Are Your Employees Trading Bitcoin? Addressing Cryptocurrencies in Compliance Policies

How should broker-dealers, investment advisers, and other registered firms in the US, UK, and Hong Kong address cryptocurrencies in their compliance programs?

The US Securities Exchange Commission’s (SEC) stated view that many cryptocurrencies are in fact securities suggests that broker-dealers and investment advisers should factor cryptocurrencies into their compliance programs, as their employees may seek to participate personally in the cryptocurrency markets. Broker-dealers and investment advisers are required to establish and enforce compliance policies and procedures reasonably designed to prevent federal securities law violations and to prevent the misuse of material non-public information. To the extent a particular cryptocurrency or token is found to be a security, the firm’s compliance policies, including personal trading policies, should apply to trading in the instrument. Moreover, even if a cryptocurrency or token is not a security, firms might consider establishing policies and procedures to prevent the misuse of material non-public information in the trading of cryptocurrencies as commodities. In this article, Latham’s financial regulatory and enforcement lawyers provide guidance on the evolving landscape for these compliance risks in the cryptocurrency and digital token markets.

Compliance Policies and Procedures and Supervisory Obligations

Investment advisers and broker-dealers have responsibility for preventing federal securities law violations. For example, Section 206(4)-7 of the Investment Advisers Act of 1940 (Advisers Act) requires investment advisers to adopt and implement written policies and procedures reasonably designed to prevent federal securities law violations. Broker-dealers and investment advisers are also obligated to supervise associated persons in a manner designed to prevent such violations. See Section 15(b)(4)(E) of the Securities Exchange Act of 1934 (Exchange Act); Section 203(e)(4) of the Advisers Act; FINRA Rule 3110.

Advisers and broker-dealers should promptly review the application of their compliance and supervisory policies to cryptocurrencies that may be deemed securities. If a cryptocurrency is deemed a security, firms should treat the cryptocurrency like any other security for oversight purposes. Since the SEC has placed cryptocurrencies at the top of the agency’s list of priorities, firms should be prepared for cryptocurrency-related inquiries in SEC exams. Further, firms should bear in mind that the SEC appears to be looking for cryptocurrency enforcement cases that will permit the agency to signal the need for vigilance in this evolving market.

Insider Trading Policies Under the Exchange Act and the Advisers Act

Section 15(g) of the Exchange Act requires that broker-dealers establish, maintain, and enforce written policies and procedures reasonably designed — taking into consideration the nature of their business — to prevent the misuse of material non-public information in violation of the securities laws by the broker-dealer or its associated persons. Section 204(A) of the Advisers Act places similar obligations on investment advisers.

Such policies and procedures are typically designed to establish a number of controls to deter insider trading. These include information barriers between private-side groups that have regular access to material non-public information (e.g., investment banking, credit, capital markets, and syndicate) and public-side groups that do not have such access (e.g., sales and trading). They also include controls against personal trading based on material non-public information by employees. Broker-dealers and investment advisers accordingly maintain “watch lists” or “restricted lists” of securities on which employees may have access to material non-public information. Typically, employees are required to pre-clear personal trades with their employer, and the employer conditions clearance, based on these lists. Furthermore, employers typically monitor their employees’ personal trading accounts based on these lists. FINRA Rule 3210 facilitates such oversight for broker-dealers by requiring associated persons to notify their employer of securities accounts opened at other financial institutions.

Whether or not Section 15(g) of the Exchange Act and Section 204(A) of the Advisers Act directly apply to a particular cryptocurrency depends on whether or not that cryptocurrency is a “security.” The SEC has applied the test established by the US Supreme Court in SEC v. W.J. Howey Co.to conclude that certain tokenized instruments can qualify as securities on the basis that they represent an investment of money in a common enterprise with the expectation of profits to be derived from the efforts of others. See In the Matter of Munchee Inc.;Release No. 81207, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO. In a recent statement, SEC Chairman Jay Clayton has gone as far as to state that “by and large” the initial coin offering (ICO) structures that he has seen involve securities and implicate the securities laws. Furthermore, the SEC recently issued a statement that a number of online trading platforms facilitating trading in coins and tokens do so for some coins and tokens that the SEC believes meet the definition of a “security” under federal securities laws. To date, ICOs have involved a wide variety of cryptocurrency protocols and marketing efforts, and thus there is a risk many of these may be deemed to be securities by the SEC.

