The blockchain market in the USA is comprised of a number of different components, each with their own status and level of development. Overall, each of these components saw significant activity during the past 12 months.
The United States is home to many global, market-leading blockchain companies, including:
The USA has also been a centre of innovation with respect to integrating blockchain and digital assets into traditional financial services, with the development of JP Coin, the use of the Symbiont Assembly platform by Vanguard for both ABS issuances and the programmatic rebalancing of index funds, and the emergence of national banks such as Vast Bank N.A. and state-chartered banks such as Payward Financial, Inc. and Avanti Bank that are focused on digital assets.
In addition, DeFi has exploded and the use of blockchain technology to unlock, access and use dormant value in layered strategies composed of transactions involving multiple protocols and steps has captured the imagination of sophisticated digital asset market participants as well as traditional financial institutions.
Regulatory treatment with respect to blockchain and digital assets will continue to have a significant impact on the above-mentioned sectors over the next 12 months. This is especially true as appointees under the new executive branch administration settle in to place and establish their agendas for digital assets. In particular, significant regulatory activity is expected from the Securities and Exchange Commission (SEC), the Office of the Comptroller of the Currency (OCC), the Financial Crimes Enforcement Network (FinCEN), the Consumer Financial Protection Bureau (CFPB) and other federal regulators with respect to digital assets. US regulators are expected to focus on providing clarity to market participants regarding the classification of digital assets and the rules that apply. From an enforcement perspective, there is likely to be more focus on DeFi as activity continues to grow. In addition, a number of judicial decisions are anticipated in the coming year that could have a significant impact on how digital assets are categorised for regulatory purposes.
US businesses are using blockchain technology in a wide variety of ways, including:
The use of DeFi protocols in the United States has exploded in the past 12 months, with the total value locked (TVL) in DeFi protocols going from approximately USD1 billion to approximately USD65 billion, and TVL peaking at close to USD90 billion according to certain reports. This explosion in value committed to DeFi is due to a variety of factors, including significant appreciation in the value of digital assets during the year as well as the implementation of token-based incentives for participation by many DeFi protocols. These incentives allow participants to earn a return from the protocol for participating in the protocol, whether it be by providing liquidity to an automated market maker or by staking tokens to participate in governance decisions.
DeFi protocols being utilised by US residents run primarily on the Ethereum network and include platforms like “MakerDAO”, “Aave”, “Uniswap”, “0x” and “Compound”, as well as many other emerging protocols that are coming online rapidly. These protocols facilitate lending, borrowing, peer-to-peer exchange and combinations of these activities designed to create yield on non-interest-bearing digital assets.
There have not yet been any specific regulatory positions taken in the United States with respect to DeFi. DeFi platforms are open and immutable (to a large extent), and transparent protocols and regulators can theoretically observe platform activity in real time. In addition, regulatory compliance could theoretically be built in to DeFi protocols or the platforms running on those protocols.
There are some clear challenges, however, given that DeFi platforms are open source code accessible to anyone anywhere with the technical capability to access and interact with that code, and developing a platform with built-in regulatory compliance in each jurisdiction in which it might be used would likely be exceedingly difficult. Also, the lack of a traditional, central intermediary with respect to DeFi platforms raises new regulatory considerations. Because of these factors, it is difficult to predict how US regulators will apply existing laws and regulations to DeFi platforms. However, as DeFi continues to grow it will become more of a focus for US regulators, which will either apply existing laws and regulations as best they can to address conduct perceived as concerning or pass new laws to address the use of DeFi platforms.
There are multiple regulatory regimes that may apply to the use of blockchain technology in the USA. Depending on the business model and the classification of associated digital assets, blockchain technology and associated digital assets may be regulated pursuant to securities law, commodities law, money transmission law or consumer protection law. These are all existing regulatory regimes that have not been specifically tailored to blockchain technology or digital assets.
The USA has implemented international standards in several areas impacting blockchain. Of particular note, the USA has been a proponent of applying a corollary to the Funds Travel Rule to entities known as virtual asset service providers (VASPs) that process transactions involving virtual assets, and significantly expanding the universe of entities that meet the definition of a VASP and therefore would be subject to the Funds Travel Rule.
In traditional finance, the Funds Travel Rule applies when money transmitters process transactions that constitute a “transmittal of funds”. The Funds Travel Rule requires that each of the financial institutions in a chain of transmittal orders involved in a transmittal of funds of USD3,000 or more, originated by customers and non-customers, maintain accurate records relating to the funds transferred and verify the identity of non-customers originating funds transfers. The information required to be maintained depends on the role of the financial institution in the payment chain – ie, originator, intermediary or beneficiary institution. Financial institutions acting as originator or intermediary financial institutions must cause the information to “travel” to the next financial institution.
The Financial Action Task Force (FATF) is a multi-governmental organisation that sets global standards related to anti-money laundering, and finalised an Interpretive Note to Recommendation 15 in autumn 2018 to clarify how the FATF standards apply to activities or operations involving virtual assets. Paragraph 7(b) of the interpretive note seeks to impose a corollary to the Funds Travel Rule on VASPs that process virtual asset transfers. This paragraph of the interpretive note was finalised after private sector consultation regarding practical questions and concerns.
More recently, the FATF released new proposed updated guidance regarding virtual assets and VASPs, which is currently open for comment through June 2021. Notably, the recent FATF guidance seeks to broadly interpret the definition of a VASP to include “a central party with some measure of involvement” with a decentralised application. This broad interpretation would potentially bring a variety of parties within the definition of a VASP and subject them to compliance with anti-money laundering and counter-terrorism financing (AML/CFT) laws in jurisdictions that adopt this interpretation of the VASP definition.
It is not surprising that the US delegation to the FATF pushed for a global Funds Travel Rule corollary and the expansive interpretation of the entities that might be deemed VASPs. In doing so, the USA is attempting to promote compliance through global standard setting, which would make it easier for the USA to enforce the laws in place domestically in this area. Without a global standard, US-based money transmitters would have to determine whether or not they would process transmittal orders originating from outside the USA that may not include the information required by the Funds Travel Rule. If they were to process such orders, they would need to do their own due diligence to obtain the information required to fill any gaps, which would require additional cost and time.
There are a number of regulatory bodies in the United States that are relevant to blockchain and digital assets.
The Securities and Exchange Commission
The SEC has broad regulatory authority over securities transactions and securities professionals and intermediaries in the United States. The threshold question that determines whether the SEC has authority with respect to blockchain or digital assets is whether a “security” is involved. The definition of the term "security" in both the Securities Act of 1933 and the Securities Exchange Act of 1934 includes the term “investment contract”. When commercial arrangements do not fall plainly within the other enumerated types of securities in the definitions of the term "security", they may still be treated as securities if they are deemed to constitute investment contracts.
The test for whether a particular scheme is an investment contract was established in the Supreme Court’s Howey decision. The test looks to “whether the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others.” In the Summer of 2017, the SEC issued a Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: the DAO (SEC DAO Report), applying the Howey test to an offering of cryptographic tokens for sale and concluding it was an offering of securities. The DAO Report noted that “[w]hether or not a particular transaction involves the offer and sale of a security – regardless of the terminology used – will depend on the facts and circumstances, including the economic realities of the transaction.” This continues to be the SEC’s position.
The Commodities Futures Trading Commission
The Commodities Futures Trading Commission (the CFTC) has broad regulatory authority over derivative markets for commodities, and general anti-fraud and anti-manipulation authority over the spot markets for commodities pursuant to the Commodities Exchange Act (the CEA). The CFTC has asserted jurisdiction over transactions in virtual currencies as “commodities”. Numerous courts have found that the CFTC’s jurisdiction extends to virtual currencies in this context. The CFTC has explicitly taken the position that bitcoin and ether are commodities subject to their jurisdiction under the CEA. Accordingly, it is widely accepted that bitcoin and ether are commodities subject to CFTC jurisdiction.
