The Importance of Being E-arnest in Online Contracting and other insights on recent regulatory and crypto happenings
Hey all,
Welcome to the next issue of Legal-tender: Your fin-tastic guide to the legal side of crypto and fintech. The last few issues have been heavily crypto-focused, so this issue will focus on non-crypto issues related to fintech (but also some crypto issues, especially with banking, because regulators and legislatures have been very active…)
Electronic contract formation: One recent and prominent case—the Celsius bankruptcy case—highlights the importance of ensuring you form an online agreement.
Iowa usury action (and not a true lender or Madden issue!)
Federal Reserve Board Governor advocates for greater direct oversight of third-party providers.
FTC statement on AI claims.
Recent crypto happenings, including Custoida updates, FDIC OIG Report Discusses Supervising Risks Posed by Digital Assets, and EU Blockchain Regulatory Sandbox.
Online Contracting
Creating enforceable terms of use and electronic customer agreements can be a real challenge for online businesses. There are a lot of variables at play, like how and when the terms are displayed and whether any changes have been made since the user initially agreed to them. And it's not enough to create a contract; you also need to keep a record of the process used to create it. That means elements like audit logs, versions of the screen as it looked when the customer formed the contract, and copies of the relevant agreements.
Why is all of this so important? Well, courts are paying closer and closer attention to the online contract formation process. They want to know that the terms and process are fair, clear, and enforceable. And if someone ever challenges whether a contract was entered into or the terms are enforceable, you'll likely need that evidence.
That's why I wanted to take a closer look at a recent case and what that case can tell us about what courts are looking for in online contracts. While companies might find it easier to skip the details of contract formation, doing so can leave them exposed.
Celsius Network bankruptcy decision finds Account Holders agreed to online terms; Earn Assets property of the Estates
In the recent decision in In re: Celsius Network LLC, the court had to determine the ownership of cryptocurrency in Earn Accounts. Celsius's terms of use were a decisive factor in the court’s conclusion that the contract terms unambiguously transferred all right and title of the digital assets to Celsius.
The Debtors asked the court to rule that the terms of use were an enforceable contract. To answer this, the court needed to determine two issues: (1) whether Account Holders accepted a contract that accorded title to and ownership of Earn Assets to the Debtors, and (2) whether the updated terms created an enforceable contract modification.1
To create a binding contract, you need an offer and acceptance, mutual consideration, and an intent to be bound. The court noted that these requirements apply to electronic contracts and contract modifications.
Acceptance of the terms of use
Offer and acceptance: The court noted that consumers generally have a passive role in online contracting. Therefore, courts often assess mutual assent by whether the consumer should have been aware that the terms would bind them. Lots of terms exist for this—”scrollwrap,” “clickwrap,” and “browsewrap” are the most common—and courts aren’t uniform in how they define or use these terms. Here, the court concluded that the terms are a “clickwrap” because the Account Holder needed to manifest consent by clicking a button confirming they accepted the terms. The Account Holder was not required to read the terms.
A related concept is how apparent it is to the user that the terms would apply to the user. To make this evaluation, courts assess various factors, including the term’s location, whether the hyperlink was in a different font or color, and the website’s overall appearance.
99% of Account Holders completed the sign-up process and assented to the terms. The court was unmoved by whether the Account Holders read the terms - “The Court empathizes with the frustrations Account Holders may feel if they did not read or understand the specific terms of the Terms of Use. Frankly, though, the rules provide needed certainty and predictability required for modern commerce in the digital era. The law in the Second Circuit is clear that clickwrap contracts such as the Terms of Use are valid and binding.” The court found that the parties mutually assented.
Consideration: For consideration, the court noted this requirement is not exacting, and courts seldom opine on whether consideration is adequate.
For consideration, the court notes that the terms identify the “benefit of the bargain." No party put forth evidence that consideration was not provided.
Intent to be bound: The court found that no party provided evidence that the Account Holders lacked the intent to be bound.
Therefore, the court found that the Debtors convincingly argued that the Account Holders accepted the terms via a clickwrap agreement. Next, the court analyzed whether Account Holders accepted the modifications.
