Contributed By DLA Piper
Fintech Business Models
The use of mobile technology, internet-based access, blockchain technology, and advanced algorithms have enabled fintechs to bridge the gap between commercial/consumer demand and traditional bank offerings. This evolution and growth of the fintech market over the past 12 months has been significant. While the range of products and services being offered by innovative fintech business continues to expand, we are seeing that fintechs are increasingly partnering with traditional banking institutions rather than directly competing – for example, offering integration with such institutions for point-of-sale financing or payments, lending, real-time payments, trading and investing.
Such integrations can ultimately strengthen both partners, bringing the efficiency and objectivity offered by technology and even artificial intelligence (AI) of a fintech together with the more mature risk management environment of a traditional banking institution. The traditional banking institution is spared from time and resource-heavy development, and the fintech can achieve scale quickly with an institution’s customer base.
Digital Assets
In addition, the US digital asset and blockchain market has also seen dynamic shifts over the past 12 months on all fronts.
The cryptocurrency markets saw less volatility or market-wide price movements earlier in 2023 but the end of 2023 and start of 2024 saw a resurgence in demand for both assets and new projects, including in the areas of AI and real-world asset tokenisation. Non-fungible tokens (NFTs) as a group saw normalisation of creation, trading, and prices coming from the explosion in interest seen in 2021–22. While regulatory scrutiny continues to inject uncertainty into the market, investment, particularly from venture sources, while tighter earlier in 2023, grew throughout the year. The past year has also seen continued interest in digital assets and blockchain applications from more traditional players in the finance space, with established money transmitters, banks, investment groups, and others exploring blockchain projects, including issuance of stablecoins, applications for exchange-traded funds, and investment in blockchain assets.
Industry-recognised fintech verticals that currently predominate in the US include the following.
Federal Regulators
The US federal government actively regulates most financial products and services – in many cases, the federal regulation is extensive and complex. A non-exhaustive list of federal regulators includes:
With respect to laws and regulations within the jurisdictions of the federal agencies noted above, a non-exhaustive list of statutes and regulations addressing financial products and services includes:
State-Level Regulation
In addition, individual states and the District of Columbia may establish their own statutes and regulations that address licensing or chartering of banks, non-banks, broker and dealers and product regulation. These additional state rules are not always the same in all jurisdictions, and in some instances may even conflict with each other. At the state level, relevant regulators often include state banking departments, consumer protection agencies, and state securities commissions.
In addition, there are commercial laws developed by the Uniform Law Commission in the form of the Uniform Commercial Code (UCC) that are adopted by the states that address electronic payments and lending and the custody and transfer thereof such as by wire transfer (UCC Article 4A), Letters of Credit (UCC Article 5), the regulation of other “financial assets” in electronic form (UCC Article 8), the origination, sale, and securitisation of electronic chattel paper (UCC Article 9), and “controllable electronic records” (UCC Article 12).
Transferable Records
Transferable records (ie, the electronic equivalent of a negotiable promissory note) are governed by the federal Electronic Signatures in Global and National Commerce Act (ESIGN) or the Uniform Electronic Transactions Act (UETA).
Analysis of Applicable Law/Regulation
With respect to fintechs, whether a fintech business is subject to federal and/or state regulation will depend on the fintech’s activities. The starting point for analysing applicable laws and regulations usually involves identifying the nature of the activity being conducted and the nature of the specific product or service being offered. When evaluating the regulations applicable to any financial services product, the regulators focus on the terms and purpose of the product or service, the location of the provider, the location of the borrower, and whether the intended borrower is an individual or a business. The fact that the product or service may be delivered through an online or mobile channel, or utilise innovative technology such as a blockchain or advanced AI, is also relevant. In the event licensing or registration is required, state statutes and regulations may also address the fintech’s financial condition and operations.
For information regarding the regulatory regimes applicable to virtual currency or cryptocurrency, see 7. Marketplaces, Exchanges and Trading Platforms and 12. Blockchain.
Direct consumer compensation models for fintechs in the USA largely rely on fees. Where these fees are paid by consumers, common fees may include subscription fees, payment processing fees, funds transfer fees, trading fees, and the like. These direct fees must generally be disclosed according to the regulatory regime applicable to the underlying transaction – for example, for online lending, Truth-In-Lending disclosures may be required along with any licence-based disclosures that may apply. Similar requirements exist for deposit accounts under Truth In Savings, and federal and/or state law may require fee schedules for particular account types. The disclosures required depend on the types of fees being charged, the nature of the entity providing the financial services, and the jurisdictions where the services will be offered.
In some instances, certain fintech services are being offered to consumers without fees – the providers opting instead to treat the offered fintech services as an opportunity to develop customer loyalty or as a gateway to other products and services. Consumer resistance to the assessment of fees for certain services, such as peer-to-peer payments, has been significant in the USA.
Indirect fees include interchange fees, referral or lead-generation compensation, interest generation, payment for order flow, data monetisation and contractual profit-split arrangements. These types of fees may also require disclosure or even be restricted or prohibited in certain jurisdictions or for certain entities.
US regulation of fintech participants is largely layered; regulators rely on the bedrock of established laws and regulations that were developed for traditional financial services models in conjunction with new, often licence-based, federal and state laws and regulations. Legacy players in the financial services industry are often able to rely upon traditional exemptions from some of the more arduous state licence-based requirements.
To the extent that fintechs have moved into online lending, credit cards, and other areas traditionally held by nationally or state-chartered banks, fintechs have generally opted for bank partnerships in lieu of obtaining their own bank, speciality, or limited purpose charters from the OCC.
A challenge in the United States to the enablement of regulatory sandboxes is the overlapping regulatory jurisdictions as many fintechs are subject to supervision by multiple agencies. In a 2018 report, the Treasury Department expressed its support for regulatory sandboxes and in 2019 the SEC, CFTC, OCC and FDIC signed onto the Global Financial Innovation Network (GFIN). The GFIN was launched to create a “global sandbox” for financial innovation. However, since 2019, no US regulator has established a true regulatory sandbox for fintech. Federal government regulators instead opted for “innovation hubs”: dedicated points of contact for fintech firms to raise enquiries and seek non-binding regulatory guidance. For example, in addition to the OCC and the CFPB Offices of Innovation for entities within their jurisdiction, the SEC maintains a Strategic Hub for Innovation and Financial Technology (“FinHub”) which co-ordinates SEC oversight and response regarding emerging technologies in financial, regulatory, and supervisory systems, including in the areas of distributed ledger technology (for example, crypto-assets/digital assets), automated investment advice, digital marketplace financing and artificial intelligence/machine learning. The Financial Industry Regulatory Authority (FINRA), which is a key self-regulatory authority in this area, has created an Office of Financial Innovation to explore the application of traditional financial regulations to fintech companies.
Some states have historically provided in state law for a limited-term regulatory sandbox for fintechs in some regulatory areas, such as money transmission.
While the United States generally supports fintech innovation, it heavily regulates financial providers and, in some cases, the products and services provided to consumers and, some cases, businesses. All verticals noted in this chapter are subject to a patchwork of laws and regulations at both the state and federal level, and of varying degrees of overlap and clarity. In some circumstances non-governmental entities may also issue rules that are quasi-regulatory.
See 7. Marketplaces, Exchanges and Trading Platforms and 12. Blockchain for a discussion of regulatory jurisdiction in connection with blockchain, cryptocurrency, virtual currency, and exchanges.
