investment of money in a common enterprise. However, the question arises of whether token projects could avoid triggering the second two elements of the Howey test – the expectation of profits and being derived from the efforts of others. For example, what if the value of the token was not primarily to provide a return on investment, but rather to enable the holder to do something that he or she could not do without a token, such as purchase a good or service available through the network on which the token was created? Or, what if the holder's expectation of profits did not rely on the efforts of others, but rather the holder had the power to create his or her own return on investment? What if there was no potential for profit or capital appreciation at all?

In December 2017, the SEC provided further clarity for blockchain participants in a cease-and-desist order issued to Munchee Inc, a California corporation (Munchee).6 Munchee commenced business operations when it launched an iPhone app in 2015 (Munchee App), which allowed users to review meals and upload pictures. In early 2017, Munchee sought to raise capital through the development and issuance of a digital token (MUN token). The issuance of the MUN token purported to address the issues raised by the SEC in the DAO Report. For example, Munchee characterised the MUN tokens as utility tokens, because there was a real use case for the MUN token in connection with the already existing Munchee App. The SEC's order quickly addressed the first two elements of the Howey analysis and focused on the manner of sale of the MUN token. The order stated that 'investors' expectations were primed by Munchee's marketing of the MUN token offering', and listed several examples of how the marketing of the MUN tokens offered investors hope and expectations that their investments would increase in value. Munchee's marketing materials also stated that Munchee would 'ensure that MUN token is available on a number of exchanges in varying jurisdictions', thereby ensuring MUN token holders could buy and sell MUN on secondary markets to realise the purported increases in value. Additionally, the SEC noted that Munchee and its agents marketed the MUN token to people interested in investing in digital assets instead of marketing to restaurant owners and food critics. Directly addressing the utility token argument that developed after the DAO Report, the SEC stated that 'even if MUN tokens had practical use at the time of the offering, it would not preclude the token from being a security. Determining whether a transaction involves a security does not turn on labelling [. . .] but instead requires an assessment of the economic realities underlying the transaction'.

In June 2018, the SEC's Director of the Division of Corporation Finance, William Hinman, made an important speech in which he provided further guidance refining the SEC's approach to analysing when a digital asset is offered as an investment contract and therefore is a security.7 He framed the question differently by focusing not on the digital asset itself, but rather on the circumstances surrounding the digital asset and the manner in which it is sold. He conceded that the token, or 'whatever the digital information packet is called', is not a security all by itself, just as the interests in the orange grove in Howey were not. The token is 'simply code'. Instead, 'the way it is sold – as part of an investment; to non-users; by promoters to develop the enterprise – can be, and, in that context, most often is, a security – because it evidences an investment contract. And regulating these transactions as securities transactions makes sense'. When there is information asymmetry between promoters or founders and investors, then the protections of the Securities Act – namely, disclosure and liability for material misstatements and omissions – are necessary and appropriate.

On the other hand, Hinman noted that '[i]f the network on which the token or coin is to function is sufficiently decentralised – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract. Moreover, when the efforts of the third party are no longer a key factor for determining the enterprise's success, material information asymmetries recede'. Hinman put both Bitcoin and Ether into this latter category – as digital assets where there is no central third party whose efforts are a key determining factor in the common enterprise, and where it would seem that the disclosure regime of the federal securities laws would provide little value to the holders of Bitcoin and Ether.

In other words, as has always been the case, an investment contract can be made out of virtually any asset, including digital assets, so long as the investor is reasonably expecting profits from the promoter's efforts. As Hinman reiterated, 'the economic substance of [a] transaction determines the analysis, not the label'. Similarly, an investment contract can also be unwound or undone. The management contract for the orange grove can be terminated. With regard to digital assets, it is a novel idea that this transition or change would or could occur as a result of changes to the facts and circumstances associated with the token, without necessarily any action taken or to be taken by the holder. In response to Hinman's speech, many market participants sought clarity as to the precise mix of facts that would distinguish the sale of digital assets from a securities transaction.

In April 2019, the SEC's Strategic Hub for Innovation and Financial Technology (FinHub)8 released a framework (the Framework) for applying the investment contract analysis set forth in Howey and its progeny to digital assets to 'help market participants assess whether the federal securities laws apply to the offer, sale, or release of a particular digital asset'.9 While the Framework does not create new law, it provides the SEC staff's view as to whether specific facts commonly present in the digital asset context make it more or less likely that specific elements of the Howey test are met. In addition, the Framework provides additional factors to consider that may be indicative of whether a digital asset is offered with 'consumptive' intent (as opposed to investment intent) and highlights particular facts that may change over time to be considered in determining whether and when a subsequent offering and sale of a digital asset previously sold as a security may no longer be considered an offering and sale of a security. Specifically with respect to 'virtual currency', the Framework notes that the ability to use the virtual currency immediately to make payments for goods and services without having to convert it to another digital asset or real currency may make it less likely the Howey test is met.

On the same day that the Framework was released, the SEC Division of Corporation Finance issued its first no-action letter relating to the offer and sale of a digital asset.10 In providing relief that the relevant tokens would not be required to register under the Securities Act or the Exchange Act, the Division of Corporation Finance particularly noted that: (1) the issuer would not use funds from the token sale to develop the related application and that the application would be fully developed and operational at the time tokens are sold; (2) the tokens would be immediately usable for their intended functionality (purchasing air charter services) at the time they are sold; (3) the tokens could not be transferred external to the application; and (4) the tokens would always be sold at a fixed price and redeemable for services valued at that price.

In July 2019, the SEC Division of Corporation Finance issued its second no-action letter to a company seeking to distribute digital assets. In providing relief that the particular tokens would not be required to register under the Securities Act or the Exchange Act, the SEC noted that: (1) the issuer would not use any funds from the token sale to build the related application, which was fully developed and would be fully functional and operational immediately upon its launch and before any of the tokens were sold; (2) the tokens would be immediately usable for their intended functionality (gaming) at the time they were sold; (3) the issuer would implement technological and contractual provisions governing the tokens and the related application restricting the transfer of the tokens to the issuer or to wallets on the related application; (4) gamers would only be able to transfer the tokens from their on-platform wallets for gameplay to addresses of developers with approved accounts or to the issuer in connection with participation in e-sports tournaments; (5) only developers and influencers with approved accounts would be capable of exchanging tokens for Ethereum at predetermined exchange rates by transferring their tokens to the token smart contract; (6) to create an approved account, developers and influencers would be subject to know your customer and anti-money laundering (AML) checks at account initiation as well as on an ongoing basis; (7) tokens would be made continuously available to the most common type of user (gamers) in unlimited quantities at a fixed price; (8) there would be a correlation between the purchase price of the tokens and the market price of accessing and interacting with participating games; and (9) the issuer would market and sell the tokens to gamers solely for consumptive use as a means of accessing and interacting with participating games.

