CFTC and SEC Perspectives on Cryptocurrency and Digital Assets – Volume I: A Jurisdictional Overview

7 Mei 2022

I. Introduction

The rise of cryptocurrencies and digital assets1 in the financial markets, including the investment management industry, has given rise to a crucial question: which federal regulator – the Securities and Exchange Commission (SEC) or the Commodities and Futures Trading Commission (CFTC) will be primarily responsible to regulate the use of crypto and crypto-related activities? SEC Chair Gary Gensler has stated that “[crypto] products are subject to the securities laws and must work within our securities regime,”2 while then CFTC Commissioner Quintenz expressed that “the SEC has no authority over pure commodities or their trading venues, whether those commodities are wheat, gold, oil…or crypto assets.”3 In this article, we provide a high-level overview of the SEC’s and CFTC’s current jurisdiction over and treatment of crypto, and discuss recent enforcement actions involving crypto and the potential significance thereof to other market participants.

1. SEC Jurisdiction

The SEC has the authority to govern “securities”4, which has been defined to include, among other things “investment contracts.” Notably, “currency” is not a security. To the extent that a form of a digital asset is determined to be a note, investment contract or other type of security, it would be subject to SEC oversight and applicable securities laws.

Whether a digital asset is considered an investment contract depends on the test outlined by the U.S. Supreme Court in SEC v. W.J. Howey.5 In this case, the Supreme Court found that an “investment contract” exists where (i) there is the investment of money; (ii) in a common enterprise; (iii) with a reasonable expectation of profits to be derived; (iv) from the efforts of others. The Court emphasized that the determination of whether an investment contract exists lies in the circumstances surrounding the contract and the manner in which it is offered, sold, or resold.

The Howey test was emphasized by then Chair Clayton in his February 2018 speech before the Senate Banking Committee on digital assets.6 Later that year, then Director of the SEC’s Division of Corporate Finance William Hinman applied the Howey7 test to crypto. Like the Court, he emphasized that for digital assets specifically, the SEC looks to the nature of the transaction rather than the item being sold – and whether the Howey factors are present – to determine whether there is an investment contract. He noted that digital assets that are sold “as part of an investment; to non-users; by promoters to develop the enterprise – can be, and, in that context, most often is, a security – because it evidences an investment contract.”8 He further noted that networks on which a coin is sufficiently decentralized, that is where the purchasers no longer reasonably expect a person to carry out essential managerial efforts, do not represent investment contracts.

It is important to note that the SEC’s views on its ability to regulate crypto have not changed in recent years. SEC Chair Gensler continues to urge legislators to grant the SEC more scope to oversee crypto in an effort to enhance investor protection. He has also stated, ““It doesn’t matter whether it’s a stock token, a stable value token backed by securities, or any other virtual product that provides synthetic exposure to underlying securities. These products are subject to the securities laws and must work within our securities regime…”9

2. CFTC Jurisdiction

In contrast to the SEC, the CFTC has full regulatory authority over derivatives transactions (including swaps, futures, and options), and more limited authority to regulate fraud and manipulation in commodities markets. The CFTC made its first official statement on its jurisdiction over digital assets in 2015. Later, in 2016, the CFTC cemented its position in an enforcement action stating that, “bitcoin and other virtual currencies are encompassed in the definition [of commodity] and properly defined as commodities, and are subject as a commodity to the applicable provisions of the [Commodity Exchange] Act and [CFTC] Regulations.10 Then Chair Heath Tarbert expanded upon this definition in October of 2019 stating that, “it is my view as Chairman of the CFTC that Ether is a commodity.”11 Additionally, in a recent case in the Southern District of New York, the court found that “Bitcoin, Ether, Litecoin, and Tether tokens, along with other digital assets, are encompassed within the broad definition of “commodity” under Section 1a(9) of the [Commodity Exchange] Act.”12