CFTC jurisdiction is primarily with respect to derivatives transactions. Derivatives transactions subject to CFTC jurisdiction include futures, options, swaps and leveraged retail commodities transactions under the CEA.
The Treasury Department and the Financial Crimes Enforcement Network
FinCEN is the arm of the Treasury Department that is responsible, in the first instance, for enforcing the US federal laws and regulations relating to crimes involving the transmission of money, frequently working in conjunction with other federal agencies and bureaus, including the Federal Bureau of Investigation and the National Security Agency. This includes enforcing the Bank Secrecy Act (BSA), which is a comprehensive AML/CFT statute. The BSA mandates that “financial institutions” must collect and retain information about their customers and share that information with FinCEN. “Money services business” are included within the definition of “financial institutions”, and “money transmitters” are money services businesses. FinCEN guidance from May 2019 examined a number of hypothetical business models involving digital assets to provide guidance with respect to the application of the BSA. Not surprisingly, many businesses engaging in activity involving convertible virtual currency, a subset of digital assets, have an obligation to comply with the BSA.
The Treasury Department and the Office of Foreign Assets Control
The Office of Foreign Assets Control (OFAC) is a division of the US Treasury Department, and administers and enforces economic and trade sanctions to promote national security and US foreign policy objectives. OFAC can take enforcement action against entities in the USA that violate sanctions programmes. OFAC has taken several such actions that involve digital asset transactions in the past year; one was with respect to BitGo and another was with respect to BitPay. Both of these actions were settled, and OFAC emphasised that US sanctions compliance obligations apply to all US persons, and encouraged companies that provide digital asset services to implement controls commensurate with their risk profile, as part of a risk-based approach to US sanctions compliance.
The Consumer Financial Protection Bureau
The CFPB has authority pursuant to the Consumer Financial Protection Act (CFPA) to address unfair, deceptive or abusive acts and practices (UDAAP) with respect to financial products offered primarily for consumer use by “covered persons” as defined by the CFPA. To date, the CFPB has not pursued a case alleging a violation of the CFPA involving digital assets and thus far has declined to extend Regulation E – which governs electronic fund transfers involving consumers and financial institutions – to virtual currencies. However, the CFPB is under new leadership in connection with the change of administration in the US and is expected to become much more active in the next several years, including with respect to addressing consumer financial issues relating to digital assets.
State Money Transmission Regulators
Historically, states rather than the federal government have been the primary regulators of “money transmitters”. State money transmission regulations are, on the balance, non-uniform. Each state has independently passed a statute that defines the activities that constitute money transmission in that state; it is impossible to synthesise a uniform definition of money transmission across all state jurisdictions. State laws generally define a money transmitter very broadly and typically include an entity that engages in “receiving money for transmission” or “transmitting money” or issuing or selling stored value. As a result, the handling of funds or the facilitation of payments – either as a core component of a product or service or, incidentally, as a result of providing some other non-payments-related product or service – can be subject to state-by-state regulation as money transmission.
While federal law requires the mere registration of money transmitters, state law requires licensing. It is significant to note that money transmission regulations are extraterritorial; a person must have a licence in every state in which they have customers. What matters from a jurisdictional standpoint is the location of the customer, not the location of the transmitter.
It is important to note and understand that classification as a money transmitter under US federal law does not necessarily mean that one will be classified as a money transmitter in a particular state. States have taken different positions with respect to whether convertible virtual currency activities fall within the definition of money transmission. The scope of each state’s law is dependent on how broadly the definitions of money and money transmission are interpreted by the applicable state regulator.
State Securities Regulators
State securities regulators enforce and administer state-specific securities laws. These laws are often referred to as “blue sky” laws and are generally similar, but certain aspects vary significantly from state to state. Many state securities statutes are derived from either the 1956 or 2002 version of the Uniform Securities Act.
State securities regulators have been very active in regulating cryptocurrency-related investment products and the sale of digital asset securities. The threshold question to determine whether state securities laws apply to the offer or sale of a digital asset is whether it involves the offer or sale of a “security”. Many state securities laws specifically include “investment contracts” in the definition of security and have adopted some form of the Howey test (as discussed under The Securities and Exchange Commission, above) to determine when a particular scheme constitutes an investment contract.
“Operation Cryptosweep” was a co-ordinated series of enforcement actions and public outreach undertaken by state securities regulators focused on initial coin offerings (ICOs) and other investment schemes involving digital assets. The co-ordinated action focused on the protection of retail investors and raising public awareness with respect to ICOs and other risky digital asset-related investment schemes.
There are no self-regulatory organisations in the USA specifically dedicated to blockchain or digital assets. There are a variety of trade groups, but none of them perform a formal regulatory or even quasi-regulatory function. Instead, these trade groups advocate on behalf of their members with respect to the adoption and regulation of blockchain technology and digital assets. There are, however, self-regulatory organisations associated with the securities and commodities industries that do have regulatory authority relevant to blockchain and digital assets, and these are discussed below.
The Financial Industry Regulatory Authority
The Financial Industry Regulatory Authority (FINRA) is a government-authorised organisation tasked with the oversight of US-registered securities broker-dealers to ensure they operate fairly and honestly. FINRA works under the supervision of the SEC and writes rules governing the activities of broker-dealers, examines broker-dealers for compliance with those rules, promotes market transparency to protect market integrity, and provides for investor education.
FINRA has taken a specific interest in activity involving digital assets. It joined the SEC in putting out a joint statement regarding broker-dealer custody of digital asset securities in July 2019. The release dealt with the application of the customer protection rule pursuant to the Securities Exchange Act of 1934, and the related rules, to digital asset securities. The joint statement provided guidance with respect to how digital asset securities may be custodied by broker-dealers, indicating several areas of concern. FINRA has also asked broker-dealers to notify it if they engage in activities related to digital assets, and has made digital assets an exam priority.
The National Futures Association
The National Futures Association (NFA) is an industry-wide self-regulatory organisation for the derivatives industry. It is a registered futures association designated by the CFTC, and registers a number of different participants in the commodities derivatives markets.
Several important judicial decisions have played a role in interpreting the laws applicable to blockchain technology and digital assets.
In October 2019, the SEC filed a complaint against Telegram and related entities seeking a preliminary injunction to prevent Telegram from distributing the digital tokens native to the Telegram Open Network (TON) blockchain, known as GRAM tokens, and other relief. The SEC complaint alleged that the intended distribution of GRAMs was just one part of a larger scheme to engage in a public distribution of securities that should have been registered. The scheme started with the sale of purchase agreements to accredited investors, providing them the right to receive GRAMs in the future, and included the representations, undertakings and understandings with respect to the GRAMs. The components of the scheme collectively amounted to an investment contract that was intended to be sold to the public, according to the SEC. The court ultimately agreed, granting the preliminary injunction sought by the SEC on 24 March 2020 and finding that the SEC had shown a substantial likelihood of success in proving that the resale of GRAMs into the secondary market would be an integral part of a scheme to publicly distribute securities that were not registered. On 12 May 2020, Telegram announced that it had cancelled the TON blockchain project as a result of the court’s decision; on 26 June 2020, the SEC announced a settlement with Telegram requiring it to return USD1.2 billion to investors and pay an USD18.5 million fine.
In December 2020, the SEC filed an enforcement action in the Southern District of New York alleging that Ripple Labs, Inc. and certain executives had violated federal securities laws in connection with their failure to register the digital asset known as XRP as a security prior to selling XRP. The complaint alleges that XRP is a security and sets forth an analysis of XRP pursuant to the Howey test to support that assertion. Ripple has raised a variety of defences to the allegations in the complaint thus far, and the matter is pending.
