August 22, 2023
On July 12, 2023, United States Senators Cynthia Lummis (R-WY), a member of the Senate Banking Committee, and Kirsten Gillibrand (D-NY), a member of the Senate Agriculture Committee, reintroduced the Lummis-Gillibrand Responsible Financial Innovation Act (the “RFIA”).[1] Although it is unclear whether the RFIA will pass the Senate in its current form, certain consumer protection provisions were modified from the prior 2022 version to pick up more votes. Regardless of the RFIA’s future viability, the RFIA is driving a broader conversation within Congress. For example, shortly after reintroduction, provisions of the RFIA addressing crypto asset anti-money laundering examination standards and anonymous crypto asset transactions were added to the 2024 National Defense Authorization Act (“NDAA”).[2]
As such, the RFIA’s “enhanced” approach sheds light on the priorities of the U.S. Congress and, in turn, makes clear those areas that warrant attention. The RFIA addresses industry uncertainty surrounding the role of federal regulators; the classification of, and subsequent restrictions to, certain assets; and the interaction of these assets with the existing anti-money laundering and tax regimes.
Compared to the initial 2022 version of the RFIA,[3] the 2023 version reflects revisions to adjust to the changing cryptocurrency market, particularly in light of the string of 2022 cryptocurrency exchange bankruptcies. In particular, for purposes of this client alert, we focus on the following provisions of the RFIA that represent significant departures from the initial 2022 version:[4]
We review each of these developments in turn below, highlighting the provisions of the RFIA that represent significant updates from 2022. Following this review, we provide our thoughts on the potential implications to covered entities should the RFIA, or other similar bills, be enacted.
1. Altered Federal Regulatory Framework
As currently drafted, the RFIA proposes a new federal framework for the regulation of crypto assets[5] and crypto asset intermediaries.[6] The framework strives to clarify and differentiate the governing role of the CFTC and SEC by providing the necessary statutory authority, directing the agencies to engage in rulemaking while also introducing the concept of a Customer Protection and Market Integrity Authority. These provisions will have a notable impact on these agencies, as determining whether a certain asset is a security will dictate the regulator, restrictions and obligations of the crypto asset and the related entity.
1a. Enhanced CFTC Authority
The CFTC’s existing statutory authority over spot market commodities, including cryptocurrencies, is limited to enforcement authority over fraud and manipulation in those markets; however, the CFTC’s regulatory authority is limited to the derivatives markets (e.g., futures and swaps). As currently drafted, the RFIA provides the CFTC the statutory authority to regulate the spot crypto asset markets, including crypto issuers, crypto assets and other aspects of the crypto asset markets, leaving the SEC a defined, but more limited role.
Spot Market Jurisdiction
The RFIA grants the CFTC spot market jurisdiction over all commercially fungible crypto assets that are not defined as securities, including endogenously referenced crypto assets (colloquially known as “algorithmic stablecoins,” though these assets are prohibited from referring to themselves as stablecoins; notably, the CFTC does not regulate stablecoins, as further discussed below).[7] This would mark the first time that the CFTC would have broad jurisdiction over a class of spot market commodities. In particular, the RFIA provides the CFTC with exclusive jurisdiction over any agreement, contract, or transaction involving a sale of a crypto asset, including ancillary assets.[8] Notably, in addition to limiting the CFTC’s jurisdiction to crypto assets that are not securities and that are commercially fungible, the RFIA excludes from the CFTC’s jurisdiction digital collectibles and other unique crypto assets.[9] Accordingly, the RFIA would carve many non-fungible tokens (“NFTs”) outside the scope of the CFTC’s jurisdiction. Nonetheless, this expansive jurisdiction marks the CFTC as the primary crypto asset regulator.
