SEC and CFTC Actions Against Cryptocurrency App Developer for Unregistered Security-Based Swaps Highlight Risks for Fintech Companies
By: Charles D. Riely and Michael F. Linden
A recent enforcement action by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) in the Fintech space serves as a cautionary tale for innovators who fail to heed traditional regulations. On July 13, 2020, the SEC and CFTC each filed settled enforcement actions against California-based cryptocurrency app developer Abra and its related company, Plutus Technologies Philippines Corporation. Abra’s bold idea was to provide its global users with a way to invest in blue-chip American securities, all funded via Bitcoin. In executing this idea, Abra took pains to focus its products outside of the United States and hoped to avoid the ambit of US securities laws. As further detailed below, however, the SEC and CFTC both found that Abra’s new product violated US laws. This post details Abra’s product, why the regulators came to the view that the new idea ran afoul of long-established provisions under federal securities and commodities laws, and the key takeaways from the regulators’ actions.
In 2018, Abra began offering users synthetic exposure, via Bitcoin, to dozens of different fiat currencies and a variety of digital currencies, like Ethereum and Litecoin. Users could fund their accounts with a credit card or bank account, and Abra would convert those funds into Bitcoin. When a user wanted exposure to a new currency, the user would choose the amount of Bitcoin he or she wanted to invest, Abra would create a “smart contract” on the blockchain memorializing the terms of the contract, and the value of the contract would move up or down in direct relation to the price of the reference currency.
In February 2019, Abra announced that it planned to expand its business to provide synthetic exposure to US stocks and ETF shares, rather than just currencies. Abra advertised that users could enter into smart contracts to invest in their chosen stocks and ETFs. For example, Abra said in a blog post that:
[I]f you want to invest $1,000 in Apple shares you will place $1,000 worth of bitcoin into a contract. As the price of Apple goes up or down versus the dollar, bitcoin will be added to or subtracted from your contract. When you settle the contract – or sell the Apple investment – the value of the Apple shares will be reflected in bitcoin in your wallet which can easily be converted back to dollars, or any other asset for that matter.
Abra said it planned to hedge the smart contracts by purchasing—in the US securities markets—the actual securities referenced in a given contract.
The Securities and Commodities Law Violations
The SEC’s cease-and-desist order found that the contracts Abra offered were swaps because they tracked the value of the underlying securities without also conveying any ownership in those securities. Abra did not set any asset requirements to enter into these swaps, nor did it make any effort to confirm the identity or financial resources of its customers, including whether those customers were “eligible contract participants,” as defined by the securities laws. More than 20,000 people joined the waitlist to buy swaps from Abra. After being contacted by the SEC and CFTC in February 2019, Abra shut down the swaps project before it went live and removed mention of it from its website.
In May 2019, however, Abra rebooted the project, this time limiting offers to non-U.S. persons and making Plutus, Abra’s related Filipino company, the counterparty to the swaps, apparently under the belief that doing so would avoid exposure to U.S. securities laws. While the app was run via Asian servers and Abra’s website was coded to show the swap opportunity only to users outside the United States, California continued to be Abra’s brain center. Employees in California designed the details of the contracts—including prices—sought out investors, marketed the swaps, and hedged the contracts by actually purchasing the underlying securities. Though Plutus was the legal party to the swaps, Abra lent it the hedging money.
Abra and Plutus ultimately sold more than 10,000 swaps, including a small number to customers in the United States, despite efforts to avoid doing so. The SEC’s order found that Abra and Plutus violated Section 5(e) of the Securities Act of 1933 —which prohibits offers to sell security-based swaps to any person who is not an eligible contract participant without an effective registration statement—when they marketed and sold swaps to thousands of unidentified customers without a registration statement in place. For similar reasons, the order found that Abra and Plutus also violated Section 6(1) of the Securities Exchange Act of 1934, which prohibits effecting security-based swaps with a person who is not an eligible contract participant, unless the transaction is effected on a national securities exchange.