As the COVID-19 pandemic accelerated the migration by banks and fintechs away from paper-based product offerings, and toward electronic processes in order to serve customers and remain competitive, the use of third-party vendors has increased measurably. While many regulated functions can be outsourced, most financial institutions in the United States, including non-bank providers, have risk assessment and monitoring requirements with respect to the use of third-party service providers, including those imposed by the federal bank regulators through the Interagency Guidance on Third-Party Relationships: Risk Management issued jointly by the FDIC, the FRB, and the OCC.
As traditional institutions continue to partner with fintechs and technology providers, there will be continued regulatory pressure on doing increased due diligence before engaging third parties for services, having contingency plans in place, exit strategies, or back-up plans for the delivery of services so as to not risk the safety and soundness of the institution and leave customers at risk.
When regulated by US federal or state anti-money laundering laws, fintechs may become de facto gatekeepers, required by law to detect and report suspicious activity to law enforcement and respond to legitimate law enforcement requests in order to safeguard the US financial system from abuse. Unless a specific (often narrowly drawn and interpreted) exemption applies, the governed fintech must develop risk-based compliance controls reasonably designed to prevent their business from being used by their customers to facilitate money laundering, terrorist financing, and/or sanctions evasion.
These controls include the following.
In addition, the SEC has continued to expand its view of the responsibility of fintech providers as gatekeepers. The SEC has focused on auditors and audit firms, underwriters, broker-dealers and attorneys who provide services to and advise the industry. Recently, the SEC has expanded its focus on who constitutes a gatekeeper to include exchanges, other industry intermediaries, and those who offer services to the industry.
See 7. Marketplaces, Exchanges and Trading Platforms on exchanges. In certain actions, the SEC has sued individual executives of these entities.
Expanding the Scope of CFPB Supervision
On 7 November 2023, the CFPB proposed a rule that would make subject to the CFPB’s supervision “larger participants” – those companies providing digital wallets and payment apps and handling more than 5 million transactions per year. The CFPB notes that the rule’s scope is intended to include many consumer financial products and services commonly described as digital wallets and payment, funds transfer, and peer-to-peer applications. Interested parties had until 8 January 2024, to submit comments.
Increasing Enforcement Activity
In addition, the enforcement environment in the last year has seen increased activity from the SEC, the CFTC and the US Department of Justice (DOJ) and the US Treasury Department’s Office of Foreign Asset Control (OFAC) and Financial Crimes Enforcement Network (“FinCEN”), each of which have filed key enforcement actions or indictments against cryptocurrency and fintech players whose actions and/or business models have facilitated money laundering, sanctions evasion, or terrorist financing. The focus on enforcement remains constant.
For example, reports indicate that in fiscal year 2023, the SEC brought 46 crypto-related enforcement actions involving 124 defendants. This was reportedly a 53% increase over fiscal year 2022 and represented a record high of such cases. These cases included claims of:
Looking Forward
Market participants should expect continued cases going forward. In addition, currently pending seminal cases will play out at the trial level in 2024 with potential large market consequences. These cases, against major cryptocurrency exchanges involve claims that those exchanges acted as unregistered securities exchanges, unregistered securities brokers, unregistered clearing agencies and also offered and sold unregistered securities. In one case the exchange is also charged with fraud.
Security status of cryptocurrency and SEC action
A significant question remains as to when and whether cryptocurrencies or transactions therein constitute securities and whether the analysis differs depending on whether the sales are conducted by the issuer or developer or on the secondary market. In March 2024, the court in SEC v Wahi et al., determined that cryptocurrencies sold in secondary market sales were securities. While that decision was issued as part of a default judgment where the defendant did not appear, the SEC is already using the decision in its cases against the cryptocurrency exchanges.
While at least some of these courts recognise that a token by itself may not be a security, the SEC has successfully persuaded the courts that, among other things, the marketing of the token for use in a protocol to earn a profit constitutes an investment contract security and that the token which enables its holder to acquire another token is also a security. The SEC has brought enforcement actions alleging that all forms of tokens, including non-fungible tokens and stablecoins are securities.
In addition, the SEC is focusing its enforcement efforts on crypto lending, trading platforms, the offer of staking as a service and DeFi more generally. The SEC continues to pursue market participants engaged in such activities.
The CTFC
The CFTC brought 47 actions involving conduct related to digital asset commodities, representing more than 49% of all actions filed in 2023. Most of the actions were related to the prosecution of fraudsters and scammers but also include actions taken against large, DeFi platforms for failures of compliance and registration. In one notable case, brought against the Ooki DAO and its creators, the CFTC alleged that an unincorporated DAO with administrative control over a decentralised protocol had violated commodities laws by engaging in regulated activity without registration.
AML and Sanctions Evasion
In August 2023, the DOJ indicted two of the founders of Tornado Cash, a cryptocurrency mixer designated in 2022 as a Specially Designated National (SDN), for conspiracy to commit money laundering, sanctions evasion, and operating as an unlicensed money transmission business because they allegedly knowingly assisted North Korea hackers, the Lazarus Group, and other bad actors in moving stolen funds. DOJ charged the founders despite the fact that they had formed a DAO, relinquished the administrative keys (and hence decision-making to the DAO), the platform operated through smart contracts (software code), and the transmission of illicit funds were performed by third parties known as “relayers”.
Another key enforcement action in the AML and sanctions evasion space involved January 2023 FinCEN and DOJ’s actions against Bitzlato, a China-based cryptocurrency exchange that allegedly facilitated sanctions evasion by Russian cyber-criminals where both FinCEN and DOJ deployed powerful enforcement tools. FinCEN used a new tool to designate Bitzlato as a “primary money laundering concern” thereby essentially cutting it off from the global financial system and DOJ charged Bitzlato’s founder with, among other thing, operating an unlicensed money transmission business wholly or substantial part in the USA – a “general intent” or “strict liability” crime – in violation of 18 USC 1960.
Furthermore, in February 2023, there was an indictment (and multiple superseding indictments) charging FTX founder, Sam Bankman-Fried, with, among other things, operating FTX as an unlicensed money transmission business in violation of 18 USC 1960.
Dark Patterns
On other fronts, the Federal Trade Commission issued a policy statement in 2021 surrounding the use of “dark patterns”, essentially a subset of practices that may manipulate, mislead or deceive a consumer into providing consent that they would not otherwise, absent the practice. The CFPB and a number of states have followed suit, and federal legislation has been introduced surrounding these practices. Dark patterns, as opposed to general unfair, deceptive abusive acts and practices, use electronic interface design and implement user experiences to steer consumers into decisions that they may not truly intend or understand.
While no single definition of dark patterns exists, enforcement actions have largely surrounded subscription models, where consumers must first enrol in a product or service, particularly where “unenrolling” is more difficult than enrolling, or where consumers are deliberately and unwittingly led into acting against their own best interests.
Examples of dark patterns that have been subject to enforcement action include forced engagement, negative option marketing (which involve subscription services that place the onus on a consumer to cancel a service to avoid recurring charges, usually without clearly disclosing this requirement prior to enrolment, or with unreasonably arduous – or even concealed or impeded – cancellation processes), or failure to obtain informed consent, and the list will grow with each enforcement action. Regulators have pointed to a number of practices as evidence of such malfeasance that include traditional marketing testing, so consumer-minded review of user experience is vital. One such example is A-B testing (where two potential options are tested for engagement, and the option that has the higher engagement levels is employed).