On the other hand, cryptocurrencies that are widely traded, such as Bitcoin and Ether, arguably are not securities. The SEC has concluded that certain tokenized instruments are securities on the basis that a reasonable investor’s expectation of profits in such instruments is derived from the entrepreneurial or managerial efforts of others. However, reaching the same conclusion for cryptocurrencies with well-established markets such as Bitcoin and Ether is difficult. The markets for such cryptocurrencies have evolved to the point that a reasonable investor’s expectation of economic return is more likely based on general market forces, and not on the efforts of a particular promoter or other enterprise. Precedent holds that if the expectation of economic return from an instrument is based solely on market forces, and not on the efforts of a promoter, then the instrument does not satisfy the “from the efforts of others” prong of the Howey test.See Noa v. Key Futures Inc. ; SEC v. Belmont Reid & Co . Accordingly, although the SEC Chairman has warned that simply calling a tokenized instrument a “currency” does not mean it is not a security, he acknowledged in a recent statement that “there are cryptocurrencies that do not appear to be securities.”

To date, the SEC has not taken any action in which it has alleged that Bitcoin, Ether or any cryptocurrency with a well-established market is a security. See SEC v. Trendon T. Shavers and Bitcoin Savings & Trust ;In re Erik T. Voorhees ; In re BTC Trading Corp. and Ethan Burnside ;SEC v. Homero Joshua Garza, Gaw Miners, LLC, and ZenMiner, LLC (d/b/a Zen Cloud) ; In re Bitcoin Investment Trust and SecondMarket, Inc. ; In re Sunshine Capital, Inc. ; SEC v. REcoin Group Foundation LLC, et al . It may therefore be reasonable to take the position that cryptocurrencies with well-established markets, such as Bitcoin and Ether, are not securities and that broker-dealers and investment advisers are thus not required to establish and maintain insider trading policies and procedures with respect to trading in such instruments as securities. Outside of these well-established cryptocurrencies, however, determining whether a particular cryptocurrency is a security must be made on a case-by-case basis, requiring an intensive review of the cryptocurrency, its related white paper, the way in which it has been marketed to the public and any secondary market that exists for the cryptocurrency.

As of the publication of this article, there are more than 1,500 cryptocurrencies that have been developed. Determinations by compliance personnel on whether or not any number of these cryptocurrencies are securities will be difficult, and the risk of legal and regulatory uncertainty will remain, absent further clarification from the regulators. One approach broker-dealers and investment-advisers can take in this circumstance is to assume that all such cryptocurrencies and tokens could be deemed to be securities, and thus subject all of them to their personal trading policies.

Insider Trading Principles Under the Commodity Exchange Act

Whether or not cryptocurrencies must be covered by personal trading policies as securities, market participants face additional considerations under the Commodity Exchange Act (the CEA). The US Commodity Futures Trading Commission (the CFTC), which enforces the CEA, has taken the position in multiple enforcement actions and public pronouncements that cryptocurrencies like Bitcoin are commodities subject to certain CEA provisions. See In re Coinflip, Inc., d/b/a Derivabit (the Derivabit Order); In re TeraExchange LLC (the TeraExchange Order); In re BFXNA Inc. d/b/a Bitfinex (the Bitfinex Order). (For further discussion, please refer to Latham’s Client Alerts regarding the Derivabit Order and the Bitfinex Order.) A federal district court recently agreed with the CFTC that cryptocurrencies are commodities (at least in regard to the widely traded cryptocurrencies at issue in the case). See CFTC v. McDonnell and Cabbagetech, Corp. (d/b/a Coin Drop Markets) . The CFTC has also indicated that some ICO tokens may be commodities or derivatives as well.

The CFTC’s recent pronouncements set the stage for application of CEA principles to cryptocurrency markets. The CFTC has now repeatedly taken the view that firms offering derivatives on cryptocurrencies must comply with applicable regulatory requirements. And while underlying cryptocurrency spot markets do not face all of the regulatory requirements that cryptocurrency derivatives face, the CFTC has determined — and a district court recently agreed — that the CFTC’s anti-fraud and anti-manipulation authority applicable to all commodities applies to cryptocurrencies as well.

Historically, the CFTC’s enforcement authority for insider trading was quite narrow. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the Dodd-Frank Act) amended the CEA to include new provisions which, among other changes, led to a new rule that the CFTC has interpreted to prohibit trading based on misappropriation of material non-public information. CFTC Rule 180.1, which came into effect in 2011, provides among other things that it is unlawful to use or employ “any manipulative device, scheme, or artifice to defraud” in connection with any contract of sale of a commodity in interstate commerce, futures contract, or swap. In its official commentary, the CFTC stated that this rule may be violated “by trading on the basis of material non-public information in breach of a pre-existing duty … or by trading on the basis of material non[-]public information that was obtained through fraud or deception.”