The CFTC order similarly found that from December 2017 to October 2019, Abra entered into thousands of digital-asset and foreign currency-based smart contracts via its app. Those contracts, according to the CFTC, constituted swaps under the Commodity Exchange Act (CEA). Because Abra offered these swaps to persons who were not eligible contract participants, and did so outside of a board-of-trade-designated contract market, the swaps violated Section 2(e) of the CEA. Further, in soliciting and processing the swaps, Abra violated Section 4(d)(a)(1) of the CEA by operating as a futures commission merchant without registering with the CFTC.
In bringing the action, the SEC and CFTC also emphasized the messages they hoped the filing of the action would send: namely that it was important that Fintechs comply with the relevant laws as they seek to bring innovative products to the market. In filing the action, the SEC emphasized that parties could not avoid the reach of the securities laws easily when key parts of their operations occurred in the US. In the press release announcing the action, Dan Michael, the head of the Complex Financial Instrument, said, “businesses that structure and effect security-based swaps may not evade the federal securities laws merely by transacting primarily with non-U.S. retail investors and setting up a foreign entity to act as a counterparty, while conducting crucial parts of their business in the United States.” For its part, in its press release, the CFTC emphasized that it would continue to focus on ensuring responsible development of digital products. As stated by the CFTC’s Enforcement Director, “Rooting out misconduct is essential to furthering the responsible development of these innovative financial products.”
The Wait is Over: FDIC Approves Insurance for New Industrial Banks for the First Time in Over a Decade
By: Susanna D. Evarts
On March 18, 2020, the Federal Deposit Insurance Corporation (FDIC) approved the deposit insurance applications for industrial bank applicants Square, Inc., a provider of payment services for small businesses, and Nelnet, Inc., a student loan servicer. The approvals allow Square and Nelnet to create new industrial banks chartered under Utah law. Obtaining an industrial bank charter allows companies that are not bank holding companies to own banks that are authorized to originate consumer and commercial loans and collect insured deposits. Square and Nelnet’s applications are the first that the FDIC has approved in over a decade, marking a potentially significant shift in how the FDIC will treat such applications, and reflecting an increase in the number of active Utah industrial banks, which has hovered at fifteen. These state-chartered financial institutions are generally subject to the same banking laws and regulations as other types of bank charters.
The approvals come one day after the FDIC issued a proposed rule for public comment, which would impose certain conditions on industrial bank applicants. This marks a change in the FDIC’s position on approving deposit insurance applications for industrial banks, indicating that the long-dormant industrial bank charter may begin to attract attention once more. The two new approvals and proposed rule may prompt FinTech and other tech companies to consider seeking a charter as a way to expand their market presence.
OCC and FDIC Propose “Madden Fix” Rules to Codify “Valid-When-Made” Principle
By: William S. C. Goldstein
The long-running saga of Madden v. Midland Funding is entering a new phase. Last week, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) proposed rules that would codify the concept that the validity of the interest rate on national and state-chartered bank loans is not affected by the subsequent “sale, assignment, or other transfer of the loan.” See Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred, 84 Fed. Reg. 64229, (proposed Nov. 18, 2019); FDIC Notice of Proposed Rulemaking, Federal Interest Rate Authority, FDIC (proposed Nov. 19, 2019). Under these rules, an interest rate that is validly within any usury limit for such a bank when it is made would not become usurious if the loan is later transferred to a non-bank party that could not have charged that rate in the first instance.
The proposed rules are a long-awaited response to the Second Circuit’s decision in Madden, which held that a non-bank purchaser of bank-originated credit card debt was subject to New York State’s usury laws. 786 F.3d 246, 250-51 (2d Cir. 2015). In so holding, the Second Circuit cast doubt on the scope of National Bank Act (NBA) preemption, which exempts national banks from most state and local regulation, allowing them to “export” their home state interest rates without running afoul of less favorable usury caps in other states (FDIC-insured state banks are afforded similar protections). Before Madden, it was widely assumed that “a bank’s well-established authority [under the NBA] to assign a loan” included the power to transfer that loan’s interest rate. See Permissible Interest on Loans That Are Sold, 84 Fed. Reg. at 64231. The Madden decision also did not analyze the “valid-when-made” rule, a common law principle providing that a loan that is non-usurious at inception cannot become usurious when it is sold or transferred to a third party. See, e.g., Nichols v. Fearson, 32 U.S. (7 Pet.) 103, 109 (1833) (“[A] contract, which, in its inception, is unaffected by usury, can never be invalidated by any subsequent usurious transaction.”). Madden has been widely criticized by a host of commentators, including the Office of the Solicitor General.