In the USA, federal and state laws and regulations outside of financial services apply equally to fintechs as well as to legacy players. To the extent that banking regulators have adopted guidance with respect to privacy, cybersecurity, social media content, and software development, legacy players are expected to comply with such guidance and frequently required to contractually obligate banking partners to comply as well.
With respect to virtual currency, the SEC adopted Staff Accounting Bulletin 121 (SAB 121) in March of 2022 as an expression of “views of the [SEC] staff regarding the accounting for obligations to safeguard crypto-assets an entity holds for platform users”. SAB 121 applies to financial statements prepared under accounting standards for SEC registrants and prospective registrants and mandated an equivalent liability on the balance sheet for each held digital asset. SAB 121 raised much industry concern, with opponents arguing that the SEC was required to issue SAB 121 in adherence with the rule-making process, allowing public comment. In October 2023, the General Accounting Office agreed and concluded that SAB 121 qualified as rule due to its nature as an agency statement of general applicability aimed at interpreting and prescribing policy. On 29 February 2024, a Joint Resolution to nullify SAB 121 advanced out of the US House Financial Services Committee. The Joint Resolution is poised for a vote on the House floor.
In the United States, at least within the context of the securities and commodities laws, offering an unregulated product or service in conjunction with regulated products and services can put the offeror at risk of an enforcement action, which could adversely impact the regulated products and services and the provider’s ability to offer such services.
Anti-money laundering (AML), countering the financing of terrorism (CFT) and economic and trade sanctions (“sanctions”) rules impact fintech and cryptocurrency companies, including regulated and unregulated companies in a meaningful and often resource-intensive way. Developing thoughtful, risk-based compliance programmes pre-launch and assessing the adequacy of such programmes are important steps to avoid facilitating criminal conduct and minimise the risk that a company will become the target of a regulatory or criminal investigation.
In the USA, various agencies regulate fintech, digital assets and Web3 companies. For AML on the Federal level, the US Department of the Treasury’s FinCEN, is responsible for promulgating regulations and providing industry guidance related to and civil enforcement of the BSA and USA PATRIOT Act. The DOJ’s Money Laundering and Asset Recovery Section (MLARS) has primary responsibility for investigating and prosecuting criminal violations of the BSA. Additionally, banking and money transmission regulators at the state level each have their own regulatory and licensing regimes which may be applicable to fintech and cryptocurrency companies. Fintech and cryptocurrency companies must also ensure that they are not used to facilitate evasion of economic sanctions, which are governed in the USA by OFAC, the US State Department, and the Department of Commerce’s Bureau of Industry and Security.
Every US state except Montana, as well as the District of Columbia, Puerto Rico, Guam, and American Samoa has laws governing the conduct of money transmitters, though the definition of the term and possible exemptions are not uniform across all jurisdictions. Federal statutes governing money transmission were generally designed to address AML and anti-terrorist financing policies; however, state laws were generally adopted as customer protection initiatives designed to mitigate the risk that a customer who surrenders funds to a money transmitter does not get the funds ultimately delivered to the recipient or returned to the customer as intended. These differences in objectives inform much of the variations in the respective scope of state and federal money transmitter laws. To protect customers, state money transmitter laws require licensure and impose specific requirements on licensed entities such as periodic examination, retention of surety bonds for the benefit of customers, maintenance of customer funds in specific low-risk and liquid assets, and quarterly confirmation of net worth and regulated transaction activity through financial reporting.
US sanctions compliance obligations apply equally to transactions involving virtual currencies and those involving traditional fiat currencies. Members of the virtual currency industry are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade or investment related transactions. All US individuals and entities are required to comply with such obligations. Given the anonymity of certain virtual currency transactions, the potential challenges identifying the location and/or nationality of certain virtual currency senders or recipients (including the widespread use of virtual private networks or IP-spoofing tools to block or obscure one’s geographic location), and other factors in connection with engaging in virtual currency activities, it may be difficult to identify the parties, their nationalities, and/or locations required to comply with OFAC rules. The OFAC list of blocked wallet addresses is updated regularly and typically warrants monitoring by a third-party blockchain vendor. Therefore, accepting and sending virtual currency payments presents certain heightened OFAC sanctions risk for a company, requiring increased awareness and dedication to complying with applicable sanctions regulations.
OFAC has stated that once a US person determines that it holds virtual currency that must be blocked under OFAC’s regulations, it must deny all parties access to that virtual currency and ensure that the virtual currency is not inadvertently transferred, released, or otherwise dealt in. In addition, “[b]locked virtual currency must be reported to OFAC within 10 business days, and thereafter on an annual basis, so long as the virtual currency remains blocked”.
The goals of the AML, CFT and sanctions rules on both the federal and state level are to help ensure that the US financial system is not used to facilitate money laundering (generally concealing or disguising the source or nature of illicit funds by moving the funds through the financial system), terrorist financing, evading economic sanctions, and other illicit activity such as child exploitation, nuclear weapons proliferation by enemy states, and fraud.
The term “robo-adviser” generally refers to an automated digital investment advisory program. Robo-advisers, which are typically investment advisers registered with the US SEC, provide asset management services to their clients through online algorithmic-based programs.
Robo-advisers operate under a wide variety of business models and provide a range of advisory services. For example, some robo-advisers provide investment advice directly to the client with limited, if any, direct human interaction between the client and investment advisory personnel. For other robo-advisers, advice is provided by investment advisory personnel using the interactive platform to generate an investment plan that is discussed and refined with the client.
As registered investment advisers, robo-advisers are subject to SEC oversight and must comply with the Investment Advisers Act of 1940, as amended (the “Advisers Act”), and regulations promulgated thereunder. Depending on the types of services they provide, robo-advisers also may be subject to other regulatory regimes.
Many major US banks, broker-dealers and investment advisory firms have implemented a robo-adviser platform. Within the US, the robo-adviser industry is anticipated to experience a high growth rate due to digitalisation of the financial sector.
The Advisers Act establishes a federal fiduciary standard for all investment advisers, including robo-advisers. As a fiduciary, when a robo-adviser has the responsibility to select broker-dealers and execute customer transactions, the robo-adviser has an obligation to seek to obtain “best execution” of customer transactions, taking into consideration the circumstances of the particular transaction. A robo-adviser fulfils this duty by seeking to execute securities transactions on behalf of clients with the goal of maximising value for the client under the particular circumstances occurring at the time of the transaction.
There are significant differences in the regulation of loans made to consumers and loans made to businesses.
Loans to individuals for consumer purposes (ie, family, household, or personal use) are highly regulated. From a US federal law perspective, there are a variety of consumer protection laws (eg, the Truth-in-Lending Act, the Electronic Signatures in Global and National Commerce Act, the CFPB’s Small Dollar Loan Rule, the Fair Credit Reporting Act, the Equal Credit Opportunity Act, the Electronic Funds Transfer Act, credit card network rules, the prohibition against engaging in unfair, deceptive or abusive acts or practice (UDAAP) under the Dodd-Frank Wall Street Reform, and the Consumer Protection Act) with which online lenders originating consumer loans will likely need to comply, depending on the specific features of the product. More regulations are triggered under federal law if the consumer product(s) being offered is secured by real estate (ie, residential mortgages). From a state perspective, consumer lending is highly regulated as well, requiring licensure in most states (or in all states if offering residential mortgages). The triggers for licensure vary by state, with some states requiring licensure for all consumer loans and others requiring licensure only where interest exceeds a certain threshold and/or the principal amount is below a certain threshold. In addition to licensure, online lenders making consumer loans need to be conscious of usury rates, state disclosure requirements, and state privacy laws, which will often not apply to small business loans or commercial purpose loans.
