Category: Cryptocurrency

Cryptocurrency As Compensation: Beware Of The Risks

A small but growing number of employees are asking for cryptocurrency as a form of compensation.  Whether a substitute for wages or as part of an incentive package, offering cryptocurrency as compensation has become a way for some companies to differentiate themselves from others.  In a competitive labor market, this desire to provide innovative forms of compensation is understandable.  But any company thinking about cryptocurrency needs to be aware of the risks involved, including regulatory uncertainties and market volatility.

Form of Payment – Cash or Negotiable Instrument

The federal Fair Labor Standards Act requires employers to pay minimum and overtime wages in “cash or negotiable instrument payable at par.”  This has long been interpreted to include only fiat currencies—monies backed by a governmental authority.  As non-fiat currencies, cryptocurrencies therefore fall outside the FLSA’s definition of “cash or negotiable instrument.”  As a result, an employer who chooses to pay minimum and/or overtime wages in cryptocurrency may violate the FLSA by failing to pay workers with an accepted form of compensation.

In addition, various state laws make the form of wage payment question even more difficult.  For example, Maryland requires payment in United States currency or by check that “on demand is convertible at face value into United States currency.”  Pennsylvania requires that wages shall be made in “lawful money of the United States or check.”  And California prohibits compensation that is made through “coupon, cards or other thing[s] redeemable…otherwise than in money.”  It is largely unclear whether payment in cryptocurrency runs afoul of these state requirements.

Of note, the U.S. Department of Labor (“DOL”) allows employers to satisfy FLSA minimum wage and overtime regulations with foreign currencies as long as the conversion to U.S. dollars meets the required wage thresholds.  But neither the DOL nor courts have weighed in on whether certain cryptocurrencies (e.g., Bitcoin) are the equivalent, for FLSA purposes, of a foreign currency.

Volatility Concerns

When compared to the rather stable value of the U.S. dollar, the value of cryptocurrencies is subject to large fluctuations.  Bitcoin, for example, lost nearly 83% of its value in May 2013, approximately 50% of its value in March 2020, and recently lost and then gained 16% of its value in the span of approximately 15 minutes one day in February 2021.

Such volatility can give payroll vendors a nightmare and can, in some instances, lead to the under-payment of wages or violation of minimum wage or overtime requirements under the FLSA.

Tax and Benefits Considerations

Aside from wage and hour issues, the payment of cryptocurrency implicates a host of tax and benefits-related issues.  The IRS considers virtual currencies to be “property,” subject to capital gains tax rates.  It has also confirmed in guidance materials that any payment to employees in a virtual currency must be reported on a W-2 based upon the value of the currency in U.S. dollars at the time it was delivered to the employee.  This means that cryptocurrency wage payments are subject to Federal income tax withholding, Federal Insurance Contributions Act (FICA) tax, and Federal Unemployment Tax Act (FUTA) tax.

For 401k plan fiduciaries, the Department of Labor recently issued guidance that should serve as a stern warning to any fiduciary looking to invest 401k funds into cryptocurrencies.  Specifically, the DOL wrote: “[a]t this early stage in the history of cryptocurrencies, the Department has serious concerns about the prudence of a fiduciary’s decision to expose a 401(k) plan’s participants to direct investments in cryptocurrencies, or other products whose value is tied to cryptocurrencies.”  Given the risks inherent in cryptocurrency speculation, the DOL stated that any fiduciary allowing such investment options “should expect to be questioned [by the DOL] about how they can square their actions with their duties of prudence and loyalty in light of the risks.”

Considerations for Employers

Given the combination of uncertain and untested legal risks, employers should consider limiting cryptocurrency compensation models to payments that do not implicate the FLSA or applicable state wage and hour laws.  For example, an employer might provide an exempt employee’s base salary in U.S. dollars and any annual discretionary bonus in cryptocurrency.

Whether investing in cryptocurrencies themselves to pay employees or utilizing a third-party to convert US dollars into cryptocurrency, employers should also stay abreast of the evolving tax and benefits guidance in this area.

Ultimately, the only thing that is clear about cryptocurrency compensation is that any decision to provide such compensation to employees should be made with a careful eye towards the unique wage, tax, and benefits-related issues implicated by these transactions.

Article By Daniel J. Butler and Kevin J. White of Hunton Andrews Kurth

For more cryptocurrency and finance legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

The DOJ Throws Cold Water on the Frosties NFT Founders

The U.S. Attorney’s Office for the Southern District of New York recently charged two individuals for allegedly participating in a scheme to defraud purchasers of “Frosties” non-fungible tokens (or “NFTs”) out of over $1 million. The two-count complaint charges Ethan Nguyen (aka “Frostie”) and Andre Llacuna (aka “heyandre”) with conspiracy to commit wire fraud in violation of 18 U.S.C. § 1349 and conspiracy to commit money laundering in violation of 18 U.S.C. § 1956.   Each charge carries a maximum sentence of 20 years in prison.

The Defendants marketed “Frosties” as the entry point to a broader online community consisting of games, reward programs, and other benefits.  In January 2022, their “Frosties” pre-sale raised approximately $1.1 million.

In a so-called “rug pull,” Frostie and heyandre transferred the funds raised through the pre-sale to a series of separate cryptocurrency wallets, eliminated Frosties’ online presence, and took down its website.  The transaction, which was publicly recorded and viewable on the blockchain, triggered investors to sell Frosties at a considerable discount.  Frostie and heyandre then allegedly proceeded to move the funds through a series of transactions intended to obfuscate the source and increase anonymity.  The charges came as the Defendants were preparing for the March 26 pre-sale of their next NFT project, “Embers,” which law enforcement alleges would likely have followed the same course as “Frosties.”

In a public statement announcing the arrests, the DOJ explained how the emerging NFT market is a risk-laden environment that has attracted the attention of scam artists.  Representatives from each of the federal agencies that participated in the investigation cautioned the public and put other potential fraudsters on notice of the government’s watchful eye towards cryptocurrency malfeasance.

This investigation comes on the heels of the FBI’s announcement last month of the Virtual Asset Exploitation Unit, a special task force dedicated to blockchain analysis and virtual asset seizure.  The prosecution of the Defendants in this matter continues aggressive efforts by federal agencies to reign in bad actors participating in the cryptocurrency/digital assets/blockchain space.

Article By Matthew G. Lindenbaum, Robert L. Lindholm, and Daniel Curran of Nelson Mullins

For more crypto and cybersecurity legal news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

Will an Act of War Destroy Your Cyberinsurance Coverage?

Cyberinsurance spurs many complaints from US business. The cost is skyrocketing, retentions (deductibles) are rising quickly, and the insurance companies push their own panel lawyers on customers despite other relationships. Ransomware or email fraud can be excluded from some policies.

But news of significant hacks drives more companies into the cyberinsurance market despite the costs. According to Bloomberg, cyberinsurance prices rose nearly 100% in 2021 and keep climbing. Travelers Insurance, working to justify the leaping costs of its products, lists the following reasons for higher cybersecurity prices: a wave of ransomware, rising breach response costs (from forensic and legal experts to ransom payments and regulatory fines), increasing tech complexity and budgets, inadequate cybersecurity hygiene (which is why better controls can now lead to lower insurance prices), lack of advance response plans, and business interruption expenses. Shutting down business operations may be a way for criminals to force ransom payments, but it also creates an expensive risk reduction system, and all companies are suffering from it.

However, for the price of protection, you would expect your insurance company to pay to remediate a properly-reported cyberattack.  Property insurers have long excluded “acts of war” from insurable damage that would receive payments. Most cyberinsurance policies have similar exclusions. This leads insurance customers to wonder, in a world where hackers and ransomware gangs from Russia and Ukraine initiate a significant percentage of cyberattacks, when would those attacks be considered “acts of war” during a real shooting war? If your company is smacked with ransomware from a Russian crew associated with the Kremlin, will your insurance company exclude the costs from your cyberinsurance policy as an act of war?

Lloyds of London just released a set of new exclusion clauses for addressing cyber war. These clauses are for underwriters to consider placing in Lloyds insurance contracts, and “have been drafted to provide Lloyd’s syndicates and their (re)insureds (and brokers) with options in respect of the level of cover provided for cyber operations between states which are not excluded by the definition of war, cyber war or cyber operations which have a major detrimental impact on a state.” Lloyds specifies that the “act of war” exemption language applies to China, France, Japan, Russia, the U.K and the U.S.  The new clauses supply underwriters with extensive leeway to refuse to pay claims.Importantly, Lloyds can decide that the attack was an act of war even if the attackers do not declare themselves. Pending any government attribution of an attacker, Lloyds can decide through reasonable inference to attribute any attack to state activities, and therefor falling within the “act of war” exclusion.