In October 2019, the SEC sued Telegram Group Inc and its wholly owned subsidiary TON Issuer Inc (together, Telegram), alleging that Telegram failed to register the offers and sales of digital assets called 'Grams', which were made in the United States and overseas and raised more than US$1.7 billion of investor funds. The SEC obtained a temporary restraining order preventing the delivery of Grams to purchasers. Opposing the SEC's motion for a preliminary injunction further preventing the delivery of Grams, Telegram argued that the prior sales to investors and transaction in Grams after the Telegram blockchain was launched should be considered separately. According to Telegram, the sale of Grams to investors was an offering of securities, which Telegram conducted relying on an exemption from registration under the Securities Act (Rule 506(c) under Regulation D) – however, transactions in Grams once the blockchain was launched would constitute spot transactions in commodities, not securities transactions. In an important decision, in March 2020 the US District Court for Southern District of New York (SDNY) ruled in favour of the SEC, finding that the sales to investors and any subsequent transactions after the blockchain had launched comprised a single scheme (but notably, not the Grams themselves) constituting an investment contract by application of the Howey test.11

In February 2020, SEC Commissioner Hester Peirce gave a speech explaining the need for clarity on the application of federal securities law to the offer and sale of digital assets, describing a proposal for a safe harbour from the registration requirements of the Securities Act.12 The safe harbour, if adopted, is intended to provide development teams with a three-year period within which they can facilitate participation in a functional or decentralised network, exempt from the registration provisions of the federal securities laws.13 To rely on the safe harbour, a development team would need to disclose certain information on a freely accessible public website, and the token must be offered and sold for the purpose of facilitating access to, participation on or the development of the network. The company must undertake good faith and reasonable efforts to create liquidity through listing the token on trading platforms, exempt from the definition of 'exchange', 'broker' or 'dealer' under the Exchange Act. Furthermore, the issuer would have to file a notice of reliance with the SEC. The safe harbour is currently a draft proposal; an actual safe harbour proposal will require formal rule-making by the entire Commission and will be subject to an open comment period. Further, the proposed safe harbour is not expected to change the SEC's approach in pending enforcement actions.

ii Certain market participants

In planning to negotiate, effect, clear or settle transactions in virtual currencies that are securities,14 market participants should evaluate whether their activities may trigger registration and related requirements under the framework of the Exchange Act, which is administered by the SEC. In particular, market participants should be aware of the definitions of broker,15 dealer,16 exchange,17 alternative trading system (ATS),18 clearing agency19 and transfer agent.20 The SEC has increasingly made clear that it intends to regulate virtual currencies to the extent of its existing authority in these areas.

For example, the SEC's Division of Trading and Markets and Division of Enforcement published a joint statement in which they noted that trading venues on which individuals buy tokens that are securities as part of an ICO (or in secondary transactions) may be required to register with the SEC as a national securities exchange or otherwise avail themselves of an exemption from registration, such as by filing as an ATS.21 The SEC addressed this same point in its July 2017 issuance of the DAO Report.22 There, it found that certain platforms that facilitated trading of certain DAO tokens that constituted securities appeared to violate Section 5 of the Exchange Act by engaging in activities that met the definition of an exchange (i.e., matching the orders of multiple buyers and sellers for execution using non-discretionary methods) without being registered as such or relying on an available exemption from registration.

Below is a general overview of some of the most common registration types and related requirements under the Exchange Act that may be triggered by transacting in or otherwise facilitating transactions in virtual currencies that are securities.

Broker-dealers

Registration with the SEC is generally required for any entity that meets the statutory definition of a broker or dealer, including with respect to their activities in virtual currencies that are securities. A securities broker includes any person who is engaged in the business of effecting transactions in securities for the accounts of others.23 Exceptions from the broker definition are also available to a bank,24 as defined under the Exchange Act, that only engages in certain securities activities (e.g., third-party brokerage arrangements, trust activities, stock purchase plans and sweep accounts).25 A securities dealer includes any person engaged in the business of buying and selling securities for such person's own account, regardless of whether through a broker or otherwise. However, the definition also includes an exception for persons who are not in the business of dealing in securities. Specifically, the dealer-trader exception states that a person is generally not acting as a dealer where that person trades for his or her own account but not as part of a regular business. The SEC Division of Trading and Markets has also published a significant volume of guidance in the form of no-action letters that further address when a person may be engaged in broker or dealer activities, but SEC staff would not recommend enforcement action by the agency if the person engages in the specified activities without becoming registered. Consideration of that guidance is therefore also relevant to a market participant's own evaluation of whether it is acting as broker or dealer and must register.

Section 15(a)(1) of the Exchange Act generally requires registration of any person who acts as a broker or dealer, as described above, and who uses instrumentalities of interstate commerce26 'to effect any transaction in, or to induce or attempt to induce the purchase or sale of, any security (other than an exempted security or commercial paper, bankers acceptances or commercial bills)'.27 Registration with the SEC requires the submission of Form BD (Uniform Application for Broker-Dealer Registration) through the Central Registration Depository, which is currently the central licensing and registration system operated by the Financial Industry Regulatory Authority, Inc (FINRA). Unless a broker-dealer is a member of a US national securities exchange and generally limits its securities activities to trading on that exchange, it must also become a member of FINRA, which is the national securities association in the United States for broker-dealers that, among other things, has surveillance and enforcement authority over its members. To apply to become a member of FINRA, broker-dealers must complete a detailed new membership application that requires an applicant to provide FINRA with, among other things, detailed written supervisory and compliance procedures. On 18 July 2019, FINRA issued Regulatory Notice 19-24, updating a notice from the previous year and requesting member firms to notify FINRA if 'it, or its associated persons or affiliates, currently engages, or intends to engage, in any activities related to digital assets, such as cryptocurrencies and other virtual coins and tokens'.28 The notice also reminds FINRA members of the requirement to submit a Continuing Membership Application pursuant to NASD Rule 1017 and receive approval from FINRA before engaging in a material change in business operations, but does not state that activities related to digital assets would per se be a material change.

