On October 10, 2022, the Organisation for Economic Co-Operation and Development (OECD) released its new global tax reporting standards for cryptocurrency and other digital assets, the Crypto-Asset Reporting Framework (CARF) and Amendments to the Common Reporting Standard.[1] The CARF provides standards that, if adopted by jurisdictions, would require cryptocurrency exchanges, intermediaries, and other service providers to report to tax authorities required tax information related to certain crypto-asset transactions.

In response to the rapid use and adoption of cryptocurrency, the G-20 mandated the OECD develop a framework for the exchange of tax information for crypto-assets. According to the OECD, crypto-assets are often transferred without the use of traditional financial intermediaries and the CARF addresses coverage gaps in the Common Reporting Standard (CRS) to develop an international reporting framework to ensure standardized tax reporting for crypto-asset transactions.

The CARF includes model rules and commentary for countries to implement domestic laws to collect information related to crypto-asset transactions and is focused on four key areas: (1) the scope of crypto-assets to be covered, (2) the entities and individuals subject to reporting, (3) the transactions subject to reporting, and (4) due diligence procedures.

Continue Reading OECD Releases New Global Tax Reporting Framework for Cryptocurrency

On August 30, 2022, further amendments to the UK’s nine thematic and 29 geographic sanctions regulations came into effect, which expand financial sanctions reporting obligations to cryptoasset exchanges and custodian wallet providers.  The amendments, which were introduced under the Sanctions (EU Exit) (Miscellaneous Amendments) Regulations 2022 and the Sanctions (EU Exit) (Miscellaneous Amendments) (No.2) Regulations 2022 (Amending Regulations), revise the definition of a “relevant firm” to which mandatory financial sanctions reporting obligations apply.

For more information on how these developments could impact your organization, contact Alexandra Melia, in Steptoe’s Economic Sanctions team in London.

Continue Reading New UK Sanctions Legislation Expands Mandatory Financial Sanctions Reporting Obligations to Include Crypto Providers

On August 1, Robinhood Crypto, LLC (RHC) entered a consent order with the New York State Department of Financial Services (DFS) requiring RHC to pay a $30 million fine for violating (1) New York’s virtual currency regulatory regime known as the BitLicense, (2) a Supervisory Agreement entered with DFS as a condition of its BitLicense, (3) anti-money laundering (AML) requirements applicable to money transmitters, and (4) other requirements related to transaction monitoring, filtering, and cybersecurity. The consent order, which is DFS’s first enforcement action under the BitLicense regime or against a digital currency business, offers several important takeaways for blockchain companies operating or seeking to operate in the state, including (1) the importance of scaling up compliance processes commensurate with business growth, (2) the risks of relying on compliance programs of affiliated entities, (3) the importance of well-developed reporting lines in compliance programs, and (4) the consequences of filing “improper” certifications under DFS’s transaction monitoring and cybersecurity rules.

Continue Reading DFS’s First Enforcement Action Against a Blockchain Company: Lessons Learned

On August 8, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the imposition of sanctions on the decentralized digital asset mixer Tornado Cash. The action marks the first time OFAC has targeted an on-chain decentralized protocol. To date, OFAC has not issued any guidance specific to decentralized finance (DeFi) as part of its broader sanctions guidance for the “virtual currency” industry, but the Tornado Cash action lays down an important marker and makes clear that OFAC will target projects or protocols engaged in illicit activity regardless of their centralized or decentralized status. (Our prior blog post on OFAC’s general virtual currency guidance is available here).

According to OFAC, Tornado Cash was “used to launder more than $7 billion worth of virtual currency since its creation in 2019,” including over $455 million stolen by the Lazarus Group, a North Korean-backed hacking group that was previously targeted by OFAC sanctions. In announcing the action, Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson explained, “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”

Continue Reading OFAC Designates Tornado Cash in First Action Against a Decentralized Platform

On July 21, 2022, the SEC filed insider trading charges in federal court against a former Coinbase product manager and two others for trading ahead of multiple announcements that certain crypto assets would be made available for trading on the platform.[1] The SEC alleged that the defendants traded ahead of listing announcements for at least 25 crypto assets, “at least nine” of which the Commission asserted are investment contracts under the federal securities laws. The complaint includes a Howey[2] analysis for the nine crypto assets that serve as the basis for the SEC’s jurisdiction in this matter. In a parallel action, the Department of Justice charged the same individuals for wire fraud, notably not pursuant to a securities fraud theory.[3]

The charges against the individuals, should the alleged activity prove to be true, are deserved, and evidently resulted from internal efforts by Coinbase to detect frontrunning of listings. The DOJ’s wire fraud case therefore has a high likelihood of success, again should the allegations prove to be true, because wire fraud can occur regardless of whether the assets at issue are securities. The trouble for the industry comes from the fact that the SEC has made allegations in its civil complaint against nine token projects that are not parties to the action, and in at least some cases, had not previously been subject to a direct investigation by the SEC. Moreover, the SEC’s investment contract allegations are jurisdictional; that is, the SEC must obtain a holding that at least one of the tokens is in fact a security for its insider trading case, based on frontrunning securities listings under US securities laws, to succeed. This creates strong incentives for the SEC to drive the case towards such a finding, and gives little opportunity for the projects at issue—or the industry at large—to effectively refute the SEC’s claims or to contest the SEC’s methods.