Property insurers have long excluded “acts of war” from insurable damage that would receive payments. Most cyberinsurance policies have similar exclusions. This leads insurance customers to wonder, in a world where hackers and ransomware gangs from Russia and Ukraine initiate a significant percentage of cyberattacks, when would those attacks be considered “acts of war” during a real shooting war? If your company is smacked with ransomware from a Russian crew associated with the Kremlin, will your insurance company exclude the costs from your cyberinsurance policy as an act of war?

TED CLAYPOOLE

All hope is not lost for businesses relying on cyberinsurance. Courts tend to hold insurers to high standards when trying to avoid paying out claims due to broadly-defined exclusions. For example, earlier this year the Superior Court of New Jersey rules that insurers can’t use a nation-state “act of war” cyber-exclusion to avoid covering more than a billion dollars in damages that Merck claimed it suffered from the NotPetya cyberattack in 2017. According to Insurance Journal, “ The insurers had tried to use the exclusions to avoid paying out, citing the fact the NotPetya malware was attributed to Russia and was meant to be deployed to disrupt and destabilize Ukraine. The malware wound up affecting thousands of companies worldwide. . . The cyber attack also attracted the attention of regulatory scrutiny of so-called “silent cyber” exposure in all policies.” The court “unhesitatingly” ruled that war exclusions did not apply in this instance.

So an attack from Russian hackers in 2021 may be covered under most cyberinsurance policies, but what about an attack in March of 2022? Does the state of hostility between the U.S. and Russian – in which Putin has claimed that sanctions against Russia and providing arms to Ukraine is an act of war – mean that ransomware attacks from the same Russian hackers may be considered acts of war? For example, the Conti ransomware gang has officially announced its full support of the Russian government after the invasion of Ukraine and threatened to use all possible researches to attack both Ukraine and Western countries that might support Ukraine. It would be easy for US critical infrastructure businesses to be direct victims of attacks from Russians supporting the Kremlin, or to be indirect victims of attacks aimed at Ukraine that spread through open networks like NotPetya or other malicious viruses. Where would that leave an affected company if its insurance provider refuses to pay, claiming an “act of war” exclusion?

We simply don’t know many insurance companies will use these policy exclusions and will be allowed to do so by U.S. courts. But each of us should check our cyber insurance policies for exclusions that could be triggered by current international conflicts.

Beyond insurance, international cyberattacks have straddled the line between standard crime and acts of international state hostility. Since the internet connected our world electronically, our societies have not set rules about how public and private actors are allowed to behave toward each other. Brad Smith, the President of Microsoft, has called for a Digital Geneva Convention, so that the nations of the world can agree what acts of electronic aggression are acceptable in war and even which acts should be considered to be acts of war. Maybe the current crisis, where a long-existing state is invaded without provocation, may be the catalyst to discuss digital hostility and set some rules around what kinds of interactions will be tolerated by the international community.

For now, check your cyberinsurance policies.  For posterity, push our politicians to create baseline rules for the digital world.  We have promulgated the law of the sea and the law of space. We should create a law of cyberspace as well.

Copyright © 2022 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more articles on cyberinsurance for your workplace, visit the NLR Cybersecurity Media & FCC section.

US Crypto Regulatory Enforcement Ramps Up – NFTs Now More in Focus

For the past decade the crypto space has been described as the wild west. The crypto cowboys and cowgirls have innovated and moved the industry forward, despite some regulatory certainty. Innovation always leads regulatory clarity. There’s a new sheriff in crypto town – the US government and its various regulatory agencies. They seem intent on taming the wild west.

According to a recent report, the IRS Has Sent 10,000 Letters on Taxpayer Digital Assets seeking to collect taxes on gains from crypto assets including NFTs. This is no surprise and we have cautioned on this dating back to 2017. While many people have focused on the tax issues with crypto currencies, the IRS is also focusing on NFTs as reported here.

This comes on the heels of another report this week that the SEC is now targeting certain NFT uses. According to the report, the SEC is probing whether NFTs are being utilized to raise money like traditional securities. The SEC has reportedly sent subpoenas related to the investigation and is particularly interested in information about fractional NFTs. As we discussed here, fractionalization is just one of the potential securities law concerns with certain NFT business models. NFTs that represent a right to a revenue stream and NFT presales can also presents issues in some cases.

Other recent regulatory activity relating to NFTs includes the following. The Department of the Treasury published a study on the facilitation of money laundering and terrorist financing through the art trade, including NFTs. See our report on this here.  The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned a Latvia-based digital asset exchange and designated 57 cryptocurrency addresses (associated with digital wallets) as Specially Designated Nationals (SDNs). These designations appear to be the first time NFTs have been publicly impacted as “blocked property” – as one of the designated cryptocurrency addresses owns non-fungible tokens (NFTs). See our report on this here. A number of NFTs are also being used to facilitate illegal gambling.

In addition to the regulatory issues, the number of NFT-related lawsuits and other legal disputes continues to increase. Many of these disputes relate to IP ownership, IP infringement, failure to apply an clear or enforceable license to the NFT, among others.

Most of these issues are avoidable with proper legal counseling early on.

The use of NFT technology to tokenized and record ownership of physical and digital assets, as well as entitlements (e.g., tickets, access, etc.) is just getting started. We believe this technology will see wide scale adoption across many industries. The vast majority of the NFT business models are legal.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.
For more about cryptocurrency regulations, visit the NLR Cybersecurity, Media & FCC section.

Crossing the Wires of Energy and Cryptocurrency Policy: U.S. Congress Investigates the Environmental Impact of Crypto Mining

The rapid adoption of cryptocurrency and other popular blockchain applications has captured our global economy’s attention. Even as the value of cryptocurrencies slid from their all-time highs, the promise of these digital assets and the infrastructure being developed to support them has been transformative.

As with most emerging technologies, policymakers are still exploring the best approaches to regulating these new digital assets and business models. Questions about consumer protection, security, and the applicability of existing laws are to be expected; however, the environmental impact of these energy-intensive business practices has prompted considerable study and regulatory activity across the globe, including attention in the United States.

To understand the increasing energy demands associated with major cryptocurrencies – predominantly, Bitcoin and Ethereum – it is important to understand how many cryptocurrencies are generated in the first instance. Many countries, including China, have banned cryptocurrency mining, and, with the United States becoming the largest source of cryptocurrency mining activity, Congress began active investigations and hearings into the energy demands and environmental impacts in January 2022.

Proof of What? Why certain cryptocurrencies create high energy demands. 

Not all cryptocurrencies – or blockchain platforms, for that matter – are created equal in their energy demands. The goal of most major cryptocurrency platforms is to create a decentralized, distributed ledger, meaning that there is no one authority to verify the authenticity of transactions and ensure that assets are not spent twice, for example. There needs to be a trustworthy mechanism – a consensus system – to verify new transactions, add those transactions to the blockchain, and to confirm the creation of new tokens. Bitcoin alone has well over 200,000 transactions per day,[1] so it should not come as a surprise that these platforms take an enormous amount of processing power to maintain.

There are currently two primary ways that network participants lend their processing power, which are framing part of the modern energy policy debates around cryptocurrency. The first form is “proof of work,” which is the original method that Bitcoin and Ethereum 1.0 employ. When a group of transactions (a block) needs to be verified, all of the “mining” computers race to solve a complex math puzzle, and whoever wins gets to add the block to the chain and is rewarded in coins. The competitive nature of proof of work consensus systems has led to substantial increases in computing power provided by institutional cryptocurrency mining operations and, with that, higher energy demands.

The second form is “proof of stake,” which newer platforms like Cardano and ETH2 use, promises to require considerably less energy to operate. With this method, validators “stake” their currency for a chance at verifying new transactions and updating the blockchain. This method rewards long-term investment in a particular blockchain, rather than raw computing power. A validator is picked based on how much currency they have staked and how long it has been staked for. Once the block is verified, other validators must review and accept the data before it’s added to the blockchain. Then, everyone who participated in validating the block is rewarded with coins.

While proof of stake consensus systems are becoming more common, the dominant – and most valuable – cryptocurrencies are still generated through energy-intensive proof of work systems.

Turning out the lights on Crypto: China bans domestic mining and other countries follow.

