2017 Blockchain Technology And Digital Currency National Institute by Blockchain HQ

2017 Blockchain Technology and Digital Currency National Institute Presented by the American Bar Association Criminal Justice Section and Center for Professional Development

CE17Blockchain_Tech_and_Digital_Currency_COVER.indd 1

3/21/17 8:30 AM

2017 Blockchain Technology and Digital Currency National Institute

Presented by the American Bar Association Criminal Justice Section and Center for Professional Development

American Bar Association Center for Professional Development 321 North Clark Street, Suite 1900 Chicago, IL 60654-7598 www.abacle.org 800.285.2221 The materials contained herein represent the opinions of the authors and editors and should not be construed to be the action of the American Bar Association Criminal Justice Section or Center for Professional Development unless adopted pursuant to the bylaws of the Association. Nothing contained in this book is to be considered as the rendering of legal advice for specific cases, and readers are responsible for obtaining such advice from their own legal counsel. This book and any forms and agreements herein are intended for educational and informational purposes only. ÂŠ 2017 American Bar Association. All rights reserved. No part of the publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. ISBN-13: 978-1-63425-920-0

Product Code: CE1704BTDOR

To access the interactive version of these materials, please go to: http://ambar.org/ce1704btdcor

2017 Blockchain Technology and Digital Currency National Institute Table of Contents FACULTY AND AUTHOR BIOGRAPHIES ................................................................................................................... i SPONSORS ................................................................................................................................................................... v SECTION A:

TECHNOLOGY PRIMER FIRESIDE CHAT

Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto ................................................................................................................A-1 SECTION B:

REGULATORY DEVELOPMENTS

OCC’s New Special-Purpose Charter: Business Opportunities and Challenges for Fintech and Beyond (Presentation Slides) Reuben Grinberg ................................................................................................................... B-1 SECTION C:

BLOCKCHAIN INNOVATION AND OPPORTUNITY

Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies ...................................................................................... C-1 DFS Issues Updated Proposed Cybersecurity Regulations ..................................... C-15 Online Resources........................................................................................................................... C-23 SECTION D:

INTELLECTUAL PROPERTY ISSUES

Is a Blockchain Patent Still Possible? Ira Schaefer and Ted Mlynar ........................................................................................... D-1 The Bitcoin Patent – Only a Matter of Time? Ira Schaefer and Ted Mlynar ........................................................................................... D-5 Online Resources............................................................................................................................. D-7 SECTION E:

ENFORCEMENT ACTIONS

A Securities Law Framework for Blockchain Tokens ................................................... E-1

Coinbase Memos of Law .................................................................................................Interactive United States’ Memorandum in Support of Ex Parte Petition for Leave to Serve John Doe Summons (November 17, 2016) Orders Granting Ex Parte Petition for Leave to Serve John Doe Summons Declaration of Senior Revenue Agent David Utzke in Support of Ex Parte Petition for Leave to Serve “John Doe” Summons (November 15, 2016) Government Exhibit A: Internal Revenue Service Notice 2014-21 (April 14, 2014) Government Exhibit B: Summons (November 17, 2016)

Faculty and Author Biographies Mary Beth Buchanan is a partner with Bryan Cave LLP in Chicago. She is a co-leader of the firm’s digital currency team, and a member of the white collar defense, investigations and securities enforcement client service groups. Ms. Buchanan joined Bryan Cave from the United Nations, where she served as the ethics and reputational risk officer, and conducted the UN’s first ethics and reputational risk assessment for peacekeeping and special political operations. Ms. Buchanan also previously served as the U.S. Attorney for the Western District of Pennsylvania from September 2001 to November 2009. Eun Young Choi is an assistant U.S. attorney in New York. Grant Fondo is a partner at Goodwin-Proctor, LLP, in Menlo Park, California. Mr. Fondo is an experienced federal prosecutor and former assistant U.S. attorney in the Northern District of California. He represents technology, FinTech, blockchain, digital currency, life sciences, private equity and venture capital clients in a wide range of contested matters. David Fragale is a director of forensic services at PricewaterhouseCoopers, LLP in Boston. Yolanda Goettsch is a senior member of NASDAQ’s senior counsel and currently serves as vice president and associate general counsel in Rockville, Maryland. She is a business-oriented legal executive with experience providing legal guidance in the areas of corporate finance, SEC financial reporting, technology, mergers and acquisitions, strategic initiatives and corporate governance. Prior to joining NASDAQ, Ms. Goettsch was senior counsel, legal policy in the U.S. Securities and Exchange Commission’s Office of General Counsel, where she counseled the commission on SEC rulemaking, enforcement actions and policy matters. She holds a J.D. from Columbia University School of Law and a B.A. from Yale University. Alexander Greenberg is of internet protocol and technology counsel at Americas Barclays in New York. Reuben Grinberg is an associate in Davis Polk’s Financial Institutions Group in New York. He provides strategic, transactional and regulatory advice to a wide array of both established and emerging participants in the FinTech space, focusing on the regulatory treatment of virtual currencies and blockchain. He also advises financial institutions and industry groups on a wide range of bank regulatory matters, including Dodd-Frank regulatory implementation, the preparation of living wills, enhanced prudential standards, Basel III capital and liquidly requirements, and intermediate holding company issues and bank M&A and capital markets transactions. Before joining Davis Polk, Mr. Grinberg programmed trading server software for Bridgewater Associates. Varun Gupta is the chief legal officer of Bitfury Group Limited in San Francisco. Prior to joining Bitfury in 2014, Mr. Gupta was a partner in major international law firms specializing in international capital markets transactions, cross border mergers & acquisitions and joint ventures. Mr. Gupta graduated from Georgetown Law School in 1996. Kathryn Haun is an assistant U.S. attorney with the U.S. Attorney’s Office in San Francisco. Ari Juels is a professor at Cornell Tech-Jacobs Institute in New York City. His areas of interest include cryptocurrency and smart contracts, applied cryptography, cloud security, user authentication, and privacy. Mr. Juels is co-director of the Initiative for CryptoCurrencies and Contracts (IC3). He received his Ph.D. in computer science from U.C. Berkeley in 1996. Brian Klein is a partner at the boutique litigation firm Baker Marquart LLP in Los Angeles. His practice focuses on high-stakes criminal and regulatory defense and civil litigation matters. He has extensive experience representing financial technology companies, entrepreneurs, and early adopters. He serves as an advisor to BlockSeer, a blockchain analytics company, and formerly volunteered as the outside general counsel of the Bitcoin Foundation. Mr. Klein teaches a federal criminal practice seminar at University of Southern California’s law school and served as a federal prosecutor in Los Angeles from 2007-2012.

Caitlin Long is chairman and president of Symbiont, the smart contracts platform for institutional uses of distributed ledger technology, in New York. She has spent 22 years on Wall Street as a managing director in senior roles, working for Morgan Stanley, Credit Suisse, and Salomon Brothers. Ms. Long has been active in bitcoin since 2012 and blockchains since 2014. She is a graduate of Harvard Law School, the Kennedy School of Government and the University of Wyoming. Nina Marino is a partner with Kaplan Marino, APC in Beverly Hills. She is certified as a criminal law specialist in the State of California. Her practice focuses on white collar and complex criminal litigation on both a national and international level. Ms. Marino regularly represents individuals in matters involving allegations of all aspects of fraud, including, wire and mail fraud, health care fraud, insurance, and bank fraud, as well as allegations of money laundering, conspiracy, computer crimes, bribery, and kickbacks, counterfeiting and copyright infringement, tax crimes, securities cases, antitrust matters, and public corruption investigations including FCPA violations. Theodore (Ted) Mlynar is a partner at Hogan Lovells US LLP, in New York. For over 20years, he has developed and implemented innovative solutions for intellectual property problems across the world. Combining a keen legal acumen, first-chair trial experience, and a deep understanding of technology, he works closely with clients to resolve disputes in- and outside the court room. He has a particular focus in areas of complex technology, including electronics, wireless communications, software, and e-commerce. Mr. Mlynar prepares and advises in the negotiation of intellectual property licenses, particularly focusing on areas of high technology, including electronics, wireless communications, semiconductors, software, and e-commerce. He majored in electrical engineering at Caltech and is a registered patent attorney. Patrick Murck is of fellow special counsel at the Berkman Klein Center at Harvard University in Cambridge, Massachusetts. He is a lawyer and expert on bitcoin and blockchain-based technologies. He conducts research into the law and policy implications of bitcoin, distributed ledgers and smart contracts. Previously, Mr. Murck was a co-founder of the Bitcoin Foundation where he served at times as general counsel and executive director. He has engaged regulators and policymakers in the U.S. and Europe on bitcoin and the emerging digital economy. Mr. Murck serves as president board member for the BitGive Foundation, a non-profit organization focused on charitable giving and social impact using bitcoin. Neha Narula is director of research at the Digital Currency Initiative, a part of the MIT Media Lab in New York City, where she teaches courses and leads cryptocurrency and blockchain research. While completing her PhD in computer science at MIT, she built fast, scalable databases and secure software systems, speaking about these topics at dozens of industry and research conferences. In previous roles, Ms. Narula helped relaunch the news aggregator Digg and was a senior software engineer at Google. Marjorie J. Peerce is a partner with Ballard Spahr, LLP in New York. Her practice focuses on white collar criminal defense, regulatory matters, and complex civil litigation. She has handled criminal and regulatory investigations concerning violations of the Internal Revenue Code, securities fraud - including bitcoins, the Foreign Corrupt Practices Act (FCPA), computer fraud and hacking, and criminal customs investigations. Ms. Peerce is the current co-chair of the Sentencing Committee of the National Association of Criminal Defense Lawyers, is on the national Steering Committee of Clemency Project 2014, as well as on the American Bar Association Task Force to Reform the Economic Crimes Guidelines. Marco Santori leads the FinTech practice and is an authority in the law of blockchain technology at Cooley LLC in New York. He is the legal ambassador for the Delaware Blockchain Initiative and the drafter of the New Jersey Digital Currency Jobs Creation Act. Mr. Santori focuses his practice on structuring innovative products into existing regulations, as well as crafting new regulations where required. He counsels on compliance with and disputes over money services, securities and derivatives laws, with both high-growth FinTech companies and international financial institutions. Rebecca Simmons is a partner with Sullivan & Cromwell, LLP in New York. Her practice areas include U.S. banking and commodities laws and regulation, payments, technology and outsourcing matters, bankruptcy and insolvency issues relating to complex transactions, corporate restructuring, derivatives structuring and regulation, U.S. securities laws and capital markets transactions. Ms. Simmons has represented dealers in the ii

derivatives markets in evaluating the risks including the establishment of the CLS Services foreign exchange settlement system; and the negotiation of agreements with technology service providers and other outsourcing arrangements. She has served as a member of the Committee on Futures Regulation and the Committee on Banking Law of the New York City Bar Association. Bryan Skarlatos is a partner at Kostelanetz & Fink, LLP in New York. He represents clients in tax audits, civil tax litigation, criminal tax investigations, voluntary disclosures and IRS whistle-blower matters. Mr. Skarlatos is an adjunct professor at NYU School of Law where he teaches a course on tax penalties. He has taught several courses on tax procedure, penalties and ethics to various offices of the IRS. He is co-chair of the annual NYU Tax Controversy Forum and chair of the annual Practicing Law Institute program on "Nuts and Bolts of Tax Penalties." He has served as chair of several tax committees at the American Bar Association, New York State Bar Association, New York City Bar Association and New York County Lawyer’s Association and he is a Fellow of the American College of Tax Counsel. Dana Syracuse is of senior counsel at Perkins Coie LLP in New York. He concentrates his practice in the blockchain, FinTech, e-commerce and financial services sectors. He works with a range of FinTech and digital business clients on federal and state regulatory, compliance and enforcement matters, complex bank regulatory issues, including, privacy, data and cyber security, anti-money laundering, Bank Secrecy Act and know-your-customer matters, consumer protection as well as contract drafting and negotiations. Mr. Syracuse is the former associate general counsel for the New York Department of Financial Services (NYDFS). While at the NYDFS, he helped oversee the department’s strategy regarding emerging payment systems, virtual currency and blockchain technology, the drafting of New York State’s Bit License virtual currency regulation and the chartering of New York State-based virtual currency exchanges. Valerie A. Szczepanik is an assistant regional director in the division of enforcement at the U.S. Securities and Exchange Commission (SEC) and is head of the SEC’s Distributed Ledger Technology working group in New York. Prior to that, she was an assistant director in the division’s asset management unit, supervising investigations of investment advisers to registered investment companies, private funds and retail investors. Ms. Szczepanik received her JD from Georgetown University and her Bachelor of Science degree in Engineering from the University of Pennsylvania. Yvette D. Valdez is of counsel in the New York office of Latham & Watkins LLP. Ms. Valdez has significant experience in the representation of dealers, intermediaries and end-users in connection with derivatives legal and regulatory matters under the Dodd-Frank Act as well as related CFTC, SEC and prudential regulation. Ms. Valdez represents the sell-side and buy-side as well as intermediaries in commodity derivatives (on and offexchange), fixed-income derivatives, foreign exchange transactions, total return swaps and futures and options contracts. Ms. Valdez has also developed a regulatory practice in advising a wide range of FinTech and financial institution clients with respect to regulation of blockchain technologies. Kate Walters is of counsel at R3 CEV, in New York, a financial technology company representing the largest shared effort of bringing distributed ledger technology to the financial markets. Prior to joining R3, she was general counsel and a member of the advisory board at MLV & Co. Ms. Walters received her B.A. from LeMoyne College and her J.D. from Villanova University. She also has an executive M.B.A. from New York University Stern School of Business. Aaron Wright is a clinical professor at Cardozo Law School in New York, and director of the school’s Blockchain Project. He has a forthcoming book about blockchain technology and the law under contract with Harvard University Press. Before joining Cardozo’s faculty, Professor Wright sold a company to Wikia, Inc., the for-profit sister project of Wikipedia, where he ran Wikia’s New York office, served as general counsel and vice president of product and business development. Professor Wright also practiced at Patterson Belknap and Jenner & Block, and clerked for the Honorable William J. Martini of the U.S. District Court for the District of New Jersey. David Yermack is chair of the finance department at the New York University Stern School of Business.

iii

Blockchain Technology and Digital Currency 2017 Sponsors Comprehensive Sponsor

About PwC Network At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

About PwC’s Forensic Services PwC’s Forensic Services team of experienced professionals are dedicated to meeting the challenges caused by fraud allegations, economic crimes and other irregularities. Our portfolio of services includes: Financial Crime Examinations, Forensic Technology Solutions, Regulatory Compliance Reviews, Fraud Risk Management and Prevention and Dispute Analysis. Please visit us at www.pwc.com/us/forensics for more information.

Reception Sponsors Goodwin Hogan Lovells US LLP Latham & Watkins LLP Sullivan & Cromwell LLP

Meeting Patron Break Sponsor Goodwin

SECTION A

TECHNOLOGY PRIMER FIRESIDE CHAT

A-1

Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto satoshin@gmx.com www.bitcoin.org

Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

Introduction

Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.

A-2

Transactions

We define an electronic coin as a chain of digital signatures. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin. A payee can verify the signatures to verify the chain of ownership. Transaction

Transaction

Owner 1's Public Key

Transaction

Owner 2's Public Key

Hash

Owner 3's Public Key

Hash

Ver if

Hash

Ver ify

Owner 0's Signature

Owner 1's Signature gn Si

Owner 1's Private Key

Owner 2's Signature Si

Owner 2's Private Key

Owner 3's Private Key

The problem of course is the payee can't verify that one of the owners did not double-spend the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank. We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions. In the mint based model, the mint was aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced [1], and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.

Timestamp Server

The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post [2-5]. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it. Hash

Hash

Block Item

...

Item

...

A-3

Proof-of-Work

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proofof-work system similar to Adam Back's Hashcash [6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash. For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it. Block

Block

Prev Hash Tx

Nonce

Prev Hash

...

Nonce ...

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added. To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.

Network

The steps to run the network are as follows: 1) 2) 3) 4) 5) 6)

New transactions are broadcast to all nodes. Each node collects new transactions into a block. Each node works on finding a difficult proof-of-work for its block. When a node finds a proof-of-work, it broadcasts the block to all nodes. Nodes accept the block only if all transactions in it are valid and not already spent. Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proofof-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.

A-4

New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many nodes, they will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.

Incentive

By convention, the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there is no central authority to issue them. The steady addition of a constant of amount of new coins is analogous to gold miners expending resources to add gold to circulation. In our case, it is CPU time and electricity that is expended. The incentive can also be funded with transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free. The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

Reclaiming Disk Space

Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree [7][2][5], with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored. Block

Block

Block Header (Block Hash) Prev Hash

Nonce

Block Header (Block Hash) Prev Hash

Root Hash

Hash01

Nonce

Root Hash

Hash23

Hash0

Hash1

Hash2

Hash3

Tx0

Tx1

Tx2

Tx3

Hash01

Hash23

Hash2

Hash3

Tx3

Transactions Hashed in a Merkle Tree

After Pruning Tx0-2 from the Block

A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory.

A-5

Simplified Payment Verification

It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he's convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it's timestamped in. He can't check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it. Longest Proof-of-Work Chain Block Header Prev Hash

Block Header Nonce

Block Header

Prev Hash

Merkle Root

Nonce

Prev Hash

Merkle Root

Hash01

Nonce

Merkle Root

Hash23 Merkle Branch for Tx3 Hash2

Hash3

Tx3

As such, the verification is reliable as long as honest nodes control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network. One strategy to protect against this would be to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to confirm the inconsistency. Businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification.

Combining and Splitting Value

Although it would be possible to handle coins individually, it would be unwieldy to make a separate transaction for every cent in a transfer. To allow value to be split and combined, transactions contain multiple inputs and outputs. Normally there will be either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and at most two outputs: one for the payment, and one returning the change, if any, back to the sender. Transaction In

Out

...

It should be noted that fan-out, where a transaction depends on several transactions, and those transactions depend on many more, is not a problem here. There is never the need to extract a complete standalone copy of a transaction's history.

A-6

10. Privacy The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the "tape", is made public, but without telling who the parties were. Traditional Privacy Model Identities

Transactions

Trusted Third Party

Counterparty

Public

New Privacy Model Identities

Transactions

Public

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

11. Calculations We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent. The race between the honest chain and an attacker chain can be characterized as a Binomial Random Walk. The success event is the honest chain being extended by one block, increasing its lead by +1, and the failure event is the attacker's chain being extended by one block, reducing the gap by -1. The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem. Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach breakeven. We can calculate the probability he ever reaches breakeven, or that an attacker ever catches up with the honest chain, as follows [8]: p = probability an honest node finds the next block q = probability the attacker finds the next block qz = probability the attacker will ever catch up from z blocks behind

{

q z=

1 if p≤q z q / p if pq

} 6

A-7

Given our assumption that p > q, the probability drops exponentially as the number of blocks the attacker has to catch up with increases. With the odds against him, if he doesn't make a lucky lunge forward early on, his chances become vanishingly small as he falls further behind. We now consider how long the recipient of a new transaction needs to wait before being sufficiently certain the sender can't change the transaction. We assume the sender is an attacker who wants to make the recipient believe he paid him for a while, then switch it to pay back to himself after some time has passed. The receiver will be alerted when that happens, but the sender hopes it will be too late. The receiver generates a new key pair and gives the public key to the sender shortly before signing. This prevents the sender from preparing a chain of blocks ahead of time by working on it continuously until he is lucky enough to get far enough ahead, then executing the transaction at that moment. Once the transaction is sent, the dishonest sender starts working in secret on a parallel chain containing an alternate version of his transaction. The recipient waits until the transaction has been added to a block and z blocks have been linked after it. He doesn't know the exact amount of progress the attacker has made, but assuming the honest blocks took the average expected time per block, the attacker's potential progress will be a Poisson distribution with expected value:

=z

q p

To get the probability the attacker could still catch up now, we multiply the Poisson density for each amount of progress he could have made by the probability he could catch up from that point: k

−

{

 z−k  if k ≤ z ∑  ke! ⋅ q / p1 if k  z k =0 ∞

}

Rearranging to avoid summing the infinite tail of the distribution... z

1−∑

k =0

k e− 1−q / p z− k  k!