Industry problem number one, therefore, is a seeming casting aside of due process considerations with respect to SEC determinations concerning specific tokens or projects. Unarguably, the parties in the best position to defend against the charge that the crypto assets are securities are the projects that launched the crypto assets and the platforms that list them. These entities are not parties to the lawsuit, and at least some were never aware of any investigation by the SEC nor were they solicited for information or legal positions. Moreover, five of the nine projects do not appear to be based in the U.S. and therefore may have little incentive to attempt to intervene or engage with U.S. courts on the matter, since the SEC may not even have jurisdiction over them as entities. Accordingly, the action has placed one platform and nine entities—and by extension, the industry—in a corner, subject to a potentially adverse legal decision without the ability to mount a defense.

The fact that this is an industry problem is illustrated by industry problem number two: the relatively generic nature of the crypto assets that the SEC chose to name in the complaint. Strike out the names of the tokens and their issuers and read only the descriptions of the projects, and the nine tokens sound a lot like representatives of classes or categories of sub-assets within the digital asset ecosystem: payment tokens; native platform tokens; governance tokens, etc. The projects also seemingly represent various sectors of the digital asset industry: payment platforms; decentralized liquidity pools and automated market makers; and projects governed via decentralized autonomous organizations (DAOs). As a result, the complaint portends trouble for the entire digital asset industry, as the SEC uses various factors—some listed in its 2019 FinHub guidance,[4] some not—to support elements of its Howey analysis that are common to many projects across the industry.

As specific examples, the SEC’s Howey analysis for the nine projects reveals the SEC’s views on several common features in DeFi:

Governance TokensThree of the crypto assets identified by the Commission may be characterized as governance tokens. While governance tokens are intended to be a vehicle through which projects can achieve true decentralization, the SEC’s complaint suggests that it will not be persuaded by such efforts, regardless of the level of decentralization via the governance token, when a core development team holds governance tokens and can therefore both vote and derive economic benefit from those tokens. As a result, should the SEC prevail, any governance token could be characterized by the SEC as a security where a core development team (either as individuals or as members of unrelated development companies or labs) holds more than a de minimis number of the tokens.

Staking, Liquidity Pool Tokens, Yield Farming – Decentralized platforms often feature native tokens that enable decentralized liquidity pool trading and automated market making, and often permit (or even require) the staking of a certain number of those tokens in order to access the features of the platform. These functions of the native tokens are commonly considered to represent their utility, and they enable decentralization. However, the SEC relies on these activities and features across a number of the identified crypto assets in order to establish the existence of a common enterprise and a reasonable expectation of profits (two elements of the Howey test). As a result, the complaint is tantamount to an SEC assertion that these common features of DeFi protocols irrevocably taint these tokens as securities.

Offshore DAO StructuresThe SEC’s complaint summarily and repeatedly describes organizational structures consisting of some combination of a U.S.-based company providing software development services, an offshore foundation company, and an offshore unincorporated DAO, as a single entity. The SEC paints with a broad brush, collapsing corporate structures without consideration of applicable provisions of corporate law, ignoring jurisdictional considerations, and conflating platforms and protocols with for-profit corporations and LLCs, foundation and other non-stock entities, and unincorporated entities. While there are no details about the arrangements between these entities, the complaint signals that the SEC may be skeptical of the separation of offshore structures from a U.S. development team, and will not hesitate to make assumptions and allegations concerning the relationship of corporate entities without examination of underlying corporate structures and relationships.

Secondary Market Trading – While the SEC has long represented that the presence of a secondary market for tokens is a factor to consider in determining whether a reasonable expectation of profits exists, the SEC’s complaint focuses on this factor to an unusual degree. The complaint declares that statements emphasizing the ability of purchasers to resell tokens in secondary markets is “a crucial inducement to investors and essential to the market”[5] for crypto assets, and focuses much of its arguments for the nine crypto assets on this factor. As a result, the SEC announces almost a de facto finding of an investment contract if there is secondary market trading of the asset.

