Virtual currencies: SEC and CFTC enforcement trends


Financier Worldwide Magazine

July 2018 Issue

Over $400bn worth of wealth is represented by virtual currencies. While Bitcoin and Ether are the best known, there are nearly 1600 virtual currencies available, and the number is growing. As virtual currencies and related trends such as initial coin offerings (ICOs) have surged in popularity, regulators and enforcement authorities around the world have taken note, often with differing results. For example, certain countries – including China and South Korea – initially took steps to ‘ban’ ICOs, while regulators in other jurisdictions – including the US and the EU – are looking to treat certain of them as securities offerings subject to existing securities laws.

Focusing specifically on the US, virtual currencies have proven difficult to define for regulatory purposes given the many ways in which they are used and the many ways in which US regulators categorise and regulate financial assets. That, in turn, has caused some uncertainty for virtual currency businesses, including those that have taken significant steps toward embracing and complying with regulation. Many industry observers have noted that the lack of coordination between regulatory agencies has caused a ‘chilling effect’ in the market because companies that value compliance are having difficulty determining with which regulatory scheme they must comply.

Both the US Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have come to the forefront of virtual currency regulation by asserting jurisdiction over various aspects of virtual currency issuance, usage and trading. That has been accompanied by a notable, recent increase in virtual currency enforcement actions.

SEC. As far back as August 2013, former SEC chair Mary Jo White, in a letter to senator Thomas P. Carper, announced that the SEC considers “interests issued by entities owning virtual securities or providing returns based on... virtual currencies likely would be securities... subject to our regulation”, even if the currencies themselves are not securities. Under its enforcement authority, the SEC recently has turned its attention to ICOs, where companies – typically, start-ups – look to raise capital through crowdfunding by offering virtual currency ‘tokens’ to the public in exchange for other cryptocurrencies, such as Bitcoin or Ether. The ICO investors who receive the token may be acquiring it for a range of purposes – for example, they may be interested in the underlying project or network and they want to acquire the tokens that will be required to use or access that project or network, or they may be speculating on the possibility of others having that interest and the token increasing in value as demand increases so that they may sell their token for a profit. The SEC has focused its efforts, to date, on identifying instances in which certain tokens, in the context of the method and process through which they were offered and sold to purchasers, met the SEC’s definition of a ‘security’.

In a July 2017 investigative report, the SEC cautioned that tokens that had been issued in an ICO by an organisation known as The DAO were securities and therefore subject to the federal securities laws. According to the SEC, these tokens were ‘investment contracts’ subject to SEC jurisdiction because they represented an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.

In February 2018, SEC chairman Jay Clayton commented in his Congressional testimony that, “I believe every ICO I’ve seen is a security”, and noted that “not one” of the over 500 ICOs to hit the market has been subject to SEC registration. Mr Clayton further stated that he has “asked the SEC’s Division of Enforcement to continue to police [ICOs] vigorously and recommend enforcement actions against those that conduct [ICOs] in violation of the federal securities laws”.

Continuing this ongoing public discussion, on 5 April 2018, Mr Clayton spoke about cryptocurrency regulation at Princeton University, and he noted the evolution and development of cryptocurrencies and their changing place in the markets: “Just because it’s a security today doesn’t mean it’ll be a security tomorrow, and vice-versa.” Using an example of a laundry token, he remarked that the use of a token can lead it to evolve toward or away from a security.

Since the DAO Report, the SEC has brought eight enforcement actions related to using digital currencies or issuing tokens that were not registered as securities with the Commission, ranging from schemes to defraud investors by issuing coins backed by non-existent real estate and diamond holdings to an ICO for a blockchain-based food review company. Over the past few months, the SEC has substantially broadened its ICO probe by issuing over 80 subpoenas and requests for information to firms involved in ICOs and confirming that ‘dozens’ of inquiries in this space are underway.

CFTC. For its part, the CFTC, as outlined in its 2017 Primer on Virtual Currencies, takes the position that its “jurisdiction is implicated when a virtual currency is used in a derivatives contract, or if there is fraud or manipulation involving a virtual currency traded in interstate commerce”. CFTC chairman Christopher Giancarlo acknowledged in a Hearing on Virtual Currencies that, while there is public enthusiasm for potential for legitimate uses of virtual currencies, agencies need to “crack down hard on those who try to abuse [the public’s] enthusiasm with fraud and manipulation”.

While the CFTC has brought a number of enforcement actions for virtual currency exchange registration failures since its first action in 2015, 2018 has seen several CFTC enforcement actions targeting fraud and misappropriation schemes that involve virtual currencies. For example, the CFTC brought actions against different entities for allegedly: (i) fraudulently soliciting customers to purchase a virtual currency with misrepresentations that it was backed by gold and was being traded on exchanges; (ii) fraudulently soliciting Bitcoin from the public by promising to convert it into cash and then put it in a pooled investment vehicle; (iii) fraudulently soliciting customers to send cash or virtual currencies in exchange for virtual currency advice and trading services that were never provided; and (iv) soliciting customers to purchase illegal options, misappropriating the customers’ funds, and then seeking to cover up the misappropriation by inviting customers to transfer their account balances to a virtual currency known as ATM Coin.

