This summer, US and international regulators have brought enforcement actions, issued guidance and explanatory documents, and sharpened previously-taken positions regarding regulation of cryptocurrency and crypto-tokens under the anti-money laundering, derivatives, securities, and tax laws. These actions provide a better sense of the way in which US regulators will approach the blockchain and digital asset space going forward, but also leave many unanswered questions.
These recent actions indicate increased regulatory risk for certain types of activities. Companies that have made or are contemplating making initial coin offerings or cryptocurrency investments should assess these activities in light of these new regulatory pronouncements. But overall, this latest round of regulatory actions may provide greater regulatory certainty and a better understanding of regulatory priorities, which in turn can provide innovators and early adopters a clearer legal framework within which to operate.
On July 26, 2017, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury assessed a civil monetary penalty of $110,003,314 against Canton Business Corporation, more widely known as the cryptocurrency exchange BTC-e, and a $12,000,000 penalty against Alexander Vinnik, a Russian national who allegedly controlled, directed, and supervised BTC-e’s operations, finances, and accounts. On the same day, a 21-count criminal indictment against BTC-e and Mr. Vinnik was unsealed, and Mr. Vinnik was arrested in Greece. BTC-e is one of the largest virtual currency exchanges by volume in the world, but US regulators concluded—and prosecutors charged—that it was not operating in compliance with US Bank Secrecy Act (BSA) regulations.
FinCEN’s actions highlight the previously unspoken principle that a foreign entity operating as a money services business (MSB) with activities in the United States will be subject to regulation under the BSA. The BTC-e action is the first supervisory action against a foreign entity operating as an MSB with activities in the United States. According to FinCEN, BTC-e lacked basic controls to prevent the use of its services for illicit purposes and, as a result, purportedly maintained a customer base of criminals who concealed and laundered proceeds from crimes such as ransomware, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking, none of which BTC-e reported to FinCEN and law enforcement. FinCEN asserted jurisdiction on the grounds that BTC-e processed substantial transactions (approximately $296 million) involving US customers.
FinCEN found that BTC-e failed to comply with US laws in a number of ways: BTC-e failed to register as a money services business (MSB), failed to maintain an effective anti-money laundering (AML) program, failed to file suspicious activity reports (SARs), and failed to keep transaction records. The case demonstrates the continued importance of FinCEN’s BSA regulatory framework to companies in the technology sector that facilitate transactions in virtual currency. FinCEN’s 2013 regulatory guidance on administering, exchanging, and using virtual currency and subsequent statements make clear that FinCEN will enforce AML requirements against MSBs/money transmitters (MTs), with particular scrutiny on exchanges of virtual currency and systems providing services for such exchanges.
FinCEN’s recent actions make clear that the agency will seek to ensure that any cryptocurrency exchange doing substantial business with US customers needs to register with FinCEN and comply with the BSA. Companies that facilitate transactions in virtual currency should review FinCEN’s guidance and obtain compliance advice and counsel when necessary.
Commodities and Derivatives Regulation
The Commodity Futures Trading Commission (CFTC) has been relatively quiet since opening several investigations of cryptocurrency exchanges and settling a high-profile enforcement action against cryptocurrency exchange BitFinex over a year ago. However, the CFTC made waves in July when it granted LedgerX LLC (LedgerX) permission to register as a Swap Execution Facility (SEF) and as a Derivatives Clearing Organization (DCO) for bitcoin based swaps. Effectively, this makes LedgerX the first bitcoin options exchange and clearinghouse to become approved by US regulators.
In August, the Chicago Board Options Exchange (CBOE) ventured into the digital asset space, announcing an agreement with Gemini Trust Company, LLC (Gemini) under which the CBOE will have an exclusive global license to use Gemini’s bitcoin market data for bitcoin derivatives and indices. CBOE will have a multi-year exclusive global license permitting it to use Gemini’s market data, including Gemini daily bitcoin auction values, in the creation of bitcoin derivatives products for listing and trading. Assuming regulatory approval by the CFTC, the CBOE plans to make bitcoin futures available for trading in late 2017 or early 2018. Both companies plan to explore other bitcoin derivatives opportunities.
The recent announcements by the CFTC and the CBOE appear to be driven by the exponential growth in market demand for investments in digital assets and particularly in digital currencies. The substantial growth of the trading volume of the bitcoin and other cryptocurrency markets will intensify regulators’ attention on these markets and protection of traders and investors, and will incentivize market-makers like the CBOE to develop options for investors.