China has been incredibly influential in the modern cryptocurrency debate around energy use. For several years, China was the cryptocurrency mining capital of the world, providing an average of two-thirds of the world’s processing power dedicated to Bitcoin mining through early 2021.[2] In June 2021, however, China banned all domestic cryptocurrency mining operations, citing the environmental impacts of Bitcoin mining energy demands among its concerns.[3]

As Bitcoin miners fled China, many relocated to neighboring countries, such as Kazakhstan, and the United States became the largest source of mining activity – an estimated 35.1% of global mining power.[4] The surge in Bitcoin mining activity in Kazakhstan has not been without its controversy. Many Kazakhstan-based crypto mining operations are powered by coal plants, and there has been considerable unrest sparked by rising fuel costs.[5]

With some countries experiencing negative impacts from cryptocurrency mining operations, several countries have followed China’s lead in banning cryptocurrencies. According to a 2021 report prepared by the Law Library of Congress, at least eight other countries – Egypt, Iraq, Qatar, Oman, Morocco, Algeria, Tunisia, and Bangladesh – have banned cryptocurrencies.[6] Many other countries have impliedly banned cryptocurrency or cryptocurrency exchanges, as well.[7]

U.S. Congress shines its spotlight on the energy demands of cryptocurrency mining.

Now home to over a third of the global computing power dedicated to mining bitcoin, the United States has turned its attention to domestic miners and their impacts on the environment and local economies.

In June 2021, U.S. policymakers were still predominantly focused on the consumer protection and security concerns raised by digital currencies; however, Senator Elizabeth Warren alluded to her growing concerns about the environmental costs of, particularly, proof of work mining.[8] On December 2, 2021, Senator Warren sent a letter requesting information on the environmental footprint of New York-based Bitcoin miner Greenridge Generation.[9] The letter observed that, “[g]iven the extraordinarily high energy usage and carbon emissions associated with Bitcoin mining, mining operations at Greenridge and other plants raise concerns about their impacts on the global environment, on local ecosystems, and on consumer electricity costs.”[10] Senator Warren’s concerns sparked several rounds of congressional oversight and inquiries into the environmental impacts of, particularly, proof of work cryptocurrencies, over the past month.

Committee Hearing on “Cleaning up Cryptocurrency” begins oversight and investigation into the energy impacts of blockchains.

On January 20, 2022, the U.S. House of Representatives Committee on Energy and Commerce’s Subcommittee on Oversight and Investigations held a hearing, where the externalities of cryptocurrency mining were the focus of the agenda. An early indicator of the Subcommittee’s views on the issue, the title for the hearing was “Cleaning up Cryptocurrency: The Energy Impacts of Blockchains.”[11]

The hearing focused heavily on the amount of energy used to power proof of work cryptocurrency mining. Bitcoin Mining has been widely criticized for the massive amounts of power it consumes – globally, more than 204 terawatt-hours as of January 2022. Although some operations are attempting to utilize renewable energy, the machines executing these algorithms consume enormous amounts of energy primarily sourced from fossil fuels.

The five industry experts testifying before the House Energy and Commerce Oversight Subcommittee had competing views on how regulators should address the energy consumption of cryptocurrencies—with some experts opining that the computational demands were a “feature, not a bug.”[12] Two of the experts – Brian Brooks, CEO of Bitfury Group, and Professor Ari Juels, Faculty member at Cornell Tech – debated the technical merits between proof of work and proof of stake systems, described earlier in this article.[13] Similarly, Gregory Zerzan, an attorney with Jordan Ramis, P.C. who previously held senior positions in the United States Government, encouraged the Subcommittee not to lose sight of the fact that cryptocurrencies are but “one aspect of a larger innovation, blockchain.”[14] Although the viewpoints of the experts varied considerably, there was a clear consensus among the experts: energy-efficient alternatives should guide the path forward.

John Belizaire, the founder and CEO of Soluna Computing, said that cryptocurrency mining could further accelerate the transition to renewable energy sources from an energy perspective.[15] Renewables currently suffer from one significant deficiency – intermittency. An example of this challenge is the so-called “duck curve,” which illustrates major differences between the demands for electricity as compared to the amount of renewable energy sources available throughout the day. For example, when the sun is shining, there is significantly more power than consumers need for a few hours per day; however, solar energy does not provide nearly enough energy when demand spikes in the late afternoon and evening.[16] While there has been progress in the development of lithium battery storage – a critical piece in solving the issues mentioned above– for the time being, deploying these batteries at scale is still too expensive.

In addressing gaps in battery storage, Belizaire testified that “Computing is a better battery.”[17] Computing, he states, “is an immediately deployable solution that can allow renewables to scale to their full potential today.”[18] Belizaire highlighted that, unlike other industrial consumers, cryptocurrency miners can turn their systems off when necessary, giving miners the ability to absorb excess energy from a given area’s electrical grid rather than straining it. This ability to start and stop or pause computing processes can increase grid resilience by absorbing excess energy from renewable resources that provide more power than the grid can handle. Brooks shared similar hopes for how Bitcoin mining could help stabilize electric grids, support the viability of renewable energy projects, and drive innovation in computing and cooling technology.[19]

Steve Wright, the former general manager of the Chelan County Public Utility District in Washington, testified that “the portability of cryptocurrency operations could be a benefit in terms of locating operations based on underutilized transmission and distribution capacity availability.”[20] Still, with ambitious goals to expand transmission and increase and integrate large amounts of carbon-free emitting generation, Wright testified that “substantial collaboration and coordination will be necessary to avoid cryptocurrency mining exacerbating an already very difficult problem.”[21]

Congressional Democrats continue the investigation into domestic mining operations and the Cryptomining Industry response.

The January 20, 2022 Hearing made clear that policymakers are doing their due diligence into the impact that the United States could experience as the number of domestic cryptocurrency mining operations increase. Commentary from the Hearing forecasted that scrutinizing the sources and costs of energy used in cryptocurrency mining would be a priority for Democrat members of Congress.

To that end, on January 27, 2022, eight Democrat members of Congress led by Senator Elizabeth Warren “sent letters to six cryptomining companies raising concerns over their extraordinarily high energy uses.”[22] Citing the same concerns raised in her December 2021 letter to Greenridge, Senator Warren and her colleagues observed that “Bitcoin mining’s power consumption has more than tripled from 2019 to 2021, rivaling the energy consumption of Washington state, and of entire countries like Denmark, Chile, and Argentina.”[23] To assist Congress in its investigation, Riot Blockchain, Marathon Digital Holdings, Stronghold Digital Mining, Bitdeer, Bitfury Group, and Bit Digital were all asked for information related to their mining operations, energy consumption, possible impacts on the climate and local environments, and the impact of electricity costs for American consumers.[24] Senator Warren and her colleagues requested written responses by no later than February 10, 2022, so this increased oversight will likely continue.

Even with increased oversight, current trends in crypto mining and renewables could soon make such inquiries a moot point. Amid the heated debate over the environmental impact of cryptocurrencies, miners are increasingly committed to changing the negative reputation that it has built over the years – especially as these operations move to the United States. In November of last year, Houston-based tech company Lancium announced that it raised $150 million to build bitcoin mines across Texas that will run on renewable energy.[25] In 2022, the company plans to launch over 2,000 megawatts of capacity across its multiple sites.[26] Bitcoin mining company Argo Blockchain, a company listed on the London Stock Exchange, secured a $25 million loan to fund its “green” mining operation.[27] The 320-acre site will only use renewable energy, the majority being hydroelectric.[28] This deal is set to transform Argo’s mining capacity and is expected to be completed in the first half of 2022.[29]

Capital Markets also appear to have a growing appetite for the development of green crypto mining. In April of last year, Gryphon Digital Mining raised $14 Million Series A to launch a zero-carbon footprint Bitcoin mining operation powered exclusively by renewables.[30] In a raise that closed in just over two weeks, institutional investors – who were significantly oversubscribed – accounted for over thirty percent of the round.[31]

As congressional, social, and economic pressures grow, it is evident that there is going to be a big focus on the sustainability of Bitcoin mining. As such, we may very well see announcements, like the deals mentioned above, well into 2022 and beyond.

FOOTNOTES

[1] Bitcoin Transactions Per Day, YCharts, https://ycharts.com/indicators/bitcoin_transactions_per_day (last visited Jan. 29, 2022).

[2] Bitcoin Mining Map, Cambridge Centre for Alternative Finance, https://ccaf.io/cbeci/mining_map (last visited Jan. 29, 2022) [“Bitcoin Mining Map”].

