Bridging the Week by Gary DeWaal


Bridging the Week by Gary DeWaal: June 17 – 21, and June 24, 2019 (Who’s the Sender?; Is Libra Freedom?; What’s the Basis for Liability?)

AML and Bribery    Bitcoin Ecosystem    Capital and Liquidity    Cleared Swaps    Compliance Weeds    Cryptosecurities    Fraud and Anti-Fraud    Initial Public Offerings Including Private Placements    Legal Weeds    My View    Policy and Politics    Uncleared Swaps   
Published Date: June 23, 2019

The Financial Action Task Force issued new standards for member countries that would require virtual asset service providers as well as traditional financial institutions to obtain, retain and transmit certain information related to the originator and beneficiary in connection with all virtual asset transfers.  Separately, the UK Financial Conduct Authority fined a bank £45.5 million for not disclosing that it suspected fraudulent conduct had occurred in a branch office. However, FCA conceded that it had no jurisdiction to regulate the fraudulent conduct itself. Huh? As a result, the following matters are covered in this week’s edition of Bridging the Week:

  • Global AML Standards Setter Says Countries Should Require Virtual Asset Service Providers to Obtain and Transmit Certain Information Regarding Senders and Recipients for All Virtual Asset Transfers (includes My View regarding Facebook’s new Libra initiative and Legal Weeds); 
  • UK Regulator Fines UK Bank £45.5 Million for Failing to Disclose Suspicions of Fraud (includes Compliance Weeds); and more, including an update on the Quadriga crypto exchange collapse in Canada.

Video Version:

Article Version

Briefly:

  • Global AML Standards Setter Says Countries Should Require Virtual Asset Service Providers to Obtain and Transmit Certain Information Regarding Senders and Recipients for All Virtual Asset Transfers: Last week the Financial Action Task Force issued new guidance for countries and regional organizations to help assess and control potential money laundering and terrorism financing risks associated with activities by so-called virtual asset service providers (each a "VASP"). 

Principal among FATF's new requirements is that VASPs and already regulated financial institutions (each an “obliged entity") initiating virtual asset transfers should obtain and retain certain information regarding each sender and intended recipient and forward that information to the recipient’s obliged entity. The required information covered by this “travel rule” should include the sender’s name; the sender’s account number where an account is used to process the transaction (e.g., a virtual asset wallet); the sender’s physical address, national identity number or customer identification number that links the customer to the sending institution, or date and place of birth; the recipient’s name; and the recipient’s account number where an account is used to process the transaction (e.g., a virtual asset wallet). This information does not need to be included in a virtual asset transfer; it could be transmitted separately as provided in the guidance.

Under FATF’s new guidance, a VASP includes any legal or natural person not otherwise covered by anti-money laundering or prohibitions against terrorism financing requirements that, as a business for or on behalf of other persons: (1) exchanges virtual assets for fiat currencies or other virtual assets; (2) transfers virtual assets; (3) safekeeps and/or administers virtual assets enabling control over such assets; or (4) participates in and provides financial services related to an offer and/or sale of a virtual asset. VASPs could include virtual asset exchanges and transfer services, and virtual asset wallet providers that host wallets or maintain custody or control over other persons' virtual assets, wallets or private keys, among other legal entities or natural persons.

FATF also recommended that countries require VASPs to develop risk-based programs to address the risks of their businesses and conduct due diligence of all their customers. This customer due diligence ("CDD") should include identifying a customer and, where applicable, the customer’s beneficial owner, and verifying the customer’s identify on a risk basis utilizing “reliable and independent information, data, or documentation as consistent with existing requirements for obliged entities.” VASPs should be required to identify and report suspicious transactions, freeze assets as required by law and prohibit transactions with designated persons and entities. Countries and national regulators should require registration of all VASPs in the county where formed, if a legal entity, or the country where located, if a natural person. National regulators may also require registration of legal entities that conduct business in their country even if formed elsewhere. VASPs should be required to retain all records of transactions and CDD for at least five years.

