Crypto Companies Continue to Press Their Luck and Get Whammied
Some big news for crypto platforms this month with Sam Bankman-Fried's conviction, the SEC litigation against Kraken, and the Binace settlement. Mr. Bankman-Fried was convicted of seven fraud and conspiracy-related counts early in the month. He won't be sentenced until March 2024, but he could be looking at as much as 100 years. Mr. Bankman-Fried's second trial, this time for bribery and bank fraud, is scheduled for the same month as his sentencing.
The SEC charged Kraken earlier this month for "operating as an unregistered securities exchange broker, dealer, and clearing agency." The SEC alleges Kraken made hundreds of millions of dollars facilitating crypto transactions intertwining "traditional services of an exchange, broker, dealer, and clearing agency" without registering as such with the SEC. The commission also claims Kraken's business practices, internal controls, and recordkeeping present risk for customers. Kraken refutes the SEC's allegations and responded on its blog it intends to "vigorously defend its position" and the SEC's licensure argument "is incorrect as a matter of law, false as a matter of fact, and disastrous as a matter of policy." Kraken accurately notes the SEC has "promulgated no rule describing how an order in a digital asset should be matched, no guidance on how a trade should be cleared, and articulated no standards for how to broker a digital asset transaction". In short, Kraken argues "the SEC is demanding compliance with a regime that doesn’t exist."
Then, just before Thanksgiving, we learned Binance CEO Chanpeng Zhao pleaded guilty to felony money laundering charges and Binance agreed to pay just over $4 billion to settle with the Department of Justice, Commodity Futures Trading Commission, and Treasury Department. For additional background on Mr. Zhao and Binance matters, see our earlier reporting of SEC charges against Mr. Zhao and the FTC suit against Binance for offering crypto derivatives without registering as a futures commodity merchant.
Didn’t we all love watching Press Your Luck? The star of the show was the Whammy! Contestants would spin and plead, “No Whammy, no Whammy, no Whammy,” only to land on a Whammy. The look of surprise and disgust was palpable as their earnings disappeared and the Whammy made a snide comment. It was a true crapshoot. The contestant was at the whim of the spin; keep spinning, keep risking. Any appeal to the host or attempt at strategic gameplay was useless. Certain federal regulators seem to have adopted the Press-Your-Luck approach to crypto regulation. There are crypto contestants deserving of the Whammy (looking at you Messrs. Bankman-Fried and Zhao), but many are trying to play the game by the rules and want to have a reasonable expectation to keep their winnings. Their pleas for “no Whammy” or for assistance from the host are received the same as gameshow contestants’—it’s the luck of the spin.
The FTC filed a complaint for permanent injunction against Brigit charging violations of the FTC Act and the Restore Online Shoppers' Confidence Act. The FTC alleges the personal finance app provider made deceptive statements that consumers could obtain "instant" cash advances of up to $250 and locked them into un-cancelable memberships.
Brigit offers consumers two membership plans: a free membership offering alerts to consumers when they had low account balances and a "plus" membership promising consumers short-term cash advances for $9.99/month. The FTC asserts only one percent of consumers with the "plus" membership were able to receive cash advances. Consumers were allegedly also unable to cancel their memberships easily or stop recurring monthly charges. The FTC argues Brigit intentionally used "dark patterns" to confuse and divert consumers in the cancellation process, prohibited members with outstanding advances from canceling, and made consumers continue to pay for memberships until they paid down balances.
The FTC's proposed settlement order requires Brigit to pay $18 million in consumer refunds and prohibits it from misleading consumers in the future. Brigit must also make clear disclosures about its products and provide a simpler mechanism for consumers interested in canceling their membership plan.
As a provider, always be upfront with your customers about your product and the services you provide. Display your prices clearly, just like Bob Barker and Drew Carrey would do. False hope is okay where the Showcase Showdown is concerned, but not in your marketing materials. Sending consumers bouncing around a call center like a Plinko chip in order to cancel services will raise some red flags. If your cancellation process is harder to complete than winning the dice game, you should really reconsider.
Big Tech Payment Apps in Jeopardy from New CFPB Proposed Rule
The CFPB issued a proposed rule early in the month that would permit the agency to supervise large nonbank companies offering digital payment applications and wallets (e.g., Zelle, Venmo, Cash App, etc.). The rulemaking targets "Big Tech" payments providers that may not be currently subject to CFPB supervision. The proposed rule would allow the agency to supervise nonbank payments companies providing at least 5 million consumer payment transactions per year. The CFPB expects this to result in supervision of approximately 17 companies. (Bonus points for any readers who can name all 17!) If finalized, the rule will cover providers who allow both peer-to-peer fund transfers as well as certain transfers of cryptocurrency. Comments on the proposed rule must be submitted by January 8. Assuming the proposed rule is finalized by the middle of next year, the CFPB could begin examining nonbank payments providers shortly thereafter.
Let’s start with “CFPB’s Crusade Against Big Tech” for $500, Alex. While peer-to-peer payment applications have been available for many years, their use and popularity significantly increased during the COVID-19 pandemic when contactless payment became expected. There was a notable uptick in fraud through these nonbank payment apps, causing significant and wide-spread harm to consumers. Under the proposed rule, the CFPB would begin examining these nonbank entities just like it does banks, mortgage and payday lenders, and larger participants in other industries. Given the CFPB’s increased focus on preventing fraud involving nonbank entities, we are expecting this rule to be finalized largely as proposed although we hope the CFPB clarifies some of the definitional ambiguities. For the current CFPB, the answer seems to be “Big Tech,” no matter what question is asked.
