On October 14, Superintendent Lawsky delivered remarks on virtual currency and Bitcoin regulation in New York City. Specifically, Lawsky addressed the comments received in connection with the DFS’s July 17 proposal to establish a licensing regime for virtual currency businesses. Lawsky clarified the following five areas of concern: (i) who will be required to obtain a BitLicense; (ii) which type of license, money transmitter and/or virtual currency, a business will be required to obtain, confirming that, if both are required, the application process will be streamlined; (iii) the requirements that banks providing virtual currency services will need to comply with; (iv) the regulation of mining when a miner engages in virtual currency services; and (v) the “compliance costs of regulation on new or fledging virtual currency enterprises.” Noting that the DFS hopes that companies will work with the DFS as opposed to “run[ning] from regulation,” Lawsky emphasized the significance of appropriate regulation as it pertains to safeguarding customers’ money at financial companies.
On October 28, the Federal Reserve announced its final rule to amend Regulation HH, standards for financial market utilities (FMUs) that have been designated as systemically important by the FSOC. The new rule will implement a common set of risk-management standards for all designated FMUs and revise certain definitions. Further, the Fed also announced final revisions to part 1 of its Federal Reserve Policy on Payment System Risk. The final rule and revisions to the policy are based on the Principles for Financial Market Infrastructures, which were developed jointly by the Committee on Payment and Settlement Systems and the International Organization of Securities Commissions. Specifically, the amendments and revisions will establish (i) separate standards to address credit risk and liquidity risk; (ii) new plans for recovery and orderly wind-down; (iii) new standards on general business risk and on tiered participation arrangements; and (iv) increased requirements on transparency and disclosure. The final rule will be effective on December 31, 2014. FMUs have until December 31, 2015 to comply with specific additional requirements set forth in therule.
Eastern District Court Of Texas Enjoins Bitcoin Investment Scheme And Orders Founder To Pay Civil Penalty
On September 18, the U.S. District Court for the Eastern District of Texas held that the defendant’s bitcoin investment program was a Ponzi scheme, and enjoined the founder and the investment program from violating Section 10(b) of the Securities Exchange Act of 1934 and Sections 5 and 17(a) of the Securities Act of 1933. S.E.C. v. Shavers, No. 4:13-CV-416 (E.D. Tex. Sep. 18, 2014). The court ruled that the founder knowingly and intentionally operated the bitcoin investment program as a sham and Ponzi scheme by repeatedly making misrepresentations, both to investors and potential investors alike, concerning: (i) the use of their bitcoins; (ii) how he planned to generate the promised returns; and (iii) the safety of the investments. The founder used new bitcoins received from investors to make payments on outstanding bitcoin investments, and diverted investors’ bitcoins for his own personal use. The court granted Plaintiff’s uncontested motion for summary judgment or, in the alternative, for default judgment, and, in addition to the injunctions, ordered Defendants jointly and severally liable for disgorgement of approximately $40 million in profits, and ordered each Defendant to pay civil penalties in the amount of $150,000.
FinCEN Rules Regulations on Money Services Businesses Do Not Apply to ISOs and Exempt Payment Processors
On August 27, FinCEN issued FIN-2014-R009, an administrative ruling clarifying that Independent Sales Organizations (“ISOs”) and exempt payment processors are not money transmitters subject to Bank Secrecy Act (“BSA”) regulations applicable to Money Services Businesses (“MSBs”). Under BSA MSB regulations, the term “money transmitter” applies to any person that provides money transmission services or otherwise engages in the transfer of funds. The term “money transmission services” includes the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means. Applying these standards, FinCEN determined that BSA MSB regulations do not apply to an ISO, so long as it: (i) merely solicits merchants to offer them the credit and debit card processing services of two counterparties; and (ii) does not take possession or control of merchant funds at any point. However, FinCEN concluded that BSA MSB regulations will apply to a payment processor unless the payment processor qualifies for the payment processor exemption established by 31 CFR § 1010.100(ff)(5)(ii)(B) and clarified by FIN-2013-R002. Under this exemption, BSA MSB regulations do not apply to a payment processor, so long as it: (i) facilitates the purchase of goods or services, or the payment of bills for goods or services (other than money transmission itself); (ii) operates through clearance and settlement systems that admit only BSA-regulated financial institutions; (iii) provides its services pursuant to a formal agreement; and (iv) the agreement itself is at a minimum with the seller or creditor that provides the goods or services and receives the funds. For a copy of the ruling, please see: Application of Money Services Business Regulations to a Company Acting as an Independent Sales Organization and Payment Processor.
