In the second episode of this four-part series, Ethan, Addison, and Trey explore the CFPB's proposed rule to define a market for general-use consumer payment applications under its larger participant authority, and its impact on digital asset financial services companies.
In the second episode of this four-part series, Ethan, Addison, and Trey explore the CFPB's proposed rule to define a market for general-use consumer payment applications under its larger participant authority, and its impact on digital asset financial services companies. The group discusses the integration of digital assets into the traditional financial system and the associated regulatory concerns. The episode concludes with a discussion of two significant FTC enforcement actions filed against digital asset financial services companies in 2023, underlining the potential consequences for stakeholders operating in the industry.
The Crypto Exchange: Will Resiliency Carry the Digital Asset Sector Through 2024: The CFPB and FTC Take a Stance
Speakers: Ethan Ostroff, Addison Morgan, Trey Smith
Ethan Ostroff:
Welcome to another episode of The Crypto Exchange, a Troutman Pepper podcast, focusing on the world of digital assets. I'm Ethan Ostroff, the host of the podcast, and a partner at Troutman Pepper. Today I'm joined by my colleagues, Addison Morgan, and Trey Smith to talk about part two of our Year in Review series regarding digital assets and DLT in 2023. Today, we're going to focus on the CFPB and the FTC, and then spend most of our time talking about the CFPB’s recent proposed rule under its larger participant authority, and its impact on digital asset, financial services companies. Then, some digital asset-related enforcement actions brought by the FTC during the past year as well.
I wanted to just start by contextualizing. Look, guys, I think it's obvious to everyone in this space how much hand-wringing there is and worry about the impacts of the CFPB’s proposed rule. I think it's helpful in talking about that to go back to October of last year, when Director Chopra gave a speech at the Brookings Institution, at an event on making America's payment system work for digital century. A and I was looking at that and reminded that the director did say, back then, and forecast some of the things that, I think, are really important when we think about what happened in 2023. In particular, they are worried about consumer harm, that could be caused by private currencies and payment systems in the household and retail context.
So, Chopra mentioned a number of different steps that he had identified as warranted, and I just want to touch on a couple of those real quick because I think all of them are going to be relevant for our discussion about both the CFPB and the FTC. So, the first thing he mentioned was, and he described as an effort to reduce harms resulting from hacks and errors and unauthorized transfers. The CFPB is looking at providing additional guidance to people in the market to answer questions regarding the applicability of the Electronic Funds Transfer Act with respect to private digital dollars of the virtual currencies, right? That's sort of one of the things he mentioned.
A second was, in the context of forecasting the propose 1033 rule. He mentioned, policymakers, legislators, and regulators need to continue to identify additional financial privacy protections that go beyond the Gramm-Leach-Bliley Act and the protections in that act. As he said, he thinks they're totally insufficient, and thinks that he and other federal regulators need more tools from Congress, through federal legislation to deter consumer abuses.
Then, finally, and I think this will bring us back into this proposed rule defining a market for general-use digital consumer payment applications. He said, he thought it was appropriate to look at the authorities he has at the CFPB to conduct supervisory examinations of non-banks offering consumer payment platforms. And I thought, the CFPB has more than one authority or basis for authority to do so. He mentioned when non-banks are offering consumer payment platforms in the context of being service providers to depository institutions. He also mentioned specifically, defining larger market participant by rule. That's, I think, what we're going to focus on today in our discussion of the CFPB.
So, Addison, just to lead into the talk about the proposed rule, my sense is it asserts that digital assets are funds, subject to consumer financial services, laws, regulations, and would subject large players to supervisory exam processes that are just like banks and other financial institutions. So, effectively, I mean, I’m wondering if you think otherwise. But I mean, to me, it effectively extends the CFPB’s supervisory powers to companies that facilitate crypto asset transactions, and takes the position that digital applications that facilitate certain transfers of crypto assets will also be included in the market definition of larger participants. How do you see it?
Addison Morgan:
Hi, Ethan. As you stated, the Bureau's characterization of the term funds, which is undefined within the Consumer Financial Protection Act and the Electronic Fund Transfer Act, the Bureau's broad construction of that term definitely encompasses digital assets. And I think they specifically state that in the proposed rule, this is a direct quote, “Crypto asset, sometimes referred to as virtual currency, are one type of digital asset.” So, the rule is somewhat complex. But yes, I level, I agree with you, that it definitely encompasses both the facilitation of those digital asset transactions, and the activity of possibly hosting consumer account credentials, whether that be in the form of a digital wallet, or the form of a traditional bank account, or credit account.
