This post is the third in a series that highlights various elements of a new online course titled “FinTech Law and Policy.” The course is available to all on the Coursera platform (it can be audited for free) and covers the key legal and regulatory issues confronting the FinTech industry today.
The following examples highlight what can happen when FinTech firms fail to comply with applicable rules and regulations. My intention is not to shame or single out these companies, but rather to emphasize the importance and necessity for FinTech firms to incorporate legal and regulatory considerations into their product design and decision making from the very beginning. Doing so can save a lot of time, money, and headache down the road.
The first examples are from the FinTech lending industry. In 2008, online lending platform Prosper, which connects borrowers with lenders online, received a cease-and-desist order from the Securities and Exchange Commission (SEC), who stated that Prosper was an unregistered seller of securities.[i] The order arose from how Prosper was funding their loans. Rather than have the lenders, or investors, buy the loans outright, Prosper was selling these investors notes whose payment stream depended on the borrowers making their loan payments on time and in whole. The SEC determined that these notes were technically securities that needed to be registered with the SEC, and Prosper subsequently did register with the SEC.
More recently, in April 2018, online lender LendingClub, was fined two million dollars by the Massachusetts Division of Banks for making more than 46,000 loans in the state without a proper state license.[ii] This fine was related to a 2011 consent order in which the division stripped LendingClub’s license for charging borrower’s fees that violated Massachusetts small-loan laws.[iii]
Moving on to the world of payments, in 2015, PayPal agreed to pay $7.7 million dollars in a settlement with the Office of Foreign Assets Control, which is the US Department of the Treasury’s sanctions enforcement arm, for processing 486 illegal transactions, totaling approximately $44,000, that violated sanctions on Sudan, Cuba and Iran.[iv] Also in 2015, The Financial Crimes Enforcement Network (FinCEN) assessed a $700,000 civil money penalty against Ripple Labs Inc. and its wholly-owned subsidiary, XRP II, LLC for willfully violating several requirements of the Bank Secrecy Act (BSA).[v]
There are numerous examples of cryptocurrency firms running afoul of the law and regulations. In 2014, the founder of online Bitcoin exchange, BitInstant, pled guilty to operating an unlicensed money transmitting business, through which he knowingly transmitted money intended to facilitate criminal activity, specifically drug trafficking on Silk Road, a black market website designed to enable its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement.[vi] In 2015, the Commodity Futures Trading Commission, or CFTC, settled charges against online facility Derivabit and its founder for offering Bitcoin options contracts without complying with the Commodity Exchange Act or CFTC regulations.[vii] In February 2018, the SEC charged Bitcoin exchange BitFunder and its founder for operating an unregistered securities exchange and defrauding users of that exchange by misappropriating their Bitcoins and failing to disclose a cyber-attack on BitFunder’s system that resulted in the theft of more than 6,000 Bitcoins.[viii]
The initial coin offering market is also ripe with fraud, or more generously, actors who ignore or are unfamiliar with applicable laws and regulations. In January 2018, the SEC seized the assets of self-described decentralized banking platform, AriseBank, and subsequently charged the founders with fraud.[ix] AriseBank allegedly raised 600 million dollars in an initial coin offering by claiming that it had developed an algorithmic trading application that automatically trades in various cryptocurrencies and falsely stating that it purchased an FDIC insured bank, which enabled it to offer customers FDIC insured accounts.
In December 2017, Munchee Incorporated, a California based company, selling digital tokens to investors for its blockchain based food review service, halted its ICO after being contacted by the SEC’s cyber-unit, and they agreed to an order that found their conduct constituted unregistered securities, offers and sales.[x] The company had promoted the offering as a utility token, but still told investors that the tokens would rise in value due to the efforts of others and a secondary market would be created.
Hopefully, these examples emphasize the importance of getting regulation right, and what can go wrong when FinTech firms get it wrong. In the most severe cases, getting it wrong spells the end of the company. FinTech companies that begin operating with a firm grasp of the laws and regulations applicable to their business can not only avoid the pitfalls that have ensnared many a FinTech before them, but also gain a competitive advantage and make the company a more attractive investment for venture capital firms and other potential investors.
[i] Harmon, Florence E. “UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION.” Ww.sec.gov, 4 Nov. 2008, www.sec.gov/litigation/admin/2008/33-8984.pdf.