In an important step forward, the House is set to vote on a bill that would establish a comprehensive regulatory framework for digital assets and offer important protections for customers. It could be improved by expressly discarding Howey, Reves or similar inherently ambiguous tests when it comes to categorizing digital assets.

The Financial Innovation and Technology for the 21st Century (FIT 21) Act is expected to receive a vote on the House floor this week. Though facing an uphill road in the Senate and a potential presidential veto if it gets that far, the effort marks what would be the most significant milestone to date to establish a much-needed comprehensive U.S. regulatory framework for digital asset markets. Simply bringing the bill to a vote on the House floor reflects the importance many members of Congress place on this issue.

The FIT 21 Act is the latest congressional attempt to craft a statutory regime that would provide the regulatory clarity needed for a digital asset ecosystem to meaningfully develop in the United States. The bill—which passed out of both the House Financial Services and Agriculture Committees last summer with bipartisan support—tailors for digital assets existing market regulation and closes regulatory gaps. While the bill likely needs further consideration, its central premise—that legacy regulatory frameworks need a thorough update to sensibly address digital assets—is the right path forward.

Below we provide our thoughts on why legislation is needed, discuss key aspects of how FIT 21 would work and offer some suggestions for how the bill could be improved. At the end of this update, we have included blacklines to assist readers in identifying how the bill has changed since passing the two House committees last summer and how it would modify existing laws.

Why new rules are urgently needed

The uncertainty surrounding the regulatory framework for digital assets confounds entrepreneurs, small businesses and large public companies, and continues to divide regulators and financial services experts. This ongoing ambiguity and absence of clear, functional regulations have yielded: weakened consumer confidence and protection, missed investment opportunities, reduced economic activity and needless barriers to the nation’s global competitiveness.

At the root of the problem lies this simple observation: the current regulatory framework for our securities and commodities market structure simply was not designed for and does not work for digital assets. We’ve all heard the SEC’s suggestion to just “come in and register.” But the admonition is an oversimplification that conflates registration, which may theoretically be possible, with compliance, which is not. It’s likely for this reason that SEC Chair Gensler had previously testified before Congress that digital asset exchanges “do not have a regulatory framework either at the SEC or [CFTC]” and that new legislation was needed—before changing his view that the existing securities laws suffice. The Financial Stability Oversight Council has also specifically recommended that Congress close the regulatory gap that exists for non-security digital asset spot markets.

We’ve explained in many places why “come in and register” is not realistic, including before Congress here (Zach Zweihorn) and here (Joe Hall). Market participants themselves have raised scores of unanswered questions that demonstrate why existing legislation and the SEC’s existing rulebook is unworkable for digital assets—leaving legitimate businesses who seek to register in an impossible position.

Put simply, the regulatory obligations that attach to transactions in securities make it impractical to use them for everyday commercial purposes—as a means of payment or transmission of value, or for uses like peer-to-peer lending, file storage or gaming. This is because “issuers” of securities are subject to extensive requirements, including registration and ongoing disclosures and financial reporting, that are a poor fit for digital assets that do not grant their holders any claim or interest in an “issuer’s” financial assets or performance—especially in cases where it is not clear if there even is an “issuer.”  Additionally, secondary-market transactions in securities are subject to a framework in which intermediaries who trade or facilitate trading in securities, clear transactions in securities, effect transfers of securities or custody securities for third parties, are subject to extensive regulation and supervision by the SEC and self-regulatory organizations under SEC oversight. This framework was designed to oversee securities transactions but is not workable for simple commercial activities like a consumer’s sending a payment with a widely available medium of exchange.

Basic overview of how the bill works

The organizing principle for FIT 21 is to divide primary regulatory responsibility over transactions in digital assets between the CFTC and SEC, with the allocation of responsibilities turning on factors such as:

  • the level of decentralization and functionality of the digital asset’s associated blockchain system;
  • how the digital asset is acquired (e.g., as part of a capital-raising primary offering, an airdrop or a secondary-market transaction on a CFTC-regulated platform); and
  • who holds the digital asset (e.g., an issuer vs. an unaffiliated third party).

