Cryptocurrencies and Unclaimed Property: Potential Implications of State Escheat Laws for the Blockchain Technology Industry

Posted in Blockchain, Blockchain Technology Task Force, Client Alert, cryptocurrency, Financial Regulation, Unclaimed Property & Escheat

The use of blockchain technology and the issuance of cryptocurrencies have grown considerably in recent years, inviting heightened scrutiny and regulation. While federal securities, tax, and other financial services regulatory agencies, such as the SEC, the IRS, state securities commissioners and others, have begun applying their rules and regulations to cryptocurrency businesses, the cryptocurrency industry has not yet faced significant enforcement from state unclaimed property administrators. This GT Advisory considers the application of state unclaimed property laws to cryptocurrencies, and the potential implications and challenges of such application for both industry participants and state unclaimed property administrators.

Click here for the full GT Advisory, which explores the following:

  • Overview of Unclaimed Property Laws
  • Can Cryptocurrencies Constitute Unclaimed Property Subject to Escheat?
  • Potential Implications and Considerations

The Newest SEC OCIE Risk Alert: Cloud Storage Is Great, If Your Cloud Is Secure!

Posted in Brokers, Client Alert, Cloud Data Storage, OCIE, Risk Management, SEC, Securities and Exchange Commission

On May 23, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on the importance of storing customer and data in a cloud environment in a secure fashion. Titled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features,” the risk alert addresses proper cloud storage practices, and in particular, what potential problems the registered investment adviser and broker-dealer community should be on guard for to avoid or control. OCIE hinted at some of the problems in its opening paragraph: “Although the majority of these network storage solutions offered encryption, password protection, and other security features designed to prevent unauthorized access, examiners observed that firms did not always use the available security features. Weak or misconfigured security settings on a network storage device could result in unauthorized access to information stored on the device.”

Click here for the full GT Alert.

Florida Creates Blockchain Task Force to Study Benefits of Blockchain Technology

Posted in Blockchain, Blockchain Technology Task Force

On May 23, 2019, Florida Gov. Ron DeSantis signed SB 1024 (Florida Blockchain Bill) into law to establish the Florida Blockchain Task Force (Blockchain Task Force) within the Florida Department of Financial Services. The Blockchain Task Force will study if and how Florida’s state, county, and municipal governments can benefit from a transition to blockchain-based systems for recordkeeping, data security, financial transactions, and service delivery, and identify ways blockchain technology can be used to improve government interaction with businesses and the public.

The Florida legislation recognizes that blockchain and distributed ledger technology allow the secure recording of transactions and that blockchain can facilitate more efficient government service delivery, including facilitating safe paperless transactions and recordkeeping protected from cyberattacks and data destruction. With the passing of the Florida Blockchain Bill, Florida has joined a growing list of states – including New York, New Jersey, Illinois and Wyoming — that have formed task forces to study the potential benefits of blockchain.

To read the full GT Alert, click here.

*Special thanks to Alexander M. Capelli˘ for his assistance with this Alert.
˘Not admitted to practice law.

FinCEN Issues Guidance on Application of Regulations to Certain Business Models Involving Convertible Virtual Currencies

Posted in Client Alert, Compliance, convertible virtual currency, cryptocurrency, Financial Crimes Enforcement Network, Financial Regulation, GT Alert, white collar

On May 9, 2019, the Financial Crimes Enforcement Network of the U.S. Department of the Treasury (FinCEN) issued “interpretive guidance” addressing how FinCEN’s money services business (MSB) regulations apply to a variety of business models that use convertible virtual currency (CVC) (2019 FinCEN Guidance). This is the first significant guidance FinCEN has issued regarding the regulatory treatment of virtual currency under the Bank Secrecy Act (BSA) of 1970, as amended, and FinCEN’s implementing regulations thereunder, since its landmark 2013 virtual currency guidance. In that 2013 guidance, FinCEN grouped persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies as “users,” “administrators,” or “exchangers,” and concluded (i) a “user” of virtual currency is not an MSB under FinCEN’s regulations and therefore not subject to MSB registration, reporting, and recordkeeping regulations, but (ii) an “administrator” or “exchanger” is an MSB under FinCEN’s regulations, specifically, a money transmitter, unless a limitation to or exemption from the definition of MSB applies to the person.

Although the virtual currency space has evolved significantly over the last six years, the 30 pages of interpretive guidance essentially affirms the core of the 2013 FinCEN Guidance, incorporates the conclusions of several FinCEN letter rulings and other interpretations released by FinCEN since the 2013 guidance, and analyzes over a dozen business models that use CVCs in their day-to-day activities to assess whether each business model triggers FinCEN MSB regulation.

