To Regulate or To Innovate?

CALIFORNIA GOVERNOR SIGNALS A DIFFERENT APPROACH TO MANAGING CRYPTOCURRENCY MARKETS

In the evening hours of Friday, Sept. 23, California Gov. Gavin Newsom quietly dispatched a controversial bill that sought to establish a comprehensive licensing and regulatory scheme for “digital financial assets,” which would include cryptocurrencies. With his veto of Assembly Bill 2269 (Tim Grayson, D-Concord), Gov. Newsom at once both acceded to industry pressure and flaunted the will of the legislature, which passed the measure with strong bipartisan support. Gov. Newsom’s veto was also a sign of his interest in continuing to assert leadership on the issue.

In his veto message, Newsom cites a conflict with the ongoing stakeholder process established in his May 2022 Executive Order N-9-22, which seeks to create a regulatory environment that simultaneously protects consumers and “fosters responsible innovation.” His declaration that AB 2269 is both “premature” and needs a “more flexible approach,” is indicative of a larger struggle between traditional regulatory advocates and a rapidly evolving industry that is playing out in Washington, D.C., and in statehouses across the country. In this client alert, we will survey the battle lines that have been drawn in California, New York and in the nation’s capital, and explore the outstanding questions that must be addressed in future legislative efforts.
 

WHAT WOULD AB 2269 HAVE DONE?

Informed by Louisiana’s recent cryptocurrency regulation, and with deference to model legislation developed by the Uniform Law Commission, AB 2269 would have established California’s first licensing and regulatory framework for business activity associated with digital financial assets, defined as “a digital representation of value that is used as a medium of exchange, unit of account, or store of value ….” The bill deputized the fledgling Department of Financial Protection and Innovation (DFPI) to administer the self-styled Digital Financial Assets Law. Reorganized in 2020, the DFPI was granted new authority to oversee previously unregulated industries, including consumer credit repair companies, debt collectors and debt-relief companies. Had the bill been signed into law, it would have represented a significant expansion of their jurisdiction.

The primary focus of the bill is the establishment of a licensing structure for entities engaged in digital financial asset business activity; this aligns with the department’s approach to the regulation of other financial services. The licensure scheme includes reporting, record-keeping and surety requirements and establishes the authority to assess a fee to cover the costs of administration. Licensees are required to provide prospective and current clients with a long list of disclosures, including:

• a schedule of fees and charges, along with the manner by which they will be calculated;
• notice of whether a product or service is covered by a public guarantor or by private insurance against theft or loss, including cybertheft;
• notice of the irrevocability of a transfer or exchange and any exception to irrevocability; and
• a list of instances in the past 12 months when the licensee’s service was unavailable to 10,000 or more customers.

One of the bill’s provisions that warrants particular attention is the requirement that a licensee act in the “best interest” of their client when making a recommendation related to a digital financial asset or an investment strategy involving digital financial assets. Notably, this would extend the obligations imposed under Regulation Best Interest or “Reg BI” adopted by the SEC, which requires financial advisers and other regulated industry professionals to consider not only whether a financial investment is prudent and sound, but also whether it is in the client’s best interest considering all other financial investments available. Many in the industry consider this imposition to be a dissuasion for recommending digital assets to clients given high volatility in crypto investing.

The bill would also require a licensee that has control of a digital financial asset for one or more persons to maintain custody and control of those assets in an amount sufficient to satisfy the aggregate entitlements of the persons to the type of digital financial asset. In other words, licensees could not pledge, stake or lend digital assets owned by its customers for a reward without holding an equivalent position on their balance sheet. This effectively kills a significant revenue-earning function for many issuers in this space, and was a major point of contention for the industry.

Finally, the bill specifically addressed the exchange of “stablecoins,” although it was amended after introduction from an outright prohibition to a requirement to maintain a reserve of securities equal to the amount of outstanding stablecoins issued. This again would limit the pledging, staking or lending activity licensees could engage in to generate additional revenue.

Given the proposed reaches of the bill, ongoing legislative efforts in D.C. and other states (discussed below) and the significant role the crypto industry and other “Web3” startups play in California’s economy, it is perhaps no surprise Gov. Newsom decided to hit pause on a significant ramp up in regulation and enforcement.
 

HOW HAVE OTHER STATES REGULATED CRYPTOCURRENCIES?

Other states, such as New York, have regulated digital assets for several years. Since 2015, under the New York Financial Services Law, any person or entity engaging in “virtual currency business activity” involving New York or its residents must obtain a BitLicense. This requirement essentially supplements New York’s Money Transmitter License (“MTL”) requirement for businesses involved in transmitting fiat currencies. Following complaints about the difficulty surrounding the BitLicense process, in 2020, New York created a conditional BitLicense. The conditional BitLicense is New York’s effort to streamline the process for obtaining the necessary documentation for a full BitLicense.

In addition to the BitLicense requirement, the New York Department of Financial Services (“DFS”) requires covered entities to implement a comprehensive anti-money laundering program. Indeed, in August 2022, DFS announced a $30 million penalty against a large crypto trading platform for alleged failures in the areas of bank secrecy act/anti-money laundering (“BSA/AML”) obligations and cybersecurity. In addition to DFS, the New York attorney general aggressively enforces New York’s crypto regulatory scheme. For example, in September 2022, Attorney General Letitia James announced a lawsuit against a crypto lender alleging that it was not approved to offer services that promised returns on deposited cryptocurrency. The lawsuit also alleges that the company misrepresented its New York registration status to investors.

