Bridging the Week by Gary DeWaal: May 6 – 10 and May 13, 2019 (So Many Guidances by CFTC Enforcement, FinCEN and FINRA, So Little Time; The SEC and Jackson Pollock)
Last week may not have been the best of times or the worst of times (to borrow from Charles Dickens), but it was undoubtedly a time that three United States financial services regulators issued important guidance on disparate topics. For the first time ever, the Commodity Futures Trading Commission’s Division of Enforcement issued an enforcement manual to provide insight into its policies and procedures. Separately, the Financial Crimes Enforcement Network of the US Department of Treasury released comprehensive guidance articulating when persons involved in virtual currency businesses may be acting as money transmitters and require licensing as money service businesses. Finally, the Financial Industry Regulatory Authority enumerated almost 100 different red flags potentially requiring filing of Suspicious Activity Reports by member broker-dealers with FinCEN. As a result, the following matters are covered in this week’s edition of Bridging the Week:
CFTC Division of Enforcement Issues First Guide to Activities and Overview of General Policies and Procedures (includes My View);
FinCEN Publishes Guidance for Businesses Transacting in Virtual Currencies and Indicia of Illicit Cryptocurrency Activity (includes Compliance Weeds);
FINRA Enumerates 97 Red Flags Potentially Justifying SAR Filing (includes Compliance Weeds); and more.
CFTC Division of Enforcement Issues First Guide to Activities and Overview of General Policies and Procedures: For the first time in its history, the Commodity Futures Trading Commission’s Division of Enforcement issued a reference guide setting forth policies and procedures of the DOE regarding the conduct of investigations, the prosecution and settlement of enforcement actions, and miscellaneous topics, such as ethics, confidentiality and records management.
Termed the “Enforcement Manual,” the CFTC’s guidance is seemingly modeled after the “Justice Manual” issued by the US Department of Justice for its staff. (Click here to access the current copy of the Justice Manual; prior to 2018, the Justice Manual was known as the “US Attorney’s Manual.”) Like DOJ’s Justice Manual, the DOE’s Enforcement Manual was intended to be shared with the public.
The Enforcement Manual does not break any new ground and, according to James McDonald, DOE Director, “creates no private rights.” It is solely designed to compile in one document the DOE’s operating procedures so that they can be “readily accessible to those affected by them.” The manual may be updated from time to time.
The principal sections of the Enforcement Manual reference leads; preliminary inquiries and investigations; litigation; self-reporting, cooperation and remediation; cooperative enforcement; privileges and confidentiality; and other miscellaneous topics including ethics, record management and document control and the CFTC’s whistleblowing program.
My View: Although there are no secrets revealed in the DOE’s Enforcement Manual, it is a handy compilation of relevant DOE policies and procedures that helps explain the intricacies of the CFTC investigations and enforcement actions. The document serves a very useful purpose in that it provides laypersons (as well as practitioners) insight into what, for many, may seem an overwhelming and obtuse process.
In addressing some topics, the Enforcement Manual is exceptionally transparent, e.g., when it discusses statute of limitations and tolling agreements (“[s]ome courts have held that [a] five-year statute of limitations … applies to certain claims brought by the CFTC”) as well as a person’s right to request closing letters when staff has decided to terminate an investigation – although the manual notes the decision to grant a letter is discretionary.
Regrettably, however, the Enforcement Manual does not provide sufficient color on how it generally applies its discretionary authority, as well as factors other than cooperation it considers in recommending specific sanctions in connection with settlements, particularly the amounts of fines.
For example, no insight is provided in the Enforcement Manual regarding the circumstances where the DOE Director may formally invite a potential subject of an enforcement action to submit a “Wells Submission” to try to convince the DOE not to file a case. (A party always has the right to submit a so-called “White Party” which effectively is an unsolicited Wells Submission.) Similarly, while the Enforcement Manual notes that the DOE has discretion to commence enforcement actions in a federal court or an administrative tribunal, it does not provide insight into why one or the other forum might be chosen. Moreover, there is no practical guidance set forth in the Enforcement Manual regarding the calculus behind sanctions requested in settlements.
