Understanding the Regulatory Landscape of Crypto: Part 1

Understanding the Regulatory Landscape of Crypto: Part 1
10/18/2022

Welcome back to our 2022 regtech series, where we trace the evolution of regtech adoption in financial services and the legal industry, the regtech funding market, and specific strengths and weaknesses of regtech. In our last post, we discussed the here and now of crypto and decentralized finance (DeFi). Here, we’ll start to survey the detailed, and often confusing, regulatory landscape of crypto and DeFi.

In the Beginning, There Were Initial Coin Offerings (ICOs)

On July 25, 2017, the SEC (Securities and Exchange Commission) issued an Investor Bulletin: Initial Coin Offerings to make investors aware of the potential risks of participating in ICOs. The SEC noted that virtual coins and tokens were being issued, via distributed ledger or blockchain technology, to raise capital. It noted that some of the tokens were issued with the expectation of an investment return (i.e., an investment contract). Without providing much detail, the SEC said the coins or tokens sold in ICOs might be securities.

On the same day, the SEC issued a Report of Investigation under Section 21(a) of the Securities Exchange Act of 1934, describing its investigation of the DAO (Decentralized Autonomous Organization), the issuer of DAO tokens. The SEC determined that the DAO tokens were securities and their sale needed to comply with federal securities laws. The DAO tokens were sold for the purpose of using the proceeds to invest in “projects” (i.e., crowdfunding contracts). Token holders would share in the profits of these projects. After selling tokens worth $150 million, but before the platform could fund a single project, a hacker stole one-third of the DAO’s assets (ugh!) and the SEC launched its investigation.

The creators of the DAO made the mistake of talking about DAO tokens like securities. The DAO would create “crowdfunding contracts” to raise capital for crypto firms. In return, token holders would get a “reward,” like “buying shares in a company and getting…dividends.” By purchasing DAO tokens, investors would get voting and ownership rights in the decentralized autonomous organization (the DAO), giving them the right to select which projects to fund (like an investment club). Holders could sell their tokens in a secondary market, which the DAO expected to—and did—develop, over time. All transactions were in Ethereum, and the projects would be on the Ethereum blockchain. The cyberattack stole one-third of the DAO’s assets and was remedied by a “hard fork” in the Ethereum blockchain that essentially reversed all transactions back to the point of attack.

At the conclusion of its investigation, the SEC determined that the DAO tokens were securities and that the “foundational principles of the securities laws apply to virtual organizations or capital raising entities making use of distributed ledger technology.” The SEC’s legal analysis stated that Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act define securities to include investment contracts. An investment contract is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. This is the famous Howey Test. But note that it requires an “investment of money.” The question arose whether investments in cryptocurrencies constituted an investment of money; the SEC determined that they did and that the DAO token holders had a reasonable expectation of profits derived from the managerial efforts of others.

Since the DAO tokens were securities, the SEC found that the issuance of these tokens was the sale of a security that must be registered or qualify for a registration exemption. Further, the SEC determined that the platforms that traded DAO tokens needed to register as securities exchanges or qualify for an exclusion.

Then Came Bitcoin Futures Contracts

In October 2017, the CFTC (Commodity Futures Trading Commission) approved the listing of Bitcoin futures contracts on the Chicago Board of Options Exchange (CBOE) and Chicago Mercantile Exchange (CME). CBOE launched its Bitcoin futures in December 2017 but discontinued the service in March 2019. The CME launched Bitcoin futures in December 2017 and Bitcoin options in November 2019, and Ether futures in February 2021. Nasdaq added Bitcoin futures contracts in 2018. In those same years, the SEC launched 18 enforcement actions against crypto firms.

The question arose whether cryptocurrencies and digital assets were securities, commodities, or something else. The SEC, through its Howey analysis, was pushing hard for jurisdictional ownership over ICOs and other digital assets. But the CFTC’s granting of crypto-related futures contracts gave it a claim to oversight too. Of course, it’s the Federal Reserve that regulates currencies in the United States, but let’s not let too many cooks in the kitchen. The problem with defining cryptocurrencies and digital assets as commodities is they don’t resemble what we traditionally view as commodities (e.g., oil, wheat, pork bellies, gold, etc.). Traditional commodities are natural products that are consumed through manufacturing, processing, or eating.

Some commentators argued that cryptocurrencies and digital assets are licenses, like intellectual property, not securities or commodities. But cryptocurrencies and digital assets don’t grant a license to the blockchain underlying the coin or token. Rather, coins and tokens grant access to a network.

Over the next few years, the SEC and CFTC made minimal strides to develop a regulatory framework. In June 2018, William Hinman, then Director of Corporation Finance, suggested that Ether was no longer a security because of the diverse use of the Ethereum blockchain. Then Chairman Jay Clayton seemed to agree that digital assets could, at some point, no longer meet the Howey definition of an investment contract.

On February 6, 2020, Hester Pierce (aka Crypto Mom) formally proposed a “Token Safe Harbor” for crypto and digital assets. She proposed a three-year grace period to let a digital asset project launch and grow. Under the proposal, for the first three years of a coin, token, or digital asset's existence, the SEC would only apply the anti-fraud provisions of federal securities laws. After three years, the SEC would evaluate whether the network was mature and sufficiently decentralized before the coin, token, or digital asset is deemed a security. The rest of the commissioners declined to take up Crypto Mom’s cause and the proposal went nowhere. In her speech Running on Empty: A Proposal to Fill the Gap between Regulation and Decentralization, Pierce argued that while the definition of a security applies to some coins or tokens, it does not apply to all of them. She argued the “security” analysis should “focus on the objective nature of the thing offered to the purchasers.” Commissioner Pierce noted that the SEC’s position created challenges for startup networks, that “no registered offering of tokens” and that most offerings were relying on exemptions for private offerings to accredited investors. She noted this was partly due to the cost of complying with registered offerings or certain unregistered offerings, such as Regulation A+ offerings.

