Financial Institutions

On July 21, 2017, following last June’s announcement that the Delaware House of Representatives had passed (with near unanimity) blockchain-related provisions proposing to amend several sections of the Delaware General Corporation Law (DGCL), the Delaware Governor officially signed the legislation into law.

The newly enacted legislation provides, among other things, specific statutory authority for Delaware corporations to use “distributed electronic networks or databases,” aka distributed ledgers or blockchain technology, for the creation and maintenance of corporate records, including the corporations’ stock ledger.[2]

1. The Use of Blockchain Technology for the Creation and Administration of Corporate Records

Section 219(c) of the DGCL provides that a stock ledger of a Delaware corporation is the only evidence of the identity of stockholders of the corporation who are entitled to inspect the list of stockholders and to vote at meetings.

Until now, under current recordkeeping practice, the stock ledger of a corporation could only be created and maintained by a corporate secretary or a corporation’s transfer agent. Often, a stock ledger consists of a capitalization table, i.e., electronically encoded data on a computer program like Microsoft Excel, which is producible in printed form. Continue Reading Delaware Governor Signs Groundbreaking Blockchain Legislation into Law

On August 6, 2014, the UK’s financial services regulator, the Financial Conduct Authority (FCA), issued long-awaited draft guidance on the use of social media in financial promotions by regulated financial institutions.

But if financial services firms operating in the UK were hoping that this guidance would provide them with a clear framework to help jump-start their social media strategies, they will be disappointed. For one thing, the guidance is focused on financial promotions, so firms will need to continue to evaluate all of their social media activities carefully against existing FCA rules.

The proposed guidance – “GC14/6 Social media and customer communications: The FCA’s supervisory approach to financial promotions in social media” (“Guidance”) – is open for consultation until November 6, 2014. The FCA intends to continue discussions with the financial services sector during the consultation period. It has also set up the hashtag #smfca for those wishing to discuss the Guidance on Twitter.

Continue Reading UK’s Financial Services Regulator Issues Draft Guidance on Social Media – Should We Favourite* or #Fail?

From our sister blog, MoFo Tech:

The Bitcoin “Cryptocurrency” has gained momentum in the market, and some businesses, including Overstock. com and, now accept bitcoins as payment. Many others are wondering if Bitcoin is a good fit for them—and they should factor regulatory uncertainty into their calculations.

In the U.S., certain companies exchanging bitcoins and real currency must register with the Financial Crimes Enforcement Network and are subject to Bank Secrecy Act regulation, says Jeremy Mandell, an associate in the Financial Services Practice Group at Morrison & Foerster. Such companies may also be subject to state licensing requirements, which can be burdensome for start-ups and smaller firms.

Other concerns include the potential for illicit use and fraud—Bitcoin has been the currency of choice for some online black markets. And there have been major incidents of theft: in December, some $5 million worth of bitcoins was drained from accounts on Sheep Marketplace, one of those black markets. When such problems occur, there’s little recourse for victims. “There are no consumer protections like those we see in more traditional payment mechanisms; there are limited dispute resolution rights, no deposit insurance for virtual currency holders, and account access can be restricted,” says Mandell. “But the market is evolving to address these consumer exposures.”

As virtual currencies become more widespread, regulators will continue to scrutinize them. The IRS ruled recently that bitcoins are property, and some states are also moving forward. The New York State Department of Financial Services announced that it will propose a virtual currency regulatory framework by late 2014. “Other states are taking about these issues too,” says Mandell, “so we are likely to see more regulation of virtual currency— sooner rather than later.”

Another great post from our sister blog, MoFo Tech:

The potential for mobile payments is huge. So are the potential legal and regulatory hurdles.

Banks, retailers, and pundits are paying a lot of attention to mobile payments, which typically involve the use of smartphones and tablets to pay for purchases.  But a lack of mobile infrastructure has kept the use of mobile payments fairly low in the U.S.

The space is evolving quickly, however.  More infrastructure is being rolled out, while new software and cloud-based solutions are enabling payment processing without the need for a network of specialized in-store terminals.  For their part, consumers are already well equipped to take advantage of these developments.  Today, 61 percent of American consumers have smartphones or tablets, up from 48 percent last year, according to a recent study from Vantiv, a provider of payment processing strategies, and the Mercator Advisory Group, an independent research firm.