It would have been beneficial for the Enforcement Manual to provide at least some insight into the DOE’s discretionary decision making as well as its approach toward sanctions in settlements. Maybe this will happen in Enforcement Manual 2.0. But Enforcement Manual 1.0 provides a meritorious start.
FinCEN Publishes Guidance for Businesses Transacting in Virtual Currencies and Indicia of Illicit Cryptocurrency Activity: The Financial Crimes Enforcement Network of the US Department of Treasury published a comprehensive overview of its regulations and previously published guidance related to how individuals and firms may have to comply with obligations for money transmitters to the extent they engage in businesses involving so-called “convertible virtual currencies” ("CVC").
Generally FinCEN requires any person engaging in the business of money transmission or the transfer of funds, including CVC, to (1) maintain an “effective” written anti-money laundering program reasonably designed to prevent the business from being employed to help the financing of terrorist activities and money laundering and (2) register as a money service business. A firm or individual engages in money transmission, says FinCEN, when it receives one form of value (including CVC) from a person and transmits it in the same or different form to another person or location by any means. FinCEN concludes, for example, that, applying this definition, a business operates as a money transmitter when it accepts fiat currency from a person and transfers the CVC to the person’s CVC account with the business.
FinCEN defines CVC as any medium of exchange that functions like currency but does not have all the attributes of fiat currency, including constituting legal tender. FinCEN noted that, while CVC may include instruments referred to as digital currencies, cryptocurrencies and digital assets, the naming of an instrument “is not dispositive of its regulatory treatment.” Likewise, said FinCEN, it is the business model of a person engaging in activities regarding CVC that dictates obligations of money transmitters, not the “label used by industry to designate a general type of product or service.”
FinCEN’s guidance provides numerous examples of when a CVC business constitutes money transmitting and when it does not, concentrating mostly on the activities of three types of businesses: (1) wallet providers; (2) money transmission services utilizing electronic kiosks and decentralized applications; and (3) trading platforms and decentralized exchanges. The guidance also discusses money transmission engaged in connection with project fundraising, such as initial coin offerings. For all businesses, the key determining factor appears to be whether the business is touching CVC as part of a transmission, or is simply helping persons effectuate a transmission themselves. The former activity generally constitutes money transmission, the latter does not.
Separately, FinCEN also issued an advisory to aid financial institutions, including MSBs handling CVC, identify suspicious activities involving CVC. Typically financial institutions are obligated to report all suspicious activities to FinCEN. Among other things, the advisory describes how so-called “darknet marketplaces” are often interposed in many illegal activities; sets forth a list of 30 red flags of potential abuses using CVC; and identifies certain required and helpful information that should be included in all suspicious activity reports involving CVC that are filed with FinCEN. (Darknet marketplaces reference anonymized locations on the Internet that are not indexed by traditional search engines and typically require special software to access.)
Among red flags of potential suspicious activity involving CVC identified by FinCEN is a customer receiving a number of deposits from different sources in a relatively short time that in total equal the aggregate amount of funds transferred to a known virtual currency exchange; a customer’s transactions emanating from a non-trusted IP address, an IP address associated with a sanctioned jurisdiction or an IP address previously identified as suspicious; and a customer using identification or account credentials (e.g., unique password, IP address or flash cookies) employed by another account. FinCEN also noted as a red flag a customer “significantly older than the average age of platform users” opening a cryptocurrency transaction account and engaging in a large number of transactions. This behavior, suggested FinCEN, may indicate the person’s role as a “CVC money mule” or as a victim of an elderly financial exploitation scam.