Small business loans and other commercial-purpose loans are often exempt from many federal laws and regulations and state licensing, usury, and disclosure requirements, depending on the specific features of the product. For example, there are only a handful of states that require commercial financing providers to provide specific disclosures to commercial financing recipients, although the number of states that require such disclosures is growing. Similarly, commercial financing providers are subject to licensure in less than half the states, often only where interest exceeds a certain threshold and the loan is below a certain threshold principal amount.
Online lenders primarily use two types of underwriting processes in the USA: automated and manual.
Automated Underwriting
This process leverages technology (eg, AI and machine learning) to analyse borrower eligibility, relying heavily on data points from a variety of sources, including:
In the residential mortgage industry, lenders who sell mortgages they originate to Fannie Mae use a program called Desktop Underwriter for automated underwriting. Lenders who sell to Freddie Mac used a product called Loan Product Advisor.
Manual Underwriting
Unlike automated underwriting, which relies on algorithms and pre-set criteria, manual underwriting involves a more thorough examination of a potential borrower’s finances by a trained human underwriter and generally allows for more flexibility in terms of determining borrower eligibility. Underwriters will review documents (eg, tax returns, pay stubs, bank statements and proof of assets), analyse a borrower’s ability to repay the loan based on income, debts, liabilities, assets, and credit history, and consider special situations or explanations for any negative credit or financial history. While automation is used in the manual underwriting process, actual human review plays a larger role.
Comparison of Underwriting Processes
Automated underwriting offers faster approvals and is typically used for smaller, personal loans. It is a more rigid, and less flexible process than manual underwriting, but it is cheaper and quicker. Manual underwriting is generally used for more complex loans (eg, mortgages or jumbo loans) or for borrowers with limited credit history or unique financial situations. Online lenders typically use a blend of both processes, leveraging technology to improve efficiency while utilising humans to manage more complicated applications or those with attributes that fall outside the automated approval criteria.
Regardless of the process used, lenders need to comply with regulations that set underwriting standards, promote fair lending, and prohibit discrimination in the underwriting process. In April 2023, federal regulators issued a joint statement warning industry participants that the increased use of automated tools has the potential to perpetuate unlawful bias, automate unlawful discrimination, and produce harmful outcomes.
Sources of funds for loans will vary depending on several factors, including the type of loan, economic environment, and creditworthiness of borrowers.
Peer-to-peer lending (ie, marketplace lending) allows persons seeking financing to borrow money directly from another person without the need to seek financing from a traditional financial institution. Individuals or businesses can seek loans for various purposes through an online P2P platform and lenders who seek alternative investment opportunities can act as lenders on the platform. Once a loan is funded, the platform facilitates the transfer of funds between the lender and the borrower and manages the loan repayment process. Because P2P loans are often issued to borrowers with lower credit profiles, there is a higher risk of default. P2P lending platforms are generally less regulated than traditional lending platforms, which may increase risk for investors. P2P lending platforms may be subject to loan brokerage laws, depending on a variety of factors, including the jurisdiction in which the borrower resides.
Lender-raised capital can be generated either through debt financing or equity financing. Private equity and venture capital firms may provide funding for specialised loans, such as those for start-up businesses in exchange for equity in the borrower. Institutional investors such as pension funds, insurance companies, and asset management firms may provide funds for debt-financed transactions.
Banks, credit unions, and other deposit-taking institutions are the most common source of loan funds, using the deposits they accept from customers to provide loans.
In addition, as a result of this shift to paperless transactions, including for consumer and commercial loans secured by real property or equipment, and to ensure sufficient liquidity and financial stability in the event of real or perceived systemic risk, many of the Federal Reserve Banks and the Federal Home Loan Banks have responded by offering banks an opportunity to facilitate pledging large volumes of loans evidenced by instruments that are in electronic form. The addition of electronically signed loans (including imaged documents with the paper originals being destroyed) is providing flexibility to banks to increase their pool of pledged collateral and meet liquidity demands. Banks will need to review their electronic processes to be able to certify to the governmental requirements associated with pledging electronic collateral.
Syndication is a common practice in the US. It is typically done when either (i) the loan amount is too large for a single lender to handle or (ii) the loan falls outside of a lender’s risk tolerance. Syndication allows lenders to mitigate some risk by sharing the risk associated with the loan with other lenders and potentially participate in bigger financing opportunities that they may not otherwise be able to.
A lead financer, often referred to as a syndicate agent, will act as the co-ordinator and manages the syndication process, including structuring the loan terms, finding other lenders to participate in the syndicate, and performing due diligence. The agent is generally responsible for initial transaction fees, compliance reports, loan monitoring, and reporting. There is only one loan agreement for the entire syndicate. But each lender’s liability is limited to their respective share of the loan interest. With the exception of collateral requirements, most terms are generally uniform among lenders. Collateral assignments are generally assigned to different assets of the borrower for each lender. The agreements between lending parties and loan recipients are often managed by a corporate risk manager.
Once the syndicate is formed and the loan finalised, loan funds are disbursed to the borrower and the lead financer will typically manage servicing and ensuring that repayments are distributed to participating lenders based on their respective shares.
Loan syndications typically meet a well-established set of industry standards and best practices set forth by the Loan Syndications and Trading Association (LSTA). The LSTA provides standardised documentation and guidelines for various aspect of loan syndications. Lenders participating in a syndication are also subject to any federal or state laws that would otherwise be applicable as described in 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities, as well as any other regulations that may be applicable depending on the type of lender and jurisdiction.
Additionally, it is common practice in certain industries, such as mortgage and automotive lending, to syndicate electronically originated promissory notes, loans, and leases secured by collateral such as real estate or a vehicle. The ESIGN Act and UETA, and UCC Articles 3 and 9, support and enable pooling, transfer and syndication of such transferable records and electronic chattel paper.
In the United States, firms involved in the processing of payments are generally separate legal entities from the payment networks that operate the “rails” through which payment information flows. Payment processors are typically involved in transmitting or submitting credit or debit card transactions for authorisation through the card payment networks and arranging for settlement to the bank accounts of the underlying merchant or payee that has accepted the card as a form of payment. Payment processors may also be involved in assisting a merchant or payee create ACH files for electronic fund transfers involving bank accounts settled through the clearing house networks.
A payment network, by comparison, provides the framework agreements, merchant acceptance, and information technology to facilitate the timely and efficient authorisation, clearing, and settlement of such payment information between a card issuing or accountholder’s bank and the bank used by the merchant or intended payee. It may also have the rules that govern the conduct and roles of the parties using the payment network, such as the banks that issue cards or hold bank accounts connected to the network, and the merchants accepting such cards or accounts as payment at the point-of-sale, which are designed to promote network integrity, reduce fraud, and assign responsibility for regulatory compliance on appropriate parties.
US laws and regulations do not generally prevent a payment processor from creating its own set of payment “rails” through which to transmit payment information. Rather, it is the relatively steep barriers to entry associated with driving sufficient payor interest (meaning transaction volume) and achieving a critical mass of merchant or payee acceptance of the new payment network that will limit the development of a new payment network.
