The below post originally appeared in the September 19, 2018 issue of the Messari newsletter here. Shoutout to Ryan for the edits.

The New York Attorney General’s Crypto Report:
a crash course in more dated & esoteric laws

Yesterday, the New York Attorney General’s Office (NYAG) released a massive 42-page report that outlined the findings of their investigation into crypto exchanges. 

Where (and how) did the NYAG get this information? 

As part of the "Virtual Markets Integrity Initiative”, the NYAG office sent questionnaires to 13 crypto exchange platforms back in April, presumably to get better information on the practices and procedures of these exchanges. 

The NYAG’s full letter and questionnaire can be found here, but they basically ask the target exchanges to provide details on how they deal with: 

• Ownership & control 

• Basic operation and fees

• Trading policies and procedures

• Outages and other suspensions of trading

• Internal controls 

• Money laundering surveillance 

• Protection against customer fraud

• Etc. 

Most exchanges “invited to participate” immediately voiced their intention to cooperate with the NYAG, but several notable exchanges declined, including Binance, Huobi, and Kraken.

Kraken was the most vocal to decline, and included a very public and angry statementfrom CEO Jesse Powell that argued (among other things) that “the placative kowtowing toward this kind of abuse [the out-of-left-field questionnaire] sends the message that it's ok. It's not ok. It's insulting.”

Roger that. 

Powell might not have been entirely wrong to vent. Kraken (headquartered in California) left New York State in 2015, in response to the New York’s proposed “BitLicense”. And the amount of money crypto exchanges spend on legal and compliance costs is staggering.

A review of the history and implications of the BitLicense could make for an entirely new post (throwback to TBI’s initial critical take in 2014), but in short the BitLicense required any business that conducted business ‘involving virtual currency’ to be licensed by the New York Department of Financial Services (NYDFS). Something many felt was redundant and overly burdensome compared to federal regulations. 

Still, without the BitLicense, crypto businesses could not operate within the NYS borders or serve its residents. The BitLicense’s impact has been far-reaching, and still impacts the city’s startup scene today.

To date, NYDFS has granted just nine BitLicenses, while the former Superintendent has long since moved on.

[TBI Note: “moved on” to the revolving door of “consulting” on the very regulations his office helped institute.]

Back up, though. That’s NYDFS. Why did New York AG’s office get involved?! And why are they so aggressive? 

Ah yes. Just when you thought the whole federal gauntlet of  SEC/ CFTC/FINRA/FinCEN/OFAC/CFPB/OCC/DOJ/IRS wasn’t headache enough, and 50 state regulators were quite enough to deal with, now we’ve got a state Attorney General jumping into the fray as well!

To understand why, it’s time for a quick crash course in U.S. law.

Each state has jurisdiction (aka “power”) over the activities and the people within its state. That means unique laws/rules/regs across 50 states. BUT, once this thing/person/activity spills over state borders, federal law comes into play.

The intricacies of state/federal laws could cover a semester of law school, but for this particular report, here’s what you need to know: state regulators and agencies can (and do) regulate crypto activity that happens within their borders.

While this isn’t unique to New York, the state does present a particularly special case because of this little thing called the Martin Act (originally passed 97 years ago - I kid you not). The Martin Act gave the New York State Attorney General really broad powers (both civil and criminal enforcement abilities) over anything and everything that could be considered detrimental to the investing public (e.g securities fraud). The Martin Act did not establish a state regulatory agency, but instead gave the Attorney General sole responsibility for its implementation and enforcement. 

If that sounds scary, it’s because it is.

The NYAG is empowered under the Martin Act to — among other things— launch investigations, criminal prosecutions, civil proceedings, and issue subpoenas that "require production of documents deemed relevant or material to an investigation” as it relates to possible securities fraud cases. This means that the act of sending out questionnaires and launching investigations into crypto exchanges was indeed within the NYAG’s power.

Ok, so what does the report actually say?