In other legal and regulatory developments regarding cryptoassets:
SEC Crypto Guidance Employing Jackson Pollock Techniques Too Cryptic Says Commissioner Hester Peirce: Hester Peirce, Commissioner of the Securities and Exchange Commission, expressed her skepticism regarding the Commission’s recently issued framework regarding when cryptoassets may constitute investment contracts (and thus securities) and its contemporaneously released TurnKey Jet no action letter. (Click here for background in the article “SEC Staff Outlines Characteristics of Cryptoassets That Could Cause Them to Be Regarded as Securities” in the April 7, 2019 edition of Bridging the Week.)
According to Ms. Peirce, in endeavoring to help persons apply the four prongs of the so-called Howey test to determine whether particular cryptoassets might be deemed securities, Commission staff listed 38 distinct considerations “many of which include several sub-points.” (Click here to access a copy of the Supreme Court’s 1946 decision in SEC v. W.J. Howey Co.) Although she observed that “seasoned” securities attorneys might be able to successfully navigate this Scylla and Charybdis of staff guidance, she feared that non-lawyers likely could not.
Moreover, Ms. Peirce argued that the cryptoassets at issue in TurnKey Jet “so clearly did not [constitute] an offer of securities,” that discussion of the multitude of characteristics that prompted staff to conclude that the digital tokens were not securities “could have the effect of broadening the perceived reach of our securities laws.”
Ms. Peirce cautioned that the SEC’s “Jackson Pollock approach to splashing lots of factors on the canvas without any clear message leaves something to be desired.”
Defendant Convicted of Securities Fraud in Connection With Cryptosecurity Offer and Sales Asks for Leniency in Sentencing: Maksim Zaslavskiy, who previously pleaded guilty to conspiracy to commit securities fraud, requested the federal court in Brooklyn, New York, hearing his case to sentence him solely to probation.
Mr. Zaslavskiy was charged in October 2017 with securities fraud and related offenses in connection with two cryptocurrency investment schemes and their related initial coin offerings. In September 2018, the same court rejected Mr. Zaslavskiy’s motion to dismiss his criminal charges on the grounds that he was not involved in the sale of securities; the court held that the government’s complaint alleged sufficient facts demonstrating that the relevant cryptoassets were investment contracts under applicable legal precedent (i.e., (1) an investment of money, (2) in a common enterprise with (3) the expectation of profits (4) solely from the efforts of a promoter or third party).
In his sentencing memorandum to the court, Mr. Zaslavskiy requested probation on the grounds that he has remitted all funds he received from customers in connection with his initial coin offerings except for funds automatically taken by Amazon to pay for advertising for the relevant cryptoassets. (Click here for background regarding Mr. Zaslavskiy’s criminal and SEC civil actions in the article “Brooklyn Federal Court Rules ICO-Issued Digital Assets Could Be Securities” in the September 16, 2018 edition of Bridging the Week.) The government will respond to Mr. Zaslavskiy's sentencing memorandum by May 15.
Compliance Weeds: FinCEN’s guidance fairly attempts to provide practical guidance to help persons engaging in businesses touching CVC to understand better whether they may have to register as an MSB. However, the guidance leaves uncertain a few important matters.
Generally, persons engaged as money transmitters of CVC must register as MSBs with FinCEN. However, this requirement does not apply to persons “functionally regulated or examined” by the Securities and Exchange Commission or the Commodity Futures Trading Commission. However, it is not clear what the word “functionally” references. In the case of the CFTC, all registrants and persons required to be registered are overseen and potentially examined by the Commission. Moreover, regarding virtual currencies, “[t]he CFTC’s jurisdiction is implicated when a virtual currency is used in a derivatives contract, or if there is fraud or manipulation involving a virtual currency traded in interstate commerce.” However, the CFTC has made clear that it does not “oversee ‘spot’ or cash market exchanges and transactions involving virtual currencies that do not utilize margin, leverage, or financing.” (Click here to access the CFTC’s LabCFTC’s 2017 primer on virtual currencies; click here to access NFA Interpretive Notice 9073 regarding disclosure requirements for National Futures Association members engaging in virtual currency activities.) The new FinCEN advisory is silent as to FinCEN’s view of the meaning of “functionally” in the context of the CFTC's position.
