Cryptocurrencies

Subscribe to Cryptocurrencies via RSS

When it rains, it pours.  On January 23, 2023, the New York Department of Financial Services announced that it had issued certain Guidance on Custodial Structures for Customer Protection in the Event of Insolvency in which it emphasized the importance of sound custody and disclosure practices to protect customers in the event of an insolvency or similar proceeding.  This month, the Securities and Exchange Commission (“SEC”) followed suit.

On February 15, 2023, the SEC proposed amendments to the Custody Rule under the Investment Advisers Act of 1940, which, among other changes, expands the current custody rule’s application to a broader array of client assets under the rule managed by registered investment advisers and clarifies certain aspects of the existing rule (see more digestible SEC Fact Sheet here).

The SEC’s proposed amendments are aimed at reducing the risk of loss of client assets by expanding the types of assets covered by the rule beyond “funds and securities” that will be subject to custodial safeguards and helping ensure assets are properly segregated. The proposed amendment would also impose certain reporting and compliance requirements on investment advisers, including requiring them to provide information about their practices in safeguarding client assets. Notably, if the amended rule is adopted after the 60-day comment period, which is not certain, then crypto assets will undoubtedly be affected. In a statement discussing the proposed amendments, SEC Chair Gary Gensler noted that the rule “covers a significant amount of crypto assets” and that “most crypto assets are likely to be funds or crypto asset securities covered by the current rule.”

Custody is a safekeeping activity by a financial institution involving storing, protecting, and securing assets separately from those of other customers or the investment firm itself. TradFi investment advisers are typically required to maintain customer funds and securities with a qualified financial firm (i.e., a custodian).  Most assets are intangible assets held “on account” with a broker-dealer (i.e., stocks and bonds, which are rarely held in certificate form), though some assets may consist of physical certificates, cash, or other tangible assets.  On the other hand, crypto custody consists primarily of bookkeeping because there is no physical asset and no centralized ownership record for a digital asset: the blockchain records wallet activity and balances.  While there is the option for self-custody of crypto assets, a crypto investor may allow a custodian or crypto exchange to hold their private keys for them, enabling the custodian to use the wallet to transact. This arrangement potentially opens up a range of risks, including the risk of hacking, insolvency risk, or malfeasance involving the commingling of investors’ cryptoassets with those of other investors or institutional assets.

The organizers of an initial coin offering (ICO) recently won dismissal of an investor’s fraud claims by establishing that their public risk disclosures negated the investor’s claims of reliance on alleged misstatements.  The project, a video service provider’s ICO, was governed by a purchase agreement called a “Simple Agreement for Future Tokens” (“SAFT”).   The plaintiff investor later lost his entire investment as the token collapsed, allegedly due to the provider’s decision to scrap its initial plans for a decentralized platform and move to a permissioned blockchain (and also the provider’s choice to seek additional capital via a “Regulation A” public offering).  The New York court found that even if certain representations made by the issuer regarding the prospect of a decentralized network were actionable, the Plaintiff had not plausibly alleged  “reasonable reliance” on such representations in signing the SAFT. (Rostami v. Open Props, Inc., No. 22-03326 (S.D.N.Y. Jan. 9, 2023)).

Demand for virtual currency services, including custody services, has soared in the past several years.  Like their counterparts in traditional finance, these custodians are stewards of retail and institutional customer funds and serve an important and valuable function.  However, as evidenced by a number of headline-grabbing failures during the lingering crypto winter, inadequate disclosures and poor custodial practices can seriously harm retail and institutional customers alike.  For many virtual currency customers, this recognition – in an industry built on the pillars of trust and transparency – was realized too late.  Recent disclosures emerging from notable bankruptcies involving crypto companies have led to allegations of fraud and mismanagement in connection with custodial services.  These allegations strike at the very core of the custodial relationship, and have had repercussions throughout the crypto industry.

Seemingly in direct response to these developments, on January 23, 2023, the New York Department of Financial Services (“NYDFS”) issued industry guidance to Virtual Currency Entities (“VCEs”) who act as custodians (“VCE Custodians”).  Entitled “Guidance on Custodial Structures for Customer Protection in the Event of Insolvency” (the “Guidance”), the Department emphasized the “paramount importance of equitable and beneficial interests always remaining with the customer” and reminded covered institutions of their obligations in connection with “sound custody and disclosure practices in the event of an insolvency” or similar proceeding.

The Guidance comes on the heels of developments in two high-profile insolvency proceedings: (1) the FTX proceedings, where, among others, the SEC has alleged co-founder Samuel Bankman-Fried concealed the diversion of FTX customer funds to the co-founder’s private crypto hedge fund, and (2) the Celsius proceedings, where the chief judge for the United States Bankruptcy Court for the Southern District of New York issued a decision holding that Celsius’ Terms of Use made clear that customer deposits into Earn Accounts became Celsius’ property at the time of deposit, such that the digital assets now constitute property of the debtors’ bankruptcy estate.  In Celsius, customers argued that the deposits in the Earn Accounts were held by Celsius as a custodian, but the court found that the plain language of the Terms of Use made clear that ownership interest had passed to the debtors.

This past month, a California district court granted a motion to compel arbitration of various claims by customers of cryptocurrency exchange platform, Coinbase Global, Inc. (“Coinbase”), finding that Coinbase’s User Agreement, which contains a broad arbitration provision, including a delegation clause that delegates questions of arbitrability to the arbitrator.  (Donovan v. Coinbase Global, Inc., No. 22-02826 (N.D. Cal. Jan. 6, 2023)). Unlike some electronic contracting disputes, which turn on whether the user had adequate notice of the terms and manifested consent to such terms (a ruling which often involves an examination of a site or app’s screen display and whether the user is reasonably presented with notice that completing a transaction will bind the user to terms of service), the account holders in this case did not dispute that they had agreed to the User Agreement, rather they argued that the arbitration provision and delegation clauses were unconscionable and unenforceable.