It is also worth noting that the Commission’s Howey analysis in this complaint marks an important shift from prior actions. In prior cases like those involving Kik, Telegram, and Ripple, the entities were the subjects of SEC investigations, had the opportunity to provide evidence in their own defense, and had the ability to submit a written legal justification prior to any action being filed (called a Wells submission) presenting its arguments against the security status of the asset. Here, the nine analyses are formulaic: the Commission identifies statements intended to establish that the token issuers promoted (1) the value of the token, (2) the ability for purchasers to engage in secondary trading of the token, and (3) the expertise of the token issuers, at both the time of the sale of tokens to the public and on an ongoing basis. No evidence from the company is included, and in at least some cases, none was ever solicited, nor were the companies provided the ability to advocate their own positions.

In sum, the outcome of the SEC’s complaint is likely to reverberate beyond not only the defendants in the case, the nine crypto asset issuers identified in the complaint, and the platforms that list the nine tokens. Many other DeFi protocols and participants in the larger crypto ecosystem engage in similar activities to the projects identified in the complaint. Many have not had engagement with the SEC, or to the extent that they have, they may believe these interactions to not have reached a point where the SEC would make an allegation concerning their asset in court. To the extent the SEC is successful in obtaining a favorable judgment finding these nine crypto assets to be securities, such a finding will likely be used to underpin additional enforcement actions against larger and more established players in the industry.

Civil insider trading cases are often stayed pending the outcome of the criminal proceeding, so there is time for the industry to react. However, criminal wire fraud cases tend to have the effect of focusing individual defendants’ attention, and there is a real risk that the SEC will attempt to leverage that criminal case to secure the defendants’ agreement to the language of a settlement of the SEC’s civil claims that could be ratified by the court and used as a cudgel against the industry.

For more information on how to assess the potential impact of the SEC’s complaint to your entity, platform, asset, or fund, please contact a member of Steptoe’s Blockchain & Cryptocurrency practice.



[1] Complaint, SEC v. Wahi, et al., 2:22-cv-01009 (W.D. Wash. Jul. 21, 2022), available at https://www.sec.gov/litigation/complaints/2022/comp-pr2022-127.pdf (hereinafter “SEC Complaint”).

[2] SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

[3] Indictment, U.S. v. Wahi, et al., (S.D.N.Y. Jul, 21, 2022), available at https://www.justice.gov/usao-sdny/press-release/file/1521186/download.

[4] SEC FinHub Staff, Framework for “Investment Contract” Analysis of Digital Assets (Apr. 3, 2019), https://www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets.

[5] SEC Complaint at 22.

On June 7, 2022, Senator Cynthia Lummis (R-WY) and Senator Kirsten Gillibrand (D-NY) introduced the Responsible Financial Innovation Act (RFIA), which seeks to create a complete regulatory framework for digital assets. This is the second in a series of blogs on this groundbreaking bipartisan legislation. Click here for a general overview of the bill and a summary of the tax provisions included in the RFIA.

The RFIA attempts to create a clear standard for determining which digital assets are securities and which are commodities, and draws clear jurisdictional lines between the SEC and CFTC. The SEC would retain jurisdiction over the sale of investment contracts, while the CFTC would gain jurisdiction over the digital asset spot markets. CFTC Chairman Rostin Benham quickly declared his support of the proposed division of labor, while SEC Chairman Gary Gensler has expressed concerns that the legislation may undermine existing market regulations for stock exchanges, mutual funds, and public companies.[1] The policy debate over which of the two agencies is best situated to regulate the crypto markets will likely grow louder in the wake of this proposal.

With respect to securities laws, the RFIA seeks to solve the long-standing problem of the application of the Howey test to digital assets: how long does the security label attach to a digital asset that was initially sold as an investment contract? Application of the full panoply of securities laws to every transaction in a digital asset can stifle the growth of a network and create headaches for entities seeking to comply with complex rules that don’t always fit the underlying conduct.

This update provides a summary of the securities law provisions and obligations placed upon the SEC in the RFIA.

Continue Reading Securities Law Implications of Lummis-Gillibrand Bill

On June 7, 2022, Senator Cynthia Lummis (R-WY) and Senator Kirsten Gillibrand (D-NY) introduced the Responsible Financial Innovation Act (RFIA). This highly anticipated legislation is the first attempt at developing a comprehensive regulatory framework for cryptocurrency and digital assets.

The RFIA builds off proposals introduced this Congress and includes a number of provisions related to securities and commodities regulation. In addition, the RFIA amends the Internal Revenue Code to address and clarify issues related to the taxation and reporting of cryptocurrency and digital assets. Interestingly, the RFIA adopts one of the substantive provisions relating to digital assets in the Biden Administration’s “General Explanation of the Administration’s Fiscal Year 2023 Revenue Proposals,” known as the “Greenbook,” but not the other provision. Specifically, the RFIA adopts the provision permitting tax-free loans of digital assets, but not the provision permitting mark-to-market tax accounting for digital asset traders and dealers.