As a result, it is widely accepted that established and broadly decentralized virtual currencies, like Bitcoin and Ether, are “commodities” and not currencies. Efforts to categorize these cryptocurrencies or others as “currencies” generally will not withstand regulatory scrutiny because they are goods exchanged in a market for uniform quality and value and thus fall both within the common definition of commodity and the Commodity Exchange Act’s (CEA) definition of commodity.13 It is important to note that the “jurisdictional authority of CFTC to regulate virtual currencies as commodities does not preclude other agencies from exercising their regulatory power when virtual currencies function differently than derivative commodities.”14

Even though the CFTC has determined that virtual currencies are commodities, the CFTC’s jurisdiction over virtual currency markets is limited to policing fraudulent and manipulative activities in interstate commerce. Beyond this type of enforcement authority, the CFTC does not generally oversee virtual currency transactions or exchanges that do not involve margin, leverage, or financing, and cannot, for example, require a spot crypto exchange to register with the CFTC. As a result of the above, the CFTC is said to have “enforcement jurisdiction” over cryptocurrency and digital assets, but not “registration jurisdiction.” A spot cryptocurrency product is generally a product that results in actual delivery of the cryptocurrency within a particular market’s spot delivery period. An example of a U.S.-based spot market is Coinbase.

Despite the CFTC’s lack of registration jurisdiction over spot markets, to the extent that a cryptocurrency product in a spot market provides for margin or leverage and is offered to retail customers, the product would generally be considered a futures contract subject to CFTC jurisdiction.15 Specifically, to the extent that spot trading provides for margin and is offered to retail U.S. persons, it falls under the CFTC’s broader and more onerous registration jurisdiction.16

Additionally, there is further heightened regulatory scrutiny with regards to margined or leveraged products. Recently, CFTC acting Director of Enforcement Vincent McGonagle stated, “In the digital asset space, we’ve brought several actions against entities where they’re offering digital assets, Bitcoin or others on a margin or finance basis…and those products should be on an exchange.”17

CFTC Chair Rostin Behnam recently stated that, “I look forward to working with this [Senate Agriculture] Committee to reexamine – and, if appropriate, expand – the CFTC’s authority to ensure both the benefits and promise of the emerging digital asset market and the underlying technology can be harnessed without undue harm to customers and financial market stability.”18 Chair Behnam also stated during the confirmation hearing that the recent enforcement actions were the “tip of the iceberg.” This means there are several other enforcement cases in the CFTC’s docket, which will become public upon the filing of such enforcement cases.

II. SEC and CFTC Enforcement Actions

1. SEC
i. Ripple Labs, Inc.

In 2020, the SEC initiated an enforcement action against Ripple Labs Inc. (Ripple), alleging that the sale of Ripple’s digital token (XRP), worth a notional amount of approximately US$1.3 billion, was an unregistered securities offering.19 The SEC alleged that Ripple distributed billions of dollars’ worth of XRP as employee compensation in lieu of cash in order to finance its business. Ripple provides block chain-based networks that facilitate low-cost payments between financial institutions. XRP is a digital asset that is used to represent the transfer of value across networks.

Specifically, the SEC claims that XRP is a security whose offer and sale can be made only pursuant to a statutory prospectus and an effective registration statement, and that because Ripple did not file a registration statement its investors have a rescission right. The SEC alleged that XRP met the Howey test by claiming that “the principal reason for anyone to buy XRP was to speculate on it as an investment,” that Ripple reflected a common enterprise, and that investors reasonably expected to profit from those efforts. It also claims that, because Ripple did not provide a registration statement, it made material misstatements and omissions of information that is required of securities issuers when soliciting public investment. While the case is still ongoing, in January 2022, the judge presiding over the case did grant Ripple’s request for privileged SEC documents, which reflect the SEC’s determination on its classification of XRP as a security.

