Cryptocurrency + FinTech

Subscribe to Cryptocurrency + FinTech via RSS

On November 1, New York Governor Kathy Hochul announced that the state’s Department of Financial Services (NY DFS) has amended its Cybersecurity Regulations to “enhance cyber governance, mitigate risks, and protect New York businesses and consumers from cyber threats.” According to the NY DFS, key changes in the regulations include: enhanced governance requirements;  additional controls to prevent unauthorized access to information systems and mitigate the spread of an attack; requirements for more regular risk assessments, as well as a more robust incident response plans; updated notification requirements; and updated direction for companies to invest in at least annual training and cybersecurity awareness programs that are relevant to their business model. The newly amended compliance requirements will take effect in phases. 

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.

The Securities and Exchange Commission’s Division of Examinations has outlined its 2024 Examination Priorities, with a significant focus on cryptocurrency, emerging technology, and Anti-Money Laundering (AML) laws. This has important implications for financial services. Our Regulatory Oversight blog has the details; key highlights are below.

On October 19, the Securities and Exchange Commission (SEC) dismissed its claims against Ripple Labs, Inc. (Ripple) executives Bradley Garlinghouse and Christian Larsen for allegedly aiding and abetting Ripple’s violations of the Securities Act with respect to its “institutional sales” of XRP. The Southern District of New York had deemed “institutional sales” to be unregistered securities in its July summary judgment decision, however, at that time the court reserved judgment as to the aiding and abetting claims against the executives. The matter was set for trial in 2024.

When using artificial intelligence (AI) or complex credit models, can lenders rely on the checklist of reasons provided in Regulation B sample forms for adverse action notices? According to today’s guidance issued by the Consumer Financial Protection Bureau (CFPB or Bureau), the answer to that question is, in many circumstances, no.

In the ever-evolving world of digital assets and law, Grayscale Investments, LLC (Grayscale) found itself at the pinnacle of a major decision by the Court of Appeals for the District of Columbia. On August 29, the court deemed the Securities and Exchange Commission’s (SEC) denial of Grayscale’s October 19, 2021, spot Bitcoin (BTC) exchange-traded fund (ETF) application “arbitrary and capricious” and vacated the agency’s decision. At the heart of the court of appeal’s ruling lies the Administrative Procedure Act (APA), the complex interplay between spot asset pricing and futures asset pricing, and the SEC’s current sentiment towards digital asset-based financial products.

On August 11, in the case of Yuille v. Uphold HQ Inc., the Southern District of New York was tasked with determining whether the Electronic Funds Transfer Act (EFTA) applies to digital asset-based accounts. The court concluded there was no “account” as defined by EFTA because the digital asset account at issue was not established primarily for personal, family, or household purposes.

On August 9, the Securities and Exchange Commission (SEC) sent a letter to U.S. District Judge Analisa Torres requesting leave to file an interlocutory appeal in SEC v. Ripple Labs, Inc. as to the two adverse liability determinations in her July 13, 2023 order. That order granted partial summary judgment in Ripple Labs’ favor regarding the sale of its XRP token. As we previously discussed here, the court held in deciding cross motions for summary judgment that defendants’ “programmatic” offers and sales to XRP buyers over crypto asset trading platforms and Ripple’s “other distributions” in exchange for labor and services did not involve the offer or sale of securities under the U.S. Supreme Court’s decision in SEC v. W.J. Howey Co.

On August 8, the Federal Reserve Board (Fed) issued a press release providing additional information on its Novel Activities Supervision Program (Program) to monitor novel activities in the banks it oversees. Novel activities are defined to include: (1) technology-driven partnerships with non-banks to provide banking services to customers, and (2) activities involving crypto-assets and distributed ledger or “blockchain” technology. According to the Fed, “the Program will be risk-focused and complement existing supervisory processes, strengthening the oversight of novel activities conducted by supervised banking organizations.” The Fed will notify those banking organizations whose novel activities will be subject to examination in writing and will routinely monitor supervised banking organizations that are exploring novel activities.

On July 13, U.S. Senators Cynthia Lummis (R-WY), Kirsten Gillibrand (D-NY), Elizabeth Warren (D-MA), and Roger Marshall (R-KS) introduced an amendment to the National Defense Authorization Act (NDAA) that seeks to examine the adequacy of current anti-money laundering obligations (set forth in the Bank Secrecy Act (BSA)) as applied to crypto assets, crypto asset kiosks