Acceptance of modified terms
Each version of the terms allowed unilateral modification of the terms and stated that the Account Holders’ continued use following the updated terms constituted consent to the updated terms.
Notwithstanding the terms’ language permitting unilateral modification, the Debtors required all Account Holders to affirmatively accept version 6 of the terms. Version 6 then replaced the existing contract for any Account Holders who opened an account before version 6.
Account Holders had to accept version 6 on the Debtors’ platform. If an Account Holder did not affirmatively accept within two weeks, Debtors suspended the Account Holder’s account until the Account Holder affirmatively accepted the latest version of the terms of use.
The Debtors created a process to capture each Account Holder’s affirmative consent to version 6. This process included the following:
No matter how Account Holders accessed the platform, a pop-up window appeared stating, “We have updated our Terms.”
The pop-up noted, “[i]t’s tempting to skip reading Terms, but it’s important to establish what you can expect from continuing using our product. These are not all of the changes, please read the updated Terms in full.”
This text was followed by additional bullets and a hyperlink reading “Read the full Terms,” which linked to the full terms of use.
Underneath the hyperlink, the pop-up had three check boxes next to statements. One statement was, “I have read and agree to the new Terms.”
Further, the acceptance button included the word “Agree.”
The court found that updates to the terms constituted valid modifications of the terms that an Account Holder entered when creating an account with Celsius.
The court then reviewed the accepted terms and concluded that the Celsius contract terms unambiguously transferred all right and title of the digital assets to Celsius.
Interesting Usury Enforcement Action - Not True Lender or Madden!
In December, the Iowa Attorney General and the Iowa Division of Banking entered into an “Assurance of Discontinuance” (“AOD”) with TAB Bank of Ogden, Utah, under Iowa’s Consumer Credit Code (“ICCC”). Iowa alleged the bank imposed finance charges that exceeded 21%, the maximum amount allowed under the ICCC. But, you might ask, I thought banks could “export” their interest rates to other states? And the answer is “yes” for national banks, but “yes” for state banks except Iowa and Puerto Rico (note that this is a high-level summary; any specific fact pattern involving lending through or with a bank partner should be scrutinized by the relevant entities and outside counsel as necessary).
So why does Iowa enjoy this privilege? Congress passed the Depository Institutions and Deregulations Monetary Control Act of 1980, commonly shortened to “DIDMCA” (sounds like how it’s spelled 😀). Courts and regulators have interpreted DIDMCA as permitting state banks to export their interest rates to other states.
Congress included a provision in DIDMCA—Section 525—that allowed states to opt out of § 1831d. The state had to follow the requirements Congress set forth to opt out. Iowa did! (See 1980 Iowa Acts 1156 sec. 32). Other states did too - “Colorado, Maine, Massachusetts, North Carolina, Nebraska, and Wisconsin have previously opted out of coverage of section 27, but either rescinded their respective opt-out statutes or allowed them to expire.”2 Along with Iowa, as noted above, Puerto Rico is the other jurisdiction that remains opted out.
So because Iowa opted out of DIDMCA, state-chartered banks cannot export their interest rates to Iowa if the rates are higher than Iowa allows. Iowa alleges the bank did, through its service partner, and the bank agreed to stop making such loans. The bank will also make restitution to affected Iowa borrowers. Not your usual case of a regulator alleging interest rate/usury violations by an out-of-state lender or its partner.
Federal Reserve Board member advocates for shifting regulatory burden from community banks to third-party providers
In recent remarks, Governor Michelle W. Bowman addressed third-party risk management and concluded that “[i[n a world where third parties are providing far more of these services, it seems to me that these providers should bear more responsibility to ensure the outsourced activities are performed in a safe and sound manner.”
Governor Bowman discussed how community banks increasingly rely on third-party relationships to provide innovative and personalized products and services to their customers. Governor Bowman noted that the prudential regulators have taken steps to address this increased role:
In July 2021, the FRB, OCC, and FDIC released proposed interagency guidance for risk management of third-party relationships. Governor Bowman provided an update on its progress, stating that the agencies are considering comments.
