The Situation: Regulators worldwide have taken varying approaches to define and shape the legal and regulatory landscape for digital assets. The United States has thus far largely relied on enforcement actions within its existing regulatory framework, and it has focused its attention on cryptocurrencies. The impact of U.S. enforcement ensnares people and organizations globally.
The Result: Regulatory gaps, the spectrum of approaches taken by global regulators, and the overlapping jurisdiction of enforcement agencies create a regulatory landscape that is complex and subject to constant change. Entities that have purposefully sought to avoid U.S. jurisdiction have nonetheless been subjected to U.S. enforcement action.
Looking Ahead: As the commercial prominence of digital assets increases, regulators will pay increasing attention to them. Market participants should expect an uptick in related enforcement actions, despite regulators' lack of clear or consistent messaging, and should glean what lessons they can from the United States' eight-year history of cryptocurrency-related enforcement actions to avoid some of the common pitfalls.
As the global digital asset industry continues to grow, regulators worldwide have increased efforts to define and shape the legal landscape through various approaches. In the UAE, for example, the Financial Services Regulatory Authority issued guidance in 2018 on regulating cryptoasset activities in the Abu Dhabi Global Market, and the Dubai Financial Services Authority announced in its 2021–2022 business plan that it would develop a regulatory regime for digital assets (including cryptocurrencies) in the Dubai International Financial Center. In 2019, Singapore passed the Payment Services Act, which brings "digital payment token services" (also called "cryptocurrency dealing or exchange services") under the regulation of the Monetary Authority of Singapore. In 2020, the European Union proposed a regulation on Markets in Crypto-Assets, which seeks to create a regulatory framework for cryptocurrency, among other things. And just last month, China declared all cryptocurrency transactions illegal.
The United States has thus far used enforcement actions under existing regulatory frameworks to address digital assets. Proponents of this approach argue that existing U.S. laws are already broad and clear enough to capture many digital assets. For example, under the U.S. Supreme Court case S.E.C. v. W.J. Howey Co., the term "security" includes an "investment contract" component, which exists if there is "[a] scheme involv[ing] an investment of money in a common enterprise with profits to come solely from the efforts of others." Proponents argue this definition is broad enough to encompass many digital assets. Others argue that U.S. law is ill-suited to regulate the developing digital asset marketplace, and that legal gap-filling through legislation-by-enforcement does not set clear expectations on the front end.
Irrespective of the spectrum of approaches, it is not always easy to predict which regulator or regulators will assert their enforcement powers. In the United States, the SEC, which enforces federal securities laws, has been the most active U.S. regulator in bringing digital asset-related enforcement actions. But other U.S. enforcement agencies have also been active in this regard, including the U.S. Commodity Futures Trading Commission ("CFTC"), the U.S. Department of the Treasury's Financial Crimes Enforcement Network ("FinCEN"), and the U.S. Department of Justice ("DOJ"), which involves itself when enforcement matters are alleged to be criminal violations of federal law.
As evidenced by its enforcement action against Ripple Labs, Inc. ("Ripple"), discussed in more detail below, the SEC is particularly unapologetic about its lack of front-end clarity regarding cryptocurrency regulation. Recent letters between SEC Chair Gary Gensler and members of the U.S. Congress further demonstrate the SEC's awareness that current rules do not lead to a clear application of law for cryptocurrency and that there is a need to legislate a solution to fill in regulatory gaps. Indeed, Gensler has recently analogized the cryptocurrency market to the "Wild West," calling for increased regulatory and enforcement scrutiny. Yet it is unclear whether the United States' current practice of rule-making-through-enforcement will continue. U.S. regulators are expected to launch reports on the digital asset market, with proposed rules likely to follow on their heels. The role of future enforcement efforts may evolve if a more proactive regulatory regime begins to take shape.
