Crypto businesses are worried about SEC’s recent plans to expand oversight to digital assets, which might currently trade outside its supervision. This concern also results from the fact that regulators have been trying to enforce the law on crypto players, even in the absence of perfectly fitting regulation, with the Securities and Exchange Commission (SEC) making it clear that it has its eye on the crypto sector. In November 2021, the SEC Chair Gary Gensler delivered his remarks at the Securities Enforcement Forum and stressed enforcement as a “fundamental pillar in achieving the SEC’s mission” to safeguard investors. Chair Gensler warned financial professionals to “think about the spirit of the law” rather than search for “some ambiguity in the text or a footnote” to justify their actions. He explained that the SEC’s Enforcement Division will be looking at “the underlying economic realities” of products and services with a financial nature to assess whether investors are sufficiently protected. His statements follow comments made in August 2021 when he discussed the SEC’s jurisdiction over crypto assets and technology, recommending that “legislative priority should center on crypto trading, lending, and DeFi platforms” so as to bring “the field of crypto” within regulatory frameworks comparable to those already in place for conventional securities. The SEC has followed up these statements with action. In the last couple of weeks crypto lending firms Celsius Network, Voyager Digital Ltd. and Gemini Trust Co. faced SEC scrutiny focused on whether their offerings are securities, and whether their high-yield products have sufficient investor protections.
The crypto sector is broadly defined and houses everything from joke coins with no real business model to Big Tech products and services, such as Meta’s Diem (which was just sold to Silvergate Capital). Given the broad range of “crypto” assets, it is hardly surprising that such digital assets fall under the responsibility of an alphabet soup of regulatory bodies and agencies – the SEC, the Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), and individual state authorities. Digital assets are challenging to define and impact different aspects of the financial service industry. Indeed, some in the traditional financial services refuse to refer to crypto tokens as currencies. For example, Jamie Dimon recently said that he no longer uses the word cryptocurrency. Regardless, blockchain-based products and services were designed, at least in part, like other FinTech products, to disrupt the traditional financial service industry and no one can contest the disruption they have caused, regardless of what you call them.
The innovative, disruptive potential of crypto assets is a source of regulatory concern, which is why there have been increasingly vocal calls to step-up regulatory efforts in connection with the crypto sector. These calls are legitimate, but to whom should they be addressed? Despite Mr. Gensler’s recent comments, there remains much uncertainty in the crypto regulation sector. For example, it is still not entirely clear who the primary regulator in the crypto space is. And of course, there remain open questions regarding which digital assets should be classified as securities, and the legal implications and consequences of some digital asset-based transactions, such as Non-Fungible Tokens (NFTs). What makes this uncertainty particularly concerning is the price tag of what is at stake, given the massive growth of the crypto sector. According to reports, when Bitcoin and Ether (the world’s two largest cryptocurrencies) surged to record highs in November 2021, cryptocurrencies hit a market cap of $3 trillion for the first time. Then, in January 2022, cryptocurrency prices fell sharply, including Bitcoin which plunged 50% from its all-time high. That level of volatility in such a large market is a cause for concern regardless of whether you call the underlying crypto-asset an asset, a security, a currency, or a token. Beyond the price volatility, government departments and agencies have expressed concerns about the risks that emerging digital technology products and services present, ranging from Friday’s Treasury’s report on NFTs to the Federal Reserve’s report last week on stablecoins. Lawmakers have been pushing for the regulation of decentralized exchanges in an attempt to fight rug pulls, which enable a cryptocurrency coins’ creators to deprive the coins of liquidity, causing unwitting investors to basically lose all of their money. “Consumer protection concerns, and market integrity are increasingly of major areas of focus for regulators as well as the average consumer of crypto products,” says Liat Shetret, Director of Regulatory Affairs and Compliance Policy at Solidus Labs, a crypto risk management firm. “Clear regulatory guidance is crucial to the growth of the industry, and regulation by enforcement, or threat of legal action, risks driving business outside of the U.S.”
With the rise in abuse, manipulation and fraud in the crypto industry, the SEC is interested in taking immediate (and much needed) action. Several months ago the SEC put the crypto industry on notice by sending Coinbase, the largest U.S. crypto exchange platform, a warning letter that the SEC would sue the company if it moved forward with a planned lending product. The SEC took similar actions last year when BlockFi faced SEC scrutiny over high-yield crypto accounts. Somewhat similarly, BlockFi along with Celsius were also the subjects of earlier enforcement actions by state securities regulators. These lawsuits, letters and warning of enforcement by federal and state agencies underscore the tense legal debate regarding the preferred regulatory approach towards the financial industry in general, and in particular, towards the growing crypto sector – regulation first and enforcement later, or regulation by enforcement?
Regulation by enforcement, a historically widely criticized practice, happens when a regulator or a government agency creates a piecemeal rule by taking enforcement actions, or via what is known as no action letters, interpretive letters, and exemptive letters/orders, therefore bypassing the traditional process of regulation. Once used, these actions or letters create a rule, or reflect a regulatory expectation that did not previously clearly exist, hence, regulating by enforcement. In the financial industry, this type of rule-making can take place when regulators, concentrating on the safety and soundness of the financial system, or on investor and consumer protection, choose to take a prudential approach to supervision without broadly publicizing their enforcement actions.
There are legitimate reasons, of course, as to why regulators would find themselves, at times, needing to rely on such less traditional processes of rule-making. As stated by former Secretary of the Treasury, Timothy Geithner, “it is imperative [in some situations to]. . . be able to adapt quickly to innovation and to changes.” The alternative, Secretary Geithner argued, could “produce an ossified safety and soundness framework that is unable to evolve to keep pace with change and to prevent regulatory arbitrage.” Nevertheless, reactionary, adaptive rule-making should not replace proper regulation. And while entities providing crypto-based products and services must responsibly manage risks and implement control frameworks, with or without specific regulation mandating them to do so, this task is much more challenging in the absence of agreed upon definitions and rules.
It is not easy to create such rules for entities operating in the emerging technology space. Massive amounts of money have flown into crypto, requiring regulators to keep up with the technology in real-time in order to close risk gaps as much as possible. Tasked with this mission impossible, regulators must remain cautious to work with industry players. But the enforcement first approach, does not facilitate cooperative action between regulators and industry. Instead, regulatory agencies should regulate first and then enforce the law second, reserving to themselves, as former Secretary Geithner suggested, the ability to make adjustments to regulations after the fact in cases where flexibility is needed.
“The SEC famously keeps a large shotgun behind the door to keep markets in line. It can be judicious in its use of enforcement power and fire some warning shots before leaving some business lying dead in the street,” says Benjamin Edwards, associate professor of law at the William S. Boyd School of Law at the University of Nevada, Las Vegas. Indeed, the SEC does not need to only elect between gotcha regulation by enforcement and introducing comprehensive regulatory rules designed to address the last decade’s problems. Releasing guidance about the regulatory agencies’ thinking can help businesses structure their affairs to comply with the regulators’ view of the law before these businesses find themselves enmeshed in an enforcement action when the regulators suddenly decide to police a boundary line they had otherwise ignored for years. Commissioner Peirce has made this point in the context of NFTs. Releasing guidance and taking public comment on it can also help businesses that want to comply with the law steer themselves out of trouble while allowing the community to help the regulators develop a workable framework to get the con artists out of crypto.