FATF additionally urged countries to put in place measures to cooperate with each other, including providing legal assistance, in connection with their oversight of VASPs, and to enact enforcement regimes to address AML/Combating the Financing of Terrorism ("CFT") violations.

Without explanation, FATF noted that “only competent authorities [e.g., government regulators] can act as VASP supervisory or monitoring bodies and not self-regulatory bodies.” Notwithstanding, FATF acknowledged that in Japan, the Japan Virtual Currency Exchange Association, a self-regulatory body, has a principal role in overseeing VASPs’ AML/CFT compliance in conjunction with Japan’s Financial Services Agency.

Although FATF's guidances are not binding on any national authority, FATF encouraged its member countries and regional organizations to take “prompt action” to implement its recommendations and will conduct a review of implementation in June 2020.

In praising adoption of FATF’s interpretive guidance, US Secretary of the Treasury Steven Mnuchin said, “[b]y adopting the [agreed] standards and guidelines …the FATF will make sure that virtual asset service providers do not operate in the dark shadows. This will enable the merging FinTech sector to stay one-step ahead of rogue regimes and sympathizers of illicit causes searching for avenues to raise and transfer funds without detection.” (Click here to access Mr. Mnuchin’s complete comments.)

Previously, in October 2018, FATF made clear that its core AML/CFT recommendations apply to financial activities involving virtual assets. (Click here to access "International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation – The FATF Recommendations.) Last week FATF also finalized an interpretation proposed in February 2019 that applied its core recommendations to VASPs (click here to access).

FATF is an intergovernmental body whose objective is to set standards and promote effective legal, regulatory and operational measures to combat money laundering, terrorist financing and related threats. FATF currently consists of 36 countries and two regional organizations. (Click here for further background regarding FATF.)

In other legal and regulatory matters related to cryptoassets:

  • CFTC Charges Company and Principal in Purported US $147 Million Bitcoin Fraud: The Commodity Futures Trading Commission sought injunctive and other relief against UK-based Control-Finance Limited and Benjamin Reynolds, its sole owner and director, for purportedly conducting a Ponzi scheme based on bitcoin. According to the CFTC’s complaint  filed in a federal district court in New York City, during an interval in 2017, the defendants solicited customers to deposit bitcoin with them that they promised to trade in order to achieve guaranteed profits on the customers’ behalf while making numerous misrepresentations regarding their proposed and actual trading, including issuing false account statements. However, on approximately September 10, 2017, the defendants “abruptly terminated operations,” charged the CFTC and advised customers through social media and email that they would make all customers whole by October or November 2017. However, the Commission claimed that defendants had no intention to return any funds to customers; instead, they routed customers’ coins to wallets (i.e., accounts) under their control or to other customers who requested withdrawals in order to propagate their illicit scheme. The CFTC said that, through their purported illicit Ponzi scheme, defendants misappropriated almost 23,000 bitcoin (valued at US $147 million at the time) from more than 1,000 customers, including US residents. The CFTC seeks injunctive relief and civil monetary damages, among other remedies.
     
  • Where’s the Cryptos? – Defunct Exchange’s Missing Cryptoassets Transferred to Principal’s Personal Accounts at Competitors: The court-appointed monitor of Canada-based Quadriga Fintech Solutions Corp. and affiliated companies (collectively, “Quadriga”) said that “significant volumes” of virtual currencies that were supposedly maintained in hot and cold wallets for customers were transferred outside Quadriga to personal accounts of Gerald Cotten, the firm’s founder, Chief Executive Officer and sole director, on competitor exchanges. 

Quadriga was a Canada-based virtual currency exchange run by Mr. Cotten. After he died in December 2018, none of Quadriga’s virtual currencies reserves purportedly held for customers in hot and cold wallets were able to be accessed because no private keys (e.g., passwords) could be located, and the firm filed for bankruptcy. 

