In its annual report of examination priorities issued in late December 2018, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations said that digital assets, cybersecurity and anti-money laundering programs would be among its top focus during its 2019 reviews of registrants. Among other things, OCIE said it would “monitor” the trading, offer and sale and management of cryptoassets, and where digital assets were securities, review for regulatory compliance. OCIE indicated it would concentrate on the safety of client funds and assets; pricing of digital assets; and compliance and internal controls for firms actively engaged in cryptoasset markets.

OCIE noted that, in focusing on cybersecurity, it will key in on the “proper configuration of network storage devices,” information security governance, and policies and procedures concerning retail trading information security, among other matters. It will also especially review cybersecurity practices at investment advisers with multiple branch offices, as well as risk assessment, access rights and controls, vendor management, training and incident response.

OCIE additionally said that, in 2019, it will prioritize on matters important to retail investors in its examinations, such as disclosure of fees and expenses and the costs of investing, conflicts of interest, and senior investors and retirement accounts and products. It will also review compliance and risk at critical market infrastructures (i.e., clearing agencies, transfer agents and national securities exchanges) and focus on select areas and programs of the Financial Industry Regulatory Authority and the Municipal Securities Rulemaking Board.

In other legal developments regarding cryptoassets:

  • Congressmen Propose Law to Exclude Certain Cryptoassets from the Definition of a Security: Just prior to the expiration of the 115th Congress in 2018, Congressmen Darren Soto and Warren Davidson proposed legislation that would expressly define a digital token and make clear that securities laws would not ordinarily apply to digital assets issued on behalf of a project using a blockchain application once it becomes functional. Under the proposed legislation, a digital token would expressly be excluded from the definition of a security under applicable securities laws provided it did not represent a financial interest in a company, including an ownership or debt instrument or revenue share. To potentially become a law, the proposed legislation will have to be reintroduced during the current 116th term of Congress.
  • NY May Reconsider BitLicense: New York State adopted a law to establish a task force to consider how to effectively regulate cryptocurrencies. The task force will consist of nine persons appointed by New York’s governor, state senate and state assembly, and will be required to submit a report that, among other things, will evaluate laws and regulations of other states and foreign countries, and potentially make legislative and regulatory recommendations “to increase transparency and security, enhance consumer protection, and to address the long-term impact related to the use of cryptocurrency.” The report is due by December 15, 2020. New York was the first state to comprehensively regulate persons engaged in a virtual currency business when it adopted its so-called “BitLicense” framework in 2015. (Click here for further background regarding NY’s BitLicense requirements in the article “New York BitLicense Regulations Virtually Certain to Significantly Impact Transactions in Virtual Currencies” in a July 8, 2015 Advisory by Katten Muchin Rosenman, LLP.)
  • Texas Clarifies Application of Money Transmission Requirements to Transactions Involving Virtual Currencies: The Texas Department of Banking clarified that not all transactions involving virtual currencies require licensing under the state’s laws pertaining to money transmission. According to the guidance, an exchange of crytpocurrency for fiat currency or one cryptocurrency for another is not money transmission. This is because there is no receipt of sovereign currency by either party with a promise to make it available at a later time. This would appear to exclude dealing type activities from licensing requirements. Likewise, the guidance indicated that transfers of virtual currencies by themselves are not money transmission, as the activity does not involve the receipt or exchange of fiat money or monetary value with a promise to make it available at a later time or different location. However, a cryptoasset exchange that receives fiat currency, holds it until a crtypocurrency transaction has been consummated and then sends the fiat currency to a third party would be required to obtain a money transmission license – not because of the virtual currency activity but because of the fiat currency activity. Issuance of a stablecoin backed by a fiat currency may require a money transmission license depending on the nature of the redemption rights for the sovereign currency (e.g., if the holder has a claim that can be converted into money or monetary value).
  • UK Issues Guidance on Taxation of Cryptoassets: The principal United Kingdom Tax Authority – Her Majesty’s Revenue & Customs – issued guidance on the tax treatment of cryptoassets for individuals. Generally, individuals holding cryptoassets as a personal investment hoping for an appreciation in value would be expected to pay capital gains tax when they liquidate their investment. Individuals who receive cryptoassets as a form of compensation from their employer will be liable to pay income tax and national insurance contributions. Cryptocurrencies awarded as part of mining activity or airdrops would be subject to different tax treatments depending on the circumstances of receipt.

Compliance Weeds: The beginning of every year provides a natural opportunity for registrants to review their written policies and procedures to ensure they still reflect actual practices. It is easy, over time, for policies and procedures to go stale. Unfortunately, if something goes wrong, it will not be helpful to have actual practices that are inconsistent with written policies, or written policies that are so generic they provide no real basis for actual practices. Ensuring that policies and procedures address hot button issues identified by regulators in summaries of examination priorities – such as the OCIE’s 2019 examination priorities – is also advisable.