The OCC and FDIC rules aim to remedy the confusion caused by Madden. OCC’s rule “would expressly codify what the OCC and the banking industry have always believed and address recent confusion about the impact of an assignment on the permissible interest.” Permissible Interest on Loans That Are Sold, 84 Fed. Reg. at 64231-64232. Likewise, the FDIC rule would rectify “uncertainty about the ongoing validity of interest-rate terms after a State bank sells, assigns, or otherwise transfers a loan.” Notice of Proposed Rulemaking at 2-3. Both proposals cite Madden as the source of the confusion.
Notably, neither proposal purports to address the emerging “true lender” doctrine, which some courts have used to apply state usury or consumer protection laws to non-bank entities that have partnered with banks in issuing loans and that retain a “predominant economic interest” in the loan. See, e.g., People ex rel. Spitzer v. Cty. Bank of Rehoboth Beach, Del., 846 N.Y.S.2d 436 (N.Y. App. Div. 2007). Under that doctrine, courts look at whether the bank or the third-party was the “true lender” in the first place, taking loans facing a true lender challenge outside the ambit of Madden and the OCC and FDIC fixes. In that regard, the OCC proposal notes simply that “[t]he true lender issue . . . is outside the scope of this rulemaking.” See Permissible Interest on Loans That Are Sold, Fed. Reg. at 64232. The FDIC proposal likewise notes that the new rules do not address true lender issues, but goes on to express support for the concern animating the true lender doctrine: “the FDIC supports the position that it will view unfavorably entities that partner with a State bank with the sole goal of evading a lower interest rate established under the law of the entity’s licensing State(s).” Notice of Proposed Rulemaking at 4.
Comments are due on the OCC rule by January 21, 2020, and on the FDIC rule shortly thereafter.
Texas Jury Awards $200 Million In Mobile Banking Patent Dispute
By: Benjamin J. Bradford
On November 6, a jury in the Eastern District of Texas awarded the United Services Automobile Association (USAA) a $200 million verdict finding that Wells Fargo willfully infringed two of USAA’s patents directed to the “auto-capture” process, which is used by banking customers to deposit checks using photographs taken from a mobile phone or other device. (Civ. No. 2:18-cv-00245 (E.D. Tex.)) Based on the finding of willfulness, USAA may be entitled to enhanced damages beyond the $200 million verdict.
Despite the verdict, the fight between Wells Fargo and USAA is still ongoing. Wells Fargo filed patent office challenges to the validity of USAA’s patents, which are still pending before the Patent Trial and Appeals Board, but may not be decided for another 15 months. In addition, Wells Fargo will likely appeal the decision, including a recent denial of summary judgment that found the patents were not invalid under 35 U.S.C. 101. Nevertheless, the verdict against Wells Fargo will likely embolden USAA to assert its patents against other banks and financial institutions that use an “auto-capture” process.
DC Court Again Dismisses Challenge to OCC’s FinTech Charter, Splitting with SDNY
By: William S. C. Goldstein
On September 3, 2019, a federal district court in the District of Columbia dismissed, for the second time, a lawsuit brought by the Conference of State Bank Supervisors (CSBS) seeking to block the Office of the Comptroller of the Currency (OCC) from issuing national bank charters to certain non-bank financial technology (FinTech) companies. Conference of State Bank Supervisors v. Office of the Comptroller of the Currency, No. 18-cv-2449, slip op. at 1-6 (D.D.C. Sept. 3, 2019) (CSBS II). CSBS’s earlier suit, brought in 2017, was previously dismissed by Judge Dabney Friedrich as premature: Because OCC had not yet finalized its procedure for accepting FinTech charter applications, let alone received any applications, Judge Friedrich found that CSBS’s claims were unripe and alleged no injury sufficient for standing. CSBS v. OCC, 313 F. Supp. 3d 285, 296-301 (D.D.C. 2018). In October 2018, CSBS brought suit again—this time after OCC had finalized its procedures for accepting FinTech charter applications, albeit before OCC had actually received any applications. CSBS II, slip op. at 2. Judge Friedrich held that neither this change nor the Senate’s confirmation of Joseph Otting as Comptroller of the Currency, another change in the facts highlighted by CSBS, “cure[s] the original jurisdictional deficiency.” Id. (alteration in original; citation omitted). The court pointedly explained that “it will lack jurisdiction over CSBS’s claims at least until a Fintech applies for a charter.” Id. at 5.
