General innovation climate
What is the general state of fintech innovation in your jurisdiction?
The continued economic expansion in the United States has attracted capital and investment in the fintech sector.Payments and insuretech continue to dominate the fintech landscape in the United States.
A fragmented regulatory environment and aggressive enforcement by securities regulators have made the United States a less inviting jurisdiction for certain fintech businesses and investments compared with countries in Europe and Asia with more progressive attitudes toward the regulation of fintech companies.Government and regulatory support
Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?
The Office of the Comptroller of the Currency (OCC) issued the Responsible Innovation Framework in 2016, creating an Office of Innovation for banks and non-banks to consult regarding fintech activities and promoting inter-agency cooperation.
During the autumn of 2016, in an effort to regulate fintech companies, the OCC announced a study to consider whether it would issue a special charter to fintech companies to become special purpose national banks.In May 2017, Comptroller Thomas J Curry announced that the OCC may issue such charters.Shortly thereafter, in April 2017, the Conference of State Bank Supervisors (CSBS) filed a lawsuit in federal district in the District of Columbia arguing that the OCC does not have the appropriate statutory authority to create such special purpose charter.In May 2018, a federal district court judge in the District of Columbia dismissed the case holding that the CSBS did not have standing to sue because the OCC had not yet officially decided to issue charters to fintech companies.As of July 2019, the OCC has suspended taking or renewing special purpose banking charter applications, when a federal court in May 2019 held that the New York Department of Financial Services’ suit against the OCC over the national special purpose banking charter was allowed to proceed.
In the summer of 2018, the US Department of the Treasury released its Report on Nonbank Financials, Fintech, and Innovation that made over 80 recommendations on legislative and administrative action on the fintech sector, including endorsement of the OCC special purpose national banking charter and recommending the establishment of regulatory sandboxes for fintech companies.
The Commodities Futures Trading Commission (CFTC) has created LabCFTC in an effort to promote responsible fintech innovation and competition.The initiative serves as a platform to inform the Commodity Futures Trading Commission about new technologies through engagement with the fintech market participant community.
Additionally, Arizona became the first state to launch a fintech sandbox, which is administered by the state’s attorney general.
To participate, companies must submit an application explaining its plan to test, monitor and assess its product or service, while ensuring that consumers are protected in the event the test fails.Individual transactions caps per customer are in effect.
Financial regulation Regulatory bodies
Which bodies regulate the provision of fintech products and services?
Fintech products and services may be subject to the overlapping jurisdiction of a number of regulators, including: the Federal Reserve; the Financial Industry Regulatory Authority; the Federal Financial Institutions Examination Council (FFIEC); the CFTC; the Securities and Exchange Commission (SEC); the Financial Crimes Enforcement Network (FinCEN); and the Consumer Financial Protection Bureau (CFPB).Regulated activities
Which activities trigger a licensing requirement in your jurisdiction?
There are a large number of activities that may trigger a registration requirement in the United States.In particular, unless an exemption applies, they include the following.Securities
Offering securities, including certain tokens arising out of initial coin offerings (ICOs), triggers a requirement to register the securities with the SEC.With respect to ICOs, the SEC has found that certain tokens arising out of ICOs constitute securities offerings, but the SEC has also determined that bitcoin and ether are not or are no longer securities for the purposes of federal securities law.
See question 30 for a more detailed discussion of ICO regulation.
Providing a market for the trading of securities triggers a requirement to register as a national securities exchange or broker-dealer.
Brokering or dealing in securities triggers a requirement to register as a broker-dealer with the SEC.Advising persons with respect to securities transactions triggers a requirement to register as an investment adviser with the SEC.
An investment adviser is an individual or a firm that is in the business of providing advice about securities to clients.For example, individuals or firms that receive compensation for providing advice with respect to investing in securities, such as stocks, bonds, mutual funds, or exchange traded funds, are investment advisers.Commodity interests
Brokering transactions in futures contracts, options on futures contracts, swaps, or retail off-exchange forex contracts (collectively Commodity Interests) triggers a requirement to register as an introducing broker or futures commission merchant with the CFTC.
Advising persons with respect to Commodity Interest transactions triggers a requirement to register as a commodity trading adviser (CTA) with the CFTC.A CTA is an individual or organisation that, for compensation or profit, advises others, directly or indirectly, as to the value of or the advisability of trading futures in commodity interests.