In 2021, the FRB began providing state member banks with reports relevant to their third-party partners.
In August 2021, the FRB, OCC, and FDIC released a guide for community banks titled "Conducting Due Diligence on Financial Technology Firms."
Governor Bowman concluded her remarks by advocating that third-party providers bear more responsibility to ensure the services are provided in a safe and sound manner.
Key takeaway: Compliance is always essential. No unique insight there. But as prudential regulators continue to grapple with overseeing third-party vendors that are providing significant services on behalf of their bank partner, I expect that Governor Bowman’s advocacy will find support among her bank regulatory colleagues.
FTC Statement on AI Claims
The FTC is cautioning companies against overusing and misusing the term "artificial intelligence" in their advertising. While the FTC acknowledges that “AI” has ambiguous meanings and refers to various technological tools and techniques, some businesses may exaggerate their AI products' capabilities or make false claims. The FTC also expressed concern that some products with AI claims may not perform as advertised. Companies must understand their AI products’ risks and potential impacts before launching them and have sufficient evidence to support any comparative claims. Advertisers cannot blame third-party technology developers or say that they are not responsible because the technology is a "black box" they cannot comprehend or test. For fintechs using AI especially, companies should review the FTC's earlier AI guidance that focused on fairness and equity, which warned against making unrealistic promises about algorithms or AI-based tools.
Recent Crypto Activity
Custodia
Two noteworthy items occurred in Custodia-land; one good and one bad (but unfortunately expected):
Order granted permitting Custodia Bank to submit first amended complaint: On February 22nd, the court granted an order permitting Custodia Bank to submit its first amended complaint. The court did so based on arguments in the proposed amended complaint. In short, the proposed amended complaint argues that the Federal Reserve Bank of Kansas City and the Federal Reserve Board of Governors have no discretionary authority to deny Custodia Bank’s application for a master account. Custodia submitted its first amended complaint on February 28th, and when it’s available on courtlistener (or if you have a subscription to PACER), it’s well worth a read.
Board denies Custodia Bank’s request for reconsideration: On February 23rd, the Federal Reserve Board denied Custodia Bank’s request for reconsideration of the Board’s decision last month on its application to be supervised by the Federal Reserve.
Federal activity
FDIC OIG Report Discusses Supervising Risks Posed by Digital Assets: The FDIC OIG issued a report that discussed management and performance challenges facing the FDIC, including the supervising risks posed by digital assets. The report stated that the FDIC was aware of 136 insured banks3 with ongoing or planned crypo-asset related activities. While the report focused on many of the often-stated concerns—having a significant concentration of deposits in crypto asset customers, coordinated regulatory approach, and appropriate ability to assess crypto-asset risks at banks—it also addressed some concerns that get little attention.
Supervising and resolving failed institutions that engage in crypto asset activities.
Concerns about conflicts of interest when holding virtual assets:
FDIC examination, receivership, and other staff overseeing digital-asset supervision and policy should be free from any conflicts of interest. On July 5, 2022, in a Legal Advisory, the Office of Government Ethics stated that a Federal “employee who holds any amount of a cryptocurrency or stablecoin may not participate in a particular matter if the employee knows that particular matter could have a direct and predictable effect on the value of their cryptocurrency or stablecoins. On August 17, 2022, the FDIC issued an Ethics Analysis that allows employees with certain interest in digital assets to participate in non policymaking assignments. For example, if an employee holds the crypto asset Ethereum, the employee may examine a bank that is involved in Bitcoin provided the effect of the examination does not go beyond Bitcoin. As banks increase their involvement with crypto assets, the FDIC should ensure that it has sufficient staff that are not conflicted in order to meet its mission requirements.