Similarly, in a prior guidance, FinCEN made clear that a company purchasing and selling virtual currency, including paying and receiving the like amount of fiat currency to and from counterparties, for its own account, is not engaged in a money transmitter business. (Click here to access FIN-2014-R002.) This would seem to preclude a dealer of CVC from having to register as an MSB. However, the same prior guidance notes that if a firm were to provide services to others as a business that involved accepting and transmitting CVC or exchanging CVC for fiat currency or another CVC, “additional analysis would be necessary to determine the Company’s regulatory status and obligations with respect to such activity.” This distinction presents a blurry line that is treacherous to navigate. The new FinCEN guidance, particularly its discussion of P2P exchanges, provides no focus regarding this distinction, and the addressing of this topic solely by dropping a footnote referencing FinCEN’s prior guidance (see fn 52) does not advance certainty.
Finally, it is important that issuers and intermediaries of stablecoins review this new FinCEN guidance. In it, FinCEN makes clear that money transmission could include “the issuance and subsequent acceptance and transmission of a digital token that evidenced ownership of a certain amount of a commodity, security or futures contract” that serves as a substitute for fiat currency. Curiously, FinCEN also writes that money transmission may occur when a person who is not exempt from MSB status “issues or employs commodities, securities or futures contracts by themselves as value that substitutes for currency in money transmission services.” The meaning of this phrase in the context of SEC and CFTC registration requirements is unclear.
Importantly the triggers for registration as an MSB with FinCEN are parallel to the triggers for registration as a money transmitter (or something equivalent) in most states. However, there is no uniformity among states’ requirements.
FINRA Enumerates 97 Red Flags Potentially Justifying SAR Filing: The Financial Industry Regulatory Authority issued a Regulatory Notice reminding members of their obligation to maintain a written policy reasonably designed to detect and report qualifying suspicious activities to the Financial Crimes Enforcement Network of the US Department of Treasury. (Click here to access FINRA Rule 3310.) Generally member broker-dealers must report all suspicious activities (including attempted misconduct) that aggregates funds or other assets in excess of US $5,000 that the BD knows or has a reasonable basis to believe are transactions (1) involving funds obtained from illegal activity or to hide funds or assets obtained from illegal conduct as part of a plan to evade federal law or regulation or to avoid a required transaction reporting requirement; (2) designed to avoid anti-money laundering requirements; (3) that have no business or apparent lawful purpose; or (4) that use the BD to facilitate criminal conduct. FinCEN’s guidance lists 97 potential red flags that it advises BDs to consider when evaluating the need to file a SAR.
Compliance Weeds: SAR reporting requirements apply not only to BDs but also to Commodity Futures Trading Commission-registered futures commission merchants and introducing brokers. (Click here for background.)
Not only traditional red flags of potential money laundering must be reported as suspicious activities to FinCEN, but also certain cybersecurity breaches and potential breaches.
In October 2016, FinCEN issued an advisory stating that covered financial institutions must file a suspicious activity report following certain cyber-events. Mandatorily reportable incidents are those where a financial institution is targeted by a cyber-event where it knows, or has reason to suspect, the event “was intended, in whole or in part, to conduct, facilitate, or affect a transaction or series of transactions” that involves or aggregates or could involve or aggregate to US $5,000 or more in funds or other assets. It would not matter whether the transaction or series of transactions ended up actually occurring. (Click here for details regarding this FinCEN advisory in the article “FinCEN Issues Advisory Saying Cyber Attacks May Be Required to Be Reported Through SARs” in the October 30, 2016 edition of Bridging the Week.)