Many of these consumers are already using these devices as shopping tools—comparing in-store prices with online prices, researching products, downloading coupons, and discussing potential purchases with friends.  So it’s fair to assume that consumers will adopt mobile payments quickly as they become easier and more widespread.  By 2018, Mercator estimates, the value of mobile payments will increase sevenfold, to $362.8 million a year, up from $51.4 million today.

There’s a great deal of opportunity here.  But there’s also much to consider from a legal standpoint, because mobile payments represent the convergence of business, technology, and banking.  “You have to think about issues like the structure of the mobile payment offering, including the source and settlement of the funds to determine the applicable regulatory framework,” says Obrea Poindexter, a partner at Morrison & Foerster who leads the mobile payments group.  “There are technology issues relating to cybersecurity and authentication as well as regulatory issues, such as maintaining the privacy of consumer data and complying with anti-money laundering laws.”

Continue Reading A Smart Wallet

The latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we summarize the FFIEC’s recently-issued final guidance on social media use by financial institutions; we report on a new NLRB decision holding that particularly egregious social media postings by employees may fall outside the protections of the NLRA; we provide an update on the California Attorney General’s guidance regarding compliance with the state’s “do-not-track” disclosure requirements for websites; we discuss a recent case that calls into question the status of domain names as intangible property; we take a look at the latest in a string of cases exploring the First Amendment status of social media activity by government employees; and we highlight an important FTC settlement with a mobile app publisher related to data collection and sharing disclosures. All this plus a collection of surprising statistics about the most popular people, videos, tweets and hashtags of 2013.

On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) issued final guidance for financial institutions relating to their use of social media (the “Guidance”).  With its release, the FFIEC adopts its January 2013 proposed guidance in substantially the same form.  (Socially Aware’s overview of the proposed guidance is available here.)

Financial institutions should expect that the federal banking agencies, Consumer Financial Protection Bureau and National Credit Union Administration (the agencies that comprise the FFIEC) will require supervised institutions to incorporate the Guidance into their efforts to address risks associated with the use of social media and to ensure that institutional risk management programs provide effective oversight and controls related to such use.  As a result, financial institutions should consider the appropriateness of their social media risk management programs and should be cognizant of potential technical compliance traps that could result from the use of social media to interact with consumers about products governed by consumer financial protection laws, such as the Truth in Lending Act.

Changes to the Proposed Guidance

Although adopted in substantially the same form as the proposed guidance, the Guidance does attempt to address some concerns raised by commenters.  For example, the FFIEC clarifies that compliance should not be viewed as a “one-size-fits-all” process and that institutions should tailor their approach based on their size, complexity, activities and third-party relationships.  Additionally, the Guidance clarifies that stand-alone messages sent through traditional email and text channels will not be considered social media.  Nonetheless, the Guidance cautions that the term “social media” will be viewed broadly by the agencies.

While the FFIEC attempted to clarify a financial institution’s obligations with respect to service providers involved in the institution’s social media activities, the Guidance provides limited specific considerations.  For example, the Guidance directs institutions to “perform due diligence appropriate to the risks posed by the prospective service provider” based on an assessment of the third party’s policies, including the frequency with which these policies have changed and the extent of control the financial institution may have over the policies.

Another area where the FFIEC attempted to clarify its expectations is the extent to which a financial institution would be required to monitor consumer communications on Internet sites other than those maintained by the institution (“Outside Sites”).  While the preamble to the Guidance notes that “financial institutions are not expected to” monitor Outside Sites, the Guidance provides that the public nature of social media channels may lead to increased reputational risk, and that compliance considerations may arise if, for example, a consumer raises a dispute through social media.  Further, the Guidance states that institutions are still expected to make risk assessments to determine the appropriate approach to monitoring and responding to communications made on Outside Sites.  The Guidance also continues to state that, based on the risk assessments, institutions will need to consider the need to “monitor question and complaint forums on social media sites” to review and, “when appropriate,” address complaints in a timely manner.

