On July 12, 2023, U.S. Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-N.Y.) proposed a revised version of their previously introduced crypto regulation bill to create better safeguards for the crypto industry generally while adding new, stronger consumer protection provisions and AML provisions. The Lummis-Gillibrand bill, also known as the Responsible Financial Innovation Act (“RFIA”), identifies the need for enhanced regulation of digital assets. The proposal addresses this need, in part, by creating clearly defined regulatory roles for the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”), which are two of the leading regulatory bodies currently engaged in regulating the U.S. crypto market, as well as creating a new Customer Protection and Market Integrity Authority self-regulatory organization. The need for greater clarity in the roles of the CFTC and the SEC and with respect to cryptocurrency regulations generally is certainly timely, given the recent CFTC actions against Blockratize, bZeroX (and its successor Ooki DAO), and others and recent high-profile SEC actions against major crypto exchanges.
The revised RFIA draws a clearer distinction between digital assets that are considered “securities,” which are regulated by the SEC, and “commodities,” which fall under the regulatory authority of the CFTC. The proposal affirms that assets that do not represent debt or equity or that otherwise do not give an investor a financial interest in a business are not considered securities even if they “benefit from entrepreneurial and managerial efforts that determine the value of the assets.” As most digital assets, including Bitcoin and Ethereum, which comprise more than half of digital asset market capitalization, would be considered commodities under this distinction (according to the bill’s sponsors), the proposal, in turn, grants primary regulatory authority of the digital asset space to the CFTC. Under the RFIA, the CFTC would only exercise jurisdiction over “an agreement, contract, or transaction involving a contract of sale of a crypto asset that is commercially fungible, which shall not include digital collectibles and other unique crypto assets,” a definition which would seem to exclude transactions of typical non-fungible tokens (or “NFTs”).
The proposal establishes the CFTC as the main digital asset regulator in several different ways. For example, the RFIA mandates that crypto exchanges are to be overseen by the CFTC and would require that U.S. “crypto asset exchanges” register with the CTFC (whereas registration was merely optional in the previous version of the bill); so-called “decentralized crypto asset exchanges” or DeFi services are regulated separately in the bill. The SEC is not completely without authority however, as the RFIA still requires those issuing cryptocurrency to make twice-yearly disclosures to the SEC, but as long as these issuers’ tokens are still considered “commodities” using the aforementioned criteria, cryptocurrency issuers will, for the most part, remain outside the regulatory purview of the SEC. Moreover, under the bill, a CFTC-regulated “crypto asset” would not include an asset that “provides the holder of the asset with any of the following rights in a business entity: (i) A debt or equity interest in that entity; (ii) Liquidation rights with respect to that entity; (iii) An entitlement to an interest or dividend payment from that entity; (iv) Any other financial interest in that entity.” These classes of digital assets would remain under SEC jurisdiction.
On the consumer protection front, the RFIA includes several key provisions:
- Allocating enforcement authority for new crypto asset consumer protection requirements amongst the CFTC, SEC, banking agencies and a new self-regulatory organization, the Customer Protection and Market Integrity Authority.
- Requiring all crypto asset intermediaries to maintain proof of reserves and undergo an annual verification, which would be enforced by the Public Company Accounting Oversight Board.
- Specifying that customer agreements must be written in plain language and that these agreements, and subsequent changes, must be filed in a public database.
- Specifying mandatory notice requirements for customers.
- Imposing basic notice, risk management and segregation and third-party custody requirements, as well as standards for crypto asset lending and a ban on rehypothecation.
- Requiring customer agreements to specify the moment when a transaction is finally settled between an intermediary and a customer, as a matter of law.
- Creating advertising standards for crypto asset marketing, including a duty to be fair, balanced and not misleading, and requiring disclosures, including compensation.
- Requiring that crypto asset intermediaries report cybersecurity breaches in a timely manner and mandating the CFTC and the SEC, in consultation with other agencies, develop cybersecurity standards for brokers and other intermediaries.
The comprehensive list of consumer protection measures outlined in the RFIA is a direct response to fraud and bad actors that exist in the digital asset marketplace (which was one of the motivating factors behind the initial introduction of the RFIA in 2022). Further, these measures dovetail with the RFIA’s provisions to combat the use of digital assets in illicit financial transactions which include increased criminal penalties for willful violations of the Bank Secrecy Act relating to digital assets, the adoption of robust anti-money laundering and sanctions evasion measures, and increased Financial Crimes Enforcement Network (“FinCEN”) reporting, which is similar to a bill introduced by U.S. Senator Elizabeth Warren (D-MA) in December 2022 (Digital Asset Anti-Money Laundering Act (S.5267)).
In the wake of the revised RFIA’s introduction to the Senate floor, a similar bipartisan effort was launched in the House of Representatives on July 26, 2023. The House Financial Services Committee approved a plan to advance the Financial Innovation and Technology for the 21st Century Act, a bill that also attempts to define when a digital asset is a security or a commodity while clarifying the regulatory jurisdiction of the CFTC and the SEC in the U.S. crypto market. The House bill would give the CFTC jurisdiction over digital assets traded on a “functional” and “decentralized” exchange or issued through an “end user distribution.” The SEC would have jurisdiction over digital assets before the networks to which the assets relate are “functional” and certified as “decentralized.” The House bill also specifies that neither the CFTC nor the SEC would have authority to regulate stablecoins. Depending on the stablecoin’s characteristics, it would be regulated by the Federal Reserve Board, Office of the Comptroller of the Currency or state regulators. While the House bill did receive opposition as it made its way through Committee, these recent legislative developments suggest that regulatory clarity is a salient topic in this industry.
It remains to be seen whether the Lummis-Gillibrand bill, the House bill, or a third proposal for digital asset regulation becomes law, but these proposals underscore a significant bipartisan effort to tackle underlying issues affecting the current digital asset landscape.