So far 2022 has been one of the busiest regulatory years we have seen!
Here we leave you with three takeaways for traditional finance and blockchain compliance programs:
Follow Gensler & other top regulators on Twitter
Basics are important. Have an independent review of your program
Understand operational risks & build resiliency. Use technology for duty of loyalty (conflicts), transparency (performance & costs/expenses), and care (conduct standards, ESG)
Blockchain Highlights
A must-see is the debate on blockchain and DeFi regulatory approach. Click hereto watch it!
The FTX Breach article is an important reminder about the duty to users/customers
2022 SEC Wrap Up
Here is an inventory to help you recap SEC priorities for the testing of your compliance program.
Building the governance, risk, and compliance bridge between finance and blockchain
Guidance and developments overweigh enforcement this month. Please reach out with questions: understanding evolving standards is increasingly needed to navigate risks.
The Enforcement Environment
Token Promotion
The promotion of tokens/shilling increases securities law risks. In both SEC vs. Balina and SEC vs. Kardashian, the promoters failed to disclose they received compensation for promoting the tokens.
Requirements:In 2019, the FTC, which makes rules around truth and transparency in advertising, published simple guidance for social media influencers & required disclosure of payments. Though the SEC has its own rules for this issue, they largely parallel the FTC’s. SEC Chair Gary Gensler posted a videoto highlight its position.
Reminder: Many regulatory cases are paired with class action lawsuits. The Kardashian settlement may impact the pending class action suit too.
Are you Decentralized Enough?
The CFTC settled with bZeroX, LLC and its founders for allegedly acting as an unregistered futures commission merchant (FCM) and failing to adopt a customer identification program as part of a BSA compliance program required of FCMs. Simultaneously, the CFTC charges the successor entity to bZeroX, Ooki DAO, for violating the same laws.
The CFTC found:
Registration –Defendants failed to register as an FCM
Commodities – “Virtual currencies such as ETH, DAI, and others traded on the Ooki Protocol are ‘commodities’ under the Act.”
DAO was not decentralized –“The acts, omissions, and failures of the members of the Ooki DAO unincorporated association (i.e., the Ooki Token holders who voted their Ooki Tokens to govern the Ooki DAO by, for example, directing the operation of the Ooki Protocol), as well as of those authorized to work on behalf of the Ooki DAO, were done within the scope of their office, employment, or agency with the Ooki DAO.”
“While I do not condone individuals or entities blatantly violating the CEA or our rules, we cannot arbitrarily decide who is accountable for those violations based on an unsupported legal theory amounting to regulation by enforcement while federal and state policy is developing”.
The House Committee on Oversight and Reform has requested info from 4 Federal agencies and 5 crypto exchanges on their actions and mechanisms to combat fraud.
New EU Directive – The European Union has formally approved the Markets in Crypto-assets (MiCA) directive. (Europe.eu) The European Union released its 8th package of sanctions against Russia, which include a ban on “all crypto-asset wallets, accounts, and custody services, irrespective of the amount of the wallet.” (Europa.eu)
Date Security
Binance, the world’s largest cryptocurrency exchange, washacked. Binance reports mitigated losses of under $100M.
Global Coordination
International Securities law watchdog ISOCO (International Organization of Security Commissions) is working to create ‘common standards’ for crypto.
A bear market can be a clear test of resiliency. We are seeing some blockchain projects struggling to pass that stress test. Celsius halts withdrawals;Rari goodbye & nod to predatory tactics; Babel suspends redemptions & withdrawalsBut we also see successful white hat hacks that raise the potential for more holistic resilience across web3 projects. DeFi Attack Averted Surprisingly, these ethical hacks resemble risk and compliance controls in heavily-regulated businesses, but they are more effective because of timing. Instead of a centralized gatekeeper trying to cajole a team’s commitment to risk mitigation, the power of wide engagement in DAOs allows behavioral incentives to be more intuitive and effective with less resistance.