Converting to C code... #include <math.h> double AttackerSuccessProbability(double q, int z) { double p = 1.0 - q; double lambda = z * (q / p); double sum = 1.0; int i, k; for (k = 0; k <= z; k++) { double poisson = exp(-lambda); for (i = 1; i <= k; i++) poisson *= lambda / i; sum -= poisson * (1 - pow(q / p, z - k)); } return sum; }

A-8

Running some results, we can see the probability drop off exponentially with z. q=0.1 z=0 z=1 z=2 z=3 z=4 z=5 z=6 z=7 z=8 z=9 z=10

P=1.0000000 P=0.2045873 P=0.0509779 P=0.0131722 P=0.0034552 P=0.0009137 P=0.0002428 P=0.0000647 P=0.0000173 P=0.0000046 P=0.0000012

q=0.3 z=0 z=5 z=10 z=15 z=20 z=25 z=30 z=35 z=40 z=45 z=50

P=1.0000000 P=0.1773523 P=0.0416605 P=0.0101008 P=0.0024804 P=0.0006132 P=0.0001522 P=0.0000379 P=0.0000095 P=0.0000024 P=0.0000006

Solving for P less than 0.1%... P < 0.001 q=0.10 z=5 q=0.15 z=8 q=0.20 z=11 q=0.25 z=15 q=0.30 z=24 q=0.35 z=41 q=0.40 z=89 q=0.45 z=340

12. Conclusion We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism.

A-9

References [1] W. Dai, "b-money," http://www.weidai.com/bmoney.txt, 1998. [2] H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999. [3] S. Haber, W.S. Stornetta, "How to time-stamp a digital document," In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991. [4] D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping," In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993. [5] S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997. [6] A. Back, "Hashcash - a denial of service counter-measure," http://www.hashcash.org/papers/hashcash.pdf, 2002. [7] R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980. [8] W. Feller, "An introduction to probability theory and its applications," 1957.

SECTION B

REGULATORY DEVELOPMENTS

B-1

OCCâ&#x20AC;&#x2122;s New Special-Purpose Charter Business Opportunities and Challenges for Fintech and Beyond

Presented by

Reuben Grinberg March 2017

DRAFT SUBJECT TO CHANGE

Davis Polk & Wardwell LLP

ÂŠ 2017 Davis Polk & Wardwell LLP | 450 Lexington Avenue | New York, NY 10017 This presentation, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy policy for further details.

B-2

Table of Contents

Background and Key Considerations

II. Implications for Fintech Development and Landscape III. Application to Various Business Models

B-3

Section I. Background and Key Considerations

B-4

Background: OCC Special Purpose Charter  December 2016: OCC proposes special purpose national bank charter   

Charter holders must engage in receiving deposits, paying checks, and/or lending money Same privileges / requirements as full national banks OCC discouraging applications until publication of OCC policy

 Follows a year-long series of OCC innovation initiatives  Not a sandbox OCC White Paper on “Supporting Responsible Innovation in the Federal Banking System”

March 2016

OCC releases proposal on “Receiverships for Uninsured National Banks” OCC releases OCC Public “Responsible Forum on Innovation “Responsible Framework” Innovation”

June 2016

September 2016

October 2016

End of public comment period on OCC charter proposal Sens. Merkley (Jan. 17, 2017) OCC releases By end of 1Q17: and Brown send framework for Anticipated granting special letter opposing opening of OCC OCC Charter purpose national Innovation Office (Jan. 9, 2017) bank charters

December 2016

January 2017

March 2017 Anticipated Issuance of OCC Policy on Special Purpose Charters

Expiration of Comptroller of the Currency Thomas J. Curry’s Term

April 2017

B-5

Background: Comments on OCC Special Purpose Charter

Fintechs

Trade and Lobbying Organizations

State Governments

Banking Organizations

Congress Members

Consumer Advocacy Organizations

Examples of stakeholder comments: •

Support the charter as long as “existing rules and oversight are applied consistent with those for any national bank”

•

OCC lacks legal authority to charter non-depository national banks

•

OCC lacks expertise to evaluate and • supervise fintechs

•

OCC should engage in a more formal cost/benefit analysis

•

Charter would hurt consumers (OCC has preempted other state

consumer laws, including predatory • lending laws), and the states are better positioned to protect consumers • OCC’s proposal would create an ad hoc, confidential regulatory framework • with unfettered discretion for the OCC, creating an un-level playing field Charter would distort the market place by allowing the OCC to pick winners and losers, promoting regulatory capture, or by promoting larger established players at expense of smaller ones

Violates separation of banking and commerce OCC should better coordinate with other regulators OCC should avoid unnecessary constraints on fintech charter recipients, and should avoid using chartering process to protect national banks from competition

B-6

Potential Benefits and Considerations: Overview  Depending on business, financial services companies have three choices:   

State-by-state licensing Structure business to avoid needing a license Special purpose national bank charter

Benefits:

      

Federal preemption of state licensing requirements  E.g., money transmitter and lending licenses Federal preemption of state usury laws  Avoiding legal uncertainties of the “rent-a-bank” model Legal certainty Management focus Increased business opportunities with partners A regulatory “stamp of approval” Potential access to services only open to banks (e.g., access to credit card networks)

Considerations:

       

State and federal consumer protections laws still apply CRA / financial inclusion obligations Initial and ongoing compliance costs Change in business plan must be approved Time to market A relatively inflexible regulatory environment Required Federal Reserve membership BHC status for parent if deposit-taking

B-7

Potential Benefits and Considerations: OCC Supervisory Requirements and Chartering Process  Typical national bank supervisory standards and requirements include: 

Limitations on activities to those permitted for a national bank (separation of banking and commerce)



Operation likely subject to an OCC-approved business plan over a 3-year horizon and operating agreement (need approval to change)



Other application / chartering requirements:

 Pre-filing consultations  Board of directors and management expertise and experience  Robust compliance program (including AML, consumer protection)

 

Capital and liquidity requirements Other requirements include data security, privacy and third-party vendor management

“We will require capital, liquidity, sound governance and a robust business plan as a foundation for any company we charter” – Amy Friend, Chief Counsel, OCC Source: American Banker - Fintech Charter Q&A: OCC Answers Skeptics (Jan. 3, 2017)

B-8

Potential Benefits and Considerations: Federal Deposit Insurance  Business of accepting deposits  requires FDIC deposit insurance 

Definition of deposit is quite broad – “[T]he unpaid balance of money or its equivalent received or held by a bank or savings association in the usual course of business and for which it has given or is obligated to give credit, either conditionally or unconditionally . . . .”

 FDIC deposit insurance requires an application  

FDIC will consider and evaluate its own statutory criteria prior to granting insurance FDIC may attach conditions or limitations

 Any FDIC-insured bank is a “BHCA bank” (see next slide)

B-9

Potential Benefits and Considerations: Bank Holding Company Status Under the BHCA  Take deposits (other than trust funds)  must obtain deposit insurance  bank under the Bank Holding Company Act

 Any entity that controls a bank under the BHCA –  

Control means much more than actual control:



must register as a bank holding company, and be subject to regulation and supervision by the Federal Reserve as such

 BHCs are subject to:  

enterprise-wide oversight and regulation by the Federal Reserve;



other prudential requirements, including minimum capital and liquidity requirements; and



ongoing reporting and compliance obligations and examination, supervision, and enforcement.

strict restrictions on their investments and activities (e.g., may only engage in certain businesses determined to be closely related to the business of banking);

Source: American Banker - Fintech Charter Q&A: OCC Answers Skeptics (Jan. 3, 2017)



Own, control or have the power to vote 25% or more of a class of voting securities; power to elect a majority of the board; or power to exercise a controlling influence over management or policies Sometimes having 5% of voting equity together with other indicia can be enough to indicate control

B-10

Potential Benefits and Considerations: Membership in the Federal Reserve System  Must become member of the Federal

 Potential Benefits

Reserve System

 

Purchase Federal Reserve bank stock



Federal Reserve may impose conditions, restrictions, or limitations as a condition of membership

Additional supervision / regulation by Federal Reserve

 Restrictions on transactions with affiliates



Section 23A: limits on extensions of credit by a member bank to its affiliates



Section 23B: services must be provided by a member bank to affiliates on market terms



Access to depository accounts at the Federal Reserve Bank



Direct access to Federal Reserve operated FMUs



Discount window access

Based on remarks made by Scott Alvarez, General Counsel of the Federal Reserve System, at the 2017 ABA Banking Law Committee Meeting, the Federal Reserve has not yet decided how access to the discount window and payment systems would work for charter holders and would likely depend on the institution’s purpose, activities and whether it takes deposits.

B-11

Section II. Implications for Fintech Development and Landscape

B-12

Investment in Fintech

Private Investment in Global Fintech ($ billions)

$24

Rapid Growth

$20.9

$19.1

$20 $16

•

Private investment in global fintech has increased by 148% in the first half of 2016 over the last year and tenfold since 2010 The U.S., China, and U.K. are the undisputed leaders in Fintech, with $7.3 billion, $2.7 billion, and $901 million, respectively, raised by fintech companies in those countries in 2015 Banks have invested $7 billion in fintech start-ups from 2010 to 2015

Sources: KPMG The Pulse of FinTech, 2015 in Review (Mar. 9, 2016); Citi Digital Disruption (Jan. 2017); Goldman Sachs, The Future of Finance, Part 3 (Mar. 13, 2015); Law 360, Global VC Fintech Investment Sours 148%, Report Says

$12.1

$12 $8 $4

$4.0 $2.0

$2.1

$2.5

2010

2011

2012

$0 2013

2014

2015

Google Trends Results: “Fintech”

2016

B-13

Comparative Efforts: Comparison of International Fintech Initiatives  Regulatory Sandboxes   

United Kingdom Australia Singapore



Regulatory agency chooses participants based on applications Allows limited activities that are approved as part of application to be undertaken for limited period of time and with limited number of customers Waivers or promises of no action on certain laws, including consumer protection laws Agreements between different countries’ regulators can facilitate cross-border sandboxes

 Key Aspects of Sandboxes 

 

 OCC’s Special Purpose National Bank Charter:



Not a sandbox: all state and federal laws and regulations applicable to national banks, including consumer laws, still apply

B-14

Section III. Application to Various Business Models

B-15

Special Purpose Charter More Relevant For…  Although commonly called the “fintech charter,” the special purpose charter has broader applicability

 Charter is most relevant for:    

Payments Lending Non-U.S. Firms Tech / Retailers

B-16

Special Purpose Charter Less Relevant For…  Businesses models that involve licenses or supervision by non-banking regulators, even when engaged in by banks

   

Roboadvisors and personal financial management companies Insurance providers Enterprise blockchain Companies engaged in capital markets activities



Providers of back office, security, compliance or operational enhancements

 Businesses that need no licenses, with no clear benefits outweighing costs  Companies already regulated as banking organizations in the United States

B-17

Payments, Virtual Currency Companies, and Prepaid Card  Preemption of state-by-state money transmitter licensing  

Requirements are complex and often conflict across states Licensing process can be time-consuming, costly, uncertain

 Federal BSA / AML laws and economic sanctions administered by OFAC would still apply

B-18

Non-bank / Marketplace Lenders  Current problems for non-bank market place lenders  

Must be licensed in all or most states Must partner with banks to avoid state-by-state interest rate caps

 Exportation Doctrine available to banks (i.e., bank’s home state’s usury provisions apply to 

operations across the U.S.) This “rent-a-charter” model has come under increasing scrutiny due to recent court cases (e.g., CashCall and Midland Funding)

 Benefits of the charter for a marketplace lender   

Preemption of state licensing requirements Preemption of state interest rate caps Greater control over destiny and less profit shared with partner banks

B-19

Non-U.S. Fintech Firms and Non-U.S. Banks that are not BHCs ď&#x201A;§ Special purpose charter could provide alternative path for non-U.S. fintech firms to enter the U.S. market; particularly attractive given rapid growth of fintechs in Asia and U.K.

ď&#x201A;§ Some may have the advantage of a stable business model, financial strength and experienced management that could possibly qualify for a charter

ď&#x201A;§ The complexity of state-by-state regulation of lending and payments activities has been a significant deterrent for non-U.S. companies entering the United States

B-20

Consumer-Facing Financial and Technology Companies and Retailers  Large tech companies and retailers are already involved in financial services   

Facebook, Google, Microsoft, Apple, Samsung, Amazon: money transmitter licenses or partner with banks Walmart: wide array of services, including prepaid cards. Failed effort to establish an insured ILC Target: owns an ILC and provides branded prepaid cards issued by insured banks

 What benefits could special purpose charter potentially offer? 

BHC status is a non-starter for these firms. Federal Reserve’s response unclear given its long-standing history of finding ways to regulate firms that control banking entities

   

Regulatory benefits (as compared to state licenses) Reputational benefits Visa and MasterCard membership Potential alternative to a credit card bank

B-21

Reuben Grinberg ASSOCIATE

Mr. Grinberg is an associate in Davis Polk’s Financial Institutions Group. He provides strategic, transactional and regulatory advice to a wide array of both established and emerging participants in the fintech space, including the regulatory treatment of virtual currencies and blockchain. He wrote the first widely read and cited academic paper on bitcoin, and is often cited in the media as an expert on digital currencies. He also advises financial institutions and industry groups on a wide range of bank regulatory matters, including Dodd-Frank Act regulatory implementation, the preparation of living wills, enhanced prudential standards and intermediate holding company issues, Basel III capital and liquidity issues, and financial institution capital markets and M&A transactions. In addition, Mr. Grinberg Before joining Davis Polk, Mr. Grinberg programmed trading server software for Bridgewater Associates, one of the world’s largest hedge funds. PROFESSIONAL HISTORY New York Office 212 450 4967 tel 212 701 5967 fax reuben.grinberg@davispolk.com

 Davis Polk since 2011 ADMISSIONS

 State of New York EDUCATION

 B.S., Computer Science, Yale College, 2005  M.Sc., Computer Science, University of Texas at Austin, 2007  J.D., Yale Law School, 2011  Executive Editor, Yale Law & Policy Review

SECTION C

BLOCKCHAIN INNOVATION AND OPPORTUNITY

C-1

March 19, 2017

Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies OCC Outlines Process for FinTech Companies to Apply for Special Purpose National Bank Charters and Seeks Public Comment SUMMARY On March 15, 2017, the Office of the Comptroller of the Currency (OCC), the regulator and chartering authority for national banks and federal savings associations, issued a draft supplement to the Comptroller’s Licensing Manual (Licensing Manual) entitled Evaluating Charter Applications from 1

Financial Technology Companies (Licensing Supplement). The Licensing Supplement describes the process through which financial technology (FinTech) companies may apply for special purpose national bank (SPNB) charters and outlines certain additional supervisory criteria the OCC will consider when evaluating applications. As described in the Licensing Supplement, FinTech companies seeking SPNB charters will be subject to an application process substantially similar to the process for applicants seeking a full-service national bank charter. The Licensing Supplement also outlines a set of supervisory criteria specific to FinTech companies that the OCC will use when evaluating applications, including the OCC’s expectations for a “financial inclusion plan” (FIP) that certain FinTech companies will be required to submit as part of their applications. The OCC is seeking public comment on the Licensing Supplement and the deadline for comment is April 14, 2017. On March 15, 2017, the OCC also released an accompanying Summary of Comments and Explanatory Statement: Special Purpose National Bank Charters for Financial Technology Companies (Explanatory Statement).

The Explanatory Statement “explains the OCC’s decision to issue for public comment” the

New York

Washington, D.C. Los Angeles Palo Alto London Paris Tokyo Hong Kong Beijing Melbourne Sydney www.sullcrom.com

Frankfurt

C-2

Licensing Supplement and responds to categories of public comments received on its white paper entitled Exploring Special Purpose National Bank Charters for Fintech Companies (SPNB White Paper). The SPNB charter proposal has been widely supported by the FinTech community. However, it has been criticized by state regulators, consumer advocacy groups and other stakeholders, and the publication of the Licensing Supplement immediately drew a sharp rebuke from the Conference of State Banking 3

Supervisors (CSBS) and the New York State Department of Financial Services (NYSDFS).

The Licensing Supplement and the Explanatory Statement address a number of issues and questions that have been raised about the charter proposal, and evidence the OCC’s intention to proceed with the charter despite criticism.

BACKGROUND In August 2015, the OCC announced an initiative to develop a comprehensive framework to improve its ability to identify and understand trends and innovations in the financial services industry, as well as the 5

evolving needs of financial services consumers. Following that announcement, the OCC took a number of steps to achieve this objective, including articulating its perspective on supporting responsible 6

innovation in the federal banking system, engaging with national banks, FinTech companies and other stakeholders on innovation in the banking sector, establishing a new Office of Innovation and defining a number of specific actions that the OCC will implement for use in evaluating innovative financial products, services and processes and their associated risks.

7,8

On December 2, 2016, the OCC published the SPNB White Paper, announcing that it was moving forward with a plan to charter SPNBs for FinTech companies. The SPNB White Paper received 110 comments from interested stakeholders during the public comment period.

Reaction from commenters to the SPNB White Paper was mixed and largely divided along the following lines: 

FinTech Companies: A variety of FinTech companies – including marketplace lenders, payment processors and digital currency platforms – delivered generally positive feedback, commending the OCC for aspects of state licensing regime preemption, but stressed the need for proportional 10 regulation depending on the types of risk posed by a FinTech company’s business model.



Trade Organizations: FinTech trade and lobbying organizations also provided generally positive feedback, but called for the creation of a separate regulatory sandbox to facilitate product-testing 11 for early-stage FinTech companies. Trade groups for larger financial institutions struck a more neutral tone, commenting that the SPNB White Paper raised more questions than answers and required coordination between the OCC and other agencies to address issues relating to the 12 separation of banking and commerce and safety and soundness. Trade groups for smallersized, state financial institutions were more critical of the charter proposal, questioning the OCC’s claim to chartering authority for SPNBs under the National Bank Act (particularly for non-deposit taking SPNBs) and emphasizing the prospect of an unequal playing field for full-service banks

-2Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-3

relative to FinTech companies operating under a SPNB charter arising from a perception that the 13 latter would be more lightly regulated. 

Consumer Advocacy Groups: Consumer advocacy organizations expressed skepticism that the OCC’s financial inclusion requirements for charter applicants would be stringent enough to protect consumers, and asserted that many state consumer protection laws would be preempted, leaving consumers vulnerable to FinTech companies that could engage in predatory lending 14 behavior. There was also concern that some federal protections of consumers and small businesses would be less robust because the OCC would take over as primary regulator for SPNBs and deprive the Federal Trade Commission of jurisdiction to enforce unfair and deceptive 15 practices violations.



Federal and State Regulators: The strongest criticism came from state officials, including state banking regulators and state attorneys general, who voiced concerns that the SPNB would threaten the integrity of the dual banking system, especially because the preemption powers 16 provided by a SPNB charter would erode state-level consumer protections. Members of Congress, including Senators Sherrod Brown and Jeff Merkley, similarly disapproved of the SPNB charter initiative because it would encourage charter shopping, could become a vehicle of 17 abuse to consumers and threatened the competitiveness of full-service national bank charters. Senators Brown and Merkley also noted that granting SPNB charters to non-deposit taking FinTech companies could result in an unlawful commingling of banking and commerce.

In a March 6, 2017 speech at the LendIt USA 2017 Conference, Comptroller Curry mentioned that further details regarding the OCC’s SPNB charter proposal would come in the form of a supplement to its Licensing Manual that would clarify the application process for SPNB charter applicants. In his speech, Comptroller Curry pushed back against “misperceptions” that critics had raised during the SPNB White Paper comment period and reiterated the OCC’s position that the OCC has the authority to charter special purpose national banks (including non-deposit taking ones) without express statutory authorization, that granting special purpose charters would not provide recipients with “a ticket to lighttouch supervision” and that offering special purpose charters to FinTech companies would not result in a commingling of banking and commerce.

Shortly after Comptroller Curry’s speech, on March 10, 2017, the 34 Republican members of the House Financial Services Committee delivered a letter to Comptroller Curry encouraging him to proceed in a more deliberate manner, noting that “[i]f the OCC proceeds in haste to create a new policy for ‘fintech’ charters without providing the details for additional comment, or rushing to finalize the charter prior to the confirmation of a new Comptroller, please be aware that we will work with our colleagues to ensure that 19

Congress will examine the OCC’s actions and, if appropriate, overturn them.”

This warning has been

interpreted to be a reference to Congressional authority under the Congressional Review Act to disapprove a wide range of “rules” issued by Federal agencies.

EXPLANATORY STATEMENT In its Explanatory Statement, the OCC responded to comments received on the SNPB White Paper and articulated the reasons why the OCC has decided to move forward with its charter proposal.

address threshold concerns raised during the SNPB White Paper comment period, the OCC stated that: -3Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-4

(1) the charter proposal will not facilitate the inappropriate commingling of banking and commerce; (2) the OCC will not allow products with predatory features nor will it allow unfair or deceptive acts or practices; and (3) there will be no “light-touch” supervision of companies that successfully apply for and are granted a SPNB charter, because FinTech companies granted such SPNB charters will be held to the same high standards that all federally chartered banks must meet.

In addition, the Explanatory Statement

reiterates the OCC’s position that it has the requisite statutory authority to grant SPNB charters to FinTech companies under the National Bank Act.