Following a preliminary investigation, the monitor also concluded that Quadriga’s operating structure “appears to have been significantly flawed.” Among other things, there were no accounting records and activities were mostly directed by one person – Mr. Cotten – without “typical segregation of duties and basic internal controls.” There also appears to have been no segregation of customer funds from Quadriga’s proprietary funds. According to the monitor, “[f]unds received from and held by Quadriga on behalf of Users appear to have been used by Quadriga for a number of purposes than to fund User withdrawals.”

As of April 29, 2019, Quadriga appears to have liabilities of Can $215.7 million (mostly obligations to customers) and assets of Can $28.4 million. (Click here to access Trustee’s Preliminary Report.)

My View: Last week Facebook published its eagerly anticipated white paper describing its cryptocurrency and financial blockchain-based infrastructure named Libra. 

According to Facebook, the goal of Libra is to create a secure, scalable blockchain and global virtual currency to help individuals currently outside the financial system benefit from an efficient payment system and to help reduce payment transaction costs for others.

Libra is intended to function as global money in the form of a non-government-issued stablecoin backed by a reserve basket of “low volatility assets” including bank deposits and short-term government securities representing multiple international currencies “from stable and reputable central banks.” No Libra can be issued without a purchase of Libra for fiat currency and a transfer of the fiat currency to the reserve. Initially, all aspects of the reserve, as well as Libra generally, will be controlled by a not-for-profit membership association based in Switzerland – the Libra Association. However, the reserve is not intended to be “actively managed” and the reserve will be “structured with capital preservation and liquidity in mind.” Users of Libra will not be entitled to any return from the reserve; interest earned from the reserve will be used to support operations of the Association.

Initially, there are 28 founding members of the Association, including Facebook, as well other diverse, geographically dispersed entities, including for profit and not-for-profit corporations and venture capitalists. Facebook hopes to attract 100 members to the Libra Association by the virtual currency’s intended launch in the first half of 2020.

The Libra virtual currency will reside on the Libra blockchain, which initially will be a permissioned ledger but is intended at some point to become permissionless. The software that will power the Libra blockchain will be open source, and consensus of transactions (e.g., to avoid double spending) will be achieved through a protocol that appears to be based on proof of stake (e.g., committing owned virtual currencies to help validate transactions) and not proof work (e.g., obtaining mining rewards as in bitcoin). “Move” will be the new programming language designed for Libra that will be used to design customer transactions and smart contracts.

Whatever the purpose, Facebook will face multiple challenges to launch Libra globally – from government concerns about the protection of user information to issues regarding the appropriate regulation of the Libra virtual currency itself, as well as intermediaries who will help facilitate the issuance and trading of Libra digital coins.

Unlike stablecoins that might be backed by a single currency or asset, Libra will be backed by a basket of bank deposits and government securities managed by an active participant, the Libra Association. Whether Libra might be deemed a payment instrument, a derivative, a security, something else, or a combination of financial instrument types will likely be determined differently by disparate regulators. At a minimum, the path to answers will be full of speed bumps and detours because of unclarity in relevant laws in many countries (let alone US states), and the rollout of Libra will more likely be incremental rather than in one big bang. 

However, if there is public clamoring for a non-government-issued global currency, solutions will be found in most jurisdictions. The question is – at what cost and speed? (Click here to access the Libra white paper.)

Legal Weeds: Recently the Financial Crimes Enforcement Network of the US Department of Treasury published a comprehensive overview of its regulations and previously published guidance related to how individuals and firms may have to comply with obligations of money transmitters to the extent they engage in businesses involving so-called “convertible virtual currencies" ("CVC").

Generally FinCEN requires any person engaging in the business of money transmission or the transfer of funds, including CVC, to (1) maintain an “effective” written anti-money laundering program reasonably designed to prevent the business from being employed to help the financing of terrorist activities and money laundering and (2) register as a money service business. A firm or individual engages in money transmission, says FinCEN, when it receives one form of value (including CVC) from a person and transmits it in the same or different form to another person or location by any means. FinCEN concludes, for example, that, applying this definition, a business operates as a money transmitter when it accepts fiat currency from a person and transfers the CVC to the person’s CVC account with the business or to a third party. (Click here for details in the article "FinCEN Publishes Guidance for Businesses Transacting in Virtual Currencies and Indicia of Illicit Cryptocurrency Activity" in the May 12, 2019 edition of Bridging the Week.)

