On August 9, 2021, the SEC issued a cease-and-desist order against digital asset exchange Poloniex, Inc. for allegedly operating an unregistered exchange in violation of Section 5 of the Exchange Act in connection with its operation of a trading platform that facilitated the buying and selling of digital asset securities.[1]

In the cease-and-desist order, the SEC alleged that Poloniex met the definition of an “exchange” because it “provided the non-discretionary means for trade orders to interact and execute through the combined use of the Poloniex website, an order book, and the Poloniex trading engine.”  The SEC also found, based on internal communications, that Poloniex decided to be “aggressive,” ultimately listing token(s) it had internally determined carried a “medium” risk of being considered securities under the Securities Act of 1933 pursuant to the test set forth by the U.S. Supreme Court in SEC v. W.J. Howey.[2]  However, the SEC did not identify what digital asset(s) it determined were securities nor why, simply stating that Poloniex facilitated trading of “digital assets that were investment contracts and therefore securities.”

Without admitting or denying the SEC’s findings, Poloniex agreed to the entry of the order and a payment of $10,388,309 in disgorgement, prejudgment interest, and a civil penalty.

Takeaways

  • The action highlights the SEC’s heightened focus on and prioritization of regulating digital asset products and emerging industry players that the agency believes may not have abided by certain requirements of the federal securities laws. In its July 2017 DAO Report, the SEC warned that offers and sales of digital assets are subject to federal securities laws and stated that “any entity or person engaging in the activities of an exchange must register as a national securities exchange or operate pursuant to an exemption from such registration” such as the exemption for alternative trading systems.[3]  The cease-and-desist order only covered the period from the publication of the DAO Report until the company was sold in November 2019, even though Poloniex began operating in 2014.
  • The SEC provided no guidance, however, about which digital assets it deemed to be securities, suggesting that it will continue to take a cautious approach to classifying particular digital assets. At the same time, SEC Commissioner Hester M. Peirce reiterated her ongoing concern over lack of legal clarity for crypto exchanges.[4]  She pointed out in her dissent that, during the time period in question, it would have been inefficient for Poloniex to register as an exchange (or a broker-dealer to operate an alternative trading system).[5]  She argued that the SEC was “moving very cautiously with respect to regulated entities’ engagement with crypto assets,” and that registration would not have been possible as a practical matter because Poloniex would have been forced to wait for an extended period of time for any potential approval.
  • The action is an indication that other actions are likely to follow, as other crypto exchanges may have undertaken similar activity to Poloniex in light of the regulatory uncertainty surrounding digital assets that has prevailed in the past several years. This is consistent with SEC Chair Gary Gensler’s recent remarks and letter to Senator Elizabeth Warren stating that the SEC will actively assert jurisdiction over entities that engage in the unregistered sale of digital asset securities, particularly crypto exchanges and decentralized finance (DeFi) protocols.[6]  For example, the SEC recently issued a cease-and-desist order against Blockchain Credit Partners and its founders for unregistered sales of securities in violation of Section 5 of the Securities Act through its DeFi Money Market platform.[7]  The SEC found that the respondents misled investors concerning the platform’s operations and profitability in violation of Section 17(a) of the Securities Act, Section 10(b) of the Exchange Act, and Rule 10b-5 thereunder.

We will continue to follow regulatory developments as the SEC seeks to establish the boundaries of permissible digital asset trading and lending activity.

[1] Press Release, SEC Charges Poloniex for Operating Unregistered Digital Asset Exchange (Aug. 9, 2021).

[2] See SEC v. W.J. Howey Co., 328 U.S. 293 (1946) (finding that an investment contract exists when there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.).

[3] See Report of Investigation Pursuant to  Section 21(a) of the Securities Exchange Act of 1934: The DAO (Exchange Act Rel. No. 81207) (Jul. 25, 2017).

[4] Commissioner Peirce has previously dissented to other enforcement actions related to digital assets.  See, e.g., our analysis of Unikrn, Inc..