LICENSING SUPPLEMENT The Licensing Supplement describes how the OCC will apply the licensing standards and requirements of its existing regulations and policies to FinTech companies applying for a SPNB charter. In general, the Licensing Supplement notes that FinTech company applicants will be subject to substantially the same application process as applicants seeking a full-service national bank charter. However, the Licensing Supplement also outlines certain procedural steps and evaluative criteria specific to SPNB applicants. The Licensing Supplement does not apply to applicants seeking full-service national bank charters (which include deposit taking), or other existing special purpose national bank charters (like traditional trust companies), which are covered by existing OCC regulations and policies. The following summarizes certain important modifications to the OCC’s traditional chartering process for the SPNB presented by the Licensing Supplement. Initial contact with the OCC: The first point of contact for a FinTech company interested in pursuing a SPNB charter application will be the OCC’s newly formed Office of Innovation. After discussions with the Office of Innovation, it will arrange an exploratory meeting between the FinTech company and OCC staff, including representatives of the OCC’s Licensing Division (OCC Licensing). Following the exploratory meeting with OCC staff, the OCC will identify aspects of the FinTech SPNB charter that present novel or complex issues for the prospective applicant, and the FinTech company will be assigned an OCC Licensing contact. There will be at least one formal pre-filing meeting between the FinTech company and OCC Licensing staff, with additional meetings possible depending on the novelty and complexity of the proposal.

Activities of the proposed SPNB: During the pre-filing stage, a prospective applicant will need to demonstrate that it is eligible for a SPNB charter. To be eligible, the applicant must conduct (and be limited to) at least one of the three core banking functions of receiving deposits, paying checks or lending money. It is likely that the business model of most applicants would relate to paying checks or lending money, because applicants seeking to take deposits would need to obtain a full service national bank charter and thus would not be covered by the Licensing Supplement. The OCC notes that it interprets the National Bank Act as being sufficiently adaptable to permit national banks (i) to engage in new activities as part of the business of banking or to engage in traditional activities in new ways and recognizes that (ii) -4Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-5

the activities proposed by an applicant for SPNB charter eligibility may include activities that have not previously been determined to be part of, or incidental to, the business of banking or fit within an established core banking function.

When this is the case, the FinTech company should discuss the

permissibility of the proposed activities and their status as core banking activities.

Filing procedures – publication and public comment; confidentiality: Following the pre-filing phase, the SPNB charter applicant will be required to file the full charter application and follow existing filing procedures for national bank charters. An applicant must publish notice of its charter in the community in which the proposed SPNB will be “located” as soon as possible before or after the filing date. The OCC notes that it will consider the nature of the SPNB’s operations in order to determine where publication of the notice would be appropriate, recognizing that a FinTech company’s operations may be primarily or solely online and not resemble those of traditional national banks. The application will be subject to a 30day comment period, and the public portion of the application file will be available to any person upon request and will also be available on the OCC’s website. this public file, including the FIP.

Parts of the business plan will be included in

Business Plan: As with all national bank charter applicants, a FinTech company will be required to submit a comprehensive business plan as part of its application.

In the Licensing Supplement, the OCC

notes that it will subject the applications of FinTech companies without an established business record to higher degrees of scrutiny when determining whether the proposed SPNB has a reasonable likelihood of long-term success.

The Licensing Supplement also provides FinTech companies with additional

guidance on their business plan submissions, including in the following areas: 

Risk Assessment: The OCC expects that the business plan will identify and discuss the specific risks inherent in the proposed SPNB’s business model. The risk assessment should include the 30 SPNB’s risk appetite and ways that the SPNB could effectively manage its identified risks. In addition, the OCC will consider the internal and system controls that the SPNB uses to monitor and mitigate risk, including management information systems.



Financial Management: FinTech company applicants will be subject to the OCC’s minimum riskbased capital and leverage requirements set forth in 12 CFR 3. The OCC expects that the business plan will discuss how the SPNB’s capital would weather adverse market conditions, such as broad market volatility or volatility specific to a business line. Preliminary conditional approval for a SPNB will include a condition specifying a minimum capital level that the SPNB must maintain based on the OCC’s analysis of quantitative and qualitative factors. The OCC will also scrutinize the liquidity and funds management of an applicant to ensure that the FinTech company is able to readily meet its cash and collateral obligations at a reasonable cost without 31 adversely affecting its daily operations or financial condition.



Financial Inclusion Plan: SPNB applicants that will provide financial services to consumers and small businesses will be required to demonstrate their commitment to financial inclusion by submitting a FIP as part of their business plan. When an applicant that must submit a FIP is developing its business plan, it may engage in outreach to interested community and consumer groups to determine community financial needs. The OCC acknowledges that some charter applicants may have a business model that incorporates financial inclusion inherently through its products and services, and in such instances, the applicant should identify and discuss with the

-5Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-6

OCC the aspects of its business plan that by the nature of the product or service address issues 32 of financial inclusion. The business plan’s FIP should describe the proposed goals, approach, activities and milestones for serving the relevant market and community. The nature and scope of an FIP developed by an applicant will vary depending on the SPNB’s business model and the 33 types or products and services it offers. The OCC may identify specific requirements that are necessary for the business plan to be achievable and to ensure that the OCC’s chartering standards are met.

The OCC may then impose special

conditions on the FinTech company’s SPNB charter in order to attain these goals. As is the case with all de novo national bank charters, the OCC will include the requirement that the SPNB obtain a supervisory non-objection letter from the OCC if it deviates significantly from its approved business plan. Evaluating an application:

When evaluating a SPNB application, the OCC will apply the same

supervisory criteria applicable to full-service national bank applications. The OCC will not approve charter applications that are opposed to OCC policy or other established public policy, such as proposals for business plans that would result in undue harm to consumers, or cause an inappropriate commingling of 35

banking and commerce.

In the Licensing Supplement, the OCC also outlines a set of supervisory considerations specific to SPNB applications, which include the following: 

Risk Management: The OCC expects that FinTech SPNBs will have risk management systems commensurate with the complexity and volume of risk that the SPNB assumes. The OCC uses a supervision-by-risk approach to evaluate risk, identify risk-based issues and ensure that SPNBs can take corrective action prior to risk-based issues compromising their safety and soundness. After a risk evaluation, the OCC will tailor and conduct supervisory activities at a SPNB based on 36 identified risks and conduct periodic testing to validate its risk assessment.



Corporate Governance: The OCC expects the management of FinTech SPNBs to have relevant subject matter expertise and financial acumen and that the board of directors will have a prominent role in the overall governance structure by participating on key committees and guiding the FinTech SPNB’s risk management framework. Board members are also expected to actively oversee management, to provide a credible challenge to management and to exercise independent judgement.

Chartering Decision: The OCC will grant approval of a SPNB charter application in two steps: preliminary conditional approval and final approval. A preliminary conditional approval is not a guarantee that the OCC will provide the applicant with final approval for a SPNB charter; rather, it is only an assurance that the application has passed the first phase of OCC review and is a green light for the applicant to spend the money to raise capital, hire officers and employees and develop the policies and procedures necessary to conduct the business of the SPNB, including the policies and procedures related to financial inclusion. As a general matter, the SPNB applicant must open for business within 18 months of the OCC’s preliminary conditional approval, unless it has received an extension.

A FinTech SPNB

charter applicant that receives final approval from the OCC may commence its banking business. Once

-6Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-7

the SPNB opens, the OCC will supervise it through scheduled supervisory cycles, including on-site examination and periodic off-site monitoring.

Coordination with other regulators; continuation of remedies:

The OCC will coordinate as

appropriate with other regulators that have regulatory jurisdiction over the SPNB based on the structure and activity of the SPNB. If a SPNB applicant is the subject of a pending investigation or enforcement action by another regulator, such investigation or enforcement action may not be nullified by the charter application process and may give the OCC grounds to deny the charter application. Once the OCC has consulted the investigating party or the regulator considering an enforcement action against the FinTech company at issue, the OCC will, at a minimum, ensure that the company will have a continuing obligation to remediate any prior violations through conditions imposed on an approval of the SPNB charter.

The OCC has requested public feedback on all aspects of the Licensing Supplement. Comments must be submitted by April 14, 2017.

OBSERVATIONS The OCC’s publication of the Licensing Supplement provides greater clarity on the process through which FinTech companies may apply for SPNB charters and describes the criteria that the OCC will apply when evaluating and acting on applications. It further demonstrates Comptroller Curry’s commitment to the SPNB charter for FinTech companies. Comptroller Curry’s term ends in April 2017. It is not clear whether his successor (who has not yet been nominated) will share his commitment to the SPNB charter, and if he or she does not, what will become of it. The Licensing Supplement is, as expected, largely consistent with the SPNB White Paper and existing OCC guidance. Key points of interest raised by new information in the Licensing Supplement include: 

The submission of a FIP is only required for applicants whose business model includes lending or providing financial services to consumers or small businesses. The OCC recognizes that some FinTech business models inherently address financial inclusion, such as companies that engage in nonprime lending. In these cases, the Licensing Supplement notes that applicants should identify and discuss how their products or services inherently address financial inclusion 40 considerations. In addition, the Licensing Supplement indicates that FIPs will be available for review and comment by the public, and the OCC will condition the issuance of FinTech SPNB 41 charters on implementation of an applicant’s FIP. In light of the public comment activity on the SPNB proposal itself, applicant should expect comments on their proposals during the application process.



In response to comments raised during the White Paper comment period, the OCC has made clear that it will not approve FinTech SPNB charter applications that implicate the commingling of 42 banking and commerce. This may preclude the submission of FinTech SPNB charter applications by large technology companies and retailers that engage in business and commerce generally and have no intention of narrowing their activities.



FinTech companies that are the subject of formal investigations or enforcement actions cannot 43 escape the consequences of such investigations or actions by seeking a SPNB charter. A

-7Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-8

FinTech company that successfully becomes a SPNB will still have to remediate or pay penalties to the appropriate parties. Some FinTech companies may currently be subject to state-level investigations and enforcement proceedings, and it is not clear how those will affect the application process. 

The OCC has not provided objective guidance on alternative capital requirements based on the 44 unique risks and activities presented by FinTech company applicants. This reflects the breadth of possible FinTech SPNB charter applicants and the flexible approach the OCC has chosen to take with respect to the wide-ranging business models and nontraditional capital structures of certain FinTech companies.

Based on the guidance contained in the Licensing Supplement, prospective applicants should be certain to take a number of steps in preparing a FinTech SPNB charter application. These include the following: 

Schedule Exploratory Meeting: FinTech companies can schedule an initial meeting with the OCC’s Office of Innovation to discuss their qualifications for a FinTech SPNB charter, and many have already. Since the OCC has specified that all prospective applicants must schedule an initial meeting with the Office of Innovation, companies should consider scheduling this meeting as early as possible to avoid a long wait. During this meeting, FinTech companies should be prepared to explain why their proposed activities are permissible for a SPNB and how they fall within one of the core banking categories of taking deposits, paying checks or lending money.



Strengthen Business Plan: Prospective applicants should critically assess whether their business plan meets the supervisory expectations that the OCC has outlined in the Licensing Supplement. FinTech companies whose business plans include lending or providing financial services to consumers or small businesses should consider how they will meet the OCC’s financial inclusion expectations.



Conduct Gap Analysis: FinTech companies should consider whether their internal controls, management capabilities and board oversight structure are sufficient to meet the OCC’s supervisory expectations, and should develop plans to remediate any deficiencies prior to submitting an application. Companies that are newly formed, or that have a short track record, should be prepared to explain how they plan to grow and scale in a responsible manner that does not raise supervisory concerns, particularly in the areas of management oversight and internal controls.



Capital Proposal: Prospective applicants should examine their financial capabilities and assess whether their capital and leverage ratios are sufficient to meet the minimum ratios set forth in 12 CFR 3. In addition, applicants should be prepared to propose a minimum capital level applicable to their business, and be prepared to provide the OCC with an explanation of why their proposed minimum capital level makes sense in light of their activities, risks and business model. If additional capital will be required, they should consider developing plans to obtain it. *

C-9

ENDNOTES 1

OCC, Comptroller’s Licensing Manual Draft Supplement: Evaluating Charter Applications From Financial Technology Companies (Mar. 15, 2017), available at https://www.occ.gov/publications/ publications-by-type/licensing-manuals/file-pub-lm-fintech-licensing-manual-supplement.pdf (“Licensing Supplement”).

OCC, OCC Summary of Comments and Explanatory Statement: Special Purpose National Bank Charters for Financial Technology Companies (Mar. 15, 2017), available at https://www.occ.gov/ topics/bank-operations/innovation/summary-explanatory-statement-fintech-charters.pdf (“Explanatory Statement”).

Conference of State Bank Supervisors, CSBS Urges Congress to Weigh in Against OCC NonBank Charter, “A Solution in Search of a Problem” (Mar. 15, 2017), available at https://www.csbs.org/news/press-releases/pr2017/Pages/031517.aspx. The Conference of State Bank Supervisors responded to the OCC’s releases, finding that “[i]t is deeply unsettling that the OCC chose to ignore the public record – including letters from Republicans and Democrats in Congress – warning of the harm this action will cause to consumers and the added risks to taxpayers. CSBS is exploring all options. We urge Congress to continue to weigh in on this important issue.”

Maria T. Vullo, NYSDFS Superintendent, Statement on the OCC’s Proposed Licensing Manual Supplement for Evaluating Charter Applications From Financial Technology Companies (Mar. 15, 2017), available at http://www.dfs.ny.gov/about/press/pr1703152.htm. Superintendent Vullo voiced strong opposition to the Licensing Supplement, disputing the OCC’s claim to have SPNB chartering authority under the National Bank Act, and warning that “[t]he imposition of an entirely new federal regulatory scheme on an already functional and deeply rooted state regulatory landscape will invite efforts to evade state usury laws and other consumer protections, stifle small business innovation, create institutions that are too big to fail and increase the risks presented by nonbank entities.”

Remarks by Thomas J. Curry, Comptroller of the Currency, Before the Federal Home Loan Bank of Chicago (Aug. 7, 2015), available at https://www.occ.gov/news-issuances/speeches/2015/pubspeech-2015-111.pdf.

OCC, Supporting Responsible Innovation in the Federal Banking System: An OCC Perspective (Mar. 31, 2016), available at http://occ.gov/publications/publications-by-type/other-publicationsreports/pub-responsible-innovation-banking-system-occ-perspective.pdf.

OCC, Recommendations and Decisions for Implementing a Responsible Innovation Framework (Oct. 26, 2016), available at https://www.occ.gov/topics/bank-operations/innovation/comments/ recommendations-decisions-for-implementing-a-responsible-innovation-framework.pdf.

The specific steps of the OCC’s Responsible Innovation initiative included the following: (i) on March 31, 2016 the OCC released a white paper on Responsible Innovation, (ii) the OCC hosted a Forum on Responsible Innovation in June 2016 designed to solicit the views of national banks, FinTech companies and other stakeholders on innovation in the banking sector, (iii) the OCC formed an Innovation Framework Development Team that performed extensive information gathering and analysis, and held other discussions with key stakeholders during the second half of 2016 and (iv) on October 26, 2016, the OCC released its Responsible Innovation Framework policy statement.

OCC, Public Comments on Exploring Special Purpose National Bank Charters for Fintech Companies (Jan. 17, 2017), available at https://www.occ.gov/topics/bank-operations/innovation/ fintech-charter-comments.html.

See, e.g., Richard H. Neiman, Lending Club, Comment on the OCC White Paper “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 17, 2017), at 15, available at https://www.occ.gov/topics/bank-operations/innovation/comments/comment-lending-club.pdf.

-9Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-10

ENDNOTES (CONTINUED) 11

See, e.g., Perianne Boring, Chamber of Digital Commerce, Comments on the OCC’s December 2, 2016 White Paper Regarding Special Purpose National Bank Charters for FinTech Companies (Jan. 17, 2017), at 2, available at https://www.occ.gov/topics/bank-operations/innovation/ comments/comment-chamber-digital-commerce.pdf.

See, e.g., John Court (The Clearing House Association L.L.C.) and Christopher Cole (Independent Community Bankers of America) and Christopher B. Killian (Securities Industry and Financial Markets Association), Comment on “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 17, 2017), at 2, available at https://www.occ.gov/topics/bankoperations/innovation/comments/comment-clearing-house-et-al.pdf.

See, e.g., John W. Ryan, Conference of State Bank Supervisors, Comment on “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 13, 2017), at 2-4, available at https://www.occ.gov/topics/bank-operations/innovation/comments/comment-csbs-comment-letterspecial-purpose-national-bank-charters-fintech.pdf.

See, e.g., National Consumer Law Center (On behalf of its low income clients) and the Consumer Federation of America, Consumer Union, Main Street Alliance and U.S. PIRG, Comments to the Comptroller of the Currency on “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 17, 2017) at 13, available at https://www.occ.gov/topics/bankoperations/innovation/comments/comment-nclc-et-al.pdf.

See, e.g., Main Street Alliance, Comment on “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 16, 2017), at 2, available at https://www.occ.treas.gov/topics/bankoperations/innovation/comments/comment-main-street-alliance.pdf.

See, e.g., Maria T. Vullo, NYSDFS, Comment on “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 17, 2017), at 5-7, available at https://www.occ.gov/topics/ bank-operations/innovation/comments/comment-ny-dfs.pdf.

Sherrod Brown and Jeffrey A. Merkley, United States Senate Committee on Banking, Housing, and Urban Affairs, Comment on “Exploring Special Purpose National Bank Charters for Fintech Companies” (Jan. 9, 2017), at 1, available at https://www.merkley.senate.gov/news/pressreleases/brown-merkley-push-back-on-occs-plan-for-financial-technology-charter.

Remarks by Thomas J. Curry, Comptroller of the Currency, at LendIt USA 2017 (Mar. 6, 2017), available at https://www.occ.gov/news-issuances/speeches/2017/pub-speech-2017-27.pdf.

House Financial Services Committee, Letter to Comptroller Curry (Mar. 10, 2017), available at http://paybefore.com/wp-content/uploads/2017/03/OCC-Congress-letter-March-2017.pdf.

Explanatory Statement at 2-3.

Id.

Id. at 15.

Licensing Supplement at 4.

Id. at 5.

Id.

Id. at 6.

Id.

Id. at 9. See 12 CFR 5.20(h).

Id.

-10Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-11

ENDNOTES (CONTINUED) 31

Id. at 12.

Id. at 20.

Id.

Id. at 7.

Id.

Id. at 16.

Id. at 8.

Id. at 20.

Id. at 15.

Id. at 7.

Id. at 8.

Id. at 11.

-11Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-12

ABOUT SULLIVAN & CROMWELL LLP Sullivan & Cromwell LLP is a global law firm that advises on major domestic and cross-border M&A, finance, corporate and real estate transactions, significant litigation and corporate investigations, and complex restructuring, regulatory, tax and estate planning matters.

Founded in 1879, Sullivan &

Cromwell LLP has more than 875 lawyers on four continents, with four offices in the United States, including its headquarters in New York, three offices in Europe, two in Australia and three in Asia. CONTACTING SULLIVAN & CROMWELL LLP This publication is provided by Sullivan & Cromwell LLP as a service to clients and colleagues. The information contained in this publication should not be construed as legal advice. Questions regarding the matters discussed in this publication may be directed to any of our lawyers listed below, or to any other Sullivan & Cromwell LLP lawyer with whom you have consulted in the past on similar matters. If you have not received this publication directly from us, you may obtain a copy of any past or future related publications from Michael B. Soleta (+1-212-558-3974; soletam@sullcrom.com) in our New York office. CONTACTS New York Jason J. Cabral

+1-212-558-7370

cabralj@sullcrom.com

Whitney A. Chatterjee

+1-212-558-4883

chatterjeew@sullcrom.com

H. Rodgin Cohen

+1-212-558-3534

cohenhr@sullcrom.com

Elizabeth T. Davy

+1-212-558-7257

davye@sullcrom.com

Mitchell S. Eitel

+1-212-558-4960

eitelm@sullcrom.com

Michael T. Escue

+1-212-558-3721

escuem@sullcrom.com

Jared M. Fishman

+1-212-558-1689

fishmanj@sullcrom.com

C. Andrew Gerlach

+1-212-558-4789

gerlacha@sullcrom.com

Wendy M. Goldberg

+1-212-558-7915

goldbergw@sullcrom.com

Joseph A. Hearn

+1-212-558-4457

hearnj@sullcrom.com

Erik D. Lindauer

+1-212-558-3548

lindauere@sullcrom.com

Mark J. Menting

+1-212-558-4859

mentingm@sullcrom.com

Camille L. Orme

+1-212-558-3373

ormec@sullcrom.com

Rebecca J. Simmons

+1-212-558-3175

simmonsr@sullcrom.com

William D. Torchiana

+1-212-558-4056

torchianaw@sullcrom.com

Donald J. Toumey

+1-212-558-4077

toumeyd@sullcrom.com

Marc Trevino

+1-212-558-4239

trevinom@sullcrom.com

Mark J. Welshimer

+1-212-558-3669

welshimerm@sullcrom.com

George H. White III

+1-212-558-4328

whiteg@sullcrom.com

Michael M. Wiseman

+1-212-558-3846

wisemanm@sullcrom.com

-12Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017

C-13

Washington, D.C. Eric J. Kadel, Jr.

