Bitcoin and the Changing Legal Landscape


If your business is contemplating doing something with digital currencies (meaning virtual currencies, like Bitcoin, Ripple, Ethereum, etc.), you need a plan. First, consider how and where your business will use digital currencies. Second, know what laws and regulations apply. Third, implement a compliance plan to ensure your business doesn’t run afoul of the law. Fourth, stick to your plan.

This fourth step can be difficult to follow, particularly if your business is a startup trying to quickly establish itself and gain a foothold in the fast-paced, evolving online marketplace. You may think implementing a compliance plan will cost you precious time. If you are an entrepreneurial firm, your business may be a moving target, constantly reinventing itself, in which case what you do today may not be what you do tomorrow. That makes planning and staying with a plan challenging. Regardless, take a cue from the privacy world.

Myriad enforcement actions and lawsuits have arisen against companies that collect personally identifiable information, not necessarily because they collect personal information, but because they don’t disclose what information they collect, or what they do with it, or because they say one thing, but do another. A dozen years ago, not many people paid much attention to this, so companies faced less scrutiny, and thus fewer impediments, in running their business. But that’s all changed. Cybersecurity and privacy are hot button issues, both commercially and politically. Because the spotlight is so bright, companies must be diligent and have a compliance plan to protect themselves against increased scrutiny.

Digital currencies and their related distributed ledger technologies (e.g., Bitcoin and blockchain, respectively) are trending in the same direction. Moreover, the disruptive nature of these technologies means increased scrutiny may come sooner than later. Just as Uber and Lyft have used the Internet and e-commerce to disrupt traditional transportation service businesses, Bitcoin and blockchain are similarly disruptive to traditional financial systems. People are taking notice, including the government.

For a while, the government was content to sit on the sideline, monitoring digital currencies but not interfering. Those days are over. Federal agencies are starting to interpret existing laws to cover digital currencies and are enforcing those laws against violators. A cursory review of recent enforcement actions demonstrates that if you’re going to tread in the digital currency world, you better know where you’re treading.

Last May, FinCEN, in its first enforcement action against a virtual currency exchanger, assessed a $700,000 penalty against Ripple Labs for willfully violating the Bank Secrecy Act by:

acting as a money services business (MSB) and selling its virtual currency . . . without registering with FinCEN, and by failing to implement and maintain an adequate anti-money laundering (AML) program . . . .”

Last summer, the SEC shut down an online business (Sand Hill Exchange) that was essentially running a fantasy league for valuing private startup companies. What started out as a concept beta test by two Silicon Valley entrepreneurs wasn’t a concern until they started accepting bitcoins to fund accounts. That quickly got the SEC’s attention, despite Sand Hill Exchange having raised only $5400 in equivalent bitcoins. The SEC quickly shut down the business, finding that the

“Sand Hill Exchange was offering and selling security-based swaps contracts to retail investors outside the regulatory framework of a national securities exchange and without the required registration statements in effect.”

Last September, the CFTC announced:

“In First Action against an Unregistered Bitcoin Options Trading Platform, CFTC Holds that Bitcoin and Other Virtual Currencies Are a Commodity Covered by the Commodity Exchange Act.”

SEC CybersecurityThat was certainly news to Conflip, which had been facilitating the trading of Bitcoin option contracts. The CFTC said such activity amounted to commodity options trading without complying with the Commodity Exchange Act and CFTC Regulations.

Then on December 1, 2015, the SEC announced that it is pursuing charges against Josh Garza and his Bitcoin mining companies for defrauding investors through a Ponzi scheme. According to the SEC, Mr. Garza purported to offer shares of his companies’ “mining” computer power (miners validate Bitcoin transactions on the blockchain in return for a small fee paid in Bitcoin). The more computing power a miner has, the more blockchain transactions they can validate, and the more bitcoins they can earn. Each share of computing power is referred to as a “Hashlet.” The SEC contends that the sale of Hashlets constitutes the sale of unregistered securities and that Mr. Garza allegedly misrepresented his companies’ mining powers—thereby fooling investors into buying something that didn’t exist and using later investments to pay returns to early investors.

Digital currencies have moved beyond the theoretical and are something the government considers real. You can no longer argue that laws or regulations don’t apply because Bitcoin isn’t real money. Trendon Shavers tried this approach when the SEC charged him with running an illegal Ponzi scheme and violating securities laws. That he only solicited investments and paid returns in bitcoins didn’t matter to Judge Amos Mazzant of the Eastern District of Texas, who ruled that Bitcoin is a currency or form of money and, as such, Bitcoin investments meet the definition of investment contracts and securities. Mr. Shavers suffered a judgment requiring him to disgorge $40 million in profits and pay a fine of $150,000; he also pleaded guilty to securities fraud and will be sentenced this month.

Whether you’re making $5,400 or $40 million using digital currencies, the government is probably watching. All the more reason to develop a business plan, know the laws that govern your business, and operate within the legal and regulatory framework. At times, it may seem like your business is a square peg trying to fit in a regulatory round-hole. Innovation typically moves faster than the law. But that won’t be an excuse for not attempting to understand and comply with potentially applicable laws and stay abreast of legal developments. Inevitably, the law catches up.

Aitan Goelman, the CFTC’s Director of Enforcement, commented:

“While there is a lot of excitement surrounding Bitcoin and other virtual currencies, innovation does not excuse those acting in this space from following the same rules applicable to all participants in the commodity derivatives markets.”

FinCEN Director Jennifer Shasky Calvery said,

“Innovation is laudable but only as long as it does not unreasonably expose our financial system to tech-smart criminals eager to abuse the latest and most complex products.”

To make matters more difficult, the principal federal agencies paying close attention to digital currencies are the SEC, CFTC, FinCEN, and IRS. Each agency, though, has its own interpretation of virtual currencies and how or whether they should be regulated. To the IRS, “virtual currency is treated as property for U.S. federal tax purposes. General tax principles that apply to property transactions apply to transactions using virtual currency.” FinCEN treats Bitcoin and other virtual currencies similar to real currency, subjecting processors or exchangers of bitcoins to the same regulations as money services businesses, including AML, KYC, and BSA. The CFTC recently ruled, “Bitcoin and other virtual currencies are properly defined as commodities.” And the SEC has treated Bitcoin-based products as securities. In addition states, such as South Carolina, New Jersey, New York, North Carolina, are starting to pass laws specifically addressing digital currency-related businesses. These laws can require businesses to register, obtain licenses, and maybe even receive tax breaks.

If you’re going to be in a business that touches Bitcoin or other digital currencies, it’s incumbent on you to know what you’re doing, where you’re doing it, and what laws apply. Even if the legal landscape is still uncertain and changing, the more you do to show that you’re taking compliance seriously, the more you can insulate yourself from scrutiny. Like any business, if you obtain a license to do one thing, don’t do something that’s not covered by the license. Also, consider industry standards and whether you’re meeting them. For instance, the Crypto Currency Certification Consortium, a nonprofit, offers certification to those providing digital-currency-related services (similar to ISO or NIST).

These are both exciting and challenging times for digital currencies and their related distributed ledger technologies. While there’s a rush to figure out how to transform what was not long ago a theoretical concept into the 21st Century’s preferred method for transferring value, consider some advice from the 20th Century’s legendary Bruins basketball coach, John Wooden, who said, “Be quick, but don’t hurry.”

It’s never too late to implement a compliance plan (before a government investigation, that is).

This entry was posted in Cyber Crime, Cyber Laws, e-Commerce and tagged , , , , , . Bookmark the permalink.

Leave a Reply