Of note, several holders of XRP have attempted to intervene in this case as defendants. In responding to the request to intervene filed by these holders, the SEC addressed, briefly, its view with respect to secondary transactions in digital assets originally sold in an investment contract. The SEC argues that the security at issue is not XRP (the digital asset) itself, but rather all the facts and circumstances surrounding the digital asset and the manner in which it was initially offered and sold. They then indicate their view that XRP (the digital asset) “is the embodiment of those facts, circumstances, promises, and expectations and today represents that investment contract.”
This “embodiment” hypothesis is in contrast to the very first line of the complaint, which states: “From at least 2013 through the present, Defendants sold over 14.6 billion units of a digital asset security called ‘XRP’ … ” This distinction is important where questions arise over whether or not secondary transactions in a digital asset are subject to the federal securities laws. It is not likely these questions will be answered in this case because the allegations concern only primary sales of XRP.
The SEC recently filed an enforcement action against individual promoters of Bitconnect. Bitconnect was not a formal entity, but was an informal group of people selling interests in a bitcoin lending programme that purportedly would provide outsized returns to lenders through the use of a proprietary trading algorithm. The SEC alleges in the complaint that this scheme constituted an investment contract that was offered and sold to US persons without registration by the individual promoters. In addition, the individual promoters were charged with failure to register as broker-dealers in connection with their offers and sales of these alleged securities.
The Bitconnect case is notable because the SEC is pursuing an action not against a formal entity, but against the promoters of a product offered by an informal group of people. While the Bitconnect case was likely an outright fraud, the promoters are not charged with fraud. Instead, they are charged with offering an unregistered security for sale, which is a strict liability offence and much easier for the SEC to prove. This case may be the first step in the SEC’s pursuit of promoters associated with other informal groups engaging in securities activities such as potentially certain DeFi protocols.
The New York Attorney General (NYAG) is investigating the Bitfinex digital asset exchange and related entities (Bitfinex) to determine whether the stablecoin known as Tether is backed by sufficient cash reserves. Tether was purportedly backed 100% by US dollars, a claim that has been amended to backed by cash and cash equivalents representing approximately 74% of the current outstanding tethers. In connection with the investigation, the NYAG took the extraordinary step of bringing an ex parte action pursuant to the New York General Business Law Section 354 seeking that the court order Bitfinex to produce documents and information and enter a preliminary injunction prohibiting the movement of funds between Tether and Bitfinex. Ultimately, the New York Supreme Court ordered Bitfinex to turn over documents and entered the injunction. Bitfinex appealed, arguing that the NYAG should have been required to personally serve Bitfinex company executives with the ex parte order obtained from the Court, that the NYAG does not have jurisdiction over Bitfinex and Tether, and that the Court must determine whether tethers are securities or commodities before allowing the matter to proceed. The Supreme Court of New York issued a decision on the appeal in July 2020 confirming that the NYAG has wide latitude to investigate virtual currency companies under the Martin Act. This matter was settled in February 2021 with Bitfinex and Tether agreeing to pay USD18.5 million in penalties, cease further activity with New York residents and take steps to improve transparency through periodic reporting.
The founders and executives of BitMEX were criminally indicted by the US Department of Justice for violating the BSA in connection with their operation of an offshore derivatives exchange for digital assets. The indictment alleges that “BitMEX, which has long serviced and solicited business from U.S. traders, was required to register with the Commodity Futures Trading Commission (“CFTC”) and to establish and maintain an adequate AML program. AML programs ensure that financial institutions, such as BitMEX, are not used for illicit purposes, including money laundering.” In a companion case, the CFTC charged BitMEX with operating an unregistered futures commission merchant.
These co-ordinated actions signal a collaborative approach by US regulators to address alleged US law violations by digital asset intermediaries. Co-ordinated actions of this nature are expected to continue into 2021 as US regulatory agencies refine their approach to digital asset intermediaries.
Since releasing the DAO Report, the SEC has resolved several investigations into the sale of digital assets by entering into consent orders with the subjects of those investigations. Many of these consent orders seem to communicate a distinct regulatory proposition to the blockchain community, and the SEC has been accused by many of regulation via enforcement with respect to digital assets.
The Munchee order stands for the proposition that the sale of a digital asset may be subject to compliance with the securities laws even when there is a purported consumptive use of the token. The Tomahawk order stands for the proposition that the investment-of-money element of the Howey test may be satisfied even when a digital asset is airdropped to holders for free, so long as the blockchain network sponsor obtains a benefit by doing so. The TokenLot order makes clear that engaging in buying or selling digital asset securities for the account of another requires registration as a broker-dealer. The Zachary Coburn order, related to the Dex EtherDelta, stands for the proposition that a platform engaging in exchange activity with respect to digital asset securities must be registered as a national securities exchange or operate within an exemption from such registration. The Airfox and Paragon orders required these token sellers to register their digital asset securities post-ICO, making clear that the SEC wants issuers of digital asset securities to provide the disclosure necessary for purchasers to make informed decisions. These are just a few examples of enforcement actions brought by the SEC that target a specific participant in the digital asset space in order to communicate a regulatory approach to the broader market.
There are no regulatory sandbox programmes in the USA specifically geared towards blockchain projects. That said, both the SEC and the CFTC have other programmes in place that seek to engage with projects in the fintech space. The SEC rolled out the Strategic Hub for Innovation and Financial Technology (FinHub) in 2019. FinHub is a way for the SEC to engage with fintech developers and entrepreneurs to assist with respect to compliance with the federal securities laws. At the CFTC, LabCFTC is a hub for engagement with the fintech community in order to promote responsible fintech innovation and fair competition. LabCFTC regularly meets with innovators and entrepreneurs in the fintech space to enable the CFTC to be proactive and forward-thinking with respect to new technologies and applications.
At the state level, there are several sandbox programmes relevant to blockchain.
Arizona passed a law in 2019 providing for a regulatory sandbox programme to promote innovation with respect to financial products or services, which is overseen by the Attorney General’s Office. The programme allows for the temporary testing of innovations without otherwise being licensed or authorised to act under the laws of Arizona. The Arizona sandbox does not specifically address the use of blockchain technology but deals more generally with the use of emerging technology for innovation.
Kentucky passed a law in 2019 providing for a regulatory sandbox programme to promote innovation in the insurance industry. The programme is administered by the Kentucky Department of Insurance and provides limited no-action relief from insurance law to eligible participants during the beta testing phase of an innovative insurance product. The Kentucky sandbox does not specifically address the use of blockchain technology but deals more generally with the use of emerging technology for innovation.
Nevada passed a law in 2019 providing for a regulatory experimentation programme for product innovation, which is overseen by the Department of Business and Industry and allows participants to test innovative financial products or services under a temporary exemption from certain statutory and regulatory requirements related to financial products and services that might otherwise apply. The Nevada sandbox does not specifically address the use of blockchain technology but deals more generally with the use of emerging technology for innovation.
Utah passed a law in 2019 providing for a regulatory sandbox programme overseen by the Department of Commerce that allows participants to test innovative financial products or services without otherwise obtaining a licence or authorisation to act under the laws of Utah. The Utah sandbox specifically contemplates the use of blockchain technology in innovative financial products or services.
Wyoming passed a law in 2019 providing for a financial technology sandbox for the testing of financial products and services. The sandbox is overseen by the Banking Commissioner or the Secretary of State, depending on the statutes or rules at issue with respect to a particular applicant. The Wyoming sandbox specifically contemplates the use of blockchain technology in innovative financial products or services.
The Internal Revenue Service (IRS) issued guidance in October 2019 with respect to transactions involving virtual currency. Specifically, the guidance addresses the tax implications of a hard fork of a blockchain. When a hard fork results in a taxpayer receiving new units of cryptocurrency over which they have dominion and control, they will have gross income as a result. If they do not receive any new units of cryptocurrency over which they have dominion and control in connection with a hard fork, they will not have any gross income.