[5] See Public Statement by Commissioner Hester M. Peirce, In the Matter of Poloniex, LLC (Aug. 9, 2021).

[6] See Gary Gensler, Remarks Before the Aspen Security Forum (Aug. 3, 2021); See, also, Letter from Chair Gary Gensler to Senator Elizabeth Warren (Aug. 5, 2021).

[7] Blockchain Credit Partners used smart contracts on the Ethereum blockchain and DeFi technology to sell two types of digital asset tokens: (i) “mTokens” that offered 6.25% in interest and (ii) “DMG governance tokens” that offered voting rights and profit-sharing.  The profits were to come from non-digital assets, such as car loans, which Blockchain Credit Partners would obtain using the token purchaser funds.  According to the cease-and-desist order, the income from the assets was insufficient to cover appreciation of investors’ principal due to the significant price volatility of the digital assets used to purchase the tokens.  The respondents falsely claimed that the platform purchased the loans while using personal funds and funds from their separate company that actually owned the loans to cover mToken redemptions.  The SEC determined that the tokens were either (i) notes or (ii) investment contracts and therefore securities subject to registration. See Press Release, SEC Charges Decentralized Finance Lender and Top Executives for Raising $30 Million Through Fraudulent Offerings (Aug. 6, 2021).

While large financial institutions have traditionally been hesitant to enter new areas of financial products, particularly virtual assets, many more banks and companies have expressed interest in virtual currencies as cryptocurrency has become increasingly mainstream.  Given the use of such services by terrorist groups, it is important for banks and other financial institutions to consider evolving dynamics in this area.  On the one hand, one of the widely described benefits of virtual currency is the transparency and public nature of transactions since they are typically recorded in a publicly accessible blockchain, which could facilitate policing and enforcement against illicit activity.  At the same time, the relevant legal framework for combating terrorist funding creates potential areas of liability, including, in particular under the Anti-Terrorism Act (“ATA”) and the Justice Against Sponsors of Terrorism Act (“JASTA”).  These considerations are important for companies and banks that provide services related to virtual currency, but also are relevant to any company that could be the target of ransomware attacks since attackers may be sanctioned entities or have ties to terrorism and as a matter of practice demand that the ransom payment be made in virtual currency.

Please click here to read the full alert memorandum.

On February 18, 2021, the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay), a payment processor for merchants accepting digital currency as payment for goods and services, for 2,102 apparent violations of multiple sanctions programs between 2013 and 2018.[1] The settlement highlights that financial service providers facilitating digital currency transactions must not only establish sanctions compliance programs to screen their own customers but also must monitor third-party non-customer transaction information. Continue Reading OFAC Settles with Digital Currency Payment Processor for Sanctions Violations

On March 3, 2021, the U.S. Securities and Exchange Commission (“SEC”) Division of Examinations (the “Division”)—formerly the Office of Compliance Inspections and Examinations—released its 2021 Examination Priorities (“2021 Priorities”).  The 2021 Priorities generally retain perennial risk areas as the Division’s core focus, but do include several new and emerging risk areas reflecting broader policy shifts under new SEC leadership.

The 2021 Priorities include:  retail investors; information security and operational resilience; financial technology (“Fintech”), including digital assets; anti-money laundering; transition from the London Inter‑Bank Offered Rate (“LIBOR”); several areas covering registered investment advisers and investment companies; market infrastructure; and oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board programs and policies.  Although not formal priorities, the Division will also focus on climate-related risks and environmental, social and governance (“ESG”) matters in light of recent market developments and broader attention in these areas. Continue Reading Turning the Page: Highlights of the SEC’s Division of Examination’s 2021 Priorities

In December 2020, the FDIC approved a Final Rule to reframe the definition and exceptions for “brokered deposits”. Historically, the FDIC has broadly defined virtually any third party connecting a depositor with a bank as a “deposit broker” and the resulting deposits as “brokered deposits”. The Final Rule responds to long-standing industry criticisms seeking to narrow these terms. The Final Rule aims to permit substantially more deposits to be excluded from treatment as “brokered deposits” by narrowing the definition of “deposit broker” and by establishing a number of specific designated business exceptions that would automatically meet the “primary purpose” exception from the “deposit broker” definition. It is anticipated that the Final Rule will provide more flexibility for banks to enter into bank-fintech partnerships and other arrangements.