This week, the New York DFS announced the extension of the comment period on its proposal to create a regulatory licensing framework for virtual currency companies, including a so-called BitLicense. Given the “significant amount of public interest in and commentary on” the proposal, the DFS doubled the length of the comment period from 45 to 90 days. Comments are now due by October 21, 2014. Further information about the proposal and related issues is available here.
On August 11, the Consumer Financial Protection Bureau (the CFPB or Bureau) issued a “consumer advisory” concerning virtual currency and also announced that it would begin accepting consumer complaints about virtual currency or virtual currency companies. These actions are the consumer agency’s first foray into virtual currencies, and they follow a recent GAO report that recommended the CFPB play a larger role in the development of federal virtual currency policy. Read more…
On July 17, the New York Department of Financial Services (NYDFS) proposed a rule intended to govern the virtual currency marketplace. The proposed rule is extremely broad and as currently drafted would appear to capture products provided by traditional brick and mortar banks and other regulated financial institutions. For example, as proposed, the rule could regulate:
- Reward programs, “thank you” offers, or digital coupons that offer cash back or statement credits;
- Generated numbers that access cash;
- Prepaid access and other cards that will allow customers to receive cash, including those customarily exempt such as government funded transfers;
- P2P transfers; and
- Wallet providers where the customer can access cash.
If left unaddressed, these apparent unintended consequences could create a confusing regulatory environment for certain bank and card products. It is also noteworthy that the rule does not provide any customary exclusions for chartered entities, raising substantial preemption questions. Read more…
BuckleySandler Webinar Recap: Top 10 Things You Need to Know About the New York BitLicense Proposed Rule
On August 6, BuckleySandler hosted a webinar, Top 10 Things You Need to Know about the New York BitLicense Proposed Rule. Michael Zeldin, Special Counsel at BuckleySandler, moderated the panel, which featured presentations by Partner Margo H. K. Tank and Counsel Amy Davine Kim of BuckleySandler’s Digital Commerce and Payments Group.
Overall, our presenters agreed that the regulatory framework proposed by the New York Department of Financial Services (DFS) would establish a different and more difficult standard for the virtual currency industry than for the traditional money transmitter industry. The rigorous data security, consumer protection, and anti-money laundering provisions may unintentionally operate as a high barrier to entry into the virtual currency industry while favoring established companies with experience and resources to handle these issues. Our presenters also offered specific areas of improvement and clarification for organizations to take into account when drafting comments on the proposal.
The following provides a more detailed summary of the discussion: Read more…
On August 1, the FTC released a staff report on the agency’s review of shopping apps—those used for comparison shopping, to collect and redeem deals and discounts, and to complete in-store purchases. The FTC staff examined information available to consumers before they download the software onto their mobile devices—specifically, information describing how apps that enable consumers to make purchases dealt with fraudulent or unauthorized transactions, billing errors, or other payment-related disputes. The staff also assessed information on how the apps handled consumer data. The FTC staff determined that the apps studied “often failed to provide pre-download information on issues that are important to consumers.” For example, according to the report, few of the in-store purchase apps provided any information prior to download explaining consumers’ liability or describing the app’s process for handling payment-related disputes. In addition, according to the FTC, most linked privacy policies “used vague language that reserved broad rights to collect, use, and share consumer data, making it difficult for readers to understand how the apps actually used consumer data or to compare the apps’ data practices.” The FTC staff recommends that companies that provide mobile shopping apps to consumers: (i) disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions; (ii) clearly describe how they collect, use, and share consumer data; and (iii) ensure that their strong data security promises translate into strong data security practices. The report also includes recommended practices for consumers.
On August 1, the U.S. Senate passed by unanimous consent H.R. 4386, which will permit FinCEN, in fulfilling its responsibility to supervise registered money services businesses (MSBs), to rely on state agency examinations of MSBs. The bill also covers other non-bank financial institutions such as gaming establishments and jewel merchants. The bill passed the House by voice vote in May. The President, who sought this authority for FinCEN in budget requests, is expected to sign the bill.
On August 7, the PCI Security Standards Council (PCI SSC), the open global forum responsible for setting payment security standards, published an information supplement titled “Third-Party Security Assurance Guidance,” which is designed to help organizations and their business partners reduce payment data risk from third-party operations. In November 2013, the PCI SSC updated two data security standards. The first, PCI DSS, applies to entities involved in payment card processing—merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data, and the second, PA DSS, applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. The new guidance supplements certain PCI DSS requirements related to when a merchant or entity shares cardholder data with a third-party service provider. Specifically, the supplemental guidance provides “practical recommendations” on how to: (i) conduct due diligence and risk assessment when engaging third-party service providers; (ii) implement a consistent process for engaging third-parties; (iii) develop appropriate agreements, policies, and procedures with third-party service providers; and (iv) implement a process for maintaining and managing third-party relationships through the lifetime of the engagement.