Operating a commodity pool triggers a requirement to register as a commodity pool operator (CPO) with the CFTC.A commodity pool is an enterprise in which funds contributed by a number of persons are combined for the purpose of trading commodity interests.Currency transmission
At the federal level, companies that engage in money transmission are considered money services businesses (MSBs), which are regulated entities for anti-money laundering (AML) purposes under the Bank Secrecy Act of 1970 (BSA).MSBs are required to register with FinCEN and meet other regulatory requirements, such as implementing an AML compliance programme.
Under the BSA, money transmission is defined as the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.
At the state level, money transmitters are required to have licences for each state in which they operate.Many states have expanded the definition of money transmitter to include the transmission of cryptocurrency, while others exclude cryptocurrencies from money transmitter licensing requirements.
It is a federal crime to operate as a money transmitter without a relevant state licence.Receiving and holding funds belonging to others
Corporate entities that receive and hold funds from consumers and corporate clients and later make such funds available to the depositor or transfer to a recipient or beneficiary designated by the depositor is generally required to obtain the appropriate state or federal licence.A wide range of entities exercise such deposit-taking function, including commercial banks or credit unions, bill payment companies, escrow companies and remittance companies.
Although deposit-taking services are generally a function of a bank, and constitutes a core service of the business of banking, fintech companies are offering services of receiving and holding consumer funds through methods including mobile applications, websites and point-of-sales terminals.The deposit-taking services offered by fintech companies, in which the fintech company transmits such funds to recipients indicated by the depositor, are generally deemed money transmitters.As discussed above, money transmitters need to register with FinCEN and obtain appropriate state licensing.Extending credit
Covering a wide range of payment products, the extension of credit in the United States has a long history of being a licensed activity, particularly with respect to extensions of credit to the public, or consumer credit.
Non-bank companies seeking to offer home mortgages, credit cards, prepaid cards, and even ‘payday lending’ are generally required to obtain a special state licence.
Each US state has enacted laws and regulations governing the offering of loans to consumers, and generally requires registration and licensing in each state in which the fintech company intends to conduct its lending business.Consumer lending
Is consumer lending regulated in your jurisdiction?
Yes.
Consumer lending activity is subject to a plethora of state and federal regulation governing, among other things, disclosure of a consumer’s creditworthiness information, charges on interests for loans and credit card disclosures.The primary laws and regulations include: the Truth in Lending Act of 1968 and its implementing regulation, Regulation Z; and the Credit Card Accountability, Responsibility and Disclosure, or CARD, among others.Secondary market loan trading
Are there restrictions on trading loans in the secondary market in your jurisdiction?
Loans traded in the secondary market are generally governed by terms of the loan documentation, which may contain restrictions on assignment of the loans.
Such restrictions can include prior obligor consent under a particular set of circumstances or eligibility requirements for the loan purchaser.Additionally, for commercial loans, the Loan Syndication and Trading Association prepares documents for traders that may dictate the timing and settlement requirements of a loan.
Generally, loans are not considered securities, though additional analysis is necessary when special terms and facts are present – particularly when a borrower’s motivation is to raise money for general business use or to finance a substantial investment or plan resembles distribution of a security.Collective investment schemes
Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.
As a general matter, collective investment schemes are subject to regulation in the United States.In particular, the following types of collective investment schemes are subject to regulation: An investment company, which is an entity that issues securities and are primarily engaged in the business of investing in securities: an investment company invests the money it receives from investors on a collective basis, and each investor shares in the profits and losses in proportion to the investor’s interest in the investment company.Investment companies are subject to regulation under the Investment Company Act of 1940.
A commodity pool, which is an enterprise in which funds contributed by a number of persons are combined for the purpose of trading commodity interests: the operators of commodity pools (ie, CPOs), are subject to regulation under the Commodity Exchange Act (CEA).
To the extent that a fintech company functions in the capacity of an investment company or commodity pool, the company would be required to register with the SEC or the CFTC, respectively, unless an exemption applies.Moreover, a fintech entity that issues coins or tokens may be subject to regulation, as discussed in question 30.
Alternative investment funds
Are managers of alternative investment funds regulated?
Managers of alternative investment funds are subject to regulation in the United States.In particular: Investment advisers with respect to securities are subject to regulation under the Advisers Act of 1940 (the Advisers Act).In addition to specific requirements, the Advisers Act imposes a broad fiduciary duty on investment advisers to act in the best interest of their clients.