Crypto Mom’s proposal had three parts: exempting (1) the offer and sale of tokens from the provisions of the Securities Act other than the anti-fraud provisions, (2) the tokens from registration under the Exchange Act, and (3) persons engaged in certain token transactions from the definitions of “exchange,” “broker,” and “dealer” under the Exchange Act. To qualify for this trifecta exemption, the initial development team would need to meet five conditions.

  1. The team must intend for the network on which the token functions to reach network maturity—defined as either decentralization or token functionality—within three years of the date of the first token sale and undertake good faith and reasonable efforts to achieve that goal. 
  2. The team would have to disclose key information on a freely accessible public website. 
  3. The token must be offered and sold for the purpose of facilitating access to, participation in, or the development of the network. 
  4. The team would have to undertake good faith and reasonable efforts to create liquidity for users. 
  5. The team would have to file a notice of reliance.

Unfortunately, the Commission never took up Commissioner Pierce’s proposal. Instead, the Commission pushed forward with its enforcement agenda.

The Ripple Effect

On December 22, 2020, the SEC sued Ripple Labs and two of its executives for conducting an unregistered, ongoing digital asset securities offering. The complaint alleged that since 2013, the firm had raised over $1.3 billion through the unregistered sales of XRP and that the offering did not satisfy any exemption from registration requirements under the Securities Act. In response, Ripple suggested that it might exit all U.S. operations if the SEC is successful in its lawsuit. The SEC’s lawsuit caused Ripple to cancel its planned initial public offering.

A few months later, Ripple used documentary evidence of Director William Hinman’s speech made in 2018, which stated that Bitcoin and Ether were not securities, a statement that the SEC rejected. The SEC even suggested that Mr. Hinman should not have made the speech given his economic interests in Bitcoin and Ether.

In December 2021, Empower Oversight, a nonprofit government watchdog, filed a lawsuit against the SEC, arguing that Mr. Hinman received millions of dollars in compensation from his former employer—law firm Simpson Thacher—which had substantial interests in Enterprise Ethereum. The lawsuit alleges that Mr. Hinman’s speech caused an increase in the price of Ether, which benefited him and his former employer.

The SEC was not the only regulator to use enforcement proceedings as a means of regulating digital assets. On October 15, 2021, the CFTC fined Tether, a stablecoin issuer, $41 million for misstating its reserves, which were reportedly backed by fiat currency. Tether, then the largest stablecoin in the United States, claimed that its coins were backed by corresponding fiat assets, including U.S. dollars and euros. The CFTC determined that Tether could only back 27.6 percent of its tokens in circulation. (The CFTC simultaneously fined Bitfinex $1.5 million for illegal transactions and violating a prior CFTC order.) A separate investigation by the state of New York’s Attorney General (NYAG) found that at times, Tether had no reserves to back its stablecoins.

With the CFTC, SEC, and NYAG all going after crypto firms, Congress finally realized that it might want to establish comprehensive legislation around digital assets; it didn’t. A Presidential Working Group Report on Capital Markets urged Congress to pass legislation subjecting stablecoin issuers to agency supervision and enforcement; it also called for stablecoin issuers to be regulated as depository institutions.

Instead of passing comprehensive legislation, on November 15, 2021, Congress passed, and President Biden signed, the Infrastructure Investment and Jobs Act (the Infrastructure Bill), which provided over $1.2 trillion in infrastructure funding. Oddly, it also authorized the U.S. Treasury Department and Internal Revenue Service to establish tax reporting rules for cryptocurrency transactions starting in 2023. So while Congress wasn’t interested in developing comprehensive legislation for digital assets, it clearly wanted to tax the increasingly valuable amount of crypto-related transactions.

The Information Reporting for Brokers and Digital Assets was intended to help the U.S. government collect additional tax revenue to pay for the huge spending bill. The bill required brokers to report digital asset transfers and bolstered Know Your Customer (KYC) requirements for brokers. It also required businesses and exchanges to report when they receive more than $10,000 in cryptocurrency. The Infrastructure Bill defined a digital asset broker as “any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person.” The definition captures U.S.-based cryptocurrency exchanges and banks that offer digital assets to customers. The definition also covers foreign firms that offer similar services to U.S. investors. Some worried that miners would be caught in the definition, although the U.S. Treasury said its regulations would not apply to such firms.

The most immediate impact of the bill was the retreat of foreign firms from the U.S. market. These firms did not want to update their KYC processes or adhere to U.S. tax regulations. As a result, many barred U.S. investors from participating in their platforms. Given that many of the largest crypto exchanges are located outside the United States, the retreat made it difficult for U.S. investors and money managers to access digital assets.

In our next blog post, I’ll continue coverage of the 2022 regulatory landscape of crypto and what this means for investors. Stay tuned and reach out to our team if we can help you navigate the crypto space.

This post is part of a series originally published by FinTech Law.