+1-202-956-7640

kadelej@sullcrom.com

William F. Kroener III

+1-202-956-7095

kroenerw@sullcrom.com

Stephen H. Meyer

+1-202-956-7605

meyerst@sullcrom.com

Jennifer L. Sutton

+1-202-956-7060

suttonj@sullcrom.com

Andrea R. Tokheim

+1-202-956-7015

tokheima@sullcrom.com

Samuel R. Woodall III

+1-202-956-7584

woodalls@sullcrom.com

Patrick S. Brown

+1-310-712-6603

brownp@sullcrom.com

William F. Kroener III

+1-310-712-6696

kroenerw@sullcrom.com

William D. Torchiana

+33-1-7304-5890

torchianaw@sullcrom.com

Robert Chu

+61-3-9635-1506

chur@sullcrom.com

Burr Henly

+61-3-9635-1508

henlyb@sullcrom.com

Keiji Hatano

+81-3-3213-6171

hatanok@sullcrom.com

Los Angeles

Paris

Melbourne

Tokyo

-13Office of the Comptroller of the Currency Issues Draft Licensing Manual Supplement for FinTech Companies March 19, 2017 SC1:4346755.4

C-15

January 3, 2017

DFS Issues Updated Proposed Cybersecurity Regulations Responding to Industry Concerns, DFS Proposes More Flexible, Risk-Based Approach to Cybersecurity and Delays Implementation of Proposed Regulations SUMMARY On December 28, 2016, following a 45-day notice and public comment period, the New York Department of Financial Services (the “DFS”) issued updated proposed cybersecurity regulations (the “Updated Proposed Regulations”) applicable to banks, insurance companies, and other financial services institutions regulated by the DFS (“Regulated Institutions”). Intended to address concerns voiced by Regulated Institutions and trade associations with respect to the version originally proposed for comment in September 2016 (the “Original Proposed Regulations”), the Updated Proposed Regulations appear more flexible and more closely tied to each Regulated Institution’s particular cybersecurity risk assessment.

Moreover, the DFS has delayed the proposed regulations’ implementation and has

introduced transitional periods to permit Regulated Institutions additional time to come into compliance with certain requirements. Comments on the Updated Proposed Regulations are due January 27, 2017.

BACKGROUND On September 13, 2016, the DFS issued the Original Proposed Regulations which, among other things, required Regulated Institutions to establish and maintain a cybersecurity program, implement and maintain cybersecurity policies and procedures, appoint a Chief Information Security Officer (“CISO”), and submit an annual certification of compliance with the regulations to the DFS. Although the Original Proposed Regulations incorporated many industry practices, they were viewed as relatively prescriptive in approach and, in the opinion of many industry participants, did not sufficiently

New York

Washington, D.C. Los Angeles Palo Alto London Paris Tokyo Hong Kong Beijing Melbourne Sydney www.sullcrom.com

Frankfurt

C-16

account for Regulated Institutions’ differing cyber-risk profiles. The Original Proposed Regulations thus would have constituted a departure from the more flexible assessment guidance issued by federal regulators.

In response to the Original Proposed Regulations, the DFS received over 150 comments from individuals and entities, including Regulated Institutions and trade associations, as well as third-party service providers, including cybersecurity service providers.

Among other changes, several commentators

proposed eliminating prescriptive minimum standards and delaying implementation of the regulations.

SUMMARY OF THE UPDATED PROPOSED REGULATIONS Although the Updated Proposed Regulations represent a meaningful shift towards a more flexible, riskbased approach to cybersecurity, they nonetheless continue to prescribe a range of minimum cybersecurity requirements. The main changes from the Original Proposed Regulations are outlined below. 

Risk Assessments. The Updated Proposed Regulations no longer require annual risk assessments. Instead, they call for Regulated Institutions to conduct “periodic” risk assessments and update such risk assessments as reasonably necessary to address changes to the Regulated Institutions’ information systems, nonpublic information, and business operations. The Updated Proposed Regulations explicitly tie the design of the cybersecurity program and the development of cybersecurity policies and procedures to such risk assessments. The DFS has, however, cautioned that risk assessments are not intended to permit Regulated Institutions to 3 engage in a cost-benefit analysis of acceptable losses when faced with cybersecurity risks.



Easing of Some Program and Policy Requirements. The Updated Proposed Regulations relax a number of cybersecurity measures required to be included in Regulated Institutions’ cybersecurity programs and policies. The Updated Proposed Regulations also adopt a more flexible approach to certain measures, requiring only that such measures be developed and adopted in accordance with Regulated Institutions’ risk assessments. The modified measures include: 

Data Retention and Destruction. The Original Proposed Regulations required Regulated Institutions to destroy certain nonpublic information that was no longer necessary to the provision of products or services for which the information was provided. The Updated Proposed Regulations allow Regulated Institutions to maintain nonpublic information if such information continues to be necessary for business operations or for other legitimate business purposes. In addition, Regulated Institutions are not required to dispose of nonpublic information if such disposal is not reasonably feasible due to the manner in which 4 the information is maintained.



Monitoring and Testing. The Original Proposed Regulations required all Regulated Institutions to conduct annual penetration testing and quarterly vulnerability assessments. The Updated Proposed Regulations instead require Regulated Institutions to develop monitoring and testing processes in accordance with their risk assessment. Such monitoring and testing must include either effective continuous monitoring or risk-based annual penetration testing and biannual vulnerability assessments.



Access Privileges. Departing from the proposed requirement that access to nonpublic information be limited to individuals who require such access to perform their responsibilities, the Updated Proposed Regulations instead require Regulated Institutions to design access limits based on their risk assessment.

-2DFS Issues Updated Proposed Cybersecurity Regulations January 3, 2017

C-17



Multifactor Authentication. Instead of requiring multifactor authentication and risk-based authentication in a range of specified circumstances, the Updated Proposed Regulations generally permit Regulated Institutions to select appropriate controls, which may include multifactor or risk-based authentication, based on their risk assessment. The Updated Proposed Regulations do, however, continue to require the use of multifactor authentication for access to a Regulated Institution’s internal systems or data from an external network, unless the Regulated Institution’s CISO has approved in writing the use of reasonably equivalent or more secure access controls.



Encryption. The Updated Proposed Regulations continue to call for the encryption of data in transit and at rest; however, the original grace periods for the implementation of such encryption (one year for data in transit and five years for data at rest) have been replaced by an indefinite permission to use compensating controls approved by the CISO so long as the Regulated Institution determines encryption is infeasible. The CISO must review the feasibility of encryption and effectiveness of the compensating controls at least annually.



Audit Trail. The audit trail requirements in the Original Proposed Regulations have been significantly reduced and relaxed. The Updated Proposed Regulations require that, to the extent applicable and based on the Regulated Institution’s risk assessment, each Regulated Institution securely maintain systems that are designed to reconstruct material financial transactions and that include audit trails designed to detect and respond to cybersecurity events that have a reasonable likelihood of materially harming any part of the normal operations of the Regulated Institution. The audit trail record-keeping requirements have also been reduced from six to five years.



Third-Party Service Providers. As was the case with the Original Proposed Regulations, the Updated Proposed Regulations require Regulated Institutions to implement written policies and procedures designed to ensure the security of information systems and nonpublic information accessible to or held by third-party service providers. The Original Proposed Regulations required such policies and procedures to establish preferred provisions to be included in contracts with third-party service providers, including provisions addressing a range of listed areas. The Updated Proposed Regulations instead require that the policies and procedures include “relevant guidelines for due diligence and/or contractual protections” relating to third-party service providers. The areas that these guidelines must address have also been narrowed: the policies and procedures need not address the provision of identity theft protection products by third-party service providers after a breach nor the right of Regulated Institutions to perform cybersecurity audits of third-party service providers.



Nonpublic Information. Some commentators expressed concern about the breadth and clarity of the definition of “nonpublic information” in the Original Proposed Regulations and suggested that the definition should more closely track the language of other cybersecurity standards. The DFS responded to these comments by revising the definition in the Updated Proposed Regulations. The revised definition focuses to a greater extent on the nature of the information in question (e.g., health information, Social Security numbers) rather than the circumstances under which the information was obtained (e.g., in connection with the provision of financial products or services to an individual). In addition, “information concerning an individual which because of name, number, personal mark, or other identifier can be used to identify such individual” will be considered nonpublic information only when combined with one of several more sensitive data elements listed in the Updated Proposed Regulations (e.g., Social Security number, credit or debit card number, biometric records).



Notice to DFS of Cybersecurity Events. Pursuant to the Updated Proposed Regulations, Regulated Institutions must notify the DFS of a cybersecurity event within 72 hours of determining that a cybersecurity event meets the notice criteria, rather than the originally proposed 72 hours of the event itself (a standard that many commentators considered infeasible). Moreover, the harm-based trigger for notice has been narrowed. The Original Proposed Regulations required notice of any Cybersecurity Event that “has a reasonable likelihood of materially affecting the normal operation of the [Regulated Institution] or that affects Nonpublic Information,”

-3DFS Issues Updated Proposed Cybersecurity Regulations January 3, 2017

C-18

including “any Cybersecurity Event involving the actual or potential unauthorized tampering with, or access to or use of, Nonpublic Information.” The revised regulations require notice if there is “a reasonable likelihood of materially harming any material part of the normal operation(s)” of the Regulated Institution. 

Affiliates. Regulated Institutions may now comply with several requirements of the Updated 5 Proposed Regulations through Affiliates. Regulated Institutions may: 

Adopt a cybersecurity program maintained by an Affiliate, so long as such program satisfies the requirements of the Updated Proposed Regulations and covers the Regulated Institution’s information systems and nonpublic information.



Designate a CISO employed by an Affiliate, provided the Regulated Institution retains responsibility for compliance with the Updated Proposed Regulations.



Utilize qualified cybersecurity personnel of an Affiliate.



Chief Information Security Officer. The Original Proposed Regulations were interpreted by some to require the appointment of a CISO whose exclusive function is overseeing and implementing the cybersecurity program and enforcing cybersecurity policies. The Updated Proposed Regulations clarify that, although Regulated Institutions must designate a qualified individual to perform the functions of a CISO, that individual need not have a specific title and can perform other functions as well. Moreover, the Updated Proposed Regulations require that the CISO report in writing at least annually to the Board of Directors or an equivalent governing body, or to a senior officer. The Original Proposed Regulations had called for biannual reports.



Confidentiality. The Updated Proposed Regulations state that information provided by a Regulated Institution pursuant to the proposed regulations “is subject to exemptions from disclosure under the Banking Law, Insurance Law, Financial Services Law, Public Officers Law or any other applicable state or federal law.” This addition comes in response to concerns expressed by some industry participants regarding the confidentiality of information that must be provided to the DFS under the proposed regulations. In addition to requiring notices of cybersecurity events, the Updated Proposed Regulations also provide for increased transparency on the part of Regulated Institutions. Specifically, documentation and information relevant to Regulated Institutions’ cybersecurity program must be made available to the DFS upon request, and records, schedules, and data supporting the annual certificate of compliance must be made available for examination.



Exemptions. The Updated Proposed Regulations expand the categories of entities that may claim an exemption from some or all of the regulations’ requirements. Regulated Institutions claiming an exemption must file a notice of exemption with the DFS. The following categories of entities are now eligible for certain exemptions: 

Regulated Institutions with (a) fewer than 10 employees; (b) less than $5,000,000 in gross annual revenues in each of the last three fiscal years; or (c) less than $10,000,000 in yearend total assets, calculated in accordance with GAAP, including assets of Affiliates, are exempt from a number of the regulations’ requirements, including appointment of a CISO, monitoring and testing of information systems, use of encryption or compensating controls, and maintenance of a written incident response plan.



Employees, agents, representatives or designees of a Regulated Institution, who are themselves a Regulated Institution, are exempt from the proposed regulations entirely and need not develop their own cybersecurity program if such persons are covered by the cybersecurity program of the Regulated Institution.



Regulated Institutions that do not directly or indirectly operate, maintain, utilize, or control any information systems and that do not, and are not required to, directly or indirectly control, own, access, generate, receive or possess nonpublic information will only be subject to the requirements relating to risk assessments, implementation of written third-party service provider policies, disposal of nonpublic information, and notices to the DFS.

-4DFS Issues Updated Proposed Cybersecurity Regulations January 3, 2017

C-19



Effective Date. The effective date of the Updated Proposed Regulations has been postponed from January 1, 2017 to March 1, 2017.



Transitional Period. In a departure from the Original Proposed Regulations, the Updated Proposed Regulations introduce the following transitional periods for Regulated Entities to come into compliance: 

One year from the effective date for the requirements relating to reporting by the CISO to the Board of Directors, equivalent body or senior officer; monitoring and testing of information systems; carrying out of risk assessments; use of controls against unauthorized access such as multifactor authentication and risk-based authentication; and provision of regular cybersecurity awareness training.



Eighteen months from the effective date for the requirements relating to maintenance of an audit trail; security of in-house and externally developed applications; limits on data retention; the implementation of risk-based policies, procedures and controls to monitor activity of authorized users and to detect unauthorized users; and use of encryption or compensating controls.



Two years from the effective date for the requirements relating to third-party service provider policies.

The Updated Proposed Regulations will be finalized following a second notice and public comment period of 30 days. The DFS will focus its final review on any new comments not previously raised in the original comment process. Regulated Institutions should review the Proposed Regulations and evaluate their own cybersecurity policies, procedures, and programs against the Proposed Regulations’ requirements. Some Regulated Institutions may also wish to participate in the 30-day notice and public comment period, whether directly or through industry associations. *

ENDNOTES 1

See, e.g., Federal Financial Institutions Examination Council, Cybersecurity Assessment Tool, available at https://www.ffiec.gov/cyberassessmenttool.htm.

New York Department of Financial Services, Assessment of Public Comments for New Part 500 to 23 NYCRR, available at http://www.dfs.ny.gov/legal/regulations/proposed/rp500apc.pdf.

For example, some commentators noted that “data stored on magnetic tapes and commingled data on servers present significant feasibility challenges with respect to any requirement for targeted data destruction.” Comment Letter from the Securities Industry and Financial Markets Association, American Bankers Association, Financial Services Roundtable, Financial Services Sector Coordinating Council, Mortgage Bankers Association, American Financial Services Association, American Land Title Association and New York Mortgage Bankers Association, dated November 14, 2016, available at http://www.aba.com/Advocacy/commentletters/ Documents/SIFMA-NY-DFS-Proposed-Cyber-Requirements.pdf.

“Affiliate” is defined as “any Person that controls, is controlled by or is under common control with another Person.” For the purpose of this definition, “control” means “the possession, direct or

C-20

indirect, of the power to direct or cause the direction of the management and policies of a Person, whether through the ownership of stock of such Person or otherwise.â&#x20AC;?

-6DFS Issues Updated Proposed Cybersecurity Regulations January 3, 2017

C-21

Founded in 1879, Sullivan &

+1-212-558-3534

cohenhr@sullcrom.com

Mitchell S. Eitel

+1-212-558-4960

eitelm@sullcrom.com

John Evangelakos

+1-212-558-4260

evangelakosj@sullcrom.com

Nicole Friedlander

+1-212-558-4332

friedlandern@sullcrom.com

Scott D. Miller

+1-212-558-3109

millersc@sullcrom.com

Nader A. Mousavi

+1-212-558-1624

mousavin@sullcrom.com

William D. Torchiana

+1-212-558-4056

torchianaw@sullcrom.com

Alexander J. Willscher

+1-212-558-4104

willschera@sullcrom.com

Michael M. Wiseman

+1-212-558-3846

wisemanm@sullcrom.com

Eric J. Kadel, Jr.

+1-202-956-7640

kadelej@sullcrom.com

Brent J. McIntosh

+1-202-956-6930

mcintoshb@sullcrom.com

Stephen H. Meyer

+1-202-956-7605

meyerst@sullcrom.com

Jennifer L. Sutton

+1-202-956-7060

suttonj@sullcrom.com

Samuel R. Woodall III

+1-202-956-7584

woodalls@sullcrom.com

Scott D. Miller

+1-650-461-5620

millersc@sullcrom.com

Nader A. Mousavi

+1-650-461-5660

mousavin@sullcrom.com

William D. Torchiana

+33-1-7304-5890

torchianaw@sullcrom.com

Washington, D.C.

Palo Alto

Paris

-7DFS Issues Updated Proposed Cybersecurity Regulations January 3, 2017 DC_LAN01:341537.9

Online Resources Open Matters: Why Permissionless Blockchains are Essential to the Future of the Internet https://coincenter.org/entry/open-matters What Does “Permissionless” Mean? https://coincenter.org/entry/what-does-permissionless-mean “Blockchain Technology” is a Buzzword with Little Meaning. Here’s What Matters https://coincenter.org/entry/blockchain-technology-is-a-buzzword-with-littlemeaning-here-s-what-matters Report on Disturbed Ledger Technology: Implications of Blockchain for the Securities Industry http://www.finra.org/industry/blockchain-report

SECTION D

INTELLECTUAL PROPERTY ISSUES

Is a Blockchain Patent Still Possible? Ira Schaefer Ted Mlynar Hogan Lovells, LLP New York City Reprinted with permission from the authors. Originally published on CoinDesk at http://www.coindesk.com/blockchain-patent-still-possible/ With so much blockchain technology publicly disclosed already, many are wondering, "How can we get a patent on a blockchain system now?" In a previous article, we explored whether Satoshi Nakamoto could have patented bitcoin and whether such a patent would have survived an eligibility challenge. But regardless of whether a viable bitcoin patent exists, both Nakamoto’s 2008 article describing the bitcoin system and the bitcoin network in operation since 2009 qualify as "prior art" against any new attempt to patent a blockchain system. There are a few legal and practical hurdles facing the aspiring blockchain patentee.

Alice in Wonderland The Supreme Court’s 'Alice' decision addresses the statutory categories of potentially patent-eligible subject matter articulated in 35 USC §101: "[A]ny new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof.” – Alice Corporation vs CLS Bank International (2014). Being quite the patent buzzkill, Alice notes that there are long-standing exceptions to those broad categories. "Abstract ideas," in particular, are not patentable. And, according to Alice, in the patent Wonderland, there are exceptions to the exceptions. We shall explain. First, when is an idea so "abstract" that it is an unpatentable "abstract idea"? The Supreme Court is not entirely clear in Alice, but it was sure that "fundamental economic practices" are abstract ideas. The court specifically determined that a claimed method for mitigating "settlement risk" was an abstract idea. Second, the Supreme Court adapted the two-step analysis it had devised for life sciences patents in Mayo Collaboration Services vs Prometheus Laboratories (2012) to apply to financial technology patents. The first step in 'Mayo' was to analyze the patent claim as a whole to see if an abstract idea (the exception to patent eligibility) is claimed. If so, then the second step in Mayo was to see if that patent claim recites additional elements to implement the abstract idea that are “significantly more” than the abstract idea itself (the exception to the exception). If so, then the patent claims are directed to patent-eligible subject matter. If not, then the patent claims are directed to a patent-ineligible abstract idea. Determining what qualifies as "significantly more" may seem a bit subjective. The courts have warned that adding well-known activities, routine and conventional activities, or insignificant extra-solution activities do not qualify. Linking a claimed method to a particular field of use is also not adding “significantly more.” Such circular definitions, however, are not particularly helpful guidance. What has been considered "significantly more?" An improvement in another technology or technical field, an improvement to a computer itself, adding a limitation that is not routine or conventional, linking the use to a particular technological environment (other than a computer network), and applying the method to a

D-2

Blockchain Technology 2017

particular machine (other than a general purpose computer) have generally been found to be “significantly more” sufficient for patent eligibility. In applying Mayo to technology inventions, Alice created quite a stir at the US Patent and Trademark Office (USPTO). USPTO examiners were required to figure out which inventions were the exceptions and which inventions were the exceptions-to-the-exceptions. Those lines proved to be not so easy to draw. The decision also immediately impacted all patent litigation cases, because Alice has a retroactive effect. For example, even though Nakamoto could have filed his patent application in 2007 and had it examined under pre-Alice law, any challenge to the validity of that patent today would be reviewed under Alice. The Federal Circuit, the court of appeals for patent cases, has issued several decisions to help the district courts understand and apply Alice.

Just ask Alice How does Alice impact blockchain inventions? In short, they start behind the eight ball. Applying Alice to FinTech inventions, the Federal Circuit has held that methods for risk hedging, for creating a contractual relationship, of using advertising as currency, and of processing information in a clearinghouse, are all “abstract ideas”. In none of those cases did the patent claims recite something sufficiently “significantly more” to qualify as an exception-to-the-exception. In view of those decisions, there was an understandable concern that the Federal Circuit would classify any method for carrying out a traditional financial transaction performed on a computer (or over the Internet), as an unpatentable abstract idea. While the prospects for patenting FinTech may have looked grim, the scope of the exceptions-to-theexception has been expanding and provides an opening for patenting blockchain inventions.