Compliance Considerations

The cornerstone of the Guidance continues to be the expectation that a financial institution will maintain a risk management program through which it identifies, measures, monitors and controls risks related to its use of social media.  The Guidance provides that a financial institution’s risk management program should include the following components:

  • A governance structure so that social media use is directed by the institution’s board of directors or senior management.
  • Policies and procedures regarding the institution’s use of social media, compliance with applicable consumer protection laws and regulations, and methodologies to address risks from online postings, edits, replies and retention.
  • A risk management process for selecting and managing third-party relationships for social media use.
  • An employee training program incorporating the policies and procedures, and informing employees of appropriate work and non-work uses      of social media (including defined “impermissible activities”).
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or contracted third party.
  • Audit and compliance functions to ensure compliance with internal policies and applicable laws, regulations and the Guidance.
  • Parameters for reporting to the institution’s board of directors or senior management to enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

Moreover, the Guidance continues by focusing on identifying potential risks related to a financial institution’s use of social media, including risk of harm to consumers.  In particular, the Guidance identifies potential risks within three broad categories: (1) compliance and legal risk; (2) reputational risk; and (3) operational risk.  While the Guidance catalogs the many risks presented by the use of social media, the focus is on the risks associated with compliance with consumer protection requirements, including:

  • Fair Lending Laws:  While it focuses on an institution’s compliance with time frames for adverse action and other notices required by the federal fair lending laws and regulations, the Guidance also highlights possible compliance traps if a financial institution fails to carefully consider whether the institution’s social media use is consistent with applicable law.  For example, the Guidance highlights that, where applicable, the Fair Housing Act would require mortgage lenders who maintain a Facebook page to display the Equal Housing Opportunity Logo.
  • Truth in Lending Act/Regulation Z:  The Guidance highlights that the Regulation Z advertising requirements would apply to relevant advertisements made through social media.  Credit card issuers in particular will be familiar with Regulation Z’s disclosure requirements for advertisements that include trigger terms and reference deferred interest promotions, and should be cognizant of the application of these requirements in social media advertisements.
  • Truth in Savings Act/Regulation DD:  Like the considerations for compliance with Regulation Z, the Guidance highlights that Regulation DD also contains special advertising requirements for use of trigger terms such as “bonus”  and “APY,” and further notes that depository institutions can ensure compliance with the federal disclosure requirements by including a link to the additional information required to be provided to the consumer.  
  • Deposit Insurance and Share Insurance:  The Guidance reminds institutions that they are required to comply with the advertising requirements for deposit insurance in non-social media advertisements and displays.

The FFIEC having finalized its Guidance, financial institutions will need to carefully review their social media policies and practices in light of the Guidance.  Indeed, even companies that are not financial institutions may find the Guidance to reflect emerging best practices for minimizing risk in using social media to promote products and services.

Today’s consumers want to engage in a new way with the companies from which they buy goods and services.  Although some UK financial services organisations are leading the way in terms of their use of social media, on the whole, engagement in social media by UK financial services firms is still relatively limited. This is particularly evident when compared against activity in other sectors and when compared against the level of social media engagement by U.S. and Asian firms. Are legal and regulatory concerns to blame?

Current State of Market

How financial services (FS) organisations engage with social media can help differentiate them from their peers. Particularly when dealing with younger consumers such as the student market, FS organisations need to engage with consumers in the most effective way, which could be by placing a topical blog on Pinterest, a fun video on YouTube or interacting with consumers via Twitter or Facebook (rather than running a traditional print or broadcast campaign). Simply having a Twitter account or Facebook page which pushes out information is no longer enough. Genuine interactive engagement is what consumers are looking for and is the key to the most successful social media strategy.

The best users of social media in the FS sector appreciate that harnessing of social media is as much about raising your brand profile, as promoting specific products or services. Consider the huge success of’s Russian meercat brand ambassador who has almost 60,000 followers on Twitter. Also, consider that the winner of the Shorty Award 2013 for Best Use of Social Media for Financial Services  was Citi for its Citi-Connect: Professional Women’s Network on Linked-In. Neither of these campaigns directly relates to the products and services offered by the relevant firm, but both have been very successful in terms of brand awareness. Social media can also be used to good effect to highlight organisations’ corporate social responsibility and philanthropy initiatives – to help counteract the ‘fat cat’ perception of bankers and financiers. Given that social media enables disgruntled consumers to find a louder voice and journalists are increasingly using social media to get stories, firms need to use social media to try to change the online conversation about their organisations. In fact, the best social media strategies can go beyond engaging consumers and actually convert them into advocates for a brand. The perceived benefits of brand advocacy are huge. According to research, recommendations from personal acquaintances or opinions posted by consumers online are the most trusted forms of advertising. But social media is not just a marketing tool – it can bring wider business value. For example, it can be used in recruitment, customer insights, research and development, issue/crisis management and customer services.  (It is also worth pointing out that social media is not just for retail banks and consumer-focused FS firms. It can also be harnessed by firms in the B2B sector. For example, some companies are creating networking and educational communities for their target audience (e.g. SMEs, IFAs, etc.) within more business-focused social media platforms such as LinkedIn.)