The CFTC has exercised its new insider trading authority in two recent enforcement actions. In December 2015, the CFTC imposed US$316,000 in sanctions and a permanent trading ban against a trader who traded oil and gas futures using confidential information about his employer’s trades. The following year, the CFTC ordered US$5.25 million in sanctions and a permanent ban against a trader for misappropriating information about his employer’s trades to profit in oil and gas futures and options. Both cases involved trading in commodity derivatives based on misappropriated information, and the CFTC may take the view that they serve as models for insider trading enforcement in cryptocurrency derivatives too. Such derivatives are becoming more widely available as the market develops.

Further, there is reason to anticipate that the CFTC may seek to apply its insider trading authority to cryptocurrency spot markets as well. First, the CFTC has already applied the same fraud provisions in cryptocurrency cases that did not involve insider trading. In September 2017, the CFTC filed an action against an alleged Bitcoin Ponzi scheme, and earlier this month it won a preliminary injunction in federal district court in New York against another alleged fraudulent virtual currency scheme. In each case, the CFTC alleged fraud in violation of Section 6(c) of the CEA and Rule 180.1 — the same provisions that would likely underlie insider trading charges. Second, CFTC Chairman J. Christopher Giancarlo has recently stated — twice — that insider trading is a risk associated with cryptocurrencies. Thus, while the CFTC has not issued guidance on when or how it may apply its insider trading enforcement authority to cryptocurrencies or their derivatives, these recent actions and statements indicate that the agency may do so.

Moreover, broker-dealers who are also registered with the CFTC and the National Futures Association (NFA) as a futures commission merchant or introducing broker should be aware that NFA Compliance Rule 2-37(b) requires them to “establish, maintain and enforce written procedures reasonably designed to achieve compliance with applicable securities laws, including Sections 9(a), 9(b), and 10(b) of the Exchange Act and any applicable regulation thereunder.” Additionally, all NFA registered entities, including investment advisors registered as commodity pool operators (CPOs) or commodity trading advisors (CTAs), may face withdrawal from registration by the NFA and CFTC in certain circumstances for violation of securities laws. To the extent that trading in cryptocurrencies implicates securities law provisions as discussed above, dually registered firms have this additional reason to address such trading in their policies and procedures.

The NFA, like the CFTC, has focused its attention on cryptocurrencies in recent months. As of December 2017, the NFA requires all CPOs and CTAs to notify the NFA if they execute transactions involving any cryptocurrency or cryptocurrency derivative. Further, beginning in the first quarter of 2018, CPOs and CTAs that have executed transactions involving cryptocurrencies or related derivatives must report such transactions on a quarterly basis.

In light of these developments in the CFTC and NFA regulatory landscape, US market participants may wish to address cryptocurrencies and tokens in trading policies that cover commodities as well as securities.

Global Perspectives

Similar issues apply in some of the most common jurisdictions in which broker-dealers and investment advisers may have affiliates, such as the United Kingdom and Hong Kong.

United Kingdom

Firms carrying on designated investment business in the UK (including dealing in securities and other financial instruments) are required to establish, implement and maintain adequate personal account dealing policies. Cryptocurrencies that are widely traded, such as Bitcoin and Ether, will not be classified as securities. However, other less well-established cryptocurrencies that give holders security-like rights will likely be classified as securities, although this will require a case-by-case assessment.

However, the UK regime has a broader application in that it also applies to activities “connected” with designated investment business. While there is no definition or guidance which sheds light on the meaning of “connected,” depending on the circumstances, a firm’s activities, or the activities of its employees, possibly could be deemed to be connected to the firm’s designated investment business. Such activities could then be brought within the regulatory net, even if they relate to cryptocurrencies that are otherwise currently unregulated, such as Bitcoin and Ether.

In addition, the UK regime contains a set of high-level regulatory principles that apply to firms over and above specific regulatory requirements. These regulatory principles require firms, among other stipulations, to conduct their business with due skill, care and diligence; to organize and control their affairs responsibly and effectively, with adequate risk management systems; and to observe proper standards of market conduct. The UK Financial Conduct Authority (FCA) can bring an enforcement action against firms in relation to a breach of the principles even if the firm has not breached a specific regulatory rule. Breach of regulatory principles was a core part of the FCA’s 2015/16 enforcement actions in the spot foreign exchange markets, which were largely unregulated at the time.

In deciding whether to implement personal trading policies in relation to cryptocurrencies, UK firms should bear in mind the broad expectations on firms that arise from the regulatory principles, as well as the fact that just because a cryptocurrency is unregulated does not necessarily take it outside the regulatory net completely.

