Arizona has become the first state in the United States to enact a law to create a “Fintech Sandbox” – a safe zone for fintech startups to test new applications and financial services otherwise subject to state money transmitter, banking, and similar licensing requirements without having to obtain a state license. Although other countries, such as the United Kingdom, Singapore, and Australia, have created similar fintech sandboxes, similar legislation or regulations thus far have not been adopted in the United States at the federal or state level.

The Fintech Sandbox idea was promoted by the Arizona attorney general and will be administered by the Arizona Office of the Attorney General (AZ OAG). However, the Fintech Sandbox does not mean that fintech companies will be unregulated in Arizona. There will be a substantive application and oversight process.

Few topics in the financial news have gotten more attention recently than the rise of cryptocurrency and initial coin offerings (ICOs), which allow startups to raise money from users in exchange for digital currency. In 2017, ICOs raised more than $3 billion in funding, surpassing early-stage venture capital funding for internet companies, and solidifying ICOs as a financing strategy among tech entrepreneurs.

But with surging popularity comes increasing attention and scrutiny from regulators, most notably the US Securities and Exchange Commission (SEC or Commission). Previously, the SEC had adopted a more cautionary approach, advising potential investors to perform due diligence, and issuing trading suspensions for certain issuers that made questionable claims regarding ICO investments. As we have previously reported, however, the SEC has recently taken a more aggressive stance toward ICOs.

Less than a year after the Conference of State Bank Supervisors (CSBS) announced Vision 2020, an initiative to modernize state regulation for non-bank financial companies, the CSBS revealed plans to establish a standardized licensing practice for money services businesses. Seven states have agreed to a compact whereby all participating states accept the findings of one state that has reviewed money transmitter licensing requirements, including IT, cybersecurity, business plan, background check, and compliance with the Bank Secrecy Act. The states that have joined the compact include Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas, and Washington.

As we have been reporting, cryptocurrency, as an asset class, is currently taking the world financial markets by storm. Total market capitalization of cryptocurrency is estimated to be in the hundreds of billions of dollars and new initial coin offerings (ICOs) seem to crop up every other day, while the United States and other countries' governments have been left scrambling to figure out how to best regulate this new asset class and protect market participants and end users.

The US Securities and Exchange Commission (SEC) has been a leader in taking affirmative steps toward exercising some oversight of the fragmented cryptocurrency market. On January 18, the SEC’s Division of Investment Management published a staff letter detailing some of the Commission’s concerns about how cryptocurrency-related products will comply with the Investment Company Act of 1940, including specific issues relating to valuation, liquidity, custody, arbitrage, and potential manipulation.

Recent events in the cryptocurrency markets, including the wild swings in the trading prices of bitcoin, the growing incidence of initial coin offerings (ICOs) entailing the offer and sale of unregistered securities, and the launch of bitcoin futures trading, have encouraged the federal government to ratchet up its interest in virtual currencies. Not only have the Commodity Futures Trading Commission (CFTC) and the US Securities and Exchange Commission (SEC) made public announcements about virtual currencies and taken enforcement action against virtual currency companies or initial coin offerors in recent months, but Congress now is showing increased interest in bitcoin and other virtual currencies. A few very recent signals of heightened governmental interest in virtual currency are highlighted below:

  • The Senate Committee on Banking, Housing, and Urban Affairs (Senate Banking Committee) held two hearings in January during which virtual currencies were discussed in connection with strengthening anti-money laundering (AML) laws
  • Reports indicate that the Senate Banking Committee will hold a hearing in February to analyze the implications of cryptocurrencies. CFTC Chairman Christopher Giancarlo and SEC Chairman Jay Clayton will likely testify at the hearing
  • On January 19, Mr. Giancarlo called on the Futures and Derivatives Bar to “set the course for the future” of virtual currencies
  • In a January 22 speech, Mr. Clayton again cautioned market professionals and “gatekeepers” that they need to “do better” in their handling of ICOs, and said that the SEC staff will be on “high alert” for ICOs that may be “contrary to the spirit of our securities laws.”

