Law and Practice

1. Fintech Market

 1.1 Evolution of the Fintech Market

"Fintech" refers generally to the financial services industry's emerging use of sophisticated software, including machine learning and artificial intelligence (AI), and other modern technologies to enhance financial services and their delivery to consumers. Fintech encompasses a range of different technologies and subsectors of the financial services space, including the use of mobile payment apps and the incorporation of blockchain technologies. 

Fintech Investment Rebound 

With the ongoing emergence of COVID-19 variants, COVID-19 is generally becoming accepted as the new social norm. The broader US economy appears to have shifted its focus from COVID-19 response to recovery, which has been accompanied by a correlated increase in fintech investments overall. Unsurprisingly, at the outset of the pandemic in the first half of 2020, fintech venture investment experienced a significant decrease with correspondingly poor outlooks. However, investment volume rebounded substantially in 2021, with fintech venture investments reaching USD134 billion, marking year-over-year growth of 177% and substantially greater growth compared to global venture capital investment in 2021 generally. 

This substantial growth was attributable to significant funding rounds of at least USD100 million, which suggests institutional investors' continued intention to capitalise on the fintech trend. Start-ups seem to have benefited in particular, with a sizable number of investors seeking new growth opportunities through early-stage funding. In 2021, early-stage deals accounted for 63% of total deals, and the average deal size increased from USD2 million to USD3 million. Similar to 2020, fintech investment in 2021 was led by corporate and venture capital investors, arguably in response to downstream investor pressure for more fintech exposure. Adoption of fintech in the financial services industry is expected to increase, and fintech investment is expected to reach approximately USD324 billion by 2026.

The growing attention to fintech M&A merits special attention. Fintech M&A allows banks, among others, to acquire digital capabilities without expending the substantial resources necessary to build their own fintech solutions internally. Payments continue to be a key theme in fintech M&A, with buy-now, pay-later (BNPL) platforms experiencing substantial growth during the pandemic. BNPL offers an alternative to traditional consumer credit options, seeking to expand the consumer base to include, for example, those without credit cards. Fintech firms have dominated the BNPL market in recent months, with 61 BNPL acquisitions made in August and September 2021 alone, with five deals exceeding USD2 billion. This trend may hold in the coming years as the focus on payments continues. 

Growing Consumer Adoption of Fintech 

Consistent with the significant growth in fintech investment, US consumers' adoption of fintech has increased substantially. This adoption is partially attributable to the pandemic, which increased the need for seamless and convenient digital services that obviate the need for in-person interaction and businesses' corresponding need to shift to digitised online platforms. In 2021, 88% of US consumers used some form of fintech (such as mobile banking, mobile payments, and retail/e-commerce applications), compared to only 58% in 2020. This uptrend is likely to continue, as the ongoing effects of the pandemic continue to place pressure on brick-and-mortar businesses and other in-person commerce.

Heightened Regulatory Scrutiny 

Fintech is an emerging component of a broad range of financial services, which are subject to diverse laws and regulations that are generally not designed to address the challenges posed by technological advances. Fintech involving blockchain technology, cryptocurrencies and other digital assets is particularly subject to regulatory scrutiny and is subject to the potential for significant, fast-moving legal developments. Fintechs in this space should be prepared for enhanced scrutiny under the Biden administration with regulation of cryptocurrencies and stablecoins specifically expected to increase in 2022. For example, during Treasury Secretary Janet Yellen's nomination hearing, she expressed concerns about the cryptocurrency market and resolved to establish rules limiting "malign and illegal activities" without inhibiting fintech innovation. In March 2022, the Biden administration issued an Executive Order on Ensuring Responsible Development of Digital Assets (the "Executive Order"), which sets forth a government-wide strategy to regulate cryptocurrencies, including a detailed outline of the administration's key policy and regulatory objectives. The Executive Order not only references regulatory issues such as anti-money laundering (AML) but also emphasises the importance of reinforcing the United States' leadership and competitiveness in global finance through "the responsible development of payment innovations and digital assets" and the need to "promote access to safe and affordable financial services." These positive statements have given some in the digital assets space a sense of cautious optimism. In any event, the Executive Order suggests that the White House intends to take on a progressively more important role in the oversight of cryptocurrencies and digital assets generally. In addition, legislative developments and agency rulemaking are poised to effect significant changes in the forthcoming regulatory landscape, as discussed in 12.2 Local Regulators' Approach to Blockchain.

2. Fintech Business Models and Regulation in General

 2.1 Predominant Business Models

Fintech business models span a range of different categories, including banking, non-bank lending (eg, personal finance and equity financing), investment management services, blockchain technology and digital assets, and insurance. Within each of these categories, there are a number of different business models with varying operational designs and regulatory burdens.

As regulators clarify their positions on key issues, certain business models and regulatory approaches have become settled and arguably predominant in the space. For instance, fintech firms operating as cryptocurrency trading platforms typically analogise themselves to the money transmitter licensee model, which is familiar to state regulators. Over time, several state regulators have adapted their money transmitter regulations to cryptocurrency businesses, which has hastened the adoption of the money transmitter model as a default construct. On the legacy banking side, fintech firms have sought state licences or permissions to be able to act as service providers to unaffiliated banking institutions under applicable state banking and other relevant laws.

As fintech firms continue to engage with regulators, the authors anticipate that additional business models will become predominant over time. For example, there remains a pressing need for qualified custodians for digital assets, and fintech firms have gravitated towards either a state trust company licence or federal banking charter, both of which authorise custodial functions. Time will tell whether one or both of these models will become the norm. 

 2.2 Regulatory Regime

In the USA, the regulation of financial services (and thus fintech) is fragmented across multiple federal authorities and various state regulators. No single regulatory authority exercises exclusive jurisdiction over the fintech industry, and jurisdiction depends primarily on the business activity in question. While federal law pre-empts certain state regulation where the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC) or Office of the Comptroller of the Currency (OCC) has exclusive jurisdiction by statute, in most cases, there is no pre-emption and fintech firms must consider whether they are subject to more than one regulatory regime. Often multiple regulatory authorities have overlapping jurisdictions, resulting in ambiguity as to the scope of each regulator's supervisory authority. With fintech growing dramatically, US regulators have realised the industry's need for a consistent (or at least clear) regulatory approach, but uniformity is impossible due to the disparate laws and regulatory purposes driving federal and state authorities. Fintech firms are likely to continue facing substantial challenges in navigating diverse and sometimes conflicting legal requirements.