In dismissing CSBS’s suit for lack of standing, Judge Friedrich found herself in disagreement with Judge Victor Marrero of the Southern District of New York. Judge Marrero held in May of this year, on a very similar record, that the New York State Department of Financial Services (DFS) had standing to challenge OCC’s FinTech plans—and that DFS was right on the merits, essentially blocking OCC from issuing FinTech charters. See Vullo v. OCC, 378 F. Supp. 3d 271 (S.D.N.Y. 2019). Judge Friedrich “respectfully disagree[d] with Vullo, to the extent that its reasoning conflicts with either this opinion or CSBS I.” CSBS II, slip op. at 2 n.2. The heart of the divergence seems to be Judge Friedrich’s conclusion that there could be no jurisdiction at least until OCC received a charter application. Id. at 5. Judge Marrero, by contrast, found that OCC “has the clear expectation of issuing [FinTech] charters” and thus that “DFS has demonstrated a ‘substantial risk that harm will occur.’” Vullo, 378 F. Supp. 3d at 288 (citation omitted). Due to that difference of opinions, CSBS will have to wait at least until a FinTech company applies for a charter before filing again. Such an application may not be forthcoming, as the SDNY’s ruling may keep any FinTech companies from applying for a charter in the near future, given the legal uncertainty. The parties in Vullo are in the process of negotiating the language of a proposed final judgment to submit to the court, presumably to allow for OCC to take an appeal to the Second Circuit. See Endorsed Letter, Lacewell v. OCC, No. 18-cv-8377 (S.D.N.Y. Aug. 28, 2019), ECF No. 38.
Regulators Continue to Focus on the Use of Alternative Data
By: Michael W. Ross
In an article published last month in Law360 (and reprinted in our Consumer Finance Observer periodical), our lawyers highlighted the increasing focus of government enforcement authorities on how companies are using “alternative data” in making consumer credit decisions. For example, the article highlighted that – as stated in a June 2019 fair lending report from the CFPB – “[t]he use of alternative data and modeling techniques may expand access to credit or lower credit cost and, at the same time, present fair lending risks.” Regulators have continued to focus on this area, including on the benefits and risks of using alternative data in lending decisions.
Earlier this month, the CFPB posted a widely reported-on blog entry on the benefits of using alternative data in lending decisions. The CFPB blog post provided an update to the public on the agency’s first and only no-action letter, issued to Upstart Network, Inc. in 2017. In that letter, the CFPB stated it had no intention of taking action against Upstart under the Equal Credit Opportunity Act (ECOA), which prohibits discrimination in lending, for using certain alternative data sources – particularly information about a borrower’s education and employment history – to make credit decisions. To obtain that letter, Upstart committed to implementing a risk management and compliance plan that included a process for analyzing the potential risk that its use of alternative data could lead to impermissible discrimination against protected classes of consumers.
The CFPB’s blog post reported on the results of Upstart analyzing almost two years of data from its risk management process. Its data showed that Upstart’s model approved 27 percent more applicants than would have been approved by a traditional underwriting model (i.e., one that did not use alternative data and machine learning), and led to 16 percent lower average APRs for approved loans. The CFPB also reported that expansion of credit occurred “across all tested race, ethnicity, and sex segments,” and resulted in particular increases in approval among applicants under twenty-five, those with incomes under $50,000, and those with “near prime” credit scores. These results hearken back to a report by the Philadelphia Federal Reserve in 2017 concluding that the use of alternative data in credit decisions (in that case, relying on data from another FinTech lender, Lending Club) expanded access to credit in underserved areas at a lower cost than would otherwise be available.
