On June 7, 2022, Senator Cynthia Lummis (R-WY) and Senator Kirsten Gillibrand (D-NY) introduced the Responsible Financial Innovation Act (RFIA), which seeks to create a complete regulatory framework for digital assets. This is the second in a series of blogs on this groundbreaking bipartisan legislation. Click here for a general overview of the bill and a summary of the tax provisions included in the RFIA.

The RFIA attempts to create a clear standard for determining which digital assets are securities and which are commodities, and draws clear jurisdictional lines between the SEC and CFTC. The SEC would retain jurisdiction over the sale of investment contracts, while the CFTC would gain jurisdiction over the digital asset spot markets. CFTC Chairman Rostin Benham quickly declared his support of the proposed division of labor, while SEC Chairman Gary Gensler has expressed concerns that the legislation may undermine existing market regulations for stock exchanges, mutual funds, and public companies.[1] The policy debate over which of the two agencies is best situated to regulate the crypto markets will likely grow louder in the wake of this proposal.

With respect to securities laws, the RFIA seeks to solve the long-standing problem of the application of the Howey test to digital assets: how long does the security label attach to a digital asset that was initially sold as an investment contract? Application of the full panoply of securities laws to every transaction in a digital asset can stifle the growth of a network and create headaches for entities seeking to comply with complex rules that don’t always fit the underlying conduct.

This update provides a summary of the securities law provisions and obligations placed upon the SEC in the RFIA.

Continue Reading Securities Law Implications of Lummis-Gillibrand Bill

On June 7, 2022, Senator Cynthia Lummis (R-WY) and Senator Kirsten Gillibrand (D-NY) introduced the Responsible Financial Innovation Act (RFIA). This highly anticipated legislation is the first attempt at developing a comprehensive regulatory framework for cryptocurrency and digital assets.

The RFIA builds off proposals introduced this Congress and includes a number of provisions related to securities and commodities regulation. In addition, the RFIA amends the Internal Revenue Code to address and clarify issues related to the taxation and reporting of cryptocurrency and digital assets. Interestingly, the RFIA adopts one of the substantive provisions relating to digital assets in the Biden Administration’s “General Explanation of the Administration’s Fiscal Year 2023 Revenue Proposals,” known as the “Greenbook,” but not the other provision. Specifically, the RFIA adopts the provision permitting tax-free loans of digital assets, but not the provision permitting mark-to-market tax accounting for digital asset traders and dealers.

While this legislation attempts to address some of the largest outstanding questions related to the regulation and taxation of cryptocurrency and digital assets, it faces an uphill battle to be signed into law before the end of the 117th Congress. Heading into the 2022 mid-term elections, a number of Biden Administration and Democratic priorities are still awaiting action and will likely take priority this summer and fall over legislation like the RFIA. Further, this legislation will likely need to overcome the 60-vote threshold in the Senate to end a filibuster. However, the introduction of the RFIA in the Senate sets a new marker and will likely serve as a starting point in the next Congress for any legislation to regulate and tax cryptocurrency and other digital assets.

This update provides a summary of the tax provisions included in the RFIA.

Continue Reading New Bipartisan Senate Legislation Seeks to Address Cryptocurrency and Digital Asset Tax Issues

On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury published guidance (Guidance) for US financial institutions warning about: (1) efforts of foreign actors to evade expanding US economic sanctions and trade restrictions related to the Russian Federation and Belarus and (2) increased risk of malicious cyber-attacks and related ransomware campaigns, following the invasion of and continued military action in Ukraine. The Guidance provides instructive red flags and related advice for all US financial institutions to evaluate, and provides information of particular relevance for Money Services Businesses (MSBs) and other FinCEN-regulated institutions undertaking transactions in what the agency calls “convertible virtual currency” (CVC).

Most notably, FinCEN strongly encourages US financial institutions that have information about CVC flows, including exchangers or administrators of CVC to: (1) be mindful of efforts to evade expanded US sanctions and export controls related to Russia and Belarus, summarized by Steptoe here; (2) submit Suspicious Activity Reports (SARs) as soon as possible regarding such conduct; (3) undertake appropriate risk-based due diligence of customers, and where required, enhanced due diligence; (4) voluntarily share information with other financial institutions consistent with Section 314(b) of the USA PATRIOT Act; and (5) consider using tools to identify assets that must be blocked or frozen under applicable sanctions.

Continue Reading What US Financial Institutions Need to Know about FinCEN’s Russian Sanctions Evasion and Ransomware Guidance

On November 1, 2021, the President’s Working Group on Financial Markets (PWG), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued a joint report that, among other things, calls on Congress to adopt legislation to enable federal oversight of stablecoin issuers, custodial wallet providers that hold stablecoins, and others (e.g., certain DeFi products, services, and arrangements related to stablecoins).