While this legislation attempts to address some of the largest outstanding questions related to the regulation and taxation of cryptocurrency and digital assets, it faces an uphill battle to be signed into law before the end of the 117th Congress. Heading into the 2022 mid-term elections, a number of Biden Administration and Democratic priorities are still awaiting action and will likely take priority this summer and fall over legislation like the RFIA. Further, this legislation will likely need to overcome the 60-vote threshold in the Senate to end a filibuster. However, the introduction of the RFIA in the Senate sets a new marker and will likely serve as a starting point in the next Congress for any legislation to regulate and tax cryptocurrency and other digital assets.

This update provides a summary of the tax provisions included in the RFIA.

Continue Reading New Bipartisan Senate Legislation Seeks to Address Cryptocurrency and Digital Asset Tax Issues

On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury published guidance (Guidance) for US financial institutions warning about: (1) efforts of foreign actors to evade expanding US economic sanctions and trade restrictions related to the Russian Federation and Belarus and (2) increased risk of malicious cyber-attacks and related ransomware campaigns, following the invasion of and continued military action in Ukraine. The Guidance provides instructive red flags and related advice for all US financial institutions to evaluate, and provides information of particular relevance for Money Services Businesses (MSBs) and other FinCEN-regulated institutions undertaking transactions in what the agency calls “convertible virtual currency” (CVC).

Most notably, FinCEN strongly encourages US financial institutions that have information about CVC flows, including exchangers or administrators of CVC to: (1) be mindful of efforts to evade expanded US sanctions and export controls related to Russia and Belarus, summarized by Steptoe here; (2) submit Suspicious Activity Reports (SARs) as soon as possible regarding such conduct; (3) undertake appropriate risk-based due diligence of customers, and where required, enhanced due diligence; (4) voluntarily share information with other financial institutions consistent with Section 314(b) of the USA PATRIOT Act; and (5) consider using tools to identify assets that must be blocked or frozen under applicable sanctions.

Continue Reading What US Financial Institutions Need to Know about FinCEN’s Russian Sanctions Evasion and Ransomware Guidance

On November 1, 2021, the President’s Working Group on Financial Markets (PWG), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued a joint report that, among other things, calls on Congress to adopt legislation to enable federal oversight of stablecoin issuers, custodial wallet providers that hold stablecoins, and others (e.g., certain DeFi products, services, and arrangements related to stablecoins).

The report highlights the agencies’ views on risks related to consumer protection, payments and settlements, “runs” due to price fluctuations, illicit finance, and other perceived risks to the US financial system. Specifically, the report calls for legislation that would:

  • Require stablecoin issuers to operate as insured depository institutions subject to federal oversight at both the depository institution and holding company levels;
  • Subject custodial wallet providers holding stablecoins on behalf of users to federal oversight and empower federal supervisors to impose risk-management standards on “any entity that performs activities that are critical to the functioning of [a] stablecoin arrangement.”
  • Limit the ability of stablecoin issuers’ and custodial wallet providers that hold stablecoins to affiliate with commercial entities (e.g., non-financial companies with access to consumer data) to discourage the “concentration of economic power” or to use users’ transaction data and empower federal agencies to promote interoperability among stablecoins.

In the meantime, the report states that “federal financial agencies are committed to taking action to address risks falling within each agency’s jurisdiction,” including through existing investor and market protection measures. The report also calls on the Financial Stability Oversight Council to take steps which could include designating certain stablecoin activities as systemically important payment, clearing, and settlement activities, allowing for additional federal oversight.

According to the report, US federal agencies will continue to cooperate with international groups such as the Financial Action Task Force (FATF) to promote global standards for regulation of stablecoins.

Several days earlier, on October 28, 2021, the FATF issued  updated guidance on risk-based regulation of virtual assets and virtual asset service providers for anti-money laundering and counter-financing of terrorism purposes. The updated guidance affirms that stablecoins fall within the scope of the FATF recommendations, whether a country treats them as virtual assets or financial assets (e.g., securities) under national regulation.

For more information on how these developments could impact your company, contact a member of Steptoe’s Blockchain & Cryptocurrency practice.

The House Rules Committee recently released the latest version of HR 5376, the Build Back Better Act. This proposal would amend Internal Revenue Code section 1091 (“loss from wash sales of stock or securities”) to apply to a much broader range of assets, including foreign currency, commodities, and digital assets, in addition to stocks and securities. The legislation would also apply the wash sale rule to acquisitions of substantially identical assets by related parties, such as a spouse, dependent, corporation, partnership, trust, or estate which controls, or is controlled by the taxpayer, as well as certain types of accounts (including IRAs, health savings accounts, section 529 accounts, Coverdell education savings accounts, and qualified retirement plan accounts).

Click here to read the full client advisory.