In the final episode of this series, Ethan, Addison, and Trey discuss federal digital asset-related bills and developments from 2023, along with two Office of Foreign Assets Control (OFAC) consent orders involving digital asset exchanges.
In the final episode of this series, Ethan, Addison, and Trey discuss federal digital asset-related bills and developments from 2023, along with two Office of Foreign Assets Control (OFAC) consent orders involving digital asset exchanges.
The group discusses the Economic Report of 2023 issued by the White House, which contained a 35-page chapter dedicated to digital assets and distributed ledger technology. The report underscored the potential benefits and risks of digital assets, leading to a consensus on the need for federal legislation to address regulatory gaps. The conversation then shifts to the bipartisan Responsible Financial Innovation Act (RFIA), which aimed to bolster consumer protection in the digital asset industry and crowned the Commodity Futures Trading Commission (CFTC) as the primary regulator. Ethan, Addison, and Trey also analyze the Financial Innovation and Technology for the 21st Century Act, which, like the RFIA, sought to delineate regulatory authority over the digital asset market between the CFTC and the Securities and Exchange Commission.
The episode concludes with a discussion on the OFAC consent orders against Binance and CoinList.
The Crypto Exchange: Will Resiliency Carry the Digital Asset Sector Through 2024: Federal Legislative Developments and OFAC Consent Orders
Speakers: Ethan Ostroff, Addison Morgan, Trey Smith
Ethan Ostroff:
Welcome to another episode of The Crypto Exchange, a Troutman Pepper podcast focusing on the world of digital assets. I'm Ethan Ostroff, the host of the podcast and a partner at Troutman Pepper. Before we jump into today's episode, I just want to remind our listeners to visit and subscribe to our blogs, ConsumerFinancialServicesLawMonitor.com and TroutmanPepperFinancialServices.com. Don't forget to check out our other podcasts as well on Troutman.com/Podcasts.
Today, I'm joined by my colleagues, Addison Morgan and Trey Smith, to talk about the final episode of our 2023 Year in Review series. Today, we're going to be talking about some federal digital asset-related bills and developments in 2023 and talk a little bit as well about OFAC’s consent orders with two digital asset exchanges.
Addison, Trey, thanks for joining today. I thought we might just briefly talk a little bit in the context of activity on the Hill. The President's Economic Report that came out in 2023 actually had a huge chunk of space designated to talk about digital assets and DLT. One of the conclusions that I saw in that report was Fed now and a potential CBDC in the United States could help bring the financial infrastructure in the United States into the 21st century without the risks inherent in digital assets.
In other words, they talked about some of the perceived benefits of digital assets functioning as investment vehicles, decentralization, improving the financial infrastructure through things like smart contracts. But the report also seemed to be a little bearish on digital assets as well, describing them as mostly speculative investment vehicles, indicating they don't perform all the functions of currency as we normally think about it in the US compared to the US dollar, the risks of runs that exist on stablecoins that are a little bit different than traditional demand deposits, and some thoughts about digital assets being harmful to consumers and investors, potentially.
My thought was I’m interested here, but if you all had any thoughts. I mean, it seemed like the big uptake from that was there are some positives. There are a lot of potential downsides. We need federal legislation to cover some of the regulatory gaps that seem to exist. What are you all thoughts about that?
Trey Smith:
I think that's right. I mean, the truth of the matter is there's risk in everything. There's risk in securities. There's risk in any sort of speculative asset that an investor might engage in. I think you hit the nail on the head that that just underlies the need for regulation to sort of control for harms at the margin more than it does for an outright, say, ban or for widespread discounting of the technology or its utility.
Addison Morgan:
Yes. I agree with Trey, and I agree ironically with the Biden administration's report. I think right now, there's a widespread misunderstanding of kind of the inherent risk associated with digital assets, although many users often tout the perceived benefits. But I happen to agree with the administration that some federal regulatory regime is necessary just to put consumers on notice of the potential risk associated with engaging in this type of investment vehicle.