The Final Rule is effective April 1, 2021. However, entities may continue to rely on existing staff advisory opinions or other interpretations that predated the Final rule until January 1, 2022, at which point those opinions and interpretations will be moved to inactive status.

This alert memorandum discusses our key takeaways and summarizes the notable points from the Final Rule, including key modifications from the proposed rule.

On January 4, 2020, the Office of the Comptroller of the Currency (“OCC”) published an interpretive letter (the “Letter”) clarifying that national banks and federal savings associations (“banks”) may engage in and facilitate payment activities through new technological means, including serving as a node in a distributed ledger system such as those utilized by some stablecoins, facilitating customer conversion of fiat currency to or from digital currencies, and issuing stablecoins.

The Letter reasons that payment services are a core banking function, and that independent node verification networks (“INVNs”) and stablecoins are merely new means of effecting pre-existing permissible bank activities.

The letter follows other recent actions by former Acting Comptroller of the Currency Brian Brooks to clarify the authority of national banks to engage in certain digital asset activities, including the issuance of two other interpretive letters last year clarifying permissible cryptocurrency-related activities for banks (custodying digital assets and holding certain stablecoin reserves).  The Acting Comptroller, whose resignation became effective today, also spearheaded an initiative to grant national bank and national trust bank charters to fintech companies.

The Letter notes that banks “should consult with OCC supervisors, as appropriate, prior to engaging in these activities.”  This guidance, OCC precedents in expanding permissible bank activities, and the controversy surrounding recent crypto-related charter applications may lead to a deliberative approach by the OCC to banks expanding into these activities. Continue Reading OCC Affirms Authority of National Banks to Engage in Additional Cryptocurrency-Related Activities, Including Issuing Stablecoins

On September 15, 2020, the Securities and Exchange Commission issued a cease‑and‑desist order against Unikrn, Inc. concerning its 2017 initial coin offering  of UnikoinGold .  The SEC found that the Unikrn ICO violated the prohibition in Section 5 of the Securities Act of 1933 against the unregistered public offer or sale of securities.  The SEC imposed several remedies, including requiring Unikrn to permanently disable the UnikoinGold token and a civil money penalty of $6.1 million. Continue Reading SEC Issues Enforcement Action Against Unikrn, Inc. for its ICO, Prompting Rare Public Dissent from Commissioner Hester Peirce

On August 21, the Financial Crimes Enforcement Network, together with the federal banking agencies, released a statement to clarify banks’ customer due diligence obligations for politically exposed persons. The Statement affirms that (i) there is no regulatory requirement, and no supervisory expectation, for banks’ Bank Secrecy Act / anti-money laundering programs to include “unique, additional due diligence steps” for customers who are PEPs and (ii) there is no regulatory requirement for banks to screen customers and their beneficial owners for PEPs.  Instead, the Statement confirms that PEP customers should be subject to the same risk-based approach to CDD that applies to any other customer, but that PEP status (and screening for PEPs) may be a factor in developing a customer risk profile and assessing money laundering risk.  It also reminds banks of the continued U.S. national security and law enforcement interest in detecting and combatting public corruption and other criminality involving PEPs.

Please click here to read the full alert memorandum.

In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020.  The actions follow a 2019 cyber-attack against Capital One.  The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company.  The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security. Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach

On July 22, 2020, the Office of the Comptroller of the Currency (“OCC”) published an interpretive letter clarifying that providing cryptocurrency custody services to customers is a permissible activity for national banks and federal savings associations.  This letter marks an important milestone in the expansion of permissible banking activities related to digital assets. Continue Reading OCC Interpretation Opens the Door for Banks to Enter the Crypto Custody Business