Last week may not have been the best of times or the worst of times (to borrow from Charles Dickens), but it was undoubtedly a time that three United States financial services regulators issued important guidance on disparate topics. For the first time ever, the Commodity Futures Trading Commission’s Division of Enforcement issued an enforcement manual to provide insight into its policies and procedures. Separately, the Financial Crimes Enforcement Network of the US Department of Treasury released comprehensive guidance articulating when persons involved in virtual currency businesses may be acting as money transmitters and require licensing as money service businesses. Finally, the Financial Industry Regulatory Authority enumerated almost 100 different red flags potentially requiring filing of Suspicious Activity Reports by member broker-dealers with FinCEN. As a result, the following matters are covered in this week’s edition of Bridging the Week:
Termed the “Enforcement Manual,” the CFTC’s guidance is seemingly modeled after the “Justice Manual”issued by the US Department of Justice for its staff. (Click here to access the current copy of the Justice Manual; prior to 2018, the Justice Manual was known as the “US Attorney’s Manual.”) Like DOJ’s Justice Manual, the DOE’s Enforcement Manual was intended to be shared with the public.
The Enforcement Manual does not break any new ground and, according to James McDonald, DOE Director, “creates no private rights.” It is solely designed to compile in one document the DOE’s operating procedures so that they can be “readily accessible to those affected by them.” The manual may be updated from time to time.
The principal sections of the Enforcement Manual reference leads; preliminary inquiries and investigations; litigation; self-reporting, cooperation and remediation; cooperative enforcement; privileges and confidentiality; and other miscellaneous topics including ethics, record management and document control and the CFTC’s whistleblowing program.
My View: Although there are no secrets revealed in the DOE’s Enforcement Manual, it is a handy compilation of relevant DOE policies and procedures that helps explain the intricacies of the CFTC investigations and enforcement actions. The document serves a very useful purpose in that it provides laypersons (as well as practitioners) insight into what, for many, may seem an overwhelming and obtuse process.
In addressing some topics, the Enforcement Manual is exceptionally transparent, e.g., when it discusses statute of limitations and tolling agreements (“[s]ome courts have held that [a] five-year statute of limitations … applies to certain claims brought by the CFTC”) as well as a person’s right to request closing letters when staff has decided to terminate an investigation – although the manual notes the decision to grant a letter is discretionary.
Regrettably, however the Enforcement Manual does not provide sufficient color on how it generally applies its discretionary authority, as well as factors other than cooperation it considers in recommending specific sanctions in connection with settlements, particularly the amounts of fines.
For example, no insight is provided in the Enforcement Manual regarding the circumstances where the DOE Director may formally invite a potential subject of an enforcement action to submit a “Wells Submission” to try to convince the DOE not to file a case. (A party always has the right to submit a so-called “White Party” which effectively is an unsolicited Wells Submission.) Similarly, while the Enforcement Manual notes that the DOE has discretion to commence enforcement actions in a federal court or an administrative tribunal, it does not provide insight into why one or the other forum might be chosen. Moreover, there is no practical guidance set forth in the Enforcement Manual regarding the calculus behind sanctions requested in settlements.
It would have been beneficial for the Enforcement Manual to provide at least some insight into the DOE’s discretionary decision making as well as its approach toward sanctions in settlements. Maybe this will happen in Enforcement Manual 2.0. But Enforcement Manual 1.0 provides a meritorious start.
Generally FinCEN requires any person engaging in the business of money transmission or the transfer of funds, including CVC, to (1) maintain an “effective” written anti-money laundering program reasonably designed to prevent the business from being employed to help the financing of terrorist activities and money laundering and (2) register as a money service business. A firm or individual engages in money transmission, says FinCEN, when it receives one form of value (including CVC) from a person and transmits it in the same or different form to another person or location by any means. FinCEN concludes, for example, that, applying this definition, a business operates as a money transmitter when it accepts fiat currency from a person and transfers the CVC to the person’s CVC account with the business.
FinCEN defines CVC as any medium of exchange that functions like currency but does not have all the attributes of fiat currency, including constituting legal tender. FinCEN noted that, while CVC may include instruments referred to as digital currencies, cryptocurrencies and digital assets, the naming of an instrument “is not dispositive of its regulatory treatment.” Likewise, said FinCEN, it is the business model of a person engaging in activities regarding CVC that dictates obligations of money transmitters, not the “label used by industry to designate a general type of product or service.”
FinCEN’s guidance provides numerous examples of when a CVC business constitutes money transmitting and when it does not, concentrating mostly on the activities of three types of businesses: (1) wallet providers; (2) money transmission services utilizing electronic kiosks and decentralized applications; and (3) trading platforms and decentralized exchanges. The guidance also discusses money transmission engaged in connection with project fundraising, such as initial coin offerings. For all businesses, the key determining factor appears to be whether the business is touching CVC as part of a transmission, or is simply helping persons effectuate a transmission themselves. The former activity generally constitutes money transmission, the latter does not.