 2.3 Compensation Models

A fintech firm's business activity is the primary driver of its compensation model. For example, a trading venue or dealer that permits clients to buy and sell assets will typically charge trade commissions. For a trading venue that is a cryptocurrency trading platform (and is a state-regulated money transmitter as opposed to an SEC- or CFTC-registrant), a key issue tends to be the transparency of fee calculation and the adequacy of customer disclosures. On the other hand, a fintech firm offering advisory services will typically charge a base management fee and a performance-based fee, and if the firm is an SEC-registered investment adviser, its clients must meet certain eligibility criteria for the firm to appropriately charge performance-based compensation. The more particular details of a firm's compensation structure (eg, tiered fees based on transactional volume and similar variations) depend on many factors, including regulatory requirements, the firm's maturity, market conditions, industry competition and consumer demand.

 2.4 Variations between the Regulation of Fintech and Legacy Players

The relevant regulatory framework depends on the fintech firm's business activity. To date, though a number of fintech regulatory sandboxes have been put in place, federal and state authorities have generally sought to regulate fintech firms through interpretations of existing paradigms rather than through the proactive adoption of new rules. This has placed some stress on fintech innovation, as many fintech firms lack the resources and experience of more traditional financial firms and, at least initially, may be unable to satisfy the robust compliance, risk management and other requirements imposed by applicable laws. Any effective solution will require regulatory creativity and a willingness to balance the need for oversight and consumer protection with the potential benefits of innovation.

 2.5 Regulatory Sandbox

Several US regulators have developed regulatory sandboxes for fintech. For example, the Consumer Financial Protection Bureau (CFPB) issued a compliance assistance sandbox offering firms a liability safe harbour from specified legal provisions while testing new products for a limited period of time. The SEC, CFTC and OCC have all formed offices dedicated to supporting responsible innovation in the financial sector. A prominent example is the CFTC's LabCFTC, which facilitates collaboration and information sharing between the fintech industry and regulators. Some states have also formed their own regulatory sandboxes. North Carolina's NC Sandbox Act codifies an agreement not to enforce specific regulations, permitting approved applicants to make innovative products or services available to consumers.

Because of the fragmented nature of US financial services regulation, no single US agency can, on its own, create an effective, industry-wide regulatory sandbox. Importantly, compliance with one regulator's sandbox does not prevent enforcement action from another federal or state regulator, and fintech firms must exercise caution in this regard. 

 2.6 Jurisdiction of Regulators

The regulatory framework applicable to a fintech firm depends on its business activities and a variety of other factors, including its customer base. For example, banks are primarily regulated by the OCC, the Federal Deposit Insurance Corporation and the Federal Reserve. The SEC and, to the extent applicable, self-regulatory organisations (SROs), such as the Financial Industry Regulatory Authority (FINRA), regulate and supervise financial services firms whose businesses involve securities, including issuers, broker-dealers and investment managers. The CFTC and, to the extent applicable, the National Futures Association (FINRA's counterpart SRO in the CFTC-regulated space), maintains regulatory and supervisory authority over firms whose business involves CFTC-regulated instruments such as futures and certain other derivatives; these firms include, without limitation, commodity pool operators, futures commission merchants and designated contract markets. Other relevant agencies include the Financial Crimes Enforcement Network (FinCEN) (financial crimes), the Office of Foreign Assets Control (OFAC) (economic and trade sanctions) and the CFPB (consumer protection). States are also highly active in fintech regulation, with most states requiring firms providing digital wallet or cryptocurrency trading services to obtain money transmitter licences.

Because fintech activities can easily cross lines from one regulated space to another, firms should take a proactive approach to assessing their regulatory obligations. Depending on its business activities, a firm could easily be subject to the simultaneous oversight of FinCEN, a state money transmitter or lending authority, the SEC and/or CFTC. In many cases, fintechs seek to isolate regulatory burdens and risks by utilising legally separate but affiliated entities with different business activities and thus regulatory statuses.

 2.7 Outsourcing of Regulated Functions

Financial institutions in the USA commonly outsource regulated financial services functions. A common fintech business model is a partnership between a bank and a third-party fintech service provider to support the bank's provision of, for example, mobile banking services. A properly structured partnership may subject the firm to additional regulatory obligations and will require the firm to contractually agree to comply with the bank partner's regulatory requirements and industry standards, including, for example, cybersecurity and data protection policies and procedures. There has been extensive guidance from the OCC, the primary federal banking authority, with respect to third-party vendor risk management and related practices. As further discussed in section 2.12 Conjunction of Unregulated and Regulated Products and Services, a truly "unregulated" fintech firm is few and far between. In any event, whether a regulated or unregulated fintech firm is preferable for outsourcing arrangements would be dependent largely on the regulatory obligations, industry standards, and risk management policies applicable to the outsourcing entity.

 2.8 Gatekeeper Liability

There is no information available in this jurisdiction. 

 2.9 Significant Enforcement Actions

Fintechs are regularly the subject of enforcement actions by US regulatory agencies. In 2021, cryptocurrencies have been the main focus of such actions, with additional pressure arising from the Biden administration's determination to make cryptocurrency enforcement a priority. In 2021, the SEC brought 20 cryptocurrency-related enforcement actions. The CFTC was not far behind, bringing a string of enforcement actions against cryptocurrency trading platforms the same year. FinCEN is also active in this space and works together with the SEC and CFTC to enforce compliance with applicable AML laws.

Enforcement actions can result in significant monetary penalties. For example, in August 2021, the CFTC and FinCEN jointly imposed a USD100 million penalty against BitMEX, a cryptocurrency trading platform, for violations of the Commodity Exchange Act (CEA) and the Bank Secrecy Act (BSA). More recently, in February 2022, the SEC charged BlockFi Lending LLC ("BlockFi") with unregistered offers and sales of its retail crypto lending product; these charges (and parallel state charges) were settled with an aggregate USD100 million penalty, with USD50 million payable to the SEC.