There’s a ton to unpack. Personally, I was kinda impressed that AG Underwood released the report on twitter via tweetstorm, summarizing some of the key points.

Underwood’s voiced three primary concerns:

1) Many platforms had yet to implement serious efforts to prevent or even monitor abusive trading. (For example, few platforms seriously restrict or monitor the operation of bots or automated algorithmic trading on their venues.)

2) Exchanges have myriad conflicts of interest. Some charge listing fees, others allow for employee trading or even prop trading by internal teams, etc. (We learned for instance that for Coinbase, “20 percent of executed volume on its platform was attributable to its own trading”!!!)

3) Customers have limited protection of their funds. If a hack or unauthorized withdrawal occurs, customers would be highly exposed. (Secure third-party custody remains an unsolved problem in crypto…some would say “feature, not a bug.”)

The NYAG’s report has some nice infographics (especially for a government’s investigative report). Here are some of the more interesting ones: 

Almost no one is blocking masked VPN IP addresses. Which means NY traders could access these exchanges within the state via VPN (against the exchanges’ terms of service, by the way), and the companies could still be deemed to be on the hook for BitLicense compliance.

Understand Jesse’s frustration, now?

Ummm, traders generally want to know they are getting fair, non-manipulated prices. These types of policies would seem to be low-hanging compliance fruit for the major crypto exchanges. This was the most eyebrow-raising part of the report.

More assessments of internal controls (or lack thereof) within the industry.

What’s striking is how many entities with BitLicences seem to be on the wrong side of these charts! Gemini and Coinbase hold up pretty well, but neither block masked VPN IP addresses. Meanwhile, itBit, Poloniex, and bitFlyer don’t have formal market manipulation policies. It begs the question, what was the point of the BitLicense?

What does all of this mean?

Crypto twitter is abound with snarky chatter and summaries of the report, and no one in the industry seems particularly surprised by the findings (crazy listing fees? conflicts of interest? little to no employee trading policy? lol whhhhhhat, no way, that’s so crazy </sarcasm>!)

Still, you should expect some of the findings and statistics in this report to be cited in future regulatory actions. Coming soon to a jurisdiction near you.™

What could those actions look like?

This goes back to the Martin Act where neither scienter (legal jargon for intent to defraud) nor reasonable reliance (legal jargon for when a customer behaves a certain way based on a vendor’s representations) needs to be proven in order for the NYAG to prove violation of the Act.

That’s right! The NYAG has the ability to investigate and both civilly and criminallycharge someone/ some business for securities fraud WITHOUT having to prove that there was an actual intention to defraud or that actual damages or reliance occurred.

If crypto exchanges are found to have violated the Martin Act, the NYAG could obtain a permanent injunction (aka stop you from operating in the state), as well as impose fines pending a deeper investigation. Criminal charges are also technically possible, if unlikely at first glance.

The NYAG with Martin Act powers makes the SEC look **friendly**. At least the SEC has to actually prove a number of important elements, and even then stay in its lane of civil punishments only.

Turns out New York is Samara and the SEC is more like Casper.

[TBI note: this is a fantastic, esoteric “The Ring” reference. My hair stands on end the same way whenever I hear “Samara” or “New York Crypto Regulation.”]

What does this mean for the three exchanges (Binance, Gate.io and Kraken) referred to the NYDFS for potential BitLicense violations?

I don’t know. New Yorkers are aggressive. New York is aggressive. There even is a special and extra sassy (my favorite adjective do not @ me) shoutout to Kraken for Jesse’s public refusal to participate in the investigation: 

AG’s Underwood’s “concerns” could merely be a warning: “y’all better step your game up and make some changes NOW before we come slap you with all of the civil and criminal charges that we can.” And that warning probably applies to all the exchanges operating in NYS, not just Kraken.

Either way, the warning comes with a big stick to back it up.

The glass half full take? Cooperation could lead to better crypto exchange practices, provided regulators give them the latitude to do so over a reasonable amount of time. 

Glass half empty? Regulators gonna continue to regulate. 

- Katherine