However, despite the myriad of opportunities that social media offers and the size of the UK FS sector compared to other sectors, the use of social media by FS organisations still appears to be in its infancy. The reluctance by UK financial organisations to fully engage with social media may be down to general conservatism on the part of the sector, a fear of public dialogue with customers and a lack of understanding and expertise in-house in terms of social media and its value. However, it also appears in no small part to be down to uncertainty as to the application of financial laws and regulations to social media. So, what are the legal and regulatory considerations that UK FS organisations have to consider when embarking on a social media strategy and, with the recent replacement of the Financial Services Authority (FSA) by the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA), will we see any change?

Financial Rules

In the U.S. various regulatory guidance, including from FINRA, FFIEC and the SEC, on the use of social media has been published. However, to date, in the UK, there has been very limited regulatory guidance regarding social media and the FCA has recently reiterated that it has no current plans to issue any further guidance on the basis that it believes that its rules are media neutral. So it remains up to firms to evaluate their activities carefully against the applicable rules. Some of the key issues for firms to consider include the following.

Principles for Business

In terms of overarching obligations, when operating online, a firm must pay attention to the fundamental principles contained in the FCA Handbook, in particular, to treat customers fairly and provide information that is clear, fair and not misleading.

Communications and Promotions

Firms need to ensure that all social media activities comply with the applicable rules concerning communications and promotions (“FCA Promotion Rules”). Per Section 21 of the Financial Services and Markets Act, a financial promotion is a communication that is an invitation or inducement to engage in investment activity that is communicated or approved by an authorized person. Financial promotions must comply with all of the applicable FCA Promotion Rules, with the overriding requirement that promotions must be ‘fair, clear and not misleading.’

As indicated above, the FCA believes that its rules apply in a way that is media neutral; the rules focus on the content of communications and not on the medium used. Therefore, in its opinion, applying the rules to financial promotions using new media is no different to financial promotions made using any other medium. (However, this is easier said than done – the FCA Promotion Rules were created to apply to traditional forms of advertising, but now, for example, need to be interpreted in terms of a 140 character tweet!)

Organisations should note that:

  1. banner ads, tweets, sponsored links, hyper-text links, posts on LinkedIn and Facebook and other communications made using social media may all be considered promotions. (There are certain exceptions in relation to image advertisements (see below));
  2. tweets posted by customer would not be financial promotions, but re-tweets by a firm could be;
  3. just because products or services are not explicitly mentioned in a communication does not mean that the communication is not a promotion;
  4. in terms of references to past performance, firms will need to include a 5-year chart plus suitable risk warning;
  5. risk warnings must be displayed prominently and clearly. (Be aware that roll-over type risk warnings will not be sufficient as the FCA considers that many people may read an advert without hovering over it);
  6. there is no ‘one-click’ rule; being one-click away from the necessary information does not automatically make a promotion requirement. Each promotion must be ‘standalone compliant’ – it is not acceptable for a firm to omit important information or risk statements from promotions on the basis that the information will be provided later on in the process; and
  7. even if a communication is not classed as a promotion (e.g., it’s a response to a query, complaint or general correspondence, etc.) it will still need to be clear, fair and not misleading.

An image advertisement will not be considered a promotion in terms of investment and mortgage products, but there is no equivalent exception for insurance products. However, note that an image advertisement is narrowly construed and is limited to an advertisement which contains (i) the name of the firm, (ii) a logo or other image, (iii) contact details and (iv) a reference to the types of regulated activities the firm provides or its fees or commissions (investments) or a brief factual statement of the firm’s main occupation (mortgages). Anything more and the communication will fall into the category of promotion.

The potential consequences for breaching the FCA Promotion Rules include: (a) criminal penalties; (ii) agreements entered into as a result of the promotion being unenforceable and compensation payable; and/or (iii) the promotion being banned.