This guidance builds upon the previous IRS guidance with respect to virtual currency from 2014, in which the IRS determined that virtual currency is “property” for federal tax purposes and that general tax principles applicable to property transactions apply to transactions in which virtual currency is used.
A recent lawsuit was filed by private litigants against the IRS with respect to the taxation of staking rewards. The plaintiffs are seeking a refund on taxes paid on staking rewards earned staking on Tezos. This lawsuit was filed on 26 May 2021 and may have significant implications with respect to the taxation of staking rewards in the future.
There are no significant government initiatives regarding blockchain technology in the USA that are not covered elsewhere in this chapter.
While there are not any definitive laws or court cases specifying how ownership of a digital asset is determined in the USA, most non-security digital assets are likely to be considered “bearer” instruments. Control over the asset equates to ownership, primarily through control of the private key necessary to effectuate an on-chain transaction involving the digital asset. There are many instances in which the owner of a digital asset transfers control to a third party, in which case the owner’s right to the asset is contractual, pursuant to the terms of their agreement with the third party.
The categorisation of a digital asset as a security, commodity or some other type of property is highly fact-dependent in the USA, and in many cases it is not easy for market participants to determine the correct characterisation in advance. Unfortunately, the correct categorisation of digital assets is critical with respect to regulatory compliance, as significant securities regulatory enforcement is now occurring with respect to digital assets that were sold to the public in the USA without registration under the federal or state securities laws. There is no efficient mechanism for market participants to make an advance determination with any degree of legal certainty in the current regulatory environment. Engagement with the SEC’s FinHub or the CFTC’s LabCFTC may provide directional feedback and help to identify specific legal issues to consider, but will not provide any formal or informal regulatory approval either of a particular business plan or with respect to the likely regulatory treatment of particular digital assets.
In order to obtain specific formal guidance that can be confidently relied upon, market participants have the option of pursuing a request for no-action from either the SEC or the CFTC. Such a request would set out in detail a business model utilising blockchain technology or involving a digital asset and then seek confirmation from the relevant regulator that, if the plan is followed as described, they will not recommend enforcement. The SEC has provided no-action relief with respect to three projects involving the use of blockchain technology so far:
The CFTC has chosen to deal with these issues in a more generally applicable way by providing broad guidance. For example, the CFTC recently released final interpretive guidance with respect to the actual delivery in the context of retail commodity transactions involving virtual currency, an issue that was the subject of several requests for no-action or guidance.
The regulatory treatment of stablecoins in the USA depends on the type of stablecoin in question and how it is structured. Stablecoins backed by deposits of fiat currency or other assets have not yet been treated as securities by the regulators, although there has been significant discussion on this point within the legal community. In particular, the initial proposed structure of the Libra token – proposed by Facebook as a stablecoin backed by a basket of currencies – prompted much speculation about whether that arrangement constituted a security. Similarly, no formal guidance has yet been issued by the regulators with respect to stablecoins generated algorithmically.
In the USA, generally speaking, cryptocurrencies may be used for payments if they are accepted by merchants. The use of cryptocurrencies or any other fiat substitute for payments may trigger the money transmission laws at the federal and state levels.
The market for non-fungible tokens (NFTs) in the US has exploded in popularity recently. The level of activity with respect to NFTs is significant, and new NFT drops and platforms are being announced almost daily. There are no regulations in the USA that are specific to NFTs, but existing laws will apply to activities involving NFTs. To the extent that the offer or sale of NFTs constitutes an investment contract under the Howey test, compliance with the securities laws would be required. Otherwise, the offer and sale of NFTs as consumer products would be subject to consumer protection laws and regulations. Both federal and state consumer protection laws generally prohibit unfair or deceptive acts and practices with respect to consumer goods and services. Given their non-fungible nature, NFTs are unlikely to be considered “commodities”. Those selling NFTs must keep sanctions compliance in mind and take steps to avoid engaging in transactions with sanctioned individuals or individuals residing in sanctioned jurisdictions. The popularity of NFTs will certainly bring more regulatory scrutiny in the next year.
There are a variety of markets for digital assets available to US persons. These markets can be divided into several categories:
Digital Asset Securities Markets
Platforms that provide for the exchange of digital asset securities are highly regulated by the SEC. Any entity engaging in exchange activity with respect to securities, including digital asset securities, must register as a national securities exchange or operate within an exemption to such registration. There is an exemption from registration as a national securities exchange for alternative trading systems that comply with the SEC’s Regulation ATS, which requires the entity operating an alternative trading system (ATS) to register with FINRA as a broker-dealer and certain other prerequisites.
Centralised Markets for Non-security Digital Assets
Centralised platforms that allow users to exchange non-security digital assets are prevalent in the USA, and facilitate fiat-to-digital-asset or digital-asset-to-digital-asset transactions. These platforms may perform these services in a custodial manner, meaning the platform maintains custody of the assets trading on the platform in an omnibus account for the benefit of its customers and relies on its own internal record-keeping to credit and debit customer accounts as needed. In other words, exchanges of assets between customers of a custodial platform will not result in an auditable on-chain transaction, and the transaction will only be reflected in the internal ledger used by the platform to track customer balances. These platforms may also perform these services in a non-custodial manner, in which transfers of digital assets facilitated by the platform occur on-chain and are directed to the self-custodied wallet addresses of the transaction participants. In either case, platforms that provide these services with respect to non-security digital assets are generally regulated as money transmitters at both the federal and state level and have the attendant know your customer (KYC)/anti-money laundering (AML) and BSA compliance obligations.
Decentralised Markets for Non-security Digital Assets
There are also a variety of decentralised exchanges available to US persons, which typically provide for a peer-to-peer exchange of digital assets by means of a technical protocol or one or more smart contracts. Exchanges facilitated in this way do not typically involve third-party custody of the digital assets being exchanged at any point in time during the transaction. The regulatory obligations with respect to decentralised exchanges will be highly fact-dependent, but it is likely they will be regulated as money transmitters at both the state and federal levels.
As discussed in 4.1 Types of Markets, there are a variety of US markets that facilitate the exchange of fiat currency for digital assets. Any market facilitating such an exchange is likely to be classed as a money transmitter at both the federal and state level and will likely have the attendant KYC/AML and BSA compliance obligations. The same is true for markets facilitating the exchange of one digital asset for another digital asset.
As discussed in 2.3 Regulatory Bodies, the BSA is the primary federal law addressing KYC/AML in the United States, and applies to any entity that is acting as a money services business, which includes money transmitters. Generally speaking, the BSA requires money transmitters to know their customers and implement and enforce policies and procedures reasonably designed to detect, report and deter suspected money laundering and other suspicious transaction activity.
Please refer to 2.3 Regulatory Bodies for a discussion of the relevant regulators with respect to digital assets in the USA.
There are no specific laws or regulations that deal with re-hypothecation of non-security digital assets.
Wallet providers were addressed in the May 2019 FinCEN guidance regarding convertible virtual currency. The guidance described the types of wallets that may be used to store digital asset value and the regulatory treatment with respect to each of them. That treatment depends on four criteria:
Wallets in which user funds are controlled by third parties are referred to as “hosted wallets”, while wallets in which user funds remain in the control of the user are called “unhosted wallets”. Hosted wallet providers are money transmitters and have different obligations with respect to different types of wallet users. Unhosted wallets are software enabling a person to store and conduct transactions involving convertible virtual currency. A hosted wallet user does not need a third party in order to conduct transactions, and there is no third party acting as a money transmitter in this model. The user is also not acting as a money transmitter while using an unhosted wallet to engage in transactions on their own behalf.