The news of Upstart’s results was widely reported, as the use of alternative data in consumer lending remains a hot topic that regulators and legislators are continuing to watch closely.
 Government agencies and legislators also continue to focus on the potential risks of alternative data. In June, for example, Senators Warren and Jones wrote a letter to various government regulators highlighting concerns that using algorithms in underwriting decisions could lead to unlawful discrimination.
Facebook’s Libra Prompts Federal Draft Legislation
By: Jeffrey A. Atteberry
In June, Facebook publicly launched an initiative to develop a cryptocurrency called Libra in partnership with 27 other technology and finance companies including Visa, PayPal and Uber. According to Facebook, consumers will be able to buy Libra anonymously and then use the currency to buy things online, send money to people, or cash out at physical exchange points such as grocery stores. The blockchain technology behind Libra is meant to be open-source and not controlled exclusively by Facebook, but by an association of its founding companies, each of which has already invested at least $10 million into the venture.
Facebook’s announcement triggered a rapid response from federal legislators, and on July 15 the House Financial Services Committee introduced draft legislation aimed at preventing large tech companies from creating digital currencies such as Libra. Entitled “Keep Big Tech Out of Finance Act,” the draft legislation would apply only to tech companies with over $25 billion in annual global revenue that primarily operate online marketplaces or social platforms. Such companies would be prohibited from using blockchain or distributed ledger technology to create or operate “a digital asset that is intended to be widely used as a medium of exchange, unit of account, store of value, or any other similar function.” The draft legislation would further prohibit such tech companies from being or affiliating with “a financial institution.”
The draft legislation is just the latest indication that federal legislators and regulators are increasingly focused on the growing linkages between technology, particularly in the form of social media and online marketplaces, and more traditional consumer finance industries.
SDNY Decision Blocks National Bank Charters for FinTech
By William S. C. Goldstein
Earlier this month, a federal district court in New York handed a win to the New York State Department of Financial Services (DFS) in its long-running, closely watched suit seeking to block the Office of the Comptroller of the Currency (OCC) from issuing national bank charters to non-bank financial technology (FinTech) companies that don’t receive deposits. Judge Victor Marrero denied most of OCC’s motion to dismiss and found the agency’s interpretation of the National Bank Act, 12 U.S.C. § 21 et seq., to be unpersuasive. Vullo v. Office of the Comptroller of the Currency, No. 18-cv-8377, 2019 WL 2057691, at *18 & n.13 (S.D.N.Y. May 2, 2019). DFS’s suit has significant stakes for the FinTech industry: under the United States’ dual banking system, nationally chartered banks are regulated primarily by OCC and avoid the application of most state laws and regulations through federal preemption, while financial institutions without national bank charters are generally subject to state oversight—and non-bank institutions are often regulated by multiple states. Id. at *8. Judge Marrero’s decision casts doubt on whether comprehensive, uniform regulation of FinTech companies can be achieved without congressional action.
The OCC allegedly first began considering whether to accept applications from FinTech companies for special purpose national bank (SPNB) charters in early 2016, pursuant to a 2003 regulation authorizing such charters for entities engaged in “at least one” core banking function: receiving deposits, paying checks, or lending money. Id. at *2 (quoting 12 C.F.R. § 5.20(e)(1)(i)). DFS first sued OCC in 2017, arguing that the National Bank Act (NBA) prohibits charters from issuing to entities that don’t receive deposits and that to issue them would violate the Tenth Amendment of the Constitution. That suit was dismissed without prejudice in December of 2017 on justiciability grounds after Judge Naomi Reice Buchwald found that DFS had not suffered an injury in fact and that its claims were not ripe. Id. at *3. After OCC announced in July of 2018 that it would begin accepting applications from non-depository FinTech companies for SPNB charters, DFS sued again, under the Administrative Procedure Act (APA) and the Tenth Amendment, to prevent OCC from issuing any charters and to invalidate the underlying regulation. OCC moved to dismiss this past February, arguing that DFS lacked standing, its claims weren’t ripe or timely, and that on the merits it failed to state a claim. Id. at *4. Judge Marrero issued a decision on OCC’s motion on Thursday, May 2.
