SEC Ramps Up Its Interest in Cryptocurrency Companies with Scores of Subpoenas

By David Ma and Robert Braun

The Securities and Exchange Commission (SEC) could be on target to make 2018 the year of cryptocurrency regulation—or at least the start of it.

In January, Jay Clayton, chair of the Securities and Exchange Commission, and J. Christopher Giancarlo, chair of the Commodity Futures Trading Commission, published an op-ed in which they declared distributed ledger technology (DLT) in need of regulation. They wrote:

“History … has proved that transparency, investor protection and market integrity are critical to ensuring that innovation continues. But today we are seeing substantial DLT-related market activity that shows little or no regard to our proven regulatory approach. This concerns us.”

There’s a fair bit to be concerned about. That month, the global cryptocurrency market, which is highly volatile, surpassed a market value of $700 billion. And the SEC is late to the game. It was only last year that its Enforcement Division created a cyber unit.

Playing catch-up, the SEC followed up this interest with subpoenas in March to more than 80 cryptocurrency companies, including a $100 million fund started by TechCrunch’s founder Michael Arrington, in an effort to gather information on how these cryptofunds operate.

There is growing concern of fraud in the market. Some startups are using cryptocurrency to raise funds, and regulators fear that some Initial Coin Offerings (ICOs) are launched for companies that don’t even exist. Some investors eager for quick profits are likely not investigating the associated risks.

It’s unclear whether securities laws apply to digital coins. The SEC has indicated the regulations do apply, but has not formally laid out how issuers and traders should comply. The SEC has repeatedly said that the vast majority of ICOs should be registered with the agency, in part because the coins trade on secondary markets like other securities that the SEC regulates.

It is not known exactly what the subpoenas are seeking, the deadline for materials, whether or not they include a gag order, or how cryptocurrency companies plan to respond.

While cryptocurrency first gained attention as the barter of choice for hackers and criminals, it is quickly becoming more widely used. Numerous retailers now accept Bitcoin, including Overstock.com, Expedia, Newegg, Dish Network, Microsoft, and Reeds Jewelers.

Some are joining the crypto marketplace. Online retailer Overstock.com has a subsidiary, tZero, which launched a $250 million ICO earlier this year. According to Coindesk, Overstock confirmed that tZero is under investigation and is cooperating with the SEC. Overstock said it had not been subpoenaed.

Overstock filed its ICO as a Regulation D exemption, and said it welcomed the broader investigation and regulation of the cryptocurrency marketplace.

Contrast that, though, with the deafening silence from the largest cryptocurrencies that likely received subpoenas. CoinDesk reached out regarding the subpoenas to the 14 best-known issuers that have raised $50 million or more through their token sales, and received no reply or “no comment,” other than from Arrington’s crypto hedge fund, Arrington XRP Capital.

Regulators around the globe are mixed in their approach to cryptocurrencies. China has officially banned ICOs, while South Korean regulators have waffled back and forth on the issue. Japan has instituted licenses for cryptocurrency exchanges.

Cryptocurrency is ripe for market manipulation. The Journal of Monetary Economics found that a single actor likely drove the US dollar/Bitcoin exchange rate from $150 to $1,000 in two months. This leads to rampant speculation; there have been reports that consumers are taking cash advances on credit cards to purchase cryptocurrency. There are already class action lawsuits seeking to recover losses.

Aside from the subpoenas, the SEC is making efforts to police the market. Late last year, it filed an enforcement action against the promoters of an ICO for the “PlexCoin” proposed currency, charging the promoters with fraud, alleging that they had no intention of developing a currency and instead were using the funds that were raised for personal enrichment. The promoters were also charged with violating the federal securities laws by engaging in an unregistered offering in violation of the registration requirements of the Securities Act of 1933. That case is pending in the New York Eastern District Court.

Some believe that regulation is key to stabilizing cryptocurrency markets and allowing the technology to develop into a more widely acceptable form of payment. While a barrage of subpoenas may sound ominous, it could signal an important step in the market’s development.

 

David Ma is a corporate attorney and a member of JMBM’s Cybersecurity and Privacy Group. He counsels public and private companies in mergers and acquisitions and corporate finance as well as general compliance and corporate governance, including cybersecurity issues. David represents a diverse client base, ranging from financial institutions to technology and start-up companies to manufacturing companies. Contact David at 310.785.5379.

Robert E. Braun is the co-chair of the Cybersecurity and Privacy Law Group at Jeffer Mangels Butler & Mitchell LLP. Bob helps clients to develop and implement privacy and information security policies, negotiate agreements for technologies and data management services, and comply with legal and regulatory requirements. He helps clients to develop and implement data breach response plans, and he and his team respond quickly to clients’ needs when a data breach occurs. Contact Bob at RBraun@jmbm.com or +1 310.785.5331.

JMBM’s Cybersecurity and Privacy Group counsels clients in a wide variety of industries, including accounting firms, law firms, business management firms and family offices, in matters ranging from development of cybersecurity strategies, creation of data security and privacy policies, responding to data breaches and regulatory inquiries and investigations, and crisis management. The Cybersecurity and Privacy Group uses a focused intake methodology that permits clients to get a reliable sense of their cybersecurity readiness and to determine optimal, client-specific approaches to cybersecurity.