Crypto has made “non-compliance . . . [its] business model,” at least according to U.S. Securities and Exchange Commission (SEC) Chair Gary Gensler. With that belief pervasive among the regulators primarily tasked with regulating securities in the United States, it is no surprise that enforcement actions involving cryptocurrencies are at an all-time high.
In just a few years, we have watched a largely unregulated “Wild-West” be transfigured into a central focus of for the SEC, and, to a lesser extent, the Commodities and Futures Trading Commission (CFTC) and Department of Justice (DOJ).
Ethan G. Ostroff and Michael S. Lowe are partners and Samuel F. Rogers and Brett E. Broczkowski are associates for national law firm Troutman Pepper.
Make no mistake, these regulators have not hidden the ball, at least with respect to their appetite for enforcement efforts. They have taken steps to ensure their efforts against the leading crypto players are widely received, including going after household-name celebrities who regulators maintained could have misled investors or illegally promoted cryptocurrency. These enforcement actions have garnered mainstream media attention with some resolved through multi-million-dollar settlements.
Perhaps the most surprising aspect of these enforcement actions, however, is how they have been brought to task. One might expect a new wave of tough legislation aimed at regulating cryptocurrencies and other digital assets. But you’d be wrong. Enforcement activity tells a very different tale. These enforcement actions are founded upon law that is, in some cases, 90-years-old.
As regulators continue to ramp up enforcement efforts by relying on novel interpretations of existing law, two questions arise: What is next? And what will break first, our antiquated securities laws or the crypto industry?
What’s next? Crypto wallets.
Having closely observed the actions of regulators, we envision crypto wallets and certain digital asset transactions will be the next target.
Drawing from prior federal enforcement actions and signals from these agencies in publications and notices, we anticipate that digital asset enforcement will grow in two ways: the Securities Exchange Act of 1934 (“Exchange Act”) may be interpreted to encompass regulation of crypto wallets as brokers and traditional financial institution subject to Anti-Money Laundering and Know Your Customer laws (AML/KYC) will face challenges with compliance in the digital asset space in light of tools such as mixers.
The first sphere of regulation in which we predict expansion involves the regulation of crypto wallets as brokers. This notion was first raised by the SEC in its Wells Notice to Coinbase, sent before it sued the crypto exchange. Among other allegations and assertions made in the notice and repeated in its lawsuit, the SEC alleged that Coinbase Wallet, a product that provides users self-custody over their digital assets, was operating as an unregistered broker in violation of the Exchange Act.
In response to the Wells Notice, Coinbase argued that its wallet product is nothing more than software, and it does not perform any of the traditional functions customary of brokerage activities. In particular, the Exchange Act defines a “broker” as “any person engaged in the business of effecting transactions in securities for the account of others.”
Coinbase reasons that the wallet can only be used to interface with secondary market transactions, and from Coinbase’s perspective, these secondary market transactions do not involve investment contracts, and therefore, they are not securities. Coinbase further argued that its prior receipt of a 1% fee each time the “Wallet Swap” function was used, which it no longer collects, does not change the analysis.
The SEC is not convinced. The agency sued both Coinbase and Binance alleging that the firms’ wallet services operate as unregistered broker-dealers.
The second sphere in which we predict an expansion of enforcement is heightened regulation of traditional financial institutions engaged in digital asset transactions. With increased focus on new crypto tools and services, we expect that designing, implementing and maintaining compliance systems to comply with AML/KYC laws will pose great challenges to these institutions, and therefore, it will quickly become a target for regulators.
In particular, enforcement of AML/KYC laws in the digital asset space will require these institutions to rely largely on information beyond their control. Take for example a proposed internal policy of flagging transactions where more than 10% of the value can be traced back to proceeds of a theft of assets.
Realistically, a compliance program capable of such flagging will require the cooperation of third parties well beyond the capabilities of most companies in or out of crypto.
First, the theft must be known and the wallets/coins involved must be traced and identified, whether by a government entity or a private investigative body. Then a repository must be created to maintain that information. To the extent multiple repositories of this sort are needed to track the coin flows related to many thefts and hacks, the diffusion only makes the problem more expensive to solve. Finally, once a company that wants to screen for illicit and problematic transactions, it must screen the data against each and every transaction, flagging those that are problematic.
At every step besides the last, the financial institution must rely on the work of others to generate the inputs that help drive the compliance program. This decentralization makes compliance costly, both in terms of time and money.
The landscape of crypto enforcement is rapidly expanding, and it has left some institutions feeling bamboozled by regulators. Citing a lack of “regulatory clarity,” Coinbase CEO Brian Armstrong said during Fintech Week in London that “anything is on the table, including relocating or whatever is necessary.” It is not hard to imagine that most crypto market participants agree with Armstrong when he says, “[w]e just want a clear rulebook.”
But rather than create a clear set of rules to regulate the crypto space, the various federal agencies tasked with regulating have instead relied on novel interpretations of decades old laws, which, at their inception, could not have contemplated the very technology upon which digital assets rely.
In some ways, it begs the question: Have the crypto market participants really made their business model one of “noncompliance,” or perhaps is the apparition of noncompliance merely a byproduct of regulatory confusion?
While we wait for the rulebook, investors and exchanges should work with legal compliance teams to ensure that their transactions will fall in line with the ever-differing interpretations of the federal securities laws and banking regulations and their application to the cryptocurrency industry. Each transaction presents unique regulatory hurdles created by the federal agencies’ insistence on applying decades-old laws to a rapidly-evolving industry.