Given the uncertainty created by the overlapping jurisdiction of enforcement agencies that define the regulatory landscape, market participants should glean what lessons they can from the cryptocurrency-related enforcement actions initiated within the eight years since the SEC's first such action. This Commentary therefore offers five lessons based on recent digital asset-related U.S. enforcement actions. For market participants in the MENA region, these lessons may be particularly pertinent given: (i) the potential extraterritorial reach of certain U.S. regulators (read our recent Jones Day Commentary on this topic); and (ii) regional legislators may take cues from the United States' approach as the local regulatory landscape develops.
Lesson #1: The SEC May Well Consider Your Digital Asset a Security
While the SEC has previously determined that Bitcoin is a cryptocurrency, some of its more recent actions make clear that the SEC applies securities registration requirements to certain other digital assets. In 2017, the SEC issued a report on its investigation of the DAO, a "decentralized autonomous organization" or "virtual" organization embodied in computer code and executed on a distributed ledger or blockchain. The SEC concluded that "DAO Tokens"—the DAO's cryptocurrency offering—were "investment contracts," and therefore securities, pursuant to Howey. The SEC noted that, unless an exemption applies, securities registration requirements apply to every entity that offers or sell securities in the United States, regardless of whether it is decentralized or relies on the automation of certain functions through a distributed ledger or blockchain.
The SEC has, perhaps most notably, demonstrated its willingness to define cryptocurrencies as securities rather than currencies in its ongoing enforcement action against Ripple. Despite vigorous counterargument by Ripple, the SEC has argued extensively that XRP—Ripple's digital asset offering—was not currency because it did not qualify as "currency" under the federal securities laws, had not been designated as legal tender in any jurisdiction, and was never offered or sold by Ripple as "currency." Rather, the SEC argued, XRP was an "investment contract," and thus a security, under Howey.
Alternatively, other U.S. regulators may consider a digital asset to be subject to their jurisdiction. In 2020, the CFTC brought an enforcement action against a trading platform offering derivatives on certain digital assets. The CFTC claimed that the platform was subject to CFTC jurisdiction because those digital assets are "commodities" under federal statute. The CFTC also charged the platform with failing to register as a futures commission merchant ("FCM") and violating CFTC regulations requiring FCMs to comply with federal anti-money laundering and know-your-customer obligations. The platform's alleged violations led to charges by FinCEN and the DOJ as well.
Lesson #2: Regulators Will Continue Pursuing Digital Asset-Related Enforcement Actions Despite Lacking Consistent Messaging
U.S. regulators have been vigorously pursuing digital asset-related enforcement actions despite lacking consistent guidance. For example, a pillar of Ripple's defense is the lack of contemporaneous, clear guidance from the SEC concerning when digital assets constitute securities. The SEC has responded that it was not required to issue clear guidance on this issue before suing Ripple, and that in any event its report on the DAO placed Ripple on notice that XRP was a security. Ripple began selling XRP in 2013, and the SEC's report on the DAO was not issued until 2017. Thus, even if its report on the DAO created notice, the SEC is enforcing for conduct that predates the report.
The SEC is not the only U.S. regulator vigorously pursuing digital asset-related enforcement actions despite lacking consistent guidance. In 2020, the CFTC issued a final rule that, among others things, adopted a new definition of "U.S. Person" that is narrower in scope and eliminates certain look-through requirements for collective investment vehicles. However, the CFTC charged the above-mentioned derivatives trading platform even though its parent company was organized in the Seychelles and it had policies to prevent U.S. residents from trading. These charges demonstrate the CFTC's conviction that derivatives are subject to CFTC enforcement, even if the platform on which they are traded is operated from outside the United States and ostensibly takes measures to exclude U.S. residents.
Lesson #3: Act Consistently With Your Disclosures
The SEC has been using enforcement actions to target trading platforms that make materially false and misleading statements about their business. For example, this year, the SEC charged DeFi Money Market ("DMM"), a platform that exchanged investors' Ether for redeemable tokens. DMM told investors that it would use their Ether to purchase and own collateralized loans generating a certain minimum interest, which investors could redeem based on the amount of their principal. DMM, however, did not actually own these loans—a corporate affiliate did. While investors ultimately did not suffer any loss and were paid their promised interest, the SEC sued DMM anyway, premised largely on the allegation that DMM did not act consistently with what it represented.