Crypto Asset Exchanges
The RFIA defines “crypto asset exchange” as a trading facility that lists for trading at least one crypto asset.[10] Any trading facility that seeks to offer a market in crypto assets or payment stablecoins must register with the CFTC, except truly decentralized protocols.[11] The RFIA tasks each crypto asset exchange with establishing and enforcing its own rules, ensuring only assets that are not readily susceptible to manipulation, and protecting the safety of customer assets.[12] Additionally, each crypto asset exchange must segregate customer assets from exchange assets.[13]
Under the RFIA, the CFTC has new regulatory oversight over registered crypto asset exchanges. Although crypto asset exchanges are banned from conducting proprietary trading, the CFTC may engage in rulemaking to establish standards for permissible market making.[14] Further, any change of control of a crypto asset exchange resulting in an individual or entity gaining ownership of greater than 25 percent must first receive approval from the CFTC.[15]
Covered Affiliates
Under the RFIA, “covered affiliate” means, based on the totality of the facts and circumstances as determined by the CFTC, a person with substantial legal or financial relationship to an entity registered under the Commodity Exchange Act that is primarily engaged in crypto asset activities.[16] The RFIA empowers the CFTC to order the examination of a covered affiliate and to limit covered affiliates from providing services to a registered entity or entering into legal relationships or specified transactions with a registered entity.[17]
Risk Management Standards for Self-Hosted Wallets
The RFIA also tasks the CFTC with promulgating rules to adopt risk management standards relating to money laundering, customer identification, and sanctions for self-hosted wallets that conduct transactions with a futures commission merchant. The term “self-hosted wallet” means a digital interface used to secure and transfer crypto assets, in which the owner of the assets retains independent control in a manner that is secured by that interface.[18]
1b. The Role of the SEC
Although the RFIA establishes the CFTC as the primary federal regulator of most crypto assets, the SEC would have jurisdiction over digital assets that are securities. To the extent that the digital asset in question provides the holder of the asset with a debt or equity interest, liquidation rights, a right to a dividend payment, or other financial interest in a business entity, the asset would not be treated as a “crypto asset” or an “ancillary asset” subject to the CFTC’s jurisdiction and, instead, would be subject to the SEC’s jurisdiction.[19]
Notably, should conflict arise as to whether a digital asset should be treated as a crypto asset, the RFIA grants the U.S. Court of Appeals for the D.C. Circuit authority to resolve the conflict by determining whether the asset represents a financial interest in a business entity and thus is a security.[20] The RFIA is silent on which party must bring the conflict to the U.S. Court of Appeals for the D.C. Circuit.
These provisions represent a major change from the status quo and are an attempt to provide a clearer regulatory regime than the previous version of the RFIA. As currently drafted, the SEC would not have the role of the primary digital asset regulator, but would still have the authority to treat certain assets as securities and challenge the CFTC’s claimed jurisdiction over other assets. An aggressive SEC, such as the current one, could use that authority to maintain a prominent role in crypto regulation.
1c. Customer Protection and Market Integrity Authority
As currently drafted, the RFIA creates a Customer Protection and Market Integrity Authority (“Authority”), which is a self-regulatory organization (“SRO”) for crypto asset intermediaries that is jointly chartered by the SEC and the CFTC.[21] Membership in the Authority is limited to only crypto asset intermediaries. The Authority is tasked with regulating, supervising, and disciplining crypto asset intermediaries,[22] essentially serving as a Self-Regulatory Organization, though the RFIA does not define it as such.
Under the RFIA, the Authority must have the following allocation of a 13-member board of directors: three governmental directors (the Director of the Office of Financial Innovation of the CFTC, the Director of the Office of Financial Innovation of the SEC, and the Director of FinCEN), four independent directors appointed by the President, and six directors appointed by the members of the Authority.[23]
SROs are nothing new in the financial industry—the National Futures Association oversees aspects of the derivatives industry, and the Financial Industry Regulatory Authority (“FINRA”) oversees aspects of the securities industry. Indeed, an intermediary of a crypto commodity or a crypto security would already be required to join one of those SROs. The establishment of a special SRO for crypto not only imposes unique costs on crypto intermediaries, but also risks unnecessary overlap between the requirements of the new SRO and the old ones.
2. Substantive Regulation of Crypto Asset Intermediaries and Stablecoin Issuers
Beyond proposing a new federal statutory framework under which agencies would engage in rulemaking, the RFIA proposes concrete restrictions and obligations. In particular, these substantive requirements trend toward consumer protection ideals and particularly target Crypto Asset Intermediaries and Stablecoin Issuers.
2a. Consumer Protection
The new stated purpose of the RFIA is “to provide for consumer protection and responsible financial innovation to bring crypto assets within the regulatory perimeter.”[24] This new focus on consumer protection is found throughout provisions in the RFIA and is likely influenced by the aftermath of the 2022 cryptocurrency exchange bankruptcies.