 2.10 Implications of Additional, Non-financial Services Regulations

A broad array of non-financial laws are potentially relevant to fintech firms. In many cases, these provisions relate to privacy, cybersecurity and related data and software-related laws, because fintechs frequently collect, store and process consumer personal information. Depending on the services they provide, fintechs may be subject to general business laws, such as consumer protection and fairness laws administered by the CFPB. In large part, these laws predate the advent of fintech and do not make substantive distinctions between fintechs and legacy participants. Regulators continue to struggle to adapt these rules to newer, more complex fintech business models. 

 2.11 Review of Industry Participants by Parties Other than Regulators

Fintechs, like any other business, may be subject to diligence review by their banks, auditors, interest holders and business counterparties. For example, in M&A transactions, fintechs may be subject to diligence by prospective investors, acquirers, underwriters or financial advisers. The diligence review often includes ensuring there is an appropriate plan in place to remedy any issues discovered during due diligence, including any regulatory compliance matters. Diligence reviews are also conducted as part of many business arrangements, including, for example, when a digital assets lender onboards borrowers onto its lending platform or when digital assets issuers enter into listing arrangements with a cryptocurrency trading platform. 

 2.12 Conjunction of Unregulated and Regulated Products and Services

Many businesses that fall under the fintech umbrella are regulated to some extent, and few fintech services are truly unregulated. As an example, any activity that involves some flow of cryptocurrency or fiat currency (including payments services, lending, and exchange or transfer services) is likely to be extensively regulated under federal and/or state laws. Since fintech by definition straddles the cutting edge of technology, fintechs can quite easily cross the line from unregulated to regulated activity such as by providing investment advice. Further, a fintech firm that engages in a regulated activity and is therefore licensed by a state or federal authority should also be mindful that, in many cases, the firm as a whole – and its activities in the aggregate – may be subject to regulatory supervision and oversight. Fintech firms are thus advised to adopt a proactive approach towards regulatory compliance. 

 2.13 Impact of AML Rules

A wide range of financial services providers (including banks, brokers and money services businesses, among others) are subject to AML laws and regulations imposed by the BSA and FinCEN rules, as well as certain other regulatory regimes. A majority of fintech firms fall into this regulatory classification, including cryptocurrency trading platforms. The specific requirements applicable to a fintech firm will depend on its business model and the services it provides, its risk profile, and the types of customers it serves. In most cases, applicable AML requirements extend to the operations of the firm generally rather than strictly to a specific type of regulated or unregulated activity. Finally, as a practical matter, even if a particular fintech firm is not subject to AML laws on its own, its business partners, including banking partners, are likely to require proof of compliance with applicable AML laws as a prerequisite to any business arrangement. 

3. Robo-Advisers

 3.1 Requirement for Different Business Models

The term "robo-advisers" generally refers to digitised platforms that provide clients with automated financial planning services based on algorithms or mathematical formulas. Robo-advisers rely extensively on software, are intended to minimise human interaction and involvement, and are generally designed to provide a more cost-effective advisory solution to a broader range of clients than traditional wealth management services. Robo-advisers vary widely in their design and functionalities, including the assets as to which they advise, the degree to which the advice is personalised, and whether or not the advice is provided on a discretionary or nondiscretionary basis. Many robo-advisers offer advice with respect to exchange-traded funds, which are low-cost and diversified compared to other securities investments; this is consistent with the fact that robo-advisers often target lower net worth clients seeking lower cost and risk-controlled investment exposure. 

Regulation of robo-advisers depends largely on the assets as to which they provide advice. Many robo-advisers advise as to securities, which generally requires them to be SEC-registered investment advisers. Advice about CFTC-regulated instruments generally requires the firm to become a CFTC-registered commodities trading advisor. If the firm advises exclusively with respect to physical commodities, such as bitcoin, the robo-adviser would not be subject to SEC or CFTC registration, although it would remain subject to the CFTC's anti-fraud and anti-manipulation authority over spot commodities markets.

Robo-advisers' activities may extend beyond investment advice, such as executing transactions on behalf of clients, which could increase regulatory burdens. For example, if executed transactions involve securities, the robo-adviser may be subject to broker-dealer registration under the Securities Exchange Act of 1934, as amended (the "1934 Act"). If the robo-adviser also provides a facility for effecting trades, the robo-adviser may be required to register as an exchange under the 1934 Act. 

 3.2 Legacy Players' Implementation of Solutions Introduced by Robo-Advisers

Many legacy investment advisers have formed new sister companies to offer robo-advice to clients. Incorporating a robo-adviser into a traditional firm's advisory structure may adversely affect revenue, as robo-advisers typically offer their services at lower cost. A potential solution is for legacy advisers to actively distinguish robo-advice from traditional advice and/or to offer the products to different markets. Consequently, robo-advisers are typically marketed to smaller investors who neither need nor can afford personalised investment advice. Larger investors, however, may desire personal, human interaction tailored to their individual investment needs, which would justify the material additional cost of traditional advice.

 3.3 Issues Relating to Best Execution of Customer Trades

Robo-advisers frequently automate the execution of customer orders in the interests of cost reduction and operational efficiency. This approach raises two key regulatory problems. 

First, the robo-adviser remains obligated to obtain best execution of client trades. An automated system, where every order is routed a particular way, may not be consistent with best execution. Some robo-advisers attempt to address this problem through disclosure to the client about how trades will be executed with warning that this order routing may not be consistent with best execution. These disclosures are generally effective if they are clear and the client consents to the arrangements. 

Automated trading creates an additional concern because the absence of human verification can lead to rapid and very expensive errors if the computer systems do not work as expected. There have been cases, for example, where a software error caused orders to be doubled, so that clients purchased twice as much on each order than was intended. The robo-adviser is generally liable for the damages caused by such errors. Firms generally seek to mitigate this risk by carefully testing all computer software before deployment and by including broad exculpation clauses that purport to limit the adviser's liability for trade errors. However, the SEC has recently cautioned that such clauses are frequently ineffective and may themselves violate federal law if overbroad. 

4. Online Lenders

 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities

Federal and state laws impose extensive requirements on non-bank lenders related to the marketing, origination, servicing and assignability of consumer and commercial loans. These requirements vary significantly based on the lender's business as well as the domiciles and sophistication of its borrowers. For example, different state licensure requirements apply depending on the specific lending activity contemplated, which may range from lending to loan brokering and differ depending on the type of loan. Generally, licensed non-bank lenders are subject to the licensing, reporting and other requirements under applicable state lending law, as well as the examination and enforcement authority of the relevant state lending regulators. These requirements are substantially different from the more onerous regulatory obligations imposed on traditional bank lenders.