  • UK Regulator Fines UK Bank £45.5 Million for Failing to Disclose Suspicions of Fraud: The Financial Conduct Authority fined the Bank of Scotland plc (“BOS”) £45.5 million for not telling its predecessor regulator, the Financial Services Authority, about BOS’s suspicions that a fraud had occurred in one of its branch offices related to lending to distressed corporate entities. Although FCA acknowledged that, at the time, FSA had no “specific rules” that governed BOS’s commercial lending activities, the bank had a “fundamental obligation” as a regulated firm that it “deal with its regulators in an open and cooperative way and disclose appropriately anything relating to the firm of which those regulators would reasonably expect notice.” At the time, FSA maintained a provision that made clear that this obligation applied to “both regulated and unregulated activities.”

According to FCA, from approximately 2003 through 2007, BOS’s branch lent large amount of funds to distressed businesses, based on the instructions mostly by one former bank director – Lynden Scourfield – who, in some cases, approved loans beyond his authority and beyond customers’ ability to pay. In return, Mr. Scourfield received money, gifts and other benefits from a third-party turnaround consultant – Quayside Corporate Services Limited – that he often required many of the customers to utilize. QCS often implemented “inappropriate or overly optimistic turnaround plans” for the companies that exacerbated their and the BOS’s losses, claimed FCA. Mr. Scourfield pleaded guilty and was convicted of conspiracy to corrupt and fraudulent trading in 2016 and was sentenced to over 11 years of imprisonment in 2017. BOS estimated that its total losses as a result of the fraudulent lending was £245 million and it has committed to pay to customers impacted by the scheme, £115 million.

FCA said that, in 2007, after issues in the branch were reported in the press, BOS advised FSA that these matters were “a failure of controls.” In response, FSA asked that the bank keep it updated about these failures and advise it should any “suggestion” of fraud be identified. Afterwards, claimed FCA, the bank advised FSA on three occasions in 2007 that it had found no evidence of fraud despite its identification in an internal investigation in 2007 of information suggesting otherwise. Specifically, charged FCA, prior to its first contact with FSA on the matter, BOS was aware that the impact of Mr. Scourfield’s misconduct was “significant” and likely would result in bank losses of approximately £50 million. The bank did not provide FSA full disclosure regarding its suspicions, including the full report of its 2007 investigation, until July 2009.

During the relevant time, claimed FCA, BOS also received complaints from numerous branch customers regarding Mr. Scourfield’s problematic conduct. However, in responding to the customers, BOS failed to consider that its own investigation addressed similar concerns regarding Mr. Scourfield, said FCA.

In settling with BOS, FCA acknowledged that the bank never “intended” to breach its disclosure obligation. Instead, concluded the regulator, “there was insufficient challenge, scrutiny or inquiry across the organization which meant that an assessment of the information as a whole, which ought to have revealed its importance, was never performed.”  

Prior to January 2009, BOS was part of the HBOS Group owned by Halifax Bank of Scotland plc. HBOS was acquired by Lloyds TSB Group PLC on January 16, 2009, and BOS became part of the Lloyds Banking Group at that time. FCA acknowledged that BOS and LBG have cooperated with the FCA’s investigation.

Compliance Weeds: The National Futures Association recently proposed an overhaul to its existing guidance related to the supervision of branch offices by all members and relationships with guaranteed introducing brokers. (Click here for background in the article “NFA Proposes Overhaul of Requirements for Supervision of Branch Offices and Guaranteed IBs” in the June 9, 2019 edition of Bridging the Week.) Among the requirements of this new guidance is an obligation that members implement both routine supervision and surveillance to identify and deal with potential issues as they arise and annual inspections that are meant to be more comprehensive and detailed. A firm’s policies and procedures must expressly note when it will notify NFA and/or other “appropriate regulators” of “significant findings,” including, but not limited to, fraud or customer harm, in connection with its supervision and surveillance activities.