Treasury Official Remarks on Banking and Crypto: On February 15, 2023, the Treasury’s Assistant Secretary for Financial Institutions, Graham Steele, gave remarks that addressed both fintech and crypto:
Fintech: The US Treasury is concerned about the growing role of non-bank firms, such as fintech and “Big Tech” companies, in financial services, as they are not subject to the same comprehensive regulation and supervision as banks. Although Assistant Secretary Steele notes that their entrance may bring benefits, such as a more competitive and innovative financial services landscape, they also presents risks regarding regulatory arbitrage, data privacy and security, bias and discrimination, and consumer protection.
Treasury’s November report4 suggests using existing authorities by federal banking regulators and the CFPB to achieve better-coordinated supervision of bank-fintech partnerships and banks' risk management of new credit underwriting models. It also supports ongoing efforts to review bank merger policies, increased antitrust scrutiny of the tech and financial services sectors, the CFPB's inquiry into Big Tech payment platforms and Buy Now, Pay Later providers, and the CFPB's rulemaking efforts to address consumer financial data access through implementation of section 1033 of the Dodd-Frank Act.
Assistant Secretary Steele states that Big Tech's involvement in financial services presents historical issues and novel concerns, including conflicts of interest, excessive concentration of economic power, and potential market power to the detriment of competition and consumers. The Treasury is watching these issues closely and engaging with partners across the administration and regulatory agencies.
Not all countries bundle banking, money, and payments, and not everyone is concerned that the U.S. should remain this bundled. For an interesting read on how the U.S. can unbundle this relationship. see “Unbundling Banking, Money, and Payments”5 by Dan Awrey.
Crypto: Assistant Secretary Steele addressed key themes from recent reports published by Treasury and interagency groups. A few items worth noting:
The Assistant Secretary reiterated what he believed to be gaps in existing authorities over crypto-assets in stablecoins, spot markets for non-securities, and greater visibility into the activities of affiliates and subsidiaries of integrated crypto entities.
Concerns over what were previously brokered deposits (and this dovetails with the FDIC’s OIG’s concerns regarding holding deposits of crypto-asset entities).
Regarding “runnable” deposits, the Assistant Secretary cited an American Banker article about “crypto companies using the Trump era hot money rule.” The article questioned whether Silvergate Bank’s liquidity issues were related to holding what would have been “brokered deposits” under the old rule.
But to date, it is unclear whether brokered deposits were an issue. I’ve cited Bankregblog’s newsletter before and do so here again (essential reading for anyone not yet subscribed) - in his/her assessment of the numbers, “a poster child other than Silvergate may need to be found.” Full post is well worth a read.
State Activity
NYDFS announced it has strengthened its ability to detect fraud in the virtual currency industry: The NYDFS superintendent announced that the NYDFS has enhanced its ability to detect fraud and other illegal activity among New York State-regulated entities engaging in virtual currency activities. The NYDFS did not announce what these new tools were.
Non-US Activity
European Commission launches blockchain regulatory sandbox: In February, the European Commission announced that it was launching a regulatory sandbox for blockchain use cases. The sandbox will run from 2023 to 2026 and annually support 20 projects. One goal for the sandbox is “to facilitate the cross-border dialogue with and between regulators and supervisors on the one hand, and companies or public authorities on the other hand.” Applications are open.
Joshua Durham wrote an interesting piece titled “Regulatory Sandboxes enable pragmatic blockchain regulation.” Very interesting read and timely considering the European Commission’s actions.
What I’m reading
Besides what other sources I’ve linked above, the following is a tremendous overview of how cards work from a former Stripe employee, Patrick McKenzie (his writings and Twitter also worth a consistent follow).
Celsius had eight versions of its terms of use. The eighth version was the controlling version for the court unless the court noted otherwise.
Of those, it appears the FDIC directly supervises about 80: see FN 23 in Martin Gruenberg's statement in November.
U.S. Department of the Treasury, Assessing the Impact of New Entrant Non-Bank Firms on Competition in Consumer Finance Markets (Nov. 2022).
This Article demonstrates that this need not be the case and advances a blueprint for how we can safely unbundle banking, money, and payments, thereby enhancing competition, promoting greater financial innovation and inclusion, and ameliorating the too-big-to-fail problem.