These factors determine whether a digital asset is a “restricted digital asset” subject to SEC jurisdiction or a “digital commodity” subject to CFTC jurisdiction.

FIT 21 seeks to regulate a digital asset from its inception through the launch or evolution of a functional, decentralized blockchain-based network or application (called a “blockchain system” under the bill). For example, SEC-style disclosure-based regulations would apply to transactions (including “initial coin offerings”) prior to the time a functional system exists, in a manner similar to the way an offering of traditional equity securities is regulated. Qualified, would-be purchasers would receive disclosure to be able to assess digital assets that are unproven and still subject to the significant potential for control or influence by insiders such as founders. Those disclosure requirements are supplemented by restrictions on sales by persons with control of the blockchain system. Digital assets under this regime are considered “restricted digital assets” in the hands of particular holders, and may still be securities, but would be subject to digital asset-specific disclosure and other requirements as provided under the bill.

Next, FIT 21 creates a certification process whereby any person can file a certification to the SEC setting forth that a blockchain system satisfies the applicable criteria to be treated as a decentralized system. A blockchain system for which a certification has been filed is subject to a rebuttable presumption of being decentralized and automatically effective in 60 days unless the SEC rejects or stays the filing. After a particular digital asset’s blockchain system is certified as a decentralized system, the bill provides that the digital asset becomes a “digital commodity” that is exempt from the SEC-style regime. At that point the applicable regulatory regime shifts to one modeled on CFTC-style conduct-based standards. As a digital commodity, the relevant digital asset may be traded freely by non-insiders on CFTC-regulated digital commodity exchanges and through CFTC-regulated spot transactions, and insiders gain more flexibility to transact in that digital commodity (though the digital commodity may still be restricted for certain insiders, such as issuers).

Through this whole-lifecycle approach, FIT 21 proposes a hybrid model under which the initial offer or sale of a digital asset requires appropriate disclosures and trading restrictions but then, once the blockchain system to which a digital asset relates is deemed decentralized and functional, its regulatory treatment evolves such that its trading would be regulated by the CFTC and subject to appropriate conduct restrictions.

We provide additional detail on key aspects of the bill in the following sections.

Answering the question: “what is it?”

The FIT 21 Act divides digital assets into three categories: digital commodities, restricted digital assets and permitted payment stablecoins. The bill focuses on the first two categories and allocates primary regulatory authority over digital commodities to the CFTC and over restricted digital assets to the SEC.

The bill also specifies how permitted payment stablecoins could be traded through CFTC- and SEC-registered intermediaries, subject to the respective regulator’s broad anti-fraud authorities, while leaving a regulatory framework that is more directly focused on payment stablecoin issuers for another bill, such as the Clarity for Payment Stablecoins Act of 2023.

Though it raises some questions and has room for improvement (discussed below), FIT 21 seeks to side-step the unworkable Howey test by creating new categories for digital assets.

The bill uses three key concepts to differentiate stages of the digital asset lifecycle:

  1. the type of holder of the digital asset; 
  2. the development status of the related blockchain system; and
  3. the type of distribution in which the holder receives the digital asset.

 

 DescriptionDefinition
Holder
Digital asset issuerA developer who sells digital assets or the rights to digital assets that they create.Any person that, in exchange for any consideration, issues or causes to be issued a digital asset or offers or sells a right to a future digital asset issuance. A digital asset issuer does not include any person solely because that person deploys code that issues digital assets only in end user distributions.
Affiliated personA person in a control relationship with a digital asset issuer or who owns a significant portion of a particular digital asset.A person that controls, is controlled by, or is under common control with an issuer (or was in the past three months) or beneficially owns 5% or more of the outstanding units of a digital asset (or did in the past three months).
Related personA person who works for or otherwise exerts influence on a digital asset issuer or stands to benefit from a digital asset in a unique manner due to their connection with the digital asset issuer.