CPOs with respect to commodity interests are subject to regulation under the CEA.As with investment advisers, the CEA imposes specific requirements on CPOs, as well as a broad fiduciary duty to act in the best interest of their clients.CTAs with respect to commodity interests are subject to regulation under the CEA.
As with investment advisers and CPOs, the CEA imposes specific requirements on CTAs, as well as a broad fiduciary duty to act in the best interest of their clients.Peer-to-peer and marketplace lending
Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.
There is no specific federal regulation addressing peer-to-peer (P2P) finance, though the CFPB has enforcement powers over providers of payment services that receive significant numbers of consumer complaints.Crowdfunding
Describe any specific regulation of crowdfunding in your jurisdiction.
Under the Securities Act of 1933, the offer and sale of securities must be registered unless an exemption from registration is available.Title III of the Jumpstart Our Business Startups Act of 2012 added Securities Act Section 4(a)(6) that provides an exemption from registration for certain crowdfunding transactions.In 2015, the SEC adopted Regulation Crowdfunding to implement the requirements of Title III.Under the rules, eligible companies will be allowed to raise capital using Regulation Crowdfunding.
In order to rely on the Regulation Crowdfunding exemption, certain requirements must be met.The requirements relates to maximum offering amounts, limitations on the amount of investments by individual investors, intermediary requirements, eligibility requirements and disclosure requirements.
Any issuer conducting a Regulation Crowdfunding offering must electronically file its offering statement on Form C through the Commission’s Electronic Data Gathering, Analysis and Retrieval system, and with the intermediary facilitating the crowdfunding offering.Invoice trading
Describe any specific regulation of invoice trading in your jurisdiction.
There are no specific regulations concerning invoice trading in the United States.
However, licensing could be required if the activity involves collecting consumer receivables, purchasing consumer receivables or making loans secured by receivables.
The purchasing of invoices may be considered a lending activity under US accounting rules if the purchases are not treated as ‘true sales’.Payment services
Are payment services regulated in your jurisdiction?
Yes, payment services relating to activities such as remittances, prepaid cards and bill payments are subject to regulation in the United States.Regulation E, issued by the Board of Governors of the Federal Reserve System pursuant to the Electronic Fund Transfer Act (EFTA), generally applies to electronic funds transfers, which include an authorisation for a financial institution to debit or credit a consumer account.Entities that are not financial institutions may also be subject to Regulation E.
In this regard, entities that issue a debit card (or other access device) that the consumer can use to access the consumer’s account held by a financial institution, where the entity has no agreement with the account-holding institution regarding such access are also subject to obligations of Regulation E, which include, rights of customers to cancel a transaction, and dispute resolution.Further, entities engaged in these activities may also be considered MSBs, which are AML-regulated entities under the federal BSA.MSBs must register with FinCEN and meet other regulatory requirements, such as implementing an AML compliance programme.Open banking
Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?
The United States has no broad requirement that obliges financial institutions to make customer or product data available to third parties.Nonetheless, financial institutions can be compelled to share information with the public or law enforcement.
Most notably, under the Bank Secrecy Act, which was amended by the USA PATRIOT Act, a law enforcement agency investigating terrorist activity or money laundering may request, through FinCEN, that a financial institution provide information to the agency regarding specific people or entities.
Furthermore, financial institutions are required to file Suspicious Activity Reports following certain types of incidents that might amount to money laundering or fraud.
In 2017, the CFPB issued the ‘Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation’.While this document does not require financial data-sharing or open banking, it outlines principles to be followed where consumer financial information is shared.
In the summer of 2018, the US Department of Treasury published ‘A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech, and Innovation’, which set out the Treasury Department’s vision for the integration of the fintech and traditional banking sectors.It is the first government agency in the United States to publicly advocate for the adoption of open banking standards to allow non-bank fintech’s access to bank transaction data.Insurance products
Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?
Yes, fintech companies seeking to offer insurance products are subject to regulation at the state, not federal, level.Credit references
Are there any restrictions on providing credit references or credit information services in your jurisdiction?
Credit reporting agencies (CRAs) have substantial legal obligations, largely arising from the Fair Credit Reporting Act, which limits the information that can be provided and circumstances in which information can be provided to third parties.Among other things, CRAs must have procedures to provide copies of credit reports to consumers upon request, to correct inaccurate information in reports and to maintain identity theft alerts.CRAs may also be subject to licensing or registration in one or more states.