On August 6, in remarks at a financial technology conference, the UK’s Chancellor of the Exchequer, George Osborne, outlined the UK government’s plans for the UK to become a world leader in financial innovation and financial technology. Mr. Osborne noted the UK’s science and technology resources and its history of leading the way in financial innovation. He called for new means of banking and payments for consumers and businesses that go beyond just viewing statements online and that “bypass traditional banks altogether, and lend money directly – through peer-to-peer platforms.” Mr. Osborne believes that “with the right backing from government,” London can become “the Fin Tech capital of the world.” To that end, he detailed the government’s plans to support financial innovation, including by: (i) establishing an appropriate tax regime for the industry; (ii) committing funds for government investment programs; (iii) establishing a favorable regulatory regime; (iv) creating a new partnership between Innovate Finance and the British Business Bank to champion financial innovation and technology; and (v) launching a “major program of work exploring the potential of virtual currencies and digital money.” For example, as part of the regulatory changes, Mr. Osborne described several pieces of legislation, including those that will: (i) require the large UK banks to “pass on information on small businesses they reject for loans, so that FinTech Companies and alternative lenders can step in and offer finance instead”; and (ii) allow consumers to use their smart phones to pay in checks.
The New York Department of Financial Services riveted the attention of the virtual currency world (and just about everyone else involved with digital financial services), with its July 17 proposal to issue licenses for Virtual Currency Business Activities. The so-called BitLicense proposal features broad coverage; open ended capital and bonding requirements; personal investigation of founders, investors and even employees; and prior regulatory approval of new products and activities.
These and other aspects of BitLicensing beg the question: will licensing protect the public and investors? Or just drive Bitcoin participants out? (If they leave, they may find roadblocks elsewhere; days before New York’s announcement, France’s Ministry for the Economy and Finance, for example, proposed regulating Bitcoin.) Opportunistic locales for virtual currency operators are already being identified, such as the Isle of Man, a self-governing British Crown Dependency, whose Financial Supervision Commission says it is “not the appropriate time” to introduce a regulatory regime, while warning there is no consumer protection in the digital currency market. Think about this: Tiny Delaware is a corporate legal haven, Switzerland created an international bank haven, and a virtual currency haven may be next. Regulatory exercises like New York’s could advance that option. Read more…
Recently, the Federal Reserve Board released two payments-related reports: (i) a report to Congress on government-administered general use prepaid cards; and (ii) a detailed report on the Federal Reserve’s 2013 payments study. The report on government-administered prepaid cards analyzes the $502 million in fee revenue collected by issuers in 2013, a majority of which was attributable to interchange fees. For consumer-related fees, the report indicates such fees derived primarily from ATM-related charges. The second report details findings from the 2013 Federal Reserve Payments Study, the fifth in a series of triennial studies conducted by the Federal Reserve System to comprehensively estimate and study aggregate trends in noncash payments in the United States. The paper expands on the 2013 summary findings originally published last December, and includes, among many other things, the following new findings: (i) credit cards are more prevalent than other general-purpose card types; (ii) among general-purpose cards with purchase activity in 2012, consumers preferred debit cards, with an average use of 23 payments per month, compared with an average of 11 payments per month for general-purpose credit cards and 10 payments per month for general-purpose prepaid cards; (iii) although the number of ATM cash withdrawals using debit cards and general-purpose prepaid cards dropped slightly, growth in the value of ATM withdrawals continued to exceed inflation; (iv) the number of online bill payments reported by major processors, which included those initiated through online banking websites and directly through billers and settled over ACH, exceeded three billion in 2012; and (v) there were more than 250 million mobile payments made using a mobile wallet application, and at least 205 million person-to-person or money transfer payments.
On July 18, FinCEN published SAR Stats—formerly called By the Numbers—an annual compilation of numerical data gathered from the Suspicious Activity Reports (SARs) filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. Among other things, the new form and process were designed to allow FinCEN to collect more detailed information on types of suspicious activity. As such, FinCEN describes the data presented in this first SAR Stats issue as “a new baseline for financial sector reporting on suspicious activity.” The primary purpose of the report is to provide a statistical overview of suspicious activity developments, including by presenting SAR data arranged by filing industry type for the more than 1.3 million unique SARs filed between March 1, 2012 and December 31, 2013. In addition, the redesigned annual publication includes a new SAR Narrative Spotlight, which focuses on “perceived key emerging activity trends derived from analysis of SAR narratives.” The inaugural Spotlight examines the emerging trend of Bitcoin related activities within SAR narrative data. It states that FinCEN is observing a rise in the number of SARs flagging virtual currencies as a component of suspicious activity, and provides for potential SAR filers an explanation of virtual currencies and the importance of SAR data in assessing virtual currency transactions.