Among other considerations regarding acting as a broker-dealer in respect of virtual currencies that are securities, market participants should consider the compatibility of their planned activities with the existing requirements of the SEC's financial responsibility rules.29 For example, broker-dealers are generally required by SEC Rule 15c3-3(b)(1) to promptly obtain and thereafter maintain control of all fully paid and excess margin securities that are carried for the account of a customer.30 The terms fully paid securities31 and excess margin securities32 are separately defined in Rule 15c3-3, and broker-dealers frequently satisfy this obligation today through custody of the securities at a clearing agency (e.g., the Depository Trust Company (DTC) or a custodian bank) because those locations are recognised in Rule 15c3-3(c) as being under the control of the broker-dealer. In terms of virtual currencies that are securities, however, the same recognised good control locations may not be practicable depending on the characteristics of the financial instruments and how they are issued and maintained. Accordingly, a broker-dealer should evaluate its planned activities against the SEC's control requirement, including whether it may need to apply to the SEC for the recognition of a new control location pursuant to Rule 15c3-3(c)(7). On 8 July 2019, the SEC's Division of Trading and Markets and FINRA's Office of General Counsel issued a joint statement on broker-dealer custody of digital asset securities that contained regulatory considerations applicable to various market participants, including those related to noncustodial broker-dealer models, the application of SEC Rule 15c3-3 to broker-dealer custody and books and records and financial reporting rules.33

Exchanges and ATSs

In general under the Exchange Act, an exchange is defined to mean a system that brings together the orders for securities of multiple buyers and sellers, and uses established, non-discretionary methods (whether by providing a trading facility or by setting rules) under which such orders interact with each other.34 As noted above, the SEC and its staff have emphasised recently that market participants who facilitate transactions in virtual currencies that are securities may come within the definition of an exchange, and that any such entity or group of persons that performs the functions typically provided by a securities exchange must either register as a national securities exchange, pursue an exemption from the definition of an exchange35 or become an ATS that is operated by a broker-dealer. Under the regulatory framework administered by the SEC, an ATS is a national securities exchange; however, it is exempt from such registration provided that it complies with the requirements of the SEC's Regulation ATS.36

The regulatory burdens associated with registering and operating as a national securities exchange are significantly greater than those associated with an ATS. For example, the registration process for an exchange involves completing and submitting Form 1 to the SEC, which is published for public notice and comment. By contrast, the submission of Form ATS to the SEC is not subject to the same public notice and comment process. Additionally, under Section 6(b)(2) of the Exchange Act,37 a national securities exchange is generally required to permit any broker-dealer or natural person associated with a broker-dealer to become a member of the exchange. An ATS is not subject to this obligation, and therefore it has more discretion over who it allows to participate. The rules of an exchange also generally cannot be amended without the advance submission of rule changes to the SEC pursuant to Section 19(b)(1) of the Exchange Act, which are published for public notice and comment and may take up to 240 calendar days for the SEC to approve or disapprove.38 No such rule filing requirement currently applies to an ATS that wishes to change its operating procedures. Changes to the operating procedures of an ATS are made pursuant to an amendment to Form ATS or Form ATS-N, are not approved by the SEC, and need only be submitted to the SEC 30 days (at most) in advance of implementation of the change.39 Exchanges are also subject to the requirements of the SEC's Regulation Systems Compliance and Integrity (Regulation SCI),40 which require detailed policies, procedures and monitoring to ensure the integrity and resiliency of most exchange systems. ATSs are generally not subject to these same requirements, unless they exceed certain volume thresholds in a given security.41

Clearing agencies

Market participants who plan to engage in post-trade activities related to transactions in virtual currencies that are securities should closely examine whether their activities may rise to the level of performing clearing agency functions. The term clearing agency under Section 3(a)(23)(A)42 of the Exchange Act is defined broadly to generally include any person who:

  1. acts as an intermediary in making payments or deliveries, or both, in connection with transactions in securities;
  2. provides facilities for the comparison of data regarding the terms of settlement of securities transactions, to reduce the number of settlements of securities transactions or for the allocation of securities settlement responsibilities;
  3. acts as a custodian of securities in connection with a system for the central handling of securities whereby all securities of a particular class or series of any issuer deposited within the system are treated as fungible and may be transferred, loaned or pledged by bookkeeping entry, without physical delivery of securities certificates; or
  4. otherwise permits or facilitates the settlement of securities transactions or the hypothecation or lending of securities without physical delivery of certificates.

In practice, this reaches firms that operate as a central counterparty to novate, net and guarantee securities settlement obligations or that operate as a central securities depository (e.g., DTC) to transfer ownership by book entry. However, the SEC has also recognised in guidance that it may capture firms performing other common types of functions in the securities markets. These include, but are not limited to collateral management activities – involving calculating collateral requirements and facilitating the transfer of collateral between counterparties and trade matching services – whereby an intermediary compares trade data to reduce the number of settlements or to allocate settlement responsibilities.43

Like the registration and operation of a national securities exchange, the registration and operation of a registered clearing agency involves significant regulatory requirements that include, but are not limited to, the submission of proposed rule changes to the SEC and compliance with Regulation SCI. Accordingly, market participants who believe that their activities may come within the clearing agency definition may wish to consider whether they nonetheless qualify for certain exclusions from the clearing agency definition in Section 3(a)(23)(B) of the Exchange Act,44 or whether it would be appropriate to pursue an exemption from registration. The SEC has authority to provide conditional or unconditional exemptions from registration pursuant to Section 17A(b)(1) of the Exchange Act.45

In October 2019, the SEC issued a no-action letter to Paxos Trust Company, LLC (Paxos) providing relief from clearing agency registration under Section 17A(b)(1) of the Exchange Act.46 The no-action letter was issued on the basis that Paxos would operate, for no more than 24 months, a private permissioned distributed ledger system in order to conduct a feasibility study of the system.47 The system records changes in ownership of securities and cash resulting from the settlement of securities transactions between participants in the service.48 The system is designed to conduct simultaneous delivery versus payment settlement of securities and cash for trades submitted to the system for clearance and settlement.49

Transfer agents

Where a market participant provides services to the issuer of a virtual currency that is a security, it should consider the implications of the transfer agent definition. The definition of a transfer agent in Section 3(a)(25) of the Exchange Act50 includes any person who engages on behalf of a securities issuer in:

  1. countersigning such securities upon issuance;
  2. monitoring the issuance of such securities with a view to preventing unauthorised issuance;
  3. registering the transfer of the issuer's securities of the issuer;
  4. exchanging or converting the securities; or
  5. transferring record ownership of the securities by bookkeeping entry without physical issuance of securities certificates.