Hold the Mayo The first hurdle for patenting a blockchain invention is preparing a patent application that will pass muster at the post-Alice PTO. To convince a USPTO examiner that the invention is not an unpatentable "abstract idea", it is most helpful if the application carefully frames the invention in concrete terms. As an example, consider a hypothetical Nakamoto patent application for bitcoin. Following traditional patent drafting techniques, the invention may be described as "directed to a method of peer-to-peer payments using electronic cash." However, under Alice, a peer-to-peer electronic payment is likely to be considered a "fundamental economic practice" and, therefore, an unpatentable abstract idea. If, however, the invention is described as being “directed to an improved ledger data structure (the blockchain) for use in an electronic cash payment method,” it is arguably an improvement in computer technology and should not be considered merely an abstract idea. (Of course, the patent application must also describe and properly claim that improved ledger data structure). Why should we expect that an improved ledger data structure in the form of a blockchain is sufficient under Mayo to provide something “significantly more”? Well, it just so happens that the Federal Circuit, held that a claim to an improved data structure, specifically a self-referential spreadsheet, was patent eligible. In fact, the court determined that the improved data structure was patent eligible under the first Mayo step – as being not an abstract idea (Enfish vs Microsoft, May 2016). Since Enfish, the Federal Circuit has cautiously continued to expand the exceptions-to-the-exception.

American Bar Association

Intellectual Property Issues

D-3

In mid-2016, in Bascom Global Internet Services vs AT&T Mobility, the Federal Circuit clarified the patent eligibility of new combinations of old elements. Before Bascom, it was thought that combinations of well-known functions were likely to be considered abstract ideas. The Bascom decision put an end to that thought. The court held that: “The inventive concept inquiry requires more than recognizing that each claim element, by itself, was known in the art. As is the case here, an inventive concept can be found in the non-conventional and non-generic arrangement of known, conventional pieces.” Moreover, the Federal Circuit has recognized that certain computer-automated tasks performed by a computer, utilizing a limited set of novel software instructions that do not include all ways of performing the task, can be patent eligible. Specifically, a “claim [that] uses the limited rules in process specifically designed to achieve an improved technological result in a conventional industry practice” is not an abstract idea (MCRO vs Bandai, September 2016). And, for the sake of completeness, if Nakamoto applied for a patent by submitting a more traditional description of his bitcoin invention, and had his claims rejected as patent-ineligible subject matter, all may not be lost. Nakamoto might still find refuge in the second step of the Mayo analysis by showing that his invention was “significantly more” than an abstract idea. In order to do so, the patent application itself would need to describe that “significantly more” technological addition.

Avoiding the rabbit hole While it is interesting that Nakamoto could have patented the blockchain, the question on many minds is what blockchain inventions remain patentable in view of his prior art? Without getting into too much detail, the Nakamoto method involves hashing, encrypting with a public key and private key, solving a proof of work hashing problem, and storing the proven transactions in a chain of blocks. One can argue that the Nakamoto paper and the use of the bitcoin network since 2009 make such hashing, encrypting, solving a proof of work problem and (block)chaining all routine activities that cannot constitute something “significantly more” under Mayo. Nevertheless, under recent Federal Circuit interpretations of Mayo and Alice, improvements in blockchain data structures, in solving proof of work problems, and in encryption and hashing functions have the potential to be patent-eligible subject matter. Even new arrangements of the known functions Nakamoto described and implemented, may be patenteligible. Furthermore, it may be possible to patent narrowly crafted software implementations of blockchain technology. With the right approach, the careful blockchain inventor should be able to avoid the “abstract idea” rabbithole and earn a new patent on the blockchain. Disclaimer: The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.

Ira Schaefer | Ted Mlynar

The Bitcoin Patent – Only a Matter of Time? Ira Schaefer Ted Mlynar Hogan Lovells, LLP New York City Reprinted with permission from the authors. Originally published on CoinDesk at http://www.coindesk.com/bitcoin-patent-matter-of-time/ Bitcoin is a technological marvel that has revolutionized financial systems. The birth of bitcoin came in 2008 in a paper entitled "Bitcoin: A Peer-to-Peer Electronic Cash System" by the pseudonymous Satoshi Nakamoto. The genesis block – the first block of transactions – was created the following year, and the network has continued ever since. Given that no person (or group) has credibly claimed authorship of the 2008 Nakamoto paper or the bitcoin transaction method it describes, not surprisingly, no patent based on that original work has appeared. However, that does not stop us from imagining what a patent claim on the bitcoin method might have looked like if a patent application was filed in the US before the Nakamoto article was published. While patent claims are written to pass muster at the US Patent and Trademark Office (USPTO), we have taken the liberty of drafting our proposed claim in simple English. We could draft broader claims to capture individual features of the bitcoin method, but find a claim focused on a collection of key features to be more useful for the purposes of discussion. Noting that the Nakamoto paper does not use the term "blockchain," but rather describes a "chain of blocks," our proposed claim implements that same terminology: A method for peer-to-peer electronic currency transactions comprising the steps of:         

Creating a hash value for a prior transaction; Combining the hash value, transaction data and the public key of a transaction recipient; Digitally signing the combination to form an electronic coin; Broadcasting the electronic coin to peers with a time-stamp; A subset of peers collecting electronic coins to form a transaction block Each peer in the subset creating a solution to a proof-of-work problem for its transaction block Each peer in the subset broadcasting its transaction block and the solution to peers Obtaining consensus that a transaction block is valid Adding that transaction block to the existing chain of blocks.

Bitcoin is just that simple. It is a series of steps implemented on computers connected the internet. If the proposed claim was filed in 2007, it should have issued in a patent by 2011, passing through the window for business method patents opened by the State Street decision we discuss below.

Legal background Prior to 1998, it was understood that even though you could get a patent on a process, machine or manufacture, there was a "business method" exception. That exception would prevent you from patenting a method for performing a financial transaction. It was ineligible subject matter. That all changed in 1998 when the Court of Appeals for the Federal Circuit (the appellate court for patent cases) ruled in State Street Bank & Trust Co v Signature Financial Group that a claimed investment structure for use as an administrator/agent for mutual funds was, in fact, patentable. Regarding the "business method exception" the court explained, "We take this opportunity to lay this illconceived exception to rest."

D-6

Blockchain Technology 2017

The State Street decision ushered in an avalanche of business method patents and, in particular, patents directed to implementing business methods with a computer connected to the internet. That avalanche was not well-received by many. Patents issued covering "computerized" versions of a multitude of well-known business methods. In 2014, the Supreme Court took action in Alice Corp Pty Ltd v CLS Bank Intâ&#x20AC;&#x2122;l. It held that a patent directed to a computer-implemented method for mitigating settlement risk by using a third-party intermediary was not eligible subject matter for a patent. Rather, the claimed method was an abstract idea that could not be patented. The court also specifically singled out financial business methods that implement a "fundamental economic practice" as being likely unpatentable abstract ideas. But the Supreme Court left the door open by making an exception for business methods that include "technological" advances. Subsequent Federal Circuit decisions explained that improving the functionality of a computer qualified as a suitable "technological" advance.

Would a bitcoin patent be viable? Of course, the idea of recording the exchange of currency in a ledger has been a "fundamental economic practice" for more than a thousand years. The Nakamoto article admits that hashing, digitally signing, time-stamping and solving a proof-of-work problem were all known processes in 2008. However, it cites no precedent for (a) the particular combination of processes it describes, nor (b) specifically using a hashed chain of transaction blocks as a currency transaction ledger. Viewed as providing an improved computer data structure, our proposed bitcoin method claim should be precisely the type of improvement to computer functionality that is still patentable under Alice. By applying for the bitcoin method patent after State Street, â&#x20AC;&#x153;Satoshi Nakamotoâ&#x20AC;? should have succeeded in obtaining a patent. Based on recent court decisions, it appears that patent would be eligible for enforcement today. A patent carefully camouflaged by using terminology difficult to detect but covering some aspect (or application) of bitcoin nonetheless, very well could have issued and be enforceable. Although the open-source community has enthusiastically embraced bitcoin, "Satoshi Nakamoto" has not expressly returned the embrace. That reality should give us all pause for thought and reason to be cautious. Given the incentives, let's not be too surprised that when the identity of Satoshi Nakamoto is finally revealed... along with holding a million bitcoins, *someone* holds a handful of bitcoin patents as well. The views expressed in this article are those of the authors and do not necessarily represent the views of, and should not be attributed to, their firm, its clients, or any respective affiliates. This article is for general information purposes only. It is not intended to be, and should not be taken as, legal advice. Disclaimer: The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.

American Bar Association

Online Resources Big Banks Are Stocking Up on Blockchain Patents https://www.bloomberg.com/news/articles/2016-12-21/who-owns-blockchaingoldman-bofa-amass-patents-for-coming-wars A Rush to Patent the Blockcahin is a Sign of the Technologyâ&#x20AC;&#x2122;s Promise http://www.economist.com/news/business/21714395-financial-firms-andassorted-startups-are-rushing-patent-technology-underlies

SECTION E

ENFORCEMENT ACTIONS

E-1

A Securities Law Framework for Blockchain Tokens A blockchain token is a digital token created on a blockchain as part of a decentralized software protocol. There are many different types of blockchain tokens, each with varying characteristics and uses. Some blockchain tokens, like Bitcoin, function as a digital currency. Others can represent a right to tangible assets like gold or real estate. Blockchain tokens can also be used in new protocols and networks to create distributed applications. These tokens are sometimes also referred to as App Coins or Protocol Tokens. These types of tokens represent the next phase of innovation in blockchain technology, and the potential for new types of business models that are decentralized - for example, cloud computing without Amazon, social networks without Facebook, or online marketplaces without eBay. However, there are a number of difficult legal questions surrounding blockchain tokens. For example, some tokens, depending on their features, may be subject to US federal or state securities laws. This would mean, among other things, that it is illegal to offer them for sale to US residents except by registration or exemption. Similar rules apply in many other countries. The Framework focuses on US federal securities law because these laws pose the biggest risk for crowdsales of blockchain tokens. In many jurisdictions, there may also be issues under anti-money laundering laws and general consumer protection laws, as well as specific laws depending on what the token actually does. This document is a general guide for developers and users of tokens. Part 1 is designed to estimate how likely a particular token is to be a security under US federal securities law. Part 2 sets out some best practices for crowdsales. Part 3 is a detailed securities law analysis by Debevoise & Plimpton LLP. As more fully set forth in the component parts of this document, the document does not constitute legal advice and should not be relied on by any person. Developers and users should consult their own counsel in connection with their initiatives in this area.

E-2

You should not rely on this Framework as legal advice. It is designed for general informational purposes only, as a guide to certain of the conceptual considerations associated with the narrow issues it addresses. You should seek advice from your own counsel, who is familiar with the particular facts and circumstances of what you intend and can give you tailored advice. This Framework is provided â&#x20AC;&#x153;as isâ&#x20AC;? with no representations, warranties or obligations to update, although we reserve the right to modify or change this Framework from time to time. No attorney-client relationship or privilege is created, nor is this intended to be attorney advertising in any jurisdiction.

December 7, 2016

An initiative of Coinbase, Coin Center, Union Square Ventures and Consensys

E-3

Part 1: How to determine if a token is a security The Howey Test The US Supreme Court case of SEC v Howey established the test for whether an arrangement involves an investment contract. An investment contract is a type of security. In the context of blockchain tokens, the Howey test can be expressed as three independent elements (the third element encompasses both the third and fourth prongs of the traditional Howey test). All three elements must be met in order for a token to be a security. 1. 2. 3.

An investment of money in a common enterprise with an expectation of profits predominantly from the efforts of others.

Using the Framework

Click here t o access the framework (google sheet). Save a copy in order to use it, or follow the manual instructions below Step 1: Access the google sheet or refer to the copy of the framework in the Appendix. Step 2: Review each characteristic and determine whether or not it applies to the token. Step 2: For the criteria that apply, add or subtract the corresponding points to get a total for each element. Step 3: You now have three point scores, one for each element. Your lowest point score represents your overall risk score. Please remember that this methodology produces nothing more than an estimate. You should seek your own legal advice, tailored to your own specific situation and considerations.

E-4

Part 2: Best practices in token sales The following principles help inform and protect buyers, and increase the chances of a successful token sale, especially for a sale which occurs before there is a live network using the token. They are guidelines and are not designed for any specific situation. Please consult your legal and other advisors. Most of these best practices do not directly affect whether a token is a security under the Howey Test

Principle 1: Publish a detailed white paper How?

Why?

● ● ● ● ●

Describe the protocol and the network Identify a clear and compelling reason for the token to exist Provide a detailed technical description of the proposed implementation Set clear expectations for total token supply and distribution Have an independent expert review the white paper

A white paper defines the network and its use cases. It is critical for buyers to be able to understand the characteristics and functionality of the token they are buying, the challenges and risks of development, and the benefits of using the network.

Principle 2: For a presale, commit to a development roadmap How?

● ● ● ● ● ● ● ● ●

Why?

Provide a detailed development roadmap Include estimates of time and costs for each stage of the project Include a breakdown of estimated expenses by category Allocate funding for each stage of development and consider restricting access to funding until milestones are achieved List the names of key members of the development team and advisors Be transparent about remuneration paid to key members of the development team and advisors Quantify early contributions of members of the development team and advisors Between sale and launch of the network, report back to token holders periodically on progress against the development roadmap Set aside funds for independent security audits and a bug bounty program

A clear development roadmap gives buyers confidence that the proceeds of the sale will be properly used for the project and that the network will be launched, meaning that they will be able to use the tokens as intended. Setting aside funding for each stage of the project helps establish structure and allows buyers to assess the likelihood of success. Using blockchain features to restrict the development team’s access to funding can deliver more transparency.

E-5

Members of the development team and advisors should be paid full and fair value for their services, through a combination of money and tokens. Quantifying the value of contributions, especially early contributions (pre-crowdsale) provides transparency. Identifying the development team and advisors helps potential buyers assess the credibility of the project and its potential for success. It reduces the likelihood of fraud. Note: Many aspects of Principle 2 only apply to token sales which occur before there is a live network using the token

Principle 3: Use an open, public blockchain and publish all code How?

● ● ● ● ●

Why?

Use an open and transparent blockchain Use open source software Where possible, commit to using standard or well-known token contracts (e.g. ERC20) Do not use a private or unintelligible blockchain, or one for which the developer is the sole or primary transaction validator Commit to undertake an independent security audit before launch

Building with open source software and using an open, public blockchain provides transparency, enables real participation from token holders and independent developers, allows for auditing, and helps prevents fraud. Enabling real and meaningful participation in the network from a diverse set of independent parties may also strengthen the arguments against the second and third criteria of the Howey test, because participants are less reliant on the initial developers.

Principle 4: Use clear, logical and fair pricing in the token sale How?

● ● ● ● ●

Why?

Set a maximum number of tokens to be sold in the crowdsale Use a pricing mechanism which does not increase over time. Consider a Dutch Auction or similar mechanism to price tokens fairly Set a cap for the amount to be raised Set a minimum amount and refund buyers if the minimum amount is not met Denominate the price in one currency (e.g. ETH or BTC)

The total proceeds from a crowdsale should not exceed the estimated costs of development. A crowdsale should be capped at the number and price of tokens required to raise this amount. Pricing mechanisms which increase over time can encourage irrational behavior (e.g. FOMO) and do not treat buyers equally. Setting the price in a single currency reduces the potential for confusion and arbitrage.

E-6

Principle 5: Determine the percentage of tokens set aside for the development team How?

Decide on the percentage of the total token supply that represents a fair reward for the work of the development team and advisors. Release those tokens to the development team incrementally over time (contingent on their continued work on the project).

Why?

Concentrating too many tokens in the hands of the development team and other contributors increases the risk of centralization of control of the network. On the other hand, setting aside too few tokens does not align the interests of the development team with the interests of other token holders. Releasing tokens to the development team over time aligns their interests with other users over a longer period. Releasing tokens to the development team over time also reduces the risk of affecting the market - it prevents large numbers of tokens from flooding the market at one time.

Principle 6: Avoid marketing the token as an investment How?

Why?

● ● ● ●

Do not promote the token as an investment that will increase in value Promote the token based on its functionality and the use case for the network Avoid analogies with existing investment language and processes - e.g. ‘ICO’ Provide appropriate disclaimers about the token as a product, not as an investment.

Marketing a token as a speculative investment, or drawing comparisons to existing investment processes, may mislead or confuse potential buyers. It may also increase the likelihood that the token is a security. Using a short, relevant disclaimer which accurately describes the risks of the tokens, protocols and network is useful. Long, legalistic disclaimers about the risks of investment are not helpful to buyers and may provide the impression that the token is an investment.

E-7

Part 3: Detailed Securities Law Analysis

E-8

December 5, 2016

Securities Law Analysis of Blockchain Tokens You should not rely on this Memorandum as legal advice. It is designed for general informational purposes only, as a guide to certain of the conceptual considerations associated with the narrow issues it addresses. You should seek advice from your own counsel, who is familiar with the particular facts and circumstances of what you intend and can give you tailored advice. This Memorandum is provided “as is” with no representations, warranties or obligations to update, although we reserve the right to modify or change this Memorandum from time to time. No attorney-client relationship or privilege is created, nor is this intended to be attorney advertising in any jurisdiction.

This outline sets forth our analysis as to whether cryptographic blockchain tokens (known as “Blockchain Tokens”) with certain features (in our parlance, “rights” versus “investment interests”) would be considered a “security” for purposes of Section 2(a)(1) of the Securities Act of 1933 (“Securities Act”) and Section 3(a)(10) of the Securities Exchange Act of 1934 (“Exchange Act”). In order to analyze Blockchain Tokens under the federal securities laws, we start with the broad definition of “security” contained in Section 2(a)(1) of the Securities Act: “any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement … investment contract … or, in general, any interest or instrument commonly known as a ‘security’, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing” (emphasis added).1 Based on that definition and our reading of relevant case law, as well as on our understanding of the facts and our review of the materials you provided on the structure of Blockchain Tokens, we conclude that appropriately designed Blockchain Tokens would not be deemed to meet the definition of security and, accordingly, that the federal securities laws would not apply to the initial distribution and subsequent trading of such Blockchain Tokens.2

We note that the Supreme Court has stated that the definitions of “security” under the Securities Act and the Exchange Act are treated as being the same, despite some technical differences. SEC v. Edwards, 540 U.S. 398 (2004) (citing Reves v. Ernst & Young, 494 U.S. 56, 61 n.1 (1990)).

Our analysis is based on our discussions with you, the materials you provided and the law as it exists as of the date hereof. We have not considered any state or non-US law analysis, including that of federal preemption related to state blue sky laws, and this outline relates solely to the definition of security under the federal securities laws. We do not express any view on any other body of law or legal construct, including without limitation the franchise laws of any state. We are unaware of any court cases, SEC rules or releases that directly address the question discussed in this memorandum as to whether Bitcoin Tokens should be characterized as a securities for purposes of Section 2(a)(1) of

E-9

We stress that this conclusion is dependent on the particular features of the relevant Blockchain Token. Accordingly, this outline first lists various rights that a Blockchain Token might have that we believe support the conclusion that it is not a security, as well as various investment interests a Blockchain Token might have that we believe would make such an instrument more likely to be considered a security. We then summarize the relevant legal principles for determining what constitutes a security, and why we conclude, based on those principles, that properly designed Blockchain Tokens are better considered something other than a security. Finally, we analogize these types of Blockchain Tokens to the rights of a franchisee or licensee, who would not be treated as a security-holder. I.

II.

Nomenclature A.

We understand that Blockchain Tokens can have different features depending on how they are designed, but at a basic level each Blockchain Token is associated with one or more computer systems.

For purposes of this analysis, we have adopted two specific terminologies: 1.

Because they are associated with one or more computer systems, when discussing Blockchain Tokens for purposes of the analysis, we use the term “system” to include any computer system, network, platform, application, software or protocol.

When considering whether a Blockchain Token could be deemed to constitute a security, we use the term “rights” to indicate features a Blockchain Token might have and likely not meet the definition of security—these rights may be individual rights or a bundle of rights granted to the holder of the Blockchain Token. We sometimes refer to these as “non-security Blockchain Tokens.” We use the term “investment interests” to indicate the features that a Blockchain Token may have that would, in our view, increase the likelihood that it would be considered a security. We sometimes refer to these as “Blockchain Token securities.”

A Preliminary List of Rights and Investment Interests A.

While we broadly discuss features that may result in a Blockchain Token being viewed as a non-security, a further analysis based on the individual facts and circumstances of each relevant Blockchain Token (and its

the Securities Act. As such, the SEC or a court could reach an alternative conclusion different from those provided in this memorandum.

E-10

system) generally would be required to appropriately determine whether a particular Blockchain Token would constitute a security and fall under the federal securities laws. B.

We generally believe that a Blockchain Token with one or more of the following rights likely should not meet the definition of security (nonsecurity Blockchain Token): 1.

Rights to program, develop or create features for the system or to â&#x20AC;&#x153;mineâ&#x20AC;? things that are embedded in the system;

Rights to access or license the system;

Rights to charge a toll for such access or license;

Rights to contribute labor or effort to the system;

Rights to use the system and its outputs;

Rights to sell the products of the system; and

Rights to vote on additions to or deletions from the system in terms of features and functionality.

We believe that a Blockchain Token with one or more of the following investment interests likely should constitute a security Blockchain Token: 1.