These actions by the CFTC and the CBOE show an increased willingness by the commodities trading community to embrace cryptocurrency as a new asset class. The CFTC’s actions, in particular, may also signal that its regulatory oversight process will be the primary vehicle for setting policy and a regulatory framework for cryptocurrency and blockchain activities.
Securities and Initial Coin Offerings
The SEC took initial steps to clarify the regulatory environment surrounding ICOs, focusing first on what are generally referred to as “equity” tokens, leaving open questions about what are typically referred to as “utility” tokens.
In late July, in an Investigative Report on the Distributed Autonomous Organization (DAO), the Securities and Exchange Commission (SEC) announced its position that “offers and sales of digital assets by ‘virtual’ organizations are subject to the requirements of the federal securities laws.” Although not a surprise, the SEC’s statement affirms that companies seeking to involve US investors in an initial coin offering (ICO) must register offerings with the SEC or qualify for an exemption.
The SEC focused its recent study on the token offering by the DAO in April-May 2016. The DAO was built on top of the Ethereum blockchain by the German unincorporated organization Slock.it, and the success of its token offering ushered in the current wave of ICO activity. Questions about the application of US securities laws surrounded the DAO offering since its initial announcement. The SEC’s report found that the DAO “may have violated federal securities laws,” but it decided against pursuing an enforcement action, choosing instead to use the DAO as guidance for future ICOs.
The DAO tokens are commonly considered to be “equity” tokens, as opposed to “utility” tokens, so the DAO Investigative Report leaves open questions concerning how US securities laws will apply to “utility” tokens. Aside from the securities registration issues, the DAO suffered a breach—or more accurately, an exploitation of a flaw in its code—involving the loss of $50 million in Ether, but the SEC report did not make any findings with respect to that breach.
On the same day as the DAO Investigative Report, the SEC released an Investor Bulletin that provided recommendations for companies looking to issue tokens through an ICO, including the following:
- The SEC will interpret certain ICOs, such as the DAO offering, as the offer and sale of securities.
- If the tokens issued as part of the ICO can be considered securities, then the virtual coins or tokens must be registered with the SEC, or the sale must be made pursuant to an exemption from registration.
- Companies planning ICOs should carefully review the criteria for exemptions from registration, including the provisions relating to accredited investors and other restrictions involving net worth or income requirements, and should satisfy the criteria for those exemptions for US investors should the token be considered a security.
- The SEC will likely scrutinize representations that particular ICO offerings are exempt from registration.
- Sales of tokens as part of crowdfunding should adhere to the requirements of the SEC’s crowdfunding regulations (called Regulation Crowdfunding) and other relevant securities laws.
- If the virtual token or coin is a security, “investment professionals and their firms who offer, transact in, or advise on investments” must be licensed or registered in accordance with federal and state securities laws.
- The SEC will scrutinize what it considers to be “jargon-laden pitches, hard sells, and promises of outsized returns.”
The SEC also made recommendations as to what investors should look for in a white paper or other offering document: (1) a clear business plan, (2) description of rights that accompany the token or coin, (3) options for liquidating an investment, (4) publicly available information regarding the blockchain and code, and (5) an independent cybersecurity audit.
The SEC released a third document on August 28, titled “Investor Alert: Public Companies Making ICO-Related Claims,” warning investors about potential “pump-and-dump” ICO scams in which an insider or offeror circulates fake information meant to increase the coin’s value, and then sells the coin at the inflated value. The SEC recently suspended the trading of First Bitcoin Capital Corp., CIAO Group, Strategic Global, and Sunshine Capital in connection with allegedly suspicious news releases and claims made by the companies.
Taken together, the SEC’s DAO Investigation Report, Investor Bulletin on ICOs, and Investor Alert on ICOs represent the SEC’s opening foray into regulating the growing use of ICOs by a range of different companies.