Cross-border payments and remittances are generally subject to a US financial regulatory framework in order to address one of three overarching policy objectives: (i) consumer protection, (ii) AML/CTF, and/or (iii) commercial efficiencies.
From a consumer protection standpoint, federal laws such as the Electronic Fund Transfer Act and the Consumer Financial Protection Bureau’s implementing Regulation E, as well as state law equivalents, generally require a cross-border or remittance transfer provider to comply with certain obligations, such as providing clear and accurate disclosures prior to payment regarding the fees to be charged and the ultimate timing of delivery to the intended recipient. A remittance provider must also provide receipts that evidence similar disclosures for the consumer to retain. The disclosures provided must meet regulatory standards regarding accuracy at the time provided and must be provided in the same foreign language that is used to market or solicit such services. Additionally, state laws requiring money services businesses, such as money transmitters, to obtain a licence, meet certain net worth and bonding requirements, and retain permissible assets to support its activities, protect consumers by ensuring that the business has the financial wherewithal to provide the transmission services.
From an AML/CTF perspective, remittance transfer providers are likely a subset of money services business required to adopt compliance programmes under the BSA and its implementing regulations administered by offices within the US Department of the Treasury. These compliance programmes can require, among other things, that the company have procedures to conduct due diligence on their customers (“know-your-customer” obligations), engage in ongoing transaction monitoring for suspicious transmissions or money movement involving illegal activity, and transaction reporting requirements. The so-called “travel rule” is also an example of an AML/CTF requirement applicable to international funds transmissions and requires covered financial institutions to pass along certain information regarding the name and identity of the sender and recipient to other financial institutions. The purpose of this rule is to provide law enforcement with a “trail” to follow from financial institution to financial institution when investigating money laundering or terrorist financing. Note that even where a company may not itself have a legal obligation to implement an AML compliance programme, it may contractually agree to do so through its agreements with the financial institutions with which it holds accounts.
In addition, from a legal and operational efficiency perspective, the provisions in Article 4A of the Uniform Commercial Code, among other places in state law, provide for a legal framework for the payment and transmission of money in an efficient and on a commercially reasonable basis. These laws provide default rules governing the administration and role of the various parties involved in the transfer of funds for business-to-business or commercial purposes (and do not involve transactions to or from consumer accounts). These default rules are designed to promote the fair and efficient allocation of risks and responsibilities among the parties involved in fund transfers and provide supplemental terms in the event that commercial agreements between such parties are silent on a particular issue.
Finally, it should be noted that the Electronic Payments Association (NACHA) has proposed modifications to its Operating Rules as related to cross-border payments.
While there is no regulatory scheme in the United States that specifically covers fund administrative services, a fund administrator may become subject to one or more US regulatory schemes depending on the types of activities that it conducts. A fund administrator should consider whether its activities encompass, for example, providing advice with respect to the purchase or sale of securities, arranging securities transactions, or acts as a manager to a pooled investment vehicle, as each of these activities are governed by federal securities laws and regulations.
A fund adviser may seek to impose contractual terms on a fund administrator to address advisers’ regulatory requirements related to the processing of personal data, information security, privacy, anti-money laundering, and other potential regulatory requirements, which will depend on the adviser’s business and activities performed by the administrator.
Fintech marketplaces typically offer a wide array of financial products and services, including the following.
Fintech marketplaces aim to simplify and democratise access to financial products and services by aggregating offerings from multiple providers in one place. They can enhance transparency, competition, and choice in the financial industry, empowering consumers and businesses to make more informed decisions about financial matters. All of these marketplace providers must, however, exercise caution to make certain that the services they provide do not constitute the offer or sale of securities or commodities that can subject them to additional regulation.
See discussion in 12. Blockchain.
It has become commonly accepted that engaging in the business of selling or exchanging cryptocurrency (anything of value that is a substitute for currency) constitutes “money transmission” (the movement of money from one person or place to another) under certain state and federal financial regulation. These regulations generally treat cryptocurrency and tokens as “virtual currency”, functionally equivalent in many ways from a regulatory perspective to fiat currency. As noted above, engaging in money transmission in a given state often requires a “money transmission licence” from that state (though states differ in this requirement and whether it applies to virtual currency) as well as registration as a money services business with the federal government. For this reason, sellers and exchangers of cryptocurrencies and tokens have become licensed as money transmitters in the states where they operate. Many of these businesses may also hold custody of customer funds and this activity alone can trigger licensing in some states. As a result, there some companies have sought to form limited purpose trust companies or other structures to hold custody of digital assets.
In addition, some cryptocurrencies and tokens may also be considered “securities”. The SEC has taken the position that almost all cryptocurrencies are securities. The SEC has full authority to regulate activities in the securities markets, including the spot markets. In addition, state securities and financial regulators have authority to regulate and conduct enforcement actions against those who engage in the offer and sale of securities within their state. Also, to the extent that a broker and/or dealer performs services related to cryptocurrencies and tokens that are deemed to be securities, FINRA rules apply to their activities as well. Separately, investment advisers who perform services related to cryptocurrencies and tokens are obligated to comply with certain SEC requirements.
Independently, cryptocurrencies and tokens not considered to be securities (which are by statutory definition exempt from categorisation as commodities) are almost universally considered to be “commodities”, the regulation of which is conducted by the CFTC. The CFTC has full authority to regulate activities such as sales, trading and advice with respect to markets for commodities futures, swaps and derivatives, as well as options. With respect to similar activities for the commodities spot market, the CFTC generally has only authority to regulate fraud. Thus, cryptocurrency futures trading platforms, for example, must register with, and comply with extensive regulation by, the CFTC whereas cryptocurrency trading platforms generally do not.
As described in greater detail in 12. Blockchain, the extent to which cryptocurrencies and tokens may considered securities under US law is hotly debated and remains unclear. The SEC has sued several major cryptocurrency exchanges alleging that they are subject to a wide range of securities laws related to transactions in cryptocurrencies on those exchanges. Those cases are currently being litigated – see 2.9 Significant Enforcement Actions (Security status of cryptocurrency and SEC action section).
At this time in the USA, to the extent digital assets are listed on centralised exchanges, those exchanges appear to have individual listing requirements or frameworks. Certain decentralised exchanges also provide guidance on how to list a token – whether the token represents virtual currency or an environmental carbon credit.
Given digital assets’ novel features, the CFTC released a staff advisory in 2018 that set out guidance for CFTC-registered entities seeking to list or clear virtual currency derivative products. The guidance stated that trading platforms and clearing houses should:
The CEA provides for a self-certification process for new digital asset products to be listed on exchanges or executed through swap execution facilities to either (i) submit a certification to the CFTC or (ii) submit a contract for the Commission’s approval. For cash-settled digital asset derivatives, the primary focus is to ensure that the contract settlement prices are reliable. For physically settled digital asset derivatives, the CFTC looks at physical transfer, storage and custody and what protocols are in place to prevent fraud and market manipulation.
Digital asset exchanges provide guidance regarding how orders are handled. Order handling is also addressed in the terms of use for a particular exchange.
To the extent that the SEC succeeds in requiring registration of digital asset exchanges both as exchanges, clearing agencies, or broker-dealers, SEC and, in the case of broker-dealers, FINRA, order handling rules would apply.