Judge Marrero first addressed OCC’s justiciability arguments. He found that DFS had standing based on two distinct alleged harms: i) the loss of “critical financial protections” for the citizens of New York that would result if non-depository financial institutions were no longer subject to DFS regulation; and ii) direct financial harm to DFS due to the loss of assessments levied on institutions it licenses and regulates. Id. at *8. As to constitutional ripeness, the Court found that OCC “has the clear expectation of issuing SPNB charters,” and thus that “DFS has demonstrated a ‘substantial risk that harm will occur,’” making its claims ripe. Id. at *9 (quoting Clapper v. Amnesty Int’l USA, 568 U.S. 398, 414 n.15 (2013)). Judge Marrero also rejected OCC’s argument that, insofar as DFS was challenging the validity of the underlying regulation authorizing SPNB charters—issued in 2003—its claims were untimely. Id. at *10-11. The Court noted that DFS’s claims “cannot be both unripe and untimely,” and that to hold otherwise would allow agencies to insulate their actions from judicial review by promulgating rules and then waiting out the limitations period before taking any actions under those rules. Id. at *10. The Court also invoked several administrative law doctrines and decisions allowing review of agency action where an agency claims broad new authority derived from an older regulation. Id. at *10-11. OCC is free to re-raise its timeliness defense on a more fully developed record. Id. at *11.
On the merits, OCC’s chief argument was that the scope of the phrase “business of banking” in the National Bank Act is ambiguous, and thus that OCC’s interpretation is entitled to Chevron deference. Id. at *13. The Court was not persuaded by this argument, concluding instead that the text, structure, purpose, and history of the statute all supported a conclusion that the NBA “unambiguously requires receiving deposits as an aspect of the business.” Id. at *13-16. The original version of the NBA “is replete with provisions predicated upon a national bank’s deposit-receiving power,” and was based heavily on New York’s experience with a state banking law, under which deposit-receiving was always a core, unchallenged power of banks. Id. at *15. The Court emphasized that OCC had never before chartered a non-depository institution in reliance on the “business of banking” clause; rather, the previous two times OCC began issuing national charters to such institutions, it acted in reliance on congressional amendments to the NBA explicitly authorizing it do so. Id. The Court was reluctant to find a broad new agency power, with the potential to significantly disrupt the banking industry, in 140-year-old statutory language—the “Congress doesn’t hide elephants in mouse holes” canon. Id. at *16. Judge Marrero acknowledged a significant line of authority finding ambiguous the “outer bounds” of the “business of banking,” but found those cases inapposite to determining what the necessary core activities of banking are, what he called the “threshold requirements” or “inner limits” of banking. Id. at *17. In light of all these and other “interpretive clues,” the Court concluded that only depository institutions are eligible for national charters under the NBA’s “business of banking” clause, and that OCC cannot issue such charters to non-depository institutions without specific statutory authorization. Id. at *18. Accordingly, DFS’s arguments that OCC’s plan to charter FinTech companies would violate the National Bank Act stated claims under the APA. Id. at *18. However, the Court did dismiss DFS’s Tenth Amendment claim. DFS argued that OCC violated the Tenth Amendment by exceeding its statutory authority and acting contra to congressional intent. Id. The Tenth Amendment allows litigants to object to exercises of federal authority that exceed “the National Government’s [constitutionally] enumerated powers.” Id. at *19 (citation and quotations omitted). The authority to regulate national banks has long been recognized as within the scope of the powers granted to Congress by the Constitution’s Commerce and Necessary and Proper Clauses. Id. at *18. The court observed that DFS did not allege that it would “categorically lie beyond federal authority” for Congress to authorize OCC to issue national bank charters to non-depository institutions. Id. at *19. DFS therefore did not state a Tenth Amendment claim. Id.