In turn, Section 17A(c)(1) of the Exchange Act requires that, except as otherwise provided in the Exchange Act, it is unlawful for any transfer agent, unless registered, to use US instrumentalities of interstate commerce 'to perform the function of a transfer agent with respect to any security registered under Section 12 [of the Exchange Act] or which would be required to be registered except for the exemption from registration provided by subsections (g)(2)(B) or (g)(2)(G) of that section'.51 Therefore, transfer agent registration is not required unless a person acts as a transfer agent in respect of such securities. The SEC also has authority pursuant to Section 17A(c)(1) of the Exchange Act52 to provide conditional or unconditional exemptions from transfer agent registration.

iii Commodities laws

The CFTC is the US federal regulatory agency that administers and enforces the CEA, having jurisdiction over derivatives, that is, futures contracts, options and swaps involving commodities.53 CEA Section 1a(9) defines a commodity as '[enumerated agricultural products], and all other goods and articles [. . .] and all services, rights, and interests [. . .] in which contracts for future delivery are presently or in the future dealt in'.54

Virtual currencies are not fiat currencies; they are not legal tender issued by a sovereign government. In March 2020, the CFTC interpreted virtual currency to be 'a digital asset that encompasses any digital representation of value or unit of account that is or can be used as form of currency (i.e., transferred from one party to another as a medium of exchange)'.55 In December 2017, the CFTC permitted the trading of Bitcoin futures contracts and Bitcoin binary options on two CFTC-regulated futures exchanges, referred to as designated contract markets (DCMs).56 Therefore, as of December 2017, Bitcoin satisfied the condition in the 'commodity' definition of being the underlying asset for a futures contract. Receptiveness to trading of Bitcoin futures on US DCMs has been mixed. For example, in the first quarter of 2019, CBOE Global Markets Inc announced that it would discontinue the trading of Bitcoin futures,57 while in June 2019, the CFTC approved LedgerX's application to be a DCM for the trading of physically settled Bitcoin futures by retail investors.58 In June 2020, a market survey indicated that 22 per cent of US survey respondents invested in digital assets had exposure via futures, up from 9 per cent the prior year.59

In 2014, the then-current CFTC Chair advised Congress that derivatives contracts based on virtual currencies fall within the CFTC's jurisdiction.60 Beginning in 2015, the CFTC commenced several administrative enforcement actions involving virtual currencies. In settling an enforcement case with Coinflip, Inc, an unregistered trading facility on which Bitcoin options were traded, the CFTC determined that Bitcoin and all virtual currencies are commodities within the definition of CEA Section 1a(9), that Bitcoin is not a fiat currency, that Bitcoin options are commodity options and therefore are CFTC-regulated swaps, and that the trading facility was therefore required to be registered with the CFTC as either a swap execution facility (SEF) or DCM.61 The CFTC determined that all virtual currencies fell within the CEA definition of commodity, notwithstanding that no regulated futures contract based on any virtual currency was traded at that time.

In 2016, in another administrative enforcement proceeding, the CFTC entered into a settlement with Bitfinex, which operated an online platform for retail customers exchanging and trading various virtual currencies, including Bitcoin, on a margined, leveraged or financed basis, without actually delivering the Bitcoin to the retail customers, but instead holding the Bitcoin in wallets that it owned and controlled, in violation of the CEA's retail commodity transactions provision that is intended to protect individual retail customers from abuse involving unregulated speculative commodities investments.62 The CFTC again determined that virtual currencies are commodities, and that the transactions were illegal, off-exchange commodity futures contracts because they were transacted with retail investors and did not result in actual delivery. Retail investors are individuals who are not eligible contract participants (e.g., sophisticated investors, specified regulated entities and large entities). Retail commodity transactions are treated under the CEA as futures contracts and must be traded on regulated DCMs. The CFTC required Bitfinex to register with the CFTC as a futures commission merchant because it engaged in soliciting or accepting orders for retail commodity transactions and received funds from retail customers in connection with the transactions.

In March 2020, the CFTC issued final interpretive guidance on the meaning of the term 'actual delivery' in the context of retail transactions in virtual currencies, in order to determine whether off-exchange transactions involving virtual currencies that are margined, leveraged or financed fall within the CEA's retail commodity transactions prohibition.63 The CFTC advised that while the test for whether actual delivery has occurred would be determined by facts and circumstances, it will look to whether, no later than 28 days after the transaction, the retail customer is able to take possession and control of the entire quantity of the virtual currency purchased (including the margined, leveraged or financed portion) and use it freely in commerce at all times thereafter without the seller, the trading platform or the financing provider (or any of their affiliates or agents) retaining any interest in, legal right or control over the virtual currency. The CFTC indicated that it would generally consider customer possession and control to have been demonstrated when (1) there is a transfer of the virtual currency away from the seller or trading platform and receipt by a separate blockchain address over which the retail customer maintains sole possession and control or a separate, independent and appropriately licensed depository chosen by the retail customer, (2) the retail customer has the ability to use the virtual currency freely in commerce as soon as technologically practicable and (3) none of the seller, the trading platform or the financing provider (or any of their affiliates or agents) retain any interest in, legal right or control over the transferred virtual currency. The CFTC recognised that actual delivery could be achieved even if a trading platform has relationships or affiliations with its customers' depositories so long as the depository is completely separated from the trading platform and the depository has certain other safeguards in place to ensure the customer receives actual possession and control over the virtual currency.64 The CFTC also advised that a book-out, cash settlement, netting or offset mechanism, or where the virtual currency is retained in an omnibus wallet where the trading platform operator retains the private keys, will not constitute actual delivery.