For sustainable growth in web3, let’s adopt a behavioral incentive approach for all governance, risk and compliance (GRC) matters, not just cyber security. Incentivizing self-reporting by aligning everyone with the interests of the community (a “white hat approach”), at a minimum, will more clearly separate the bad actors and innovators. A framework for DAOs is crucial in order to align behavioral incentives, so web3 projects do not repeat the inherent dysfunction of traditional GRC programs. Action is needed now to ensure the framework fits the new ethos and can refute increasing claims by regulators and litigants that a layer of traditional controls should be mandated for web3 projects. One recent example is the debate about how to regulate Tether.Let’s use decentralized consensus and collaboration to incentivize better business conduct.
II. Perils of Traditional GRC and Wait and See Strategy
Once there is a decision about business priorities and the legal entities to support them, the next step is to decide if a project will build a GRC program. After funding is secured, regardless of the size of a project or its potential treatment as a financial product, it’s time to understand threats to the project’s viability. Viability threats can be vast, from operational risks that cause errors or difficulty recruiting and retaining talent, to regulatory and legal risks that impact whether the project could be halted or distracted with government inquiries. Yet, most projects do not proactively address regulatory and operational risks after establishing their legal and business framework. With a bear market and increasing concerns about protection of users, many regulators and legislators are considering how to regulate web3, particularly how to retrofit traditional GRC requirements. SEC Chair Gensler speech; Sec Yellen remarks;New EU-wide regulation; New crypto framework in Brazil; New Singapore crypto law
A Web3 project has at least two choices:
Wait and see whether government requirements apply and build a framework then, taking on all the material civil and criminal risks that comes along with a wait and see strategy, or
Build a tailored framework that uses the same ethos as ethical hackers and permits the ecosystem to choose its priorities.
If the majority of the web3 projects opt for the wait and see approach, web3 would arguably lose an opportunity to build a better GRC paradigm. Businesses would accept the heightened risk that they need to build a traditional GRC program into the DAO and/or that they are not prepared for inevitable changes to tax, legal and regulatory requirements.
The traditional GRC framework has a mixed record on effectiveness. The transparency international corruption perception index (CPI) indicates that despite all the money and effort to adhere to legal and regulatory requirements designed to fight fraud, traditional GRC programs are failing to eliminate fraud. With no meaningful improvement in the last decade and over 50% of countries receiving a failing CPI grade for fighting corruption and fraud, the centralized approach is not delivering a ROI. Transparency International CPIInstead, many compliance officers struggle to align incentives & gain collective ownership to report and solve governance gaps. We continue to see corrupt corporate behavior at some of the world’s most successful companies. FCPA Violation 120 mil in fines; Retirement Account Fraud;Fraudulent Bond Sale
The new GRC paradigm is poised to leverage the power of decentralization and incentives. For example, compare white hat (ethical) hackers protecting against cyber threats to whistleblowers allegedly fighting corruption and theft. Whistleblower reporting is required under several existing regulatory regimes to incentivize self-policing. EU Whistleblower Directive; SEC Whistleblower and Bounty Program; Anti-corruption Whistleblower Cases. However, whistleblower reporting within businesses is notoriously ineffective at preventing corruption before it occurs and instead is reserved for bringing the problem to the public after the fact. Facebook Whistleblower
There is a strong rationale for not waiting for new regulatory mandates and instead building a Web3 GRC framework that uses the same ethos as ethical hackers to proactively self-govern. This will allow the ecosystem to choose its own priorities and make its own decisions.
III. New GRC Framework
In order to maintain a sustainable peer-to-peer ecosystem, the members need to build trust and deliver on transparent governance. A sustainable GRC program will incentivize addressing conflicts and issues before they threaten the viability of the project. SushiSwap CTO Resigns;SushiSwap Feud
Guiding principles for sustainable governance are:
Agile & Iterative — Expect changes, build in flexibility and a modular approach that can be adjusted when new risks surface
Disclosures & Transparency — Assume conflicts and risks should be known, so users are informed
Anti-Fraud & Consumer Protection — Prioritize well-being of users and adopt a guardian lens
Caution & Escalate — Create the white hat approach, build in self-reporting incentives and avoid whistleblower pitfalls
A sustainable GRC program should adopt 5 pillars
Know the environment and prepare
As with pen testing or hackathons — expect inquiries from government authorities and litigants. Prepare with an advisory bench and narrative of the project. The narrative should include in and out of scope features to tell the project’s story before being asked to defend the story to the government or litigants. Hire a “white hat” advisor to audit your performance against these pillars and guiding principles.