The creator of unhosted multi-signature wallets that restricts its role to providing a second authorisation key to validate and complete transactions initiated by the wallet user is not a money transmitter according to the May 2019 FinCEN guidance. However, the provider of a hosted wallet with a multi-signature feature will be a money transmitter, as will any wallet provider that stands between a wallet user and the payment system or that exercises independent control of the value in a wallet.
Custody of digital assets is also a regulated activity in certain states, most notably New York State. The New York BitLicense regime requires entities located in New York State or doing business with New York State residents to obtain a licence when they engage in virtual currency business activity. There are five enumerated virtual currency business activities, one of which involves taking custody of virtual currency on behalf of customers, whether in a hot wallet or cold wallet solution. Accordingly, hosted wallet providers must obtain a BitLicense in New York before offering such services in New York or to New York residents.
Capital raising through the sale of a digital asset is almost always considered securities activity that is subject to compliance with federal and state securities laws in the USA. The SEC Chairman notoriously reported in 2019 that every ICO he had seen involved a securities offering. This view is reflected in the DAO Report, the subsequent consent orders entered into with the issuers of digital assets, and the enforcement actions filed by the SEC in courts. The courts and regulators will conduct an analysis to determine whether the sale of a digital asset that does not clearly fall within one of the enumerated instruments in the definition of a security constitutes an “investment contract” pursuant to the Howey test.
This test, as refined by subsequent interpretation, requires an investment of money in a common enterprise with an expectation of profit to be derived from the essential managerial efforts of others in order to find an investment contract. Two points are critical to this analysis:
The SEC provided clarification with respect to factors relevant to these critical points in April 2019 in guidance entitled the Framework for Investment Contract Analysis of Digital Assets (the Framework). The Framework set forth 38 different factors, some with sub-factors, that the SEC considers relevant to the analysis. The Framework factors provide additional guidance with respect to conducting a Howey analysis, but it should be noted that a Howey analysis is very dependent on specific facts and circumstances, and some factors may be more or less relevant. In addition, the Framework does not assign a weight to any of the relevant factors, likely because each analysis must be done independently and it would be difficult to assign a weight that would apply equally to every project conducting an analysis using the Framework factors, which makes any analysis using the Framework factors highly subjective and of limited utility.
The use of an exchange to conduct an initial sale of digital assets for capital-raising purposes does not change the analysis set forth in 5.1 Initial Coin Offerings, and such sales are also likely to be treated as securities transactions subject to compliance with the securities laws in the USA. In particular, depending on how a particular initial exchange offering (IEO) is structured, if an exchange is acting as an underwriter or an unregistered broker-dealer with respect to the distribution of digital asset securities, they may incur significant legal liability.
Digital asset investment funds are subject to the same regulatory requirements as traditional investment funds. A variety of fund structure options are available to funds holding digital assets under the Investment Company Act of 1940 (the ICA), which generally requires investment companies to register or fall within an enumerated exemption from registration. Any company with more than 40% of its assets in investment securities constitutes an investment company. Accordingly, the categorisation of digital assets as securities, commodities or something else is critical in determining whether a fund has a registration obligation pursuant to the ICA.
The most commonly relied upon exemptions from registration under the ICA are Sections 3(c)(1) and 3(c)(7). The Section 3(c)(1) exemption is for funds that have fewer than 100 holders that are all accredited investors, while the Section 3(c)(7) exemption permits an unlimited number of holders who must be qualified purchasers. Accredited investors are generally natural persons with an income of more than USD200,000 in each of the two most recent years (USD300,000 if joint with spouse) or with an individual – or joint with a spouse – net worth that exceeds USD1 million, as well as a variety of entities that meet certain other qualifications. Qualified purchasers are generally individuals and entities that own not less than USD5 million in investments.
Finally, private funds that hold assets other than securities, such as non-security digital assets, are not investment companies and can simply offer interests in their funds in private placements pursuant to Regulation D.
There are no special regulations pertaining to broker-dealers or financial intermediaries dealing in digital assets. Rather, legacy laws and regulations applicable to broker-dealers and financial intermediaries have been adapted to cover activities involving blockchain and digital assets. The SEC recently released guidance for broker-dealers with respect to taking custody of digital asset securities in the form of a five-year safe harbour for that activity so long as certain conditions are met. The conditions include that the broker-dealer limits its business to digital asset securities, establishes and implements policies and procedures reasonably designed to mitigate the risks associated with conducting a business in digital asset securities, and provides customers with certain disclosures regarding the risks of engaging in transactions involving digital asset securities. Broker-dealers meeting the conditions will not be subject to an SEC enforcement action.
The general view in the US legal community is that private contractual arrangements that are executable, in whole or in part, using blockchain or distributed ledger technology are valid and enforceable, assuming the elements necessary to form a contract are present – offer, acceptance, the intention to be legally bound, and consideration. Whether a smart contract is coded to reflect the intentions of the parties is a separate question and one that has prompted significant debate with respect to how such a situation would be handled and resolved.
It is not likely that developers of decentralised blockchain-based networks or the code that runs these networks would be considered fiduciaries who have a duty to the users of the network or the code. There have been no cases in the USA in which developers have been held responsible for a breach of a fiduciary duty in connection with losses sustained by the user of software they have developed for use on a decentralised blockchain network.
DeFi platforms are prevalent and gaining in popularity in the USA. These platforms operate in an emerging area and there have been few regulatory actions with respect to DeFi platforms in the USA to date. However, many of these DeFi platforms are operating in areas that might traditionally be subject to regulation. For instance, escrowing digital assets in a smart contract with the expectation of earning a profit in the form of interest paid by another user that borrows and uses those digital assets is very similar to peer-to-peer lending products, such as those offered by Lending Club and Prosper, that were adjudged by a variety of US securities regulators to be securities. In addition, it is worth noting that DeFi platforms often involve the use of stablecoins in order to provide a digital on-ramp to the relevant service. As increased regulatory scrutiny with respect to stablecoins is expected, so too is an increase in regulatory attention with respect to DeFi.
There is no proven method of perfecting a security interest in a digital asset in the USA. That said, a digital asset lender may attempt to take a security interest in a digital asset pledged as collateral for a loan pursuant to the applicable provisions of the Uniform Commercial Code (UCC). This is an emerging area of law that is untested, and there is some question as to which provisions of the UCC apply to any given arrangement. One strategy that has been used in the USA is to treat the digital asset pledged as collateral for a loan as a “financial asset”, treat the borrower’s account with the lender as a “securities account”, treat the borrower as an “entitlement holder”, and have the borrower acknowledge that the lender is a “securities intermediary”, as all of these terms are defined under the UCC. This should create a “security entitlement” under the UCC that will allow for perfection of a security interest in the collateral by the lender.
There are specific laws and rules that apply to how certain regulated participants in the securities markets in the USA custody assets held for the benefit of others. These laws and rules are all in place to protect customer assets. The custody laws and rules outlined below apply to securities, including digital asset securities, and funds, which may include non-security digital assets.
Broker-dealers are subject to the customer protection rule under the Securities Exchange Act, which requires them to custody securities over which they have exclusive possession and control in a “good control location”. Several different types of third party custodians can serve as good control locations, including banks, other broker-dealers and clearing agencies. Please refer to 5.4 Broker-Dealers and Other Financial Intermediaries for further information.
Investment advisers are subject to the “custody rule” under the Investment Advisers Act of 1940, which generally requires them to hold customer funds and securities with a qualified custodian. Qualified custodians include banks, registered broker-dealers and futures commission merchants. Whether a particular state chartered bank is a qualified custodian was addressed in a no-action letter issued by the Wyoming Division of Banking and responded to by the SEC. The Wyoming Division of Banking letter indicated that Two Ocean Trust, a Wyoming chartered public trust company, met the definition of qualified custodian under the Investment Advisers Act of 1940 by virtue of the primarily fiduciary nature of the services it offers, which are similar to the services offered by national banks. The SEC responded to the letter by thanking the Wyoming Division of Banking for the analysis of the issue and essentially preserving its right to independently review the custody arrangements entered into by Investment Advisers it regulates to determine whether the custodians are qualified as required.