A related person to a digital asset issuer is any one of:

  • a founder, promoter, employee, consultant, advisor or similar person;
  • a person that is or was in the past six months an executive officer, director, trustee, general partner, advisory board member or similar person;
  • an equity or other security holder; or
  • a person who received a digital asset issuer’s digital asset in an exempt offering or non-end user distribution.
Development Status
Decentralized systemA blockchain system is decentralized if it is not subject to significant influence by the digital asset issuer and does not uniquely benefit the digital asset issuer.

A blockchain system is a decentralized system if:

  • during the past 12 months no person has had the unilateral authority to control the function of or restrict access to participation on the blockchain system;
  • during the past 12 months no issuer or affiliated person beneficially owned 20% or more of the freely transferrable digital assets (unless the digital asset does not include voting power) or could unilaterally direct 20% or more of the voting power;
  • during the past three months no issuer, affiliated person or related person contributed to the source code of the blockchain system unless adopted through decentralized governance or to fix bugs;
  • during the past three months no issuer or affiliated person marketed the digital asset; and
  • during the past 12 months there were only end user distributions.
Functional systemA blockchain system on which related digital assets serve a purpose on the system.

A blockchain system that allows its participants to use the relevant digital asset for:

  • the transmission and storage of value on the system;
  • participation in services running on the blockchain system; or
  • participation in the blockchain system’s decentralized governance system.
Distribution  
End user distributionA widespread distribution of digital assets to users of the blockchain system, rather than to raise investment capital or to develop the blockchain system (e.g., airdrops).

Issuance of a digital asset for no more than a nominal consideration and in a broad, equitable and non-discretionary manner:

  • to users of the digital asset or its blockchain system;
  • for activities directly related to the operation of the blockchain system; or
  • on a pro rata basis to holders of another digital asset.

 

These concepts are used to distinguish restricted digital assets from digital commodities. “Restricted digital asset” refers to three categories of digital assets:

  • Category 1
    • Development Status: prior to the first date on which each related blockchain system is a functional system and is certified as a decentralized system
    • Holder: not the issuer, a related person or an affiliated person
    • Distribution: distribution other than an end user distribution or a transaction not executed on a CFTC-registered digital commodity exchange
  • Category 2
    • Development Status: any period when any related blockchain system is not a functional system or is not certified as a decentralized system
    • Holder: affiliated person or related person
    • Distribution: any
  • Category 3
    • Development Status: any
    • Holder: digital asset issuer
    • Distribution: any

All other digital assets are categorized as either a permitted payment stablecoin or a digital commodity.

Because the criteria for being a restricted digital asset include factors that can change over time based on the development status of the related blockchain system and the type of holder, each particular unit of a digital asset can transition between being a restricted digital asset and a digital commodity.

Tailoring the regulatory framework for the attributes of digital assets

FIT 21 takes a thoughtful approach to bridging the gap between traditional financial (TradFi) regulatory frameworks and novel digital asset markets. A foundational design choice of the bill is that it tailors existing market regulation and closes regulatory gaps, rather than establishing a new regulatory regime from scratch. One regulatory gap that the bill does not significantly address is how decentralized finance (DeFi) would (or could) be regulated.

An often-insurmountable obstacle to compliance for digital asset market participants in the United States is the effective impossibility of fitting the novel aspects of digital assets and their blockchain systems into compliance with decades-old securities law requirements intended for traditional securities like stocks and bonds. To address this roadblock, the bill would make changes and additions to traditional disclosure, intermediary and other rules to tailor them to better fit digital assets while retaining the benefits of those rules.

FIT 21 accomplishes this by adding a series of new registration categories for digital asset intermediaries to the existing securities and commodity derivatives laws that roughly mirror the categories for existing TradFi intermediaries. The SEC would be responsible for regulating digital asset brokers, digital asset dealers and digital asset trading systems. The CFTC would be responsible for regulating digital commodity brokers, digital commodity dealers and digital commodity exchanges. The bill also specifies that certain regulated entities may qualify as qualified digital asset custodians and qualified digital commodity custodians (collectively, qualified custodians), described below.