Proof of Reserve Requirement
The RFIA provides that all crypto asset intermediaries must maintain a system to demonstrate cryptographically verifiable possession or control of all crypto assets under custody or otherwise provided for safekeeping by a customer to the intermediary.[25] The system must be protected against disclosure of customer data, proprietary information, and other data that may lead to operational or cybersecurity risk.[26] The crypto asset intermediary must retain an independent public accountant to verify possession or control of all crypto assets under custody.[27] This verification must include an examination of the system and shall take place at a time chosen by the independent public accountant without prior notice.[28] Should the accountant identify any material discrepancies, they must inform the appropriate regulator and the Authority within one day.[29]
Permissible Transactions
The RFIA provides that each crypto asset intermediary must ensure that it clearly discloses the scope of permissible transactions that the intermediary may undertake involving crypto assets belonging to a customer in a customer agreement.[30] Further, each crypto asset intermediary must provide clear notice to each customer and require acknowledgement of the following: (i) whether customer crypto assets are segregated from other customer assets and the manner of the segregation; (ii) how the crypto assets of the customer would be treated in a bankruptcy or insolvency scenario and the risk of loss; (iii) the time period and manner in which the intermediary is obligated to return the crypto asset of the customer upon request; (iv) applicable fees imposed on a customer; and (v) the dispute resolution process of the intermediary.[31]
Lending
The RFIA provides that a crypto asset intermediary must disclose any lending arrangement to customers before any lending services take place, including the potential bankruptcy treatment of customer assets in the case of insolvency.[32] In any lending arrangement, the crypto asset intermediary must also disclose whether the intermediary permits failures to deliver customer crypto assets or other collateral, and in the event of a failure to deliver, the period of time in which the failure must be cured.[33] Notably, the RFIA expressly prohibits the rehypothecation of crypto assets by a crypto asset intermediary.[34] This last provision originates from the collapse of FTX, which rehypothecated customers’ crypto assets without informing those customers.[35] Such a ban would disadvantage crypto intermediaries vis-à-vis traditional lenders. In traditional finance, lenders use rehypothecation to access credit for their own use, thereby pursuing their own goals. A ban for crypto intermediaries will limit their ability to take similar risks for their own purposes.
2b. Stablecoins
Under the RFIA as currently drafted, no entity other than a depository institution[36], or a subsidiary thereof, may issue a payment stablecoin.[37] This has the potential to affect current stablecoin issuers, many of which are not depository institutions. The term “payment stablecoin” means a claim represented on a distributed ledger that is: redeemable, on demand, on a one-to-one basis for instruments denominated in United States dollars; issued by a business entity; accompanied by a statement from the issuer that the asset is redeemable from the issuer or another person; backed by one or more financial assets, excluding other crypto assets; and intended to be used as a medium of exchange.[38]
Depository institutions need to apply to issue stablecoins by filing an application to the appropriate Federal banking agency or State bank supervisor. The Federal banking agency or State bank supervisor must approve the application unless the payment stablecoins are not likely to be conducted in a safe and sound manner; the depository institution lacks resources and expertise to manage the stablecoin; or the depository institution does not have required policies and procedures related to the stablecoin.[39]
Should a current stablecoin issuer hold a non-depository trust company charter or a State license that only persons engaged in crypto activities may obtain, the stablecoin issuer may in effect “skip the line” upon application to receive a charter as a depository institution and issue payment stablecoins.[40] These applications, while still reviewed, will be reviewed before applications from other entities.
Once approved, the issuing depository institution must clearly disclose to customers that a payment stablecoin is neither guaranteed by the U.S. government nor subject to deposit insurance by the Federal Deposit Insurance Corporation.[41] Though payment stablecoins are not guaranteed or insured, in the event of the receivership of the issuing depository institution, a person who has a valid claim on a payment stablecoin is entitled to priority over all other claims on the institution with respect to any required payment stablecoin assets, including claims with respect to incurred deposits.[42]
Restrictions
The RFIA provides that stablecoins may only be used in permissible transactions. They may not be pledged, rehypothecated, or reused, except for the purpose of creating liquidity to meet reasonable expectations of requests to redeem payment stablecoins.[43]
Further, the RFIA restricts which assets may properly use the term “payment stablecoin” or “stablecoin.” Endogenously referenced crypto assets cannot use the terms payment stablecoin or stablecoin in advertising marketing materials.[44] Endogenously referenced crypto assets are assets that will be converted, redeemed, or repurchased for a fixed amount of monetary value, or assets for which a mechanism exists to achieve such conversion, redemption, or repurchase, and assets that either rely solely on another crypto asset to maintain the fixed amount of monetary value or rely on algorithmic means to maintain the fixed amount of monetary value.[45]
3. Combatting Illicit Finance
As currently drafted, the RFIA includes new provisions to combat illicit finance risks, ranging from enhanced oversight of cryptocurrency ATMs to increasing efforts to combat illicit finance across government agencies.