At a high level, non-bank lenders' consumer loans are the most heavily regulated loan type. For example, while an extensive state-level licensing framework exists in connection with the brokering and origination of consumer loans by non-bank entities, fewer states license and examine non-bank commercial lenders. Nonetheless, certain key states, including California and South Dakota, require the licensing of non-bank lenders in connection with commercial loans, and California also requires the licensure of both commercial and consumer loan brokers. 

It should also be noted that there are certain state and federal laws that apply to the provision of commercial and other types of credit more broadly. These include state usury laws, fair lending laws and data security requirements. At the federal level, generally applicable requirements include the Equal Credit Opportunity Act (ECOA) and Regulation B thereunder, which require lenders to issue an adverse action notice to denied credit applicants whether they are a commercial or consumer entity. In addition, the Fair Credit Opportunity Act imposes certain obligations on creditors in connection with personal credit reports used in connection with guarantees provided in relation to commercial credit. 

 4.2 Underwriting Processes

Both consumer and commercial credit providers are subject to the prohibitions set forth in the ECOA, including a prohibition on credit decisioning involving prohibited bases (eg, a discriminatory basis). Non-bank consumer lenders are required to adhere to any requirements imposed by the licence under which they operate their business. For example, there may be certain state requirements related to maximum loan amounts in relation to a borrower's gross monthly income. Non-bank commercial lenders typically have fewer statutory requirements that affect underwriting models. However, both California and New York have enacted laws that will soon impose onerous disclosure requirements on certain providers of "smaller" commercial credit (as of the date of this submission, final regulations have yet to be promulgated by either state). Other states also have pending legislative proposals that, if passed, would affect the disclosures provided to certain small business commercial credit applicants. 

The underwriting processes for non-bank lenders differ significantly depending on the borrowers targeted and the type of loans contemplated. These processes thus take into account a wide range of disparate data, including credit scores, bank transactional data, income, and rent and employment histories. Some lenders have sought to use AI to analyse and process such data for their underwriting models. State and federal laws generally do not expressly address non-bank lenders' use of fintech advancements, such as AI or blockchain technology to facilitate, monitor or manage their underwriting or loan management processes. Over time, regulations may evolve to address the convergence of fintech and non-bank lending, but prior developments in this space suggests that the evolution will be incremental. In any event, non-bank lenders must be cautious that their underwriting processes, whether or not supported by fintech advancements, do not result in discriminatory or unfair effects on certain classes of borrowers in contravention of applicable law. 

 4.3 Sources of Funds for Loans

The sources of funds depend upon the entity making the loan. US-insured depository institutions typically use deposits to fund their lending programmes. They are heavily regulated and supervised by applicable federal and state banking authorities, which permit them to accept customer deposits. Non-bank lenders, however, are not permitted under US law to accept deposits and therefore typically fund loans with lender-raised capital (including equity raises, debt obligations and peer-to-peer funding) as well as securitisations of the receivables generated through structured financial agreements. The sources of funding for non-bank lenders thus tend to be substantially more costly and raise complex regulatory issues. Notably, however, peer-to-peer lending has developed substantially, with many digital platforms permitting investors to qualify as lenders and finance (and thus invest in) loans on a streamlined online portal; this has made peer-to-peer lending more cost-effective and less resource-intensive.

 4.4 Syndication of Loans

"Loan syndication" is a term typically reserved for significant institutional borrowers where a loan is arranged by a group of commercial or investment banks. In the non-bank lending space, the best conceptual analogue may be loan securitisations. Consumer and commercial loans originated by non-banks are often securitised to increase available capital. Typically, the lender designates a pool of receivables that share certain characteristics to securitise. The receivables are then transferred into an affiliated special purpose entity (SPE) that borrows against those receivables. The SPE then retains an entity to service those receivables on an ongoing basis. Recourse against the originator is typically involved such that, if any part of the receivable portfolio fails to meet the predetermined eligibility criteria, the ineligible receivables are removed from the facility. The holding of such receivables by an SPE may be affected by state laws relating to entities that are permitted to be assignees of receivables originated under a particular state licence. Federal securities laws also may be relevant to the securitisation process. 

5. Payment Processors

 5.1 Payment Processors' Use of Payment Rails

Payment processors in the US typically use existing payment rails to process customer-initiated payments, with most payments within the US moved through credit cards, debit cards, ACH and the Clearing House's RTP Network. While fintech firms may develop, and in some cases have developed, their own payment rails, significant barriers to entry exist with respect to the creation of new payment networks because they generally require substantial input from US insured depository institutions as well as relevant federal and state regulators. Consequently, banks and other traditional financial institutions remain critical components of the payments industry, and the development of new payment rails depends largely on their adoption by such institutions and integration with traditional payment flows. The advent of stablecoins, specifically those designed for one-to-one parity with fiat currencies, and the growing interest in government-backed central bank digital currencies (CBDCs), have significantly expanded the technological potential of payment rails. However, beyond stablecoins' current use as an alternative to fiat for the purpose of facilitating cryptocurrency transactions, stablecoins and CBDCs have yet to gain meaningful acceptance in the US as a potential supplement to or replacement for traditional payment rails.

 5.2 Regulation of Cross-Border Payments and Remittances

Money transmitters, payment processors and similar money services businesses are regulated at both the federal and state levels, and each level of regulation affects the cross-border movement of funds. At the federal level, money services businesses must register with FinCEN and must comply with extensive AML obligations. At the state level, 49 states generally require a money transmitter licence for entities engaging in funds transfers, including international transfers, with substantive ongoing compliance requirements. The specific regulatory restrictions applicable to funds movements by a given money services business depend on the controlling statutes as well as the business plan the business submitted to regulators with respect to its anticipated operations.

In addition to the foregoing, there are significant industry requirements relevant to certain payment rails, particularly card networks and the ACH system. These requirements affect all forms of fund movement internationally and involve a complex set of requirements to ensure compliance with AML and other obligations. Firms involved in the business of funds movement should be mindful of the myriad of federal and state regulations and industry standards that may apply.

6. Fund Administrators

 6.1 Regulation of Fund Administrators

There is no information available in this jurisdiction.