To the extent that the CFTC applies to the customer orders, under the Dodd-Frank Act (an amendment to the CEA), the CFTC also has jurisdiction to regulated leveraged retail commodity transactions entered into with, or offered to, parties that are not eligible contract participants (ECPs). CEA Section 2(c)(2)(D) provides that retail commodity transactions shall be treated as futures under the CEA, except with regards to transactions that result in actual delivery within 28 days.
The regulation of peer-to-peer trading platforms in the USA is dependent upon the nature of the digital asset being traded – whether such asset is a security regulated by the SEC, a commodity regulated by the CFTC, or some other digital financial asset subject to the UCC or other federal or state law. The regulation of certain types of tokens is hotly contested in the USA.
The SEC has taken the position that certain peer-to-peer platforms are subject to US securities laws. Whether the SEC will assert regulatory authority over a peer-to-peer platform will depend on the nature of the product. For example, in 2008 the SEC required a peer-to-peer internet lending platform to register. In 2009, the SEC issued a cease-and-desist enforcement action against another peer-to-peer lending platform for marketing securities without registration. The extent to which decentralised peer-to-peer platforms, such as decentralised exchanges, are subject to SEC regulation, even when the assets traded constitute securities, remains unsettled.
See 7.4 Listing Standards for discussion of CFTC and swap execution facilities. The extent to which decentralised peer-to-peer platforms trading CFTC-regulated products are themselves subject to CFTC regulation remains similarly unsettled, though the CFTC has asserted such jurisdiction in at least some instances.
See discussion in 12. Blockchain regarding the cryptocurrency exchange cases.
SEC Regulation Best Execution
SEC registered broker-dealers have a duty of best execution when handling customer orders. That duty is currently imposed under FINRA Rule 5310 which generally requires that in executing customer orders, a broker must use reasonable diligence to determine the best market for the security and buy or sell in that market so that the price the customer pays is as favourable as possible under prevailing market conditions.
In December 2022, the SEC proposed Regulation Best Execution (“Reg BE”) which would apply to digital assets that quality as securities. Proposed Reg BE is detailed but would require those effecting digital asset security transactions to:
Currently, Reg BE is not final.
Best Execution in the Commodities Markets
The Commodity Exchange Act (CEA) defines a “commodity” broadly to include all “goods and articles, . . . all services, rights and interests . . . in which contracts for future delivery are presently or in the future dealt in”, CEA 7 USC Section 1a(9). The statutory definition of “commodity’ is not limited to tangible (physical) commodities. Under the CEA, the CFTC has regulatory authority over most categories of derivative transactions and depending upon their structure and use, a digital asset may be deemed a commodity, swap or other derivative. The CFTC also oversees certain derivative market participants, such as dealers or intermediaries, and market infrastructure, such as exchanges. The CFTC believes that for a digital asset market to function as intended, it must be transparent, safe and resilient. Its key objective for governance of digital assets is to promote and ensure market integrity. The CFTC has been ensuring this objective is met by combatting fraud and abuse in digital asset markets, such as unfair and deceptive sales practices, market manipulation, pump and dumps and other fraudulent schemes.
Under the Dodd-Frank Act (an amendment to the CEA), the CFTC also has jurisdiction to regulated leveraged retail commodity transactions entered into with, or offered to, parties that are not eligible contract participants (ECPs). CEA Section 2(c)(2)(D) provides that retail commodity transactions shall be treated as futures, except with regards to transactions that result in actual delivery within 28 days.
To the extent that US federal securities laws apply to the platform, payment for order flow typically implicates broker-dealer/customer relationships and is regulated by SEC and FINRA rules. In particular, best execution obligations as well as anti-fraud provisions can be implicated if payment for order flow results in a broker-dealer directing a transaction to a platform for execution when better terms are available elsewhere. Separately the SEC’s Regulation National Market System (NMS) has rules that require a broker dealer to
The SEC’s proposed Reg BE would also impact practices governing payment for order flow.
To the extent that marketplaces, exchanges and trading platforms are subject to US securities regulations, both the federal and state governments have a number of key principles to promote market integrity and prevent market abuse. In addition, various self-regulatory organisations (SROs) such as FINRA also have rules designed to protect market integrity and prevent market abuse. State and federal laws and SRO rules are all implemented and enforced to achieve those ends.
Some of the key principals include:
With respect to the CFTC, the core mission of the CFTC is preserving market integrity: “The CFTC Division of Enforcement has focused on detecting, investigating, and prosecuting misconduct—fraud, manipulation, spoofing, or other forms of disruptive trading—that has the potential to undermine the integrity of the markets”.
The CFTC regulates the commodity futures markets, including options and futures contracts and the over-the-counter derivative markets, including swaps. The CFTC also may pursue manipulation, attempted manipulation, fraud, and false reporting of any commodity in interstate commerce.
Market manipulation can be divided into two distinct categories:
These two kinds of manipulations involve fundamentally different techniques and should be kept conceptually separate. It is possible to execute market power manipulation without engaging in fraud or deceit, and a trader without market power can likewise engage in fraud-based manipulations.
With regards to the US federal securities laws, there is not a regulation that expressly concerns the creation or usage of high-frequency and algorithmic trading. Such trading is often scrutinised in the context of potential market manipulation, including under Section 9(a) of the Securities Exchange Act of 1934 (the “Exchange Act”) and Section 10(b) of the Exchange Act and Rule 10b-5. Further, investment advisers are subject to a federal fiduciary duty under the Investment Advisers Act of 1934and may have disclosure obligations to fund or other clients to the extent high-frequency or algorithmic trading is part of the adviser’s trading strategy.
Market makers in the United States are typically, if not always, acting as brokers. A broker is broadly defined as any person engaged in the business of effecting transactions in securities for the account of others. Section 15(a) of the Exchange Act requires, with limited exemptions, brokers to register with the SEC. Brokers are also subject to regulatory oversight by FINRA. Further, if acting as a market maker in a principal capacity for propriety trading, the market maker may also be a dealer (see 8.3 Regulatory Distinction Between Funds and Dealers). Most brokers and dealers must register with the SEC and join a self-regulatory organisation (eg, FINRA).
With regards to digital assets, market makers either offer continuous quotes of bids and offers on centralised cryptocurrency exchanges or contribute to liquidity pools on decentralised cryptocurrency exchanges that fund the trading of token pairs effected by smart contract-powered algorithms called automated market makers (AMMs). Crypto-asset market making is generally unregulated given that neither centralised crypto-exchanges nor AMMs are registered with the SEC.
In the United States, a fund may qualify as an investment company, subject to the regulatory requirements (or applicable exceptions) on the Investment Company Act of 1940. An adviser to a fund likely must register with the SEC pursuant to the Advisers Act or, if not, a state securities regulator. Ultimately, one question is whether a fund is also a dealer.
A “dealer” is any person engaged in the business of buying and selling securities for the person’s own account, through a broker or otherwise. Dealers, like brokers, must register pursuant to Section 15(a) of the Exchange Act, absent limited exemptions. A typical exception to definition of “dealer” is a “trader” - a person who buys and sells securities for the person’s own account, either individually or in a fiduciary capacity, but not as part of a regular business. Historically, a typical exception to the “dealer” definition were so-called “traders”, persons who buy and sell securities for their own account, either individually or in a fiduciary capacity, but not as part of a regular business. Most funds historically relied on the trader exception, though the determination required a facts and circumstances analysis. It is sometimes simple to tell if someone is a dealer. For example, a firm that advertises publicly that it makes a market in securities is, according to the SEC, a dealer.