2. Create and manage a road map
Create a practical risk inventory based on current developments and maintain it. Assess the relevance of the risks to the project and prioritize drafting a project list to address the top risks. Use the inventory as a confidential road map with use cases and examples to size risks.
3. Create escalate and questions forum
Create a GRC private Slack channel, Discord, Team meetings and Q/A. Make it easy to ask questions and escalate concerns. Consider building a path where reporting is anonymous to remove any hesitancy. Set a record retention policy to make sure you retain documents you need and create a rational destruction schedule to balance data sharing with security risks. For instance, corporate documents should be retained for the life of the organization, whereby Slack and text messages may contain personal information and should have a short retention period to prevent data breaches.
4. Have a public relations & communications strategy
Set standards for community, project and personal opinions. Set guidelines to avoid shilling and conflicts of interest and provide examples of balanced communications. Consider
creating an understandable risk mantra/disclosure on public communications such as “Be informed & accept the risks”, “Consider before you act”, “Read our forum and blogs for more info” and then create an FAQ,
the experience of the target audience as you write,
sourcing a third party, when making projections or promissory statements,
avoiding investment terms unless there’s an expectation of investment oversight from the government.
5. Develop protocols for managing GRC
Rather than creating protective traditional legal documents, create short, accessible standards for the team to follow. Be strategic about accepting certain risks, create a risk plan to address short, medium and longer-term issues.
Expect to change the GRC program and adopt 4 north star attributes
Support and Affirm Alignment: Draft a Code of Conduct, Terms of Use and UI Disclosures
Global Approach: Adopt a borderless strategy, but focus on the jurisdiction of a concentration of users, prevent criminal liability & rely on jurisdictions with guidance — DOJ Criminal Division — Evaluation of a Compliance Program
Tech Company Policies: Orient your GRC efforts for a technology company. Draft a Sanctions, Privacy and Cookies policy and procedures
Anti-Fraud Efforts: Include an anti-fraud mindset within product development perhaps as part of user experience efforts. Mitigate risks with a consistent focus on serving the interests of users, community and ecosystem. Draft listing standards, implement user protection with bad actor blocking, focus on cyber security, follow a marketing/business development review process before content is posted on public forums.
IV. Conclusion
Resilience of a web3 project will not just entail fighting TradeFi and the government’s perception of risks, it is also addressing concerns from within the community. “Most crypto projects are designed with extremely predatory tactics that hurt retail. Most crypto projects have 0 intention of doing anything besides dumping on retail.” Founder Rari Capital
Reach out if you are interested in a confidential GRC assessment. Warburton offers assessment services including advice on options and best practices and a set of template documents.
More developments in legislation to watch. Senators from leading states – NY and Wyoming – team up to propose allegedly reasonable new oversight over blockchain projects.
SEC settles the first enforcement action concerning ESG disclosures against a mutual fund adviser for alleged misstatements and omissions in its Fund disclosuresconcerning incorporation of ESG factors into the investment process.
A settlement was reached with NVIDIA Corporation, a public company, for alleged failure to disclose on its 10Q that crypto mining was a significant element of its revenue.
Smoothing Performance Numbers and Manual Spreadsheet leads to multi-billion securities fraud, manipulation and criminal liability. SEC Charges Allianz Global Investorsthe firm agreed to pay more than $1 billion to the SEC and over $5 billion to victims as restitution.
Sanctions liability is criminal liability. See this important case for blockchain projects. In Re: Criminal Complaint[Underseal]involves the use of a payment platforms allegedly designed and advertised to evade U.S. sanctions, through ostensibly untraceable virtual currency transactions.
YOUR COMPLIANCE & RISK PROGRAM
A good reminder – it’s not what happens, but how a team reacts. The South Korea regulators appear to be taking a common approach – broad investigation – focusing on intent of those who knew about problems…Terra Investigation
“Compliance and cybersecurity are not the enemy of innovation.” Director ofFinCEN Associate Director of Enforcement and Compliance speaking at Chainanalysis Links Conference “The Intersection of Cryptocurrencies and National Security”
In this edition, we highlight class action law suits as well as regulatory developments. In the blockchain space, the class action attorneys seem as active as the regulators. Remember to prepare for litigation as you run your compliance and governance programs. This month, in the case against Uniswap, plaintiffs claim users would have been protected from fraud if Uniswap was a regulated entity. i.e., if it was required to prevent fraudulent transactions. The claims focus on Uniswap’s collection of fees for each transaction without regard to culling out fraud on the “exchange”.