NFA’s proposed obligations for members are distinct from certain mandatory reporting obligations for futures commission merchants and other registrants by the Commodity Futures Trading Commission. CFTC Regulation 1.12, for example, requires FCMs to provide notice to the CFTC on a heightened schedule from “immediately” to within two business days, depending on the specific subsection, of certain specified violations of CFTC rules. (Click here for details regarding all mandatory reporting obligations for FCMs and other registrants in the Compliance Weeds to the article “Controller of FCM Named in CFTC Complaint, Along with Firm, for Failure to Timely Notify Commission of Segregation Breach” in the May 15, 2016 edition of Bridging the Week.)

Moreover, in 2017, the CFTC adopted an express policy encouraging potential wrong-doers to voluntary self-report their violations, fully cooperate in any subsequent CFTC investigation, and fix the cause of their wrongdoing to prevent a reoccurrence to receive “substantial benefits” in the form of significantly lesser sanctions in any enforcement proceeding and “in truly extraordinary circumstances,” no prosecution at all. (Click here for background in the article “New Math: Come Forward + Come Clean + Remediate = Substantial Settlement Benefits Says CFTC Enforcement Chief” in the October 1, 2017 edition of Bridging the Week.) 

As a result of these and similar obligations by securities regulators, it is important for firms in financial services to rapidly assess the potential materiality of all discovered, potential law and rule violations and formally consider which regulators, if any, to advise of any potential material breach. Some reporting may be mandatory while some may solely be a function of the firm’s compliance culture. However, reporting of any kind should be truthful and not deceptive – either purposely or accidentally. A full internal review of all material legal and regulatory breaches should occur promptly, capturing information from the widest spectrum of relevant sources. Credibility with regulators is potentially lost if initial recounts of incidents are constantly amended.

More Briefly:

  • Better Late Than Never: Global Banking Standards Setter Agrees to Support Central Clearing of Derivatives by Allowing Offset of Client Margin Against Exposure: The Basel Committee on Banking Supervision said that it will publish a revised version of its leverage ratio requirements this week that will permit banks to offset margin received from clients in connection with cleared derivatives against exposure amounts. According to BIS, this amendment will endeavor to “balance the robustness of the leverage ratio as a safeguard against unsustainable levels of leverage with the G20 Leaders’ commitment to promote the central clearing of standardized derivatives contracts.” In January 2017, the US Department of Treasury observed that high leverage ratio capital charges discouraged bank-owned brokerage firms from offering derivatives clearing services. (Click here for background in the article, “US Department of Treasury Recommends Modifications to Volcker and Bank Capital Rules, and Rationalization of Financial Regulation” in the June 18, 2017 edition of Bridging the Week.) The leverage ratio requires banks to hold a minimum amount of common stock and certain disclosed reserves – so-called “Tier 1” capital – as a percentage of their total exposure.
     
  • SEC Seeks Comments on Private Offering Harmonization Initiative: The Securities and Exchange Commission published a concept release regarding its numerous exemptions from registration requirements for new offerings of securities. Specifically, the SEC seeks ways to harmonize processes and requirements around certain exempt offerings, as well as to assess whether limitations on who can invest in exempt offerings and the amount that can be invested provide appropriate levels of customer protection. The SEC is also considering resale restrictions on exempt offerings. Comments to the SEC’s concept release will be accepted for 90 days following its publication in the Federal Register.
     
  • Broker-Dealer Pays FINRA Fine for Allegedly Underreporting Amounts of Customer Complaints: Edward D. Jones & Co., L.P. agreed to pay the Financial Industry Regulatory Authority a nominal fine to resolve charges that from April 2016 through March 2018, it filed incurred form U4s with it that understated the amount of compensatory damages sought in customer complaints. According to FINRA, during this time, Edward Jones U4s reflected that compensatory damages in 79 filings was $5,000 and included as an explanation “$5,000 or more/cannot determine amount,” when in fact, the compensatory damages was greater than $5,000. FINRA said these inaccuracies were attributed to Edward Jones associates’ “misunderstanding” regarding applicable requirements. Edward Jones promptly amended their Form U4s after being told of their errors by FINRA. Form U4 is used by FINRA member firms to register and report information regarding their associated persons.
     