Ethan Ostroff:
It seemed like some of those regulatory gaps are the fight that's been ongoing for years now between the SEC and the CFTC and whether or not something is a commodity or security, right? What's going to happen with stablecoins being issued privately? In particular to me, one of the big things is we sort of get into our discussion about some of the legislation that was introduced on the Hill this year was concerns about complying with AML/CFT laws and regulations.
I thought we might begin our discussion by talking about the Lummis and Gillibrand Responsible Innovation Act. I believe that was introduced in 2023. Not the first iteration of this bill, right? It originally introduced in 2022. I guess, Addison, I mean, what, if anything, do we see as changes in the version that was introduced in 2023?
Addison Morgan:
Yes. You're right, Ethan. This is a reintroduction of a bill that was originally introduced in 2022. I think the senators were primarily concerned with strengthening the consumer protection-related provisions of the bill's prior iteration.
Ethan Ostroff:
Did they touch on this whole ongoing sort of turf war between the CFTC and the SEC? Or how do they handle that?
Addison Morgan:
They do. They touch on it. I think that was a primary focal point of the bill itself. So here, the senators surprisingly crown the CFTC as the head regulator of the digital asset market.
Ethan Ostroff:
Well, okay. What exactly would the bill do as far as giving the CFTC regulatory authority? How would that apply in the digital asset space?
Addison Morgan:
Under the bill, the CFTC will be responsible for regulating essentially the entire digital asset market on the spot side. They would be responsible for regulating digital asset transactions which include digital asset exchanges, so the traditional digital asset exchanges of today. Also, on the DeFi side, they would also be responsible for regulating DEXs or decentralized exchanges. Their regulatory authority would also extend to digital asset issuers, custody providers, and more.
The specific language used in the bill, just to put our listeners on notice, it states that the CFTC would have jurisdiction over an agreement, contract, or transaction involving a contract of sale of a crypto asset that is commercially fungible. So that latter phrase is very important because, as we know, NFTs or non-fungible tokens are not commercially fungible. The CFTC's regulatory authority would basically encompass all digital assets with the exception of NFTs.
Ethan Ostroff:
Okay. How did the bill then – understanding sort of the primacy placed on the CFTC under the bill being proposed by Lummis and Gillibrand, well, how do they handle the SEC's powers?
Addison Morgan:
The SEC still has power, but they are basically relegated to regulating a single asset class known as ancillary assets. The bill defines an ancillary asset as an intangible fungible asset that is offered, sold, or otherwise provided to a person in connection with purchase and sale of a security through an arrangement or scheme that constitutes an investment contract as defined by the Securities Act.
The bill essentially legitimizes the SEC's current regulatory regime under the Howey Test. So although the bill does not afford the SEC the same expansive powers as it affords the CFTC, it does kind of statutorily approve the SEC's usage of the Supreme Court's Howey Test as applied to the digital asset market.
Ethan Ostroff:
I mean, it seems like, essentially, it wouldn't change anything about how this SEC currently acts and basically saying that everything under the sun in the digital asset space comes within the Howey Test, right? I mean, it seems kind of odd the way they set this up.
Addison Morgan:
I would have to agree. I guess it does give the market participants more –just a better understanding of the guard rails because the CFTC has kind of specified powers and specified duties and obligations under the bill. But giving the SEC basically cart blanch power under the Howey Test is a weird decision. So I'll have to agree with you on that point as well.
Ethan Ostroff:
Yes. Just turning back a little bit to the bill's attempt to address consumer protection, what were some of the provisions in that bill that they added in an attempt to strengthen consumer protections?
Addison Morgan:
They add the usual categories of consumer protection provisions that we are seeing kind of across the industry, the first one being this mandatory proof of reserves. All crypto asset intermediaries, as the bill defines that group of entities. This includes all non-bank institutions that engage in digital asset transactions which would include your digital asset exchanges, et cetera. They would be required to demonstrate cryptographically verifiable possession of all consumer-provided digital assets under their custody. Just on-chain mandatory proof of reserves that consumers themselves can examine on a variety of blockchain explorers.
