With SEC criticizing crypto sector, exchanges, intermediaries for lack of compliance, registration, AML risks rise for banks holding accounts

The Skinny:

  • Most crypto coins are securities. Virtual value exchanges are basically securities trading platforms. The individuals involved in trading and promoting coins are equivalent to the roles performed by broker dealers and their interspersed, attenuated intermediaries.
  • Those are just some of the key takeaways from Securities Exchange Commission (SEC) Chair Gary Gensler during a recent speech, which concluded that more regulations, registration requirements and compliance considerations are coming – and if you haven’t gauged your crypto firm’s exposure, it will only hurt you in the end.
  • What does this mean for fincrime compliance officers on the ground? While they are not responsible for the customers of their virtual exchange clients, a compliance team may want to query crypto-connected firms to ask if they have registered with the SEC or Commodities Futures Trading Commission (CFTC). 

By Brian Monroe
bmonroe@acfcs.org 
September 13, 2022

Most crypto coins are securities. Virtual value exchanges are basically securities trading platforms. The individuals involved in trading and promoting coins are equivalent to the roles performed by broker dealers and their interspersed, attenuated intermediaries.

As well, just in case it wasn’t clear before to any company or person that didn’t want to hear it: Current securities laws apply to this space – regardless of the debate about the underlying technology, according to the country’s top government securities watchdog.

Those are just some of the key takeaways from Securities Exchange Commission (SEC) Chair Gary Gensler during a recent speech, which concluded that more regulations, registration requirements and compliance considerations are coming – and if you haven’t gauged your crypto firm’s exposure, it will only hurt you in the end.

The core principles from the statutes underpinning the modern-day trading world “apply to all corners of the securities markets,” he said.

“That includes securities and intermediaries in the crypto market. Nothing about the crypto markets is incompatible with the securities laws. Investor protection is just as relevant, regardless of underlying technologies.”

To read the full speech, click here.

The comments spanned many of the current flashpoints in the digital value domain, including where crypto fits – security, commodity or asset – in terms of legal and regulatory oversight, the need for more rules to fight fraud and increased scrutiny of the individuals and intermediaries engaged in trading, lending or exchanging funds.

The statement also gives a more detailed glimpse of the crypto sector’s potential regulatory future, even before Congress settles the issue. 

With interpretation that securities laws apply to crypto, how far does rabbit hole go?

What rules and registration requirements regulators believe apply to the crypto world right now also have broad implications for fincrime compliance programs – at exchanges and banks.  

From one vantage point, crypto exchanges may have to retool how they divvy up customer risk ranking and transaction monitoring duties for disparate and global entities and how they counter fraudsters and scammers as part of their anti-money laundering (AML) program efforts.

In short: Gensler noted that depending on their role and function in crypto trading, entities in the value chain may need to be broken apart, involving the need for new, separate registration requirements and even compliance program duties.

Given that many crypto tokens are securities, it follows that many crypto intermediaries are transacting in securities and have to register with the SEC in some capacity,” he said.  

“Crypto intermediaries — whether they call themselves centralized or decentralized (e.g., DeFi) — often are an amalgam of services that typically are separated from each other in the rest of the securities markets: exchange functions, broker-dealer functions, custodial and clearing functions, and lending functions.”

Crypto intermediaries also “engage in the business of effecting transactions in crypto security tokens for the account of others, which makes them brokers, or engage in the business of buying and selling crypto security tokens for their own account, which makes them dealers.”

Crypto investors should get the protections they receive from regulated broker-dealers and rules to “protect against fraud, manipulation, front-running, wash sales, and other misconduct,” Gensler said, encouraging a proactive approach to current firms.

“If you fall into any of these buckets, come in, talk to us, and register,” he said.  

For bank AML compliance teams, new crypto registration questions to consider

Gensler’s comments, particularly his interpretation that securities laws apply to the bulk of the crypto space, and that, hence, the majority of companies have failed in their registration duties, also put new pressure on banks holding crypto firm accounts.

