The financial services industry is undergoing rapid technological change in meeting and anticipating business opportunities and needs, consumer demands and expectations, and demographic trends. One of the most important new technologies is virtual currency ("VC"), which, beginning with Bitcoin in 2008, has quickly exploded into an emerging financial ecosystem composed of an increasing variety of currencies not backed by any government, tokens, and peer-to-peer payment systems networks. VCs and the blockchain ledger technology underlying them create new possibilities for peer-to-peer payment systems, money transmission, mobile payment systems, smart contracts, and many other innovations and applications, with the potential to benefit not only purchasers and sellers of VC, but also investors in VC business activity, and perhaps more significantly, consumers. VC businesses and VCs themselves have achieved considerable market penetration. Transactions in Bitcoin alone exceed $2 billion per day in volume,1 and many payment systems providers, such as PayPal, accept VC payments.2

However, the advent of VCs has also brought significant concerns from, among others, governments, regulators, and law enforcement authorities, regarding potentially illegal activities related to the use of these currencies. This regulatory focus has centered on how VC related businesses and activities generally fit within the framework of established financial services laws – primarily banking, securities, commodities, money transmission, anti-money laundering, broker-dealer, cybersecurity, lending, and commercial laws. In this light, the growing legal and regulatory challenges seem clear – balancing an approach that fosters responsible development of innovative technology that spurs potentially significant benefits with an effective legal and regulatory framework that addresses consumer protection, allows businesses to grow and innovate, and protects the financial system as a whole.

This memorandum highlights ten recent legal and regulatory developments in the emerging VC legal and regulatory framework that are significant for industry participants, investors, and regulators.

VCs are commodities, subject to certain commodities laws within the CFTC’s jurisdiction.

The CFTC has asserted that Bitcoin and other VCs are commodities since 2015.3 However, it is only within the last few months that the first court in the United States issued an opinion confirming the CFTC’s position.4 In CFTC v. McDonnell et. al, a VC business claimed that the CFTC did not have the right to assert jurisdiction because the business was not engaged in the sale of commodity derivatives. The court held that VCs are commodities, and pointed out that the CEA allows the CFTC jurisdiction over spot sales of commodities – not only over derivatives referencing commodities – in cases of fraud or manipulation.5

VC exchangers and administrators are subject to FinCEN BSA/AML requirements.

FinCEN issued guidance in March 2013 that explicitly provided that exchangers and administrators of VC are subject to BSA/AML requirements, but that users of VC are not.6 FinCEN recently confirmed this position in a letter to Senator Ron Wyden, in which it summarized certain requirements that apply to VC businesses, including registering with FinCEN as money services businesses, preparing and implementing written AML compliance programs, filing BSA reports (including suspicious activity and currency transaction reports), keeping certain records, and obtaining customer identification information.7 FinCEN also stressed that it would work with other regulators, such as the SEC and the CFTC, to ensure that entities subject to those agencies’ regulatory regimes comply with the BSA requirements that apply to them.

VC businesses are often subject to state money transmitter laws.

Although FinCEN registers and regulates money services businesses, states have long been the primary regulators of money transmitters.8 However, while most states have some regulation in place for money transmitters and other money services providers, state practices vary considerably with respect to the breadth of regulation but also, importantly, on the definition of which entities are subject to regulation in the first place.9 Therefore, VC businesses, which by their nature operate without regard to state (and often national) boundaries, likely need to consult each state’s money transmitter laws to determine their licensing and compliance requirements.

Some harmonization of state requirements is at least on the horizon. The Conference of State Bank Supervisors (“CSBS”) issued a proposal called “Vision 2020” in which states would sign up to a voluntary compact to jointly license and examine money transmitters such that entities licensed in any of the states in the compact would be subject to the same requirements.10 Also, the Uniform Law Commission has produced and refined a Uniform Virtual Currency Businesses Act which, as of this writing, has been introduced in the legislatures of three states, but has not yet been enacted in any.11

VC trading exchanges currently have options for charters or licenses and may have more options in the future.

After receiving inquiries and engaging in an information gathering process, the New York Department of Financial Services (“NYDFS”) granted a charter to itBit Trust Company LLC (since then renamed Paxos)12 under its authority to grant limited special-purpose trust company charters such that itBit could operate a digital Bitcoin exchange.13 Subsequently, the NYDFS refined its application process and regulatory requirements and offered the “BitLicense” under an integrated regulatory framework. A number of VC businesses have received a BitLicense since 2015, including Circle and Coinbase. 14

At the federal level, the Office of the Comptroller of the Currency (“OCC”) has sought to exercise its authority to offer a fintech charter that would provide an alternative to state licensing for fintech companies, potentially including many or most VC businesses.15 The OCC has not yet issued its first fintech charter, however, amid lawsuits against it regarding the proposed fintech charter from both the NYDFS and the CSBS.16 

When VC businesses raise funds through ICOs, the tokens or other digital assets they issue may be securities subject to the federal and state securities laws.