Registered investment companies are required by the ICA to maintain their securities and similar investments with a bank, a member of a national securities exchange or a central securities depository.
Data privacy laws are enacted at the state level in the USA. The absence of a federal data privacy law means that there are differing obligations in each state with respect to data privacy. Practically speaking, this means that national companies will seek to comply with the most robust state-level data privacy law. The California Consumer Privacy Act (CCPA) is the most robust state data privacy law, and became effective in January 2020. The California Attorney General adopted regulations on 1 July 2020 and has since sent thousands of “Notices to Cure” directing companies doing business in California that it determined are not in compliance with the CCPA to come into compliance within 30 days. In addition, new regulations were published on 15 March 2021 that further clarify the manner in which businesses covered by the CCPA may communicate with respect to privacy options. Among other things, the CCPA provides consumers with the following:
Covered businesses also need to provide consumers with a privacy notice, with two or more methods to opt out of the sale of personal information, and are prohibited from using opt-out mechanisms that make it difficult for a consumer to execute and have the effect of subverting the consumer’s choice to opt out. The CCPA does not directly implicate blockchain, but any covered business using blockchain to gather, store or refer to customer information should have compliance with the CCPA in mind.
Data protection laws are also enacted at the state level in the USA. The CCPA has a data protection component requiring covered businesses to implement and maintain reasonable security procedures. Similar data protection laws have been passed in other states, as have data breach reporting statutes. These laws do not specifically apply to the use of blockchain-based products or services.
Mining cryptocurrencies on blockchain networks running proof-of-work algorithms is allowed in the USA. There are no specific regulations in place with respect to this activity, but it may be subject to money transmission regulations in certain circumstances but not in others. The May 2019 FinCEN guidance reiterates previous guidance indicating that miners who are users of the virtual currency they mine are not money transmitters. On the other hand, the administrator of a mining pool that combines mining services with hosted wallets on behalf of pool members will be a money transmitter.
Staking assets to secure blockchain networks using proof-of-stake consensus protocols is allowed in the USA and is not yet regulated. Staking as a service (StaaS) businesses do exist in the USA, but no regulations have been specifically applied to StaaS providers.
COVID-19 blew open a range of opportunities for blockchain projects in 2020, whilst placing others in peril. Nevertheless, even at a time of great uncertainty in the world economy, three trends and developments seem certain to help shape the blockchain landscape in the year ahead:
Many industry observers have at some point spotted these trends in some form or another. So why is this year different? For attorneys working in this space, either within blockchain and crypto-asset firms or at law firms with practices focused on this industry, these three developments pose challenges of a different dimension than has been seen before. For example, while practitioners in this space are likely to be familiar with Financial Crimes Enforcement Network (FinCEN) examinations and Securities and Exchange Commission (SEC) investigations, how many have faced an Office of Foreign Assets Control (OFAC) investigation or a Commodity Futures Trading Commission (CFTC) market manipulation proceeding, let alone an investigation by the Department of Justice (DOJ) or state authorities?
While there are a number of different stablecoins circulating in the ecosystem today, few of which are handled by major third-party payment processors, what happens when a stablecoin is launched on a prominent platform, potentially forcing thousands, if not millions, of storefronts and microsites to figure out how to safely and efficiently handle a stablecoin in a regulation-compliant manner? These challenges pale in comparison to those that would be faced by banks, financial custodians, payment processors and a variety of other entities should a major central bank issue a CBDC. Current trend lines make these developments seem inevitable; practitioners in this space will need to anticipate, stay abreast of and ideally get ahead of these challenges for their clients.
The Continuing Wave of Regulation and Enforcement
For the past several years, especially in the US, cryptocurrency companies have faced an environment characterised by “regulation through enforcement”, where companies and their counsel are forced to read the tea leaves of other enforcement actions – or even lines uttered in speeches or congressional testimony – to divine the boundaries of compliant conduct.
Meanwhile, US agencies are getting more comfortable with their capacity to carry out investigations and oversight of companies in this space and more aggressive in their efforts to police it. In part, this is a product of the industry’s own good work, through a range of trade associations and industry organisations, to help government agencies become more comfortable with the industry and the technology. US agencies have devoted considerable resources to deepening their bench of crypto-fluent agents, analysts and lawyers. The fruits of those investments are now starting to be seen, with an uptick in enforcement actions against individuals and entities alike.
FinCEN’s proposed rulemakings
FinCEN continued to pay attention to overseeing industry’s compliance with the Bank Secrecy Act (BSA) and other anti-money laundering regulations in 2020, launching two notices of proposed rulemaking (NPRM) – one in October 2020 concerning the “Travel Rule”, which requires the collection and transmittal of certain information between financial institutions for covered transactions, and one at the end of December 2020 concerning “self-hosted” wallets. The October 2020 NPRM proposed to lower the threshold for a covered transaction from USD3,000 to USD250, thereby greatly increasing the number of transactions covered. Nearly 2,900 comments were submitted in response to this NPRM, which at the time of writing is still under review.
The late December 2020 NPRM proposed the imposition of a host of new record-keeping and reporting requirements on transactions involving a counterparty that does not have an account with, or a wallet hosted by, either a BSA-regulated financial institution or certain foreign financial institutions in “problematic jurisdictions”. The proposed rule also required institutions to submit a detailed report to FinCEN for transactions involving a self-hosted wallet where the transaction value is greater than or aggregates to more than USD10,000. Among other details, the report would require the full name and physical address of each counterparty, as well as the amount and type of virtual currency being transacted. Furthermore, the affected institutions would have to maintain records and verify the identity of their customers engaged in covered transactions through or to self-hosted wallets.
Treasury issued this NPRM with a remarkably short comment period and a planned implementation just before the end of the Trump Administration. The NPRM generated substantial industry pushback on both the process and substance of the rulemaking, which purported to apply reporting requirements far in excess of those for traditional currency transactions. Treasury relented, extending and bifurcating the comment period for different aspects of the proposed rules. Those rulemakings appear to be on hold pending review by the Biden Administration.
Increased sanctions enforcement
Sanctions-related enforcement activity was already a priority for both Treasury and the DOJ, and has increased this year. Although US regulatory oversight in this area is not new, with the Treasury Department first warning of the use of cryptocurrency to evade the Iranian sanctions regime in 2018, OFAC has indicated that it intends to devote even greater resources to sanctions enforcement in the cryptocurrency industry in the upcoming year.
Recent indictments and sanctions actions are instructive. In January 2020, the US Attorney’s Office for the Southern District of New York secured the indictment of Ethereum Foundation staff member Virgil Griffith for attending a conference in North Korea where attendees allegedly discussed how North Korea can use cryptocurrency and blockchain technology to launder money and evade US sanctions. Similarly, in March 2020, the Treasury Department announced sanctions against two Chinese nationals for allegedly laundering stolen cryptocurrency from a cyber-intrusion linked to Lazarus Group, a North Korean state-sponsored malicious cybergroup. That same day, the Justice Department unsealed an indictment in federal court in the District of Columbia against the two Chinese nationals.
In December 2020, OFAC brought its first enforcement action targeting a digital asset company, against BitGo, for an alleged failure to prevent individuals and entities located in sanctioned jurisdictions from using its non-custodial secure digital wallet management service. OFAC stated that BitGo had reason to know that users in comprehensively sanctioned jurisdictions were using its services through IP address data collected for security purposes, and allegedly had failed to implement compliance controls to prevent users in such jurisdictions from accessing its services.
