The recent downturn in the crypto market, combined with the very public collapse of FTX and investigations into Binance, has led to a heightened interest in how to aggressively report on frauds committed by crypto companies. Whistleblowers have already been equipped to battle international and domestic corruption, fraud, waste, and abuse under the wildly successful Dodd-Frank Act. As cryptocurrency has expanded in influence, laws and regulations are now being written to directly regulate this field. Despite confusion regarding how and where to disclose information, existing laws already provide multiple regulators with jurisdiction over crypto tokens and exchanges. Crypto whistleblowers have information, but need to know who they can turn to.
Since crypto is a new technology, regulators are determining exactly how it fits into existing legal frameworks. Crypto tokens and exchanges are alternatively treated as a security by the Securities and Exchange Commission (“SEC”), a commodity or currency exchange by the Commodity Futures Trading Commission (“CFTC”), or a money services business by the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the Treasury Department specifically designed to fight money laundering, terrorist financing, and other financial crimes often committed through crypto companies.
CFTC Chairman Rostin Behnam explained the difference in jurisdiction between the SEC and CFTC to the Senate. While advocating for new legislation, Behnam supported a regulatory system “where the SEC would utilize its existing authority and reporting regime requirements for all security tokens, while the CFTC would apply its market-based rules for the more limited subset of commodity tokens, which do not have the same characteristics as security tokens.” This proposed solution supports a split between tokens that operate more like securities that are connected to a certain company or exchange, such as FTT or Ethereum, and tokens that are decentralized and operate more like currency exchanges, such as Bitcoin. This explanation outlines how the SEC and CFTC divide authority over crypto currently, despite the lack of specific current regulations.
Since 2013, the SEC has taken enforcement action in 118 “crypto asset” cases. Whistleblowers can report information regarding violations of securities laws by crypto companies and exchanges to the SEC through their Office of the Whistleblower established under the Dodd-Frank Act.
According to Behnam, “the CFTC has brought more than 60 enforcement cases in the digital asset space since 2014, with total penalties surpassing $820 million.” This is despite the lack of regulatory and surveillance authority, requiring the commission to rely only on “more limited fraud and manipulation enforcement authority.” Whistleblowers can report information regarding violations of law to the CFTC through their Whistleblower Program.
FinCEN is granted jurisdiction through the Bank Secrecy Act (BSA), which treats crypto exchanges as financial institutions, and more specifically money service businesses (“MSB”) or the sub-category of money transmitters. In a 2015 news release announcing FinCEN’s first civil enforcement action against a virtual currency exchanger, Director Jennifer Shasky Calvery said that “[v]irtual currency exchangers must bring products to market that comply with our anti-money laundering laws, [i]nnovation is laudable but only as long as it does not unreasonably expose our financial system to tech-smart criminals eager to abuse the latest and most complex products.”
Prior enforcements have required crypto exchanges to…
Register within 180 days of beginning operations and the renewal of such registration every two years;
Develop, implement, and maintain an effective written AML program that is reasonably designed to prevent the MSB from being used to facilitate money laundering and the financing of terrorist activities;
Report transactions that the MSB ‘knows, suspects, or has reason to suspect’ are suspicious, if the transactions are conducted or attempted by, at, or through the MSB, and the transactions involve or aggregate to at least $2,000 in funds or other assets; and
Obtain and retain records related to transmittals of funds in amounts of $3,000 or more.
FinCEN has taken enforcement action against six entities involved in cryptocurrencies since their first cryptocurrency action in 2015. This has been done without an effective whistleblower program. The FinCEN Office of the Whistleblower was formed in 2020 and improved in December 2022 through the AML Whistleblower Improvement Act. The 2022 improvement brought the original AML act in line with the Dodd-Frank whistleblower award programs by guaranteeing awards for qualifying whistleblowers who provide information that leads to successful enforcement actions. This improved program will bring in more credible information from whistleblowers, and enforcement actions will likely increase in quantity and scale from FinCEN.
Many crypto exchanges have sought to avoid U.S. jurisdiction through policies that prevent U.S. users from accessing their services. However, the SEC, CFTC, and FinCEN still have jurisdiction whenever American users have access to the exchanges due to lack of sound guardrails by the crypto exchange, or from combining functions between supposedly separate U.S. and global exchanges.
While crypto is a new technology and regulations have not yet been fully established for its regulation, existing laws and programs encompass this field and are effective for whistleblowers seeking to report crypto fraud. The whistleblower programs from the SEC, CFTC, and FinCEN all guarantee for whistleblowers: confidentiality, anonymity, and the chance at a financial reward if a sanction is brought thanks to their information. The novelty of crypto technology should not be seen as an obstacle for whistleblowers seeking to report fraud. Oversight and regulation of this field is necessary, and whistleblowers play a critical role in this enforcement.