Ownership interest in a legal entity, including a general partnership;

Equity interest;

Share of profits and/or losses, or assets and/or liabilities;

Status as a creditor or lender;

Claim in bankruptcy as equity interest holder or creditor;

Holder of a repayment obligation from the system or the legal entity issuer of the Blockchain Token; and

A feature allowing the holder to convert a non-security Blockchain Token into a Blockchain Token or instrument with one or more investment interests, or granting the holder an option to purchase one or more investment interests.

E-11

III.

We believe that non-security Blockchain Tokens can be issued in different classes where each class has different bundles of rights (whether overlapping or not), so long as the class does not include investment interests.

We believe that the combination of investment interests with rights into the same Blockchain Token likely would result in a Blockchain Token security.

We note that an ownership interest in a fund or other legal entity vehicle that buys non-security Blockchain Tokens would still constitute ownership of a security, even if the fund would not be deemed to own any securities.

We have considered the question of whether issuance of a Blockchain Token prior to the existence of a system would constitute a security. We have not found conclusive law on the subject, but believe that the better view is that a non-security Blockchain Token does not become a security merely because the system as to which it has rights has not yet been created or completed. Although not specifically mentioned in any case law, there is a significant school of thought that argues in favor of having the launch of the system and of the associated Blockchain Tokens occur as close in time as possible in order to reduce the likelihood that the Blockchain Tokens will constitute securities. We do not express a view on the viability of this line of reasoning, but note that it potentially implicates the common enterprise element of the Howey test and the “risk of loss” analysis, each discussed below.

Analysis under the Howey Test A.

Based on the background above, we consider below whether a Blockchain Token would fall under the definitions of security outlined in the Securities Act and the Exchange Act, as well as subsequent case law further defining the term security.

The seminal Supreme Court case for determining whether an instrument meets the definition of security is SEC v. Howey, 328 U.S. 293 (1946). The Supreme Court has reaffirmed the Howey analysis as recently as 2004 in SEC v. Edwards, 540 U.S. 398 (2004).

Howey focuses specifically on the term “investment contract” within the definition of security, noting that it has been used to classify those instruments that are of a “more variable character” that may be considered a form of “contract, transaction, or scheme whereby an investor lays out money in a way intended to secure income or profit from its employment.”

E-12

Howey, 328 U.S. at 298; Golden v. Garafolo, 678 F.2d 1139, 1144 (2d. Cir. 1982) (stating “investment contract” has been used as a way to classify instruments that do not fit other categories); see also Black’s Law Dictionary (10th ed. 2014). D.

From our understanding of them, Blockchain Tokens seem most likely to be analyzed as an investment contract. Some of the investment interests listed above are more properly characterized as traditional types of securities, so their combination with a non-security Blockchain Token likely produces a Blockchain Token security.

Not every contract or agreement is an “investment contract” and the Supreme Court developed a four-part test to determine whether an agreement constitutes an investment contract and therefore a security.

The Court articulated the test as follows: A contract constitutes an investment contract that meets the definition of security if there is (i) an investment of money; (ii) in a common enterprise; (iii) with an expectation of profits; (iv) solely from the efforts of others (e.g., a promoter or third party), “regardless of whether the shares in the enterprise are evidenced by formal certificates or by nominal interest in the physical assets used by the enterprise.” Howey, 328 U.S. at 298-99. In order to be considered a security, all four factors must be met. See Edwards, 540 U.S. at 390.

We provide our analysis of a non-security Blockchain Token below, based on each Howey factor: 1.

Investment of Money. Under Howey, and case law following it, an investment of money may include not only the provision of capital, assets and cash, but also goods, services or a promissory note. See, e.g., Int’l Bhd. Of Teamsters v. Daniel, 439 U.S. 551, 560 n.12 (1979); Hector v. Wiens, 533 F.2d 429, 432-33 (9th Cir. 1976); Sandusky Land, Ltd. V. Uniplan Groups, Inc., 400 F. Supp. 440, 445 (N.D. Ohio 1975). (a)

Given the broad definition of a money investment and the fact that non-security Blockchain Tokens will be distributed through a sale by the issuer to the buyers with the price set per token, we conclude that this factor should be satisfied. 3 We reach this conclusion notwithstanding the

However, in Teamsters, the court found, in the pension benefits context, that providing labor in return for possible benefits appeared to be more akin to obtaining a livelihood rather than making an investment. Teamsters, 439 U.S. at 560. Analogously, if Blockchain Token users are granted the

E-13

fact that there may be a cap on the total amount raised and purchased. 2.

Common Enterprise. Different circuits use different tests to analyze whether a common enterprise exists. Three approaches predominate: (i) horizontal; (ii) narrow vertical and (iii) broad vertical. We define each and then discuss below. (a)

Under the horizontal approach, a common enterprise is deemed to exist where multiple investors pool funds into an investment and the profits of each investor correlate with those of the other investors. See e.g., Curran v. Merrill Lynch, 622 F.2d 216 (6th Cir. 1980). Whether funds are pooled appears to be the key question, and thus in cases where there is no sharing of profits or pooling of funds, a common enterprise may not be deemed to exist. See e.g., Hirk v. Agri-Research Council, Inc., 561 F.2d 96, 101 (finding discretionary future trading account was not investment contract because there was no pooling of funds); Wals v. Fox Hills Dev. Corp., 24 F.3d 1016 (7th Cir. 1994) (promoter of condominium timeshare did not pool profits and thus no common enterprise existed).

(b)

The narrow vertical approach looks to whether the profits of an investor are tied to a promoter. See SEC v. Eurobond Exchange Ltd., 13 F.3d 1334 (9th Cir. 1994) (imposition of profit limitations on investors through requiring promoter to receive excess return rate tied promoter’s fortunes to investors).

(c)

The broad vertical approach considers whether the success of the investor depends on the promoter’s expertise. If there is such reliance, then a common enterprise will be deemed to exist. See e.g., SEC v. Continental Commodities Corp., 497 F.2d 516 (5th Cir. 1974) (promoter’s recommendations regarding certain futures contracts demonstrated investor reliance on promoter’s expertise).

right to mine in order to earn the eventual rights or rewards to a token, it might be reasonable to conclude that no investment of money had occurred.

E-14

(d)

Analysis under the approaches: (i)

Under the horizontal approach, the Blockchain Token may be considered a common enterprise where the reward for work—through mining or otherwise—correlates to the reward received by other participants. Thus, although the issuer has some control over the protocol, the rewards received by the token holders (e.g., through the receipt of more tokens or other forms of rewards) would likely be correlated.

(ii)

Under either of the vertical approaches, however, a common enterprise may not exist given the decentralized nature of the Blockchain Token framework, whereby Blockchain Token holders depend on their own efforts (mining or otherwise), rather than the issuer’s expertise (even though in certain cases the issuer may control or influence technical permissions or changes to the protocol). Thus, depending on the level of control of exerted by the issuer, the less of a reliance on the issuer’s expertise, may result in the view that a Blockchain Token should not be viewed as having a common enterprise.

(e)

Given the diverging approaches, the law on the “common enterprise” element is somewhat unclear and not easily susceptible to analysis. Putting things in more practical terms: In one sense, it would appear that the system is a common enterprise because it involves the efforts of Blockchain Token holders (and perhaps others) to create, update and enhance a system that is used by the Blockchain Token holders and third parties. On the other hand, it is possible to conceive of a system that does not rely on concerted effort to create, update or enhance such as where independent actors use the base code for a variety of unrelated activities (for example, IBM’s Watson can be used for many different purposes by independently operating groups).

(f)

Nevertheless, it would seem to us to be the case that where the issuer of the particular Blockchain Tokens uses the funds derived from the issuance to create, support or

E-15

maintain the system, a court might find the common enterprise element satisfied. (i)

This may similarly apply in the case of a presale made prior to the launch of the system. For example, one court has found that a purchase agreement that was entered into prior to the construction of a resort community demonstrated a common enterprise. This was in part because the construction company was pooling presale purchase commitments in order to obtain financing to fund the project, and thus the completion of the project was dependent on generating sufficient investor interest. See Wooldridge Homes, Inc. v. Bronze Tree, Inc., 558 F. Supp. 1085 (D. Colo 1983).

(ii)

Although not definitive in this regard, depending on how the presale is structured, and whether the construction of the system is contingent on those funds, it may increase the likelihood that this element would be met.

(iii)

That said, we believe the better view is that a nonsecurity Blockchain Token's character is not changed merely because it is sold before the system is constructed or in order to raise funds for construction of the system. We view presales as more akin to buying the right to use the system in the future, as opposed to receiving some type of investment interest. We think the analysis should hinge on whether the Blockchain Token holder can exploit directly the system for his/her own creative purposes or to produce a good or service sold to others (that is, profit from the rights separate from others using the system). We do not believe it is dispositive that the holder may sell the Blockchain Token prior to doing so; it is the fact that s/he could exploit the system that makes the difference.

(iv)

An alternative test, known as the â&#x20AC;&#x153;risk capital test,â&#x20AC;? considers whether an investment may be viewed as passive and relying on the efforts of others. Specifically, this test looks at four factors: (i) whether funds are being raised for a business

E-16

venture or enterprise; (ii) whether the transaction is offered indiscriminately to the public at large; (iii) whether the investors are substantially powerless to effect the success of the enterprise; and (iv) whether the investor’s money is substantially at risk because it is inadequately secured. See Silver Hills Country Club v. Sobieski, 55 Cal. 2d 811 (1961). The risk capital test applies to a limited number of jurisdictions, and typically has been applied in the context of original “start-up” capitalization— particularly where membership is nothing more than a sale of right to use the existing facilities—i.e., where “the benefits of the membership have materialized and have been realized by other members prior to any capital raised by the sale of [the memberships].” See Jet Set Travels Club v. Corporation Com’r, 21 Or. App. 362 (1975). Thus, in these select jurisdictions, depending on the structure of the presale, there is some risk that the use of funds to raise capital may be viewed as a security, although this would be mitigated where some of the benefits have already been realized by other holders. We note that these cases involved memberships that did not allow for commercial exploitation for profit of the eventual club, but rather created only a personal right of use. We understand that non-security Blockchain Tokens will allow for the exploitation of the system by the holder, much like a licensee has rights to commercially exploit the license. 3.

Expectation of Profits. Under this element, profit refers to the type of return or income an investor seeks on their investment (rather than the profits that the system or issuer might earn).4 Thus, for purposes of Blockchain Tokens, this could refer to any type of return or income earned as a result of being a Blockchain Token holder, which would be narrowed to the extent it is derived passively, i.e., from the efforts of others. Since courts consider this factor through the lens of the “efforts of others” factor, we analyze

More specifically, profits may include all manner of returns, such as dividends, other periodic payments or the increased value of the investment—whether it is a variable or fixed return. See e.g., Edwards, 540 U.S. at 390.

E-17

this prong along with the fourth factor below. In other words, just because there is a return or profit, does not mean that the investment contract is a security. It is the essentially passive nature of the return, as determined by the “efforts of others” analysis, that results in an “investment contract” and security as opposed to a simple contract instrument. 4.

Solely from the Efforts of Others. Typically, courts have been flexible with the word “solely,” such that, in addition to the literal meaning, it also will include significant or essential managerial or other efforts necessary to the success of the investment. See e.g., SEC v. Glenn W. Turner Enters., 474 F.2d 476, 482-83 (9th Cir. 1973); SEC v. Koscot Interplanetary, Inc., 497 F.2d 473 (5th Cir. 1974) (holding that where promoters retain immediate control over the essential managerial conduct of an enterprise, rather than remote control similar to a franchise arrangement, this element is met); but see Hirsch v. Dupont, 396 F. Supp. 1214, 1218-20 (S.D.N.Y. 1975), aff’d, 553 F.2d 750 (2d Cir. 1977) (indicating that solely should have literal application). (a)

We analyze the “expectation of profits” and “solely from the efforts of others” factors below: (i)

The expectation of profits resulting from the purchase of a Blockchain Token would primarily relate to whether the holder receives (i) rights and/or (ii) investment interests. While non-security Blockchain Token holders may receive money or other forms of financial incentives by virtue of holding the token, we believe that any such incentives are derived through their own efforts, rather than through a passive investment (as would be the case with a Blockchain Token security).

(ii)

Essentially, each of the rights allows the nonsecurity Blockchain Token holder to utilize, contribute to or license the use of the system in various ways, none of which would be considered a passive investment. Rather, we see the non-security Blockchain Token holders as active participants, like franchisees or licensees.

(iii)

Furthermore, although an issuer may have some managerial oversight over the system and the

E-18

distribution of the Blockchain Tokens, if the holders retain voting rights related to changes to the protocol and other legal rights enforced through technical permissions, this would seem to strengthen the view that token holders have no reliance on the efforts of others. That said, security holders often have voting rights, so we do not view this point as being definitive.

(b)

(iv)

We note that appreciation in the value of a nonsecurity Blockchain Token after issuance, due to secondary trading, does not change our view that it is not an investment contract. For example, the value of license or franchise right can increase over time due to the secondary market. Such increases in value derive both of the efforts of the holder and from the system itself, so we do not view such changes as decisive.

(v)

We note that the manner in which the sale of a Blockchain Token occurs, particularly the promotion and marketing, may also affect the “expectation of profits” analysis. For example, if the language used to promote the Blockchain Token includes words like “investment,” “returns” or “profits,” the purchasers of the Blockchain Token may be more likely to expect profits from the efforts of others than if the Blockchain Token is promoted on the basis of the usefulness of the rights attaching to it.

Courts have also analyzed the existence of voting rights through this Howey factor. Whether voting rights are determinative of a security will be based on the facts at hand. For example, where (i) the holder is provided with rights that provide it with significant managerial control— i.e., the ability to participate in decisions that will affect the success of the enterprise; (ii) the holder has the resources and expertise to make a meaningful contribution; and (iii) the holder does, in fact, participate in management

E-19

decisions, the instrument is less likely to be considered a security. 5 (i)

IV.

Thus, in our view, similar to our analysis above, the existence of voting rights itself should not result in a Blockchain Token being deemed a security. Rather, whether a determination would need to be made as to whether the holder would be viewed as passive or reliant on the efforts of others. Given that holders of non-security Blockchain Tokens play a more active role by using, contributing to or licensing the use of the system, it is less likely that the voting rights in this regard would be viewed as a security.

Other Analytical Frameworks A.

Reves and Loan Versus Security. We considered several other analytical frameworks, including the rubric for analyzing whether a loan is a security under the Securities Act and Exchange Act definitions. The Supreme Court articulated this analysis in Reves v. Ernst & Young, 494 U.S. 56 (1990) through its “family resemblance” test. Given that Reves focused on the term “note” rather than “investment contract” in the definitions of security, which was later distinguished by the Edwards court on these grounds, we determined that this analysis would not be a substantive addition to the outline. 6 1.

That said, we do note that the first factor of the Reves test scrutinizes the motivations of the lender and the borrower to determine whether they are motivated by commercial purposes or for an investment. We view this element as similar to the “efforts

See, e.g., Williamson v. Tucker, 645 F.2d 404 (5th Cir.), cert. denied, 454 U.S. 897 (1981); Odom v. Slavik, 703 F.2d 212, 215 (6th Cir. 1983) (noting that “[t]he managerial powers vested in general partners and the express right of inspection of documents gives them the kind of leverage and ability to protect themselves that takes them outside the intended scope of the ‘34 Act”); see also Klaers v. St. Peter, 942 F.2d 535 (8th Cir. 1991) (finding no security where non-managing partners collectively had 80% voting power on “any items of partnership business which will substantially affect” the partners); Stewart v. Ragland, 934 F.2d 1033 (9th Cir. 1991) (finding no security even though each well was managed by an independent contractor after an examination of the “intricacies of the operating agreement” that laid out significant managerial powers retained by the non-operators, who were sophisticated investors).

Edwards, 540 U.S. at 390 (noting that Reves applies to the term “note” as opposed to “investment contract”).

E-20

of others” factor from the Howey test, and believe that non-security Blockchain Tokens are “commercial” in nature, rather than “investment” in nature, for the reasons described in Section III.7 B.

System License. Another potential framework by which to consider nonsecurity Blockchain Tokens is by using the analogy of a software license, where the rights associated with the Blockchain Tokens could be considered in line with the contractual contours of such a license. 1.

Software licenses typically are governed by contract law, and one way in which to categorize software may be through focusing on the legal rights of the licensor and what rights may be granted to the licensor. For example, the licensor’s rights would include the ability to grant or distribute all, some or none of the rights attached to the use of the software code (originally the licensor’s intellectual property), as well as the right to exclude certain parties from using any of those rights. Thus, the licensee would receive either all of these rights, or a portion of these rights, depending on what the licensor grants.

For the purposes of Blockchain Tokens, this structure would be applicable in the following manner: (i) the issuer acts as the licensor of the system, which includes the underlying protocol, as well as the associated rights; (ii) the token holder acts as the licensee, who receives those rights (or a portion of those rights) in order to use the underlying protocol and the overall system; and (iii) any associated rights provided to each token holder are accomplished through the initial issuance of the tokens (akin to negotiating a software licensing contract between two parties).

Franchise Law. Although we do not suggest that Blockchain Tokens fall under federal or state franchise law requirements, in thinking about the rights that might be included in a non-security Blockchain Token, we drew an analogy to franchise law. 1.

Under the franchise structure, a franchisor operates as the overarching organization that owns the intellectual property of the franchise (and business plan) and has the authority to sell the

Under Reves, if the purpose is, for example, to “facilitate the purchase and sale of a minor asset or consumer good, to correct for the seller’s cash flow difficulties, or to advance some other commercial or consumer purpose,” it is unlikely to be deemed a security. See Reves, 494 U.S. at 66.

E-21

franchise right to a potential franchisee. The franchisee is the person to whom these rights are granted. 2.

In receiving these rights, the franchisee pays money to the franchisor, which can be an initial fee, an ongoing royalty or both.

Typically, state and federal laws governing franchises require franchisors to provide to prospective franchisees detailed information about the franchise. The disclosure obligations under the various federal and state franchise laws are primarily to mitigate the risk of loss to franchisees that make a capital contribution to the franchise. (a)

The Federal Trade Commission (“FTC”) rules require a franchisor to provide a prospective franchisee with disclosures related to the trademark being used, the total investment needed to begin operations, the provisions of the franchise agreement and other related disclosure items related to receiving the franchise rights. 16 C.F.R. pt. 436.

(b)

New York franchise law has detailed disclosure requirements for the prospectus that the franchisor must provide to the prospective franchisee. N.Y. Gen. Bus. Law § 683, et seq.

(c)

California state law requires that a franchise agreement include certain protective rights for the franchisee should the franchisor terminate the franchise prior to its expiration date. The purpose of these provisions is to mitigate the loss of investment in the case of unlawful termination by a franchisor. Cal. Bus. & Prof. Code § 20020-22.

In a franchise, the franchisee puts forth the effort and work directly to build up the business in his/her location and the control or management of the franchisor is more remote. Thus, courts have held that a franchise interest should not be considered an investment security. See Koscot Interplanetary, 497 F.2d at 485; Lino v. City Investing, 487 F.2d 689 (3d. Cir. 1973).

We view the holder of a non-security Blockchain Token as being similar to a franchisee in that the rights granted by the Blockchain Token allow the holder to contribute to a system in a manner remote from the issuer of the Blockchain Tokens. In essence, the issuer provides the Blockchain Token holder with rights in the

E-22

system by virtue of the associated Blockchain Token, rather than through a passive investment interest.

(a)

We believe that, despite the more decentralized framework of Blockchain Tokens, the franchise analogy is still useful based on how the initial issuer grants its intellectual property—i.e., the system and its underlying protocol—to each individual token holder. Under the franchise model, a franchisor grants its intellectual property (which may also include a business plan) to a franchisor. While a franchise results in a more uniform application of the intellectual property or business plan by each franchisee, in the Blockchain Token context, analogously, the token holder is granted access to a system, which is the baseline framework by which the token holder operates.

(b)

Further, we think it is useful to consider whether the use of disclosures—both to inform token holders of their rights (e.g., voting rights and other systems rights) and to demonstrate the nature of the Blockchain Token—may be useful to incorporate at the time of the issuance of the tokens.

Conclusion A.

Based on the above, we believe that an appropriately designed Blockchain Token that consists of rights and does not include any investment interests should not be deemed to be a security, subject to the specific facts, circumstances and characteristics of the Blockchain Token itself.

Rather, given our analysis in the above, it should be characterized as a simple contract, akin to a franchise or license agreement. *

We hope this outline has been helpful. Please feel free to contact us with any further questions.

E-23

Contributors Lee Schneider (Debevoise & Plimpton LLP) Naeha Prakash (Debevoise & Plimpton LLP) Reuben Bramanathan (Coinbase) Shahab Asghar (Coinbase) Fred Ehrsam (Coinbase) Peter Van Valkenburgh (Coin Center) Matt Corva (Consensys) Joel Monegro (USV) Marco Santori (Cooley LLP) Chris Padovano (Decentralized Legal) Demian Brener (Zeppelin) Matthew Tan (Etherscan) Emma Popovska (Brontech) Chris Burniske

Further reading 1. 2. 3. 4. 5. 6.