[3] Samuel Shen & Andrew Galbraith, China’s ban forces some bitcoin miners to flee overseas, others sell out, Reuters, June 25, 2021, https://www.reuters.com/technology/chinas-ban-forces-some-bitcoin-miners-flee-overseas-others-sell-out-2021-06-25/ (last visited Jan. 29, 2022).

[4] See Bitcoin Mining Map.

[5] Tom Wilson, Bitcoin network power slumps as Kazakhstan crackdown hits crypto miners, Reuters, Jan. 7, 2022, https://www.reuters.com/markets/europe/bitcoin-network-power-slumps-kazakhstan-crackdown-hits-crypto-miners-2022-01-06/ (last visited Jan. 29, 2022).

[6] Regulation of Cryptocurrency Around the World: November 2021 Update, Global Legal Research Directorate, The Law Library of Congress, available at https://tile.loc.gov/storage-services/service/ll/llglrd/2021687419/2021687419.pdf (last visited Jan. 29, 2022).

[7] Id.

[8] Press Release, United States Senate Committee on Banking, Housing, and Urban Affairs, At Hearing, Warren Delivers Remarks on Digital Currencies (June 9, 2021), https://www.banking.senate.gov/newsroom/majority/at-hearing-warren-delivers-remarks-on-digital-currency (last visited Jan. 29, 2022).

[9] Elizabeth Warren, Letter to Greenridge Generation on Crypto, Dec. 2, 2021, available at https://www.warren.senate.gov/imo/media/doc/2021.12.2.%20Letter%20to%20Greenidge%20Generation%20on%20Crypto.pdf (last visited Jan. 29, 2022).

[10] Id. at p.2.

[11] Hearing Notice, United States House Committee on Energy & Commerce, Hearing on “Cleaning Up Cryptocurrency: The Energy Impacts of Blockchains” (Jan. 20, 2022), https://energycommerce.house.gov/committee-activity/hearings/hearing-on-cleaning-up-cryptocurrency-the-energy-impacts-of-blockchains (last visited Jan. 29, 2022) [the “January 20 Hearing”].

[12] January 20 Hearing Testimony. See also Statement of Brian P. Brooks before House Committee (Jan. 20, 2022), available at https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Brooks_OI_2022.01.20_0.pdf  (last visited Jan. 29, 2022) [the “Brooks Statement”].

[13] See, e.g., Brooks Statement; Statement of Prof. Ari Juels before House Committee (Jan. 20, 2022), available at https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Juels_OI_2022.01.20.pdf (last visited Jan. 29, 2022) [the “Juels Statement”].

[14] Statement of Gregory Zerzan before House Committee (Jan. 20, 2022), available at https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Zerzan_OI_2022.01.20.pdf (last visited Jan. 29, 2022).

[15] See, e.g., Statement of John Belizaire before House Committee (Jan. 20, 2022), available at https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Belizaire_OI_2022.01.20_0.pdf (last visited Jan. 29, 2022) [the “Belizaire Statement”].

[16] Office of Energy Efficiency & Renewable Energy, Confronting the Duck Curve: How to Address Over-Generation of Solar Energy (October 12, 2017)

https://www.energy.gov/eere/articles/confronting-duck-curve-how-address-over-generation-solar-energy (last visited Jan. 29, 2022).

[17] See, e.g., Belizaire Statement, p.4.

[18] Id.

[19] See generally Brooks Statement, pp.8-10.

[20] See, e.g., Statement of Steve Wright before House Committee, p.5 (January 20, 2022) available at https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Wright_OI_2022.01.20.pdf (last visited Jan. 29, 2022) [the “Wright Statement”].

[21] Id. p.9.

[22] Press Release, Office of Senator Elizabeth Warren, Warren, Colleagues Press Six Cryptomining Companies on Extraordinarily High Energy Use and Climate Impacts (Jan. 27, 2022), available at https://www.warren.senate.gov/newsroom/press-releases/warren-colleagues-press-six-cryptomining-companies-on-extraordinarily-high-energy-use-and-climate-impacts (last visited Jan. 29, 2022).

[23] Id.

[24] Id.

[25] MacKenzie Sigalos, This Houston Tech Company wants to build renewable energy-run bitcoin mines across Texas CNBC (November 23, 2021), https://www.cnbc.com/2021/11/23/lancium-raises-150-million-for-renewable-run-bitcoin-mines-in-texas.html (last visited Jan 31, 2022).

[26] Id.

[27] Namcios Bitcoin Magazine, Argo blockchain buys Hydro data centers to realize Green Bitcoin Mining Vision, (May 13, 2021), https://www.nasdaq.com/articles/argo-blockchain-buys-hydro-data-centers-to-realize-green-bitcoin-mining-vision-2021-05-13 (last visited Jan 31, 2022).

[28] Id.

[29] Id.

[30] GlobeNewswire News Room, Gryphon Digital Mining raises $14 million to launch bitcoin mining operation with zero carbon footprint, (April 13, 2021), https://www.globenewswire.com/newsrelease/2021/04/13/2209346/0/en/Gryphon-Digital-Mining-Raises-14-Million-to-Launch-Bitcoin-Mining-Operation-with-Zero-Carbon-Footprint.html (last visited Jan 31, 2022).

[31] Id.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP
For more articles about cryptocurrency, visit the NLR Financial Securities & Banking section.

SEC Rejects Listing of Two Bitcoin ETFs

The SEC rejected two proposals to list and trade shares in two Bitcoin exchange-traded funds (“ETFs”).

The SEC rejected a proposal from NYSE Arca, Inc. (“Arca”) to list and trade shares of the Valkyrie Bitcoin Fund. The SEC also rejected a proposal from CBOE BZX Exchange, Inc. (“BZX”) to list and trade shares of the Kryptoin Bitcoin ETF Trust.

The SEC assessed whether the exchanges (i) had a comprehensive surveillance-sharing agreement with a significant, regulated market, and (ii) could effectively prevent fraudulent and manipulative activity. In the rejected proposals, the SEC noted its concerns over the abilities of the exchanges to adequately meet the requirements under SEA Section 6(b)(5) (“Determination by Commission Requisite to Registration of Applicant as a National Securities Exchange”) in protecting investors and the public interest by preventing fraudulent and manipulative practices.

The SEC rejected Arca’s argument that (i) liquidity, (ii) price arbitrage, and (iii) frameworks to value assets would be sufficient to mitigate potential manipulation.

Similarly, the SEC rejected BZX’s proposal, concluding “that BZX has not established that it has a comprehensive surveillance-sharing agreement with a regulated market of significant size related to bitcoin,” and “that BZX has not established that other means to prevent fraudulent and manipulative acts and practices are sufficient to justify dispensing with the requisite surveillance-sharing agreement.”

As a result, the SEC found that both exchanges had failed to prove that they could meet their burdens under SEA Section 6(b)(5).

© Copyright 2021 Cadwalader, Wickersham & Taft LLP
For more articles on cryptocurrency exchanges, visit the NLR Financial Securities & Banking.

In the Coming ‘Metaverse’, There May Be Excitement but There Certainly Will Be Legal Issues

The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.”  The term “metaverse,” which comes from Neal Stephenson’s 1992 science fiction novel “Snow Crash,” is generally used to refer to the development of virtual reality (VR) and augmented reality (AR) technologies, featuring a mashup of massive multiplayer gaming, virtual worlds, virtual workspaces, and remote education to create a decentralized wonderland and collaborative space. The grand concept is that the metaverse will be the next iteration of the mobile internet and a major part of both digital and real life.

Don’t feel like going out tonight in the real world? Why not stay “in” and catch a show or meet people/avatars/smart bots in the metaverse?

As currently conceived, the metaverse, “Web 3.0,” would feature a synchronous environment giving users a seamless experience across different realms, even if such discrete areas of the virtual world are operated by different developers. It would boast its own economy where users and their avatars interact socially and use digital assets based in both virtual and actual reality, a place where commerce would presumably be heavily based in decentralized finance, DeFi. No single company or platform would operate the metaverse, but rather, it would be administered by many entities in a decentralized manner (presumably on some open source metaverse OS) and work across multiple computing platforms. At the outset, the metaverse would look like a virtual world featuring enhanced experiences interfaced via VR headsets, mobile devices, gaming consoles and haptic gear that makes you “feel” virtual things. Later, the contours of the metaverse would be shaped by user preferences, monetary opportunities and incremental innovations by developers building on what came before.