Ethan Ostroff:
I mean, this rule in itself is procedural, right? I mean, effectively, in the sense of defining the digital payments market, and then identifying a threshold for larger participants. Is that sort of how you see it as well?
Addison Morgan:
Yes. I mean, it's procedural in the sense that the CFPA does not grant the Bureau explicit authority to regulate digital asset financial services companies. So, they're leveraging kind of this grand discretionary caveat within the CFPA to define this market as falling within the scope of their supervisory powers. So, yes, it's procedural from that standpoint, definitely.
Ethan Ostroff:
When we talk about defining this market, how was the CFPB going about defining it? Are there particular things about their approach to defining the market that, in particular digital asset companies in the financial services space should be focused on?
Addison Morgan:
Sure. So, yes, the market definition itself. Because this rule is multifaceted. The market definition itself, defined as a market as providing a cover payment functionality, through a digital application for consumers general use and making consumer payment transactions. So, within that market definition, there are three relevant kind of sub definitions that the industry at broad should be aware of. So, you have cover payment functionality, larger participant, and then you have consumer payment transaction.
Ethan Ostroff:
I guess, as I understand that mean, a consumer payment transaction here would be defined to include digital assets that have monetary value and a readily usable for financial purposes. P2P or consumer and merchant transactions where there's the use of a digital asset will fall within the rule, unless some exclusion applies. Is that effectively how you see it as well?
Addison Morgan:
Yes. So, there goes that term funds again, and we can just move to the consumer payment transaction kind of sub definition within a broader market definition. That term is defined as the transfer of funds. So, this entire rule hinges on the Bureau's construction of that undefined term funds. The transfer of funds by or on behalf of a consumer, physically located in the state to another person, primarily for personal, family, or household purposes.
So, although this rule seems to encompass a lot of the activities that digital asset financial services companies engaged in, you still have to ensure that the type of transactions that you were facilitating, actually fall within the scope of that rule. There are a few caveats that the Bureau mentioned in the proposed rule, that fourth element that I mentioned that the transaction has to be to another person. Let's say, for example, a digital asset exchange is providing accounts to consumers. But consumers have multiple accounts on this exchange, right? If a consumer sends digital assets to another wallet owned by the consumer, I don't think that transaction would fall within the scope of this definition, because the Bureau states, that element require that a transfer be made to another person beside the consumer.
Ethan Ostroff:
I mean, this rule is going to encompass stablecoins as well, right? It's something that's sort of clearly been relevant and increasingly important in the digital asset space, and something that's top of mind, on the hill as well.
Addison Morgan:
Yes, agreed. We can just get into it now, I think, as you know, Ethan, from the plaintiff’s bar is utilizing the EFTA to kind of bring cryptocurrency and digital asset-based litigation. The FTA also does not define the term funds, as I stated earlier. So, whether the Bureau's definition holds muster into the future, only time will tell. But right now, the Bureau believes, literally, all crypto assets fall within the scope of that term. So yes, your point, stablecoins definitely do as well.
Ethan Ostroff:
In that regard, I mean, listeners of our podcast may remember, but you and me and one of our other colleagues, Carlin McCrory talked about on a podcast last year about these two cases coming out of the same federal court in New York about the question of whether or not digital assets constitute funds under the Electronic Funds Transfer Act. These judges in those two cases actually came out on opposite sides and disagreed with each other.
As I mentioned earlier, that's something the director specifically mentioned when he talked to the Brookings Institution last October was not just finding a hook or foothold in the space through defining larger participants in the market, but also through what we expect will be additional guidance under the FTA and Reg E.
So, I mean, I guess, do you ever thought about sort of at the foundational level, what's the legal predicate to give CFPB jurisdiction all over crypto assets? I mean, it sounds like what you're saying is, and I agree with you, that digital assets are funds. The CFPB is view is there are multiple different avenues for them to get crypto assets or digital assets covered under various different definitions of funds in various different federal laws and regulations.
Addison Morgan:
Agreed. So, just from a high-level standpoint, the Bureau technically doesn't have an explicit statutory basis for rigging these claims. I assume this is Chopra’s argument. This is his perception of what the CFPA permits the Bureau to do. This larger participant rulemaking authority is fascinating, because, I mean, it's a very powerful provision. It allows the bureau to dictate which non-bank entities are subject to supervision, within parameters. There still has to be noticed of proposed rulemaking, comment period, et cetera. But that provision is very powerful.