Also this year, the SEC charged BitConnect, a cryptocurrency lending platform, with defrauding retail investors through an unregistered offering. To attract investors, BitConnect represented that it would deploy a "trading bot" that would use investor funds to generate returns of as high as 40% a month. It also represented that investors could trade "BitConnect Coin" ("BCC") for Bitcoin (and vice versa) on the "BitConnect Exchange" through peer-to-peer transactions. In reality, BitConnect siphoned off investors' money for its own benefit, engaged in a Ponzi scheme with investors' funds, and retained custody of most BCC tokens traded on its exchange. BitConnect also failed to tell investors that it had two types of commission for promoters, both of which were paid from investor funds. The SEC thus charged BitConnect for both alleged unfulfilled promises and alleged omissions of material information.
Lesson #4: Be Transparent and Realistic About Commercial Risks Associated With Digital Assets
U.S. regulators generally consider it incumbent upon participants to assess and disclose commercial risks to investors. For example, in its action against BitConnect, the SEC alleged that BitConnect advertised extraordinary returns through its "Lending Program" of up to 2% daily, with no negative returns for any day, and an average daily return of approximately 1%, or approximately 3700% on an annualized basis.
Similarly, in its case against DMM, the SEC alleged that DMM did not account for or disclose risks that fluctuations in the tokens' principal (Ether) would be realized as gains or losses when the tokens were redeemed. Instead, DMM used new investments to, among other things, offset the redemptions, rather than buying new collateralized assets as represented to investors.
Lesson #5: Mind Your Geography
The SEC has increasingly been willing to conduct digital asset-related enforcement actions against companies and persons with non-U.S. bases of operation and focus, even if they enact measures against selling products to U.S. residents. In the case of DMM, a Cayman Islands company, DMM's website was used to advertise DMM's initial coin offering ("ICO"), but the website was publicly available and not geographically restricted. DMM also expressly invited U.S. residents to participate in the first stage of the ICO. It attempted to limit the second stage of the ICO to non-U.S. residents by using an IP blocker, but that failed to work.
Likewise, BitConnect was an unincorporated organization that registered several companies in the United Kingdom, and its founder was an Indian national. To support jurisdiction, the SEC's complaint referenced the acts of BitConnect's worldwide network of promoters and their activities in the United States, which included soliciting new accounts from U.S. residents via social media and BitConnect's sponsoring of promotional events in the United States.
In the case of the above-referenced derivatives trading platform, the platform's parent company was registered in the Seychelles and the platform enacted measures—albeit ineffective—to prevent doing business with U.S. residents. One of the platform's cofounders was a U.K. citizen and Hong Kong resident, indicating the CFTC's, FinCEN's, and the DOJ's willingness to prosecute foreign nationals whose businesses engage with U.S. residents. These regulators cite several instances where the platform's cofounders sought to circumvent U.S. regulations, including by organizing the platform's parent company in the Seychelles where it was allegedly easier to bribe regulators, asking U.S.-based trading firms to incorporate offshore entities to open trading accounts on the platform, and lying in depositions about tracking the platform's activities within the United States.
Three Key Takeaways
- While it is difficult to predict whether local legislators and regulators will adopt the U.S. regulators' approaches to digital assets, market participants in MENA should engage with their advisors and regulators from an early stage to ensure they have—or at least can demonstrate that they sought to obtain—the appropriate level of guidance regarding the requirements applicable to their digital assets.
- Until more consistent messaging evolves and is issued by the U.S. and global regulators, those operating in MENA should be cognizant of both local regulatory regimes as well as any international laws and regulations that may have extraterritorial effect on their enterprise.
- If MENA-based market participants make inaccurate disclosures in connection with digital assets, whether by misleading statement or omission, they expose themselves to enforcement risk, even if investors do not actually suffer a loss.