The final outcome of the Ripple case, whether it will result in XRP’s classification as a security or not, will have significant implications for the SEC’s jurisdiction over digital assets. Along with the BlockFi action, below, the Ripple determination (when final) is expected to provide much-needed clarity to crypto market participants on when a digital asset would be considered a “security” and subject to much more onerous regulation by the SEC. We note, however, that the Ripple case is currently at the trial court level, and any decision by the court could be appealed and overturned, so it may be some time before we have a conclusive determination on XRP’s status.

ii. BlockFi Lending LLC

In February 2022, the SEC charged BlockFi Lending LLC (BlockFi) for failing to register the offers and sales of BlockFi Interest Accounts (BIAs), under the Securities Act of 1933 (Securities Act).20 In addition, the SEC stated that BlockFi met the definition of “investment company” set forth in Section 3(a)(1)(C) of the Investment Company Act of 1940 (1940 Act), for at least a period of time, but failed to register with the SEC as it was required to do, because it issued securities and acquired securities. The failure of an investment company to register with the SEC (absent an exemption or exclusion) has serious consequences, including that all of its contracts are unenforceable.

First, the SEC determined that BIAs were sold as securities (determined in accordance with the Howey test) because (i) BlockFi promised BIA investors a variable interest rate, which was determined by BlockFi on a periodic basis, in exchange for crypto assets loaned by the investors, who could demand that BlockFi return their loaned assets at any time, (ii) investors in the BIAs had a reasonable expectation of obtaining a future profit from BlockFi’s efforts in managing the BIAs based on BlockFi’s statements about how it would generate the yield to pay BIA investors interest, and (iii) investors also had a reasonable expectation that BlockFi would use the invested crypto assets in BlockFi’s lending and principal investing activity, and that investors would share profits in the form of interest payments resulting from BlockFi’s efforts. As a result, the SEC found BIAs to constitute investment contracts under the Securities Act. By offering and selling the BIAs to the general public to obtain crypto assets for the general use of its business and promote the BIAs as an investment, the SEC determined that BlockFi offered and sold securities, thereby acting as an issuer, without filing a registration statement or qualifying for an exemption from the registration requirements, in violation of the 1940 Act.

Additionally, the SEC found that, for a period of almost two years, BlockFi’s activities and holdings deemed it to be an “investment company” under Section 3(a)(1)(C) of the 1940 Act. This section generally defines an “investment company” as being any issuer that is engaged or proposes to engage in the business of investing, reinvesting, owning, holding, or trading in securities, and owns or proposes to acquire “investment securities” (as defined in Section 3(a)(2) of the 1940 Act) having a value of over 40% of the value of the issuer’s total assets on an unconsolidated basis. In the SEC’s view, the fact that BlockFi lent crypto assets to institutional and corporate borrowers, lent U.S. dollars to retail investors, and obtained value by offering and selling BIAs into equities and futures, in addition to its substantial holdings of investment securities (representing more than 40% of the value of BlockFi’s total assets on an unconsolidated basis) caused BlockFi to be an unregistered investment company. As a result, the SEC alleged that BlockFi violated Section 7(a) of the 1940 Act by engaging in interstate commerce while failing to register as an investment company with the Commission.

BlockFi agreed to pay a US$50 million penalty to settle the SEC charges and ceased its unregistered offers and sales of BIAs. BlockFi further agreed to attempt to bring its business within the provisions of the 1940 Act within 60 days. BlockFi’s parent company recently announced that it intends to register under the Securities Act of 1933 the offer and sale of a new lending product.21

Although Blockfi is the first case of its kind brought by the SEC with respect to a crypto lending platform, it may be a harbinger of things to come, particularly as the SEC has expressed eagerness to regulate the crypto market and recently almost doubled the size of the Division of Enforcement’s Crypto Assets and Cyber Unit.