SEC and Other Enforcement Actions
What is a Communication System: Bloomberg L.P and Bloomberg Tradebook presented their comments to the SEC Amendment to Exchange Act Rule 3b-16 regarding expansion of Regulation ATS, NMS stock and other securities and the rule regarding the definition of Exchange. The Bloomberg comment letter is important and helpful advocacy for fintech firms. Soon after they were posted, the SEC extended the comment period for new rule.
Cyber on Top Again: SEC Enforcement Division allocated 20 additional positions to the SEC Crypto Assets and Cyber Unit. Security is still a top concern!
YOUR COMPLIANCE & RISK PROGRAM
Transparency Benefits: NY Dept of Financial Services issued new Virtual Currency Guidance noting that although virtual currency presents compliance challenges, it conversely “allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers”
OCC Consent Order: AML Programs remain the linchpin for blockchain compliance. The OCC consent order against Anchorage highlights the focus on a strong written and formal program as agreed in any supervisory agreement.
What if developments in crypto could transform how we approach centralized compliance? Read this article from NASDAQ and our founder.
Regulatory focus across the digital asset market is increasing in a bid to fight and prevent financial fraud, but nothing substantial has been achieved thus far.
As an advocate for behavioral incentives over regulation by enforcement, I’m also focused on efficient, effective, and sustainable compliance and governance programs. I spend much of my time eliminating bureaucracy and dreaming about eliminating rules and regulations that can’t be aligned with a reasonable rationale and return on investment.
The recent regulatory focus on enforcement aimed at digital asset projects has me wondering if we are missing an opportunity. By way of example, the SEC’s recent budget request for fiscal year 2023includes an additional $240 million for enforcement, mainly for digital (crypto) assets purportedly to prevent fraud and bring enforcement cases against fintech start-ups and others that don’t follow applicable securities laws.
Would we use the same approach if crypto was the solution, not a hindrance, to fighting fraud?
The current enforcement approach could be missing the forest for the trees and remaining loyal to traditional patterns without truly questioning their efficiency and whether they are getting the job done.
How are we doing with traditional governance and compliance programs in fighting fraud?
The transparency international corruption perception index (CPI) suggests that compliance and governance programs fail to eliminate fraud despite all the money and effort to fight fraud within a traditional corporate structure.
With no meaningful improvement in the last decade and over 50% of countries receiving a failing CPI grade for fighting corruption and fraud, the centralized approach, with compliance officers designing and testing compliance programs and continuously asking the business to engage and build a tone or culture of compliance, is not delivering ROI.
Instead, many compliance officers struggle to align incentives and gain collective ownership to report and solve governance gaps. We continue to see corrupt corporate behavior at some of the world’s most successful companies.
Many compliance officers who design and run SEC-compliant governance programs will tell you it is a perpetual challenge to engage an organization in fighting fraud, owning good governance, or acknowledging the duty to protect all the stakeholders.
With the recent focus on the enforcement of digital asset projects and their role in facilitating fraud, it feels like it’s an opportune time to pause and consider whether there is an increase in scams or just a perception of a rise. Many in the digital asset space would agree that the organizations or projects do not want to perpetuate or facilitate fraud. Instead, they want to have informed users who can transact without cybersecurity thefts and with informed risk-taking, as Secretary Yellen covered in her recent speech about President Biden’s Administrative Order.
Still, the element of innovation that can successfully and more easily engage all stakeholders in governance and compliance should receive commensurate attention to fraud risk.
The demand for digital assets, new technology, and community involvement via Discord, DAOs, smart contracts, and more show the opportunity to bootstrap newly aligned incentives and innovative infrastructure into a fresh compliance and governance paradigm. This paradigm shift could seamlessly leverage engagement, transparency, and collective ownership, not just for the digital assets project but also in tackling fraud.