So, to answer your question, there is no explicit statutory basis. But the Bureau's point seems to be that there are several financial products and services that the CFPA does permit the Bureau to regulate, and digital assets are similar to those, and so the Bureau believes that, because of that, they can also regulate this space. The Bureau can regulate financial products and services like providing payments, or other financial data processing products or services to a consumer by any technological means. I mean, in that little phrase right there, I can see how the Bureau can make an argument that digital assets fall within the scope of the Bureau's kind of unwritten authority, if you will, but ultimately, the courts will decide whether or not the Bureau is permitted to advance this definition of funds.
Ethan Ostroff:
Yes. I mean, the way I see it is, there's lots of different hooks under Dodd-Frank for the CFPB to use for its jurisdiction. One of which is engaging in deposit-taking activities, transmitting, or exchanging funds, or otherwise acting as a custodian of funds, or any financial instrument for use, by or on behalf of a consumer. To me, the key word there is fund. The CFPB is simply equating, and I think in its rulemaking, in many pages, like significantly more pages than is typical when you compare this rulemaking to define larger market participants with the other ones we've seen historically. Took many more pages, and an attempt to do this, without really any applicable legal authority. But they're focused on funds and equating crypto assets as funds, generally at a 50,000-foot view without really any attempt to parse out the various many different types and just sort of conflating the entire broad universe of crypto assets as funds under Dodd-Frank. And saying, because crypto assets are funds under Dodd-Frank, as a result, they are covered consumer financial product or service under Dodd-Frank. Is that how you see it as well?
Addison Morgan:
Yes. To your point, we haven't discussed the cover payment functionality, like sub definition within that broader market definition. But yes, I think it's on footnote 64 or 65 of the proposed rule, where the Bureau states that, hey, these functionalities are, in fact, consumer financial products or services. And I think, like, to your point, Ethan, they have a litany of footnotes and several pages of discussion, because they know, or the Bureau understands that this argument has to be substantiated, because there's no actual express basis for the Bureau kind of evoking supervisory authority over this industry.
Because that was my initial thought as well. Well, hey, the Bureau can only regulate consumer financial products or services. I think it's still kind of up in the air, whether digital assets constitute a consumer financial product, but bureau says they do.
Ethan Ostroff:
The definition of funds transfer functionality and wallet functionality are so broad, that potentially, they bring noncustodial wallet services within it. That's how I see it. Do you agree with that?
Addison Morgan:
Yes, I agree. So, that definition, really just encompasses a digital assets exchange facilitation of a transaction on behalf of consumer. On the other hand, the wallet functionality definition is more interesting, because I think here, the Bureau was more focused on kind of the proposed rule mentioned is tokenization. That buzzword that we all know has some basis in the DLT space. But I think here, the Bureau is most focused on products like Apple Pay, where you have a tokenized version of your debit card, or a tokenized version of your credit card. Through that, you can now facilitate these kind of secure payment transfers to merchants. I'm sure we all familiar with Apple Pay.
So, from a wallet functionality standpoint, I think the bureau was focused on that. The definition is defined as stores account or payment credentials, included in encrypted or tokenized form, and transmits routes or otherwise processes such stored account, or payment credentials to facilitate a consumer payment transaction. I'm not sure whether that applies to digital wallets, because there are no payment credentials like you stated earlier, Ethan. Although the Bureau's definition of funds seems to apply broadly to all digital assets, including NFTs, including other things that may not facilitate payments, as we know, digital wallets can transfer a wide variety of assets. So, I don't know if the Bureau was directing that definition to digital wallets. But in any event, it definitely does apply to the digital asset exchanges.
Because, if you think about it, these companies usually have the capability to store a consumer’s bank account information. If a consumer is trying to top up his account via funds from his bank account, well, I think that would be the payment credentials that the bureau is focused on, those kind of traditional payment credentials. So, just something to think about there.
Ethan Ostroff:
I think it also could include storage and processing your private keys, in the context of wallet functionality as well. Just like accepting and transmitting payment instructions can be viewed to include transmitting payment instructions to a blockchain. Do you see it differently?