What’s ahead?

Collaboration and harmonisation. While the precise contours of the SEC and CFTC’s jurisdiction over virtual currencies remain hazy, what is clear is that enforcement actions in this space will continue to be one tool that regulators use to ‘speak’ to the market. In a January 2018 joint statement, the enforcement directors of both the SEC and CFTC stated that their agencies “will continue to address violations and bring actions to stop and prevent fraud in the offer and sale of [virtual currencies, coins, and tokens]”.

And, while each agency takes a broad (and potentially overlapping) view of the scope of its jurisdiction over virtual currencies, there are encouraging signs for market participants that are concerned about the lack of regulatory coordination. In recent testimony before Congress, the chairmen of the SEC and CFTC stated that their agencies have been in close contact “with respect to policy and jurisdictional considerations, especially in connection with recent virtual currency enforcement cases”. Such collaborative efforts hopefully will lead to more regulatory clarity in the near future.

More registered ICOs on the way? In March 2018, the Praetorian Group filed the first ICO registration with the SEC, noting in its S-1 filing that “[n]otwithstanding our belief that the [token] might not constitute a security, we feel given the uncertainties from a regulatory standpoint that it is more prudent to deem the [token] a security and follow through with the registration process... and gain the SEC necessary approvals as a registered security”. Given the recent enforcement efforts and the scope of the SEC’s probe, we think it is fair to predict that more companies will seek to expressly and intentionally comply with SEC requirements in connection with token issuances, either through registration or via compliance with an exemption from registration.

Will the SEC provide guidance on when a token is a not a security? Despite Mr Clayton noting in his Congressional testimony that “I believe every ICO I’ve seen is a security”, participants in the ICO market are hopeful that the SEC will agree that tokens with certain attributes are consumer products and not securities. In March 2018, a group called the Venture Capital Working Group delivered a document to the SEC that proposed a token non-exclusive safe harbour for certain so-called ‘utility’ tokens – i.e., tokens meeting the conditions of the safe harbour would not be deemed to be securities once the tokens have achieved full functionality or full decentralisation. While the SEC may not be ready to go as far as a safe harbour, the SEC could take actions to speak to the market beyond its enforcement actions, including by issuing further reports (such as The DOA Report of Investigation) or no-action letters for specific tokens (i.e., the SEC will not pursue an enforcement action as an illegal securities offering for a sale of tokens with the attributes outlined in an incoming letter).

Will the CFTC unmask virtual currency market abusers and bring trade conduct actions? To date, the CFTC has exclusively focused its enforcement actions against companies and affiliated individuals. That is unsurprising given the largely anonymous nature of virtual currency users (outside of regulatory compliant exchanges). The CFTC, in its February 2018 ‘Consumer Advisory: Beware Virtual Currency Pump-and-Dump Schemes’, acknowledged these limitations, noting that illegal trade conduct – such as schemes to ‘pump-and-dump’ virtual currencies – “continue because they are mostly anonymous”.

But two recent developments suggest that these limitations may be well on their way towards being surmounted. First, the CFTC announced in January 2018 that it will engage in a “heightened review” with designated contract markets (DCM) on virtual currency self-certifications, which will require the DCM to “monitor[] data from cash markets with respect to price settlements and other Bitcoin prices more broadly, and identify[] anomalies and disproportionate moves in the cash markets compare to the futures markets”. Consistent with this approach, the Cboe Futures Exchange (CFE), in filing the Bitcoin futures product self-certification notice with the CFTC in December 2017 (to launch the new futures contract), represented that it had “entered into an information sharing agreement with Gemini [Exchange, a virtual currency trading venue,] that provides CFE with the ability to access Gemini Exchange trade data for regulatory purposes, including in connection with the surveillance and regulation of trading in [virtual currency] futures on CFE’s market”. Gemini Exchange, in turn, now reportedly uses Nasdaq’s surveillance software ‘SMARTS’ to monitor its virtual currency markets for abusive trading practices.

Second, several companies are developing tools for law enforcement to reveal virtual currency users’ real identities by analysing transaction data linked to users’ accounts. Some of these firms have already partnered with law enforcement agencies and financial institutions and have turned their concepts into real world results. For example, UK-headquartered Elliptic has helped law enforcement track down criminals who used bitcoins to purchase illegal weapons online or extort money using computer malware. Another firm, Chainalysis has worked with the IRS to identify virtual currency tax evaders. Considering the CFTC’s focus on tracking transactional data and the development of technology to unmask virtual currency users’ identities, we would expect the CFTC to continue to explore ways to integrate these markets and their participants into their traditional trade conduct surveillance programmes.


Alexander J. Willscher is a partner at Sullivan & Cromwell LLP. He can be contacted at +1 (212) 558 4104 or by email:

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.