Cryptocurrency + FinTech

On November 21, the U.S. Department of Justice (DOJ) unsealed its criminal indictment against Binance.com (Binance), the world’s largest cryptocurrency exchange, and its CEO, Changpeng “CZ” Zhao (CZ). The indictment against Binance contains three charges: (1) conspiracy to violate the Bank Secrecy Act (BSA) by failing to implement and maintain an effective anti-money laundering (AML) program; (2) conducting an unlicensed money services business; and (3) willful violation of the International Emergency Economic Powers Act (IEEPA). On the same day, at a press conference also attended by Treasury Secretary Janet Yellen and Commodity Futures Trading Commission (CFTC) Chairman Russ Behnam, Attorney General Merrick Garland announced Binance pled guilty to all charges, and the DOJ is requiring Binance to pay approximately $4.3 billion in criminal penalties and forfeiture. CZ also pled guilty to violating the BSA by failing to maintain an effective AML program. As a result, he must resign as Binance’s CEO and is awaiting criminal sentencing.

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently announced a Notice of Proposed Rulemaking (NPRM) that identifies international convertible virtual currency mixing as a class of transactions of primary money laundering concern and seeks to increase transparency around virtual currency mixing to combat its use by illicit actors.

On October 13, California Governor Gavin Newsom (D) signed Assembly Bill 39 (Digital Financial Assets Law). This new law broadly empowers the California Department of Financial Protection and Innovation (DFPI) to govern “digital financial asset business activity” and prohibits entities from engaging in such activity with California residents without obtaining a license from the DFPI, among other criteria.

On November 1, New York Governor Kathy Hochul announced that the state’s Department of Financial Services (NY DFS) has amended its Cybersecurity Regulations to “enhance cyber governance, mitigate risks, and protect New York businesses and consumers from cyber threats.” According to the NY DFS, key changes in the regulations include: enhanced governance requirements;  additional controls to prevent unauthorized access to information systems and mitigate the spread of an attack; requirements for more regular risk assessments, as well as a more robust incident response plans; updated notification requirements; and updated direction for companies to invest in at least annual training and cybersecurity awareness programs that are relevant to their business model. The newly amended compliance requirements will take effect in phases. 

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.

The Securities and Exchange Commission’s Division of Examinations has outlined its 2024 Examination Priorities, with a significant focus on cryptocurrency, emerging technology, and Anti-Money Laundering (AML) laws. This has important implications for financial services. Our Regulatory Oversight blog has the details; key highlights are below.

On October 19, the Securities and Exchange Commission (SEC) dismissed its claims against Ripple Labs, Inc. (Ripple) executives Bradley Garlinghouse and Christian Larsen for allegedly aiding and abetting Ripple’s violations of the Securities Act with respect to its “institutional sales” of XRP. The Southern District of New York had deemed “institutional sales” to be unregistered securities in its July summary judgment decision, however, at that time the court reserved judgment as to the aiding and abetting claims against the executives. The matter was set for trial in 2024.

When using artificial intelligence (AI) or complex credit models, can lenders rely on the checklist of reasons provided in Regulation B sample forms for adverse action notices? According to today’s guidance issued by the Consumer Financial Protection Bureau (CFPB or Bureau), the answer to that question is, in many circumstances, no.

In the ever-evolving world of digital assets and law, Grayscale Investments, LLC (Grayscale) found itself at the pinnacle of a major decision by the Court of Appeals for the District of Columbia. On August 29, the court deemed the Securities and Exchange Commission’s (SEC) denial of Grayscale’s October 19, 2021, spot Bitcoin (BTC) exchange-traded fund (ETF) application “arbitrary and capricious” and vacated the agency’s decision. At the heart of the court of appeal’s ruling lies the Administrative Procedure Act (APA), the complex interplay between spot asset pricing and futures asset pricing, and the SEC’s current sentiment towards digital asset-based financial products.

On August 11, in the case of Yuille v. Uphold HQ Inc., the Southern District of New York was tasked with determining whether the Electronic Funds Transfer Act (EFTA) applies to digital asset-based accounts. The court concluded there was no “account” as defined by EFTA because the digital asset account at issue was not established primarily for personal, family, or household purposes.