The US District Court for the Southern District of New York (SDNY) has dismissed without prejudice the fintech charter lawsuit brought by New York Department of Financial Services (NYDFS) Superintendent Maria T. Vullo against the Office of the Comptroller of the Currency (OCC). As we have previously reported, in March 2017, the OCC issued draft guidelines for a special purpose national bank charter for financial technology companies, often referred to as the “fintech charter.” The NYDFS filed a lawsuit in May 2017 challenging the OCC’s authority under the National Bank Act to grant special purpose national charters to fintech companies.

The OCC moved to dismiss the lawsuit for lack of subject matter jurisdiction and failure to state a claim, arguing that the NYDFS lacked standing, the claims were not ripe for decision, and the claim regarding the OCC special purpose national bank regulations was time-barred. Further, the OCC argued there had been no final agency action for the SDNY to review under the US Administrative Procedures Act.

The rise of cryptocurrencies and initial coin offerings (ICOs) undoubtedly shows that we live in interesting times that regularly present us with new and innovative products, markets, and opportunities. When the words “new” and “innovative” come to mind, the federal government is usually not part of the conversation. But the US Securities and Exchange Commission (SEC) under Chairman Jay Clayton appears more than willing to challenge that stereotype and to use the SEC’s regulatory and enforcement authority to take on the complex legal and other issues arising from innovative ICOs and other cryptocurrency products. Throughout these efforts, the SEC’s message has been clear and consistent: it will apply established federal securities laws principles and use its regulatory authority over ICOs and other cryptocurrency products expansively when appropriate, and it expects “gatekeepers” to aid in that effort.

Recent SEC Enforcement Actions: Munchee and Plexcorps

Two SEC enforcement actions over the last few weeks represent just the latest attempt by the SEC to get its message across. Most recently, it announced on December 11 a settled enforcement action that halted an ICO by Munchee Inc., a California business that created an iPhone app for reviewing restaurant meals. In a remarkably quick action for the SEC, it brought the case just weeks after Munchee commenced its ICO. The SEC charged Munchee with violating Sections 5(a) and 5(c) of the Securities Act of 1933 (the Securities Act) by conducting an unregistered offering of securities, and is notable because the SEC did not allege that Munchee made any misrepresentations in connection with the offering. Bringing such a standalone unregistered offering case is unusual for the SEC and represents its intention to bring these cases quickly, even in the absence of fraud.

The Consumer Financial Protection Bureau (CFPB) has issued its first No-Action Letter under the final policy on No-Action Letters that it released in early 2016. The No-Action Letter was requested by and issued to Upstart Network, Inc., an online marketplace lending platform. Under the No-Action Letter, the CFPB states that it “has no present intention” to recommend an enforcement or supervisory action against Upstart with regard to its compliance with the Equal Credit Opportunity Act (ECOA) and its implementing regulation, Regulation B. Like many marketplace and other new online lenders, Upstart uses alternative lending criteria in its underwriting process in order to expand access to credit for borrowers who might not otherwise qualify for loans or can only qualify for loans with higher interest rates.

On July 25, the US Securities and Exchange Commission (SEC) issued a Report of Investigation (Report), along with a companion investor bulletin, telling the world that if you use distributed ledger (blockchain) to raise capital, you must comply with federal securities laws. Is this a surprising development? We believe not.

The subject of the Report is The DAO and its related parties and founders. The DAO is an unincorporated organization styled as a “decentralized autonomous organization,” a form of virtual organization that conducts its commercial activities on a distributed ledger. The Report describes The DAO as a for-profit business that creates and holds assets through the sale of virtual DAO tokens (Tokens) to investors in exchange for virtual currency. These assets were to be used to fund a variety of “projects” generally entailing the automation—through a blockchain—of corporate governance and decision-making mechanisms, either within or outside of a traditional corporate structure.

The Office of the Comptroller of the Currency (OCC) has released FAQs to supplement its 2013 guidance on risk management of third-party relationships. The FAQs specifically address bank relationships with fintech companies and marketplace lenders, relationships that were not necessarily an OCC focus when the 2013 guidance was issued.

As with its 2013 guidance, the FAQs focus on managing risk through a bank’s adequate due diligence and ongoing monitoring of third-party service providers such as fintech companies, and places ultimate responsibility for risk management with the bank’s management and board of directors. The FAQs recognize that the levels of due diligence and ongoing monitoring may differ based on the risk and complexity presented by specific third-party relationships.