  • SEC Adopts Capital, Margin and Segregation Rules for Security-Based Swap Dealers: The Securities and Exchange Commission adopted final capital and segregation requirements for security-based swap dealers and major security-based swap dealers, as well as margin requirements for uncleared security-based swaps. Among other things, the rules establish minimum capital requirements for SBSDs and MSBSDs that have no prudential regulator; increase the minimum net capital requirement for broker-dealers that are also registered as SBSDs; and establish capital requirements for broker-dealers that trade security-based swaps but are not registered as an SBSD. The rules also establish segregation requirements for SBSDs and stand-alone broker-dealers for cleared and non-cleared security-based swaps, and provide an alternative compliance mechanism for non-broker-dealer entities that are registered both as swap dealers with the Commodity Futures Trading Commission and SBSDs with the SEC. Under the SEC’s new rules, such dual registrants who engage mostly in swaps and not security-based swap activity may elect to comply solely with CFTC requirements regarding capital, margin and segregation. The SEC’s new requirements also provide a mechanism for foreign SBSDs and MSBSDs to request substituted compliance to apply local capital and margin requirements in lieu of those of the SEC. The SEC’s new rules will be effective 60 days after their publication in the Federal Register; however, the compliance date for the new rules is at least 18 months afterwards.
     
  • Allison Lee Confirmed as SEC Commissioner: The US Senate confirmed Allison Lee as the newest commissioner of the Securities and Exchange Commission. Ms. Lee served numerous senior roles at the SEC from 2005 through 2018, including as a senior counsel in the Division of Enforcement. She also served as a counsel to former commissioner Kara Stein. Ms. Lee’s term as commissioner will end in June 2022.

For further information

Allison Lee Confirmed as SEC Commissioner:
https://www.sec.gov/news/public-statement/senate-confirmation-allison-h-lee

Better Late Than Never: Global Banking Standards Setter Agrees to Support Central Clearing of Derivatives by Allowing Offset of Client Margin Against Exposure:
https://www.bis.org/press/p190620.htm

Broker-Dealer Pays FINRA Fine for Allegedly Underreporting Amounts of Customer Complaints:
/ckfinder/userfiles/files/Edward%20Jones%20.pdf

CFTC Charges Company and Principal in Purported US $147 Million Bitcoin Fraud:
https://www.cftc.gov/media/2111/enfcontrolbenjamincomplaint061719/download

Global AML Standards Setter Says Countries Should Require Virtual Asset Service Providers to Obtain and Transmit Certain Information Regarding Senders and Recipients for All Virtual Asset Transfers:
http://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf

SEC Adopts Capital, Margin and Segregation Rules for Security-Based Swap Dealers
https://www.sec.gov/news/public-statement/peirce-statement-062119

SEC Seeks Comments on Private Offering Harmonization Initiative:
https://www.sec.gov/rules/concept/2019/33-10649.pdf

UK Regulator Fines UK Bank £45.5 Million for Failing to Disclose Suspicions of Fraud:
https://www.fca.org.uk/publication/final-notices/bank-of-scotland-2019.pdf

Where’s the Cryptos? – Defunct Exchange’s Missing Cryptoassets Transferred to Principal’s Personal Accounts at Competitors:
https://documentcentre.eycan.com/eycm_library/Quadriga%20Fintech%20Solutions%20Corp/English/CCAA/1.%20Monitor%27s%20Reports/6.%20Fifth%20Report%20of%20the%20Monitor/Fifth%20Report%20of%20the%20Monitor%20dated%20June%2019,%202019.PDF

The information in this article is for informational purposes only and is derived from sources believed to be reliable as of June 22, 2019. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made. Views of the author may not necessarily reflect views of Katten Muchin or any of its partners or employees.


© 2024 Katten Muchin Rosenman and Gary DeWaal. All Rights Reserved.