State AGs to Fintech Companies: Eyes on Cryptocurrencies

This article was posted July 31st 2018 by Morgan Lewis & Bockius LLP on We write frequently about the SEC’s and the CFTC’s focus on cryptocurrencies, but potential issuers should also be alert to other oversight, including possible enforcement actions, from other regulators as well. Indeed, state Attorneys General are playing a greater role in evaluating whether the mining and use of cryptocurrencies works to the disadvantage of consumers and small businesses. These state enforcement and regulatory officials are becoming ever more powerful. Furthermore, some of them may seek to expand the scope of their authority by pushing the “round peg” of “virtual” financial technology offerings into the “square hole” of outdated “physical only” state statutes and rules.

Meetings of the Conference of Western Attorneys General (CWAG) in New Mexico last week and of the Republican Attorneys General Association (RAGA) (Rule of Law Defense Fund) in California this week included panel discussions of cryptocurrency issues that are now before the Attorneys General and senior staff. Accordingly, fintech companies that intermediate cryptocurrencies should be aware of the increased risk in conducting these activities in particular states.

The Attorneys General of New York, Delaware, Maryland, South Carolina, and Alabama also are their respective state’s primary securities regulatory authority. In addition, the Attorney General of California has concurrent enforcement jurisdiction with the state’s securities regulatory agency. In many states, however, the attorney general represents in litigation the securities administrator, and may also represent the state banking regulator in the case of businesses that may be covered as money transmitters or other regulated financial intermediaries. In yet other states where the Attorney General and the primary regulator are entirely separate, these officials nonetheless work together cooperatively.

There are also states where for political or substantive reasons, the state Attorney General, an enforcement official, and the state financial regulator, disagree, which for practical purposes leaves regulated businesses in the middle. These permutations mean that a thorough understanding of the interplay between the specific officials is a necessary incident of any strategy.

Finally, while similar “securities” issues that arise before the SEC and the CFTC are now arising before these state authorities as well, it is far from the case that guidance and actions of those federal agencies bind the state Attorney General, who may well be at odds with the administration in Washington, DC, and may in fact disagree with its agenda.

In addition to the state “blue sky” securities authorities, all 56 state and territorial Attorneys General have enforcement authority to prosecute conduct that is “unfair or deceptive.” The states’ “unfair or deceptive acts and practices” statutes (also known as UDAP statutes) uniformly are all-encompassing, do not require proof of damages, and form the basis for many multistate actions conducted by Attorneys General.

In particular, if a given cryptocurrency transaction or activity requires a state license for any purpose, and the business engaging in the transaction or activity fails to obtain that license, most state UDAP statutes would apply to all transactions in and affecting consumers in that state, solely because the transaction was conducted by an unlicensed entity. This could be as simple as an easy-to-obtain business license to the complicated and compliance-laden burden of a money transmitter license or state securities (blue sky) filings.

With per-violation penalties ranging from $2,500 and up, penalties can mount astronomically and quickly. In addition, however, state authorities are paying increased attention to possible securities law implications of cryptocurrency activities, as well as more substantive disclosure and unfair practices issues.

New business models face entrenched bureaucracies, dated statutes, and incumbent business competitors, none of whom have any incentive to adapt to change. In fact, one might argue that they have an incentive to retain the status quo. Thus, it falls to the fintech disruptor to educate and to seek change before putting itself at risk. Many state Attorneys general are quite willing to listen and, as both their respective state’s chief law enforcement officer and a statewide political official, are amenable to change. But, to do so, they need education and attention.

Companies should be thoughtful about how to navigate the shoals created by these state enforcement officials.