On June 6, Senators Kirsten Gillibrand (D-NY), member of the Senate Agriculture Committee, and Senator Cynthia Lummis (R-WY), member of the Senate Banking Committee, introduced a draft bipartisan bill, the Responsible Innovation Act (Act), which is Congress’s first attempt to construct an all-encompassing digital asset regulatory framework. The breadth of the Act is sweeping, and it addresses many of the issues that have plagued the digital asset markets in recent years. But most importantly, the Act tackles (1) the lack of clarity relating to the regulatory authority of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) and (2) the lack of streamlined, uniform legal definitions of various products integral to the infrastructure of the digital asset market.

Clarification of Regulatory Jurisdiction

In the digital asset market, the lack of regulatory clarity has had two primary consequences: It has engendered great uncertainty and has stifled the ability of the sector’s incumbents to innovate and also has seemingly confounded the SEC (which regulates securities) and the CFTC (which regulates commodities trading) as, in recent years, the federal agencies have clashed over the scope of their respective roles in regulating digital assets.

The Act sets out to resolve this dilemma by providing the CFTC exclusive jurisdiction over “digital assets,” which is a term that includes the practice of “spot trading.” Spot trading is the process of purchasing a financial instrument at the current market rate for immediate settlement. Currently, the CFTC’s regulatory authority does not extend to spot trading, but if enacted, the Act would enable the CFTC to regulate the U.S.-based cryptocurrency exchanges that engineer spot trading. In turn, U.S.-based cryptocurrency exchanges (or “digital asset exchanges,” which also are “financial institutions” as referenced by the Act) would become subject to the Act’s amendment of the Commodity Exchange Act, which, inter alia, would require the implementation of reasonable safety standards to minimize the risk of loss, or delay in access to, a consumer’s digital assets. The Act contains various disclosure and recordkeeping requirements geared toward consumer protection, which may add to these exchanges’ current compliance requirements of registering as money service businesses with the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and state-level regulators and adherence to anti-money laundering and “countering the financing of terrorism” (AML/CFT) guidelines.

Contained in the Act is an important constraint on the CFTC’s jurisdiction over a digital asset class that has gained traction: non-fungible tokens (NFTs). The Act expressly asserts that the CFTC “shall only exercise jurisdiction over … a digital asset that is fungible, which shall not include digital collectibles and other unique assets.” We discussed NFTs and fungibility here.

Conversely, the Act indirectly incorporates the Howey test by granting the SEC authority over securities that constitute an “investment contract.” The Act attempts to delineate the bounds of the SEC’s usage of the Howey test-investment contract analytical framework by creating a term referred to as an “ancillary asset.” An “ancillary asset” is defined as “an intangible, fungible asset that is offered, sold, or otherwise provided to a person in connection with the purchase and sale of a security through an arrangement or scheme that constitutes an investment contract.” As stated above, the Act empowers the CFTC to regulate “digital assets,” a term which includes “ancillary assets.” Importantly, excluded from the definition of an “ancillary asset” are assets that possess the hallmark characteristics of a quintessential security offered by a corporation: (1) debt or equity interest; (2) liquidation rights; (3) entitlement to interest or dividend payments; or (4) profit or revenue share derived solely from the managerial or entrepreneurial efforts of others. Therefore, businesses that engage in investment contract transactions would be subject to the disclosure requirements of securities laws, as would businesses that provide to their counterparties assets possessing one of the four features enumerated above. It is unclear whether assets like decentralized autonomous organization (DAO) governance tokens, which may provide token holders with a nominal percentage of the revenue derived from the DAO’s treasury, would be subsumed by the “ancillary asset” definition and be regulated by the CFTC, or whether those products would be considered “securities” and be regulated by the SEC.

Lastly, the Act does make interagency coordination a possibility. Within 18 months after enactment of the Act, the CFTC and the SEC (in conjunction with FinCEN) must publish final guidance and examination manuals that cover certain topics: (1) AML; (2) custody; (3) fiduciary and capital markets activities; (4) information technology standards; (5) payment system risk; and (6) consumer protection. Additionally, in consultation with digital asset intermediaries and industry stakeholders, the Act requires the CFTC and the SEC to conduct research and issue a proposal discussing the principals underlying the need for a self-regulatory organization in the digital asset realm. The principles analyzed must cover, inter alia: (1) standard setting, corporate transparency requirements, and rulemaking relating to digital asset market conduct; (2) regular consultation with the CFTC and the SEC; (3) investigatory and disciplinary powers of digital asset exchanges; (4) authority of digital asset intermediaries to conduct activities relating to traditional assets; and (5) consumer education and financial literacy.