For instance, gatekeepers or compliance officers do not need to ask the organization to get involved with decentralized governance. With a blockchain ecosystem, there is a common understanding and social contract that the engagement of all stakeholders is valued and crucial to the organization’s viability.
Additionally, compliance officers in the digital assets space can leverage technology and align incentives to minimize the time and the effort needed to ferret out issues on their own as required under traditional norms. Rather than continue to rely on a centralized audit function, whistleblower programs, and governance-by-policing, they can use the blockchain innovations to imbed behavioral incentives that use the momentum of digital assets to prevent fraud.
With this new paradigm of decentralized governance and compliance, there is an opportunity for self-reporting by stakeholders, whether personnel, token holders, and community members. This activity can effectively replace the reliance on resource intensive audits and enforcement that seems to be most effective only after troubling cultural patterns are immutable and stakeholder harm occurs.
Blockchain projects – with built in incentives to report issues early – can be leveraged as an important alternative to traditional centralized compliance and governance programs. As we consider the CPI statistics as well as increasing budgets for regulatory enforcement teams (the SEC is asking for 133 additional enforcement employees), one wonders whether that is a winning solution.
Beth Haddock
A board member, trusted expert and strategic adviser for growing blockchain and fintech leaders. Beth serves as a bridge between traditional and cutting-edge technologies as a trustee and chair of the Compliance and Risk Committee for yen and USD pegged stablecoins, as a chief legal officer for a fintech platform owned by global giant Franklin Templeton and a strategic advisor to a global DeFi platform.
A founder and Managing Partner of Warburton Advisers, Beth provides governance and regulatory advisory services covering business development, data protection, digital and blockchain products, M&A and ESG investments. She has also developed a patented regulatory technology, is the author of Triple Bottom- line Compliance: How to Deliver Protection, Productivity and Impact and the host of the podcast “What’s Ethical.”
Beth has over 25 years of international C-suite experience and understanding of financial market regulation, compliance investigations, risk management and investment management (IM). As the former Head of Compliance at Brown Brothers Harriman (BBH), a global custody bank with over $4.7 trillion in assets, she successfully led initiatives including service center expansion in Europe, efforts to secure strategic funding and the compliance program redesign.
Beth served as BBH’s Global Chief Compliance Officer (CCO) for the ’40 Act funds, broker-dealer and investment advisor through several material events including crisis related to Madoff, Lehman Brothers and subprime and money market valuations. She also served as the ranking attorney for the ABA Securities Association Lawyers Committee lobbying for the industry on Capitol Hill.
Before becoming the Head of Regulatory Affairs, Beth rebuilt the compliance program as CCO for Guggenheim Investments, which managed more than $200 billion in capital covering 10 different investment sectors and ‘40 Act and private funds.
Beth also held legal and regulatory positions on Capitol Hill and AXA Financial where she led the compliance initiative for M&A, was awarded a global innovation award for her work transforming the 7000+ salesforce from agents to fiduciaries, completed a multi-year development program in Europe and served as Corporate Secretary to the AXA Advisors Board of Trustees.
Beth previously served as an independent director, Corporate Secretary and member of the Nominating and Governance Committee for the Brooklyn Music School and the MUSE Academy. She was also a member of the Board of Trustees for Flat World Partners, an impact investing firm.
Beth currently serves as independent director to GMO-Z.com Trust Company, a subsidiary of a publicly-traded Japanese tech conglomerate and issuer of stablecoins. A respected chair of the Compliance Committee and member of the Audit Committee, she brings deep knowledge of AML, financial technology and regulatory trends with her first-hand experience of crisis management and regulation.
She serves as advisor to Balancer Labs, a DeFi platform, where she is laser-focused on value-added sustainable governance for the DAO and the defi community.
Beth is Chair of the National Society of Compliance Professionals’ Blockchain and Fintech Roundtable and member of the IM Committee for the NYC Bar Association. Beth is also a member of the Advisory Board and Nominating Committee for the non-profit Good Sports.
Beth earned a BA in Economics from Bucknell University, a JD from The Catholic University of America and executive program credentials from Yale University (Sustainability as a Business Enabler)), University of Virginia, Darden (Leadership) and University of California, Berkeley (Sustainable Capital & ESG).