That said, on 6 February 2024, the SEC adopted rules that significantly broaden the definition of a “dealer” to include crypto-asset market makers, those providing liquidity to AMMs, and potentially even developers of AMMs. These rules will become effective later in 2024, and their effect on funds must be evaluated on a facts-and-circumstances basis.
See 8.1 Creation and Usage Regulationsfor information on the US regulation applicable to algorithms and electronic trading tools. There is not an SEC regulation that expressly applies to programmers, but a person is subject to the anti-market manipulation and fraud provisions of the US federal securities laws. Further, the definition of a broker is broadly construed and could include, in certain circumstances, persons who provide services to registered brokers, thereby requiring a programmer to register as a broker. In the same vein, the definitions of an investment adviser and dealer are similarly broadly construed such that providing services in the context of investment advice (which might implicate adviser registration requirements) or proprietary trading (which might implicate dealer registration requirements) should be evaluated on a case-by-case basis. And to the extent a person must register as a broker, dealer, and/or investment adviser, such registration comes with additional regulatory requirements and oversight.
At the open SEC meeting during which the new dealer rules were adopted (see 8.3 Regulatory Distinction Between Funds and Dealers), SEC staff, when questioned directly about the potential for enforcement against AMMs, left open the possibility that software developers behind the development of AMMs may be swept up by the new rules.
The regulations applicable to DeFi in the USA depend upon the nature of the DeFi entity’s business operations. Such regulations may include federal and state money transmission laws, and SEC oversight. The regulation of DeFi generally remains quite uncertain as discussed in 12.8 Impact of Regulation on “DeFi” Platforms.
No information is available in this jurisdiction.
No information is available in this jurisdiction.
No information is available in this jurisdiction.
The fundamentals of the insurance underwriting processes used by insurtech companies do not differ materially from those used by legacy insurance companies. However, insurtechs have developed systems to obtain relevant information and to evaluate what that information means about an insured risk more quickly and efficiently than the traditional methods used by legacy insurers. Techniques include on-line underwriting, use of drones to obtain data that can be evaluated in real time, parametric risk assessments and AI.
Underwriting is generally not regulated, either with respect to insurtechs or legacy insurers, other than prohibitions against unfair discrimination between otherwise similar risks. However, regulators are exploring standards to regulate the use of big data and AI to ensure that their use does not result in unfair discrimination. For example, regulators are evaluating how to determine if AI-based underwriting involves inherent bias that would constitute unfair discrimination. The National Association of Insurance Commissioners has developed a draft bulletin for state insurance departments to use in this context.
Different types of insurance are treated differently in essentially every aspect of their respective businesses across the entire insurance business spectrum, including different standards related to marketing, sales, underwriting, pricing, financial requirements, reserving, reinsurance, claims handling, etc. There are, however, no material differences with respect to any of these areas as between insurtechs and legacy companies.
Regtech providers are not regulated directly if the business solely develops and aids with the implementation of software solutions, data analytics, and automation tools to enhance regulatory compliance processes and reporting requirements (as opposed to providing regulated products and services directly to customers). Instead, most regtech providers are governed by contractual obligations which may include requirements to ensure compliance with financial law and regulation thereby making the regtech providers contractually obligated to support the customer’s legal and regulatory obligations.
See 2.7 Outsourcing of Regulated Functionsfor a discussion of outsourcing regulated functions.
See 11.1 Regulation of Regtech Providers.
The financial services industry is invested in testing the use of blockchain technology to address enhanced transaction security and transaction record integrity and auditability. Most traditional financial services industry players lean toward the use of centralised, permissioned platforms as opposed to decentralised platforms.
In addition, traditional players are working on solutions to use blockchain to streamline various financial processes, such as payments, settlements, real estate property recording and other forms of record-keeping by automating certain financial processes through smart contracts including for loan transactions, insurance claims and trade settlements.
As an initial matter, blockchain activities, depending on the activity, may be regulated by one or more regulatory bodies, both at the state and federal level. These regulatory bodies often operate somewhat independently, and their jurisdiction can be both unclear and possibly overlapping.
In general, US regulators have been particularly hostile to and critical of blockchain technology, though the degree and nature of hostility and criticism differs by type of regulator. Leading the charge has been the SEC, which has asserted that most if not all cryptocurrencies constitute securities within their regulatory ambit while simultaneously impeding efforts by industry players to comply with securities regulations. Commodities regulators (primarily the CFTC) and banking and other financial regulators have proven more willing to work with certain players, in particular cryptocurrency futures exchanges, to allow these activities subject to regulation. That said, the regulation of certain products and activities, including stablecoins and DeFi generally, remains quite uncertain.
See 7. Marketplaces, Exchanges and Trading Platforms for a discussion of virtual currency.
State regulators vary in their support for or hostility to blockchain technology and industry. Some state regulators have been supportive and encouraged blockchain businesses to locate in their state and provided workable regulatory frameworks for the activities of the business. Other states have been hostile, materially restricting the blockchain industry activities that may be conducted there, imposing strict registration requirements, and bringing enforcement actions based on activities permitted in other states.
Greater regulatory clarity and co-ordination might come in the future from at least two sources. First, as regulators bring enforcement actions, courts have to weigh in and are the ultimate arbiters of regulatory authority. This process is still quite early, with trial courts providing a growing number of rulings that will eventually be reviewed and revised by appellate courts and ultimately the Supreme Court. Second, various legislative proposals are working their way through state and federal legislatures. Many of these are designed to provide greater regulatory clarity and co-ordination between the various bodies. That said, the US legislative process is slow and cumbersome, and it is not clear that the passage of any actual legislation is imminent.
Multiple state legislatures have adopted amendments to the state adoption of the Uniform Electronic Transaction Act (UETA) to specifically include blockchain and other DLTs within scope, recognising the enforceability and admissibility of smart contracts and other blockchain-based records.
Most of the regulatory focus over the past several years has been on attempts to define and classify the underlying digital asset as a means to establish regulatory jurisdiction. Is the asset a security, is it a commodity, a currency, a piece of art, an intellectual property right, none of the above, or all of the above? Can this classification change at different points in the digital asset’s lifecycle? In some cases, the focus of the regulators was on the activity being conducted – ie, is the platform engaged in lending, issuing, exchanging, trading, or dealing the asset? Determination of the classification of the digital asset and the activity has been necessary to establish the regulators’ asserted jurisdiction over the asset, the activity, and the transactions.
Accordingly, US regulation targets activities concerning certain assets. While not an exhaustive list, the main activities regulated at the federal level are the following.
These are not exclusive categories.
In the USA, the sale or distribution of virtual currency is a regulated activity and is generally considered money transmission, an activity that requires registration with federal regulators (FinCEN) as well as state regulators where required. Note that the activity regulated is generally sales to US persons (including organisations) or persons located in the US, even if the seller or distributor is located abroad.
To the extent that the blockchain assets constitute securities (and the Chair of the SEC has said repeatedly that virtually all cryptocurrencies constitute securities), initial sellers or distributors must either register the sale with the SEC or conduct the sale pursuant to one or more exemptions to the registration requirement (typically by selling only to wealthy, institutional buyers or by selling only abroad). To date, the SEC has made it very difficult and uncertain to register a sale of cryptocurrency, and only a very small number of issuers have been able to do so, with limited subsequent trading. It is unclear whether registration remains a viable option for initial sale or distributions of cryptocurrency.