Cross-border regulation
Can regulated activities be passported into your jurisdiction?
The US financial services regulatory regime generally does not recognise the concept of licensing passporting.
Requirement for a local presence
Can fintech companies obtain a licence to provide financial services in your jurisdiction without establishing a local presence?
A local physical presence generally is not a requirement for obtaining a licence.
Sales and marketing Restrictions
What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?
To the extent that a marketer or promoter, such as a placement agent of securities, is required to be registered with the SEC or the CFTC, there are rules that govern the content of such marketing materials.
More generally, and irrespective of any registration requirements, under the Federal Trade Commission Act, certain truth-in-advertising rules apply to advertisers.Claims in advertisements must be truthful, cannot be deceptive or unfair, and must be evidence-based.For certain specialised products or services, additional rules may apply.
Finally, the CFPB prohibits unfair, deceptive or abusive acts or practices in connection with any transaction, particularly related to consumer debt.
Change of control Notification and consent
Describe any rules relating to notification or consent requirements if a regulated business changes control.
Each regulator has its own change of control requirements.One example is the SEC, where an unregistered firm acquiring or assuming substantially all of the assets or liabilities of the investment advisory business of an SEC-registered investment adviser may rely on special registration provisions for successors to SEC-registered advisers.
Financial crime Anti-bribery and anti-money laundering procedures
Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?
With respect to money laundering, financial institutions are AML-regulated entities under the BSA, and must therefore implement a risk-based AML programme, conduct customer due diligence, monitor transactions and submit currency and suspicious activity reports.The most relevant type of financial institution for fintech purposes are MSBs.
Companies with a US presence or activity may be subject to laws prohibiting the bribery of foreign officials (ie, the Foreign Corrupt Practices Act of 1977 (FCPA)).Companies that are issuers of securities or are required to file reports with the SEC are subject also to the internal controls and books and records provisions of the FCPA.Violations of these provisions or failures to maintain reasonable internal controls or accurate books and records may lead to civil and criminal liability.
More broadly, US enforcement agencies expect companies to have in place a risk-based compliance programme aimed reducing the risk of bribery.Companies without such a compliance programme may face increased fines and compliance conditions should they be investigated and prosecuted by US authorities.
Guidance
Is there regulatory or industry anti-financial crime guidance for fintech companies?
FinCEN maintains a website that contains guidance for traditional financial institutions and non-bank financial institutions, such as MSBs: www.fincen.gov/resources/financial-institutions.The federal functional regulators, such as the OCC, FDIC, and CFPB also publish AML guidance that may be applicable to fintech companies.Further, industry associations, such as the Electronic Transactions Association and Network Branded Prepaid Card Association, also have AML resources available for members.
Peer-to-peer and marketplace lending Execution and enforceability of loan agreements
What are the requirements for executing loan agreements or security agreements? Is there a risk that loan agreements or security agreements entered into on a peer-to-peer or marketplace lending platform will not be enforceable?
Loan agreements are basic contracts that require offer, acceptance, a mutually enforceable agreement and consideration.For the purposes of a loan, consideration may be monetary or promissory (eg, the advance payment of funds and promise to repay those funds with interest).
Under the National Bank Act, banks can make loans at rates and fees allowed in the state where it is located and ‘export’ them nationally without being limited by the usury laws of the state where the borrower resides.At least one Second Circuit decision, Madden v Midland Funding, LLC, raised significant questions for the marketplace lending industry, because the court ruled that a debt collector and non-bank purchaser of a credit card account issued by a national bank to a New York resident was limited by the state’s usury limits.
Assignment of loans
What steps are required to perfect an assignment of loans originated on a peer-to-peer or marketplace lending platform? What are the implications for the purchaser if the assignment is not perfected? Is it possible to assign these loans without informing the borrower?
A state’s implementation of the Uniform Commercial Code (UCC) governs its loan assignments and participations, which are loans made by multiple lenders to a single borrower.UCC article 3 governs negotiable instruments, and UCC article 9 governs secured transactions.The mechanism for perfecting an interest depends on the nature of interest in the loan sold to an investor, whether the loan is secured or unsecured, and the nature of the collateral, if it is secured.
The transferor of a promissory note transfers to the purchaser whatever rights he or she has.
When a whole loan is assigned, the sale of a promissory note perfects upon attachment, or it can be perfected by filing a UCC-1 financing statement in the state’s filing office.