The report highlights the agencies’ views on risks related to consumer protection, payments and settlements, “runs” due to price fluctuations, illicit finance, and other perceived risks to the US financial system. Specifically, the report calls for legislation that would:

  • Require stablecoin issuers to operate as insured depository institutions subject to federal oversight at both the depository institution and holding company levels;
  • Subject custodial wallet providers holding stablecoins on behalf of users to federal oversight and empower federal supervisors to impose risk-management standards on “any entity that performs activities that are critical to the functioning of [a] stablecoin arrangement.”
  • Limit the ability of stablecoin issuers’ and custodial wallet providers that hold stablecoins to affiliate with commercial entities (e.g., non-financial companies with access to consumer data) to discourage the “concentration of economic power” or to use users’ transaction data and empower federal agencies to promote interoperability among stablecoins.

In the meantime, the report states that “federal financial agencies are committed to taking action to address risks falling within each agency’s jurisdiction,” including through existing investor and market protection measures. The report also calls on the Financial Stability Oversight Council to take steps which could include designating certain stablecoin activities as systemically important payment, clearing, and settlement activities, allowing for additional federal oversight.

According to the report, US federal agencies will continue to cooperate with international groups such as the Financial Action Task Force (FATF) to promote global standards for regulation of stablecoins.

Several days earlier, on October 28, 2021, the FATF issued  updated guidance on risk-based regulation of virtual assets and virtual asset service providers for anti-money laundering and counter-financing of terrorism purposes. The updated guidance affirms that stablecoins fall within the scope of the FATF recommendations, whether a country treats them as virtual assets or financial assets (e.g., securities) under national regulation.

For more information on how these developments could impact your company, contact a member of Steptoe’s Blockchain & Cryptocurrency practice.

The House Rules Committee recently released the latest version of HR 5376, the Build Back Better Act. This proposal would amend Internal Revenue Code section 1091 (“loss from wash sales of stock or securities”) to apply to a much broader range of assets, including foreign currency, commodities, and digital assets, in addition to stocks and securities. The legislation would also apply the wash sale rule to acquisitions of substantially identical assets by related parties, such as a spouse, dependent, corporation, partnership, trust, or estate which controls, or is controlled by the taxpayer, as well as certain types of accounts (including IRAs, health savings accounts, section 529 accounts, Coverdell education savings accounts, and qualified retirement plan accounts).

Click here to read the full client advisory.

On October 15, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anticipated Sanctions Compliance Guidance for the Virtual Currency Industry and updated two related Frequently Asked Questions (FAQs 559 and 646). OFAC has published industry-specific guidance for only a handful of other industries in the past two decades; the new guidance demonstrates the agency’s increasing focus on the virtual currency (VC) sector. It also clarifies US sanctions compliance practices in ways that could lay a foundation for future OFAC enforcement actions.

OFAC’s guidance was announced as part of broader US government enforcement priorities to combat ransomware, money laundering, and other financial crimes in the virtual currency sector, as noted in the Department of Justice’s recent announcement of a National Cryptocurrency Enforcement Team. The OFAC guidance was published in tandem with a Financial Crimes Enforcement Network (FinCEN) analysis of ransomware trends in suspicious activity reporting, but the guidance is directed at the VC industry in general and is not specific to ransomware. A ransomware actor who demands VC may or may not be a target of OFAC sanctions, and sanctioned actors may engage in a wide variety of VC transactions that do not involve ransomware. The recommended compliance practices in OFAC’s new guidance are focused on the full range of sanctions risks that arise from virtual currencies.

The guidance maintains OFAC’s longstanding recommendation for risk-based compliance programs, and builds on the May 2019 Framework for OFAC Compliance Commitments. The guidance also provides notable examples of compliance controls that are tailored to the unique risk and control environments of the VC sector.

Continue Reading OFAC Issues Compliance Guidance for the Virtual Currency Industry

On May 20, 2021, the U.S. Department of the Treasury (“Treasury”) released the American Families Plan Tax Compliance Agenda, a report detailing the Biden administration’s proposed measures to raise $700 billion in additional tax revenue over the next decade through the Internal Revenue Service (“IRS”) and its enforcement-related efforts (the “Report”).  Additional detail about these proposals will likely be available in Treasury’s “General Explanations of the Administration’s Fiscal Year 2022 Revenue Proposals,” the so-called Greenbook, which is expected to be released on May 28.