Cryptocurrency ATMs
The RFIA provides a refreshed regime for combatting illicit finance. Notably, the RFIA directs the Financial Crimes Enforcement Network (“FinCEN”) to require crypto asset kiosk owners to submit and update the physical addresses of the kiosks owned or operated.[46] Further, FinCEN must require crypto asset kiosk owners and administrators to verify the identity of each kiosk customer by using government issued identification.[47] These provisions are similar to those in another bill sponsored by Senator Elizabeth Warren (D-MA), which has been heavily criticized by the crypto industry.[48]
Financial Technology Working Group
Additionally, the RFIA establishes the Independent Financial Technology Working Group to Combat Terrorism and Illicit Financing, consisting of the Secretary of the Treasury, senior-level representatives from FinCEN, the Internal Revenue Service, the Office of Foreign Assets Control, the Federal Bureau of Investigation, the Drug Enforcement Administration, the Department of Homeland Security and the United States Secret Service, the Department of State, and five individuals to represent financial technology companies, distributed ledger intelligence companies, financial institutions, and institutions engaged in research.[49]
The Independent Financial Technology Working Group has a broad mandate and is tasked with conducting independent research on terrorists and illicit use of new financial technologies; analyzing how crypto assets and emerging technologies may bolster the national security and economic competitiveness of the United States in financial innovation; and developing legislative and regulatory proposals to improve anti-money laundering, counter-terrorist, and other illicit financing efforts in the United States.[50]
4. Tax Implications
As currently drafted, the RFIA proposes an alternate tax treatment of crypto assets. Gross income does not include gain from the sale or exchange of any crypto asset, unless the sale or exchange is for cash or cash equivalent; property used by the taxpayer in the active conduct of a trade or business; or any property held by the taxpayer for the production of income.[51] Notably, this exclusion does not apply if the value of such sale or exchange exceeds $200 or if the total gain exceeds $300.[52] At bottom, this exclusion will ensure that consumers who transact in small amounts of crypto do not face the same type of tax liability as those who transact in large sums.
The RFIA also disallows loss deductions from wash sales. No deduction is allowed with respect to any loss claimed to have been sustained from any sale or other disposition of specified assets where it appears that, within a period beginning 30 days before the date of such sale or other disposition and ending 30 days after such date, the taxpayer has acquired substantially identical specified assets, or entered into a contract or option to acquire, or long notional principal contract in respect of, substantially identical specified assets.[53] Under current law, these restrictions apply to securities transactions. Thus, even if a crypto asset is a commodity under the rest of the RFIA’s provisions, it would still be treated like a security in this instance.
Concluding Thoughts
As discussed at the onset of this alert, the RFIA aims to solve for certain industry pain points surrounding the regulations, restrictions, and protections applicable to the cryptocurrency industry. However, the effectiveness of the updated provisions within the RFIA remain to be tested and could present some glaring issues for the industry to address. In particular, we note a few provisions:
________________________
[1] Lummis-Gillibrand Responsible Financial Innovation Act, S. _, 118th Cong. (2023).
[2] S. Amdt. 1000, 118th Cong. (2023).
[3] Lummis-Gillibrand Responsible Financial Innovation Act, S. 4356, 117th Cong. (2022).
[4] This client alert focuses on provisions of the RFIA that are completely new, or represent major changes from the 2022 version of the bill. For a section by section summary of the RFIA, including new and legacy provisions alike, see Cynthia Lummis & Kirsten Gillibrand, Lummis-Gillibrand Responsible Financial Innovation Act of 2023: Section-by-Section Overview, https://www.lummis.senate.gov/wp-content/uploads/Lummis-Gillibrand-2023-Section-by-Section-Final.pdf
[5] The term “crypto asset” means a natively electronic asset that (1) confers economic, proprietary, or access rights or powers; (2) is recorded using cryptographically secured distributed ledger technology or any similar analogue and (3) does not represent, derive value from, or maintain backing by, a financial asset (except other crypto asset). Crypto assets do not include payment stablecoins or other interests in financial assets represented on a distributed ledger or any similar analogue. RFIA, § 101(a). “Crypto asset” also excludes an asset that provides the holder of the asset with any of the following rights in a business entity: (1) a debt or equity interest in that entity; (2) liquidation rights with respect to that entity; (3) an entitlement to an interest or dividend payment from that entity; and (4) any other financial interest in that entity. RFIA, § 401.
[6] Crypto asset intermediary is defined by the Bill as a person who holds or is required to hold a license, registration, or any other similar authorization that conducts market activities relating to crypto assets and is not a depository institution. RFIA, § 101(a).