The second category of consumer protection-related provisions includes plain-language digital asset agreements. The standard here for all digital asset agreements under the bill is that these agreements must be written in a plain language that is easily comprehensible to customers. I think that's an important point. As I kind of alluded to earlier, this space is widely varied, and there are a lot of technicalities involved in just everyday transactions. Kind of bringing down the material and making it digestible for the everyday consumer to understand, I think that will be best for not only the consumers. But it'll also lower the potential risk of litigation for the issuers as well.
Then the last category is consumer protection standards. The customer agreements must contain clear notice of certain disclosures related to segregations of consumer assets, bankruptcy, and whether a legal title to a consumer's digital assets vest with the consumer, him or herself, or the company the maximum weight time for an intermediary to execute a transaction on behalf of a consumer. Sometimes, depending on network congestion on these blockchains, a transaction that usually may take 30 seconds to confirm may take upwards of 10 to 30 minutes. It'll be interesting to see how these digital asset exchanges kind of create a possible timeline in which transactions can take place.
The last two categories are applicable transaction fees and then the dispute resolution process.
Ethan Ostroff:
Okay. Thanks very much for breaking that down for our listeners. Trey, Addison, any final thoughts about the bill and where it might go in 2024?
Addison Morgan:
I thought the bill's restriction on which entities can issue payment stablecoins was interesting because under the bill, they limit it to depository institutions, so banks under the FDIC regulations. The requirement here is that these payment stablecoins must be backed by high-quality liquid assets at a one-to-one ratio. It’s a fascinating provision because as we know, banks currently operate under a fractional reserve model, where you don't necessarily have to have 100% of your customers’ deposits on hand in cash reserves. I don't know if banks will be amendable to that arrangement or whether or not banks will even be amenable to issuing payment stablecoins for that matter. Only time will tell, but it is definitely an interesting provision.
Ethan Ostroff:
Yes, no doubt. The stablecoin provisions are very interesting and worth tracking. Trey, any thoughts that you might have about the bill and what we might see from it in 2024?
Trey Smith:
I would agree with Addison's point. Just looking at how they've structured regulations around stablecoins, it's clear grasp of authority away from the existing players in the market. It'll just be interesting, as Addison said, to see how those players respond and what the landscape of stablecoin issuance would look like under that sort of regime. I don't report to know if it'll be viable, but it does sound like a model where banks have sort of not shown a keen interest of entering.
Ethan Ostroff:
Yes, it's interesting. It seems like they're trying to push financial institutions in to fill that space and make private issuers exit, right? Trey, I thought that might be a nice way of us transitioning into talking a little bit about the financial innovation and technology for the 21st Century Act. It's certainly a mouthful. That was also introduced in July of 2023 and dealt with trying to create some sort of line between how the SEC and the CFTC would function in the digital asset space. What were your thoughts about that bill, how it tries to carve up the landscape between those regulators, and a little bit perhaps about how it tries to define a digital commodity?
Trey Smith:
I think the bill is an attempt to sort of split the baby along existing jurisdictional lines. It would see the CFTC regulating digital commodities and the SEC regulating restricted digital assets. I think in some, it's just an attempt by legislators to divide digital assets into two categories, and depending on the circumstances around each, feed it to the regulator who most appropriately, you could say, would be situated to handle that type of asset.
Ethan Ostroff:
Okay. Well, how does it define digital commodity or the bill?
