Define your business model. Have something to show regulators. Remember the Howey Test. Get the top takeaways from our recent webinar on the ever-closening and converging worlds of crypto and compliance
StarCompliance recently held its first webinar that dealt directly with a very timely topic for the field of financial compliance: how to think about the fast-evolving world of cryptocurrencies and cryptosecurities from a compliance perspective. Moderated by Shane Swanson, an equities and fintech expert at Coalition Greenwich, our panelists set out to answer the most pressing questions around crypto and compliance today: What policies and procedures do firms have in place to monitor these relatively novel instruments? Do they have anything in place at all? If not, are they planning to put anything into place? And finally, where do regulators currently stand on the whole matter?
There was a lot of insightful commentary to choose from. These are the top takeaways. At the end of the blog, we’ll tell you how you can access the full recording of the event—where you can get even more takeaways—as well as a copy of the results of our Star Crypto & Compliance Marketplace Survey.
1. CRYPTO IS DECENTRALIZED FINANCE
"Any crypto-instrument relies on distributed ledger technology. The blockchain. All of which gets at the idea of decentralized finance: the notion that you don’t need governments and banks involved in the creation and handling of money.” So said Mike Zimits: one of our panelists, a veteran in the traditional finance space, and currently the Head of Institutional Operations at BlockFi. BlockFi bridges traditional finance and blockchain technology to help bring crypto to both retail and institutional clients.
“With distributed ledger technology you decentralize the environment, so financial transactions are completed entirely person-to-person and computer-to-computer. Bitcoin was the first and still the most well-known use of the blockchain. I may not know you, and you may not know me, but I'm going to send you money and you're going to trust it's going to get to you. Now, are cryptocurrencies, like Bitcoin and Ether, really currencies as we’ve come to use them? Are cryptosecurities really securities as we’ve come to understand them? The regulators haven’t come to a clean conclusion on either question. On top of of all this, distributed ledger technology in all its various and sundry formats has also become a political issue.”
2. CRYPTO IS A MOVING TARGET
“Is it crypto or isn’t it crypto? That’s the big question, and the SEC has yet to offer a framework that will help the public and private sectors adequately answer it.” So said Era Anagnosti, a partner in the Global Capital Markets Practice at the international law firm White & Case LLP. Prior to joining White & Case, Era worked at the SEC for more than ten years, and for a time managed her division's review program for token offerings. “However,” she continues, “there’s this general understanding at the SEC that America’s existing securities laws, particularly the Securities Act of 1933, are written in such a way that they can be applied to crypto the same as they’ve been applied to traditional financial instruments. Specifically, regulators apply the so-called Howey Test.”
3. IT’S ALL ABOUT HOWEY
The Howey Test gets its name from a 1946 US Supreme Court case, SEC v. W.J. Howey Co., which involved tracks of citrus groves in Florida sold to investors with no experience in agriculture. The Howey Company didn’t register the transactions with the SEC, and the Court ruled that the arrangements made between Howey and investors qualified as investment contracts. The upshot for our purposes here is, Howey has become the standard for determining what is and isn’t an investment, from the SEC’s point of view.
“The Howey test is so broad,” offers Valeria Dahiya, another panelist and SEC veteran now working in the private sector in securities law. Val is a partner at Perkins Coie, where she specializes in broker-dealer law and advises clients in the blockchain space. “Is there an exchange of value? Is there a common enterprise? Is there a reasonable expectation of profits based off of the efforts of others? As an attorney, you’re hard pressed to determine that a financial instrument isn't a security when applying Howey. Howey has been core to the SEC’s application of federal securities laws, and there’s almost an inevitability to it being applied to emerging fintechs, like crypto. My advice? Always bear in mind that tests like the Howey Test are extremely important to regulators. They don't care how long ago courts decided these matters. They’re applying the precedents set by these laws to crypto-instruments and are using their enforcement powers to back up their interpretation.”
4. FIGURE OUT WHAT YOUR FIRM DOES
Sandra Vazquez is a Senior Vice-President and compliance officer at JonesTrading, one of the country’s oldest and largest executing equity trading firms. Sandra is someone operating right now at the increasingly busy intersection of crypto and compliance, and as such has practical advice to offer firms wondering what steps to take next. “First and foremost, think about what your business is. Are you an investment advisor? A broker-dealer? Private equity? Then take a hard look at your existing policies and procedures. Maybe you can keep it simple and say, we should have a policy where all employees disclose if they're active in any crypto, period. Then, from a practical perspective, what do you have available to track their responses? Do you have a system you can use to have your employees disclose their exposure to crypto? If you aren’t fully knowledgeable about crypto from a compliance perspective, requiring disclosure of exposure to crypto of any sort is a reasonable place to start. If nothing else, you're demonstrating to the regulator you're trying to address this issue in the firm.”
5.GET KNOWLEDGEABLE ON CRYPTO
“From a best practice perspective, it’s important to have regular meetings between legal and compliance, to educate everyone on how crypto as a technology works,” offers Val Dahiya. “It's hard to monitor for something and assess what it means from a risk perspective if you don't understand it.” If you don’t already have a substantive understanding, start with a mandatory meeting: where you bring in counsel, a compliance consultant, or some other third party that has a solid understanding of the tech side of crypto. Have them unpick what distributed ledger technology is and provide an overview of the main blockchains—stable coins, utility tokens, etc.—and basically offer a high-level view of all the different kinds of crypto-instruments out there."
“Once this is done—once you understand the crypto space and you've created a base level of understanding within legal and compliance—then you can start the kind of firm assessment Sandra suggested earlier and begin identifying and analyzing where risks lie. This way, you’re making informed and thoughtful decisions about what crypto means in terms of your specific business model, policies and procedures, and what it means from a competitive advantage standpoint. Otherwise, by defaulting to a hardline approach—for instance, saying no can trade in crypto, period—you could put your firm at a competitive disadvantage for talent, if one of your competitors allows for its associated persons to do so. This two-step process will allow for nuance.”
6. HAVE SOMETHING TO SHOW REGULATORS
“Regulators have limited resources, and are always thinking about how to efficiently allocate those resources,” offers Val. “I can tell you, they're going to do it based on the amount of risk they perceive in the system. And so for firms that think, we're not going to do anything regarding crypto when it comes to compliance, those are the firms that would be on the high-risk end of the spectrum for regulators.”
Thus, being able to demonstrate that you've identified crypto as a potential risk—based on a solid understanding of your own business model, as the panel already discussed—shows regulators you’ve thought the matter through and have made a decision to have some reasoned crypto policy or procedure in place. That goes a long way from a regulatory perspective, i.e., if you have a strong crypto compliance culture, or you at least appear to, you move much further down on the risk spectrum in their eyes.
Again, Val: “And do you want regulation to lead the industry or do you want the industry to lead regulation? Things work best when the industry and regulators collaborate to find the right solution. You can only do that if you're part of the conversation. So now, having taken action based on reasoned analysis, when you're sitting across from the examiner you can say we have policies and procedures in place and here’s the documentation. This is how we monitor, surveil, and enforce for crypto compliance. And if the regulator happens to take a different view you can say, that's a discussion to have but it's not a weakness and doesn’t warrant a derogatory finding for our firm. In other words, now you’ve earned some say-so in the matter. I tell people, you can pick your poison or have someone else pick it for you.”