 6.2 Contractual Terms

There is no information available in this jurisdiction.

7. Marketplaces, Exchanges and Trading Platforms

 7.1 Permissible Trading Platforms

Exchanges, trading platforms and trading venues (collectively, "Exchanges") may be subject to SEC, CFTC or state regulation depending on the types of assets they support. Exchanges for securities, including securities-based derivatives, are subject to SEC registration and oversight, while exchanges for futures and other CFTC-regulated instruments are subject to those of the CFTC. Exchanges that permit trading on digital assets that are neither SEC- nor CFTC-regulated instruments are generally regulated under state money transmitter laws, state laws specific to digital assets, such as the New York BitLicense, and/or state trust laws. It is worth noting that digital assets Exchanges typically are not regulated in the same manner or to the same degree as SEC- or CFTC-regulated Exchanges, as state laws do not have specific rules governing listing, quotes, order matching or other Exchange operations. Exchanges that are "decentralised" and, in theory, are not created and operated by an identifiable firm remain subject to the same regulatory classifications, although enforcement by the SEC and CFTC is not yet as aggressive as other areas of the digital assets market (such as the SEC's enforcement actions against unregistered offers and sales of securities).

 7.2 Regulation of Different Asset Classes

Please see section 7.1 Permissible Trading Platforms.

 7.3 Impact of the Emergence of Cryptocurrency Exchanges

For information about digital assets Exchanges, please see 7.1 Permissible Trading Platforms. To the extent that a digital assets Exchange is not subject to SEC or CFTC jurisdiction, the Exchange typically must comply with the laws of each state in which it does business. With the exception of recently implemented regulatory regimes, such as the New York BitLicense and the Louisiana Virtual Currency Business Act, the state money transmitter, trust and other laws relevant to digital assets Exchanges are many decades old and principally designed for much older, conventional business models. These laws have been slow to adapt to the technological complexities posed by digital assets Exchanges, but the authors have seen notable growth in the flexibility of state regulators in addressing novel regulatory issues. Growing regulatory scrutiny in this area at both the federal and state levels is likely to yield potentially significant legal developments in the coming year. 

 7.4 Listing Standards

The SEC and CFTC do not establish listing standards for the Exchanges they regulate. Instead, the Exchanges set their own standards for initial and continued listing, including cash flow and revenue thresholds, market capitalisation requirements, minimum number of shareholders and disclosure obligations. These listing requirements are intended to increase the likelihood that listed assets are sufficiently liquid (with an adequate number of shareholders), which mitigates the risk of manipulation and fraud. Separate from listing requirements, Exchanges are subject to extensive supervisory and regulatory oversight by the SEC or CFTC, as applicable.

Similarly, state authorities (typically state money transmitter regulators) do not generally impose listing standards for digital assets Exchanges that are not SEC or CFTC registrants, which also develop and implement their own standards. Generally, listing standards for such digital assets Exchanges are far less transparent and far less onerous than those of SEC- or CFTC-registered Exchanges. In the US cryptocurrency market, one of the common listing requirements is a legal opinion or memorandum from the token issuer that the tokens proposed to be listed are not securities for purposes of the US securities laws, which seeks to minimise the risk that the digital assets Exchange would be subject to registration as an exchange under the 1934 Act and thus potential SEC enforcement action.

 7.5 Order Handling Rules

There is no information available in this jurisdiction with respect to digital assets Exchanges.

 7.6 Rise of Peer-to-Peer Trading Platforms

Please see 12.8 Impact on Regulation of "DeFi" Platforms.

 7.7 Issues Relating to Best Execution of Customer Trades

There is no information available in this jurisdiction with respect to digital assets Exchanges.

 7.8 Rules of Payment for Order Flow

There is no information available in this jurisdiction with respect to digital assets Exchanges.

 7.9 Market Integrity Principles

Please see 7.4 Listing Standards.

8. High-Frequency and Algorithmic Trading

 8.1 Creation and Usage Regulations

High-frequency trading (HFT) refers to a type of mathematically-driven trading that relies on computerised algorithms and a predetermined set of rules to execute large orders at high speeds and with significant turnover. HFT strategies, which often supplement traditional trading strategies, vary significantly in their scope. They are used for both exchange-based and OTC-trading in the equities, cryptocurrency and other markets. Over the past decade, extensive advances in computer technology, from algorithms to AI to hardware, have led to massive growth in HFT, which today drives a substantial majority of trading volume in the equities markets.

In the USA, the SEC, CFTC and other financial regulators do not define HFT specifically for regulatory purposes and generally have not enacted sweeping regulations targeting HFT firms in particular. Instead, HFT activity is subject to general regulatory oversight, including, as applicable, anti-manipulation, anti-spoofing and anti-fraud provisions. In addition, HFT firms are subject to certain rules designed to address certain of the consequences or operational aspects of HFT, although such rules are not necessarily specific to HFT and can apply to other firms that rely on technology. For example, FINRA rules require member firms to undertake a general risk assessment of the firm's trading activity, review software code testing/implementation, test algorithmic strategies prior to implementation, and have in place written supervisory procedures that ensure the member firm's algorithmic trading complies with FINRA rules.

 8.2 Requirement to Register as Market Makers when Functioning in a Principal Capacity

There is no information available in this jurisdiction.

 8.3 Regulatory Distinction between Funds and Dealers

Funds that engage in HFT are subject to the same rules and regulations as any other investment fund and, with respect to the investment adviser, the regulatory oversight mentioned at 8.1 Creation and Usage Regulations. An HFT firm that acts as a market maker is subject to specific rules of the SEC, FINRA and the exchange(s) on which it acts in a market maker capacity. These rules are diverse and complex. Certain broker-dealers rely on SEC Rule 15b9-1, which exempts them from the statutory requirement to become a FINRA member and consequently from FINRA's ability to enforce compliance with applicable securities laws.

 8.4 Regulation of Programmers and Programming

There is no information available in this jurisdiction.

9. Financial Research Platforms

 9.1 Registration

There is no information available in this jurisdiction.

 9.2 Regulation of Unverified Information

There is no information available in this jurisdiction.

 9.3 Conversation Curation

There is no information available in this jurisdiction.

