There’s a centuries-old standard that tells us when regulation of crypto is justified

We explain in a comment letter on the IRS’s proposed broker rules, but the standard applies well beyond

Today Coin Center submitted a comment letter in the Treasury Department’s ongoing rulemaking on the definition of “broker” for third-party tax reporting purposes. In brief, we argue that the definition thus far proposed by the Department is far too broad. It would compel mere software developers to collect sensitive personal information about the users of their software and report that information to the IRS. Our comment letter explains why that breadth runs counter to the clear statutory authority Congress set out in the Infrastructure Investment and Jobs Act and also explains why such a broad standard would be an unconstitutional compulsion of speech and an unreasonable search and seizure of the records of both software developers and users of said software.

Rather than rehashing and summarizing those statutory and constitutional arguments here, I’d like to use this post to discuss the applicability of the argument we make to even bigger fundamental questions about the limits of reasonable regulation in the context of crypto and software development generally.

What do those limits look like today?

  • Existing standards for state money transmission licensing and federal money service business registration (KYC/AML obligations) are very reasonable. They focus on actual control over customer assets, as we have long advocated should be the case.
  • Securities laws apply to issuers based on the Howey test, a flexible standard that—when narrowly interpreted—is reasonable in so far as it focuses on actual promises to undertake efforts on behalf of profit-expecting investors. But that standard is probably too flexible with respect to vague and implicit promises and highly subjective investor expectations, and its ultimate interpretation remains in flux at the courts. If stretched too far securities laws could wrongly obligate mere software developers to file disclosures as issuers with the SEC. Securities laws can also apply to exchange-related activities based on the definition of “exchange” in the Exchange Act, and also based on the rules issued by the SEC interpreting that act. Last year the SEC issued a proposed rule that would redefine “exchange” to include anyone who ‘makes available a communications protocol that brings together buyers and sellers’ of securities. As we commented at the time, that proposed standard is drastically overbroad because “making available a communications protocol” is just a complicated way to say “publishing code.”
  • Commodities futures trading laws apply only to persons dealing in derivatives and should in theory also be reasonably limited to persons who are exercising efforts on behalf of a trader rather than mere providers of generally available software tools that traders happen to use. Former Commissioner Brian Quintenz agreed with that perspective when we pressed for clarity and so do others, but more recently the Commission announced a series of settlements with software developers that somewhat ambiguously describe a much broader standard for applicability and culpability.

At the end of the day, are all these standards unique to their relevant subject matter (e.g. investor protection vs. AML/KYC)? Or can and should we distill a common standard that is the reasonable limit of any type of permission-based regulation? We think we can and the broker rulemaking gave us an opportunity to think deeply about it.

As mentioned, we have long agreed with the actual custody and control standard articulated by the Uniform Law Commission’s model state licensing law and echoed in FinCEN’s excellent virtual currency guidance of 2019. However, that standard does not entirely make sense in the context of tax, securities, and commodities laws because traditional issuers, brokers, and securities and commodities exchanges often never have custody or control of the assets they issue or deal in, and yet these entities are, reasonably, the subject of longstanding tax-reporting and investor protection regulations. So if the limit of regulatory obligations is not just custody, what should it be? In our broker comment we offer an alternative: the existing standard for brokers!

The existing standard, in a nutshell, asks if the person to be regulated is either an agent of the customer or a principal in a sale to the customer. The existing standard reflects common law principles of agency, privity, and fiduciary duty. These principles have worked for centuries to determine when a person is actually in a position of trust vis-a-vis their counterparty or customer and it is that position of trust that justifies regulatory oversight and legal obligation. Persons who merely make available software (or any other speech for that matter) are not in a position of trust and should never, therefore, be the target of permission-based regulation. To target them is to target our freedom of expression itself.

As we explain in detail throughout our broker comment, this standard fits neatly with the Constitution, both our First Amendment speech rights but also, interestingly, our Fourth Amendment jurisprudence on when it’s reasonable for the government to collect records from businesses without a warrant. Regulating persons who publish software tools but who have no agency relationship with the user of those tools is unconstitutional under longstanding First Amendment case law. However, regulating persons who are engaged in actual conduct, like acting as an agent for a customer, tends to be constitutional even if said regulations modestly burden speech activities. Similarly, demanding the warrantless reporting of otherwise private records from persons who are not acting as agents of customers is unconstitutional under long standing Fourth Amendment case law, while collecting the records of banks who are also parties to the transactions they enable has historically been constitutional.

If we are looking for a limiting principle for regulation that is broader than mere custody and control, it’s there. In the next few months we anticipate reworking our broker comment into a larger report that delves into how an agency-based standard should be understood and why it is the most sensible and constitutionally sound limit to the sphere of permission-based regulation of crypto activities. If you want an already quite detailed preview of that report, I’d urge you to read our full comment to the Treasury Department.