Addison Morgan:
I don't necessarily know if I see it differently. I tend to agree with you. I think I'm more so focused on what's the Bureau's current understanding of a concept like private keys, right? Can we say today that the Bureau’s understanding of, or the Bureau's discussion of payment credentials includes private keys? I agree with you that theoretically, it could, because that's a broad-based term. But I don't know, based on what was discussed in the proposed rule, whether or not the Bureau currently intends to kind of go as far as bringing digital wallet developers and companies into the fold as well. But yes, I tend to agree with you from a theoretical standpoint.
Ethan Ostroff:
If I remember correctly, the proposal, even states that covered persons don't even actually need to ever hold the funds, in addition to the idea of the definition of funds being so broad that, like we mentioned, all of a sudden, digital assets are brought within the scope of the FTA and Regulation E, and GLBA, and other types of laws. Which I think helps transition us, Trey, to talking about some regulatory enforcement activity by the FTC in 2023. We did see an increased activity. Following up on that AMG capital decision that dissolved the FTC’s authority to impose Civil Monetary Penalties under §13(b) of the FTC Act, the FTC has been looking for a sufficient substitute for this ability to impose Civil Monetary Penalties. It seems like the FTC has found at least one hook it wants to use, which is the Gramm-Leach-Bliley Act or the GLBA, generally, prohibits entities from obtaining financial information from consumers to any false or fictitious or fraudulent statements.
But as we saw the FTC case against Celsius Network, the FTC is taking a very broad view of how the GLBA can apply to any misrepresentation that he makes during a transaction in which a consumer presents payment information. So, Trey, can you talk us through a little bit about what was going on in this enforcement action against Celsius, and some of our listeners should be thinking about and taking away that activity last year?
Trey Smith:
Absolutely, Ethan. So, for those listeners who don't know, Celsius is a consumer-facing cryptocurrency platform. I had offered customers a number of different cryptocurrency-related services and in a lot of ways, it sort of acted like a bank would. Specifically, they offered this earn program to customers that promised an annual percentage yield to customers who deposited cryptocurrency with the platform. It also offered a borrow program, “borrowed” that allowed customers to take out loans that were secured by their crypto. Then, they offered of course typical cryptocurrency marketplace, exchange services, custody services, et cetera, et cetera.
Ethan Ostroff:
What was the enforcement action about what led to it? What was the FTC concerned about? And what are some of the interesting details or takeaways?
Trey Smith:
Yes. So, the FTC was principally concerned about the misrepresentations that they alleged, that Celsius was making to its customers and to the public in general. The company positioned itself as this alternative, safer alternative to banking, that promised it would make secured loans to these sophisticated and safe counterparties to earn high amounts of return on customer deposits. They also made a host of representations about the safety of those deposits in terms of the customer's ability to withdraw them, or the insurance policy they had with respect to those deposits.
But ultimately, at least the FTC alleges were misrepresentations, and were made specifically with the purpose of inducing those customers to deposit funds onto the platform. So, that’s where you're seeing the FTC kind of seize on finding that hook that we've been discussing to bring their enforcement action, looking to the GLBA and the CEO statements that were essentially made to procure or to induce customers to give their information that's specific to another financial institution. We also saw the FTC using its traditional authority under the FTC Act during the enforcement action.
Ethan Ostroff:
So, do you guys have any take on or thoughts about the FTC’s usage of the GLBA to impose Civil Monetary Penalties in the situation, and implications for digital asset companies in the financial services space?
Trey Smith:
I mean, it's clear that the federal agencies are sort of seizing into whatever hook they can to bring these enforcement actions. How I would sort of perceive this trend is to view these regulators activities as sort of looking at industry participants, as traditional banks, or as credit unions. For example, Director Chopra, he spoke about industry using the lack of clear regulation as a means of engaging in regulatory arbitrage. I think that statement is telling, because lend credence to the idea that these regulators view the digital asset industry as falling within their respective enforcement authority, but for whatever reason, they just have not found a way to regulate them of yet. I’m sort of implying that traditional financial regulation in this space is inevitable. So, I think these enforcement actions are just symbolic of that future.
Addison Morgan:
I agree with Trey. I think, ironically, these enforcement actions in which the regulators are quite literally searching the deep depths of their authoritative power to kind of reign in this space, I think, it just legitimizes the space.