10. Insurtech

 10.1 Underwriting Processes

"Insurtech" generally refers to insurance companies' efforts to incorporate technological advances in modernising the insurer-policyholder relationship. This may range from highly complex use cases, such as the employment of AI, "big data," wearables and other telematics in the underwriting process, to simpler use cases such as mobile apps that allow policyholders to submit and manage claims on smart phones. Insurtech seeks to streamline the insurance purchasing process for the consumer and to facilitate the use of smartphones and similar platforms to extend e-commerce to the insurance industry.

Automated underwriting is a key area of insurtech. In the life and health insurance sector, vast amounts of data must be analysed for both genetic and epigenetic clues to guide the determination of how much coverage should be offered and at what cost. Further, the collection of genetic data through biological specimens (eg, blood and/or saliva tests) has progressed to predictive models based upon lifestyle and behavioural characteristics that may affect the expression of genetic outcomes and accordingly be predictive of risk. Whether to analyse this type of data or to verify the work of the traditional underwriting, automated insurance underwriting processes offer the potential for faster, more accurate and more competitive underwriting. 

Insurtech, in whatever form it takes, must account for key regulatory considerations. One of the fundamental principles of insurance regulation is that the rate setting process must not be discriminatory. This generally means there must be an actuarial justification for a proposed rate. Regulators have promulgated rules to protect otherwise healthy consumers from being classified as manifesting symptoms of disease based upon predictive algorithms. In the property and casualty sector, automated underwriting also triggers regulatory scrutiny to prevent discrimination against protected classes. Examples include the use of credit scores, criminal histories and gender-based underwriting, which may be inaccurate, reflect bias and/or systemic sociological issues. 

Regulation of the US insurance industry is substantially driven by state law, and insurance companies are subject to a diverse array of regulations depending on the jurisdictions in which they operate. For instance, the review and approval of an insurer's rates varies by state. Similarly, some states may permit the use of genetic data to be used in the life and disability space, while other states may specifically prohibit such use. Therefore, while the insurance industry continues to pursue insurtech, the process will be protracted and unlikely to be susceptible to a one-size-fits-all approach. 

 10.2 Treatment of Different Types of Insurance

Regulation of the insurance industry varies depending on the particular product being offered and the type of consumer to whom it is being offered (eg, life versus property). Different licences may be required and the regulatory requirements tend to vary widely from product to product. Insurance companies must therefore tailor their products and services to the commercial and legal requirements of each jurisdiction in which they do business. It should be noted, however, that while different types of insurance necessitate different regulatory oversight for practical reasons, at a high level, regulators demonstrate shared concerns with respect to preventing discrimination, advancing consumer protection and regulating reliance on actuarial analysis. 

11. Regtech

 11.1 Regulation of Regtech Providers

There is no information available in this jurisdiction.

 11.2 Contractual Terms to Assure Performance and Accuracy

There is no information available in this jurisdiction.

12. Blockchain

 12.1 Use of Blockchain in the Financial Services Industry

Blockchain technology, or distributed ledger technology, refers generally to a cryptographic protocol through which shared transaction and other data are compiled and recorded into "blocks" that are interconnected to each other and secured by cryptography. A consensus protocol (generally proof-of-work or proof-of-stake) is utilised to verify transactions and produce blocks. The security offered by cryptography, the potential speed and ease of transactions, and integration with mobile applications and application programming interfaces (APIs) has made blockchain technology increasingly influential in many industries, including the financial services sector. 

Financial services firms continue to develop and use private, "permissioned" blockchains for various applications, including the recording and verification of financial transactions or other data. Permissioned blockchains authorise administrators to retain control over the rules of the cryptographic protocol and therefore modify key functionalities and/or restrict the rights of users or other participants. Permissioned blockchains typically do not benefit from cryptographic immutability where blocks (and the transactions they record) are irreversible.

Financial services firms are simultaneously investing substantially in various uses of public, "permissionless" blockchains for more consumer- or client-facing initiatives where the immutability of the protocol and pseudonymous publication of all transactions are critical. These initiatives include cross-border payments, clearing and settling, loan syndication, trade finance and corporate governance. Given the utility of these initiatives, fintech is not solely the province of start-ups and emerging ventures. Traditional players such as banks are exploring the potential benefits of fintech, including the potential for mobile apps to streamline transactions with consumers. 

 12.2 Local Regulators' Approach to Blockchain

Both federal and state regulators in the USA continue to grapple with the application of existing laws and regulations to blockchain technologies, digital assets and their market participants, including trading platforms, intermediaries, issuers, users and in some cases, technologists. Regulatory complexity is exacerbated by the unique characteristics of certain blockchain technologies. For example, the pseudonymous nature of blockchain transactions generally and the decentralised governance of DeFi platforms (as discussed below) make stakeholders and participants less readily identifiable, challenging traditional notions of liability. Regulation in this space is complex and continues to rapidly evolve.

Notable Federal Developments 

The Infrastructure Investment and Jobs Act, signed into law in November 2021, requires persons that receive more than USD10,000 in digital assets to file a report with the Internal Revenue Service (IRS), including details about the source of payment (or potentially face felony charges). In addition, the Act significantly expands the definition of "broker" to likely include various participants in the cryptocurrency market, subjecting such entities to various recordkeeping and reporting requirements. As of the date of this guide, legislators are considering a separate bill to narrow the scope of the Act's effects on such participants.

A provision in the Build Back Better bill would, if enacted, subject cryptocurrency transactions to the IRS' wash sale rule. The wash sale rule prevents investors from claiming investment losses when buying back into an asset that they sold within a specified time period.

The proposed Digital Asset Market Structure and Investor Protection Act seeks to implement sweeping changes to the regulatory regimes currently governing digital assets. For example, the Act proposes to add bitcoin and ether to the definition of "commodity" under the CEA and authorise the SEC and CFTC to jointly determine whether the top 25 digital assets are securities or commodities. 

The President's Working Group recently released a report on stablecoins recommending that Congress enact new legislation to require:

  • stablecoin issuers to be limited to insured depository institutions that are subject to "appropriate supervision and regulation" at the depository institution and holding company level;
  • custodial wallet providers to be subject to federal oversight; and
  • stablecoin issuers comply with "activities restrictions that limit affiliation with commercial entities." 

In January 2022, the Federal Reserve released a report on CBDCs, stressing that while no final decisions about a CBDC have been reached, it would likely follow an "intermediated" model because the Federal Reserve is not authorised to create individual accounts. Under an intermediated model, banks or payments firms would create accounts or digital wallets and facilitate the management of CBDC holdings and payments. 