To ensure compliance with the FCA Promotion Rules, firms should:

  1. have appropriate policies and procedures in place;
  2. consider whether social media is a suitable method for the communication, taking into account the nature and complexity of the product or service (e.g., given the space limitations of the particular channel);
  3. consider whether the promotion meets the requirements for standalone compliance;
  4. be mindful of the rules when purchasing (or instructing third parties to purchase) search terms from search engine providers;
  5. keep appropriate records of all financial promotions; and
  6. review communications regularly to ensure that promotions posted via social media remain up-to-date (new media may date more quickly than traditional media).

Complaints Handling

Per the Financial Conduct Authority Handbook, when handling complaints, firms must: (i) investigate each complaint competently, diligently and impartially, (ii) assess each complaint fairly, consistently and promptly, (iii) provide fairly and promptly a clear assessment of the complaint and an offer of redress or remedial action, if appropriate and (iv) ensure any offer of redress or remedial action that is accepted is settled promptly. The FCA classes a complaint as any oral or written expression of dissatisfaction, whether justified or not, about the provision of, or failure to provide, a financial service or a decision by a firm in relation to a consumer redress scheme.  Generally the complaint must allege that the complainant has suffered (or may suffer) financial loss, material distress or material inconvenience. In the context of social media, the challenge for firms is whether they can identify when complaints are being made via social media and whether their complaint handing procedures capture such complaints.


If a firm outsources any critical activities as part of its social media strategy it will need to take account of the applicable outsourcing rules and guidance contained in SYSC 8 of the FCA and PRA Handbook.

Market Abuse

A firm is required to comply with applicable market abuse and related rules, including:

  1. not make false or misleading statements or omit material information;
  2. not disclose any inside information or commit any other form of market abuse;
  3. not disclose inside information;
  4. keep the market reasonably informed; and
  5. comply with its obligations in terms of announcements;

To avoid falling foul of the applicable rules via social media communications, firms should: (i) put in place appropriate social media policies, procedures and training for employees, (ii) synchronize any social media release with any formal release to the market; and (iii) carry out appropriate internal and external monitoring (e.g., of employees statements on social media and any statements made on linked third-party sites).

FCA Monitoring

Firms should note that even if they are not monitoring what is being said about them online, the regulator might be. When the Bank of Scotland was fined £4.2 million in 2012 for failing to keep accurate mortgage records, this failure was spotted by the regulator through monitoring complaints posted on a consumer forum website. Indeed, in March 2013, the new FCA chief executive indicated that the FCA plans to carry out pro-active monitoring of firms via social media, both for spotting illegal promotional activity and for wider market trends. “…What’s new is that we won’t just be relying on regulatory reports back from firms, but on reports from consumer bodies, internet monitoring, the media and even on Twitter. In the past, the emphasis was on firms’ regulatory reporting. We will be much broader in our approach.”

General Issues

Of course, there are a whole host of general legal issues arising from social media that will also need to be considered, e.g., in terms of:

  • employees’ use of social media (monitoring, policies, training, liability, disclosure of confidential/proprietary information, etc.);
  • use of social media in recruitment;
  • privacy;
  • security;
  • crisis management and damage to reputation;
  • protection & infringement of intellectual property rights;
  • general advertising and marketing rules;
  • consumer protection/unfair terms & trading rules;
  • user generated/third party content (user terms & conditions, notice & takedown policies and procedures, disclosure of material connections with third party bloggers, etc.); and
  • insurance.

Lastly, many firms are global institutions and so it is always going to be important for firms to ensure that individuals outside of the UK are not unintentionally targeted by any UK social media campaigns, or if they are intended to be targeted, for firms to consider any specific rules that they will need to comply with in the applicable jurisdiction.


Above all, if financial organisations want to fully harness the potential of social media, they need to spend time and effort creating a social media strategy which has the full backing of relevant stakeholders. When pulling together their strategy, firms will need to take into account all relevant legal & regulatory issues, but they will also need to consider wider factors such as:

  • what they want to stand for in social and what they want to use social media for? What value will it bring to the company? What value will it bring to their customers?
  • understanding social media across all business lines – it’s no longer just a marketing issue;
  • understanding their audience and relevant influencers (e.g., bloggers, journalists, forums, etc.);
  • putting in place adequate and appropriate resources, policies and procedures to manage social media activities;
  • thinking like a publisher – what is engaging content for customers and influencers?; and
  • how they can respond quickly and appropriately to online criticism.