Most lenders do not operate P2P platforms and most of those that do exclude retail investors to simplify their securities law compliance.Marketplace lending platforms both sell whole loans and deposits them into a trust that issues to each lender a partial note of the operator (platform note) that represents the right to receive the lender’s proportionate share of all principal and interest payments received by the operator from the borrower on the applicable loan.
Sale of the participation interest perfects upon attachment or by filing a UCC-1 financing statement in the state’s filing office.
If a transfer is not perfected, the loan holder or investor’s right could be subject to competing claims of interest from other creditors.In the event of a platform bankruptcy, the investor would only have an unsecured claim arising from the loan.
The loan agreements would govern whether an assignment could be made without consent of the borrower.Securitisation risk retention requirements
Are securitisation transactions subject to risk retention requirements?
Risk Retention Requirements became effective in December 2016.They apply to both public and private offerings of asset-backed securities and require a securitiser to retain not less than 5 per cent of the credit risk for any asset that the securitiser (through issuance of an asset-backed security) transfers, sells or conveys to a third party, and prohibit a securitiser from directly or indirectly hedging or otherwise transferring the credit risk that it is required to obtain.
Marketplace lenders have to consider the risks under the Risk Retention Requirements prescribed by the Dodd-Frank Wall Street Reform and Consumer Protection Act.For platform notes, it is unclear whether the notes constitute ‘asset-backed securities’ to which the retention requirement applies.
Nonetheless, the rules were not explicitly applied to platform notes.For securitisations of marketplace loans, the Risk Retention Requirements apply, but lenders have to analyse who will be the ‘sponsor’ required to retain the credit risk.Securitisation confidentiality and data protection requirements
Is a special purpose company used to purchase and securitise peer-to-peer or marketplace loans subject to a duty of confidentiality or data protection laws regarding information relating to the borrowers?
A special purpose company for purchasing and securitising P2P or marketplace loans would have regulatory obligations with respect to confidentiality and data security of personal or personally identifying information under the Gramm-Leach-Bliley Act (GLBA).
Artificial intelligence, distributed ledger technology and crypto-assets Artificial intelligence
Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?
The use of automated investment advice is generally subject to regulation by the SEC or CFTC, as applicable, to the extent that persons providing such advice engage in the activities of a broker-dealer, investment adviser, FCM, CPO or CTA.
The SEC recognises that robo-advisers are a fast-growing trend within the investment advisory industry, and has provided guidance on how it treats automated advisory services.According to the SEC, robo-advisers should be treated as all investment advisers, which are subject to registration with the SEC and the substantive and fiduciary obligations of the Investment Advisers Act of 1940 (the Advisers Act).The SEC views that, as SEC-registered investment advisers, robo-advisers are required to comply with all the obligations set forth in the Advisers Act, including, without limitation, the requirement to provide advice consistent with the fiduciary duty advisers owe to their clients, to provide certain disclosure statements to its clients, to file certain reports with the SEC and to adopt written policies and procedures designed to address issues such as portfolio management, accuracy of disclosures, safeguarding clients assets and privacy protection.
In 2016, the Massachusetts Securities Division issued a policy statement finding that state-registered investment advisers cannot meet their fiduciary obligations to clients by relying solely on robo-advisories without human intervention.
Distributed ledger technology
Are there rules or regulations governing the use of distributed ledger technology or blockchains?
The Federal E-SIGN Act recognises electronic contracts and signatures, and provides that a contract or signature cannot be denied effectiveness solely on the grounds it is in electronic form.
Various states have enacted legislation to promote or otherwise permit the use of blockchain technology.Arizona’s Electronics Transactions Act specifically recognises electronic signatures secured on a blockchain, records and contracts secured on a blockchain and smart contracts as valid and enforceable.Delaware’s General Corporation Law was amended to allow Delaware corporations to put stock ledgers on a blockchain.Vermont enacted a law that enabled blockchain records to be deemed self-authenticating under Vermont’s Rules of Evidence.
Wyoming amended its version of the Uniform Commercial Code to specifically define and classify blockchain secured digital assets, and to set forth the specific requirements for the perfection of a security interest in digital assets through control.Crypto-assets
Are there rules or regulations governing the use of cryptoassets, including digital currencies, digital wallets and e-money?
There is no legislation in the United States that specifically regulates the use of digital currency or digital wallets.Access devices used in e-money transactions are regulated under EFTA and Regulation E with respect to electronic funds transfer.The Truth in Lending Act, and Regulation Z apply to access devices used for lines of credit and loan applications.