“Of the nearly 10,000 tokens in the crypto market, I believe the vast majority are securities,” he said. “Offers and sales of these thousands of crypto security tokens are covered under the securities laws.”

“Some tokens may not meet the definition of a security — what I’ll call crypto non-security tokens,” he said. “These likely represent only a small number of tokens, even though they may represent a significant portion of the crypto market’s aggregate value.”

This interpretation could put banks in a quandary.

Banks are the nexus point of the fiat and crypto value worlds, the on-ramp and off-ramp for trades and transactions to become tangible, real world currencies.

What does this mean for fincrime compliance officers on the ground?

While they are not responsible for the customers of their virtual exchange clients, a compliance team may want to query crypto firms to ask if they have registered with the SEC or Commodities Futures Trading Commission (CFTC).

Such a line of questioning is a balancing act of how much does an AML officer want to pester, or alienate, a crypto exchange customer by asking if it has reviewed its own operations, gauged its similarity to securities firms and voluntarily sought registration guidance from the SEC.

The reason: Currently, Congress hasn’t passed a pending bill into law stating that, yes, crypto firms are securities or, more specifically, that individual firms have been analyzed and judged as passing the historic and seminal “Howey Test.”

The Howey Test refers to the U.S. Supreme Court case for determining whether a transaction qualifies as an “investment contract,” and therefore would be considered a security and subject to disclosure and registration requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934, according to online definitions.  

Under the Howey Test, an investment contract exists if there is an “investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others.”

Currently, one of the main compliance and registration requirements for crypto exchanges, at least in the United States, is that they must be registered with the U.S. Treasury’s Financial Crimes Enforcement Network (FINCEN) and are subject to the full panoply of AML program duties. 

But that could change. 

Lawmakers in June released what they called a landmark bill to create a complete regulatory framework for digital assets.

The Responsible Financial Innovation Act (RFIA), from U.S. Senators Kirsten Gillibrand (D-NY), a member of the Senate Agriculture Committee, and Cynthia Lummis (R-WY), a member of the Senate Banking Committee, encourages responsible financial innovation, flexibility, transparency and robust consumer protections while integrating digital assets into existing law.

Central to the bill is regulatory enforcement, oversight and financial crime compliance.

The bill directs the appropriate regulators to study the “potential for sanctions avoidance, money laundering, and terrorist financing and to develop rules around appropriate cybersecurity standards” along with how newer, more innovative technologies could improve regulatory compliance and risk management.

If passed, the CFTC would have jurisdiction over the largest exchanges by market cap, based on definitions of assets as commodities, with SEC having the smaller exchanges and therefore the most by number as classified as securities.

The bill also sets out duties for examiners at the state and federal levels to scrutinize for “appropriate operational, compliance and information technology risk management,” a nod to recent high-profile hacks that have hit virtual value exchanges and any operation, entity and even individuals with hefty stores of digital assets.

To read the original press release by lawmakers about the bill, click here.

What is the fincrime compliance risk if only a regulator believes crypto firms are acting as ‘unregistered’ securities firms?

So just as banks now routinely ask prospective crypto exchange customers, “are you registered with FinCEN,” compliance teams may want to start asking, “Are you registered with the SEC, CFTC or have asked for their guidance on if you need to be?”

Pulling back the lens, Gensler’s statements must also be viewed in the broader context of recent high-profile enforcement actions by federal investigators and regulators against crypto exchanges, mixers, non-fungible token (NFT) sellers and others.

The tacit takeaway: Even if a regulator doesn’t come for you, a federal investigator still might.

With his comments, Gensler has made his position – and that of the SEC – clear: many crypto firms are securities and, as logic follows, are acting as unregistered securities brokers.

Such a stance could be a grave offense for the firm itself and a rising fincrime compliance risk focal point for banking partners.

“Without prejudging any one token, most crypto tokens are investment contracts under the Howey Test,” he said, noting that any reticence on the part of crypto firms to willingly get on the securities bandwagon is an issue of stubbornness, not a lack of understanding.

“Not liking the message isn’t the same thing as not receiving it,” Gensler said.