On 7 September 2021, Coinbase Chief Executive Officer (CEO) Brian Armstrong announced that the company is under investigation by the SEC due to its cryptocurrency lending practice. Mr. Armstrong noted, that, “They [SEC] refuse to tell us why they think it’s a security, and instead subpoena a bunch of records from us (we comply), demand testimony from our employees (we comply), and then tell us they will be suing us if we proceed to launch, with zero explanation as to why.” This further demonstrates the point that the cryptocurrency and digital asset markets are under intense scrutiny from regulators.22

Further, similar investigations and enforcement actions are known to be pending against Celsius Network LLC, Gemini Trust, and Voyager Digital with respect to similar interest bearing account offerings.23 As the SEC continues to enforce its jurisdiction over the digital asset market, we will continue to keep you apprised of noteworthy enforcement and regulatory actions.

2. CFTC

The CFTC has initiated a number of enforcement actions related to crypto and has particularly been focused on exchanges that offer crypto derivatives to U.S. persons and are not registered with the CFTC. For instance, in October 2020, the CFTC charged HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc. Limited, and HDR Global Services (Bermuda) Limited’s (BitMEX) owners with illegally operating a cryptocurrency derivatives trading platform and with anti-money laundering (AML) violations due to providing U.S. persons with crypto derivatives. Several owners of BitMEX also were charged with related criminal offenses. BitMEX replaced its leadership team after the charges were announced, and its new CEO has recently stated that BitMEX plans to provide spot trading, brokerage, and custody services. On 11 August 2021, the CFTC announced a consent order in the BitMEX case. Under the consent order, BitMEX paid a US$100 million civil monetary penalty (US$50 million to CFTC and US$50 million to the Financial Crimes Enforcement Network) and agreed to stop offering futures or other related crypto commodity contracts in the United States until it secures appropriate licensure from the CFTC. BitMEX also agreed to establish sufficient “know your customer” and AML procedures.24

Similarly, the CFTC had previously brought action against Laino Group Limited (PaxForex), an international company registered in Saint Vincent and Grenadines, which operated PaxForex and alleged that its information technology infrastructure had been deployed to data centers in New York and London.25 In June 2021, the Southern District of Texas entered an order of final judgment against PaxForex for violating CEA provisions regarding retail investors and for offering unregistered leveraged transactions in cryptocurrencies.26 Specifically, the order notes that the website format solicited U.S. customers by providing customers with a drop down menu with an option of selecting the United States as the customer’s country of residence.27 The PaxForex website now states that the information on its website is not intended to be addressed to U.S. citizens.

Additionally, on 18 September 2021, the CFTC settled charges against Payward Ventures, Inc. d/b/a Kraken (Kraken) for illegally offering margined retail commodity transactions (which are presumptively treated as futures contracts unless certain mitigating factors exist) in digital assets, including Bitcoin, and for failing to register as a futures commission merchant (FCM). Specifically, the CFTC alleged that Kraken offered margined digital assets to U.S. customers who were not eligible contract participants, on an exchange that was not registered as a derivatives contract market with the CFTC. In the program, Kraken supplied digital assets to customers when they purchased the assets using margin. Kraken then required the customers to exit their positions and repay the assets received to trade on margin within 28 days. Customers could not transfer assets away from Kraken until they satisfied their repayment obligation, and Kraken could force liquidation if repayment was not made within 28 days. As a result, the CFTC ordered that Kraken pay a US$1.25 million civil monetary penalty and cease and desist from further CEA violations.28

In addition, on 15 October 2021, the CFTC issued an order against iFinex Inc., BFXNA Inc., and BFXWW Inc. (d/b/a Bitfinex) for violations of Sections 4(a) and 4(d) of the CEA. Specifically, the CFTC alleges that Bitfinex offered spot and leveraged, margined, or financed trading in Bitcoin, Ether, and Tether to U.S. customers. The CFTC further alleges that the respondents transacted in retail commodity transactions without registering as an FCM. Perhaps most significantly, the CFTC announced that the Tether stablecoin is a “commodity,” reaffirming that it has enforcement jurisdiction over this type of cryptocurrency. The CFTC ordered that Bitfinex pay a US$1.5 million civil monetary penalty and required Bitfinex to implement further systems to prevent unlawful retail commodity transactions.29