Trey Smith:
There are three pathways under the bill for a digital asset to be deemed a digital commodity and, therefore, under the CFTC's jurisdiction. The first is through what's referred to as an end-user distribution scheme. That would apply to a digital asset that is being held by a consumer before the first date that each blockchain system that asset relates to is functional and certified to be sufficiently decentralized by the SEC. Digital assets under that scheme would not be obtained by cash transactions and would have to be distributed in a non-discretionary manner based on the conditions that are able to be satisfied by the participants in the blockchain system. Really, that's just way of referring to token airdrops.
The second pathway is through a digital commodity exchange scheme. That refers to digital assets that are acquired by consumers through transactions that are executed on an exchange that constitute digital commodities. Then the third way would be through a decentralization scheme. That's where you have digital assets acquired by consumers after the first date on which each blockchain system that the asset belongs to becomes functional and is certified by the SEC.
Ethan Ostroff:
Okay. Does the bill attempt to define things like functional and decentralized network as well?
Trey Smith:
It does. The term functional means that a blockchain network allows the network participants to use digital assets for three purposes. The first is to transmit and store value on that blockchain. The second is participating in services that are provided by or where you have some application that's running on that blockchain system. The third is where the participants use the digital asset to participate in the governance of a given blockchain system.
On the other hand, you have the term decentralized network. For a network to be deemed decentralized, the following conditions have to be met. For the first 12-month period, no person can have unilateral authority to control, alter, make any changes otherwise to the network's operation. No one can have unilateral authority to restrict or prohibit certain consumer activities such as using, earning, transmitting digital assets, or operating a node, for example. No digital asset issuer or affiliated person could in the aggregate have 20% or more of the total supply of the asset. All issuances of units of the digital assets had to be end-user distributions made through programmatic functioning. That's more or less referring to pre-mined coins.
Then final caveat is that in the previous three-month period, the digital asset issuer could not have implemented or contributed intellectual property to the source code of that network that would materially alter the functioning of the network subject to certain exceptions. The digital asset could not have been marketed to the public as an investment.
Ethan Ostroff:
Okay. Does the bill also attempt to define what it refers to as restricted digital assets? In other words, what does that mean, and what's the purpose of it?
Trey Smith:
The bill does define restricted digital assets. The term encompasses any digital asset held by a consumer before the underlying blockchain becomes functional and decentralized, as well as any digital asset that derives from a transaction that was not executed on a digital commodity exchange.
Ethan Ostroff:
Okay. Under this bill, the CFTC regulates digital assets exchanges and DeFi-related transition and DeFi-related transactions. Then is it your understanding sort of everything else is within the SEC's purview under the theory that it falls within the definition of a security under the Howey Test?
Trey Smith:
Not quite. Neither the CFTC, nor the SEC regulate payment stablecoins. Also, the bill only applies to digital assets which are defined as fungible digital representations of value. That term, by definition, excludes NFTs. The CFTC, nor the SEC would be able to regulate that class of assets.
Ethan Ostroff:
Okay. The NFTs, for example, would be carved out and sort of be in some sort of limbo according to this bill, right?
Trey Smith:
That's right.
Ethan Ostroff:
Yes. Then for payment stablecoins, anything about this bill that caught your eye?
Trey Smith:
Yes. This interesting provision about the treatment of custody activities by banking institutions, it prohibits the CFTC from making banks hold additional capital against payment stablecoins that are in their custody, unless a prudential banking regular makes a determination otherwise. Although most fiat-backed stablecoins out there are backed at a one-to-one ratio, that provision seems to maintain that fractional our reserve status quo that banks are accustomed to and that Addison discussed earlier.
I was also struck by – the unlike the Lummis-Gillibrand Bill, this act does not appear to limit stablecoin issuance to depositary institutions. Instead, it allows private corporations to issue stablecoins as they have today, which is far more in line with current expectations and current market practices. You would imagine that this part of the bill would be favored by the industry more heavily.
Ethan Ostroff:
Interesting. Some key differences in these two separate bills that were working their way through the Hill in 2023. Addison, any thoughts that you might have about the FIT Act before we transition to talk a little bit about some of the OFAC-related consent orders in 2023?