Notable State Developments 

Most states regard entities engaged in the business of cryptocurrency transactions with customers to be subject to state money transmitter laws. While money transmitter statutes vary, most define money transmission as one or more of selling stored value, receiving money or monetary value for transmission, transmitting money and/or selling payment instruments or checks. Outliers include New York and Louisiana, which maintain distinct licensing regimes for cryptocurrency business activity. 

The SEC and many regulators have begun to take action against cryptocurrency firms offering interest-bearing accounts and programmes, on the theory that they are unregistered securities offerings and sales. Please see the description of the BlockFi settlement at 2.9 Significant Enforcement Actions. State money transmitter regulators are also evaluating firms' cryptocurrency lending activities under the permissible investments and other compliance requirements under state money transmitter laws.

SEC Developments 

On numerous occasions, SEC chairman Gary Gensler reiterated his view that most existing digital assets fall under the definition of a security and are therefore subject to SEC regulation. Unsurprisingly, the SEC has continued its aggressive enforcement posture in 2021 against prominent digital asset developers and issuers for allegedly unregistered offers and sales of securities. A notable example is the recent SEC enforcement action against BitConnect, its founder, promoter and affiliated company, in which the SEC alleged that the defendants had defrauded investors worldwide of USD2 billion by conducting a fraudulent and unregistered offering and sale of securities through its bitcoin "Lending Programme."

Not all developments involving the SEC have been adverse to the digital assets space. In October 2021, the SEC approved the first ever bitcoin futures ETF, the ProShares Bitcoin Futures ETF (BITO). The SEC subsequently in short order approved two more bitcoin futures ETFs, the VanEck Bitcoin Strategy ETF (XBTF) and Valkyrie Bitcoin Strategy ETF (BTF). It should be noted, however, that the SEC has continued to reject applications to list spot-market based bitcoin ETFs, reasoning that applicants have failed to demonstrate that they have entered into a comprehensive surveillance-sharing agreement with a regulated market of significant size, and in the alternative, failed to demonstrate that the bitcoin market inherently possesses a unique resistance to manipulation. 

In November 2021, a jury found that four different cryptocurrency mining-linked products were not securities, directly contradicting the SEC's previous characterisation of one of the products as securities. It marked the first instance a jury disagreed with the SEC on whether a digital asset constituted a security under the US securities laws. 

CFTC Developments 

Under the CEA, the CFTC's enforcement authority over spot markets for commodities is limited to anti-fraud, anti-manipulation and false reporting. The CFTC recently exercised this authority when it fined Coinbase Inc. USD6.5 million in March 2021 for reporting false, misleading or inaccurate transaction information. In contrast, the CFTC has full regulatory authority over derivatives contracts on digital assets (eg, futures, swaps and options), and for this reason, futures contracts on bitcoin and ether currently offered on certain futures exchanges are subject to the CEA. 

The CFTC takes the position that digital assets that are not securities are commodities under the CEA. For example, the CFTC found in a settlement order in October 2021 against Tether, the company behind the stablecoin USDt, that the agency had jurisdiction over USDt in addition to digital assets such as bitcoin, ether and litecoin because USDt is a commodity used in interstate commerce.

With newly appointed chairman Rostin Benham at the helm, the CFTC is expected to continue the trend of regulation by enforcement, shared by the SEC. So far the CFTC has focused its enforcement efforts on protecting retail customers engaged in unregulated spot transactions in digital assets. For example, the agency fined the cryptocurrency exchange BitMEX USD100 million in August 2021 for illegally "operating a facility to trade or process swaps without regulatory approval and [...] operating as [a futures commission merchant (FCM)] without CFTC registration." Similarly, the CFTC fined a prominent digital trading platform USD1.25 million in September 2021 for "illegally offering margined retail commodity transactions in digital assets [...] and failing to register as [an FCM]."

As blockchain technology continues to evolve and embrace decentralised trading in derivatives, the CFTC will face increasingly complex questions with respect to the scope of its jurisdictional reach over digital assets.

DOJ Developments 

The US Department of Justice (DOJ) has heightened its scrutiny of cryptocurrency and other digital assets. In October 2020, the DOJ published the Cryptocurrency Enforcement Framework, which articulated the department's approach to investigating and prosecuting cryptocurrency-related crimes. In addition, in October 2021, the DOJ launched the National Enforcement Team (NCET), which is designed to "tackle complex investigations and prosecutions of criminal misuses of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors." The NCET reports to the Assistant Attorney General in the Criminal Division. 

In October 2020, the DOJ collaborated on joint criminal and civil enforcement actions with FinCEN and the CFTC against BitMEX. The criminal trial is set to begin in March 2022. The DOJ also brought a joint criminal and civil action with FinCEN against Larry Dean Harmon in February 2020 for "mixing" and "tumbling" bitcoin through his mixing service Helix. Mixing and tumbling refer to techniques used to help people anonymise their bitcoin. Harmon pleaded guilty in August 2021 to laundering more than 350,000 BTC. The DOJ is also reportedly investigating executives of Tether Ltd. for possible bank fraud. 

 12.3 Classification of Blockchain Assets

See12.2 Local Regulators' Approach to Blockchain for information on classification of blockchain assets. 

 12.4 Regulation of "Issuers" of Blockchain Assets

See12.2 Local Regulators' Approach to Blockchain for information on classification of digital assets. 

 12.5 Regulation of Blockchain Asset Trading Platforms

A digital asset trading platform or other intermediary (including a dealer or a forum that facilitates peer-to-peer trades) that permits transactions in security tokens may be subject to SEC registration as an exchange under the 1934 Act, while a platform that permits transactions in futures contracts or other derivatives on digital assets may be subject to CFTC registration as a designated contract market or swap execution facility under the CEA. A platform or intermediary dealing strictly with the non-leveraged purchase and sale of digital assets that are neither SEC- nor CFTC-regulated instruments (ie, pure commodities) generally need to consider applicable state money transmitter regulatory regimes, although it remains subject to CFTC anti-fraud and anti-manipulation authority. The legal and regulatory requirements applicable to a blockchain asset trading platform or other intermediary are highly complex and facts and circumstances dependent. 