Separately, FinCEN also issued an advisory to aid financial institutions, including MSBs handling CVC, identify suspicious activities involving CVC. Typically financial institutions are obligated to report all suspicious activities to FinCEN. Among other things, the advisory describes how so-called “darknet marketplaces” are often interposed in many illegal activities; sets forth a list of 30 red flags of potential abuses using CVC; and identifies certain required and helpful information that should be included in all suspicious activity reports involving CVC that are filed with FinCEN. (Darknet marketplaces reference anonymized locations on the Internet that are not indexed by traditional search engines and typically require special software to access.)
Among red flags of potential suspicious activity involving CVC identified by FinCEN is a customer receiving a number of deposits from different sources in a relatively short time that in total equal the aggregate amount of funds transferred to a known virtual currency exchange; a customer’s transactions emanating from a non-trusted IP address, an IP address associated with a sanctioned jurisdiction or an IP address previously identified as suspicious; and a customer using identification or account credentials (e.g., unique password, IP address or flash cookies) employed by another account. FinCEN also noted as a red flag a customer “significantly older than the average age of platform users” opening a cryptocurrency transaction account and engaging in a large number of transactions. This behavior, suggested FinCEN, may indicate the person’s role as a “CVC money mule” or as a victim of an elderly financial exploitation scam.
In other legal and regulatory developments regarding cryptoassets:
According to Ms. Peirce, in endeavoring to help persons apply the four prongs of the so-called Howey test to determine whether particular cryptoassets might be deemed securities, Commission staff listed 38 distinct considerations “many of which include several sub-points.” (Click here to access a copy of the Supreme Court’s 1946 decision in SEC v. W.J. Howey Co.) Although she observed that “seasoned” securities attorneys might be able to successfully navigate this Scylla and Charybdis of staff guidance, she feared that non-lawyers likely could not.
Moreover, Ms. Peirce argued that the cryptoassets at issue in TurnKey Jet “so clearly did not [constitute] an offer of securities,” that discussion of the multitude of characteristics that prompted staff to conclude that the digital tokens were not securities “could have the effect of broadening the perceived reach of our securities laws.”
Ms. Peirce cautioned that the SEC’s “Jackson Pollock approach to splashing lots of factors on the canvas without any clear message leaves something to be desired.”
Mr. Zaslavskiy was charged in October 2017 with securities fraud and related offenses in connection with two cryptocurrency investment schemes and their related initial coin offerings. In September 2018, the same court rejected Mr. Zaslavskiy’s motion to dismiss his criminal charges on the grounds that he was not involved in the sale of securities; the court held that the government’s complaint alleged sufficient facts demonstrating that the relevant cryptoassets were investment contracts under applicable legal precedent (i.e., (1) an investment of money, (2) in a common enterprise with (3) the expectation of profits (4) solely from the efforts of a promoter or third party).
In his sentencing memorandum to the court, Mr. Zaslavskiy requested probation on the grounds that he has remitted all funds he received from customers in connection with his initial coin offerings except for funds automatically taken by Amazon to pay for advertising for the relevant cryptoassets. (Click here for background regarding Mr. Zaslavskiy’s criminal and SEC civil actions in the article “Brooklyn Federal Court Rules ICO-Issued Digital Assets Could Be Securities” in the September 16, 2018 edition of Bridging the Week.) The government will respond to Mr. Zaslavskiy's sentencing memorandum by May 15.
Compliance Weeds: FinCEN’s guidance fairly attempts to provide practical guidance to help persons engaging in businesses touching CVC to understand better whether they may have to register as an MSB. However, the guidance leaves uncertain a few important matters.
Generally, persons engaged as money transmitters of CVC must register as MSBs with FinCEN. However, this requirement does not apply to persons “functionally regulated or examined” by the Securities and Exchange Commission or the Commodity Futures Trading Commission. However, it is not clear what the word “functionally” references. In the case of the CFTC, all registrants and persons required to be registered are overseen and potentially examined by the Commission. Moreover, regarding virtual currencies, “[t]he CFTC’s jurisdiction is implicated when a virtual currency is used in a derivatives contract, or if there is fraud or manipulation involving a virtual currency traded in interstate commerce.” However, the CFTC has made clear that it does not “oversee ‘spot’ or cash market exchanges and transactions involving virtual currencies that do not utilize margin, leverage, or financing.” (Click here to access the CFTC’s LabCFTC’s 2017 primer on virtual currencies; click here to access NFA Interpretive Notice 9073 regarding disclosure requirements for National Futures Association members engaging in virtual currency activities.) The new FinCEN advisory is silent as to FinCEN’s view of the meaning of “functionally” in the context of the CFTC's position.