In short, New York’s regulatory scheme amplifies traditional MTL requirements via a BitLicense and aggressively investigates purported bad actors via state agencies, including the state attorney general. Other states have, thus far, limited their regulatory efforts to extending traditional MTL statutory schemes to digital assets. For example, Ohio’s defines “money transmission” broadly and thus requires companies who transmit virtual currency to register for a license and abide by all associated regulatory requirements, including providing a security audit of its computer systems. Likewise, New Jersey has a definition of “payment instrument” that captures virtual currency and requires licensure. Nevada, by contrast, takes a case-by-case approach based on a review of a company’s specific business model by the Nevada Financial Institutions Division.

Some states, including Nevada, Arizona, Utah and Wyoming, have regulatory sandboxes that serve as a testing environment with regulatory oversight but not regulation. Wyoming’s Financial Technology Sandbox Act allows companies to “make an innovative financial product or service available to consumers” for a period of time during which all statutory and regulatory requirements are waived, including consumer credit, money transmitter, electronic transaction, civil usury and residential mortgage practices laws—though consumer protection laws remain in effect.
 

WHAT ACTIONS HAVE BEEN TAKEN AT THE FEDERAL LEVEL?

Congress and the primary regulators in this space continue to engage in their own turf battles of cryptocurrency regulations. SEC Chair Gensler continues to take the position of his predecessor that nearly every cryptocurrency, digital asset, token or the like is a security, save for Bitcoin. At one point, Ethereum was included in this carve-out, but now with the merge and the transition from proof of stake to proof of work, and the incentives that come along with that model, Gensler has voiced skepticism that Ethereum is exempt from registration.

Paired with Gensler’s bullish stated intentions to continue to enforce the Securities Act of 1933 and the Securities Exchange Act of 1934 in this space, the SEC is relying on increasingly broad-based fact patterns in its enforcement actions. In the past, the SEC would be quicker to file against projects and founders who engaged in fraud, in addition to offering an unregistered security.1 Little by little, the SEC has started to go after more benign projects where there is not a clear case of investor harm, but instead, examples of projects and platforms that are clearly using the capital markets to raise money and offering trading in digital assets that are securities.

Much of the temperament by SEC enforcement attorneys will be impacted by the SEC’s ongoing case against Ripple Labs and its associated cryptocurrency XRP. Both the SEC and the defendants have filed motions for summary judgment—the primary underlying issue of which will be whether XRP is a security—which the court will rule on in a few weeks. A negative ruling in that case could pare the wings of the SEC’s position that nearly every token offering is a security.

Meanwhile, the Commodities Future Trading Commission (“CFTC”), bolstered by proposed legislation by Congress that it should be the primary regulatory of cryptocurrencies, bared its teeth by filing the first enforcement action of its kind against bZeroX, its founders and its associated Ooki DAO (decentralized autonomous organization) for offering off-exchange trading of digital assets. What is notable about this case is the fact that the CFTC named the DAO, which has been viewed by many insiders as a way to create a digital asset protocol that is managed by all the members—thereby avoiding one of the hallmarks of a security (e.g., an investment contract) because there is no reliance on the efforts of others. The key point, without getting too bogged down by securities legalese, is that the CFTC took a very aggressive legal position in an area that the SEC has sought to regulate also. Notably, the CFTC issued fines against the founders of just $250,000, which is relatively small compared to some of the SEC’s more recent fines and penalties in this space.

What does that mean for companies trying to assess their platform and project risks in this evolving space? Companies will have competing interests to make sure they are not structuring projects that violate either the SEC or the CFTC evolving rules and regulations. While many members and promoters may be used to navigating this gray space, we can anticipate that as D.C. continues to ask questions of the regulators and draft competing proposed regulatory infrastructures, the blissful ignorance of the past where projects can plead that they were unaware of the rules they had to follow, will become more and more untenable.
 

WHAT DOES THE VETO MEAN FOR THE FUTURE?

The superficial rhetoric of the governor’s veto of AB 2269 belies a larger question that mirrors the regulatory turf war playing out between the SEC and CFTC. While the governor’s executive order nominally invokes the DFPI as a primary regulator of blockchain technologies, it also assigns a significant role to the Governor’s Office of Business and Economic Development, or GO-Biz. GO-Biz differs materially in mission and structure from a financial services regulator, with a primary goal of attracting and retaining businesses in California by helping businesses navigate the state’s complex regulatory environment.

GO-Biz is generally considered to be closely aligned with the governor’s interests and under more direct oversight by the administration. At the same time that AB 2269 was being considered by the legislature, GO-Biz was holding stakeholder meetings to, in the words of the executive order, “collect input from a broad range of stakeholders for potential blockchain applications and ventures.” The governor’s veto, which many observers consider to have been made in deference to the ongoing work at GO-Biz, likely represents his desire to maintain his position as the arbiter of all things crypto in California.

The tension between the twin impulses to protect consumers through regulation and to attract investment in a competitive emerging market is on full display in the home of Silicon Valley and crypto-hawking celebrities. As the rest of the nation either forges ahead or waits to see how California proceeds, it is clear that the next legislative session will see a number of important questions return for a more satisfactory resolution.