Concurrent with the issuance of the CVC interpretive guidance, FinCEN published an Advisory on Illicit Activity Involving Convertible Virtual Currency to assist financial institutions in identifying and reporting suspicious activity concerning how criminals and other bad actors exploit convertible CVCs for money laundering, sanctions evasion, and other illicit financing purposes, particularly involving darknet marketplaces, peer-to-peer (P2P) exchangers, foreign-located MSBs, and CVC kiosks/ATMs.

Click here to read the full GT Alert for a comprehensive analysis of the 2019 FinCEN Guidance.

SEC Approves Final Regulation Best Interest, Form CRS

Posted in Brokers, Financial Regulation, GT Alert, Regulatory Compliance, SEC, Securities and Exchange Commission

On June 5, 2019, the Securities and Exchange Commission (SEC) voted 3-1 to adopt a series of proposals intended to “substantially enhance” the standards of conduct for financial professionals.

First and foremost, the SEC adopted Regulation Best Interest (Reg BI), a new rule establishing an updated standard of conduct for broker-dealers and associated persons of broker-dealers when making a recommendation of any securities transaction or investment strategy involving securities to a retail customer. The standard of conduct – which is higher than the current suitability requirement, but falls short of a fiduciary standard – is “to act in the best interest of the retail customer at the time a recommendation is made without placing the financial or other interest of the broker-dealer or natural person who is an associated person making the recommendation ahead of the interest of the retail customer.” Notably, the SEC does not define “best interest,” an omission criticized by SEC member Robert Jackson Jr., the lone dissenter from approval of the rule package because he has supported adoption of a stricter standard.

The commissioners also adopted Form CRS, which are new rules requiring registered investment advisers and registered broker-dealers to provide a brief relationship summary to retail investors.

Click here to read the full GT Alert.

Summer Is Coming – Are You Prepared for the SEC OCIE Cybersecurity Sweep?

Posted in Brokers, Client Alert, Cybersecurity, GT Alert, investment advisor, OCIE, Regulatory Compliance, Risk Management, SEC, Securities and Exchange Commission

In March 2019 the SEC’s Office of Compliance, Inspections and Examinations (OCIE) announced it would soon commence its annual “Cybersecurity Sweep” of registered investment advisers and broker-dealers. The reality of daily breaches and hacks combined with the watchful eye of the SEC and other regulatory and enforcement bodies means registrants should recommit to dedicating the necessary resources to protect their customers from cyber threats.

The SEC has provided some ideas as to the areas of emphasis for the Cyber Sweep in its 2019 Examination Priorities document. OCIE will focus on, among other things, “proper configuration of network storage devices, information security governance generally, and policies and procedures related to retail trading information security. Specific to investment advisers, OCIE will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers, and continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.”

Click here for the full GT Alert, where we discuss OCIE’s likely points of focus in its upcoming cyber sweep.

OCIE Provides Registered Advisers and Broker-Dealers Guidance on Data Protection Compliance Obligations Under Reg S-P and Safeguards Rule

Posted in Client Alert, Compliance, Cybersecurity, GT Alert, OCIE, SEC, Securities and Exchange Commission

On April 16, 2019, the Securities and Exchange Commission’s Office of Compliance, Inspections and Examinations (SEC OCIE) issued a helpful Risk Alert relating to the privacy Regulation S-P (Reg S-P) and “Safeguards Rule” policies and procedures of registered investment advisers and broker dealers. The Risk Alert gives registered investment advisers and broker-dealers fair notice of various points of emphasis the SEC OCIE considers important from an examination perspective and those points that could surface post-breach when the SEC OCIE’s antennae are well-tuned towards finding fault with the registrant’s data protection practices.

After recounting the basics of Reg S-P’s privacy requirements and the requirements of the Safeguards Rule, the SEC OCIE lists what it calls “examples” of the “most common deficiencies or weaknesses identified by OCIE staff in connection with the Safeguards Rule.”

Click here for the full GT Alert.

SEC Proposes Changes to the Financial Statement Requirements Relating to Acquisitions and Dispositions of Businesses

Posted in SEC, Securities and Exchange Commission

On May 3, 2019, the Securities and Exchange Commission (SEC) proposed amendments to the financial disclosure requirements in Rule 3-05 (Acquired Company Financial Information), Rule 3-14 (Real Estate Operations), and Article 11 (Pro Forma Financial Information) of Regulation S-X for financial statements of businesses acquired or to be acquired and for business dispositions. The SEC also proposed new Rule 6-11 of Regulation S-X and amendments to Form N-14 for financial reporting of acquisitions involving investment companies, as well as additional changes related to oil and gas producing activities and real estate operations, and conforming changes for smaller reporting companies, which are not discussed in this GT Alert. The proposed changes are a continuation of the SEC’s ongoing, comprehensive evaluation as part of its Disclosure Effectiveness Initiative.

The proposed changes are intended to (1) improve the financial information about acquired and disposed businesses; (2) facilitate more timely access to capital; and (3) reduce the complexity and cost to prepare the disclosure.