New York, New York • 917-455-6570 • beth@warburtonadvisers.com • linkedin.com/in/bethhaddock
Developments to watch. Senator Warren and others introduced new legislation to meet a purported need to close the gap in sanctions compliance. Digital Asset Sanctions Compliance Enhancement Act of 2022 A great summary on the debate about whether digital assets are a material conduit for economic sanctions. The EU passed a proposal to eliminate anonymous crypto transactions. Parliament Vote to Require AML for Self-Custody Wallets etc.
Responsible Innovation: President Biden Issues Executive Order Detailing National Policy Objectives for Digital Assets. President Biden issued an Executive Order (E.O.) calling for studies and reports within approximately 6 months. The EO was met by many as a nod to supporting smart regulation of blockchain projects. The E.O. itself does not propose additional requirements or regulations for digital assets. But rather, it brings to light the specific regulatory approaches for these assets.
Sustainability issues to track with blockchain projects: The EU vote on bitcoin mining provided a strong belief that crypto currency was not going to be a phase; rather, certain digital assets may be here to stay. The issue being discussed is the environmental impacts that are caused from crypto. The EU was determining if the activity of crypto mining was sustainable or not which could change the way that crypto may be approached by individuals due to global energy consumption.
SEC and Other Enforcement Actions
Digital Assets Make the List Again. For the 3rd year, digital assets and emerging technologies are included in 2022 SEC exam priorities. The exam focus for digital assets includes custody arrangements, assessment of all aspects of transactions, duty of care of understanding the products, review of compliance practices, risk disclosures and operational resiliency practices.
FINRA issues updated guidance & request for comment. Not a big surprise, FINRA treats crypto futures/crypto as “complex products” so that retail investors receive enhanced protections. “Mutual funds and ETFs that offer strategies employing cryptocurrency futures. In addition to their exposure to cryptocurrency, which could itself be considered complex, these funds track futures contracts rather than the underlying cryptocurrency.” FINRA requesting comment on complex products queries until May 9.
No Permission to Operate. Binance stops business in Ontario.
YOUR COMPLIANCE & RISK PROGRAM
More Institutional Interest in Digital Assets. Digital assets continue to be more relevant for compliance officers in traditional financial services firms. BlackRock filed with the SEC to launch the iShares Blockchain and Tech ETF which would allow the tracking of index comprising companies involved in development and deployment of crypto technologies in the US and abroad.
Sample Disclosures. The EU Financial Authorities offer 10 points of disclosure for digital assets that compliance officers can use for digital asset platforms. i.e., Disclosures cover topics such as warning consumers they are accepting speculative risks with loss of funds, price and liquidity are volatile and unpredictable and typical government protections re: complaints are not available.
Gift Policy Update. New Jersey Assembly Bill 3287 is a good reminder to review compliance policies and consider updating them to include this new asset class for gift limitations, prohibitions and pre-clearance requirements. The bill prohibits public officials from accepting virtual currency and non-fungible tokens as gifts.
BlockFi to pay $100M in fines to SEC and state regulators for an allegedly illegal offering of a high interest product. BlockFi’s interest account (known as BIA) allows users to lend out their crypto for up to 9.25% in annual percentage yield.
Developments in SEC case against Terraform Labs. The SEC accused Terraform Labs (TFL) and Kwon of participating in “the creation, promotion and offer to sell assets and MIR tokens to U.S. investors.” The regulatory process did not go well. TFL was interviewed and didn’t expect to be served at a US conference. TFL then sued the SEClast October in the US. In the latest development, the SEC prevailed on their jurisdictional argument, and the Court ordered TFLto comply with the SEC’s subpoena.
It is important to remember marketing can be a key to liability. BitMEX founders plead guilty to Bank Secrecy Violations. In part, the Hayes and Delo were held liable due to their marketing/influencer activities. Despite repeatedly stating that BitMEX did not serve U.S. customers, the SEC claimed they knowingly designed BitMEX as a platform to contravene U.S. Anti-Money Laundering Rules. The SEC also alleged they knew that BitMEX’s withdrawal from the US market and the controls put in place to prevent U.S. trading were ineffective. In other words, BitMEX knew U.S. customers continued to trade and as a result they derived substantial profits. The SEC also alleged the founders actively sought out U.S. customers by using U.S.-based cryptocurrency “influencers” to market to new customers, conducted U.S. television appearances and marketing campaigns that promoted BitMEX’s products.