In March 2018, in the enforcement case CFTC v. McDonnell, a federal district court judge confirmed the CFTC's view that all virtual currencies are commodities under the CEA definition, and that spot transactions in virtual currencies are subject to the CFTC's anti-fraud and anti-manipulation enforcement authority.65 Notwithstanding that only Bitcoin futures contracts were traded on CFTC-regulated DCMs at the time, the court found that all virtual currencies are goods that fall within the CEA's definition of commodity, as excerpted above.66 The court also held that the CEA grants the CFTC enforcement authority over fraud or manipulation not only in derivatives markets, but also over the underlying virtual currencies spot markets pursuant to CFTC Rule 180.1, which prohibits employing a manipulative or fraudulent scheme not only in connection with derivatives transactions but 'in connection with [. . .] a contract of sale of any commodity in interstate commerce'. The court also concluded that the CFTC's jurisdiction over virtual currencies is concurrent with the jurisdiction of other federal and state regulators and criminal prosecutors. In August 2018, following a non-jury trial, the case was decided in favour of the CFTC and the court issued a permanent injunction and assessed civil monetary penalties against the defendants.67

With respect to virtual currency swap transactions, the CFTC's jurisdictional authority is not based on the underlying asset being a commodity. Therefore, even if a virtual currency is not a commodity, if the transaction is determined to be a swap, the CFTC would have regulatory authority over the swap transaction, which means that the CFTC's swap dealer, reporting, record-keeping and other swaps compliance rules would apply.

The CFTC has also advised that virtual tokens and virtual coin offerings may be commodities or derivatives contracts depending on the particular facts and circumstances.68 All CFTC registrants must become members of the National Futures Association (NFA), which requires that its members who trade, broker or advise about virtual currency derivatives notify the NFA of this activity and make appropriate risk disclosures to their customers.69

In 2018, the CFTC signed separate arrangements with each of the United Kingdom's Financial Conduct Authority, the Monetary Authority of Singapore and the Australian Securities and Investments Commission to collaborate and support innovative firms through their respective fintech initiatives.70

Banking and money transmission

Below is an overview of the regulation of virtual currency activities by US federal prudential banking regulators (the Board of Governors of the Federal Reserve System (Fed), the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC)) and the Consumer Financial Protection Bureau (CFPB), as well as the regulation of virtual currency activities by the US states, specifically as money transmission or a related money services business activity.71 The US federal prudential banking regulators and the CFPB have not sought to actively regulate the virtual currencies and virtual currency activities of their supervised entities to date.72 The US states, on the other hand, have adopted a broad spectrum of approaches concerning the application of money transmission and related laws and regulations to virtual currency activities, including requiring in certain circumstances a specialised virtual currency licence or a more general money transmission licence (MTL).

i Federal banking regulators

While the CFTC, the SEC73 and FinCEN74 have issued guidance or made public pronouncements that begin to define the scope of their jurisdiction concerning virtual currencies, the Fed, OCC, FDIC and CFPB have largely adopted a more limited 'wait and see' approach.

Fed

In a press conference in late 2017, the former Chair of the Fed, Janet Yellen, responded to a question regarding the Fed's policy regarding Bitcoin as follows:

It is a highly speculative asset, and the Fed doesn't really play any role – any regulatory role with respect to Bitcoin other than assuring that banking organisations that we do supervise are attentive, that they're appropriately managing any interactions they have with participants in that market and appropriately monitoring anti-money laundering Bank Secrecy Act, you know, responsibilities that they have.75

In short, Chair Yellen confirmed that the Fed does not have any direct role in regulating Bitcoin or, by implication, the class of other virtual currencies with similar features.

Nonetheless, the Fed continues to monitor the use and development of virtual currencies and the role of Fed-regulated financial institutions in virtual currency activities through the Digital Assets Working Group of the Financial Stability Oversight Council (FSOC), which includes the CFTC, the SEC and FinCEN.76 In its 2018 Annual Report, FSOC stated '[d]igital assets do not presently appear to pose a threat to the stability of the financial system . . . the estimated market capitalization of digital assets is still relatively small . . . for context, [it] is less than 1 percent of the market capitalization of U.S. stocks' and '[d]igital assets have limited use in the real economy of financial transactions'.77 The report went on to note, however, that the value and use of virtual currencies could grow rapidly and federal agencies will continue to monitor risk to the banking system.78 Public comments by current Fed governors, including Chairman Powell, have been generally consistent with these positions.79 As at May 2020, the Fed has not publicly taken a position on the permissibility of bank holding companies and financial holding companies to engage in various activities (either as principal or agent) related to virtual currencies. However, one example of the Fed's ongoing monitoring is Chairman Powell's testimony before Congress in July 2019, in which the Chairman expressed the Fed's concerns that Libra could present systematic risk to the US financial system requiring strict supervision and oversight and also that Libra poses money laundering, consumer protection and privacy risks. 80 Chairman Powell further acknowledged that the Fed does not have direct jurisdiction over Libra, but also recognised that FSOC will be focusing on the possibility of classifying the consortium issuing Libra as a non-bank systematically important financial institution, which would subject the consortium, for purposes of its virtual currency activities, to the jurisdiction of the Fed under the Dodd–Frank Act.81

Separate to Fed's oversight potential, remarks by Chairman Powell and other representatives of the Fed made in February 2020 have indicated that the Fed is actively considering the possibility of issuing a US virtual currency or otherwise utilising distributed ledger technologies to enhance the US financial system.82 Depending on the design and use of any such currency, additional Congressional authorisation may be required.83

OCC

Like the Fed, the OCC has published little guidance regarding the role of national banks in virtual currency ecosystems.84 However, in 2018, the OCC announced it will make available a special-purpose national bank charter, generally known as a fintech charter, that may be owned by certain types of non-bank financial services companies.85 A fintech charter permits a company to operate on a national basis under the OCC's supervision and thereby bypass multi-state licensing and supervision, and certain types of state regulation.86 These features have led to industry speculation whether the charter will be available to enable a more streamlined alternative for certain virtual currency activities than the multistate licensing approach described below.87 The OCC has stated that applicants and licensees will be held to the same standards as national banks, suggesting that even if the fintech charter is an avenue for certain virtual currency activities, only certain industry participants may be in a position to meet the applicable regulatory requirements.88

The fintech charter proposal proved controversial shortly after it was initially proposed, and state regulators continue to oppose the charter, including through a pending legal challenge to the charter.89 The initial industry reaction to the fintech charter has been tepid.90 In addition, in October 2019, the US District Court for SDNY ruled in favour of New York's legal challenge to the fintech charter by denying the OCC's motion to dismiss and finding that the OCC only has authority to issue bank charters to depository institutions.91 In December 2019, the OCC appealed the ruling to the US Court of Appeals for the Second Circuit. As at May 2020, no company has received a fintech charter.