The GLBA and Regulation P regulate the treatment of non-public personal financial data.
The Bank Secrecy Act’s AML provisions, and the FinCEN registration and reporting requirements, apply to digital currencies.The Fair Credit Billing Act and EFTA establish procedures for resolving mistakes on credit billing and electronic fund transfer account statements.
Many states have enacted money transmitter licensing requirements that may apply to digital currency exchanges.
New York’s BitLicense applies specifically to transmission and exchanges of digital currencies, whereas Illinois’s money transmitter law excludes digital currencies.Digital currency exchanges
Are there rules or regulations governing the operation of digital currency exchanges or brokerages?
Yes, each of the SEC and the CFTC has issued guidance regarding the operation of digital currency exchanges and brokerages in the United States.Generally, engaging in any such activity will trigger a registration requirement.
In particular, the SEC has issued a ‘Statement on Potentially Unlawful Online Platforms for Trading Digital Assets’ (see www.sec.gov/news/public-statement/enforcement-tm-statement-potentially-unlawful-online-platforms-trading).The guidance suggests that a digital currency exchange may be required to register as a ‘national securities exchange’ under Section 6 of the Securities Exchange Act of 1934 (1934 Act) or an ‘alternative trading system’ (ATS) under SEC Regulation ATS under the 1934 Act.
An ATS is a trading system that meets the definition of ‘exchange’ under federal securities laws but is not required to register as a national securities exchange if the ATS operates under the exemption provided under Exchange Act Rule 3a1-1(a).To operate under this exemption, an ATS must comply with the requirements set forth in Rules 300-303 of Regulation ATS.Initial coin offerings
Are there rules or regulations governing initial coin offerings (ICOs) or token generation events?
Yes, the SEC has indicated that tokens or coins offered pursuant to an ICO likely will be considered securities.As such, any offering of securities token or coins is subject to the Securities Act of 1933, which requires that the offering be registered with the SEC or exempt from registration.
Under Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act, the definition of security does not specify a token or coin, but does specify an ‘investment contract’.The term ‘investment contract’ is the residual category in the definition that captures securities that do not fall within other categories.
In SEC v WJ Howey Co, the US Supreme Court articulated a test for determining whether something is an investment contract.
The test – which has become known as the Howey test – provides that an investment contract is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.
According to the SEC, this definition embodies a ‘flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits’.In considering whether something is a security, ‘the emphasis should be on economic realities underlying a transaction, and not on the name appended thereto’.
The prongs of an investment contract, as articulated in Howey, are thus fourfold: an investment of money; with a reasonable expectation of profits; and to be derived from the entrepreneurial or managerial efforts of others.
Prior to July 2017, the SEC had not applied the Howey test to an ICO.However, on 25 July 2017, the SEC provided important initial guidance on its application of the Howey test to ICOs when it released a Section 21(a) Report of Investigation on its findings regarding the token sale by The DAO.The DAO functions as a decentralised autonomous organisation, which essentially means a virtual organisation embodied in computer code and executed on a distributed ledger or blockchain.
In its analysis of whether The DAO had improperly offered and sold securities via an ICO, the SEC noted that new technologies do not remove conduct from the purview of US federal securities laws.
Based on the facts and circumstances regarding The DAO’s offering of tokens, the SEC found that: DAO tokens are securities under federal securities law; the DAO was required to register the offer and sale of DAO tokens under the Securities Act in the absence of a valid exemption; and any exchange on which DAO tokens were traded was required to register under the Securities Act as a national securities exchange or operate pursuant to an exemption.
In its report, the SEC did not say that all tokens would be securities.Rather, the SEC noted that the determination depends on the particular facts and circumstances and economic realities of the transaction.
The SEC continued to strictly apply the Howey test to a number of ICOs through enforcement actions, finding many to have involved offers of unregistered securities.In March of 2018, SEC director William Hinman gave a speech where he declared bitcoin not to be a security and ether to no longer be a security, and opining that a token offering could be structured to not be a security.In April 2019 the SEC issued the ‘Framework for Investment – Contract Analysis of Digital Assets’, articulating the factors the SEC will use to determine if an offering of a digital asset is a security.
The Framework included the factors that the SEC would weigh to determine if a token was a utility token and not a security.On the same day, the SEC published its first cryptocurrency no-action letter stating that the Turnkey Jet token was not a security.
