The RFIA would define consumer protection standards for digital assets and introduce new requirements regarding digital asset use in interstate money transfers.

By Jenny Cieplak, Parag Patel, Barrie VanBrackle, and Deric Behar

Latham & Watkins presents a blog series on the Responsible Financial Innovation Act, which was introduced in the US Senate on June 10, 2022, to create a framework for digital assets, cryptocurrency, and blockchain technology. This second post in the series covers consumer protection and state money transmission laws.

Consumer Protection: Disclosures

Consumer Protection issues are covered in Title V of the bill (Responsible Consumer Protections) of the Responsible Financial Innovation Act (RFIA). The RFIA’s customer protection standards are to be enforced by the federal or state licensing, registration, or chartering authority of a digital asset intermediary, or by the appropriate state or federal banking supervisor if a depository institution or other financial institution.

The RFIA would add a new Section 9802 to Chapter 98 of Title 31, United States Code, that would define consumer protection standards for digital assets. A customer agreement would need to be provided whereby the person or protocol providing digital asset services (i.e., intermediaries, financial institutions, and other authorized service providers) must disclose the scope of permissible transactions that can be performed with the customer’s digital assets. A digital asset service provider would need to give notice to a customer regarding the following:

  • Material updates or changes in the source code version of a digital asset that could include security vulnerabilities
  • Whether a customer’s digital assets are segregated from other costumer assets
  • How the customer’s assets would be treated in a bankruptcy or insolvency proceeding of the service provider, and the risk of loss
  • The process (including time and manner) for the return of digital assets upon request of a customer
  • Fees
  • Dispute resolution processes

Furthermore, the RFIA would require that a digital asset service provider that provides lending services must clearly disclose the terms of such services to the customer prior to lending. (The lending arrangements to be disclosed include the terms and risks, yield and the manner in which the yield is calculated, collateral requirements and policies, and mark-to-market and monitoring arrangements.) Similarly, a digital asset service provider that engages in rehypothecation of customer assets would need to clearly disclose such arrangements to the customer prior to doing so and receive the customer’s affirmative consent.

Customers may choose to self-custody any digital assets they legally own, posses, or control. Customers would not be required to use third-party intermediaries for safekeeping, although they would be free to enter into an agreement to do so.

Forks, Settlement Finality, and Safekeeping

The RFIA would require that digital asset service providers agree in writing with their customers on the source code version of each digital asset. It would also require providers to adopt and maintain standards for changes to the supported version of a digital asset if there are changes to the validation rules associated with such digital asset. The bill states that such standards shall include customer notice and approval “as appropriate based on the circumstances.” This customer notice and consent guidance is likely designed for situations such as the much-discussed change from the Ethereum network from proof-of-work to proof-of-stake, but service providers may need more guidance regarding what circumstances would actually require such notice and approval.

The bill also states that digital asset service providers may not “capriciously redefine a digital asset or the corresponding source code.” However, not discussed in the bill is what happens when a digital asset service provider ceases supporting a particular digital asset, or version thereof. The customer notice requirements described above could also include the digital asset service provider’s process for return of such digital assets.

Digital asset service providers would also need to agree with customers on the terms of settlement finality for all transactions, including the conditions for when a digital assed is deemed fully transferred, the exact moment of when transfer occurs, the discharge of any obligation upon transfer, and conformity with the Uniform Commercial Code. Such agreements would be an important step towards solving the question of settlement finality on distributed networks, but of course do not solve the larger problem of what constitutes a final on-chain settlement between pseudonymous counterparties.

State Money Transmission Laws and Digital Assets

Title VIII of the RFIA (Responsible Interagency Coordination) contains a section that bears on digital asset use in interstate money transmission. Section 803 of the RFIA would require that within two years from the date of enactment, state bank supervisors adopt standards relating to the treatment of digital assets under state money transmission laws that are “substantively consistent” among one another. Standards should address topics such as:

  • potential licensing for digital assets;
  • treatment of payment stablecoins;
  • the extent to which such standards would apply to persons or software that engage in validation of transactions, non-custodial wallet providers, or software or hardware development;
  • tangible net worth and permissible investment requirements;
  • disclosures, reporting, and recordkeeping; and
  • common examination and examiner training standards (including common customer identification, anti-money laundering, and sanctions best practices developed in consultation with the Financial Crimes Enforcement Network and the Office of Foreign Assets Control)

If a state has not adopted uniform money transmission standards, the Consumer Financial Protection Bureau (CFPB) is authorized to adopt the predominant uniform standards for that state. However, the CFPB may allow a state more time to meet the uniform standard if the state demonstrates a good-faith effort towards implementation. The CFPB may also promulgate regulations to monitor state compliance with the goals of this section of the RFIA.

Consistency among state regulatory agencies could certainly be helpful for nationwide digital asset service providers, but it is unclear whether states would be happy to provide such consistency or whether some states would wish to continue to pursue a stringent licensing regime while others would prefer to attract businesses by being less stringent.  It remains to be seen whether such harmonization would be a first step to a federal licensing regime or whether instead state-by-state registrations would become more burdensome for digital asset service providers.