In what is the New York Department of Financial Services’ (NYDFS) first enforcement action against a NYDFS-licensed “virtual currency business,” on August 1, 2022, the agency announced $30 million settlement with cryptocurrency investing platform Robinhood Crypto, LLC (“RHC”).  The settlement addressed  charges stemming from what the NYDFS cited as various deficiencies during 2019-20 of RHC’s Bank Secrecy Act (BSA) and anti-money laundering (AML) program and RHS’ cybersecurity obligations under the agency’s Virtual Currency “BitLicense” regulation (23 NYCRR Part 200) and Cybersecurity Regulation (23 NYCRR Part 500), among other things

NYDFS has been active in crypto regulation for many years. In 2015, New York was the first state to promulgate a comprehensive framework for regulating virtual currency-related businesses. The keystones of the BitLicense regulations are consumer protection, anti-money laundering compliance and cybersecurity rules that are intended to place appropriate “guardrails” around the industry while allowing innovation. In addition, NYDFS’s Cybersecurity Regulation went into effect in March 2017 and generally requires all covered entities, including licensed virtual currency businesses, to establish and maintain a cybersecurity program designed to protect the confidentiality, integrity, and availability of its information systems. Licensed virtual currency companies are subject to the same AML and cybersecurity regulations as traditional financial services companies.

There have been a number of developments swirling around stablecoins in the past month, including, earlier this week, the recent introduction in the U.S. Senate of a bill (the “Responsible Financial Innovation Act”) that would put in place a regulatory framework for digital assets and enact certain requirements and consumer protections surrounding stablecoins. The topic of stablecoins’ utility and risk has been in the headlines and on the minds of both legislators and state and federal financial regulators. In a timely move, the New York Department of Financial Services (NYDFS), released its “Guidance on the Issuance of U.S. Dollar-Backed Stablecoins” meant to set foundational criteria for USD-backed stablecoins issued by DFS-regulated entities on the issues of redeemability, assets reserves and attestations about such reserves. The NYDFS is the first state regulator to release such guidance. With the fate of Congressional action on stablecoins this year uncertain (and equally uncertain whether federal agencies or banking regulators will step in to offer certain guardrails), it will likely be left to the states (and the industry itself) to establish certain baselines that offer consumer protection and stability without harming innovation. Given NYDFS’s experience in the virtual currency space and its prominence, its latest guidance may be influential to other regulators around the country. 

In a speech given this week at Columbia University by Fabio Panetta, Member of the Executive Board of the European Central Bank (ECB), he decried the entire “crypto gamble,” seeing crypto-assets as “bringing about instability and insecurity – the exact opposite of what they promised” and calling for tighter regulation in the EU (and coordination with international partners) to curb the financial and associated risks from crypto-assets.

Panetta’s speech (entitled “For a few cryptos more: the Wild West of crypto finance”) evoked remarks made by SEC Chair Gary Gensler back in August 2021 that labeled crypto the “Wild West” and requested Congress give the Commission more authority “to write rules for and attach guardrails to crypto trading and lending” that would boost consumer trust and allow the industry to prosper.  Panetta’s scathing broadside was lobbed against what he sees as the risky, seamier side of crypto – the speculative fervor and greed, the high volatility of crypto markets, the facilitation of criminal financial activity, the lack of adequate disclosures, the largely unregulated or “insufficiently supervised” cryptocurrency miners and service providers, and other un- or under-regulated aspects of the “crypto bubble” that, if left ignored, could pose risks to financial stability (citing the sub-prime mortgage market that triggered the last global financial crisis). While far more strident in tone than President Biden’s March 2022 executive order, Panetta’s speech similarly articulated a high-level strategy for regulating and fostering innovation in the burgeoning digital assets space and pushed for central banks to move more quickly to develop central bank digital currencies (CBDCs) and “respond to the people’s growing demand for digital assets and a digital currency by making sovereign money fit for the digital age” or else sit by as the private sector satisfies this demand.

Taking a wide view, Fabio Panetta’s remarks, coupled with the multiple crypto-related regulatory developments ongoing both in the EU and U.S., suggest that some changes are afoot for the crypto industry. While there has been some industry-friendly legislation at the state level in recent years to encourage innovation, at the federal level it seems that the honeymoon period of light touch or no regulation (or largely, regulation by agency enforcement) for the crypto industry is over. Innovation in this space continues at a furious pace at the same time as regulators are slowly gaining experience and expertise about the public policy and investor risks surrounding crypto-assets. Thus, providers should expect more scrutiny and additional compliance hurdles going forward, as multiple regulators have stated that the lasting innovations and societal benefits of cryptocurrencies and DeFi applications can only occur alongside responsible regulation. Panetta stated that pulling off such responsible oversight will not be easy, as there will be “complex trade-offs, balancing the goals of promoting innovation, preserving financial stability and ensuring consumer protection.”

On March 9, 2022, the President issued an Executive Order (the “E.O.”) that articulates a high-level, wide-ranging national strategy for regulating and fostering innovation in the burgeoning digital assets space.  The strategy is intended to encourage innovation yet still provide adequate oversight to control systemic risks and the attendant investor, business, consumer and environmental concerns.

The E.O. is very broad in scope.  It focuses on the myriad of issues associated with “digital assets,” a term defined in a way to capture a wide variety of existing and emerging “crypto” implementations.  Specifically, the E.O. defines digital assets to include “all central bank digital currencies (CBDCs), regardless of the technology used, and to other representations of value, financial assets and instruments, or claims that are used to make payments or investments, or to transmit or exchange funds or the equivalent thereof, that are issued or represented in digital form through the use of distributed ledger technology.” Significantly, the E.O. does not make an attempt at defining the regulatory status of digital assets and notes a digital asset “may be, among other things, a security, a commodity, a derivative, or other financial product.”

While the E.O. itself doesn’t really set forth any new requirements, it puts into motion a process that may yield specific regulatory approaches to digital assets.  Of course, this process is happening in parallel with other initiatives by the Securities and Exchange Commission (“SEC”) and Congress itself and thus, there is a possibility that the E.O will result in approaches that are in ways inconsistent with other ongoing regulatory developments.  For example, in January 2022 the SEC released a proposal that would enhance investor protections and cybersecurity for alternative trading systems that trade Treasuries and other government securities.  The proposal prompted a dissenting statement from SEC Commissioner Hester Peirce (often referred to as “Crypto Mom” for her advocacy of the industry), who objected to the speed and breadth of the January 2022 proposal.  The E.O. sidesteps some of the controversial issues addressed in the SEC proposal, such as how “exchanges” should be defined, as well as the greater issue of how different digital assets should be classified (and therefore, which financial regulatory agencies have jurisdiction over various digital products and platforms). At the same time, there seems to be some amount of bipartisan interest in Congress to pass its own legislation regulating certain aspects of cryptocurrency and related technologies (e.g., in the stablecoin area), Whether or not that legislation would be consistent with the results of the E.O.-driven processes is also hard to tell.

The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.”  The term “metaverse,” which

Gary Gensler, Chair of the Securities and Exchange Commission (SEC), attracted a lot of attention following his remarks at the Aspen Security Forum earlier this month, asking Congress for more authority “to write rules for and attach guardrails to crypto trading and lending” and opining that for the “volatile” industry to truly prosper it needs more investor and consumer protections.  But make no mistake: Gensler is not waiting around for Congress to act.  In his remarks, Gensler highlighted various areas where the SEC currently has jurisdiction and emphasized that “we have taken and will continue to take our authorities as far as they go.”