Addison Morgan:
No specific thoughts on the bill's provisions itself, but I do believe that payment stablecoins, as you can tell just from divergent viewpoints of these two bills, that payment stablecoin regulation will be attacked first as that is currently the only on and off-ramp from traditional financial services to the digital asset industry. We'll just have to wait it out. Wait to see how it all plays out. Clearly, Congress is at odds with each other with respect to payment stablecoins.
Ethan Ostroff:
Yes. We can sort of waiting to see what the members of Congress on their respective House and Senate committees that have oversight over the financial services industry, what they can do this year with regard to stablecoins. It's been something that's been top of mind by folks in the Hill for a couple years now, with a lot of folks thinking that something would get done, and there'd be some type of agreement over a bill to address stablecoins. That belief, I mean, in my view, it's been lingering out there for so long. I just wonder how much we can hope, if anything, to get done this year with a presidential election looming here in November, right?
Addison Morgan:
Agreed.
Ethan Ostroff:
Just thinking we might talk a little bit about a couple of OFAC consent orders that sort of dovetails with the AML/CFT concerns that, in particular, the Lummis and Gillibrand Bill tried to address and some other activities on the Hill last year also tried to address as well. I thought we might start with Binance. Addison, can you talk to us a little bit about what were OFAC’s claims against Binance and how this ultimately shook out?
Addison Morgan:
Sure. OFAC’s claims against Binance was that Binance permitted US users and users in sanctioned jurisdictions to execute digital asset transactions on its platform through August 2017 to October of 2022. Specifically, OFAC alleged that Binance’s upper management, and so this is including Binance's ex-CEO, CZ, was aware of the company’s sanctions, compliance obligations under US law but instead turned a blind eye to identifying whether its customers were accessing its platform from the United States or sanctioned jurisdictions like Iran, Syria, North Korea, and Cuba.
Ethan Ostroff:
Okay. According to what we see publicly, how were users accessing Binance's platform from these overseas jurisdictions?
Addison Morgan:
These individuals were utilizing virtual private networks or VPNs as they refer to. So this was primarily OFAC’s point. On this point, they alleged that Binance's upper management went as far as to suggest to its users to utilize VPNs so that Binance could maintain its high trading volume and liquidity. As we know, Binance today, even after everything that's happened, is still the largest digital asset exchange in the world by volume. To retain that volume, Binance was basically suggesting to its users that they could circumvent these regulations through VPN usage. This is one of the primary aggravating factors that OFAC relied on to impose this massive penalty on Binance.
Ethan Ostroff:
Interesting. They did. I mean, they did impose a pretty large civil penalty, right? But maybe you could just talk a little about what that was and also in that context. But it seems like they didn't impose the maximum civil penalty possible. I mean, why did they not do that?
Addison Morgan:
Sure. First, the penalty was approximately $970 million. But the maximum penalty OFAC could impose was north of $500 billion. During the relevant period, Binance processed approximately 1.7 digital asset transactions. This total approximately $707 million in violations of various OFAC-related sanctions regulations. To your question, Ethan, about why OFAC did not impose the maximum civil penalty possible, when OFAC enters consent orders with entities, they often assess both mitigating factors and aggravating factors. The mitigating or remedial factors that kind of helped Binance not receive a billion-dollar civil penalty was that Binance substantially cooperated and engaged in a ton of remediation efforts.
Within the first five years preceding this action, OFAC did not issue any violative orders to Binance. So this is the first time OFAC has entered into any order with Binance. The trading volume related to violations was very minimal. Trades between US users and users of sanction jurisdictions represented well less than one percent of Binance's total trading volume, which is an interesting fact, given the fact that Binance is the largest digital asset exchange by volume. These violative transactions were minuscule in the grand scheme of things.
Then last mitigating factor was that after Binance entered this order, they began to implement a strong KYC IP blocking and geofencing compliance programs to deter its users from utilizing VPNs to access the platform.