As a result of the recent financial crisis, consumers’ trust in financial organisations is at an all-time low and so it is increasingly difficult for financial organisations to get the positive attention of consumers. New competitors (e.g., from retail and telecoms, as well as start-ups) are moving into the FS market, many of which may be more agile and better equipped in terms of a digital strategy than the traditional finance brands. Social media provides great opportunities for firms to engage with customers in a new and interactive way and whilst organisations need to be careful to comply with the relevant laws and regulations, they need to get on board, and fast, if they want to be one of the winners in the new digital world.

Socially Aware editor John Delaney will be speaking at the BITS Social Media Risk Management Forum on July 31, 2013, at the Four Seasons Georgetown Hotel in Washington, D.C. John will be participating in a panel discussion on social media-related business and legal risks for financial services companies, and strategies for mitigating such risks. For more information or to register for the event, click here.

Article courtesy of Morrison & Foerster’s Mobile Payments Practice

On May 30, 2013, the California Department of Financial Institutions (CADFI) issued a cease and desist letter to Bitcoin Foundation, a not-for-profit organization established to standardize, protect and promote the use and adoption of Bitcoin. CADFI stated in its letter that Bitcoin Foundation “may be engaged in the business of money transmission without having obtained the license or proper authorization required by” California’s Money Transmission Act. CADFI’s issuance of the letter, the Financial Crimes Enforcement Network’s (FinCEN) recent guidance regarding virtual currencies and the subsequent asset seizures of prominent Bitcoin exchanges all reflect increased scrutiny of the use of virtual currencies.


CADFI’s letter notes that Bitcoin Foundation may be in violation of California’s money transmitter licensing law (Cal. Fin. Code § 2030), as well as federal statutes that impose penalties for the failure to have a required state money transmission license and the failure to register as a money transmission business. (18 U.S.C. § 1960, 31 U.S.C. § 5330.)

Section 2030 of the California Financial Code prohibits persons from engaging in “the business of money transmission in California without first obtaining a license from the Commissioner of Financial Institutions.” A person in violation of this statute may be subject to civil money penalties under § 2151, and possibly criminal prosecution under § 2152. The California Attorney General may also sue under §§ 17200, 17205 and 17206 of the California Business and Professions Code.

In addition, CADFI noted that under 18 U.S.C. § 1960, it is a felony to own, control or conduct the business of money transmission without the appropriate state license, or without registering with FinCEN. Violations of this Section are punishable by “up to 5 years in prison and a $250,000 fine.” CADFI stated that this same activity without a license is also a “felony under California law, pursuant to [California] Financial Code § 2152(b).”

CADFI requested that Bitcoin Foundation “advise [it] in writing within [20] days” of the date of the letter regarding the “steps [] taken to comply with [CADFI’s] order.” In addition, CADFI noted that “[n]othing in [its] letter is intended to affect any legal remedies, criminal or civil, which the State of California or the Commissioner might pursue for past or future violation of [the] laws [cited].”


Introduced in 2009, Bitcoin is a virtual currency that is controlled by a software algorithm (“Bitcoin Algorithm”) running on the Internet. Both the creation and transfer of Bitcoins is performed by this algorithm. Bitcoins are created by a procedure called “mining,” where users provide their computer resources to help the Bitcoin Algorithm process Bitcoin transactions. In exchange, users are compensated with Bitcoins. The Bitcoin Algorithm restricts the total number of Bitcoins to be “mined” to 21 million Bitcoins. Currently, there are approximately 11 million mined Bitcoins that are in circulation.

Like other forms of currency, Bitcoins can be exchanged for goods and services. However, the value of a Bitcoin (how many goods or services can be exchanged for a Bitcoin) is volatile. This volatility is attributable to the fact that, unlike currencies like the U.S. dollar or the Euro, which are issued by their respective governing bodies, Bitcoins are not supported by any sovereign entity. As a result, the value of a Bitcoin is driven and determined by public perception.

Since Bitcoin’s inception, the virtual currency has been gaining popularity and acceptance. Currently, several Bitcoin exchanges and payment websites allow users to exchange (buy and sell) Bitcoins with popular currencies, such as the U.S. dollar. In addition, some merchants, both online and in person, are beginning to accept Bitcoins as an alternative to traditional currencies for payment. The value of a Bitcoin has fluctuated from about $0.0025 since its inception to a high of about $266 on April 10, 2013. The current value is approximately $78 per Bitcoin.

Why Do Individuals Use Bitcoin?

