State regulators are taking the lead on cryptocurrency enforcement in the absence of a national approach to regulation, in some cases acting years before companies faced federal charges.

The situation could leave a patchwork of areas where crypto-companies are held accountable, according to observers, at least until federal rules are enforced and, in some cases, adopted. President Joe Biden’s executive order on digital assets this month, which instructs regulators to study the issue, means additional rules could be years away.

In a prominent example, the Justice Department obtained an indictment from a grand jury in February against Satish Kumbhani, an Indian national, for running an alleged crypto-based Ponzi scheme called BitConnect that defrauded investors of over $2 billion. Texas was on the case three years earlier, halting the company’s activity in January 2018.

In a second case, also in February, the Securities and Exchange Commission brought what Chair Gary Gensler described as a “first-of-its-kind action” against BlockFi Lending LLC for offering unregistered securities. It might have been a first for the agency, but six state regulators had taken action months earlier. Ultimately, the company agreed to pay $100 million to settle state and federal charges.

Texas has brought about 150 crypto-related enforcement actions in total, Joseph Rotunda, the director of the enforcement division of the State Securities Board, said in an interview.

Cryptocurrencies make up the greatest number of complaints his office hears.

Complaints about Kumbhani and BitConnect reached the state in 2017. The scheme allegedly involved the company claiming that proprietary bots would generate guaranteed returns. Texas filed an emergency cease-and-desist order against BitConnect in January 2018.

“We often have the ability to act quickly,” Rotunda said, noting the ability to get an undercover operation going without delay. State officials have used untraceable emails, social media profiles and burner phones to contact the subjects of their investigations. His office can obtain a subpoena in about 24 hours, and use ex parte orders, which have immediate force to temporarily stop illegal activity. A state official was detailed to the local FBI office during the BitConnect investigation, Rotunda added.

BitConnect attributed its shutdown to state actions. 

“We have received two Cease and Desist letters, one from the Texas State Securities Board, and one from the North Carolina Secretary of State Securities Division,” it wrote on its website. “These actions have become a hindrance for the legal continuation of the platform.”

Potential for elder fraud

Rotunda said he’s seeing a rise in older investors shifting funds to crypto, a potential sign of elder fraud. Regulators and brokers can put a hold on account activity when they suspect such fraud.

Michael Canning, founder of the LXR Group, a financial regulatory policy consulting firm, said in an interview that states don’t have much of a role in writing rules or conducting examinations, due to federal preemption, but they are “very good with enforcement.”

The aggressive stance from state regulators is telling companies that while the crypto marketplace may be new, it will be policed, Canning said.

“They will be out there enforcing the securities laws unless or until those securities laws change,” he said, as part of their mandate to protect investors. “They see in a hands-on, real tangible way how devastated investors can be when there is a fraud.”

Canning previously spent about a decade with the North American Securities Administrators Association, made up of the state securities regulators.

In the backdrop are indications that federal enforcement will pick up.

Carlton Greene, a partner with Crowell & Moring LLP, says the nation is in the second wave of crypto enforcement, with federal regulators investigating companies that are trying to avoid having to register under securities rules. He previously served as the general counsel of the Financial Crimes Enforcement Network, or FinCEN, a bureau of the Treasury Department that combats money laundering.

The first wave was against clear fraud and investor harm.

“You are starting to see some effort to go after people who are not necessarily trying to do anything illegal but don’t want the burden of complying with the law,” he said of the second wave. Greene said some companies have avoided registering such products because of the expense.

Greene sees “unhosted” cryptocurrency wallets as a possible area of expansion for FinCEN. Those are products to store crypto that aren’t hosted by a third-party financial operator. The Treasury Department under the Trump administration floated the possibility of more regulation for them, saying in 2020 that such wallets are similar to anonymous bank accounts. It sought to require crypto exchanges to identify customers using these wallets.

BlockFi is an example of a company that resisted securities registration. The New Jersey-based financial services company agreed to pay $50 million to the SEC, and the same to 32 state regulators, to settle charges over violations with offering products that allow investors to earn a monthly interest rate of as much as 9.25 percent by lending their digital tokens to other crypto customers. The regulators had deemed the product to be a securities offering.

States had filed actions against BlockFi prior to the SEC. The company agreed to withdraw the lending product and register future offerings under federal and state law.

Rotunda, the Texas regulator, suggests companies unsure about compliance with rules should get in touch.

“There are a number of new players in this space that don’t have experience in traditional capital raising,” he said, “and that’s understandable. The best thing we can do as regulators is make sure that we don’t need to regulate through enforcement. It doesn’t always work.”