Ethan Ostroff:
Just to clear it up, I think it was Binance processed about or almost 1.7 million digital asset transactions, right? Totaling over $700 million in violation of the OFAC-related sanctions regulations. Not sure that came through earlier but just to clear that up. Then, Trey, I thought we might, just to finish out talking about OFAC today, talk a little about the CoinList consent order. That one was entered into the very end of 2023 and middle of December and can address similar issues that we saw in the Binance consent order. But OFAC civil penalty was a lot less severe. Any thoughts about why there is that big difference?
Trey Smith:
I think the difference is most attributable to the fact that CoinList had a viable know-your-customer program in place at the time or throughout the relevant period and denied users access when their IP addresses were coming from sanction jurisdictions. Specifically, CoinList had onboarding protocols that included this automated process that would use an application that would reject a user's. Specifically, CoinList had onboarding protocols which included an automated process through which an application was meant to be immediately rejected if some user presented an identification card from or, say, provided a physical address in a sanction jurisdiction.
Ethan Ostroff:
Interesting. Where was their swing and miss then? It seemed like they were trying to do what they were supposed to do, right?
Trey Smith:
Their major problem was that the screening procedures they used did not capture users who represented themselves as residents from non-embargoed countries but who still went and provided addresses within Crimea specifically, which is a sanction jurisdiction.
Ethan Ostroff:
Okay. There was a hole. There was a gap in their compliance processes, right?
Trey Smith:
There was a hole.
Ethan Ostroff:
Yes. So they got hit with a civil penalty of about $1.2 million. But sort of doing the back-of-the-napkin math, they escaped what could have been an OFAC-imposed settlement north of $300 billion, right? What were some of the mitigating factors that the consent order mentioned?
Trey Smith:
Some of the mitigating factors were that within five years before the action, OFAC didn't issue any findings of violations. Another factor was that the trading volume related to the violations were a very small percent of CoinList's annual transaction volume. Third, CoinList had updated their filter settings to automatically reject potential users who reported a residential address within a Crimean city, even if there was no mention of Crimea by name.
Ethan Ostroff:
Got you. One of the distinctions between these two consent orders is that CoinList was really trying to comply with US law to prevent folks in comprehensively sanctioned jurisdictions from being able to gain access to their platform and to conduct activity on their exchange, while Binance was taking affirmative steps, I mean, in writing, right? To assist people who they knew were in jurisdictions that should not be accessing and trading on their exchange to evade those prohibitions. Is that generally right?
Trey Smith:
That's right. I mean, in Binance’s case, you have OFAC alleging that there really was this culture of circumventing regulation and non-compliance, whereas with CoinList, it seems that the company was significantly more proactive in at least trying to stay in compliance with the applicable regulations. As we saw here, it resulted in a lower penalty.
Ethan Ostroff:
Great. Addison, any final thoughts that you might have sort of thinking through the compare contrast between these two OFAC consent orders?
Addison Morgan:
No. I would just agree with your earlier point, Ethan, about I think the affirmative action here. Deliberate intent to circumvent sanctions kind compliance was really what dang Binance, and that's truly the reason why OFAC imposed a much larger penalty on them, as opposed to the penalty we saw in the CoinList matter. In OFAC’s complaint, they had verifiable statements made by upper management in which, like you noted, Ethan, they are specifically advising their users to engage in VPN usage to access Binance's platform with the ultimate goal being that Binance wants to retain its status as the largest digital asset change in the world.
Ethan Ostroff:
Yes. Interesting stuff in 2023, both on the Hill, as well as activity by OFAC in particular. Addison, Trey, thank you for joining us today. I hope our listeners enjoyed today's episode, as well as our other episodes in our year in review. Appreciate everyone listening. Don't forget to subscribe to our podcast via Apple Podcast, Google Play, Stitcher, or whatever platform you use. Look forward to speaking with folks next time. Thanks.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.