The Report finds that one of the best ways to increase the overall tax compliance rate is by increasing third-party reporting requirements.  The Report notes that, when income is subject to both third-party information reporting and withholding (such as wages), compliance is around 99%; when the income is subject to substantial information reporting but no withholding, compliance is around 95%; when the income is subject to limited information reporting, compliance is around 83%; but when income is not subject to information reporting (such as proprietorship or rental income), compliance drops to around 45%.[1]

The proposed new reporting regime would require two new filings related to cryptocurrency transactions.  In fact, the Report specifically states that the growth of virtual currency is a significant concern as it “already poses a significant detection problem by facilitating illegal activity broadly including tax evasion.”[2]

The first proposed new filing would build on the existing framework of IRS Form 1099-INT, which requires financial institutions to report interest income paid to U.S. persons in amounts of $10 or more, by expanding the reported data to include “gross inflows and outflows on all business and personal accounts from financial institutions, including bank, loan, and investment accounts . . . .”[3]  The Report further clarifies for purposes of this reporting regime, the term “account” includes those at “cryptoasset exchanges and custodians.”[4]

It is not clear how much this proposed new information reporting requirement will add.  The IRS is already working on regulations to implement an information reporting regime for cryptocurrency exchanges (and potentially other intermediaries) under its already-existing statutory authority to require information reporting by brokers.[5]  The financial account reporting in some ways seems narrower (in terms of the information that must be reported) than broker reporting, and in some ways (in terms of which intermediaries it applies to) potentially broader.

The second proposed new filing would expand the reporting of cash transactions[6] to include cryptocurrency transactions.  As such, businesses that accept cryptocurrencies would be required to report transactions that involve cryptoassets with a fair market value of more than $10,000.  Such a requirement might deter the use of cryptocurrency to make larger consumer purchases.  For example, if consumers use cryptocurrency to make large purchases (e.g., Overstock, Expedia, Christie’s), the transaction would be reported, but if they use a credit card, it wouldn’t.

If you have any questions about these proposals, please contact a member of Steptoe’s Blockchain & Cryptocurrency Group.

[1] The American Families Plan Tax Compliance Agenda, U.S. Dep’t of Treas., at 5 (May 2021), https://home.treasury.gov/system/files/136/The-American-Families-Plan-Tax-Compliance-Agenda.pdf (last visited May 21, 2021).

[2] Id. at 20-21.

[3] Id. at 19.

[4] Id.

[5] See I.R.C. § 6045.

[6] See IRS Form 8300, Report of Cash Payments Over $10,000 Received in a Trade or Business, available at: https://www.irs.gov/pub/irs-pdf/f8300.pdf.

On March 19, 2021, the Financial Action Task Force (FATF), the global anti-money laundering standards-setting body, released draft guidance to clarify and supplement its 2019 guidance on a Risk-Based-Approach (RBA) to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). While FATF’s guidance is not technically binding on member countries, it is broadly followed by such jurisdictions, in part to avoid inclusion on FATF’s lists of jurisdictions with deficiencies in their anti-money laundering (AML) and countering the financing of terrorism (CFT) regimes. For example, FATF’s recommendation that the so-called “travel rule” be applied to VASPs is being widely implemented by jurisdictions around the globe, although the pace of such implementation varies considerably. Therefore, the draft guidance, which incorporates a number of substantial changes and additions, may have a significant impact on industry going forward.

As described in a FATF press release, there are six main areas of focus for the draft guidance:

  1. “clarify the definitions of VA and VASP to make clear that these definitions are expansive and there should not be a case where a relevant financial asset is not covered by the FATF Standards (either as a VA or as a traditional financial asset);
  2. provide guidance on how the FATF Standards apply to so-called stablecoins;
  3. provide additional guidance on the risks and potential risk mitigants for peer-to-peer transactions;
  4. provide updated guidance on the licensing and registration of VASPs;
  5. provide additional guidance for the public and private sectors on the implementation of the ‘travel rule;’ and
  6. include Principles of Information-Sharing and Co-operation Amongst VASP Supervisors.”

Of particular note are the implications for decentralized exchanges (DEXs) and decentralized applications (DApps), peer-to-peer (P2P) transactions, and implementation of the travel rule.

Continue Reading FATF Releases Draft Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers

On February 18, 2021, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay). This civil settlement resolved apparent violations of multiple sanctions programs related to digital currency transactions, and is the second OFAC enforcement case brought against a business in the blockchain industry. This case follows OFAC’s December 2020 civil enforcement action against another blockchain industry company, BitGo, Inc. (BitGo), for alleged violations of multiple US sanctions programs related to digital currency transactions. See our prior blog post on the BitGo action here.

BitPay, based in Atlanta, Georgia, offers a payment processing solution for merchants to accept digital currency as payment for goods and services. The apparent sanctions violations relate to digital currency transactions on the BitPay platform between individuals located in Cuba, North Korea, Iran, Sudan, Syria, and the Crimea region of Ukraine (annexed by Russia) and merchants in the United States and elsewhere. OFAC acknowledged that BitPay screened its customers, the merchants, against US sanctions lists, but stated that BitPay had reason to know that purchasers dealing with the merchants were located in comprehensively sanctioned jurisdictions because the company had location information, including Internet Protocol (IP) address data, about those persons. This case was not voluntarily disclosed, but OFAC found that the violations were not egregious.