SEC developments

While VCs are generally viewed as commodities, as discussed above, so-called digital “tokens,” issued by VC businesses in initial coin offerings and initial token offerings, are almost always securities. The SEC’s view was explained by Chair Clayton during Congressional testimony:

[T]here are different types of cryptoassets. Let me try and divide them into two areas, as I’ve tried to do in the past. A pure medium of exchange – the one that's most often cited is Bitcoin – as a replacement for currency; that has been determined by most people to not be a security.

Then there are tokens, which are used to finance projects. I've been on the record saying there are very few, there’s none that I've seen, tokens that aren't securities. To the extent something is a security, we should regulate it as a security, and our securities regulations are disclosure-based, and people should follow those and provide the information that we require.17

While some VC businesses have engaged in ICOs without taking SEC requirements into account, the SEC has been consistent in its words and actions that tokens are securities.18 If a VC business uses investors’ funds to begin or fund its operations, and offers its investors the potential to benefit from such operations (other than by using the coin or token solely to consume the venture’s products or services), the investment will likely constitute an investment in a security, regardless of whether the investors receive fiat currency, VC, tokens, or something else. Therefore, the SEC requires ICOs to either be registered, or to meet an existing exemption to SEC registration. Private placements under Regulation D19 or Regulation A20 are options; potentially, Regulation Crowdfunding provides another, though only for issuances under $1,070,000 that meet certain other requirements. 21

State securities law developments

States have made clear that they also regulate ICOs and similar offerings of VC business investment products. The North American Securities Administrators Association (“NASAA”) announced that U.S. state and Canadian provincial securities regulators have recently participated in an international sweep of ICOs and cryptocurrency investments.22 A task force began a coordinated series of investigations into ICOs and cryptocurrency-related investment products in April 2018, and 35 pending or completed enforcement actions resulted.23 The NASAA statement lists ten states and three provinces that initiated enforcement actions in recent months under the sweep.24

Online trading platforms for trading digital assets may be subject to registration requirements and ongoing regulation as securities exchanges or broker-dealers.

The SEC recently released a statement regarding online platforms that investors can use to buy digital assets sold in ICOs, including both coins and tokens.25 Because, as discussed above, these assets are generally viewed by the SEC as securities, the platforms that allow them to be exchanged, or that match buyers and sellers, may have to register as a national securities exchange or an alternative trading system governed by Regulation ATS.26 ATSs are required to register as broker-dealers with the SEC, and are subject to various broker-dealer requirements under the Securities Exchange Act. 27

ETFs that track the value of VCs cannot be listed on securities exchanges because of current SEC concerns about fraud and manipulation.

In March 2017, the BATS exchange applied to the SEC to permit a rule change that would allow BATS to list shares of an ETF, the Winklevoss Bitcoin Trust, that would hold Bitcoin as assets and issue shares that would track the value of the underlying Bitcoin.28 After a public notice and comment period, the SEC issued an order denying the request due to its concerns about the possibility of “fraudulent and manipulative acts and practices” and because “the significant markets for bitcoin are unregulated.” 29 The SEC asserted that BATS would be unable to enter into “surveillance-sharing agreements” to help prevent fraud and manipulation.30 

The crypto lending industry is expanding.

Startups and other lenders in the United States and around the world are pioneering a business model in which the lender extends credit to “hodlers” – a deliberate misspelling of “holders” that is often used to refer to VC investors who hold VC for the long term – with the VC as the collateral for the loan.31 Other crypto lenders act as loan brokers, matching VC holders with potential borrowers of VC itself.32 Despite declines in value of Bitcoin and other VCs in the last six months, as reported, these lenders generally claim low delinquency rates – even zero loan losses, in some cases.33 Crypto lenders in the United States should, and sometimes do, seek state lending licenses in states that require licenses for their business model.34

Many VC businesses are required to implement cybersecurity measures that meet certain minimum legal standards.

NYDFS imposes minimum requirements related to cybersecurity on any entity that it charters or licenses, including those chartered as special purpose trust companies and those holding a BitLicense.35 These requirements include, among other things, preparing and implementing a written cybersecurity policy, designating a chief information security officer, reporting certain cybersecurity events (such as data breaches) to NYDFS, maintaining certain required records, and preparing and implementing written policies and procedures regarding third-party vendors and service providers.36

VC businesses and activities sometimes see restrictions on their advertising.

Certain VC related advertisements have recently been banned by social media and other websites – including giants Facebook and Google.37 These restrictions, which in Google’s case apply to, among other things, ICOs, likely reflect the SEC’s recent statements and actions, discussed above, regarding ICOs and token offerings. The restrictions also reflect the sites’ caution in the face of some fraudulent use of VC, and the sites’ desire to avoid association with any misleading or deceptive advertising.38

However, there is no reason for potential VC business customers or investors to assume that all advertising of VC and VC businesses is fraudulent. Whether VC businesses will attempt to resort to legal remedies for advertising restrictions – and what legal remedies, if any, are available – remains unclear.