Overview of Current Financial Statement Requirements

When an issuer acquires a “business”, other than a real estate operation, Rule 3-05 of Regulation S-X generally requires an issuer to provide separate audited annual and unaudited interim pre-acquisition financial statements of the acquired business if it is significant to the issuer. The financial statements of the acquired business are generally the same as those as if the acquired business were a registrant, except that the number of years of audited financial statements is determined by the level of significance. Recognizing that certain acquisitions have a greater impact on the issuer than others, the SEC addresses the reporting requirements for businesses acquired or to be acquired based on the “significant subsidiary” definition in Rule 1-02(w) of Regulation S-X using a sliding scale approach.

Significance of an acquired business is evaluated under Rule 3-05 based upon three criteria (which in turn are derived from Rule 1-02(w)):

  • the amount of the issuer’s investment in the acquired business compared to the issuer’s total assets (Investment Test);
  • the issuer’s share of the total assets of the acquired business compared to the issuer’s total assets (Asset Test); and
  • the issuer’s share of pre-tax income from continuing operations of the acquired business compared to the issuer’s pre-tax income from continuing operations (Income Test);

in each case, based upon a comparison between the issuer and acquired business’s most recent annual financial statements.

Click here for the full GT Alert, which examines the current significance criteria for acquisitions and summarizes the proposed changes.

Proposed Amendment to Japanese Crypto Asset Laws

Posted in Blockchain, Blockchain Technology Task Force, cryptocurrency, Financial Regulation, Virtual Currency

A bill to amend the Japanese laws regulating cryptocurrency exchange businesses or financial instruments transactions, including the Act on Settlement of Funds (Settlement Act) and the Financial Instruments and Exchange Act (FIEA), was submitted to the Diet on March 15, 2019. The bill proposes to call cryptocurrencies “Crypto Assets” (CA) rather than “Virtual Currencies” (VC) and intends to introduce additional regulations to ensure user protection, regulate derivatives trades on cryptocurrencies, and establish a more transparent regulatory framework on cryptocurrencies.

In response to increasing international demand for robust Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) compliance measures, Japan’s registration regime for virtual currencies exchange businesses (VC Exchange Business) was implemented by amendment of the Settlement Act in April 2017. The regulators examined each applicant’s internal control and compliance systems, including customer intake process and trade monitoring, financial strength, and measures for safe custody of customer assets, including the safe management of trading system, measures against cyberattacks or segregation of customers’ assets, etc., before granting registration as a VC Exchange Business operator (VC Exchanger).

However, in 2018, a couple of Japanese VC Exchangers, Coincheck (during the application review process) and Tech Bureau/Zaif (after formal registration was completed), suffered hacks and lost their users’ and their own cryptocurrencies valued at approximately 58 billion yen ($518 million) and 7 billion yen ($63 million), respectively. Although user number had increased and the business of VC Exchangers had expanded rapidly, internal control and compliance systems were inadequate to conduct the VC Exchange Business with sufficient protection for user interests/assets.

Furthermore, cryptocurrencies became a tool of speculation for individual traders with margin trading of highly leveraged cryptocurrencies. Although new types of transactions with cryptocurrencies, such as margin trading, initial coin offerings, or security token offerings, were developed and growing, they remained unregulated, with rules and regulations applicable to these new transactions unclear.

Given the above challenges, the bill was submitted to enhance user protection and articulate applicable rules and regulations by streamlining the regulatory framework on cryptocurrencies.

Click here for the full GT Alert, which examines the major amendments and newly employed provisions of the Settlement Act and the FIEA.

When Can Futures Commission Merchants and Broker-Dealers Be Deemed Banks?

Posted in banking, Banks, Brokers, Client Alert, Financial Services Litigation, GT Alert, investment advisor, Litigation

On March 21, 2019, in Whitaker v. Wedbush Securities, an Illinois appellate court for the first time addressed the liability of a futures commission merchant (FCM) or broker-dealer (BD) under Section 4A-105 of the Uniform Commercial Code (UCC).

By way of background, a customer of an FCM dually registered as a BD ostensibly requested a series of wire transfers from his commodity trading accounts. Unbeknownst to the FCM, in reality a third-party hacker had breached the customer’s computer system and thereafter interposed himself as the customer in connection with the request for the wire transfers. The FCM honored the requests and transferred the money to what the FCM thought was the customer’s account, but was really the fraudster’s bank account. When the customer discovered the fraud, he sued the FCM under Article 4A of the UCC, alleging that (notwithstanding the fact that the FCM was not a bank, savings and loan, or trust company) it was “deemed to be in the business of banking” by virtue of its involvement in connection with the handling of the requested wire transfers. The trial court held the FCM was not engaged in the business of banking and therefore not subject to Article 4A.

The core issue on appeal focused on what constitutes being “engaged in the business of banking” under Article 4A, and whether the FCM was engaged in the business of banking.

What did the appellate court find? Click here to read the full GT Alert.