Hong Kong

The issues in Hong Kong are broadly similar to those in the UK. Firms that carry on a regulated business in Hong Kong, such as broker-dealers and investment advisers, are required to have a written policy on employee dealings in securities, futures contracts and leveraged foreign exchange contracts, under paragraph 12.2 of the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (SFC) (the Code).

Hong Kong regulators have specifically stated that Bitcoin is a “ virtual commodity” and not a security or currency. Accordingly, Hong Kong laws and regulations relating to securities, deposit-taking and payments do not automatically apply to Bitcoin. Other cryptocurrencies that are widely traded and which have similar characteristics to Bitcoin, such as Ether, are also likely to be classified as virtual commodities. These cryptocurrencies technically should not be subject to Hong Kong’s regulatory framework for financial products and services. The SFC has, however, cautioned that dealing in and advising on Bitcoin futures contracts would be subject to its regulatory purview, because these instruments would be categorized as “futures contracts” under the Securities and Futures Ordinance — the primary source of securities law in Hong Kong.

Whether other cryptocurrencies are characterized as securities, futures contracts or leveraged foreign exchange contracts would require a case-by-case assessment. Less well-established cryptocurrencies, including tokens issued pursuant to ICOs, which give holders security-like rights (e.g., voting rights) are likely to be classified as securities. If a cryptocurrency is characterized as a security, futures contract or leveraged foreign exchange contract, the cryptocurrency should be covered by the employee dealing rules under the Code.

SFC-licensed firms should bear in mind that even though a cryptocurrency is not characterized as a security or another type of regulated instrument, the Code is predicated upon a number of high-level regulatory principles that still apply to all SFC-licensed firms. These regulatory principles require firms, among other compliance measures, to conduct their business with due skill, care and diligence and have appropriate internal control procedures. In addition, under the Management, Supervision and Internal Control Guidelines for Persons Licensed by or Registered with the SFC, firms are required to implement procedures to minimize the potential for conflicts of interest between the firm’s staff and its clients, and to ensure that staff trading activities are not prejudicial to the interests of the firm’s clients. If the regulator determines that a firm has breached any of these principles or is otherwise not fit and proper, the regulator could take various measures against the firm, including enforcement actions.

Taking all of this into account, particularly the difficulty in accurately assessing the characteristics of the myriad cryptocurrencies and digital tokens that are available to trade, firms in Hong Kong may be well-served to adopt a conservative approach and include all cryptocurrencies and tokens within the scope of their personal trading policies.

Outlook

Recent regulatory trends in the US, UK and Hong Kong reflect that, while the question of whether a particular cryptocurrency is a security will be relevant to how it should be treated in compliance policies, it is not dispositive. Even if a cryptocurrency is not deemed a security under the applicable regulatory regime, misuse of non-public information with respect to such cryptocurrency could still pose potential insider trading liability risk. As it is difficult in this rapidly evolving regulatory environment to draw distinctions in trading policies between cryptocurrencies that constitute securities and those that do not, regulated firms and other market participants may find it prudent to approach all cryptocurrencies and tokens comprehensively as they review their trading policies for compliance in this new landscape.

* * * * * Stephen Wink is a partner in the New York office of Latham & Watkins and a member of the Financial Institutions Group and FinTech Industry Group.

Douglas Yatter is a partner in the New York office of Latham & Watkins and a member of the White Collar Defense & Investigations Practice and the Financial Institutions and Energy Industry Groups. He is a former Chief Trial Attorney in the CFTC Division of Enforcement.

Yvette Valdez is a partner in the New York office of Latham & Watkins and a member of the Derivatives Practice, Financial Institutions Group, and FinTech Industry Group.

John Sikora Jr. is a partner in the Chicago office of Latham & Watkins and a member of the Litigation & Trial Department and Securities Litigation & Professional Liability Practice. Sikora was formerly at the SEC, where he was most recently an Assistant Director in the Chicago Regional Office and in the Asset Management Unit of the SEC’s Enforcement Division.

Simon Hawkins is a counsel in the Hong Kong office of Latham & Watkins and a member of the Financial Institutions Group and FinTech Industry Group.

Stuart Davis is an associate in the London office of Latham & Watkins and a member of the Financial Institutions Group and FinTech Industry Group.

Naim Culhaci is an associate in the New York office of Latham & Watkins and a member of the Financial Institutions Group.

J. Ashley Weeks is an associate in the New York office of Latham & Watkins and a member of the Financial Institutions Group and Derivatives Practice.

Kenneth Hui is an associate in the Hong Kong office of Latham & Watkins and a member of the Financial Institutions Group.

The authors wish to thank Jeffrey Glass in the New York office of Latham & Watkins for his contribution to this article.