In short, the vision is that multiple companies, developers and creators will come together to create one metaverse (as opposed to proprietary, closed platforms) and have it evolve into an embodied mobile internet, one that is open and interoperable and would include many facets of life (i.e., work, social interactions, entertainment) in one hybrid space.

In order for the metaverse to become a reality, that is, successfully link current gaming and communications platforms with other new technologies into a massive new online destination – many obstacles will have to be overcome, even beyond the hardware, software and integration issues. The legal issues stand out, front and center. Indeed, the concept of the metaverse presents a law school final exam’s worth of legal questions to sort out.  Meanwhile, we are still trying to resolve the myriad of legal issues presented by “Web 2.0,” the Internet we know it today. Adding the metaverse to the picture will certainly make things even more complicated.

At the heart of it is the question of what legal underpinnings we need for the metaverse infrastructure – an infrastructure that will allow disparate developers and studios, e-commerce marketplaces, platforms and service providers to all coexist within one virtual world.  To make it even more interesting, it is envisioned to be an interoperable, seamless experience for shoppers, gamers, social media users or just curious internet-goers armed with wallets full of crypto to spend and virtual assets to flaunt.  Currently, we have some well-established web platforms that are closed digital communities and some emerging ones that are open, each with varying business models that will have to be adapted, in some way, to the metaverse. Simply put, the greater the immersive experience and features and interactions, the more complex the related legal issues will be.

Contemplating the metaverse, these are just a few of the legal issues that come to mind:

  • Personal Data, Privacy and Cybersecurity – Privacy and data security lawyers are already challenged with addressing the global concerns presented by varying international approaches to privacy and growing threats to data security. If the metaverse fulfills the hype and develops into a 3D web-based hub for our day-to-day lives, the volume of data that will be collected will be exponentially greater than the reams of data already collected, and the threats to that data will expand as well. Questions to consider will include:
    • Data and privacy – What’s collected? How sensitive is it? Who owns or controls it? The sharing of data will be the cornerstone of a seamless, interoperable environment where users and their digital personas and assets will be usable and tradeable across the different arenas of the metaverse.  How will the collection, sharing and use of such data be regulated?  What laws will govern the collection of data across the metaverse? The laws of a particular state?  Applicable federal privacy laws? The GDPR or other international regulations? Will there be a single overarching “privacy policy” governing the metaverse under a user and merchant agreement, or will there be varying policies depending on which realm of the metaverse you are in? Could some developers create a more “privacy-focused” experience or would the personal data of avatars necessarily flow freely in every realm? How will children’s privacy be handled and will there be “roped off,” adults-only spaces that require further authentication to enter? Will the concepts that we talk about today – “personal information” or “personally identifiable information” – carry over to a world where the scope of available information expands exponentially as activities are tracked across the metaverse?
    • Cybersecurity: How will cybersecurity be managed in the metaverse? What requirements will apply with respect to keeping data secure? How will regulation or site policies evolve to address deep fakes, avatar impersonation, trolling, stolen biometric data, digital wallet hacks and all of the other cyberthreats that we already face today and are likely to be exacerbated in the metaverse? What laws will apply and how will the various players collaborate in addressing this issue?
  • Technology Infrastructure: The metaverse will be a robust computing-intensive experience, highlighting the importance of strong contractual agreements concerning cloud computing, IoT, web hosting, and APIs, as well as software licenses and hardware agreements, and technology service agreements with developers, providers and platform operators involved in the metaverse stack. Performance commitments and service levels will take on heightened importance in light of the real-time interactions that users will expect. What is a meaningful remedy for a service level failure when the metaverse (or a part of the metaverse) freezes? A credit or other traditional remedy?  Lawyers and technologists will have to think creatively to find appropriate and practical approaches to this issue.  And while SaaS and other “as a service” arrangements will grow in importance, perhaps the entire process will spawn MaaS, or “Metaverse as a Service.”
  • Open Source – Open source, already ubiquitous, promises to play a huge role in metaverse development by allowing developers to improve on what has come before. Whether or not the obligations of common open source licenses will be triggered will depend on the technical details of implementation. It is also possible that new open source licenses will be created to contemplate development for the metaverse.
  • Quantum Computing – Quantum computing has dramatically increased the capabilities of computers and is likely to continue to do over the coming years. It will certainly be one of the technologies deployed to provide the computing speed to allow the metaverse to function. However, with the awesome power of quantum computing comes threats to certain legacy protections we use today. Passwords and traditional security protocols may be meaningless (requiring the development of post-quantum cryptography that is secure against both quantum and traditional computers). With raw, unchecked quantum computing power, the metaverse may be subject to manipulation and misuse. Regulation of quantum computing, as applied to the metaverse and elsewhere, may be needed.
  • Antitrust: Collaboration is a key to the success of the metaverse, as it is, by definition, a multi-tenant environment. Of course collaboration amongst competitors may invoke antitrust concerns. Also, to the extent that larger technology companies may be perceived as leveraging their position to assert unfair control in any virtual world, there may be additional concerns.
  • Intellectual Property Issues: A host of IP issues will certainly arise, including infringement, licensing (and breaches thereof), IP protection and anti-piracy efforts, patent issues, joint ownership concerns, safe harbors, potential formation of patent cross-licensing organizations (which also may invoke antitrust concerns), trademark and advertising issues, and entertaining new brand licensing opportunities. The scope of content and technology licenses will have to be delicately negotiated with forethought to the potential breadth of the metaverse (e.g., it’s easy to limit a licensee’s rights based on territory, for example, but what about for a virtual world with no borders or some borders that haven’t been drawn yet?). Rightsholders must also determine their particular tolerance level for unauthorized digital goods or creations. One can envision a need for a DMCA-like safe harbor and takedown process for the metaverse. Also, akin to the litigation that sprouted from the use of athletes’ or celebrities’ likenesses (and their tattoos) in videogames, it’s likely that IP issues and rights of publicity disputes will go way up as people’s virtual avatars take on commercial value in ways that their real human selves never did.
  • Content Moderation. Section 230 of the Communications Decency Act (CDA) has been the target of bipartisan criticism for several years now, yet it remains in effect despite its application in some distasteful ways. How will the CDA be applied to the metaverse, where the exchange of third party content is likely to be even more robust than what we see today on social media?  How will “bad actors” be treated, and what does an account termination look like in the metaverse? Much like the legal issues surrounding offensive content present on today’s social media platforms, and barring a change in the law, the same kinds of issues surrounding user-generated content will persist and the same defenses under Section 230 of the Communications Decency Act will be raised.
  • Blockchain, DAOs, Smart Contract and Digital Assets: Since the metaverse is planned as a single forum with disparate operators and users, the use of a blockchain (or blockchains) would seem to be one solution to act as a trusted, immutable ledger of virtual goods, in-world currencies and identity authentication, particularly when interactions may be somewhat anonymous or between individuals who may or may not trust each other and in the absence of a centralized clearinghouse or administrator for transactions. The use of smart contracts may be pervasive in the metaverse.  Investors or developers may also decide that DAOs (decentralized autonomous organizations) can be useful to crowdsource and fund opportunities within that environment as well.  Overall, a decentralized metaverse with its own discrete economy would feature the creation, sale and holding of sovereign digital assets (and their free use, display and exchange using blockchain-based payment networks within the metaverse). This would presumably give NFTs a role beyond mere digital collectibles and investment opportunities as well as a role for other forms of digital currency (e.g., cryptocurrency, utility tokens, stablecoins, e-money, virtual “in game” money as found in some videogames, or a system of micropayments for virtual goods, services or experiences).  How else will our avatars be able to build a new virtual wardrobe for what is to come?

With this shift to blockchain-based economic structures comes the potential regulatory issues behind digital currencies. How will securities laws view digital assets that retain and form value in the metaverse?  Also, as in life today, visitors to the metaverse must be wary of digital currency schemes and meme coin scams, with regulators not too far behind policing the fraudsters and unlawful actors that will seek opportunities in the metaverse. While regulators and lawmakers are struggling to keep up with the current crop of issues, and despite any progress they may make in that regard, many open issues will remain and new issues will be of concern as digital tokens and currency (and the contracts underlying them) take on new relevance in a virtual world.

Big ideas are always exciting. Watching the metaverse come together is no different, particularly as it all is happening alongside additional innovations surrounding the web, blockchain and cryptocurrency (and, more than likely, updated laws and regulations). However, it’s still early. And we’ll have to see if the current vision of the metaverse will translate into long-term, concrete commercial and civic-minded opportunities for businesses, service providers, developers and individual artists and creators.  Ultimately, these parties will need to sort through many legal issues, both novel and commonplace, before creating and participating in a new virtual world concept that goes beyond the massive multi-user videogame platforms and virtual worlds we have today.