Data protection and cybersecurity Data protection
What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
The United States does not have omnibus protection of personal data.
Rather, personal data is regulated in particular sectors.The GLBA requires financial institutions and financial services companies to provide notices of their privacy policies and opt-out options regarding sharing non-public personal information with unaffiliated third parties.The Federal Trade Commission (FTC), through its Privacy of Consumer Financial Information Rule (Privacy Rule), enforces requirements for privacy notices and opt-out options for sharing non-public personal data of consumers.
All 50 states have data breach notification laws that require notice to affected persons and remedial activities.California recently enacted the California Consumer Privacy Act, regulating the collection, storage and processing of personal data.
Even where there are no substantive requirements regarding the processing of personal data, companies must comply with their own stated data privacy policies, or may be subject to enforcement actions by the FTC under its general section 5 jurisdiction to prohibit unfair and deceptive business practices.Cybersecurity
What cybersecurity regulations or standards apply to fintech businesses?
There are no specific cybersecurity standards that apply to fintech business.For businesses that store and process credit card information, the Payment Card Industry-Data Security Standard establishes standards for the protection of credit card data.
The New York State Department of Financial Services issued cybersecurity rules for money transmitters, among others, to maintain cybersecurity programmes.
Outsourcing and cloud computing Outsourcing
Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?
Yes, the Federal Reserve, the OCC and the FFIEC have all issued guidance on outsourcing by financial institutions.
The guidance generally requires due diligence on third-party outsourcing providers and contractual standards to address legal, financial and operational risk in outsourcing, as well as ongoing monitoring and supervision.Cloud computing
Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?
Yes.The position of US financial regulators has been to treat cloud computing as a form of outsourcing, so that its outsourcing guidance will apply to cloud computing services.The FFIEC’s ‘Outsourced Cloud Computing’ guidance distinguishes between private clouds, public clouds and hybrids, and the appropriate use of each as it relates to management of risk.
Intellectual property rights IP protection for software
Which intellectual property rights are available to protect software, and how do you obtain those rights?
Intellectual property created by contractors or consultants is owned by that contractor or consultant, unless the parties have otherwise agreed to assign ownership of the intellectual property to the client.
For copyrights, specific types of works created by a contractor or consultant may qualify as ‘works made for hire’, owned by the commissioning party.
Software may also be eligible for patent protection; however, the patent eligibility of software has been narrowed significantly by the courts in recent years.
The US Supreme Court recognised software-implemented business processes as patentable in its 1998 State Street Bank decision.After a decade of overly broad software patents issued by the patent office, the Supreme Court once again ruled on the patentability of software-implemented business processes in Bilski v Kappos and substantially narrowed their eligibility for patent protection.Subsequently, in Alice Corp v CLS Bank, the Supreme Court emphasised that embodying otherwise common aspects of business operations in software would not be eligible for patent protection.
In early 2019, the US Patent and Trademark Office proposed new rules for patent examiners that would narrow the scope of patentability exclusions articulated in Alice.Recent Federal Circuit court rulings have also narrowed patentability exclusions, making room for greater patentability of software.
IP developed by employees and contractors
Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?
Generally speaking, a patent or copyright developed by the employee within the scope of the employee’s duties are the property of the employer.Where a patentable invention is not within the scope of employment (ie, the employee was not hired to develop new inventions), but the invention was created using employer facilities or equipment, or the employer funded the development, the employer may still have a ‘shop right’, which is essentially a royalty-free non-exclusive licence to the invention.
Intellectual property created by contractors or consultants is owned by that contractor or consultant, unless the parties have otherwise agreed to assign ownership of the intellectual property to the client.For copyrights, specific types of works created by a contractor or consultant may qualify as works made for hire, owned by the commissioning party.Joint ownership
Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?
Where US patents are jointly owned, each joint owner can use or license the invention without the consent of the other owner, and there is no duty to account to the other joint owners for any royalties received.
Where US copyrights are jointly owned, each joint owner can use or license the work without the consent of the other owner.A joint copyright owner who licenses a work must account to the other joint owners for any royalties received.Joint owners may not infringe on the ownership rights of other joint owners (eg, by granting exclusive licences to the intellectual property).A joint owner may assign its ownership interest in a patent or copyright in the absence of a contractual restriction against doing so.
Trade secrets
How are trade secrets protected? Are trade secrets kept confidential during court proceedings?