According to OFAC, BitPay allowed persons in comprehensively sanctioned jurisdictions to conduct approximately $129,000 worth of digital currency transactions with BitPay’s merchant customers. As described in OFAC’s enforcement release, between approximately June 10, 2013, and September 16, 2018, BitPay processed 2,102 transactions from individuals with IP addresses located in the sanctioned jurisdictions. The transactions related to BitPay’s payment processing service. BitPay allegedly received digital currency payments on behalf of its merchant customers from those merchants’ buyers, who were located in sanctioned jurisdictions. BitPay then converted the digital currency into fiat, and then relayed that currency to its merchant customers.

BitPay collected certain pieces of information on the buyers including the buyers’ name, address, email address, and, starting in November 2017, the buyer’s IP addresses. However, BitPay’s transaction review process did not appropriately analyze this location and identification information, resulting in persons located in the comprehensively sanctioned jurisdictions making purchases from US merchants.

OFAC has previously cited companies for violations based, at least in part, on a failure to implement IP geo-blocking in a number of non-blockchain contexts, including actions targeting Amazon, Toronto-Dominion Bank, and Standard Chartered Bank, and in the BitGo action noted above.

Pursuant to OFAC’s Enforcement Guidelines, OFAC identified two factors that it determined to be aggravating factors:

  • BitPay failed to exercise “due caution or care for its sanctions compliance obligations” by allowing persons in sanctioned jurisdictions to transact with BitPay’s merchants using digital currency for approximately five years, while BitPay allegedly had sufficient location information to screen those customers; and
  • BitPay conveyed $128,582.61 in economic benefit to individuals located in several sanctioned jurisdictions, thereby damaging the integrity of those sanctions programs.

However, OFAC also found a number of mitigating factors:

  • BitPay implemented certain sanctions compliance controls as early as 2013, including due diligence and sanctions screening efforts on its merchant customers, and formalized its sanctions compliance program in 2014;
  • BitPay provided employee training, including to senior management, that merchant sign-ups from Cuba, Iran, Syria, North Korea, and Crimea, as well as trade with sanctioned individuals and entities, were prohibited;
  • BitPay is a small business and had not received a penalty notice or Finding of Violation from OFAC in the previous five years from the date of the earliest apparent violation;
  • BitPay cooperated with OFAC’s investigation into the apparent violations and terminated the conduct that led to the violations; and
  • BitPay implemented a series of measures intended to minimize the risk of a recurrence of the conduct in question. The controls included blocking IP addresses that appear to originate in comprehensively sanctioned jurisdictions, checking physical and email addresses of merchants’ buyers to prevent completion of an invoice if BitPay identifies a sanctioned jurisdiction address or email domain associated with a sanctioned jurisdiction, and launching BitPay ID, a customer identification tool that is mandatory for merchants’ buyers who wish to pay a BitPay invoice of $3,000 or above.

The company could have faced a statutory maximum civil monetary penalty of $619,689,816, but the penalty was reduced to $507,375 in accordance with OFAC’s Enforcement Guidelines.

The enforcement release highlighted the importance of having an appropriate risk-based compliance program and emphasized that companies providing digital asset services should take steps to mitigate sanctions risks associated with such services. The agency’s Framework for OFAC Compliance Commitments lays out factors it looks for when reviewing such programs. With respect to sanctions screening, OFAC noted that this case “emphasizes the importance of screening all available information, including IP addresses and other location data of customers and counterparties, to mitigate sanctions risks in connection with digital currency services.” Taken together, OFAC’s recent actions against BitGo and BitPay suggest the agency is placing increased focused on the blockchain industry and that companies that have not adopted and implemented a robust OFAC compliance program may be at risk in future enforcement actions.

On January 1, 2021, the United States enacted the National Defense Authorization Act for Fiscal Year 2021 (NDAA) after the US House of Representatives and US Senate voted to override a presidential veto of the law. Included within the NDAA are a significant number of provisions related to anti-money laundering (AML) and countering the financing of terrorism (CFT), including provisions reforming the Bank Secrecy Act (BSA), a collection of statutes underpinning most of the current AML regulatory framework. These amendments, many of which have been under consideration for years, represent the most substantial AML-related reforms enacted since at least the USA PATRIOT Act of 2001. Below, we outline ten of the most significant AML provisions contained in the NDAA. Given the breadth of the reforms, it is particularly important for US “financial institutions” – including money services businesses (MSBs) and other non-traditional financial institutions subject to the BSA – to carefully review the Act to understand how their compliance obligations may have changed or may change in the future as the Act is implemented via regulation.

Continue Reading Ten Key Takeaways from the NDAA’s AML Reforms