Article By Jeffrey D. Neuburger of Proskauer Rose LLP. Co-authored by  Jonathan Mollod.

For more legal news regarding data privacy and cybersecurity, click here to visit the National Law Review.

© 2021 Proskauer Rose LLP.

OFAC Reaffirms Focus on Virtual Currency With Updated Sanctions Law Guidance

On October 15, 2021, the US Department of the Treasury’s Office of Foreign Asset Control (OFAC) announced updated guidance for virtual currency companies in meeting their obligations under US sanctions laws. On the same day, OFAC also issued guidance clarifying various cryptocurrency-related definitions.

Coming on the heels of the Anti-Money Laundering Act of 2020—and in the context of the Biden administration’s effort to crackdown on ransomware attacks—the recent guidance is the latest indication that regulators are increasingly focusing on virtual currency and blockchain. In light of these developments, virtual currency market participants and service providers should ensure they are meeting their respective sanctions obligations by employing a “risk-based” anti-money laundering and sanctions compliance program.

This update highlights the government’s continued movement toward subjecting the virtual currency industry to the same requirements, scrutiny and consequences in cases of noncompliance as applicable to traditional financial institutions.

IN DEPTH

The release of OFAC’s Sanctions Compliance Guidance for the Virtual Currency Industry indicates an increasing expectation for diligence as it has now made clear on several occasions that sanctions compliance “obligations are the same” for virtual currency companies who must employ an unspecified “risk-based” program (See: OFAC Consolidated Frequently asked Questions 560). OFAC published it with the stated goal of “help[ing] the virtual currency industry prevent exploitation by sanctioned persons and other illicit actors.”

With this release, OFAC also provided some answers and updates to two of its published sets of “Frequently Asked Questions.”

FAQ UPDATES (FAQ 559 AND 546)

All are required to comply with the US sanctions compliance program, including persons and entities in the virtual currency and blockchain community. OFAC has said time and again that a “risk-based” program is required but that “there is no single compliance program or solution suitable for all circumstances” (See: FAQ 560). While market participants and service providers in the virtual currency industry must all comply, the risk of violating US sanctions are most acute for certain key service providers, such as cryptocurrency exchanges and over-the-counter (OTC) desks that facilitate large volumes of virtual currency transactions.

OFAC previously used the term “digital currency” when it issued its first FAQ and guidance on the subject (FAQ 560), which stated that sanctions compliance is applicable to “digital currency” and that OFAC “may include as identifiers on the [Specially Designated Nationals and Blocked Persons] SDN List specific digital currency addresses associated with blocked persons.” Subsequently, OFAC placed certain digital currency addresses on the SDN List as identifiers.

While OFAC previously used the term “digital currency,” in more recent FAQs and guidance, it has used a combination of the terms “digital currency” and “virtual currency” without defining those terms until it released FAQ 559.

In FAQ 559, OFAC defines “virtual currency” as “a digital representation of value that functions as (i) a medium of exchange; (ii) a unit of account; and/or (iii) a store of value; and is neither issued nor granted by any jurisdiction.” This is a broad definition but likely encompasses most assets, which are commonly referred to as “cryptocurrency” or “tokens,” as most of these assets may be considered as “mediums of exchange.”

OFAC also defines “digital currency” as “sovereign cryptocurrency, virtual currency (non-fiat), and a digital representation of fiat currency.” This definition appears to be an obvious effort by OFAC to make clear that its definitions include virtual currencies issued or backed by foreign governments and stablecoins.

The reference to “sovereign cryptocurrency” is focused on cryptocurrency issued by foreign governments, such as Venezuela. This is not the first time OFAC has focused on sovereign cryptocurrency. It ascribed the use of sovereign backed cryptocurrencies as a high-risk vector for US sanctions circumvention. Executive Order (EO) 13827, which was issued on March 19, 2018, explicitly stated:

In light of recent actions taken by the Maduro regime to attempt to circumvent U.S. sanctions by issuing a digital currency in a process that Venezuela’s democratically elected National Assembly has denounced as unlawful, hereby order as follows: Section 1. (a) All transactions related to, provision of financing for, and other dealings in, by a United States person or within the United States, and digital currency, digital coin, or digital token, that was issued by, for, or on behalf of the Government of Venezuela on or after January 9, 2018, are prohibited as of the effective date of this order.

On March 19, 2018, OFAC issued FAQs 564, 565 and 566, which were specifically focused on Venezuela issued cryptocurrencies, stating that “petro” and “petro gold” are considered a “digital currency, digital coin, or digital token” subject to EO 13827. While OFAC has not issued specific FAQs or guidance on other sovereign backed cryptocurrencies, it may be concerned that a series of countries have stated publicly that they plan to test and launch sovereign backed securities, including Russia, Iran, China, Japan, England, Sweden, Australia, the Netherlands, Singapore and India. With the release if its most recent FAQs, OFAC is reaffirming that it views sovereign cryptocurrencies as highly risky and well within the scope of US sanctions programs.

The reference to a “digital representation of fiat currency” appears to be a reference to “stablecoins.” In theory, stablecoins are each worth a specified value in fiat currency (usually one USD each). Most stablecoins were touted as being completely backed by fiat currency stored in segregated bank accounts. The viability and safety of stablecoins, however, has recently been called into question. One of the biggest players in the stablecoin industry is Tether, who was recently fined $41 million by the US Commodities Futures Trading Commission for failing to have the appropriate fiat reserves backing its highly popular stablecoin US Dollar Token (USDT). OFAC appears to have taken notice and states in its FAQ that “digital representations of fiat currency” are covered by its regulations and FAQs.

FAQ 646 provides some guidance on how cryptocurrency exchanges and other service providers should implement a “block” on virtual currency. Any US persons (or persons subject to US jurisdiction), including financial institutions, are required under US sanctions programs to “block” assets, which requires freezing assets and notifying OFAC within 10 days. (See: 31 C.F.R. § 501.603 (b)(1)(i).) FAQ 646 makes clear that “blocking” obligations applies to virtual currency and also indicates that OFAC expects cryptocurrency exchanges and other service providers be required to “block” the virtual currency at issue and freeze all other virtual currency wallets “in which a blocked person has an interest.”

Depending on the strength of the anti-money laundering/know-your-customer (AML/KYC) policies employed, it will likely prove difficult for cryptocurrency exchanges and other service providers to be sure that they have identified all associated virtual currency wallets in which a “blocked person has an interest.” It is possible that a cryptocurrency exchange could onboard a customer who complied with an appropriate risk-based AML/KYC policy and, unbeknownst to the cryptocurrency exchange, a blocked person “has an interest” in one of the virtual currency wallets. It remains to be seen how OFAC will employ this “has an interest” standard and whether it will take any cryptocurrency exchanges or other service providers to task for not blocking virtual currency wallets in which a blocked person “has an interest.” It is important for cryptocurrency exchanges or other service providers to implement an appropriate risk-based AML/KYC policy to defend any inquiries from OFAC as to whether it has complied with the various US sanctions programs, including by having the ability to identify other virtual currency wallets in which a blocked person “has an interest.”

UPDATED SANCTIONS COMPLIANCE GUIDANCE

OFAC’s recent framework for OFAC Compliance Commitments outlines five essential components for a virtual currency operator’s sanctions compliance program. These components generally track those applicable to more traditional financial institutions and include:

  1. Senior management should ensure that adequate resources are devoted to the support of compliance, that a competent sanctions compliance officer is appointed and that adequate independence is granted to the compliance unit to carry out their role.
  2. An operative risk assessment should be fashioned to reflect the unique exposure of the company. OFAC maintains both a public use sanctions list and a free search tool for that list which should be employed to identify and prevent sanctioned individuals and entities from accessing the company’s services.
  3. Internal controls must be put in place that address the unique risks recognized by the company’s risk assessment. OFAC does not have a specific software or hardware requirement regarding internal controls.
    1. Although OFAC does not specify required internal controls, it does provide recommended best practices. These include geolocation tools with IP address blocking controls, KYC procedures for both individuals and entities, transaction monitoring and investigation software that can review historically identified bad actors, the implementation of remedial measures upon internal discovery of weakness in sanction compliance, sanction screening and establishing risk indicators or red flags that require additional scrutiny when triggered.
    2. Additionally, information should be obtained upon the formation of each new customer relationship. A formal due diligence plan should be in place and operated sufficiently to alert the service provider to possible sanctions-related alarms. Customer data should be maintained and updated through the lifecycle of that customer relationship.
  4. To ensure an entity’s sanctions compliance program is effective and efficient, that entity should regularly test their compliance against independent objective testing and auditing functions.
  5. Proper training must be provided to a company’s workforce. For a company’s sanctions compliance program to be effective, its workforce must be properly outfitted with the hard and soft skills required to execute its compliance program. Although training programs may vary, OFAC training should be provided annually for all employees.

