The most recent crypto winter has been accompanied a flurry of U.S. enforcement actions and private litigation. Authorities fined Bitmex $100 million and sanctioned Tornado Cash. A wave of class actions grew. FTX’s collapse and resulting fraud charges made headlines worldwide.
As legal threats grow, here’s a look at areas of increasing risk – and six principles to help crypto business leaders and investors navigate through turbulent waters.
Crypto Companies Face Escalating Civil and Enforcement Risk
Enforcement and litigation carry risks beyond penalties and costs. In addition to reputational costs and operational interruptions, enforcement can escalate into a bet-the-company problem that could even lead to jail time. And class actions increasingly target crypto enterprises regardless of government action. Threats continue to mount across the following areas:
- Securities: The SEC continues to take a broad view of which tokens are “securities.” The controlling Howey test is a nearly 80-year-old Supreme Court case designed to assess whether an investment contract exists. Like most litigation in this industry, precedent provides little guidance.
- Wash Trading: Authorities have launched several investigations into potential wash trading, which facilitates fictitious trades or riskless order activity. The government appears particularly concerned that traders may be exploiting incentive programs on exchanges and executing large volumes of riskless trades to create false impressions of high market interest for nascent tokens.
- Insider Trading: Several agencies have signaled plans to increasingly investigate insider trading in assets, whether or not they are securities. A former Coinbase manager, his brother and friend were charged with criminal insider trading. Prosecutors typically charge individuals, but companies can be caught in the crosshairs.
- AML and Sanctions: Regulators and enforcers are taking expansive interpretations of traditional anti-money laundering and sanctions regulations – and adding more – in the cryptocurrency space, including with respect to NFT and DeFi companies.
For a glimpse into the future of crypto enforcement, look no further than the commodities futures markets. Having concluded a joint enforcement campaign targeting fraud, market manipulation and spoofing in the futures markets, the Department of Justice and Commodity Futures Trading Commission appear poised to focus on cryptocurrency markets.
Consider These Six Tips to Mitigate Risk
- Know Your Arena: If a company does business in the U.S. – even if not deliberate – litigators or regulators can claim that federal or state laws apply. Exposure goes beyond a company’s organizational location or an individual’s residence. Knowing the states and countries that may have jurisdiction is essential to mitigating risk. Businesses and investors should understand the substance, and not simply the form, of business activities and how particular activities can trigger jurisdiction from a U.S. state, the federal government or another country. In addition, unincorporated DAO structures may not be a shield against enforcement and litigation risk: regulators and litigants have shown a willingness to try to attach liability to those structures, their control persons and their token holders.
- Know the Players: In the U.S., a variety of agencies regulate crypto and enforce laws and regulations, including the SEC, DOJ, OFAC, CFTC and FinCEN. Enforcement agencies outside the U.S. are increasingly active as well. A company’s business model, activities and other considerations determine which agency may regulate a company – vital information in reducing risk.
- Self-Scout: Given the scope of legal risks and uneven enforcement, blockchain-based businesses should know that their level of legal exposure will vary as products and services evolve. Businesses should periodically identify potential vulnerabilities, assess how regulators and litigants are likely to approach them and implement mitigation measures before threats materialize. Investors should look at whether companies recognize and adapt their approach to changing risk. Areas of focus include the products or services’ native tokens, possible impacts of legal risks to critical customers and partners and business models, particularly how they transact in their own and others’ tokens.
- Watch Your Words: What a company or its employees say publicly can trigger scrutiny from plaintiffs and regulators. Companies should have protocols to vet public comments – ideally with input from counsel. This includes marketing, statements about products/services and comments on social media platforms like Twitter.
- Don’t Be Your Biggest Enemy: Internal communications can wreak havoc in litigation, as does an inability to find and provide relevant materials. While many companies focus on external communications, regulators and plaintiffs also will look to internal communications – often from the early days of a venture, when communication styles tend to be less guarded. Companies can reduce costs and risk through communications discipline and information retention.
- Understand Decentralization Plans: Decentralization of a blockchain-based service may reduce the likelihood that certain regulations apply. Businesses and investors should understand the meaning of decentralization and the paths to achieving it (widely dispersed governance is probably insufficient if, e.g., a central entity or group can upgrade applicable smart contracts, or only a few people control private keys of protocol’s key contracts/addresses).