The bill seeks to bolster regulatory cooperation by requiring the SEC and CFTC to develop joint rules that specify how entities may dually register with both agencies. Dual registration could avoid the problem of market fragmentation that may arise if restricted digital assets and digital commodities could not be traded on the same platform. The bill attempts to mitigate implementation and compliance difficulties by requiring the SEC and CFTC to engage in a joint rulemaking to relieve regulatory burdens and mitigate redundant and/or unduly burdensome requirements resulting from dual registration. The extent to which dually registered intermediaries may benefit from regulatory relief thus will depend on the effectiveness of the implementing rules. Agencies have historically struggled to allocate jurisdiction among themselves, and the already-brewing turf war between the SEC and CFTC may make it difficult for them to reach the compromises necessary to successfully issue joint rulemaking.

In light of the time it would take for the SEC, CFTC and related self-regulatory organizations to adopt required rules and regulatory structures, FIT 21 creates a preliminary “notice of intent to register” regime for each of the new SEC and CFTC registration categories. This pre-registration path requires intermediaries to satisfy certain disclosure and operational standards on an ongoing basis, including registration with a registered national securities association or registered futures association. Compliance with these requirements exempts digital asset intermediaries from complying with the SEC’s existing registration categories with respect to digital asset activities.

Consumer protections

Because FIT 21 incorporates its new registration categories for market intermediaries into the existing regulatory frameworks established under the securities and commodity derivatives laws, digital asset intermediaries would become subject to a wide array of existing consumer protections. For example, both the securities laws and commodity derivative laws grant private rights of actions to customers so that they may recover against intermediaries who violate the law. FIT 21 would further supplement these generally applicable protections by imposing anti-fraud protections and requiring the SEC and CFTC to issue additional digital asset-focused anti-fraud rules.

Below we discuss some additional digital asset-focused consumer protections included in the bill.

Disclosure requirements

FIT 21 lays out a more tailored and technically appropriate disclosure framework for digital assets than the legacy standard for traditional securities, which tends to be unhelpful and often impracticable when applied to digital assets. For digital assets listed on CFTC- or SEC-regulated trading platforms, the bill requires disclosure and certification of information relating to a digital asset or its related blockchain network’s (i) source code, (ii) digital asset economics, and (iii) plan of development, or roadmap, to decentralization, among other things.

Brokers and dealers in restricted digital assets and digital commodities are required to register with an appropriate self-regulatory organization, which includes compliance with the customer disclosure and protection rules of those organizations. At the pre-registration stage, digital asset intermediaries are also required to make specific disclosures to customers regarding the risks of the assets and transactions they are entering into as well as the custody arrangements used by the intermediary.

Custody

One reason the effort to regulate digital assets under existing securities laws fails is that there are no workable broker-dealer custody rules that are compatible with trading models that leverage real-time settlement. The SEC’s Customer Protection Rule (Rule 15c3-3) requires broker-dealers to “obtain and … maintain the physical possession or control” of customer securities. To date, the SEC staff has generally interpreted physical possession or control as not being satisfied by a broker-dealer holding private keys, or holding through other sub-custodians that themselves hold the private keys. The bill would require the SEC to consider registered SEC-intermediaries to have control of restricted digital assets if the restricted digital asset is held with a qualified digital asset custodian. Similarly, CFTC-registered intermediaries are required to hold digital commodities with a qualified digital commodity custodian.

To be a qualified custodian, an intermediary must:

  • be supervised by a federal banking agency, the National Credit Union Administration, the CFTC, the SEC or an appropriate state or foreign regulator;
  • share certain information with the CFTC or SEC, as appropriate; and
  • be subject to “adequate supervision and regulation,” including with respect to capital, books and records, disclosure, audited financial statements and other requirements designed to protect customer assets.

Digital asset intermediaries are also generally prohibited from commingling customer assets with proprietary assets, subject to exceptions, such as de minimis amounts for paying transaction fees (i.e., gas). In addition, assets held by SEC- and CFTC-registered digital asset intermediaries are deemed to be customer assets—meaning that they generally should not be reached by that entity’s creditors. 