Generally, individuals that buy, sell and/or use digital assets, including on a peer-to-peer basis, strictly for their personal use or personal investment purposes are not subject to substantive regulation. However, individuals whose activities extend to some form of cryptocurrency business, including providing liquidity or arranging or facilitating trades on behalf of others, are likely to be subject to regulatory exposure in the same manner as a digital asset trading platform or intermediary.

 12.6 Regulation of Funds

Private and public investment funds that invest in digital assets ("Blockchain Funds") are generally subject to the same types of regulatory regimes as any other investment fund. Blockchain Funds' offering of their interests are subject to the requirements of the US Securities Act of 1933, as amended (the "1933 Act"), as well as state blue sky offering laws. Private funds rely on exemptions from registration under the 1933 Act, typically Regulation D thereunder, while publicly registered funds must apply for approval with the SEC (with the approval process and requirements dependent the specific type of fund). To date, the SEC has not approved any publicly registered investment fund of any type, with the exception of a limited number of ETFs investing in regulated bitcoin futures contracts (as noted in 12.2 Local Regulators' Approach to Blockchain).

Additional regulatory considerations apply depending on the nature of the blockchain assets in which a Blockchain Fund invests. If the fund's portfolio includes security tokens, the fund manager would be subject to the requirements of the Investment Advisers Act of 1940, as amended, and in some cases, relevant state investment advisory laws, and the fund must comply with the requirements of the Investment Company Act of 1940, as amended, or in each case, rely on an exemption or exclusion from registration thereunder. If the portfolio includes CFTC-regulated instruments, the fund manager would be subject to the relevant CEA requirements. Blockchain Funds must also analyse the application of the laws specifically relevant to digital assets. For example, Blockchain Funds must assess whether one or more of their investment activities may trigger state money transmission or money services business licensing requirements or digital asset-specific regulatory regimes, such as the New York BitLicense. Blockchain Funds must be aware of the diverse range of regulatory obligations to which they may be subject. 

 12.7 Virtual Currencies

See12.2 Local Regulators' Approach to Blockchain

 12.8 Impact of Regulation on "DeFi" Platforms

A non-DeFi or "centralised" platform typically takes custody of customer assets in omnibus accounts, utilises order books to match buy and sell orders, and acts as a principal in respect of each trade (facing the buying and selling customers as a counterparty). In contrast, DeFi platforms employ smart contracts to provide financial services and other products on a non-custodial basis that, in concept, does not require any intermediary. DeFi exchanges often rely on automated market maker smart contracts to enable users to exchange one token for another directly with other users without a traditional order book and without third-party intermediation. Another common functionality of DeFi protocols is the pooling of assets by investors in a liquidity pool (LP). Token holders who deposit assets in an LP lock their assets in a smart contract and, on a periodic basis, earn fees and/or automatically receive digital assets in return for their deposit.

Generally, DeFi platforms are subject to the same regulatory regimes and classifications as digital asset trading platforms (see 7.1 Permissible Trading Platforms), with the potential for regulatory oversight materially increasing where the DeFi platform's community appoints a human representative to interact with real-world businesses or financial institutions, although, at least as of today, DeFi platforms have not yet been the target of concerted regulatory action. However, this is likely to change in the near future. For example, in November 2021, SEC chairman Gensler warned that the SEC will look beyond the label of DeFi and consider the "economic realities" of a given DeFi platform.

It should be noted that there have been notable enforcement actions against purported DeFi platforms. In November 2018, the SEC fined Zachary Coburn, the founder of the DeFi platform EtherDelta, USD388,000 for illegally operating an unregistered national securities exchange. In January 2022, the CFTC fined Blockratize, Inc. (d/b/a Polymarket) USD1.4mm for offering event-based binary options contracts without obtaining designation as a designated contract market or registering as a swap execution facility. Of note is that these actions against purported DeFi platforms involved identifiable defendants, which reflects that DeFi platforms range in their level of decentralisation and regulatory risk. 

 12.9 Non-fungible Tokens (NFTs)

An NFT is a digital asset that is designed to be one-of-a-kind. Specifically, each NFT contains unique information (coding and metadata) that prevents it from being substituted with other NFTs or digital assets. This is the fundamental difference between NFTs and other digital assets, such as bitcoin and ether, whose units are identical and fungible and therefore can be traded or exchanged at an equivalent value. The non-fungibility of NFTs enables them to represent real-world and digital objects, including, for example, art, music, in-game items and event tickets. Certain NFTs may incorporate enhanced coding that automates certain functions, such as forwarding a portion of each resale price to the NFT creator (eg, royalties for artists and musicians). 

To date, no US regulator has formally asserted jurisdiction over NFTs or their platforms. However, NFTs vary widely in form and function. Depending on the manner in which they are marketed, created, traded or otherwise exchanged (or depending on the financial arrangements created around them), NFTs, their creators or others involved in the NFT marketplace may be subject to regulation by the SEC, CFTC or other agencies. NFTs, like other types of digital assets, remain susceptible to different forms of market manipulation, such as front running and wash trading. 

13. Open Banking

 13.1 Regulation of Open Banking

Open banking generally refers to fintech where banks and other financial institutions permit third-party service providers to access banking, transactional and other financial data through APIs. These service providers (typically financial services vendors or technology start-ups) utilise such data to, among other things, provide consumers with a range of banking services and account functionalities.

The regulatory framework in which the US banking system operates is not as advanced as its European counterpart in fostering and supporting an open banking environment. While there are certain signals offered by the executive branch of the US government that indicate policy support for customer data access and portability across financial institutions, the mechanisms by which to offer open banking to customers have not yet been fully developed. 

 13.2 Concerns Raised by Open Banking

To date, banks and technology providers operating in the USA have been subject to existing federal and state laws related to data privacy and security generally. These requirements include the development and use of an Information Safeguards Programme as well as a comprehensive vendor onboarding and oversight process to reasonably ensure the use of third parties that present substantially minimised operational and reputational risk. Data use, retention and sharing policies and procedures are typically audited by state and federal banking regulators during examination cycles. As open banking continues to develop, key regulatory concerns will undoubtedly centre on the use and preservation of customer data, including protection of consumer data privacy and security, consumers' rights with respect to their own data, and regulatory requirements and best practices with respect to data breaches.

Originally published by Chambers and Partners.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.