Recently, FINRA fined LPL Financial, LLC, a broker-dealer, US $2.75 million for not reporting as suspicious activities to FinCEN unsuccessful attempts by third parties to gain unauthorized access to customers’ email or brokerage accounts. According to FINRA, LPL mistakenly believed that only successful hacking incidents were subject to SAR reporting and advised its employees accordingly; however, this understanding was incorrect. As a result, FINRA concluded that LPL failed to investigate and file over 400 SARs with FinCEN from January 1, 2013, through May 31, 2016. (Click here for further details in the article “Broker-Dealer Fined US $2.75 Million by FINRA for Breakdowns in AML Program and Customer Complaint Reporting” in the November 4, 2018 edition of Bridging the Week.)
CFTC Sues Former Trader Previously Charged Criminally for Falsely Inflating Natural Gas Futures and Physical Trades: The Commodity Futures Trading Commission filed a lawsuit against David Smothermon, the former president and head trader of the gas division of an unnamed commodities trading company where he worked, for mismarking natural gas futures and physical positions in his company’s internal bookkeeping system to hide trading losses that ultimately resulted in over US $100 million in losses to his employer. Mr. Smothermon’s alleged mismarking occurred from approximately December 2015 to September 2016; the CFTC’s complaint was filed in a federal court in New York City. Mr. Smothermon resigned from the company in September 2016 purportedly just after being told that the company planned to conduct an audit of the gas division. Mr. Smothermon was charged by the CFTC with violating applicable laws and rules prohibiting fraud by manipulation or deceptive device or contrivance and fraud in connection with futures contracts. In November 2018 Mr. Smothermon was criminally charged for the same essential offenses by the US Department of Justice, also in a federal court in New York City. (Click here to access a copy of Mr. Smothermon’s criminal complaint.) According to at least one blog, the non-identified company that employed Mr. Smothermon was Trammo Inc. (Click here to access the relevant blog.)
Nonmember Settles CME Spoofing Allegations: Michael Vukmir, a nonmember, settled allegations brought by the Chicago Mercantile Exchange that, from June 1, 2016, through September 1, 2017, he engaged in spoofing-type conduct involving Class III Milk futures contracts. According to CME, during this time, he layered large orders on one side of the market to effectuate executions of smaller orders he placed on the other side of the market. To resolve this matter, Mr. Vukmir agreed to pay a fine of US $15,000 and be prohibited from accessing all CME Group markets for three months. Separately, Jian Shi and Ziao Xu were permanently banned by the business conduct committee of the Commodity Exchange, Inc. from any access to any CME Group market for not participating in a COMEX staff investigation or answering unspecified charges filed against them.
Whistleblower Receives US $1.5 Million From CFTC for Providing Original Information Helping Enforcement: The Commodity Futures Trading Commission awarded US $1.5 million to an unnamed individual who voluntarily provided “original information” to the Commission that led to a successful CFTC enforcement action, as well as the resolution of another matter brought by another federal regulator. The CFTC noted that the individual appears to have attempted to report his/her information internally prior to alerting the CFTC and the other federal regulator. During fiscal year 2018, the number of whistleblower awards granted by the CFTC (5) exceeded all whistleblower awards ever previously granted by the Commission (4). Moreover, the amount of awards – in excess of US $75 million – was many times in excess of the aggregate of the dollar value of all whistleblower awards previously granted by the CFTC. (Click here for further details in the article “CFTC Enforcement Division Lauds Success of FY 2018 Accomplishments; Says Goal Is to Foster 'True Culture of Compliance'" in the November 18, 2018 edition of Bridging the Week.)
SEC Proposes Rules to Enhance Cross-Border Security-Based Swap Requirements: The Securities and Exchange Commission proposed rule amendments and guidance to govern cross-border security-based swap transactions. The proposed measures address how certain requirements for security-based swap transactions may apply to non-US entities where US-based personnel were involved in arranging or negotiating a relevant transaction. Apparently, the proposed rules and guidance were coordinated with the Commodity Futures Trading Commission which is expected to propose its own parallel initiatives shortly. Comments to the SEC’s proposed regulatory approach will be accepted for 60 days following its publication in the Federal Register. Separately, previously announced amendments to compliance rules by the National Futures Association to address swaps will be effective July 1. (Click here for details.)