Trade secrets protect information that derives value from not being known by competitors or being readily ascertainable, provided that reasonable measures have been used to keep it confidential.Misappropriation of a trade secret is a tort at common law, and is actionable under the Uniform Trade Secrets Act (enacted in 48 states) and under the federal Defend Trade Secrets Act.Civil remedies for trade secret misappropriation include recovery of damages and injunctive relief to restrain further use or disclosure.In some circumstances, theft of trade secrets may constitute a criminal violation.
In litigation, there are procedures to obtain confidential treatment of trade secrets, such as filing under seal and in-camera review, but these must be pursued by the party seeking confidential treatment.
In the absence of court order, the documents submitted will be public record.Branding
What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?
Typically, brands are protected by trademark law.Trademark protection may be obtained by federal registration with the US Patent and Trademark Office, or may arise at common law.Unlike many other jurisdictions, trademark protection in the US requires use in commerce, and not mere registration.
The Lanham Act prohibits unfair competition through the infringement of another’s trademark, trademark dilution and false advertising.
Both civil damages and injunctive relief is available for violation of the Lanham Act.In rare circumstances, civil seizures and treble damages are available.
Remedies for infringement of IP
What remedies are available to individuals or companies whose intellectual property rights have been infringed?
The patentee is entitled to damages in the event of infringement, which may include reasonable royalties or lost profits.A copyright owner is entitled to actual damages, or alternatively statutory damages (if the copyright has been registered prior to the infringement).Both a patentee and copyright owner may obtain injunctive relief to restrain continued infringement of the intellectual property.
As noted above, both damages and injunctive relief are available remedies in trademark infringement and trade secret misappropriation cases.
Competition Sector-specific issues
Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?
US antitrust laws cover a wide range of companies, including fintech companies, but there are no specific fintech antitrust rules and regulations.US antitrust laws regulate a broad range of activity, including mergers and acquisitions and commercial operations.
Tax Incentives
Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?
To date, there are no federal tax incentives specifically applicable to fintech companies or investors in such companies.There are, however, incentives in the federal tax code to stimulate emerging growth companies.There are also state and local tax incentives aimed at attracting fintech investment and business.
Increased tax burden
Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?
The Internal Revenue Services issued guidance in April 2019 on taxation of cryptocurrencies, noting that its guidance is for applying existing general tax principles to cryptocurrency transactions.Some states would prohibit local governments from imposing taxes on the use of blockchain technology (eg, the proposed Blockchain Technology Act introduced in 2018 in Illinois).Other states, such as Nebraska, introduced bills to define providers of virtual currency as ‘marketplace facilitators’, subject to collection and remittance of sales and use tax.
Immigration Sector-specific schemes
What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?
Although not limited to fintech workers, technology companies have sought H1-B visas to hire highly skilled workers.The cap on such visas (85,000 in financial year 2019) is typically exhausted in the first few months of the year.
The US Citizenship and Immigration Services agency put out a new policy memo requiring ‘detailed documentation’ about H-1B workers employed at third-party work sites to demonstrate that employees are actually filling specialised roles for which they were hired.The Department of Homeland Security is considering a new rule entitled ‘Strengthening the H-1B Nonimmigrant Visa Classification Program’ that would narrow the pool of foreigners eligible for the visa programme, further restricting companies’ access to skilled talent.
Update and trends
Are there any other current developments or emerging trends to note? Current developments45 Are there any other current developments or emerging trends to note?
Staff at the SEC recently stated that bitcoin and ether were not considered securities, and that cryptocurrencies achieving sufficient decentralisation would no longer be considered securities.The SEC has also stated a willingness to discuss the application of securities laws to new tokens prior to launch.
This may signal an evolution in the SEC’s understanding of cryptocurrencies and a more open approach to the consideration of cryptocurrencies as securities in the future.
The SEC’s recent publication of ‘Framework for Investment – Contract Analysis of Digital Assets’, articulating the factors the SEC will use to determine if a an offering of a digital asset is a security, suggests that the SEC is open to token offerings that do not constitute a sale of securities.
The Turnkey Jet no-action letter released on the same day as the Framework demonstrated a willingness of the SEC to prospectively exempt certain token offerings from registration as securities.
Facebook has recently announced the development of a global cryptocurrency.
The Libra cryptocurrency is being supported by founding members of the Libra Association, who are major e-commerce and social media companies.The US Congress has requested hearings on the cryptocurrency and on the impact of alternative currency and data privacy concerns..