Similarly, in February 2021, OFAC brought an enforcement action against BitPay for alleged violations of multiple US sanctions programmes relating to digital currency transactions. OFAC acknowledged that BitPay screened its merchant customers against US sanctions lists, but alleged that BitPay had reason to know that purchasers dealing with the merchants were located in comprehensively sanctioned jurisdictions because the company had location information about those persons, including IP address data. OFAC alleged that BitPay allowed persons in comprehensively sanctioned jurisdictions to conduct approximately USD129,000 worth of digital currency transactions with BitPay’s merchant customers and imposed a substantial monetary penalty.
When it comes to sanctions, even virtual asset service providers (VASPs) outside the US may find themselves within reach of the long arm of US jurisdiction. And even VASPs with robust compliance programmes would be well served to review and potentially update the sanctions-related aspects of those programmes – both to maintain compliance and to withstand the heightened regulatory scrutiny that may lie ahead.
Continued investigation of market activity
Finally, as predicted, enforcement actions aimed at curtailing market manipulation and other fraudulent market activity involving virtual assets did not slow in 2020. Although early US enforcement actions in this space tended to focus on the “low-hanging fruit” of old-school fraudsters dressing up their schemes in crypto clothing, the DOJ, the SEC and the CFTC have grown increasingly sophisticated about the cryptocurrency markets and increasingly active in policing them, a trend that will only continue in the years ahead.
To this end, the DOJ charged the founders and executives of BitMEX with allegedly failing to establish and maintain an adequate AML programme while serving US customers. Furthermore, the CFTC brought a civil enforcement action against the owners of BitMEX for allegedly operating an unregistered trading platform and violating multiple CFTC regulations, including failure to implement an AML programme.
The Emergence at Scale of Decentralised Finance
DeFi gained particular prominence in the summer of 2020, which was dubbed the “Summer of DeFi” due to the launch and expansion of many notable DeFi projects.
There is no single agreed-upon definition of DeFi; the term generally refers to blockchain-based financial products and services, grounded in digital assets, decentralised applications (DApps) and smart contracts, which are offered to the public without the oversight or control of a centralised party. DeFi projects generally seek to develop decentralised financial applications on top of a transparent and trustless framework, such as permissionless blockchains and other peer-to-peer (P2P) protocols, with the Ethereum and Bitcoin blockchains being the most popular.
In practice, it can be helpful to think of centralised versus decentralised finance as a spectrum. Depending upon the specific facts and circumstances of a given project, any particular DeFi product or service may be more centralised or more decentralised, but few projects are fully centralised or decentralised. DApps maintained and run entirely by a decentralised group of users are still generally conceived of and initially created by a business, an individual or a small group of individuals, and a project’s level of centralisation or decentralisation can change over time.
While the breadth of DeFi projects and uses is regularly expanding, some elements are relatively common. Many DeFi projects involve some type of decentralised exchange or trading mechanism, the tokenisation of Bitcoin and other cryptocurrencies, including stablecoins, as a basic unit of value, and lending and investing mechanisms.
Most jurisdictions, including the US, are struggling to keep up with the pace of innovation in the cryptocurrency and blockchain space, and nowhere is this more pronounced than with respect to DeFi, which is rapidly evolving and not closely analogous to existing financial models. There are, however, a number of regulatory regimes that may apply to DeFi. Regulators are studying these issues, so participants in the DeFi ecosystem should be studying them as well. The following examples are just some of the potential US-based regimes that could impact DeFi, and projects that have considered these legal questions at the outset will be better positioned for long-term success.
In November 2018, before the term “DeFi” entered the public consciousness and before the SEC issued its Framework for “Investment Contract” Analysis of Digital Assets, the SEC asserted jurisdiction over a project with a significant level of decentralisation, bringing charges against the founder of EtherDelta for operating an unregistered securities exchange. Despite the largely decentralised nature of the exchange, the SEC found that EtherDelta’s founder “wrote and deployed the EtherDelta smart contract to the Ethereum Blockchain, and exercised complete and sole control over EtherDelta's operations.” Will the SEC assert jurisdiction over DeFi projects? The answer will likely depend on just how decentralised the project is, which involves highly fact-dependent analyses, including of whether the project involves an “active participant” who provides “essential managerial efforts that affect the success of the enterprise”, such that “investors reasonably expect to derive profit from those efforts.”
Could DeFi projects be considered money transmitters under FinCEN rules? FinCEN's 2019 guidance addresses two business models relevant to DeFi: DApps and decentralised exchanges.
FinCEN describes DApps as “software programs that operate on a P2P network of computers running a blockchain platform... designed such that they are not controlled by a single person or group of persons (that is, they do not have an identifiable administrator).” FinCEN states that “when DApps perform money transmission, the definition of money transmitter will apply to the DApp, the owners/operators of the DApp, or both.”
However, FinCEN has also suggested that, in certain circumstances, entities engaged solely in the creation or sale of software may not be considered money transmitters. Whether such a developer can appropriately claim this exemption is likely a highly fact-specific analysis that such entities should carefully consider.
With regards to decentralised exchanges, the FinCEN 2019 guidance says that “a person is exempt from money transmitter status if the person only provides the delivery, communication, or network access services used by a money transmitter to support money transmission services... Consistent with this exemption, if a CVC trading platform only provides a forum where buyers and sellers of CVC post their bids and offers (with or without automatic matching of counterparties), and the parties themselves settle any matched transactions through an outside venue (either through individual wallets or other wallets not hosted by the trading platform), the trading platform does not qualify as a money transmitter. By contrast, if, when transactions are matched, a trading platform purchases the CVC from the seller and sells it to the buyer, then the trading platform is acting as a CVC exchanger, and thus falls within the definition of money transmitter and its accompanying BSA obligations.”
The guidance does not seem to specifically address decentralised exchanges that operate in a P2P manner but carry out settlement using smart contracts built into the trading platform. It is therefore somewhat unclear precisely which types of decentralised exchanges could appropriately claim the above exemption. A determination as to the status of a decentralised exchange under FinCEN rules is likely to be fact-specific. Because most DeFi projects operate in a permissionless manner, a project that is subject to FinCEN regulation may face considerable regulatory compliance challenges with respect to customer due diligence, among other obligations.
Most DeFi projects are permissionless, meaning there is limited ability to prevent use of the project in sanctioned jurisdictions or by sanctioned persons. At present, there is considerable uncertainty regarding the application of economic sanctions to various DeFi project types. US sanctions generally fall into two categories: primary and secondary. Primary sanctions generally apply to US persons and to persons acting within the US, while secondary sanctions apply to non-US persons acting in situations with no US nexus. However, it is possible for non-US persons acting primarily outside the US to violate US primary sanctions in certain circumstances.
OFAC has not addressed the application of US sanctions to DeFi projects but generally takes a broad reading of sanctions provisions, many of which are broadly drafted to begin with. As just one example, with respect to primary sanctions, under the Iranian Transactions and Sanctions Regulations, US persons and persons acting within the US are prohibited from exporting any services “directly or indirectly” to Iran. With respect to secondary sanctions, Executive Order 13757 makes it sanctionable to provide “financial, material, or technological support for... or services to” persons designated under the order. Depending on the facts and circumstances, this language could conceivably apply to persons creating or maintaining a DeFi application that operates in a permissionless manner and is utilised by a person located in Iran or sanctioned under the order. A number of other executive orders, regulations and statutes contain similarly broad language, which could potentially apply to DeFi projects, depending on the facts and circumstances.