Currently the SEC has sued several major blockchain asset trading platforms (Coinbase, Binance, and Kraken) for securities law violations arising from claimed failure to register as exchanges, brokers and clearing agencies under the US securities laws. To the extent that the SEC is successful, blockchain asset trading platforms will be required to register and become subject to the vast array of SEC rules and regulations that apply to such activities. As brokers, they will also be required to join FINRA and become subject to FINRA rules.
Separately, there are some blockchain asset trading platforms that have registered as alternative trading systems (ATS) under US securities laws. The ATS must comply with Regulation ATS and must be registered as a broker-dealer be operated by a registered broker dealer (unless it is an SEC-registered exchange or a bank). Regulation ATS has complex requirements including investor protection and reporting rules. FINRA rules also apply to the broker dealer operating the ATS. Thus far the activity of these ATSs appears limited both in scope and size, and the vast majority of crypto-asset trading occurs on centralised and decentralised trading platforms that have not registered with the SEC.
Please also refer to further discussion in 7. Marketplaces, Exchanges and Trading Platformsand 12.7 Virtual Currencies regarding virtual currency and virtual currency exchanges.
In the US, funds are regulated based on the types of assets held by the funds. To the extent that the fund is primarily engaged in the business of investing in securities, it is regulated by the SEC. To the extent that the fund is organised to invest in commodities futures, swaps, options, or derivatives, it is regulated by the CFTC.
Both the SEC and CFTC regulations require registration of both funds and their advisors as well as compliance with various regulations, which are non-trivial undertakings. That said, there are many exemptions to the registration requirements (which differ by agency) for funds and advisors that meet certain criteria, such as limitations on size, investor composition, and asset composition. Funds that invest in blockchain assets typically structure the fund to meet one or more exemptions to avoid extensive registration and compliance requirements.
Note that the fund interests themselves (what investors purchase) are considered securities, typically issued only to accredited investors and institutions pursuant to an exemption from the securities registration requirements.
The term “virtual currency” is one used by money and banking regulators to describe a money-like representation of value. Certain activities concerning virtual currencies, most notably transmission and trading, are subject to regulation by federal and state money and banking regulators. Cryptocurrencies are generally considered to be virtual currencies.
Note that this term is not used by securities and commodities regulators to define their jurisdiction, so virtual currencies typically also constitute commodities or possibly securities.
See 7. Marketplaces, Exchanges and Trading Platforms for further discussion.
In April 2023, the US Treasury Department published a risk assessment titled “Illicit Finance Risk Assessment of Decentralized Finance”, in which it explained that the term “DeFi” broadly refers to virtual asset protocols and services that “purport to allow for some form of automated peer-to-peer (P2P) transactions, often through the use of self-executing code known as ‘smart contracts’ based on blockchain technology”; however, Treasury also asserted that there is “currently no generally accepted definition of DeFi, even among industry participants, or what products make a product, service, arrangement or activity decentralized”.
Furthermore, the risk assessment (i) explored how illicit actors abuse DeFi services and AML/CFT vulnerabilities unique to DeFi, and (ii) undertook to identify and address potential gaps in the US AML/CFT regulatory, supervisory and enforcement regimes for DeFi.
Treasury made clear, however, that whether an entity is a regulated financial institution depends on the actual specific facts and circumstances surrounding its financial activities, regardless of whether the service is centralised or decentralised. Also, whether a service claims that it is or plans to be “fully decentralised” does not impact its status as a financial institution under the BSA. Treasury also believes that DeFi services often, in reality, have a controlling organisation that provides a measure of centralised administration and governance.
In light of these findings and recent enforcement actions against purportedly decentralised actors such as Tornado Cash, DeFi industry participants should anticipate US and international regulation designed to close regulatory gaps and require strengthened controls in support of AML and CFT.
While the SEC has not defined “decentralised finance” it takes the position that at least some DeFi products and activities are subject to US securities laws and, as discussed in 12.2 Local Regulators’ Approach to Blockchain, has set forth views on the applicability of US securities laws to DeFi in its proposed amendment to the definition of “exchange” under the Exchange Act, making DeFi platforms more likely targets of regulatory enforcement. As set forth above, the extent to which DeFi products and platforms are subject to SEC and CFTC regulation remains unsettled and is ultimately a question for courts to resolve.
Based on recent risk assessments undertaken by the US Treasury Department (and the Financial Action Task Force), from an AML perspective, NFT collectible trading platforms do not appear to be financial institutions subject to the BSA or state money transmission laws. Rather, whether NFT collectible trading platforms will be regulated as money transmitters depends on if the NFTs themselves are considered currency or a substitute for currency (or rather as a digital collectible or functional token), as well as how the NFTs are marketed and sold. To-date, regulators in the US do not appear to have widely taken the position that NFT collectibles are regulated financial products (virtual currency, securities or commodities) or that NFT collectible trading platforms are engaging in regulated activity.
However, in August and again in September 2023, the SEC brought enforcement actions alleging that certain NFT collectibles constituted securities. In each case, the SEC evaluated the way that the NFT was marketed to purchasers and concluded that the NFTs at issues were investment contracts under the “Howey test”. The Howey test requires that there be (i) an investment of money, (ii) in a common enterprise, (iii) with the reasonable expectation of profits, (iv) derived from the efforts of others. It remains unclear how much the SEC will expand its efforts on this front or how courts would respond if challenged.
Open banking allows third-party developers to access financial data in traditional banking systems through APIs mandating standardised data formats and secure communication protocols. The APIs facilitate the secure exchange of financial information between banks and authorised fintechs – effectively decentralising financial services. The US regulations applicable to financial institutions regarding privacy and data security continue to apply to open banking – resulting in the financial institution requiring the fintech’s compliance with such regulations through contractual obligations in the financial institution’s terms of service or other contract with the fintech allowing the fintech access to such APIs.
As part of permitting access to the accounts and data of banking customers, financial institutions, fintechs, and third-party data aggregation platforms providing open banking services usually enter into contracts to address various issues related to the risks and responsibilities associated with data security and privacy. The issues covered customarily include and are not limited to the following:
The contract provisions can be complex, and negotiations over the specifics are frequently protracted and expensive. As a result, there have been calls for regulators, such as the CFPB, to “normalise” or set minimum standards or guidelines for the relationships among the parties. The CFPB has published a Proposed Rule on Personal Financial Data Rights implementing Section 1033 of the Consumer Financial Protection Act of 2010, and requested comments on the Proposed Rule, which were due at the end of 2023. To date, however, the Proposed Rule has not been finalised. According to the CFPB: “The proposed rule would require depository and non-depository entities to make available to consumers and authorized third parties certain data relating to consumers’ transactions and accounts; establish obligations for third parties accessing a consumer’s data, including important privacy protections for that data; provide basic standards for data access; and promote fair, open, and inclusive industry standards”.
There are generally four elements that must be present to establish financial fraud in the USA:
Regulators have historically focused generally on fraud schemes with respect to digital assets, such as Ponzi schemes, romance schemes and SIM card hacking.
One Atlantic Center
1201 West Peachtree Street, Suite 2900
Atlanta, GA 30309-3449
USA
404 784 6021
trina.bazarte@us.dlapiper.com www.dlapiper.com