So, to Trey’s point, these companies, as we kind of predicted, are being regulated like traditional financial institutions. I think, we obviously can't see the future. But I think that this trend in terms of leveraging existing financial services laws to reign in the space, I think it will continue. We’ve already seen it with the FTA. I'm sure that that that litigation trend will continue to proliferate throughout the year, especially with the Bureau's proposed rule that, in a sense, also implicates the EFTA. So, whether Congress will step in and create a defined regulatory regime in which it chooses to delegate authority to power or to one or many of these federal agencies remains to be seen. But I think there has been enough consumer harm, fraud, and scams, that these agencies want to step up and do what they can to level the playing field, so to speak on behalf of consumers.
Ethan Ostroff:
Yes. I mean, look, I think Gary Gensler and two of the other five commissioners of the SEC, certainly agree with a view that existing financial services laws and other types of financial laws can be applied as is to this space. It seems like to some extent, there are multiple federal regulators who agree that they have existing tools and laws that they can use, and tend to disagree in some regards about whether or not they need Congress to give them more powers. But it's a very interesting uses of the GLBA and something folks in this space need to be aware of clearly.
So, the other enforcement action that I thought we might briefly touch on in our remaining time today is the October 2023 consent order with one of the large digital asset financial services companies. It also involved allegations about misleading the customer base by implying that digital assets deposited on the company’s platform by consumers were protected by insurance offered by the FDIC.
Trey, Addison, what's your take on this case and these claims about FDIC-related misrepresentations and some of the other things that folks in the space need to be aware of based upon this consent order?
Addison Morgan:
I think that the company's advertisements about FDIC insurance were a close call. Obviously, the FTC disagreed and thought that the advertisement themselves were deceptive. But I think that for industry participants that are engaging bank partners to develop some sort of platform where consumers can have access to a traditional bank account, but through that bank account, you can also access digital asset liquidity - because that was the product the company was offering here - companies who engage in those practices just should make sure that they don't conflate FDI insurance as being applicable to both fiat cash balances and digital asset balances.
Because I think that ultimately was the FTC's point, but I'm sure the company what they were trying to suggest was that, hey, any USD, so fiat cash balances that we are holding on your behalf is being maintained by our banking partner who is permitted to offer FDIC insurance. But the way some of the advertisements worded, I could see how a consumer could assume that, hey, it seems like this company is offering FDIC insurance for both Fiat cash balances and RUSD stable coins, which is a form of a digital asset.
The companies did not make that differentiation very clear. And because the company is not an insured depository institution that even has the ability to offer FDIC deposit insurance, the FTC dinged them on that. And so in the future, I think companies that engage banking partners for these digital asset kind of, checking deposit account partnerships, they should just ensure that their disclosures related to FDIC insurance are specifically attributable to the banking partner itself. Make that disclosure very conspicuous, but also very clear.
Ethan Ostroff:
Trey, I don’t know if you have any thoughts about this, but to me, the FDIC has been very clear over the last 12 to 24 months about its concerns with the way companies in the digital asset space are referencing or representing any type of coverage by FDIC insurance and are significantly scrutinizing that, right?
Trey Smith:
Yes, Ethan. I'm inclined to, of course, agree. What both enforcement actions kind of have shown is that federal agencies are concerned with representations that are being made to consumers, because those representations, whether they relate to the business practices of the company, or the safety, these things, the soundness of their practices are factors that are market differentiators for consumers. And these enforcement actions just show that when these representations are being made, that there's significant consumer harm here. So, I think the FDIC, the FTC, all federal agencies that are primarily concerned with consumer protection are going to kind of seize up on both statements that have to do with safety.
Ethan Ostroff:
Right. I think, to me, one of the high-level takeaways from 2023, particularly when you're talking about the CFPB and the FTC, is that there is a heightened scrutiny by these regulators because they believe they've got to step up to address consumer fraud, harms, et cetera, to retail customers of companies in the digital asset space, right?
Trey Smith:
Yes, Ethan. that's right. I completely agree.
Addison Morgan:
Same.
Ethan Ostroff:
Well, thanks, guys. I really appreciate y'all joining us today and I hope our listeners enjoyed the second part of our multi-part series covering the 2023 Year in Review. Don't forget to visit our blogs, consumerfinancialserviceslawmonitor.com and troutmanpepperfinancialservices.com. Subscribe so you can get the latest updates. We look forward to speaking with our listeners again next time when we'll talk about state-level legislation and regulatory events from 2023. I appreciate everyone joining us today.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.