KEY TAKEAWAYS

As noted in OFAC’s press release issued simultaneously with the updated FAQ’s, “[t]hese actions are a part of the Biden Administration’s focused, integrated effort to counter the ransomware threat.” The Biden administration’s increased focus on regulatory and enforcement action in the virtual currency space highlights the importance for market participants and service providers to implement a robust compliance program. Cryptocurrency exchanges and other service providers must take special care in drafting and implementing their respective AML/KYC policies and in ensuring the existence of risk-based AML and sanctions compliance programs, which includes a periodic training program. When responding to inquiries from OFAC or other regulators, it will be critical to have documented evidence of the implementation of a risk-based AML/KYC program and proof that employees have been appropriately trained on all applicable policies, including a sanctions compliance policy.

Article By Joseph B. Evans, Edward B. Diskant, and Alexandra C. Scheibe of McDermott Will & Emery.

Ethan Heller, a law clerk in the firm’s New York office, also contributed to this article.

© 2021 McDermott Will & Emery
For the latest in Financial, Securities, and Banking legal news, read more at the National Law Review.

Crypto Laundering: Bitcoin + Money Laundering

Bitcoin was a massive innovation to the world that allows transactions to be processed faster, makes them easier to use, lack third parties and intermediaries, and have stronger security. The technology underlying Bitcoin is the blockchain, which is the decentralized ledger where all Bitcoin transactions are stored.

At the same time, criminals are increasingly seeking to exploit the latest technology to their financial benefit. Bitcoin transactions actually have the ability to make money laundering easier for criminals because cryptocurrencies are conducted, transferred, and stored online and allow cybercriminals to move their funds instantly across borders.

This article explains the interconnection between Bitcoin and money laundering, warning signs, and how a lawyer can help you with your crypto issue.

Bitcoin as an Attractive Option for Laundering

One of the first questions many ask is why is Bitcoin such an attractive option for criminals seeking to launder money?

The most important answer is that laundering cryptocurrencies via online exchanges and then converting them to cash is much simpler than laundering bags of cash often across borders. Online transactions have no borders, and it obviates the need to physically move illegal money from place to place. Therefore, it is easy and practical.

Second, there is a certain degree of anonymity associated with Bitcoin transactions. While not 100% anonymous, these transactions are in fact pseudonymous. This means that the public Bitcoin addresses used for transactions are not registered in the names of individuals.

The transactions are stored publicly on the blockchain (the public decentralized ledger where all transactions are stored), but only the individual making the transaction has access to the account and Bitcoin wallet. Therefore, federal agencies will have a challenging time linking a particular Bitcoin transaction back to any one individual or entity. However, detection is not impossible.

To overcome this obstacle, criminals will use Bitcoin mixing services, which allow the individual to “mix” their Bitcoins with other users and jumble the connections between individuals’ addresses.

The goal is to make it practically impossible for anyone to detect the origin and destination addresses of those illegal Bitcoin transactions. This allows criminals to cash out without fear of ever being identified. In addition, many wallet providers and online crypto exchanges have few if not no anti-money laundering (“AML”) or Know Your Customer (“KYC”) regulations, which represents a very attractive option for cybercriminals.

Third, the lack of regulation or inconsistent regulation of the crypto sphere makes detection of large Bitcoin transactions more unlikely—both the initial Bitcoin transaction and when the criminals seek to “cash-out” and convert their Bitcoins to cash.

Traditional financial and banking options are very regulated both at the state and federal levels. On the other hand, cryptocurrencies are loosely regulated. This makes the use of cryptocurrencies attractive to criminals who believe they can evade regulation and scrutiny of various law enforcement agencies within the nation and abroad.

Warning Signs of Crypto Laundering

Crypto laundering is a crime. Despite the lack of federal guidance on this issue, many law enforcement agencies are relying on existing laws and traditional investigative tools to uncover instances of crypto laundering. Below are some warning signs of crypto laundering:

  • Transfer of crypto funds to wallets in unregulated or less regulated jurisdictions;
  • Multiple high-value transactions occurring within a short period of time;
  • Bitcoin or other transactions totaling amounts that are just under the amount that would trigger reporting requirements;
  • Immediately withdrawing cryptocurrency deposits;
  • New accounts funded with an amount that is immediately withdrawn;
  • Transactions with multiple cryptocurrencies on many accounts;
  • Deposits from unregulated jurisdictions or jurisdictions with poor AML and KYC regulations; and
  • One wallet that is linked to multiple credit card accounts under different individuals’ names or one wallet linked to multiple bank accounts.

The above warning signs should be considered by individuals seeking to do business with a firm dealing with cryptocurrencies, by law enforcement agencies investigating certain individuals and entities, and during AML reviews within crypto service providers.

In addition, in 2020, the Financial Action Task Force (“FATF”) released a report about red flag indicators for money laundering that is intended to assist crypto wallet and exchange companies as well as financial authorities.

How An Attorney Can Help Defend You Against Crypto Laundering Allegations

Federal agencies including the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) have been especially eager to investigate alleged instances of crypto laundering fraud. On June 29, 2021, in a DOJ investigation, “Doctor Bitcoin ” pleaded guilty to operating an illegal cash-to-cryptocurrency conversion business. This underscores the importance of retaining counsel experienced in defending against allegations of crypto laundering. Below are some examples of how an attorney can help you with your crypto issue:

  • Conducting fraud investigations involving cryptocurrencies;
  • Advising on Security Token Offerings (“STOs”) and Initial Coin Offerings (“ICOs”);
  • Valuing of cryptocurrencies and assets;
  • Assisting with purchasing property or other assets with cryptos;
  • Advising on AML and KYC regulations;
  • Checking on internal and external compliance;
  • Advising on wills, trusts, and inheritances of crypto assets and cryptocurrencies;
  • Drafting compliance documents or documents regarding coin issuances;
  • Advising on due diligence of customers;
  • Advising on identification and verification procedures involving crypto transactions; and
  • Advising on monitoring crypto transactions for compliance with applicable regulations, for suspicious activity, and for certain money laundering warning signs.

“The use of cryptocurrencies such as Bitcoin to facilitate online transactions has both advantages and disadvantages. While crypto transactions offer speed, ease in use, and low transaction costs, they can also facilitate elaborate money laundering schemes, illegal purchases, and ransomware attacks. Specifically, Bitcoin laundering is becoming a cost-effective and highly appealing option for cyber criminals aiming to convert illegally obtained cryptocurrencies into legitimate cash. While there are few laws regulating cryptocurrencies, many federal agencies will go after companies and individuals alleged to have engaged in fraudulent crypto transactions under already-existing statutes. Therefore, the consequences can be just as severe—fines and penalties, disgorgement orders, injunctions, and possibly jail time.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

Conclusion

Crypto laundering is becoming a serious problem for law enforcement agencies as cybercriminals continue to exploit new and emerging technologies for financial gain. Criminals are attracted to the cryptocurrency, Bitcoin, because it is easy and practical to move digitized money, because these transactions are very difficult to trace, and because there is a lack of consistent regulation regarding cryptocurrencies.

Identifying red flags are important safeguards for individuals, businesses, and law enforcement agencies to consider. In fact, law enforcement agencies have been especially zealous in investigating alleged instances of crypto laundering based on certain red flags.

This article was written by Dr. Nick Oberheiden of Oberheiden PC. For more articles relating to crypto laundering, please visit our finance page.

A Flurry of CFTC Actions Shock the Cryptocurrency Industry

The Commodity Futures Trading Commission (CFTC) sent shockwaves across the cryptocurrency industry when it issued a $1.25 million settlement order with Kraken, one of the industry’s largest market participants. The next day, the CFTC announced that it had charged each of 14 entities for offering cryptocurrency derivatives and margin trading without registering as a futures commission merchant (FCM). While the CFTC has issued regulatory guidance in the past and engaged in some regulatory enforcement activities, it has now established itself as a key regulator of the industry along with the US Securities and Exchange Commission (SEC), the US Department of Justice (DOJ) and the US Department of the Treasury (Treasury). Market participants should be aware that the CFTC will continue to take a more active role in regulation and enforcement of commodities and derivatives transactions moving forward.