In January 2020, the OCC issued its first consent order concerning a supervised entity's virtual currency activities.92 The OCC alleged that MY Safra Bank, a federal savings association, failed to maintain an adequate Bank Secrecy Act/Anti-Money Laundering programme to monitor its digital-asset customers. Beginning in 2016, MY Safra Bank opened accounts for a broad range of money services businesses that engage in virtual currency activities, including digital currency exchangers, digital currency ATM operators, crypto arbitrage trading accounts, blockchain developers and incubators, and fiat currency money services businesses, and the bank's focus on services to digital-asset customers led to a significant increase in transactional volume. The OCC issued a cease-and-desist order, but did not assess a fine against MY Safra Bank.93

In June 2020, the OCC issued an Advance Notice of Proposed Rulemaking seeking input on how best to accommodate new technology and innovation in the business of banking in connection with the OCC's comprehensive review of its regulations at 12 CFR Part 7, subpart E (national banks), and Part 155 (federal savings associations) (the OCC Rules). The OCC requested public input on the issue of whether the OCC Rules 'effectively take into account the ongoing evolution of the financial services industry, promote economic growth and opportunity and ensure that banks operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations'.94

FDIC

Like the other prudential banking regulators, the FDIC is presently merely monitoring the development of virtual currencies and is likely to continue this approach. The FDIC has publicly stated that it is actively studying the potential effects of virtual currencies on the banking system and banks under its jurisdiction through FSOC's Digital Assets Working Group.95

CFPB

In light of its consumer protection mandate, the CFPB's focus with respect to virtual currencies has been on ensuring that consumers are adequately informed of the risks of virtual currencies. In this regard, in 2014, the CFPB issued a public warning regarding the risks of transacting and investing in virtual currencies and began accepting consumer complaints regarding virtual currency matters, a potential first step towards regulation or enforcement.96 However, in 2016, after taking public comments, the CFPB declined to bring virtual currencies within its regulation on prepaid products or to take a position concerning whether virtual currencies are otherwise subject to Regulation E.97 To date there have been no public CFPB enforcement actions regarding virtual currency activities. Moreover, although the CFPB receives consumer complaints about virtual currencies, the number of complaints declined significantly in 2019 as compared to 2018, and overall consumer complaints regarding virtual currency activities represent a small fraction of the consumer complaints received by the CFPB.98

ii State money transmission regulators

The states have adopted a broad spectrum of approaches concerning the application of money transmission laws and regulations to virtual currencies. These approaches include: promulgating an entirely separate regulatory regime for the oversight of entities engaged in virtual currency activities (e.g., New York's BitLicense); incorporating or exempting virtual currency activities from state MTL regimes by statutory amendment or regulatory fiat; and declining to adopt a position (e.g., the approach of the California Department of Business Oversight (CDBO)).99 In addition to their general regulatory regime, some states also offer a regulatory sandbox that permits companies to engage in limited virtual currency activities without having to obtain a licence and potentially with less rigorous supervisory oversight.100 As these approaches continue to evolve, there is also a potential alternative approach on the horizon, the Uniform Law Commission's proposed Uniform Regulation of Virtual Currency Business Act (the Uniform Act),101 which, like the New York BitLicense, is a licensing regime specifically designed for entities involved in virtual currency activities. Although the Uniform Act has only been introduced in the legislatures of a handful of states and has only been adopted in Rhode Island as at June 2020, it may serve as the basis for future legislative activity concerning virtual currency regulation. Similarly, the Conference of State Bank Supervisors (CSBS) has published a model regulatory framework for states to consider.102 The following summarises a handful of representative approaches to regulation of virtual currency activities at the state level. However, there are numerous variations on the themes below, as well as significant pending legislative and regulatory activity that promise to make this a dynamic area for the foreseeable future.

New York BitLicense

New York, through rule-making by the New York Department of Financial Services (NYDFS), has been the most aggressive of the states in regulating virtual currencies. Under New York law, a licence referred to as a BitLicense is broadly required to engage in any virtual currency business activity.103 Given that New York is the epicentre of US financial markets and services, this requirement has led the NYDFS to be a leader in regulating, or seeking to regulate, a wide spectrum of virtual currency businesses operating in the United States. New York regulations define virtual currencies as 'any type of digital unit that is used as a medium of exchange or a form of digitally stored value' and includes both centralised and decentralised currencies.104 Excluded from the definition of virtual currencies are: prepaid cards that are issued or redeemable in legal tender; digital units that are part of a customer affinity or rewards programme that cannot be converted into legal tender or a virtual currency; and digital units used within gaming platforms that have no real-world value or market outside the gaming platform, and cannot be converted into real-world value or a virtual currency.105 Virtual currency business activity, the activity that gives rise to the licensing requirement, broadly entails any of the following:

  1. receiving a virtual currency for transmission or transmitting a virtual currency;
  2. storing, holding or maintaining custody or control of a virtual currency on behalf of others;
  3. buying and selling a virtual currency as a customer business;
  4. performing exchange services; and
  5. controlling, administering or issuing a virtual currency.106

Virtual currency business activities do not include use of a virtual currency by merchants or consumers to purchase goods or services, investment by merchants and consumers or the development and issuance of software.107

In addition to the requirement to obtain a licence, licensees under the BitLicense regime are also required to meet certain substantive compliance requirements. Generally, licensees are required to:

  1. maintain a sufficient amount of capital as determined by the NYDFS;108
  2. maintain sufficient AML, customer identification, cybersecurity, consumer complaint and anti-fraud programmes;109
  3. provide certain disclosures and receipts in connection with transactions;110
  4. file certain money laundering reports with the NYDFS if not otherwise filed with FinCEN;111
  5. have a compliance officer and a chief information security officer;112
  6. maintain certain written policies and procedures;113
  7. maintain a sufficient surety bond;114 and
  8. meet certain record retention requirements.115

Licensees that hold virtual currencies on behalf of others are also required to: hold such funds in trust with a qualified custodian that is approved by the NYDFS; hold virtual currencies of the same type and amount as what is owed to the beneficiaries; and not sell, lend or assign virtual currencies held on behalf of others except at the direction of the beneficiary.116 Licensees are also subject to supervision of the NYDFS, which includes periodic examinations and the submission of financial and transactional information to the NYDFS.117

Notwithstanding this extensive regulation, it should be noted that, depending on the nature of a licensee's activities, the NYDFS may require an entity that has received a BitLicense to also obtain a New York MTL. Moreover, as an alternative to the BitLicense, the NYDFS also has licensed a handful of trust companies to engage in certain virtual currency trading and custody activities. Although applicants for a trust company licence must meet a particularly high standard, there is an advantage to the trust company licence in that many (but not all) states do not require licences for trust companies that are chartered and supervised in another state.

In December 2019, the NYDFS announced that it was beginning to review its BitLicense regulations for potential updates and revisions.118 The NYDFS also announced proposed guidance to reduce its direct oversight when a current licensee wishes to expand its products or services to a new type of virtual currency.119 Under the current BitLicense regulations, NYDFS approval is required prior to a licensee introducing any materially new product, service or activity or making a material change to an existing product, service or activity.120

Under the proposed guidance, the NYDFS will maintain a public list of approved virtual currencies, and current licensees may engage in new activities concerning these approved currencies without seeking prior approval from the NYDFS as a material change. Further, the proposed guidance also includes a process that allows licensees to avoid prior regulatory approval for new activities in connection with virtual currencies not on the NYDFS prior approval list. The proposed guidance will include a model coin-listing or adoption policy framework that addresses minimum requirements for board governance, engaging in independent risk assessments prior to expanding products and services, and engaging in ongoing monitoring of new products and services. If a licensee has previously had their coin-listing or adoption policy approved by the NYDFS and the licensee self-certifies it has complied with that policy, prior approval by the NYDFS would not be required to support a new virtual currency.

Wyoming SPDI

On the opposite end of the spectrum from New York is Wyoming, which has been aggressive in adopting legislation to make the state hospitable to virtual currency activities.121 As discussed below, Wyoming has broadly exempted virtual currency activities from its money transmission laws; however, companies may seek to opt into supervision by the Wyoming Department of Banking by obtaining a Special Purpose Depository Institution (SPDI) charter. An SPDI is a limited-purpose banking charter that is specifically targeted to companies that engage or seek to engage in virtual currency activities. Wyoming virtual currency advocates have stated that their goal is make Wyoming the jurisdiction of choice for virtual currency companies similar to how Delaware and South Dakota attracted credit card companies in the 1980s.122 SPDI applicants are exempted under state law from obtaining FDIC deposit insurance removing a key obstacle for most state de novo charter applications.

Among other powers, an SPDI may act as a custodian or fiduciary, and may accept deposits if they are in connection with its virtual currency activities. SPDIs are prohibited from lending. SPDIs must have liquid assets equal to 100 per cent of their custodial and deposit liability. They must also have sufficient capital, which is generally determined by the Wyoming Department of Banking on a case-by-case basis. The Wyoming Division of Banking has stated it expects approved applicants will have a minimum of US$10 million in capital and potentially more depending on the amount of anticipated assets under management or custody.123 SPDIs must also have a resolution plan (i.e., living will) that is updated annually.124 As at May 2020, no entity has received an SPDI charter. It remains to be seen how federal regulators, other states and the industry respond to the SPDI charter.

Inclusive legislation

As an alternative to a new and separate regulatory regime, a number of other states have amended their MTL statutes broadly to include the receipt of virtual currencies for transmission or the issuance or the sale of virtual currencies as stored value.125 Such amendments typically revise the statutory definitions of money or money transmission to include the concept of virtual currencies, and add virtual currency as an additional defined term to the statute.126 It is important to note that several, but not all, state MTL statutes exempt licensed broker-dealers to some degree,127 and some states also recognise exceptions for agents of the payee128 or payment processors.129 Some virtual currency businesses therefore may be able to take advantage of these and other exceptions on state-by-state or activity-by-activity bases, or both.

In regard to the various types of potential virtual currency activities and whether they are subject to regulation in these states, states generally do not cover end users of a virtual currency (e.g., merchants that accept a virtual currency in payment for goods or services, individuals who use a virtual currency to make such payments and investors who purchase a virtual currency for their own portfolios), but transmitting or maintaining control of virtual currencies for others typically is a covered activity under such regimes,130 which may be interpreted as covering both purchases and sales of virtual currencies on behalf of others.131

Licensees under these state MTL regimes are also subject to certain compliance requirements. Based on the plain text of money transmitter statutes and regulations, these requirements are generally not quite as extensive as those required for a New York BitLicense, but state regulators typically have discretion to require additional controls as a condition of licensing. Common examples of the relevant statutory or regulatory requirements include the following: holding permissible investments in an amount equivalent to funds received from senders; maintaining a sufficient net worth, which is often at a statutorily specified amount rather than an amount that is specific to the licensee; maintaining a sufficient surety bond; and meeting certain record retention requirements. In certain states, money transmitters are also required to maintain certain policies and procedures, provide a receipt with each transaction and provide certain disclosures. State money transmitter licensees are also subject to periodic examinations, and must submit financial and transactional information to the supervising agencies.