Customer lists held by providers and the personal information users enter to obtain digital wallets or set up crypto exchange accounts are enviable targets for hackers.  Such data can be used to launch targeted phishing schemes and related scams to trick holders into divulging their private keys or else unknowingly transferring anonymized crypto assets to hackers.  One recent case involves a suit brought by customers who purchased a hardware wallet to secure cryptocurrency assets and are seeking redress for harms they allegedly suffered following data breaches that exposed their personal information.

A recent Ninth Circuit decision analyzed whether a federal court had personal jurisdiction over a foreign crypto asset wallet provider, an issue that can be important when litigating in this area, given the boundary-less nature of the world of crypto assets and related services. (Baton v. Ledger SAS, No. 21-17036 (9th Cir. Dec. 1, 2022) (unpublished)). 

At a time when states are jockeying for position to become digital asset and cryptocurrency hubs and we’ve witnessed turmoil and regulatory uncertainty within the cryptoasset industry, the New York Department of Financial Services (“NYDFS”) on December 15, 2022 released its final Guidance (the “Guidance”) to banking organizations seeking to engage in “new or significantly different” virtual currency-related activities. As stated in the Guidance, “virtual currency-related activity” includes all “virtual currency business activity,” as defined under the BitLicense regulation (23 NYCRR § 200.2(q)), as well as “the direct or indirect offering or performance of any other product, service, or activity involving virtual currency that may raise safety and soundness concerns for the Covered Institution or that may expose New York customers of the Covered Institution or other users of the product or service to risk of harm.” At a high level, the Guidance reminds state-regulated banks (“Covered Institutions”) that, as a “matter of safety and soundness,” they must apply for approval before engaging in digital asset-related activities and outlines the types of information the NYDFS deems most relevant in assessing a proposal and the potential risks that such virtual currency-related activities may pose for the institution, consumers and the market in general (note: The Guidance expressly states that it does not interpret existing laws nor take a position on the sorts of activities that may be permissible for Covered Institutions to take).

Notably, the Guidance further increases the scope of NYDFS oversight by expanding the types of virtual currency activity requiring approval: “virtual currency-related activities” must receive approval, whereas previously only “virtual currency business activity” required prior approval from the NYDFS.  In a footnote, the Guidance explains the difference – virtual currency-related activity” essentially means any “virtual currency business activity” as defined under the BitLicense rules, plus certain additional activities that the NYDFS believes might raise “safe and soundness concerns.”

On November 30, 2022, amidst the tumult roiling the cryptocurrency industry following the latest collapse of a major crypto exchange and its reverberations throughout the crypto economy, European Central Bank (ECB) Director General Ulrich Bindseil and Adviser Jürgen Schaaf published a post on the ECB Blog, “Bitcoin’s last stand,” declaiming that Bitcoin “has never been used to any significant extent for legal real-world transactions” and that its market valuation is “based purely on speculation” and, on top of that, “the Bitcoin system is an unprecedented polluter.”  The scathing rebuke of Bitcoin, the largest crypto asset by market cap, was hurled at what the ECB officials see as Bitcoin’s technological shortcomings that make it “questionable as a means of payment” and “rarely used for legal transactions,” given that real Bitcoin transactions are “cumbersome, slow and expensive.” With the current price of Bitcoin having fallen since it peak of $69K in November 2021, the ECB officials described its current price (below $20K) as “an artificially induced last gasp before the road to irrelevance.” The remarks echo statements made by Fabio Panetta, Member of the Executive Board of the ECB, back in April 2022 where he decried the entire “crypto gamble,” seeing crypto-assets as “bringing about instability and insecurity – the exact opposite of what they promised.” (See also recent statements by a Bank of England deputy governor noting that cryptocurrency was a “gamble” that needs to be regulated similar to the traditional financial sector, echoing his own remarks from November 2022 that urged “bringing the activities of the crypto world within the relevant regulatory frameworks”).

On October 3, 2022, the Financial Stability Oversight Council (“FSOC”) – a collaborative body formed under the Dodd-Frank Act composed of state and federal regulators and tasked with identifying risks and responding to emerging threats to financial stability – released its 100+-page Report on Digital Asset Financial Stability Risks and Regulation (the “Report”). In the Report – a response to President Biden’s Executive Order 14067 on digital assets, which, among other things, directed various agencies to promote innovation and R&D while calling for measures to mitigate risks – the FSOC reviewed what it deems to be, “specific financial stability risks and regulatory gaps posed by various types of digital assets.”

At the core, the FSOC Report is a call to arms, with the council citing what it sees as a host of regulatory and industry shortfalls that have not kept up with the rapid growth of digital asset activities.  For example:

  • The FSOC report noted that stablecoins and the lending and borrowing on digital asset trading platforms are now an “important emerging vulnerability.”
  • The Report’s basic thesis is that crypto-asset activities “could pose risks to the stability of the U.S. financial system if their interconnections with the traditional financial system or their overall scale were to grow without being paired with appropriate regulation, including enforcement of the existing regulatory structure.” This point was reiterated in the Federal Reserve’s November 2022 “Financial Stability Report,” which presents the Federal Reserve Board’s current assessment of the stability of the U.S. financial system.
  • The FSOC Report also expresses the position that federal comprehensive digital asset legislation is needed to address complex, systemic economic risks, as, in its opinion, “many crypto-asset platforms are not registered or chartered under regulatory frameworks that would address these risks.”