Foreign regulators also took steps this summer. On the one hand, regulators in Canada, Hong Kong, and Singapore issued statements similar in substance to the SEC’s guidance. For example, the Canadian Securities Administrators (CSA) released a six page staff notice similar to the SEC’s report, stating that ICOs are likely to be regulated as securities. (Note that Canada has also created regulatory sandboxes whereby new digital currency companies can test their products on a limited scale before facing all applicable regulations). The Hong Kong Securities and Futures Commission issued a similar statement, noting that “depending on the facts and circumstances of an ICO, digital tokens that are offered or sold may be ‘securities’ as defined in the Securities and Futures Ordinance (SFO), and subject to the securities laws of Hong Kong.” Singapore regulators offered a clarifying statement to the effect that “the offer or issue of digital tokens in Singapore will be regulated by [The Monetary Authority of Singapore] if the digital tokens constitute products regulated under the Securities and Futures Act.”
By contrast, Chinese and South Korean regulators were less measured. On September 4, the Chinese government halted “all types of currency issuance financing activities,” prohibited traditional financial institutions from working with digital currency offerings, and demanded that ICO funding be returned to investors. South Korea’s Financial Supervisory Commission also announced bold limitations on digital currencies, including penalties for ICOs that raise funds in the form of stock issuances, increased regulations for domestic coin trading, heightened oversight of remittances made through digital currencies, and additional scrutiny of alleged data breaches of coin operators.
Overall, the SEC’s initial focus seems to be on equity tokens and fraud; still pending is SEC guidance or views regarding utility tokens. While the SEC’s approach is more measured than that of regulators in China and South Korea, the SEC documents leave open as many issues as they resolve. Nevertheless, the report and investor guidance are useful for both investors and entrepreneurs, and it is expected that the SEC will continue to issue guidance—and to conduct investigations—in the area of ICOs.
The taxation of virtual currencies became a hot topic this past year. In 2014, the Internal Revenue Service (IRS) issued a Notice indicating that virtual currency is treated as property (not currency) for tax purposes, but gave little additional guidance. In the fall of 2016, the Treasury Inspector General for Tax Administration (TIGTA) issued a report critical of the IRS’s lack of additional efforts on virtual currency since then, such as developing an overall virtual currency strategy and taking other actions to help taxpayers understand the virtual currency rules and ensure taxpayer compliance.
Following the TIGTA report, rather than issue guidance to help taxpayer understanding and compliance, the IRS began a sweeping enforcement action against virtual currency users. In November 2016, the IRS filed an open-ended summons on Coinbase, one of the world’s largest digital asset exchange companies, seeking essentially all information about its customers’ activities and accounts. While the IRS has since narrowed the scope of its sweeping fishing expedition, its enforcement-sided approach to the industry remains troubling.
The IRS’s enforcement actions have brought increased focus on the lack of clear guidance on the policy side, including from Congress. Recently, members of Congress, including the chairs of the tax writing committees and the chairs of the Congressional Blockchain Caucus have criticized the IRS’s enforcement-sided approach and failure to issue additional guidance on the policy side. On September 7, representatives Jared Polis (D-CO) and David Schweikert (R-AZ) introduced the Cryptocurrency Tax Fairness Act that would create a tax exemption for cryptocurrency transactions under $600. We expect Congress and the IRS will increase their policy efforts regarding the taxation of virtual currency going forward.
As a note, Steptoe held its first Blockchain and Tax Workshop on September 12 in Washington, DC, discussing how IRS rules may apply to cryptocurrency transactions, crypto-token investments, and ICOs, among other issues. Steptoe is planning a follow-up workshop in New York City later this year.
Taken together, these regulatory actions and guidance documents indicate a new level of regulatory focus on blockchain and cryptocurrency. While many questions remain, these new regulatory actions and guidance documents indicate:
- A renewed seriousness of purpose around US Bank Secrecy Act compliance for companies servicing US customers, particularly as it pertains to cryptocurrency exchanges or private placement platforms, regardless of where those exchanges or platforms are based;
- An emerging regulatory acceptance of cryptocurrency and crypto-tokens as a new asset class recognized under US commodities and derivatives law;
- An emerging structure for securities law compliance for initial coin offerings; and
- An evolving approach to cryptocurrency taxation that has implications for commerce, as well as for holders of large amounts of cryptocurrency.
Individuals and companies handling or contemplating the handling, purchase, sale, exchange, or brokering of cryptocurrency transactions, involvement in initial coin offerings or other types of token issuances, or creation of cryptocurrency and cryptotoken investment vehicles, and companies contemplating other types of blockchain-based transactions would be well-served by a consultation with experienced blockchain and digital currency attorneys.