The CFTC has also initiated enforcement actions related to tokens. On 15 October 2021, the CFTC settled charges against Tether Limited, Tether Operations Limited, and Tether International Limited (d/b/a Tether) for violating Section 6(c)(1) of the CEA by making misrepresentations to customers regarding its U.S. dollar-denominated stablecoin Tether. Specifically, the CFTC alleged that Tether made misrepresentations to U.S. customers that Tether maintained sufficient fiat reserves to back every one of its stablecoins in circulation “one-to-one” with the “equivalent amount of corresponding fiat currency” held in reserves by Tether, and that Tether would undergo routine, professional audits to demonstrate that it maintained “100% reserves at all times.” The CFTC alleges that in actuality, Tether failed to maintain fiat currency reserves in accounts in Tether’s own name or in an account titled and held “in trust” for Tether to back every U.S. dollar tether token in circulation. The CFTC has ordered that Tether pay a US$41 million fine.30

Finally, in February 2021 Coinbase reported that it was under investigation by the CFTC for alleged reckless false, misleading, or inaccurate reporting as well as wash trading by a former employee. On 19 March 2021, Coinbase agreed to a settlement order with the CFTC in which Coinbase did not admit or deny wrongdoing and agreed to pay US$6.5 million.

The chart below summarizes certain CFTC enforcement actions.

Bitcoin  BitMex Kraken Bitfinex
CFTC alleged that Coinbase delivered misleading/inaccurate reports concerning bitcoin transactions CFTC alleged that BitMax illegally offered crypto derivatives to non-eligible US Customers CFTC alleged that (1) Kraken offered margin retail crypto products to non-eligible US Customers + (2) failed to register as an FCM CFTC alleged that Bitfinex offered spot and leveraged bitcoin, ether, and tether trading to non-eligible US Customers
US$6.5 million civil monetary penalty  US$100 million civil monetary penalty + stop offering crypto commodity contracts in US until registers with CFTC + increased KYC and AML US$1.25 million civil monetary penalty + cease and desist from further violations US$1.5 million civil monetary penalty + implement systems to prevent unlawful retail transactions 
“Reporting false, misleading, or inaccurate transaction information undermines the integrity of digital asset pricing… This enforcement action send the message that the Commission will act to safeguard the integrity and transparency of such information.” “This case reinforces the expectation that the digital assets industry, as it continues to touch a broader pool of participants, takes seriously its responsibilities in the regulated financial industry and its duties to develop and adhere to a culture of compliance” “The Commission’s finding… is informed by its Final Interpretive Guidance on retail commodity transactions involving certain digital assets issued in 2020” “Bitcoin, ether, lifecoin, and tether tokens, along with other digital assets, are encompassed within the broad definition of “commodity” under Section 1a(9) of the Act”

III. Conclusion

Unlike the earliest days of Bitcoin trading, cryptocurrencies and digital assets have now caught the eye of federal regulators and are subject to a much greater level of regulatory scrutiny. Both the CFTC and SEC are asserting their jurisdiction in this space, and in many cases, additional clarity is needed to understand whether a digital asset should be considered a commodity (subject to the CFTC’s enforcement authority), or a security (subject to the SEC’s jurisdiction). In addition, even with this clarity, a related question persists on whether the SEC and CFTC collectively have sufficient regulatory authority in order to properly regulate crypto markets, or if congressional action is needed. As crypto regulation evolves, market participants will have much greater certainty, and in all likelihood a new regulatory regime involving both the SEC and CFTC. As the SEC and CFTC continue to enforce their jurisdiction over the digital asset market, we will continue to keep you apprised of all noteworthy enforcement actions and regulatory updates.