The FinTech Revolution: Enforcement Actions Brought against FinTech Companies and Their Implications

White Collar Watch (July 2017 • Vol 1, Issue 2)

This is the second installment in a series of articles. For an understanding of FinTech products and services and how they are disrupting the financial services industry, please read our first article in this series, An Introduction to Financial Technology.

As law enforcement authorities and government regulators have developed a greater understanding of the FinTech industry, various government agencies have brought enforcement actions against FinTech companies in an effort to protect the integrity of our financial system. This article surveys these actions and discusses the implications that they may have on the FinTech industry as a whole. Notably, cryptocurrencies such as bitcoin have dominated regulators’ focus relative to other FinTech products and services. For this reason, it is useful to separate out enforcement actions involving cryptocurrencies from enforcement actions involving other areas of FinTech.

Enforcement Actions Concerning the Use, Exchange, and Marketing of Cryptocurrencies

A number of well-publicized criminal prosecutions have been pursued by the U.S. Department of Justice ("DOJ") against companies and individuals seeking to use bitcoin or other cryptocurrencies for illicit purposes. Perhaps most notoriously, the founders of Silk Road and Silk Road 2.0 were charged with money laundering, computer hacking, trafficking narcotics, and trafficking fraudulent identification documents after it was determined that these websites promoted a black market for illegal drugs and other illicit goods and services by having users anonymously conduct transactions in bitcoin.1 The DOJ also charged several individuals associated with, a bitcoin exchange service that offered, for a fee, to exchange cash for bitcoins for cyberattack victims paying bitcoin ransoms to individuals hijacking their computers. The defendants in this case were charged with operating an unlicensed money transmitting firm, making corrupt payments, wire fraud, and money laundering.2

Other agencies also have pursued actions against companies using cryptocurrencies in an unlawful manner. For example, the Securities and Exchange Commission ("SEC") has brought enforcement actions against a number of companies offering virtual currency investment opportunities that did not properly register security offerings.3 Likewise, the Commodity Futures Trading Commission ("CFTC") brought an enforcement action against Coinflip, a service connecting buyers and sellers of bitcoin operation contracts, for failure to meet regulatory requirements and failure to register as a swap execution facility.4 Finally, the Financial Crimes Enforcement Network ("FinCEN") assessed a civil penalty against Ripple Labs, a digital currency operator, based upon its failure to register as a money services business and to implement a suitable anti-money laundering program prior to beginning sales.5

Most recently, the Internal Revenue Service ("IRS") has sought to investigate the use of cryptocurrencies to facilitate tax evasion. In November 2016, the IRS requested, and received, permission to serve a "John Doe" summons on Coinbase, a cryptocurrency exchange, seeking information on all users who transferred virtual currency from 2013 to 2015. If the summons is upheld, the IRS will be able to mine the data that is produced under the summons to identify tax evaders and bring enforcement actions accordingly.6

Enforcement Actions Brought in Connection with Other FinTech Services

Though perhaps subject to less scrutiny than businesses involving cryptocurrencies, other services that fall under the FinTech umbrella have not been immune from regulatory enforcement actions. In 2013, the DOJ shut down Liberty Reserve, an online payment processor and digital currency system, for facilitating drug trafficking and child pornography, because it did not require users to validate their identification information. The company and seven of its principals were charged with conspiracy to commit money laundering and operating an unlicensed money transmitting business.7 In March 2015, the Office of Foreign Asset Control ("OFAC") entered into a settlement agreement with PayPal based upon allegations that PayPal did not implement sufficient compliance procedures to identify and prevent transactions violating U.S. sanctions programs.8

The Consumer Financial Protection Bureau ("CFPB") also has pursued enforcement actions against FinTech enterprises. In 2016, it entered into a consent order with LendUp, an online lending company that advertised its loan programs as allowing consumers to build up their credit over time. The CFPB determined that LendUp engaged in unfair and deceptive practices in violation of the Consumer Financial Protection Act, because it failed to provide consumers with several of the advertised benefits of the program and it had no written policies or procedures in place related to credit reporting.9 Also in 2016, the CFPB brought an enforcement action against Dwolla, Inc., an online payment provider, on the grounds that Dwolla falsely represented the strength of its data security practices, in violation of the Dodd-Frank Wall Street Reform and Consumer Protection Act.10

Implications for the FinTech Industry

Government agencies are still in the early stages of determining how to address the challenges presented by FinTech. While certain agencies, such as the DOJ, have pursued enforcement actions to punish and deter conduct that is clearly unlawful, other agencies such as the IRS, FinCEN, and the CFPB have sought to establish their authority to regulate this space by initiating test cases. Certain enforcement actions also indicate that government agencies are prepared to punish FinTech companies for failing to "know their customers" because they, like banks, often serve as gatekeepers to the financial system.

The enforcement actions that have been pursued thus far are reflective of the broad range of laws and regulations that the FinTech industry implicates. The evolving and innovative nature of this industry also means, however, that legal requirements can be murky and that the industry is vulnerable to individuals and entities seeking to exploit the industry for fraudulent and illegal activity. We will return to these issues in future issues of White Collar Watch. Nevertheless, FinTech companies are well-served to understand the types of enforcement actions that already have been brought, so that they can evaluate applicable legal requirements and ensure that compliance procedures are properly implemented as early as possible.  —  ©2017 BLANK ROME LLP

  1. United States v. Ulbricht, 1:14-cr-00068 (S.D.N.Y.); United States v. Benthall, 1:14-2427 (S.D.N.Y.).
  2. United States v. Murgio et al., 1:15-769 (S.D.N.Y.).
  3. In the Matter of Erik T. Voorhees, File No. 3-15902 (SEC June 3, 2014) (involving failure to register securities offerings in violation of the Securities Act); In the Matter of BTC Trading Corp. and Ethan Burnside, File No. 3-16307 (SEC Dec. 8, 2014) (involving the operation of unregistered virtual securities exchanges); In the Matter of Sand Hill Exchange et al., File No. 3-16598 (SEC June 17, 2015) (involving violations of Dodd-Frank Act by company offering investments in financial derivatives through its website rather than on a national securities exchange in violation of the Dodd-Frank Act).
  4. In the Matter of Coinflip, CFTC Docket No. 15-29 (Sept. 17, 2015).
  5. In the Matter of Ripple Labs Inc. and XRP II, LLC, Financial Crimes Enforcement Network, Order Number 2015-05 (May 5, 2015).
  6. See Case No. 3:16-cv-06658-JSC (N.D. Cal.).
  7. United States v. Liberty Reserve, et al, 13-368 (S.D.N.Y).
  8. Settlement Agreement Between OFAC and PayPal, Inc., MUL-762365.
  9. In the Matter of Flurish d/b/a Lendup, File No. 2016-CFPB-0023 (Sept. 27, 2016).
  10. In re Dwolla, Inc., File No. 2016-CFPB-0007 (Mar. 2, 2016).

© 2017, Blank Rome LLP. All rights reserved. Please contact Blank Rome for permission to reprint. Notice: The purpose of this update is to identify select developments that may be of interest to readers. The information contained herein is abridged and summarized from various sources, the accuracy and completeness of which cannot be assured. This update should not be construed as legal advice or opinion, and is not a substitute for the advice of counsel.