For licensees that engage in virtual currency activities, compliance with these requirements can pose challenges in states that have not made accommodations for the unique attributes of virtual currencies that decades-old MTL statutes were not designed to address. For example, if a licensee holds a virtual currency for a customer and the state regulator views that holding as an outstanding obligation of the licensee to the customer, state regulations will typically require, as indicated above, that the licensee hold certain eligible investments in an amount equal to the outstanding obligation. For traditional licensees, that typically means holding customer funds in insured bank accounts, US Treasury securities or the like. While most states have concluded that it is permissible to hold a 'like-kind' investment of a virtual currency when the licensee has an obligation to deliver a virtual currency to a customer,132 that is not uniformly the case, leading to significant duplicate collateralisation requirements in Hawaii, for example.133

Inclusive regulatory guidance

At least one state has issued regulatory guidance broadly classifying virtual currencies as money and subject to the state's money transmission laws.134 Other states have taken a more nuanced position, covering some activities related to virtual currencies, but not others. For example, a line of guidance initially promulgated by Texas and adopted by several other states135 distinguishes between decentralised and centralised virtual currencies. The guidance concludes that decentralised virtual currencies do not qualify as money under the respective state MTL statutes because they are not a currency as defined by the state law: that is, the coin or paper money of the United States or any other country.136 As decentralised virtual currencies are not money, their transmission therefore is not money transmission.137

However, the guidance further notes that transactions involving decentralised virtual currencies that also involve the exchange of legal tender could constitute money transmission if the transactions involved more than two parties.138 Under this line of guidance, the direct purchase and sale of virtual currencies as principal, the acceptance of virtual currencies for goods or services, the mere custody of virtual currencies and the exchange of one virtual currency for another virtual currency are not money transmission activities.139 However, the sale of virtual currencies through an exchange for legal tender would be considered money transmission.140

As for centralised virtual currencies issued by a private party, the guidance generally declines to adopt a broad position given the numerous potential variations in structure.141 Instead, it generally defers making a judgement until the regulator is presented with the specific facts and circumstances at issue.142 Texas' recently updated guidance has clarified that one particular type of centralised virtual currency, stablecoin, does qualify as money and is regulated if its value is tied to fiat currency and it is redeemable for such currency.143 Other state regulators have informally indicated they would likely adopt a similar position.

Exemptive legislation

As noted above, Wyoming has broadly exempted from its money transmission laws the buying, selling, issuing or taking custody of virtual currency144 and has adopted other legislation to facilitate the use of virtual currencies.145 New Hampshire and Utah also exclude virtual currency from their money transmission laws,146 but New Hampshire's relevant state regulator has interpreted the exemption narrowly.147

Exemptive regulatory guidance

A handful of other states have taken a broadly exemptive approach as a regulatory matter. For example, Pennsylvania has held through regulatory guidance that virtual currency exchanges do not need a money transmitter licence for facilitating transactions between buyers and sellers of virtual currencies based on the position that maintaining a clearing account for fiat currency at a depository institution does not require licensing because the exchange never directly handles fiat currency.148

No position

At present, not every state has taken a position, either through legislation or the actions of a regulator, regarding the application of MTL statutes to virtual currencies. Most notably, the CDBO has indicated that it is reserving judgement regarding the potential application of the California MTL statute to many virtual currency activities and the necessity of obtaining a licence.149 In response, some virtual currency companies are moving forward with virtual currency activities in California pending a determination by the CDBO that the California MTL statute applies to such activities and that a licence is required.

Uniform Regulation of Virtual-Currency Business Act

As reflected above, states have adopted a broad range of regulatory approaches. As virtual currencies mature and gain wider acceptance, more states may move to adopt a separate regulatory regime for virtual currencies or otherwise update their already enacted regulatory regimes. During such a process, states may look to the Uniform Act referenced above for guidance.150 Indeed, the Uniform Act has been adopted in Rhode Island151 and legislation to adopt the Uniform Act has been introduced in a number of states.152

The substance of the Uniform Act is heavily influenced by New York's BitLicense licensing regime, state money transmitter licensing regimes and the CSBS Model Regulatory Framework. Under the Uniform Act, a licence is required to 'engage in virtual-currency business activity'.153 The Uniform Act incorporates the concept of licensing reciprocity between states, so a separate licence may not be required for every state if the proposal is adopted as drafted.154 The Uniform Act generally defines a virtual currency as a digital unit used as a medium of exchange or stored value, and includes both centralised and decentralised currencies.155 Similar to the BitLicense regulation, the definition also excludes a customer affinity or rewards programme that cannot be converted into legal tender or a virtual currency, and digital units used within gaming platforms that have no real-world value and cannot be converted into real-world value or a virtual currency.156 Unlike the BitLicense regulation, but similar to other states that have amended their money transmission statutes, the Uniform Act does not explicitly exclude prepaid cards that are issued or redeemable in legal tender.

The definition of virtual currency business activity – the activity that gives rise to the licensing requirement – includes 'exchanging, transferring, or storing virtual currency or engaging in virtual currency administration'.157 The definition also explicitly includes issuing, or holding on behalf of others, electronic certificates representing an interest in precious metals .158 As with the BitLicense regulation and several amended MTL statutes, the Uniform Act also excludes from the definition of virtual currency business activity direct purchases of goods and services using a virtual currency, the direct purchase of a virtual currency as an investment and persons whose activities are limited to the development or issuance of software.159 The Uniform Act also provides a number of additional exceptions. Among the exceptions, several worth highlighting are those for:

  1. registered broker-dealers or other securities and commodities intermediaries under the Uniform Commercial Code that do not engage in the ordinary course of business in virtual currency business activity in addition to maintaining securities accounts or commodities accounts;
  2. a licensed money transmitter;
  3. a payment processor that facilitates clearing and settlement between exempt entities;
  4. entities whose activity in the jurisdiction is associated with annual transactions that have a value of US$5,000 or less;
  5. a virtual currency control-services vendor; and
  6. an entity that does not receive compensation for providing virtual currency products or services.160

As with state licences generally, the Uniform Act also imposes certain substantive compliance requirements, including:

  1. maintaining a sufficient net worth and reserves as is determined necessary by the relevant regulator;161
  2. maintaining sufficient AML, customer identification, cybersecurity, complaint programmes and anti-fraud programmes;162
  3. providing certain disclosures and receipts in connection with transactions;163
  4. maintaining certain written policies and procedures;164
  5. maintaining a sufficient surety bond;165 and
  6. meeting certain record retention requirements.166

Licensees that hold virtual currencies on behalf of others are also required to hold virtual currencies of the same type and amount as what is owed to the beneficiary.167