SEC’s Modernization of Custody in the 21st Century

Broker-dealers, or entities in the business of buying and selling securities (including digital assets that constitute “investment contracts” under the Act) for its own account and/or on behalf of its customers, are regulated by the SEC. More specifically, under Exchange Act Rule 15c3-3, known as the “Customer Protection Rule,” these entities are required to have “physical possession or control” of their customers’ securities.

As we discussed here, custody, and its relation to digital assets built on blockchain, is exclusively determined by public-key (or asymmetric) cryptography. Public-key cryptography affords a consumer — as long as he or she secures and maintains the private key associated with a particular public wallet address — unopposed access to the digital assets linked to the private key. What occurs when the hypothetical consumer engages a third party to both execute digital asset transactions and maintain custody of the digital assets underlying the transactions on the third party’s platform? Practically speaking, although the consumer may view or perceive the value of his or her assets digitally on the third party’s platform, in this scenario, the consumer has diminished his or her ability to exert control over and dictate the action of the purchased digital assets. Due to not being privy to the private key associated with the third party’s public wallet address, the consumer is now at the whim of the third party, and in times of extreme market volatility, the lack of true custody can be catastrophic.

The Act seems to contemplate the possibility this issue, as it would require the SEC, within 180 days of the date of enactment, to modernize its Customer Protection Rule by adopting final rules addressing, inter alia, “use of collaborative custody or multi-signature arrangements, including distribution of private key material and resulting obligations.”

Payment Stablecoins Defined

After the demise of Terra Labs’ algorithmic stablecoin, TerraUSD (UST), which resulted in the loss of approximately $42 billion in investor value, stablecoin regulation has been at the forefront of the minds of consumers, stakeholders, and policymakers alike. Due to the lack of collateralization of algorithmic stablecoins, UST investors have been left with little or no remedial recourse. In that light, the Act defines a “payment stablecoin” as a digital asset that is “redeemable, on demand, on a one-to-one basis for instruments denominated in United States dollars and defined as legal tender [under 31 U.S.C. 5103] … or for instruments defined as legal tender under the laws of a foreign country … .” Notably, the Act excludes from the “payment stablecoin” definition algorithmic stablecoins and digital asset-backed stablecoins, both of which are encompassed by the Act’s definition of “virtual currency.” Specifically, the Act requires issuers of algorithmic stablecoins (or “digital assets … based solely on a smart contract”) to provide statements disclosing that “a denominated or pegged value will be maintained and be available upon redemption from the issuer … .”

The Act enables “depository institutions,” a term that includes FDIC-insured banks, credit unions, and savings associations, to issue payment stablecoins provided that these entities apply to the state or federal banking agency at least six months prior to the issuance of the payment stablecoin. Surprisingly, the Act does not prohibit non-depository institutions from issuing payment stablecoins. Therefore, in practice, the Act would sanction the continued issuance of private stablecoins by Circle (USDC), Tether (USDT), Binance (BUSD), and many others. Nonetheless, both depository institutions and non-depository institutions would be required to maintain asset reserves containing “high-quality liquid assets” on a one-to-one basis with the outstanding supply of the entity’s payment stablecoin and must provide to consumers and the appropriate federal or state agency, within 10 business days of the end of each month, a summary description of the assets backing the entity’s payment stablecoin.

Because the Act generally defines “payment stablecoins” and “virtual currencies” as “digital assets,” both products would constitute commodities under the Act and would fall under the purview of the CFTC.

Our Take. The Responsible Innovation Act is a valiant effort that circumscribes authoritative power between the (ostensibly) primary federal regulators of the digital asset markets. The Act provides a more robust regulatory role to the CFTC, but depending on the courts’ forthcoming interpretation of the Howey test, the SEC could see its regulatory authority over digital assets bolstered and legitimized well before the Act (or any byproduct of it) is enacted. Lastly, the Act clearly defines “digital asset exchanges” as “financial institutions.” Although the Act primarily addresses the CFTC, it appears clear that U.S.-based cryptocurrency exchanges may become subject to the jurisdiction of other agencies created by the Dodd-Frank Act, specifically the Consumer Financial Protection Bureau.