YOUR COMPLIANCE & RISK PROGRAM
Compliance officers should focus on networking and benchmarking. The pace is fast and expectations for regulatory change are increasing. Confirm you have a helpful record retention policy and code of conduct. It is also important to be vigilant in considering jurisdiction for soliciting business – the BitMEX and Terraform cases are good examples of the expectation for business development.
OpenSea UI vulnerabilityallowed hackers to get NFTs below market with an inadvertent acceptance of a buy offer.
State Securities Regulators Warn of Top Risks in 2022– fraud is in the top 4 – crypto is #1.
A measured approach to preventing fraud in DeFi – A Florida regulator provides educational guidance.
Example of global collaborationto cover opportunities and risks of digital assets.
SEC and Other Enforcement Actions
Registrations Requirements. CFTC Enforcement filed an enforcement action against Polymarket, alleging it violated federal commodities laws by offering prediction markets in the U.S. without registering with the agency. Polymarket cooperated with the investigation leading to a reduced penalty of $1.4M.
State jury finds crypto-related products not securities. A Connecticut juryaddressed whether cryptocurrency products were securities and cleared the defendants of liability in an alleged fraudulent operation. The jury’s decision hinged on the finding that the company’s customers were not passive investors.
SEC EXAMS published aRisk Alert of observations from private fund adviser examinations.
Have you wished for more engagement & better culture of compliance? Look at DAOs with a lens for increased ownership of compliance. In this video – there is an interesting discussion about the opportunity in web3 investment clubs.
We are excited for 2022! We believe innovation in blockchain and fintech will not replace but improve traditional finance allowing for strides in sustainable governance with
Increased stakeholder participation
Increased operational efficiencies
Smart tech to increase ROI on compliance & risk programs
We hope you continue to find the Warburton Report a helpful resource. Feedback is welcome so we continue to give you the content you find most helpful.
Acceleration of mainstream global banks and traditional companies acquiring and merging with crypto firms and stablecoins
Cybersecurity and Data Privacy
Attacks reported by companies. Hack of personal info must be reported under US and EU requirements. bZx hack (ETHDenver); Akropolis hack; Coincheck hack (500 mil stolen); Kucoin hack (exchange & highlight of new controls)
SEC and Other Enforcement Actions
Registration Requirements – SEC Charged Ripple in December 2020 with operating $1.3B unregistered securities offering. The complaint alleges failure to register offerings and sales of digital assets or satisfaction of any exemption from registration. This is a case to watch in 2022.
Telegram settled with SEC after the Commission did not accept their defense that tokens was a private placement (Reg D) exemption. $18.5M penalty and $1.2M payment to investors.
Fraud and Cryptocurrency Investment Scams. Crypto scammers reportedly took $14B taken in 2021.
“Code is Law” Challenge –Pending Canadian $15.8M class action. Plaintiffs argue that “code is law” convention in DeFi does not provide immunity from securities laws.
Materially Misleading Statements. American CryptoFedDAO charged with materially misleading statements about tokens including employee benefit plan. Company filed registration statement with SEC. Class action lawsuit Anderson and Dolifka v. Tether, USDC (filed 12/20/21- pending) Plaintiffs allege Tether made misleading and deceptive statements concerning its backing and reserves.
YOUR COMPLIANCE & RISK PROGRAM
This month’s focus is on fraud prevention measures. As you consider training, operational controls and regulatory strategy, fraud prevention should be a critical priority. Consider whether your efforts are combating these risks to prevent fraud in your business and the broader ecosystem and protect you from regulatory and criminal liability by designing an adequate compliance program.
What are fraud risks?
Your company or your strategic partner, service provider or agent including employees and consultants facilitates a fraud
Insiders or trader digital assets based on non-public material info for their own benefit to detriment of public
Your company is held accountable for consumer fraud or statements deemed to be materially misleading about the project and/or digital assets. i.e., Twitter and business development efforts