The CFTC alleged that each of the defendants were acting as an unregistered FCM. Under Section 1a(28)(a) of the Commodity Exchange Act (the Act), 7 U.S.C. § 1(a)(28)(A), an FCM is any “individual, association, partnership, or trust that is engaged in soliciting or accepting orders for the purchase or sale of a commodity for future delivery; a security futures product; a swap . . . any commodity option authorized under section 6c of this title; or any leverage transaction authorized under section 23 of this title.” In order to be considered an FCM, that entity must also “accept[] money, securities, or property (or extends credit in lieu thereof) to margin, guarantee, or secure any trades or contracts that result or may result therefrom.” (See: 7 U.S.C. § 1(a)(28)(A)(II).) 7 U.S.C. § 6d(1), requires FCMs to be registered with the CFTC.

IN DEPTH

THE KRAKEN SETTLEMENT

On September 28, 2021, the CFTC issued an order, filing and settling charges against respondent Payward Ventures, Inc. d/b/a Kraken for offering margined retail commodity transactions in cryptocurrency—including Bitcoin—and failing to register as an FCM. Kraken is required to pay a $1.25 million civil monetary penalty and to cease and desist from further violations of the Act. The CFTC stated that, “This action is part of the CFTC’s broader effort to protect U.S. customers.”

The CFTC’s order finds that from approximately June 2020 to July 2021, Kraken violated Section 4(a) of the Act, 7 U.S.C. § 6(a)(2018) by offering to enter into, entering into, executing and/or confirming the execution of off-exchange retail commodity transactions with US customers who were not eligible contract participants or eligible commercial entities. The CFTC also found that Kraken operated as an unregistered FCM in violation of Section 4d(a)(1) of the Act, 7 U.S.C. § 6d(a)(1) (2018). According to the order, Kraken served as the sole margin provider and maintained physical and/or constructive custody of all assets purchased using margins for the duration of a customer’s open margined position.

Margined transactions worked as follows: The customer opened an individual account at Kraken and deposited cryptocurrency or fiat currency into the account. The customer then initiated a trade by selecting (1) the trading pair they wished to trade, (2) a purchase or sale transaction and (3) a margin option. All trades were placed on Kraken’s central limit order book and executed individually for each customer. If a customer purchased an asset using margin, Kraken supplied the cryptocurrency or national currency to pay the seller for the asset. If a customer sold an asset using margin, Kraken supplied the cryptocurrency or national currency due to the buyer. Trading on margin allowed the customer to establish a position but also created an obligation for the customer to repay Kraken at the time the margined position was closed. The customer’s position remained open until they submitted a closing trade, they repaid the margin or Kraken initiated a forced liquidation based on the occurrence of certain triggering events, including limitations on the duration of an open margin position and pre-set margin thresholds. Kraken required customers to exit their positions and repay the assets received to trade on margin within 28 days, however, customers could not transfer assets away from Kraken until satisfying their repayment obligation. If repayment was not made within 28 days, Kraken could unilaterally force the margin position to be liquidated or could also initiate a forced liquidation if the value of the collateral dipped below a certain threshold percentage of the total outstanding margin. As a result, actual delivery of the purchased assets failed to occur.

The CFTC asserted that these transactions were unlawful because they were required to take place on a designated contract market. Additionally, by soliciting and accepting orders for, and entering into, retail commodity transactions with customers and accepting money or property (or extending credit in lieu thereof) to margin these transactions, Kraken was operating as an unregistered FCM.

Coinciding with the release of the enforcement action against Kraken, CFTC Commissioner Dawn D. Sump issued a “concurring statement.” In it, she appeared to be calling upon the CFTC to adopt more specific rules governing the products that are the subject of the enforcement action. Commissioner Sump seemed to indicate that it would be helpful to cryptocurrency market participants if the CFTC clarified its position on the applicability of the Act, as well as registration requirements. The CFTC will likely issue guidance or rules to clarify its position on which cryptocurrency-related products trigger registration requirements.

CFTC CHARGES 14 CRYPTOCURRENCY ENTITIES

On September 29, 2021, the CFTC issued a press release and 14 complaints against cryptocurrency trading platforms. The CFTC is seeking a sanction “directing [the cryptocurrency platforms] to cease and desist from violating the provisions of the Act set forth herein.” Each of the platforms have 20 days to respond.

All of the complaints are somewhat similar in that the CFTC alleges that each of the cryptocurrency platforms “from at least May 2021 and through the present” have offered services to the public “including soliciting or accepting orders for binary options that are based off the value of a variety of assets including commodities such as foreign currencies and cryptocurrencies including Bitcoin, and accepting and holding customer money in connection with those purchases of binary options.”

The CFTC has taken the position that “binary options that are based on the price of an underlying commodity like forex or cryptocurrency are swaps and commodity options as used in the definition of an FCM.” (The CFTC has previously taken the position that Bitcoin and Ethereum constitute “commodities,” doing so in public statements and enforcement actions.) In a prominent enforcement action previously filed by the CFTC in the United States District Court for the Eastern District of New York, the court held that “virtual currency may be regulated by the CFTC as a commodity” and that it “falls well-within the common definition of ‘commodity’ as well as the CEA’s definition of commodities.” (See: CFTC v. McDonnell, et al., 287 F. Supp. 3d 213, 228 (E.D.N.Y. Mar. 6, 2018); CFTC v. McDonnell, et al., No. 18-cv-461, ECF No. 172 (E.D.N.Y. Aug. 23, 2018).) In the action the CFTC filed against BitMEX in October of 2020, it alleged that “digital assets, such as bitcoin, ether, and litecoin are ‘commodities’ as defined under Section 1a(9) of the Act, 7 U.S.C. § 1a(9). (See: CFTC v. HDR Global Trading Limited, et al., No. 20-cv-8132, ECF 1, ¶ 23 (S.D.N.Y. Oct. 1, 2020).)

The CFTC has previously taken the position that Bitcoin, Ethereum and Litecoin are considered commodities. However, in these recently filed complaints, the CFTC did not appear to limit the cryptocurrencies that would be considered “commodities” to just Bitcoin, Ethereum and Litecoin. Instead, the CFTC broadly referred to “commodities such as foreign currencies and cryptocurrencies including Bitcoin.” It remains to be seen which of the hundreds of cryptocurrencies on the market will be considered “commodities,” but it appears that the CFTC is not limiting its jurisdiction to just three. It is also an open question as to whether there are certain cryptocurrencies or cryptocurrency referencing financial products that the SEC and CFTC will determine are subject to the overlapping jurisdiction of both regulators, similar to mixed swaps under the derivatives rules.

The CFTC also singled out two of these cryptocurrency platforms, alleging that they issued false statements to the effect that it “is a registered FCM and RFED with the CFTC and member of the NFA.” The CFTC noted that neither of these entities were ever registered with the National Futures Association (NFA) and one of the NFA ID numbers listed “identifies an individual who was once registered with the CFTC but has been deceased since 2009.”

WHAT’S NEXT

While the SEC, Treasury and DOJ are often considered the most prominent federal regulators in the cryptocurrency space, this recent sweep by the CFTC is not the first time it has flexed its muscles. The CFTC went to trial and won in 2018, accusing an individual of operating a boiler room. In October 2020, the CFTC filed a case against popular cryptocurrency exchange BitMEX for failing to register as an FCM, among other counts. However, unlike those one-off enforcement actions, the recent actions targeting multiple market participants within two days is a big step forward for the CFTC. Cryptocurrency derivative trading has been rising in popularity over the last few years and it is unsurprising that the CFTC is taking a more active enforcement role.

It is expected that regulatory activity within the cryptocurrency space will increase from all US regulators, including the CFTC, SEC, Treasury and the Office of the Comptroller of the Currency, especially as cryptocurrency products are increasingly classified as financial products subject to regulation. While the CFTC and other regulators have issued some regulatory guidance, regulators appear to be taking a “regulatory guidance by enforcement action” strategy. Market participants will need to thoughtfully consider all relevant regulatory regimes in order to determine what compliance activities are necessary. As we describe, multiple classifications are possible.

© 2021 McDermott Will & Emery
For more on cryptocurrency litigation, visit the NLR Cybersecurity, Media & FCC section.