In the proposed rule, the CFPB creates definitions of several important concepts that are not currently defined in other federal consumer financial statutes or regulations, including “consumer payment transaction,” “funds transfer functionality,” “wallet functionality,” and “digital application.” It also proposes to clarify that virtual currencies are “funds” under the CFPA, the first time that the CFPB has explicitly stated it has authority over virtual currencies. While the proposed rule would only apply to nonbanks, the CFPB could use these definitions in future rulemakings and enforcement actions.
White House to Agencies on Artificial Intelligence: "Let's Make a Deal"
On October 30, 2023, the White House issued an Executive Order on Artificial Intelligence. The executive order acknowledges AI has the potential to benefit and transform society, but poses significant risks, such as spreading misinformation, bias and discrimination, privacy concerns, and intellectual property concerns (wait, so that Gary Busey clip is a deepfake?!!!). The Executive Order is lengthy, and delegates tasks to various agencies in the coming months and years. The EO has tasked agencies with developing standards including establishing transparency into the safety testing process for AI; setting standards for AI safety; addressing discrimination and bias in AI decision-making; increasing efforts to more easily allow immigration to the U.S. for people with AI skillsets; ensuring we study and understand how AI is impacting American workers; and fostering open competition in the AI marketplace.
A few key takeaways from the executive order:
Following this Executive Order will require cooperation between multiple agencies and ultimately between those agencies and regulated entities. It will be interesting to see how these mandates are supported with appropriately skilled staff. We hope everyone involved has been watching Let’s Make a Deal to hone their negotiation skills. Businesses must collaborate between cross-functional stakeholders. Just as the executive order assigns responsibilities to the CFPB, HHS, DHS, and others, businesses must consult relevant SMEs to develop principles and guidelines for implementing AI tools.
Staff need to be trained on AI principles and guidelines. Training should include, at minimum, key terminology and functionality of AI, the basics of the tool’s use and limitations, and each employee’s role and responsibilities. Businesses should perform an appropriate risk assessment before developing and deploying AI. The format and specific content have not been defined, but businesses using AI in high-risk fields like healthcare and financial services will see guidance in the coming months based on the executive order. Until that guidance is issued, businesses should leverage existing resources to develop a preliminary risk assessment process.
New Rules, Same Game: OCC Issues Revised TCPA Interagency Examination Procedures
On November 1, the OCC published updated interagency examination procedures for compliance with the Telephone Consumer Protection Act (TCPA). The OCC rescinded the "Telephone Consumer Protection Act and Junk Fax Protection Act" chapter of its handbook in favor of updated interagency procedures. The stated purpose of the revised interagency procedures is to align them with recent changes to TCPA, which became effective in 2021. The updated interagency procedures govern: (1) how customers can revoke consent; (2) special exemptions for automated calls/texts for fraud alerts; and (3) applicable safe harbors for institutions who check the FCC's reassigned number database before placing a call.
To qualify for the safe harbor provision, financial institutions must scrub their call lists against the FCC's reassigned number database. But scrubbing against the database is not required by the updated procedures or by the TCPA.
Remember when Hasbro formally changed the rules for Monopoly to incorporate a free-parking rule that everyone was already playing by anyway? That’s basically what happened here. Everyone already knew that if you’re going to be placing outbound autodialed or prerecorded calls or text messages, you have to comply with the TCPA. And the fraud alert exception and safe harbor provision have been around for years. What is news worthy is that the OCC adopted the interagency guidance, suggesting the OCC may start cracking down on TCPA compliance. This follows a general trend in recent TCPA crackdowns by the FCC and FTC. The key takeaway for financial institutions engaging in telemarketing is that you can expect regulators to be taking a closer look at your TCPA compliance.
And Now for Something Completely Different: FCC Approves Rules Targeting SIM Card Fraud
The FCC adopted new rules on November 15 geared toward preventing SIM card fraud. For context, an increasing fraud scheme involves targeting consumer cell phones to get access to consumers' financial information and accounts. Under these scams, the bad actor fraudulently transfers the SIM card from a cell phone in a consumer's possession to a cell phone belonging to the bad actor. This allows the bad actor to access multifactor authentication calls or text messages, in turn allowing the bad actor to reset a consumer's passwords and gain access to the consumer's financial accounts. The new rules modify the FCC's Customer Proprietary Network Information and Local Number Portability rules. The modifications include requiring wireless service providers to adopt methods for securely authenticating a customer prior to processing a request to transfer a phone number and to immediately notify customers whenever a SIM swap or port out request is made on an account. Wireless providers are also required to keep records of all SIM card change requests and the authentication measures used to confirm the request.
This is not our typical Explainer Things update and it may feel like a game of “which of these things is not like the other.” But we did think it was important to include because it highlights another type of consumer fraud impacting consumer financial accounts. Fraudsters are using these SIM card schemes to gain access to consumer accounts, allowing the bad actor to engage in unauthorized electronic funds transfers, as well as target consumers’ cryptocurrency accounts. To avoid potential liability, financial institutions should be on the lookout for these types of scams before processing electronic funds transfer requests or investigating allegations of unauthorized transfers.