The CFTC has asserted jurisdiction over derivatives trading markets for digital assets and with respect to certain anti-fraud provisions of the commodities laws in the underlying spot markets for digital assets, and has brought multiple enforcement actions against digital asset market participants, including exchanges and intermediaries. The CFTC has said little with respect to DeFi, although then-CFTC Chairman Heath Tarbert addressed DeFi while speaking at an October 2020 blockchain conference, observing: “The whole idea of DeFi really is, number one, it's obviously revolutionary, and I think at the end of the day could lead to a massive disintermediation of the financial system and the traditional players. And ultimately, [it] could potentially even reduce systemic risk in some ways because we don't have the finance system concentrated in these large globally, systemically important institutions.”
The CFTC may seek to test the limits of its anti-fraud and anti-manipulation statutory authority, which could produce more prescriptive regulations that touch on DeFi. Whether and how the CFTC regulates a given DeFi project is likely to depend on the specific assets involved and the financial services offered by the project.
Increasing use of DeFi technologies is likely to create challenges for tax compliance, reporting and enforcement. Traditionally, both taxpayers and tax authorities have relied on information reporting by centralised, institutional actors – such as employers issuing Forms W-2, banks issuing Forms 1099-INT and brokers issuing Forms 1099-DIV – to aid in taxpayer compliance by providing a clear written record of different types of income. The Treasury Department has included a project for proposed regulations regarding information reporting on virtual currency under the broker reporting rules in its Priority Guidance Plan. Once issued, this guidance may provide some insight into how Treasury plans to address issues of information reporting in the realm of DeFi. However, it is unlikely that these rules will provide definitive guidance relating to DeFi.
DeFi may also disrupt tax enforcement efforts, including under the Foreign Account Tax Compliance Act, which has become an important piece of the Internal Revenue Service's enforcement toolkit and generally relies on non-US foreign financial institutions to search their records for customers with indicia of a connection to the US and report the assets and identities of such persons.
Regulatory Scrutiny of Stablecoins and the Emergence of Central Bank Digital Currencies
New stablecoins continue to flood the market. One area on which regulators are already focusing, and are likely to continue to focus, is how various stablecoins are backed, and whether companies offering these tokens have sufficient safeguards in place to protect their reserves.
The most prominent stablecoin to date, with by far the largest market capitalisation, is Tether, a stablecoin pegged to the US dollar, euro or Japanese yen. In 2019, the Office of the New York Attorney General (NYAG) announced an investigation of Bitfinex and Tether, focused primarily on whether Tether has sufficient reserves to back the Tether tokens in circulation. This investigation spawned protracted litigation between NYAG and the companies, but the matter was finally settled with an USD18.5 million fine in February 2021, with NYAG criticising the timing of a handful of disclosures but making no findings that Tethers were not fully backed or were ever issued without backing (Steptoe represents Bitfinex and Tether in the NYAG matter).
While Tether was the first stablecoin to draw the attention of a regulator, it will not be the last. There has been a dramatic increase in new stablecoins on the market, as stablecoins have become an intrinsic part of the digital asset economy. Although not all new stablecoin projects are likely to succeed, the proliferation of new stablecoins clearly demonstrates an expectation that stablecoins will have a large impact on the global financial system. And as more and more money flows into stablecoins, and as they grow in importance, they will continue to draw more attention from regulators and enforcement agencies.
With the popularity of stablecoins showing no sign of subsiding, regulators have indicated in public statements that scrutiny of stablecoins will be a priority for 2021. For instance, during December 2019 remarks at a European Central Bank Colloquium, Federal Reserve Board Governor Lael Brainard noted that risks posed by stablecoins could be “exacerbated by the lack of clarity about the management of reserves and the rights and responsibilities of various market participants in the network.”
The Financial Stability Board issued a report in April 2020 on regulatory, supervisory and oversight challenges raised by stablecoins, as well as making recommendations to regulators and law enforcement agencies on how to address these challenges. These recommendations included that authorities should ensure that stablecoin issuers have effective risk management frameworks in place, especially with respect to reserve management, cybersecurity safeguards, and anti-money laundering and countering of terrorism financing (AML/CFT) measures. Based on this commentary, it seems clear that regulatory scrutiny of stablecoins, including how they are backed, will continue to dominate the cryptocurrency landscape in 2021.
All of this will be put to the test by a stablecoin finding mass adoption on a popular platform. To date, no stablecoin has reached mass consumer adoption, and no social media platform or similar entity has enabled or endorsed the seamless integration of a stablecoin as a native means of payment on such a platform. The effects of such a development would be dramatic. Overnight, storefront operators and third-party payment processors would need to adapt their compliance programmes to account for payments via stablecoin. These entities and the traditional financial services entities that service them – banks, custodians and others – would immediately become adjacent to large numbers of businesses transacting in cryptocurrency, and would be handling deposits that are the proceeds of cryptocurrency-denominated transactions. Moreover, the race would be on among these institutions to be able to safely bank stablecoins directly, without conversion to fiat currency.
All of these developments would strain compliance departments as well as regulators, as real-time developments would highlight both novel and previously foreseen ambiguities in existing regulatory guidance that would need to be addressed immediately.
Central bank digital currencies
Despite the explosive growth of new forms of digital currencies in recent years, including the advent of asset-backed stablecoins, the prospects for digital forms of government-issued digital currency have remained uncertain due to scepticism about the value proposition and the ability of CBDCs to co-exist with traditional fiat currency, or even replace it entirely. Some central banks have also raised questions about security and privacy, as well as concerns over potential instability within traditional banking and payment systems caused by an influx of a new digital currency. But as cryptocurrencies continue to proliferate, and the transactional marketplace moves ever closer to a purely digital playing field, the scepticism has slowly evolved into an air of acceptance and long-term inevitability.
Now, in the ongoing wake of the COVID-19 pandemic, calls for CBDCs have grown even louder as the perceived utility – both for the emerging “new normal” and for future crises – has come into greater focus. For instance, distributing public funds instantly and securely during the current public health emergency has represented one of the biggest challenges, and the inability to do so has deepened the economic fallout. CBDCs could help solve this problem by allowing governments and central banks to pump currency into markets almost immediately, and to do so far more reliably and securely with the proper infrastructure in place. In more practical terms, CBDCs also have the benefit of being completely contactless. The head of BIS’s Innovation Hub, Benoît Cœuré, has observed that CBDCs have come “into sharper focus” and although “whether COVID-19 will accelerate the demise of cash” is an open question, “the value of having access to diverse means of payments, and the need for any means of payments to be resilient against a broad range of threats” have already been highlighted.
From Asia to the Caribbean, CBDCs are now here – and proofs-of-concept are being developed all over the world. But in the US, scepticism remains. The US Federal Reserve was notably absent from a CBDC collaboration initiative by European and Japanese central banks. Fed Chairman Jerome Powell stated that the bank was monitoring the CBDC debate but not actively considering its own digital currency amid a host of legal, regulatory and operational questions. While the Fed has been evaluating potential benefits of issuing a Digital Dollar, Powell remarked that it has “not identified potential material benefits of [a] general purpose CBDC to the implementation of monetary policy relative to our existing tools”, and that the bank is currently focused on developing an instant “round-the-clock real-time” payment and settlement system, with an expected launch date in 2023 or 2024. But there have been bipartisan calls from Congress urging the Fed to consider developing a Digital Dollar, and other US policymakers have described a Digital Dollar as inevitable.
As we move forward, governments' willingness to launch their own digital currencies will surely continue to grow. Although not imminent, especially within the US, the regime of cash as king could someday be overthrown, and the current pandemic could be sparking the revolution.
The only constant in the cryptocurrency space is change. As technology evolves, and as DeFi and stablecoins continue to grow and new financial products and services are created, regulators and enforcement agencies will have to continue to adapt. Some agencies will respond with rulemaking, while others will attempt to apply existing rules to a new reality or pursue “regulation by enforcement”. Either way, 2021 will be a dynamic year for the industry and for regulators and enforcement agencies alike.