Similarly, in a prior guidance, FinCEN made clear that a company purchasing and selling virtual currency, including paying and receiving the like amount of fiat currency to and from counterparties, for its own account, is not engaged in a money transmitter business. (Click here to access FIN-2014-R002.) This would seem to preclude a dealer of CVC from having to register as an MSB. However, the same prior guidance notes that if a firm were to provide services to others as a business that involved accepting and transmitting CVC or exchanging CVC for fiat currency or another CVC, “additional analysis would be necessary to determine the Company’s regulatory status and obligations with respect to such activity.” This distinction presents a blurry line that is treacherous to navigate. The new FinCEN guidance, particularly its discussion of P2P exchanges, provides no focus regarding this distinction, and the addressing of this topic solely by dropping a footnote referencing FinCEN’s prior guidance (see fn 52) does not advance certainty.
Finally, it is important that issuers and intermediaries of stablecoins review this new FinCEN guidance. In it, FinCEN makes clear that money transmission could include “the issuance and subsequent acceptance and transmission of a digital token that evidenced ownership of a certain amount of a commodity, security or futures contract” that serves as a substitute for fiat currency. Curiously, FinCEN also writes that money transmission may occur when a person who is not exempt from MSB status “issues or employs commodities, securities or futures contracts by themselves as value that substitutes for currency in money transmission services.” The meaning of this phrase in the context of SEC and CFTC registration requirements is unclear.
Importantly the triggers for registration as an MSB with FinCEN are parallel to the triggers for registration as a money transmitter (or something equivalent) in most states. However there is no uniformity among states’ requirements.
Compliance Weeds: SAR reporting requirements apply not only to BDs but also to Commodity Futures Trading Commission-registered futures commission merchants and introducing brokers. (Click here for background.)
Not only traditional red flags of potential money laundering must be reported as suspicious activities to FinCEN, but also certain cybersecurity breaches and potential breaches.
In October 2016, FinCEN issued an advisory stating that covered financial institutions must file a suspicious activity report following certain cyber-events. Mandatorily reportable incidents are those where a financial institution is targeted by a cyber-event where it knows, or has reason to suspect, the event “was intended, in whole or in part, to conduct, facilitate, or affect a transaction or series of transactions” that involves or aggregates or could involve or aggregate to US $5,000 or more in funds or other assets. It would not matter whether the transaction or series of transactions ended up actually occurring. (Click here for details regarding this FinCEN advisory in the article “FinCEN Issues Advisory Saying Cyber Attacks May Be Required to Be Reported Through SARs” in the October 30, 2016 edition of Bridging the Week.)
Recently, FINRA fined LPL Financial, LLC, a broker-dealer, US $2.75 million for not reporting as suspicious activities to FinCEN unsuccessful attempts by third parties to gain unauthorized access to customers’ email or brokerage accounts. According to FINRA, LPL mistakenly believed that only successful hacking incidents were subject to SAR reporting and advised its employees accordingly; however, this understanding was incorrect. As a result, FINRA concluded that LPL failed to investigate and file over 400 SARs with FinCEN from January 1, 2013, through May 31, 2016. (Click here for further details in the article “Broker-Dealer Fined US $2.75 Million by FINRA for Breakdowns in AML Program and Customer Complaint Reporting” in the November 4, 2018 edition of Bridging the Week.)
For further information:
CFTC Division of Enforcement Issues First Guide to Activities and Overview of General Policies and Procedures:
CFTC Sues Former Trader Previously Charged Criminally for Falsely Inflating Natural Gas Futures and Physical Trades:
Defendant Convicted of Securities Fraud in Connection With Cryptosecurity Offer and Sales Asks for Leniency in Sentencing:
FinCEN Publishes Guidance for Businesses Engaging in Virtual Currencies and Indicia of Illicit Cryptocurrency Activity:
FINRA Enumerates 97 Red Flags Potentially Justifying SAR Filing:
Nonmember Settles CME Spoofing Allegations:
SEC Crypto Guidance Employing Jackson Pollock Techniques Too Cryptic Says Commissioner Hester Peirce:
SEC Proposes Rules to Enhance Cross-Border Security-Based Swap Requirements:
Whistleblower Receives US $1.5 Million From CFTC for Providing Original Information Helping Enforcement:
The information in this article is for informational purposes only and is derived from sources believed to be reliable as of May 11, 2019. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made. Views of the author may not necessarily reflect views of Katten Muchin or any of its partners or employees.