A major reason why individuals may prefer to use Bitcoin transfers instead of traditional electronic transfers is for anonymity and privacy. Bitcoins are transferred from peer to peer without the need for an intermediary financial institution to process payments. The Bitcoin-transmitting party merely needs to know the receiving party’s Bitcoin address to execute a transfer. In contrast, when a traditional payment card is used to make a transaction, there typically are records identifying the transferor, transferee and the amount transferred. Because Bitcoin transfers do not rely on established payment systems to process transactions, Bitcoin transfers allow the transferor and transferee to remain anonymous.

Concerns Driving Regulatory Interest

In issuing the cease and desist letter to Bitcoin Foundation, CADFI was likely concerned about the same aspects of Bitcoin that attracts its users—anonymity and privacy. Specifically, the concern regarding the anonymous aspects of Bitcoin is its potential for facilitating criminal activity, money laundering and illegal transactions. On the other hand, by classifying Bitcoin Foundation as a money transmitter and, by extension, classifying the transfer of Bitcoins as transmission of money, CADFI can subject Bitcoin Foundation to the same requirements as traditional money transmitters. The resulting mandatory record keeping could significantly diminish the anonymous aspects of Bitcoin, and in turn diminish the attractiveness of using Bitcoin for the transfer of funds related to criminal activity.


On March 18, 2013, FinCEN issued interpretive guidance, entitled “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies.” The guidance is intended by FinCEN to clarify the applicability of the Bank Secrecy Act (BSA) and its implementing regulations to persons creating, obtaining, distributing, exchanging, accepting or transmitting virtual currencies. The guidance addresses “convertible” virtual currency, which is described as a type of virtual currency that either has an equivalent value in real currency, or acts as a substitute for real currency.

The guidance defines “users,” “administrators” and “exchangers” of convertible virtual currency and explains which of these participants in a virtual currency environment is a Money Services Business (MSB) for purposes of the BSA and FinCEN’s implementing regulations. Under the guidance, an administrator or exchanger that accepts and transmits a convertible virtual currency, or that buys or sells convertible virtual currency for any reason, is a money transmitter under FinCEN’s regulations (unless a limitation or exemption from the money transmitter definition applies). The guidance also explains that accepting and transmitting anything of value that substitutes for currency makes a person a money transmitter under the BSA’s implementing regulations.


Since FinCEN’s virtual currency guidance was issued, U.S. regulators have seized assets of several virtual currency exchanges. Notably, on May 14, 2013, one of the world’s largest Bitcoin exchanges, Mt. Gox, had its U.S.-based assets seized by U.S. authorities.

FINRA, having enacted new communications rules that specifically reference electronic communications, having issued two Regulatory Notices (linked here and here) providing guidance to the securities industry on social media, and having made social media and electronic communications exam priorities in two of the last three years, is now taking the next logical step:  conducting a sweep of broker-dealers to determine their compliance with the communications rules. In posting a Targeted Examination Letter—otherwise known as a sweep letter—on its website, FINRA invoked Rule 2210(c)(6), which provides for periodic spot checking by FINRA of firms’ written (including electronic) communications.

FINRA’s sweep letter seeks, among other things:

  • An explanation of how the firm is using social media at the corporate level in the conduct of its business;
  • An explanation of how the firm’s brokers generally use social media in conducting the firm’s business;
  • The firm’s written supervisory procedures concerning production, approval and distribution of social media communications; and
  • An explanation of how the firm monitors compliance with the firm’s social media policies.

If past experience is any guide, FINRA likely will review the information with an eye to both establishing a baseline of current industry adherence to the communications rules and guidance, and to developing individual informal or formal disciplinary responses to firms whose procedures are seriously deficient. The sweep letter includes a request for information about the firm’s top 20 producing brokers who used social media to interact with retail investors. FINRA probably believes that, in view of these brokers’ levels of activity, examiners are more likely to find that some of these brokers failed in some way to comply with FINRA rules—such as FINRA content standards, or approval, review, recordkeeping and filing requirements—with respect to their use of social media to communicate with customers. FINRA might well seek to develop formal disciplinary actions against some of these brokers.

As the firms that received this request gather responsive information, they should take a comprehensive look at their procedures for approval and review of communications using social media, and should determine whether these procedures are adequately documented, and whether their registered representatives, associated persons and compliance officers are adequately trained to apply these procedures. MoFo’s recent Guide to Social Media and the Securities Laws, and recent related presentation, are convenient places to start.