AML requirements for intermediaries

Just as SEC- and CFTC-registered digital asset intermediaries would become subject to the existing securities and commodity derivatives laws (as modified to better address digital assets), they would also become subject to existing anti-money laundering (AML) requirements. These intermediaries would be treated as “financial institutions” for purposes of the Bank Secrecy Act (BSA).

As a result, like other financial institutions, registered digital asset intermediaries would be required to implement a risk-based AML program designed to prevent the intermediary from being used to facilitate illicit financial activities. They would also be required to file suspicious activity reports for suspicious transactions conducted using their services. Treatment as “financial institutions” under the BSA also provides the Financial Crimes Enforcement Network (FinCEN) with the opportunity to subject registered digital asset intermediaries to additional AML-related requirements that apply to certain categories of financial institutions, such as the Customer Identification Program and Customer Due Diligence Rules.

Areas for improvement

In creating a hybrid structure that allocates responsibility between the SEC and CFTC, FIT 21 attempts to avoid the intractable question of whether a particular digital asset is an investment contract under Howey. (We’ve previously discussed why Howey is unsuited for digital assets in the context of other legislative proposals here.) On its face, side-stepping Howey by introducing new categories for digital assets would be a welcome respite for digital asset market participants. But the reality is more complicated. Fortunately, some of these issues can be resolved with relatively simple drafting fixes.

First, the bill leaves open a potential backdoor for the SEC to continue to assert that most digital assets are securities under Howey. Title II of the bill, entitled “Clarity for assets offered as part of an investment contract,” seems intended to specify that digital assets sold pursuant to an investment contract—termed “investment contract assets”—are not themselves securities under the federal securities laws, similar to an approach taken in a legislative proposal by Senators Lummis and Gillibrand. But the definition of “investment contract asset” that FIT 21 would add to the definition of security under the federal securities laws includes a carve-out for digital assets that are “otherwise a security pursuant to” the existing definition of “security” under the Securities Act of 1933—a definition that includes “investment contracts” as securities. This could permit the SEC to make the same argument that it does today—that most digital assets are investment contracts because holders may expect to profit from the efforts of another person.

The SEC would also be free to take the position that many crypto tokens—such as those that can be staked and offer some form of return of financial value to the holder—are not subject to the bill in the first place, and thus fall outside the “digital commodity” paradigm. This is because the bill’s definition of “digital asset” excludes “any note,” meaning that a digital asset that the SEC could claim is a note that is a security under Reves would not be a “digital asset” or, in turn, a “digital commodity.” Indeed, such assets would not even be “restricted digital assets,” and so all of the tailored provisions of the securities laws applicable to digital assets and digital asset intermediaries described above would not apply.

But even if Howey and Reves are successfully removed from the equation, the analytical framework proposed to replace them introduces new uncertainties. The bill introduces a complex decentralization test that itself contains elements of subjectivity, together with objective components that may be unknowable for certain digital assets and hard-wired standards that, when tripped, can result in the sudden recharacterization of a digital asset. Moreover, while the bill provides a theoretical framework for resolving the turf war between the SEC and CFTC, or at the very least attempts to create a safe harbor for those digital assets that might still be securities, it suffers in practice by providing the SEC with near-unchecked veto power to deny the certification of a digital asset as decentralized and thereby keep the relevant digital asset within the SEC’s jurisdiction.

FIT 21 also introduces other new complexities that would have to be addressed in implementing regulations. For example, because the restricted digital asset versus digital commodity distinction depends in part on the status of the holder (i.e., whether they are the issuer) and how the holder received the digital asset (i.e., whether it was received in an end-user distribution), one unit of a digital asset could be considered a restricted digital asset while another unit of the same type of digital asset in the hands of another person could be considered a digital commodity. The result is that two identical and otherwise fungible assets could be required to be traded on different systems and with different disclosure and other requirements. Unless the SEC and CFTC issue rules to harmonize their approach, this conflict could undermine the intended fungibility of these assets.

Blacklines

We have included the following blacklines to assist readers’ understanding of the bill.

Prior versions of the bill

 

Proposed amendments to existing laws

 

Check out Davis Polk’s Crypto Regulation Hub for links to congressional proposals related to the regulation of digital assets and other helpful materials


This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.