[7] RFIA, § 403(a).
[8] Id. The term “ancillary asset” means an intangible, fungible asset that is offered, sold, or otherwise provided to a person in connection with the purchase and sale of a security. Ancillary assets benefit from entrepreneurial and managerial efforts that determine the value of the assets, but do not represent securities because they are not debt or equity or do not create rights to profits, liquidation preferences, or other financial interests in a business entity. RFIA, § 301(a)(1).
[9] RFIA § 403(a).
[10] RFIA, § 401(a). We note a potential inconsistency: the RFIA limits the definition of crypto asset exchanges to those exchanges which trade crypto assets. Payment stablecoins are expressly exempt from the definition of crypto assets. However, the RFIA requires those offering a market in payment stablecoins to register as a crypto asset exchange.
[11] Id. The RFIA creates a definition of “decentralized crypto asset exchange”: (i) software that comprises predetermined and publicly disclosed code deployed to a public distributed ledger; (ii) permits a user or group of users to create a pool or group of pools for crypto assets; (iii) enables a user or group of users to conduct crypto asset transactions from a pool or group of pools, with such transactions occurring pursuant to the code described in clause (i), and; (iv) no person, or group of persons, known to one another who have entered into an agreement (implied or otherwise) to act in concert, can unilaterally control or cause to control the software protocol through altering transactions, functions, or actions on the protocol, or blocking or approving transactions on the protocol.
[12] RFIA, § 404(a).
[13] RFIA, § 705(c).
[14] RFIA, § 404(a).
[15] Id.
[16] RFIA, § 405(a).
[17] Id.
[18] RFIA, § 403(a).
[19] RFIA, § 501.
[20] Id.
[21] RFIA, § 601(a).
[22] Id.
[23] Id.
[24] RFIA, § 101.
[25] RFIA, § 203(a).
[26] Id.
[27] Id.
[28] Id.
[29] Id.
[30]RFIA, § 205. The Bill also advises the Consumer Financial Protection Bureau to issue guidance setting forth best practices for standard crypto asset intermediary customer agreements, in consultation with the SEC and CFTC.
[31] Id.
[32] RFIA, § 205.
[33] RFIA, § 206(a).
[34] Id.
[35] See Jonathan Chiu & Russell Wong, What is a Crypto Conglomerate Like FTX? Economics and Regulations, No. 23-09 (March 2023). https://www.richmondfed.org/publications/research/economic_brief/2023/eb_23-09.
[36] The term depository institution includes: an insured bank or any bank which is eligible to make application to become an insured bank, any mutual savings bank, any savings bank, any insured credit union or any credit union which is eligible to make application to become an insured credit union, or any savings association which is an insured depository institution.
[37] RFIA, § 701. Note that the Bill neither defines “stablecoin issuer” nor considers what activities are considered issuance.
[38] RFIA, § 101(a).
[39] RFIA, § 701.
[40] RFIA, § 706(a).
[41] RFIA, § 701.
[42] Id.
[43] Id.
[44] RFIA, § 702(c).
[45] RFIA, § 702(a).
[46] RFIA, § 303(b).
[47] RFIA, § 303(c).
[48] Digital Asset Anti-Money Laundering Act of 2023, S. _, 118th Cong. (2023).
[49] RFIA, § 304(b)(1)-(3).
[50] RFIA, § 304(c)(1)-(3).
[51] RFIA, § 801(a).
[52] Id.
[53] RFIA, § 805(a).
The following Gibson Dunn lawyers prepared this client alert: Sara Weed, Jason Cabral, Jeffrey Steiner, Karin Thrasher, Alexis Levine, Roscoe Jones Jr., Amanda Neely, and Christian Dibblee.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s FinTech and Digital Assets, Financial Institutions, or Public Policy practice groups, or the following authors:
Financial Institutions Group:
Jason J. Cabral – New York (+1 212-351-6267, [email protected])
FinTech and Digital Assets Group:
Jeffrey L. Steiner – Co-Chair, Washington, D.C. (+1 202-887-3632, [email protected])
Sara K. Weed – Washington, D.C. (+1 202-955-8507, [email protected])
Public Policy Group:
Roscoe Jones, Jr. – Co-Chair, Washington, D.C. (+1 202-887-3530, [email protected])
Amanda H. Neely – Washington, D.C. (+1 202-777-9566, [email protected])
© 2023 Gibson, Dunn & Crutcher LLP. All rights reserved. For contact and other information, please visit us at www.gibsondunn.com.
Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.