Naval Ravikant, The Bitcoin Model for Crowdfunding Peter Van Valkenburgh, Framework for Securities Regulation of Cryptocurrencies Fred Ehrsam, How to Raise Money on a Blockchain with a Token Marco Santori, Appcoin Law: ICOs the Right Way Nick Tomaino, Discussing Cryptotoken Best Practices William Mougayar, Best Practices in Transparency and Reporting for Cryptocurrency Crowdsales

Last updated December 7, 2016

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

E-24

APPENDIX: A Securities Law Framework for Blockchain Tokens To estimate how likely a particular blockchain token is be a security under US federal securities law Refer to: full legal analysis Instructions Step 1: Review each characteristic and determine whether or not it applies to the token Step 2: Select Y or N for each characteristic Step 3: Review results at the bottom of this page

Element 1: Investment of Money Is there an investment of money? Characteristic Points There is no crowdsale. 0 New tokens are given away for free, or are earned through mining

Tokens are sold for value (crowdsale)

100

Explanation Tokens which are not sold for value do not involve an investment of money. For example, if all tokens are distributed for free, or are only produced through mining, then there is no sale for value. Tokens which are sold in a crowdsale, at any time, regardless of whether sold for fiat or digital currency (or anything else of value) involve an investment of money

Examples There was never any token sale for Bitcoin. The only way to acquire new bitcoin is via mining.

Y or N

A token which is randomly distributed for free

A token which is sold for bitcoin in a crowdsale. A token which is sold for ether in a crowdsale.

Total for Element 1

Element 2: Common Enterprise What is the timing of the sale? Characteristic Points Explanation Examples Pre-deployment 70 A sale of tokens before any code has been A developer has an idea for a new protocol, deployed on a blockchain is more likely to writes a white paper and does a crowdsale. result in a common enterprise where the profits arise from the efforts of others. This is because the buyers are completely dependent on the actions of the developers, and the buyers cannot actually participate in the network until a later time. The protocol is operational on a test network

If there is a functioning network there is less likely there is to be a common enterprise where the profits arisef rom the efforts of others. The closer the sale is to launch of the network, the less likley there is to be a common enterprise.

Live network is operational

If the token is sold once there is an operational The crowdsale is done at the same time the network using the token, or sold immediately network is launched. before the network goes live, it is again less likely to result in a common enterprise

Y or N

A developer has an idea for a new protocol, writes a white paper and deploys a working test network before doing a crowdsale.

What do token holders have to do in order to get economic benefits from the network? Characteristic Points Explanation Examples All token holders will 25 If returns are paid to all token holders equally ‘HodlToken’ holders are automatically paid an always receive the (or in proportion to their token holdings) amount of ETH each week, based on fees same returns regardless of any action on the part of the generated by other users of the network token holder, then their interests are more likely aligned in a common enterprise ‘FoldToken’ does not pay any return, and there is no way to earn more tokens within the network (but they can be bought, sold or traded)

Y or N

E-25 There is a possibility of varying returns between token holders, based on their participation or use of the network

-20

If token holders’ returns depend on their own efforts, and can vary depending on the amount of effort they each put in, then there is less likely to be a common enterprise

‘CloudToken’ holders can earn more tokens by providing data storage on the network, or can spend tokens to access data storage. Holders who do not provide data storage do not earn any more tokens.

Total for Element 2

Element 3: Expectation of Profit What function does the token have? Characteristic Points Explanation Ownership or equity 100 Tokens which give, or purport to give, interest in a legal entity, traditional equity, debt or other investor rights including a general are almost certainly securities. partnership Entitlement to a share of profits and/or losses, or assets and/or liabilities

100

Gives holder status as a creditor or lender

100

A claim in bankruptcy as equity interest holder or creditor

100

A right to repayment of purchase price and/or payment of interest

100

No function other than mere existence

100

Examples A developer releases and sells 100 ‘BakerShares’ tokens. Each token entitles the holder to 1 share in Baker, Inc.

Y or N

A developer releases and sells 100 If one or more of these characteristics ‘BakerProfit’ tokens. Each token entitles the apply, the token is almost certainly a holder to 1% of the profits of Baker, Inc. for the security, notwithstanding the results of the next year. other elements A developer releases and sells 100 ‘BakerDebt’ tokens. Each token entitles the holder to principal and interest repayments based on the initial token sale price.

A token which does not have any real function, or is used in a network with no real function, is very likely to be bought with an expectation of profit from the efforts of others, because no real use or participation by token holders is possible.

A developer releases and sells 100,000 ‘SocialCoin’ tokens to fund the development of a new Social Network. However, SocialCoin is not required to access the network and has no real function after the sale.

Voting rights alone do not constitute real functionality. Specific functionality that is only available to token holders

A token which has a specific function that is 'CloudToken’ is the only way to access and only available to token holders is more likely to use a decentralized file storage network. be purchased in order to access that function and less likely to be purchased with an expectation of profit.

Does the holder rely on manual, off-blockchain action to realize the benefit of the token? Characteristic Points Explanation Examples Manual action is 80 A token whose value depends on someone A developer releases and sells ‘FreightCoin’, which will allow the holder to pay FreightCoin required outside of the taking specific manual action outside of the network (e.g. offnetwork means that the token is not functional to access capacity on a new real-world freight blockchain) in order for in and of itself. Instead, the token relies on a network. The network relies on legal the holder to get the level of trust in a third party taking action offcontractual relationships and manual actions. benefit of the token blockchain. This sort of token is more likely to (This alone does not make FreightCoin a be bought for speculation - i.e. the expectation security) of profits. All functionality is inherent in the token and occurs programmatically

A token which is built with all the necessary technical permissions means that the token holder does not rely on manual actions of any third party. This means that the buyers are more likely to purchase the token for use rather than with the expectation of profit from the efforts of others.

Holders of ‘SongVoteToken’ can sign transactions on the network as votes for their favorite new songs and earn rewards for doing so.

Y or N

E-26 What is the timing of the sale? Characteristic Points Explanation Pre-deployment 20 A sale of tokens before any code has been deployed on a blockchain is more likely to result in buyers purchasing for speculative reasons with the expectation of profit, rather than practical use cases. The protocol is 10 If the sale occurs after code has been operational on a test deployed and tested, the token is closer to network being able to be used Live network is 0 If the token is sold once there is an operational operational network using the token, or immediately before the network goes live, it is more likely to be purchased with the intention of use rather than profit. Can the token holders exercise real and significant control via voting? Characteristic Points Explanation Token holders as a -20 If the collective approval of token holders is whole are able to required in order for the development team to control the access the funds raised in the crowdsale, then development team’s any value realized by the token holders is access to funds more closely tied to their own decisions, and less reliant on the efforts of others.

Token holders as a whole are able to vote on significant decisions for the protocol

-10

If the collective approval of token holders is required in order to make significant changes to the protocol, then any value realized by the token holders is more closely tied to their own decisions, and less reliant on the efforts of others.

Examples A developer has an idea for a new protocol, writes a white paper and does a crowdsale.

Y or N

A developer has an idea for a new protocol, writes a white paper and develops a working test network before doing a crowdsale. The live network is launched before the crowdsale.

Examples A development team sells 100,000 Tokens for a total of 100,000 ETH.

Y or N

50,000 ETH will be released from the token contract to the development team immediately, but the remainder is only released once milestones are met, which requires approval of a majority of the token holders each time. If the milestones are never met, the remaining ETH will be returned to the token holders. Changes to the protocol require a vote by token holders.

Note: Voting rights must be in addition to functionality. A token with voting rights alone and no other real functionality is very likely to satisfy element 3

How is the token sale marketed? Characteristic Points Explanation Marketed as an 'Initial 50 It is not possible to prevent some buyers from Coin Offering' or similar buying a token purely for speculation. However, marketing the token as an investment leads buyers to believe they can profit from holding or trading the token, rather than from using the token in the network.

Examples ‘ProfitCoin’ includes potential of ‘high ROI’ and ‘investor profits’ in its marketing material.

Using terms like 'Initial Coin Offering' or 'ICO', and investment-related language like ‘returns’ and ‘profits’ encourages buyers to buy a token for speculation, rather than use. Marketed as a Token Sale

Marketed as a sale of tokens which give the right to access and use the network

There is no economic return possible from using the network

-100

If there is genuinely no economic return possible for the token holders, then there is unlikely to be a common enterprise. This will be rare.

Backers contribute to a cause and receive a ‘thank you’ token which has no economic value.

Y or N

E-27 Results Guide

Your results Total Points

How likely is the element to be satisfied?

0 or less

Very unlikely

Total for Element 1

1 - 33

Unlikely

Total for Element 2

34 - 66

Equally likely and unlikely

Total for Element 3

67 - 99

Likely

100 or more

Very likely

Overall Risk Score

A token will only be a security if it satisfies all three elements. The higher the point score for each element, the more likely the element is to be satisfied. For many blockchain tokens, the first two elements of the Howey test are likely to be met. The third element has the most variables and the most different outcomes depending on the characteristics of the particular token.

Important notes Please remember that this methodology produces nothing more than an estimate. The Overall Risk Score and the categories of likelihood are a guide only. The Howey test has not yet been directly applied by the courts to any digital currency or blockchain token. The Howey test as applied by the courts does not involve any points-based calculation. The points system is intended as a guide - to highlight the characteristics of a token which are relevant to the securities law analysis. This Framework should be read together with the full legal analysis. This Framework and the full legal analysis may be updated in the future as the law in this area develops. You should not rely on this Framework as legal advice. It is designed for general informational purposes only, as a guide to certain of the conceptual considerations associated with the narrow issues it addresses. You should seek advice from your own counsel, who is familiar with the particular facts and circumstances of what you intend and can give you tailored advice. This Framework is provided "as is" with no representations, warranties or obligations to update, although we reserve the right to modify or change this Framework from time to time. No attorney-client relationship or privilege is created, nor is this intended to be attorney advertising in any jurisdiction. Last updated December 7, 2016

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 1 of 16

E-29

1 CAROLINE D. CIRAOLO Principal Deputy Assistant Attorney General 2 JEREMY N. HENDON (ORBN 982490) 3 AMY MATCHISON (CABN 217022) 4 Trial Attorneys United States Department of Justice, Tax Division 5 P.O. Box 683, Ben Franklin Station Washington, D.C. 20044 6 Telephone: (202) 353-2466 (202) 307-6422 7 Fax: (202) 307-0054 8 E-mail: Jeremy.Hendon@usdoj.gov Amy.T.Matchison@usdoj.gov 9 Western.Taxcivil@usdoj.gov 10 BRIAN J. STRETCH (CABN 163973) United States Attorney 11 THOMAS MOORE (ALBN 4305-O78T) 12 Chief, Tax Division COLIN C. SAMPSON (CABN 249784) 13 Assistant United States Attorney 450 Golden Gate Avenue, 11th Floor 14 San Francisco, California 94102 15 Telephone: (415) 436-7020 Email: Colin.Sampson@usdoj.gov 16 Attorneys for United States of America 17 UNITED STATES DISTRICT COURT FOR THE 18 NORTHERN DISTRICT OF CALIFORNIA 19 IN THE MATTER OF THE TAX LIABILITIES OF: 20 JOHN DOES, United States persons who, 21 at any time during the period January 1, 2013, through December 31, 2015, conducted 22 transactions in a convertible virtual currency as defined in IRS Notice 2014-21. 23 24 25

) ) Civil Number: ) ) ) UNITED STATES’ MEMORANDUM IN ) SUPPORT OF EX PARTE PETITION ) FOR LEAVE TO SERVE JOHN DOE ) SUMMONS ) )

The United States of America submits this memorandum in support of its petition for an order

26 approving the service of an Internal Revenue Service “John Doe” summons on Coinbase, Inc. for 27 information related to transactions conducted in convertible virtual currency as defined in IRS Notice Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 1

E-30

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 2 of 16

1 2014-21. Pursuant to 26 U.S.C. § 7609(h)(2), the Court’s determination to approve a John Doe 2 summons shall be made ex parte and shall be made solely on the petition and supporting affidavits. 3 Thus, the pleadings filed in this proceeding will not be served upon any person or entity and no other 4 filings are permitted from other persons or entities. Accordingly, this matter is ripe for the Court’s 5 consideration. The United States requests that the Court review the petition and supporting documents 6 and enter the proposed order at the Court’s earliest opportunity. 7 8

INTRODUCTION The IRS is responsible for monitoring ways in which United States taxpayers evade their United

9 States tax obligations by concealing or otherwise failing to report their proper amount of taxable income 10 and thus underpay their taxes. The ever-changing digital age and innovation pose new risks for the IRS 11 and tax compliance by United States taxpayers. One such innovation is the creation of virtual currency 12 which, unlike U.S. dollars or other government-issued currencies, does not have a physical coin or bill 13 associated with their circulation and is not owned by any government. 14

Since 2009, the use of virtual currency has increased exponentially. Some users value the

15 relatively high degree of anonymity associated with virtual currency transactions because only a 16 transaction in virtual currency, such as buying goods or services, is public and not the identities of the 17 parties to the transaction. Because of that, virtual currency transactions are subject to fewer third-party 18 reporting requirements than transactions in conventional forms of payment. However, due to this 19 anonymity and lack of third-party reporting, the IRS is concerned that U.S. taxpayers are underreporting 20 taxable income from transactions in virtual currencies. Further, because the IRS considers virtual 21 currencies to be property, United States taxpayers can realize a taxable gain from buying, selling, or 22 trading in virtual currencies. There is a likelihood that United States taxpayers are failing to properly 23 determine and report any taxable gain from such transactions. 24

In order to identify taxpayers who have may have underpaid taxes associated with transactions in

25 virtual currency, the United States brings this ex parte proceeding under § 7609(f) and (h) of the Internal 26 Revenue Code (26 U.S.C.) for leave to serve a John Doe summons on Coinbase. The John Doe 27 summons seeks records relating to transactions in convertible virtual currency as defined in IRS Notice Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 2

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 3 of 16

E-31

1 2014-21. See Declaration of Senior Revenue Agent Davide Utzke in Support of Ex Parte Petition for 2 Leave to Serve “John Doe” Summons (“Utzke Decl.”) Exhibit B. The John Does whose identities are 3 sought by the summons are United States persons who, at any time during the period January 1, 2013, 4 through December 31, 2015, conducted transactions in a convertible virtual currency. The issuance of 5 the summons is warranted here because (i) the summons relates to an ascertainable group or class of 6 persons; (ii) there is a reasonable basis for believing these U.S. taxpayers failed to comply with internal 7 revenue laws; and (iii) information sufficient to establish these U.S. taxpayers’ identities is not readily 8 available to the IRS from other sources. 9

BACKGROUND

Virtual currency is a digital representation of value that functions as a medium of exchange, a

What virtual currency is and how it works

12 unit of account, and/or a store of value. Utzke Decl. ¶ 7. In some situations, virtual currency operates 13 like “traditional currency,” i.e., the coin and paper money of a country that is designated as legal tender. 14 However, it does not have legal tender status in any jurisdiction. Id. A virtual currency is considered 15 “convertible” if it has an equivalent value in traditional currency or acts as a substitute for traditional 16 currency. Convertible virtual currency can be digitally traded between users and can be purchased for, 17 or exchanged into, U.S. dollars, Euros, and other traditional or virtual currencies. Id. 18

In order to transact in a virtual currency system, a user would need to create a “wallet.” A wallet

19 is a digital computer file that contains information necessary to send and receive units of a virtual 20 currency. Id. at ¶ 8. When the wallet is created, a random wallet address is generated; this is a unique 21 alphanumeric identifier, which is conceptually similar to an e-mail address. Id. 22

A wallet holds any number of public keys and their associated private keys. The public key and

23 private key are conceptually similar to a user ID and a digital signature, respectively. In order to 24 exchange units of a virtual currency, a virtual currency user needs to electronically send their public key 25 to anyone with whom they want to transact. Id. at ¶ 9. The public key contains information that verifies 26 the wallet and the private key is used to authenticate a transaction. Only once the transaction is signed 27 by both parties, is the transaction complete. A completed transaction is then introduced to a network of Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 3

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 4 of 16

E-32

1 computers monitored by competing groups of people called miners. After computers on the network 2 confirm that a transaction is authentic, the transaction is posted to a “block” – a grouping of transactions. 3 When a specified number of confirmed transactions have been grouped, a block is formed. Id. at ¶ 11. 4 Miners then compete against each other to find a solution to a mathematical puzzle that depends on the 5 contents of the block; once a solution is found, that block will be added to the blockchain. 6

Miners maintain the integrity of the blockchain: a sequential public list of all transactions.

7 Miners also validate transactions that go into the blockchain with the motive of earning virtual currency. 8 Id. When a new block is added to the blockchain, new virtual currency coins are generated and awarded 9 to the miner who discovered the mathematical puzzle solution that allows the new block to be added to 10 the blockchain. The cycle then repeats. Id. 11

All transactions in a virtual currency blockchain can be viewed by the public on any computer

12 connected to the Internet. However, the blockchain transactional history only reveals the date, the time, 13 the amount (denominated in virtual currency), and the wallet addresses associated with a transaction. 14 The blockchain does not identify the actual identities of the wallet owners. Id. at ¶ 12. 15

There are nearly a thousand virtual currencies, but the most widely known virtual currency, and

16 largest by capitalization, is bitcoin. Other virtual currencies mimicking bitcoin using the blockchain 17 technology are known as alternative coins or altcoins for short. Just a few examples of altcoins are 18 Ethereum, Litecoin, Ripple, Feathercoin, and Dogecoin. Id. at ¶ 13. 19

How virtual currency can be obtained and used

In order to buy virtual currency with a medium of exchange denominated in a traditional

21 currency, such as a conventional check, credit card, wire, or Automated Clearing House (ACH) 22 electronic payment, a virtual currency user will have to find some way to transfer traditional currency to 23 someone who already has virtual currency and wishes to exchange it for traditional currency. Id. at ¶ 14. 24 In theory, this could be anyone with a virtual currency; in practice, this tends to be managed by 25 businesses called virtual currency exchangers that trade between virtual currencies and traditional 26 currencies. Id. 27 Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 4

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 5 of 16

E-33

A virtual currency exchanger functions much like an exchanger for traditional currency except it

2 can exchange virtual currency for traditional currency or vice versa. Because virtual currency 3 exchangers may receive conventional checks, credit card, debit card, or wire transfer payments in 4 exchange for virtual currency, they are a link between virtual currency systems and conventional 5 banking and money-transmittal systems. Id. at ¶ 15. 6

A virtual currency exchanger may operate on one or more virtual currency platforms. The

7 exchange rate between traditional currency and virtual currency, and between different virtual currency 8 systems, is typically set by supply and demand, and different exchangers compete for business. Because 9 mechanisms exist for exchanging virtual currencies and traditional currencies, virtual currencies have 10 spread beyond online transfers between consumers; they are now used for purchases from brick-and11 mortar businesses as well as online merchants. Id. at ¶ 16. 12

Virtual currency exchangers may also provide wallet services, which allow a user to quickly

13 authorize virtual currency transactions with another user through the use of a traditional money account 14 held at the exchanger, similar to a margin account held with a stock broker. Wallet accounts are easily 15 accessed through a computer or mobile device like a smartphone. Id. at ¶ 17. 16

Coinbase is a virtual currency exchanger headquartered in San Francisco, California. It offers

How Coinbase operates in the virtual currency world

18 buy/sell trading functionality in 32 countries, maintains over 4.9 million wallets with wallet services 19 available in 190 countries, 3.2 million customers served, and $2.5 billion exchanged in bitcoin. Id. at ¶ 20 39. As of December 2015, Coinbase was the fourth largest exchanger globally of bitcoin into U.S. 21 dollars and the largest exchanger in the United States of bitcoin into U.S. dollars. Coinbase started 22 business in June 2012 as a digital wallet service. By October 2012, the company launched the ability to 23 buy and sell bitcoin through bank transfers. Id. By 2014, Coinbase had grown to one million users and 24 had formed partnerships with Overstock, Dell, Expedia, Dish Network, Time Inc., and Wikipedia and 25 assisted Stripe, Braintree, and PayPal in accepting bitcoin payments. Id. at ¶ 40. 26

As of December 2015, Coinbase has four main products: (1) an exchange for trading bitcoin and

27 fiat currency (fiat currency is legal tender that is backed by the government that issued it); (2) a wallet Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 5

E-34

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 6 of 16

1 for bitcoin storage and transactions; (3) an application programming interface (API) for developers and 2 merchants to build applications and accept bitcoin payments; and (4) “Shift Card,” the first U.S.-issued 3 bitcoin debit card. Id. at ¶ 42. The Shift Card is a VISA branded debit card that enables Coinbase users 4 in the United States (that reside in one of twenty-four states and Washington, D.C.) to spend bitcoin 5 anywhere VISA is accepted. Id. 6

The IRS’s investigation into the use of virtual currency

In 2013, at the request of the Senate Finance Committee, the Government Accountability Office

8 (“GAO”) issued a report regarding tax compliance issues relating to virtual currencies. See U.S. Gov’t 9 10 11 12

Accountability Office Report GAO-13-516, Virtual Economies and Currencies: Additional IRS Guidance Could Reduce Tax Compliance Risk, http://www.gao.gov/products/GAO-13-516. Through interviews with industry representatives, tax professionals, IRS officials and academics, the GAO report

13 identified several tax compliance risks associated with virtual currencies, including lack of third-party 14 reporting, lack of knowledge among taxpayers, and uncertainty over the characterization of gains 15 realized from virtual currencies. Id. at 14. The report found that “some taxpayers may use virtual 16 economies and currencies as a way to evade taxes. Because transactions can be difficult to trace and 17 18 19 20 21

many virtual economies and currencies offer some level of anonymity, taxpayers may use them to hide taxable income.” Id. The report recommended that the IRS promulgate additional guidance tax regarding convertible virtual currencies. Id. at 17. In response to this report, in March 2014, the IRS issued Notice 2014-21, which describes how

22 the IRS applies U.S. tax laws and general tax principles to transactions involving virtual currency. See 23 Notice 2014-21 (Utzke Decl. Exhibit A). In Notice 2014-21, the IRS stated its position that virtual 24 25 26 27

currencies that can be converted into traditional currency are property for tax purposes, and a taxpayer can have a gain or loss on the sale or exchange of a virtual currency, depending on the taxpayer’s cost to purchase the virtual currency (that is, the taxpayer’s tax basis).

Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 6

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 7 of 16

E-35

In May 2014, the GAO issued a second report that focused more broadly on the public policy

2 challenges posed by the use of virtual currencies. The report found that due in part to “the higher degree 3 4

of anonymity” offered by virtual currencies, they “may be attractive to parties seeking to . . . move or conceal money obtained by illegal means.” See U.S. Gov’t Accountability Office Report GAO-14-496,

5 6 7

Virtual Currencies’ Emerging Regulatory, Law Enforcement, and Consumer Protection Challenges, http://www.gao.gov/products/GAO-14-496; see also Omri Marian, Are Cryptocurrencies Super Tax

8 Havens?, 112 Mich. L. Rev. First Impressions 38 (2013) (concluding that virtual currencies share the 9 characteristics of tax havens because earning are not subject to taxation, taxpayer anonymity is 10 maintained, and their operation is not dependent upon financial institutions); Nicholas Godlove, 11 12 13 14

Regulatory Overview of Virtual Currency, 10 Okla. J. L. & Tech. 71 (2014) (identifying an advantage of virtual currency as ease of use in illegal or sensitive transactions, including money laundering and tax evasion); Virtual Currency: Hearing Before the Committee on Banking, Housing, and Urban Affairs,

15 Subcommittee on National Security and International Trade and Finance with Subcommittee on 16 Economic Policy, 113th Cong. (2013) (statement of Jennifer Shasky Calvery, Director Financial Crimes 17 Enforcement Network, United States Department of the Treasury) (virtual currency has the potential to 18 be exploited for money laundering because of its anonymity, accessibility, and regulatory challenges); 19 20 21 22

Money Laundering in Digital Currencies, United States Department of Justice National Drug Intelligence Center, Product No. 2008-R0709-003 (June 2008) (virtual currencies provide an ideal money laundering instrument because they facilitate payments without the concern for documentation,

23 identification, or law enforcement suspicion). Recently, the Treasury Inspector General for Tax 24 Administration issued a report on the increased use of virtual currencies and the associated risks of 25 reporting noncompliance in taxable transactions. Treasury Inspector General for Tax Administration 26

Reference Number: 2016-30-083, As the Use of Virtual Currencies in Taxable Transactions Become

27 Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 7

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 8 of 16

E-36

1 More Common, Additional Actions Are Needed to Ensure Taxpayer Compliance (September 21, 2016) 2 https://www.treasury.gov/tigta/auditreports/2016reports/201630083fr.pdf. 3 4

The IRS has continued to gather information regarding the tax compliance issues posed by the use of virtual currency. Senior Revenue Agent Utzke identified and interviewed three taxpayers who

5 6 7

had used virtual currencies as a means of evading taxes. Utzke Decl. ¶¶ 30, 34. Two of these taxpayers were corporate entities with annual revenues of several million dollars that bought and sold bitcoins. Id.

8 at ¶ 34. Both entities had wallet accounts at Coinbase and attempted to conceal bitcoin transactions as 9 technology expenses on their tax returns. Id. The third taxpayer diverted his income to an offshore tax 10 haven and used virtual currency to repatriate his assets without government detection. Id. at ¶ 31. In 11 12 13 14

addition to these, Senior Revenue Agent Utzke’s research identified individuals prosecuted and convicted of federal crimes for anti-money laundering and/or operating an unlicensed money services business involving virtual currency transactions. Id. at ¶ 35. IRS records indicate that these defendants

15 never reported to the IRS their virtual currency transactions. Id. 16

Senior Revenue Agent Utzke also identified a host of factors that increase the likelihood that the

17 proposed summons will reveal the identities of delinquent taxpayers. These include: 18



The fact that virtual currency transactions are subject to fewer third-party reporting requirements than conventional forms of payment, which in the IRS’s experience, significantly increases tax underreporting (id. at ¶ 37);



The relatively high degree of anonymity associated with virtual currency transactions (id. at ¶ 38);



A public perception that virtual currency can be used to evade taxes, including at least one instance of open acknowledgement by bitcoin users that tax evasion is a soughtafter feature of using bitcoins (id. at ¶ 35 citing “Bitcoin Celebrated As Way To Avoid Taxes,” Huffington Post (April 16, 2013) available at www.huffingtonpost.com/2013/04/16/bitcoin-taxes_n_3093182.html (accessed November 16, 2016)); and



Failure among virtual currency users to afford virtual currency transactions the proper tax treatment, including the proper valuation of such transactions (id. at ¶ 29).

19 20 21 22 23 24 25 26 27

Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 8

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 9 of 16

E-37

To further its investigation into the identities of U.S. taxpayers who have failed to disclose tax

2 information relating to their participation in virtual currency transactions, the IRS is seeking to issue a 3 4

summons that will allow it to identify U.S. persons who have not properly reported income arising from their use of virtual currency. The John Doe class, therefore, is as follows:

5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency as defined in IRS Notice 2014-21. Utzke Decl. Exhibit B. This summons seeks account registration records and any Know-Your-Customer due diligence performed for each account owned or controlled by a user during the stated period, the associated transaction records, account statements, and records of payments made and processed for these users. These types of documents should reveal the identity of account holders, as well as amounts of transactions from those accounts. As discussed below, the summons and its John Doe class are authorized and appropriate under 26 U.S.C. § 7609. ARGUMENT The Summons Meets the Requirements for an IRS “John Doe” Summons One of the primary functions of the IRS is to review and audit tax returns submitted by U.S. taxpayers to ensure that all applicable taxes have been paid. Accordingly, § 7601 of the Internal Revenue Code requires the Secretary of the Treasury to “cause officers or employees of the Treasury Department to proceed, from time to time, through each internal revenue district and inquire after and concerning all persons therein who may be liable to pay any internal revenue tax.” 26 U.S.C. § 7601. To aid the IRS in carrying out this function, § 7602 authorizes the Secretary to summon records and testimony that may be relevant or material to an investigation. 26 U.S.C. § 7602. Specifically, § 7602, from which the IRS derives its principal information-gathering powers, authorizes the IRS: [f]or the purpose of ascertaining the correctness of any return, making a return where none has been made, [or] determining the liability of any person for any internal revenue tax . . . [t]o summon . . . any person having possession, custody, or care of books of account containing entries relating to the business of the person liable for tax . . ., or any other person the Secretary may deem proper, to appear . . . and to produce such books, papers, records, or other data, and to give such testimony, under oath, as may be relevant or material to such inquiry. Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 9

E-38

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 10 of 16

In passing § 7602, Congress intended “to provide the Secretary with broad latitude to adopt

2 enforcement techniques helpful in the performance of his tax collection and assessment responsibilities.” 3 United States v. Euge, 444 U.S. 707, 715 n.9 (1980). The Supreme Court has noted that § 7602 forms 4 the “centerpiece” of the IRS’s “expansive information-gathering authority.” United States v. Arthur 5 Young & Co., 465 U.S. 805, 816 (1984); see United States v. Clarke, 134 S. Ct. 2361, 2367 (2014) 6 (“And such an investigatory tool, we have recognized, is a crucial backstop in a tax system based on 7 self-reporting.”). “Under 26 U.S.C. § 7602, the IRS has wide latitude to issue a summons for 8 investigatory purposes.” Reiserer v. United States, 479 F.3d 1160 1166 (9th Cir. 2007) (citing United 9 States v. Jose, 131 F.3d 1325, 1327 (9th Cir. 1997) (en banc)). “‘To establish a need for judicial 10 enforcement, this showing need only be minimal . . . . [T]he statute must be read broadly in order to 11 ensure that the enforcement powers of the IRS are not unduly restricted.’” Jose, 131 F.3d at 1327-28 12 (quoting Liberty Fin. Servs. v. United States, 778 F.2d 1390, 1392 (9th Cir. 1985)); see also Arthur 13 Young, 465 U.S. at 816 (“the very language of § 7602 reflects … a congressional policy choice in favor 14 of disclosure of all information relevant to a legitimate IRS inquiry. In light of this explicit statement by 15 the Legislative Branch, courts should be chary in recognizing exceptions to the broad summons 16 authority of the IRS”). 17

The IRS’s authority to issue John Doe summonses to banks or other depositories to discover the

18 identity of individuals who may have failed to disclose all of their income was expressly recognized by 19 the Supreme Court in United States. v. Bisceglia, 520 U.S. 141 (1975), and later codified in § 7609(f), 20 which provides:

Any summons . . . which does not identify the person with respect to whose liability the summons is issued may be served only after a court proceeding in which the Secretary establishes that –

(1)

the summons relates to the investigation of a particular person or ascertainable group or class of persons,

(2)

there is a reasonable basis for believing that such person or group or class of persons may fail or may have failed to comply with any provision of any internal revenue law, and

24 25 26 27

(3)

the information sought to be obtained from the examination of the records or testimony (and the identity of the person or persons with respect to whose liability the summons is issued) is not readily available from other sources. Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 10

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 11 of 16

E-39

1 26 U.S.C. § 7609(f). The Court’s determination as to whether the IRS has met the requirements under § 2 7609(f) for the issuance of a John Doe summons “shall be made ex parte and shall be made solely on the 3 4 5 6 7 8 9 10 11 12 13

petition and supporting affidavits.” 26 U.S.C. § 7609(h)(2). Here, the Court should authorize service of the summons because all three statutory prerequisites have been met. First, the summons relates to the investigation of an ascertainable group or class of persons, namely U.S. taxpayers who have conducted transactions in convertible virtual currency. Second, there is a reasonable basis for believing that U.S. persons who conducted such transactions may have failed to report income to the IRS, thereby violating one or more provisions of the internal revenue laws. Third, the information sought is not readily available to the IRS from other sources. A.

The IRS investigation concerns an ascertainable class

The summons here clearly relates to an investigation of an ascertainable group of people, which the summons defines as “United States persons who, at any time during the period January 1, 2013,

14 through December 31, 2015, conducted transactions in a convertible virtual currency as defined in IRS 15 Notice 2014-21.” Utzke Decl. Ex. B. In other words, the summons relates to the IRS’s investigation of 16 U.S. taxpayers who transacted in virtual currency between 2013 through 2015. This is sufficient to 17 18 19 20

establish that the summons relates to an ascertainable group of persons. Although neither the statute nor the case law further define the term “ascertainable group or class of persons” as it is used in § 7607(f), cases have endorsed the service of John Doe summonses seeking

21 information on a group of people defined in a similar manner (i.e., by the type of transaction they 22 engaged in and the date of the transaction. See, e.g.: 23 24 25 26 27



In re Tax Liabilities of John Does, United States Taxpayers Who, at Any Time During the Years Ended December 31, 2004 Through December 31, 2012, Directly or Indirectly Had Interests In or Signature or Other Authority With Respect to Any Financial Accounts Maintained At, Monitored By, Or Managed Through CIBC FirstCaribbean International Bank Limited (Collectively FCIB) or Other Financial Institutions FCIB Permitted To

Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 11

E-40

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 12 of 16

Transact Client Business Through its United States Correspondent Account at Wells

Fargo Bank, N.A., Order Granting Ex Parte Petition for Leave to Serve “John Doe”

Summons, Docket No. 6, Case No. 13-CV-1938 (TEH) (N.D. Cal. Apr. 29, 2013)

(holding that IRS investigation related to ascertainable group of people for “John Doe”

5 summons to Wells Fargo Bank, N.A. seeking documents establishing the identity of U.S.

taxpayers for the years ended December 31, 2004 through December 31, 2012, who had

7 8

interests in or signature or other authority with respect to financial accounts that FCIB

permitted to transact business through its correspondent account at Wells Fargo Bank,

10 11

N.A. (a copy of this Order is attached herewith); 

In re Tax Liabilities of John Does Who from December 31, 2002 through December 21, 2010 had Interests in Financial Accounts Managed through HSBC India, Order Granting

Ex Parte Petition for Leave to Serve “John Doe” Summons, Docket No. 10, Case No. 11-

14 15

CV-1686 (LB) (N.D. Cal. Apr. 7, 2011) (holding that IRS investigation related to an

ascertainable group of people for “John Doe” summons on HSBC Bank USA, N.A.

seeking documents establishing the identity of U.S. taxpayers “who at any time during

the years ended December 31, 2002 through December 31, 2010, directly or indirectly

had interests in or signature or other authority … with respect to any financial accounts

20 maintained at, monitored by, or managed through [HSBC India]”)(a copy of this Order is

attached herewith);

22 23



In re Tax Liabilities of John Does Who from January 1, 2005 through December 31,

2010, Transferred Real Property in the State of California, 2011 WL 6302284, at *2,

Case No. 2:10-mc-00130 (E.D. Cal. Dec. 15, 2011) (holding that IRS investigation

26 27

related to an ascertainable group of people where the summons “squarely particularize[d] the individuals sought from the general public” by identifying the class as California Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 12

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 13 of 16

E-41

residents who between 2005 and 2010 were involved in certain real property transfers for

little or no consideration);



In re Tax Liabilities of John Does, 2003 WL 22953182, at * 1, Case No. 03-22793-CIV (S.D. Fla. Oct. 30, 2003) (holding that IRS investigation related to an ascertainable group

of people where summons identified class as U.S. taxpayers who between 1997 and 2003

6 7

sold credit insurance policies where the policies were reinsured with entities in the Turks

and Caicos Islands).

9 Here, similarly, the IRS has established that the investigation underlying the summons relates to an 10 “ascertainable group or class of persons.” 26 U.S.C. § 7609(f). 11 12 13

There is a reasonable basis to believe that the unknown persons may fail, or may have failed, to comply with the internal revenue laws

The IRS has a reasonable basis to believe that the unknown individuals who comprise the group

14 of persons set forth in the summons failed or may have failed to comply with provisions of the internal 15 revenue laws. When enacting § 7609(f), Congress did “not intend to impose an undue burden on the 16 [IRS] in connection with obtaining a court authorization to serve this type of summons.” H. Rep. No. 17 940658, 94th Cong., 1st Sess., at 311. Accordingly, to meet the “reasonable basis” prong, the IRS need 18 only show that a transaction has occurred that is “of such a nature as to be reasonably suggestive of the 19 possibility that the correct tax liability with respect to that transaction may not have been reported.” Id. 20 Courts, therefore, have interpreted this requirement narrowly as intended only “to prevent the Service 21 from exercising its summons power in an arbitrary or quixotic manner.” In re Tax Liabilities of John 22 Does, Members of the Columbus Trade Exchange in the Years 1977 and 1978, 671 F.2d 977, 980 (6th 23 Cir. 1982) (authorizing John Doe summons to barter exchange organization seeking identities of barter 24 transaction participants for two tax years). 25

Here, based on the IRS’s experience, U.S. taxpayers have made use of virtual currencies to evade

26 the reporting and payment of taxes. See Utzke Decl. at ¶¶ 30, 34. As described above, Senior Revenue 27 Agent Utzke is aware of three instances of U.S. taxpayers using virtual currency transactions to conceal Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 13

E-42

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 14 of 16

1 income, two involve Coinbase. Id. There have also been criminal proceedings in the United States in 2 which the defendants were proved or alleged to have used virtual currencies for money laundering 3 and/or the operation of an unlicensed money services business. Id. at ¶ 35. IRS records indicate that 4 these defendants never reported to the IRS their virtual currency transactions. Id.; see, e.g., Sarah 5 Gruber, Trust, Identity, and Disclosure: Are Bitcoin Exchanges the Next Virtual Havens for Money 6 Laundering and Tax Evasion, 32 Quinnipiac L. Rev. 135 (2013) (“money laundering naturally pairs well 7 with shirking one’s tax responsibility”). Finally, there are additional factors indicating the likely 8 incidence of tax delinquency involving virtual currency, including a lack of third-party information 9 reporting; relative anonymity of the transactions; a public perception that tax evasion is possible with 10 virtual currency; and a failure among virtual currency users to afford virtual currency transactions the 11 proper tax treatment, including the proper valuation of such transactions. Id. at ¶ 29. These facts, 12 coupled with the IRS’s experience (Id. at ¶¶ 30, 34, 35) with other modes of payment not accompanied 13 by third-party reporting, show that U.S. taxpayers utilizing Coinbase may have failed to report income 14 and other information required under the internal revenue laws. 15

This information is sufficient to establish that the IRS has a reasonable basis for issuing the

16 summons. See, e.g., United States v. Kersting, 891 F.2d 1407 (9th Cir. 1989) (“John Doe” summons 17 enforced after district court found “the existence of at least one case in which a Tax Court found some of 18 Kersting’s programs to be abusive of the tax code.” 891 F.2d at 1409. The Ninth Circuit affirmed: 19 “There was ample basis for believing that the persons about whom records were sought had not 20 complied with the tax law.” 891 F.2d at 1412); United States v. Pittsburgh Trade Exchange, Inc., 644 21 F.2d 302, 306 (3d Cir. 1981) (IRS agent’s testimony that transactions of the type the summoned party 22 arranged for its clients were “inherently susceptible … to tax error” sufficient to meet “reasonable basis” 23 prong); United States v. Ritchie, 15 F. 3d 592, 601 (6th Cir. 1994) (clients’ payment for legal services 24 with large amounts of cash provided a reasonable basis to issue a “John Doe” summons). Here, as 25 Senior Revenue Agent Utzke’s Declaration demonstrates, the IRS not only has a suspicion that the John 26 Doe class includes U.S. taxpayers who are not complying with the law—it knows that the class in the 27 past included such violators, and very likely includes others. Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 14

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 15 of 16

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

E-43

The information sought about the John Doe class is not readily available from other sources

Finally, the information the IRS seeks through the summons is not readily available from any other sources. The only entities possessing information relating to virtual currency transactions that identify the persons involved in the transactions, and hold material relating to the transactions, are the exchangers and any intermediaries. Therefore, it is logical to summon a party known to have some role in the transaction, here Coinbase. See also Matter of Oil & Gas Producers Having Processing Agreements with Kerr-McGee Corp., 500 F. Supp. 440, 442 (W.D. Okla. 1980) (information may have been available from other sources, however it was more readily available from the centrally located summoned party and thus ยง 7609(f) element is satisfied). In circumstances analogous to the present context, courts have recognized that the identities of U.S. taxpayers were not readily available except from financial entities that possessed records regarding suspicious transactions. See, e.g., In re Tax Liabilities of John Does Who During the Years Ended December 31, 1998 and 1999, Had Signatory Authority Over American Express or Master Card Credit, Charge or Debit Cards, Case No. 00-cv-3919 (S.D. Fla. Oct. 30, 2000) (identity of taxpayers not readily available except from American Express and MasterCard International, Inc., who possessed credit card information for cards issued by offshore banks) (a copy of this Order is attached herewith); Pittsburgh Trade Exchange, Inc., 644 F.2d at 306 (identities of taxpayers who engaged in suspicious barter transactions could not be obtained except from organizing body of barter exchange). *

21 22 23 24 25 26 27 Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 15

Case 3:16-cv-06658-JSC Document 2 Filed 11/17/16 Page 16 of 16

E-44

1 2

CONCLUSION The United States has met the requirements of 26 U.S.C. § 7609(f) in order to be allowed to

3 serve its John Doe summons on Coinbase, Inc. Accordingly, the United States’ Petition should be 4 granted. 5

Dated this 17th day of November, 2016.

CAROLINE D. CIRAOLO Principal Deputy Assistant Attorney General

/s/ Jeremy N. Hendon /s/ Amy Matchison JEREMY N. HENDON AMY MATCHISON Trial Attorneys, Tax Division U.S. Department of Justice

8 9 10 11

BRIAN J. STRETCH United States Attorney Northern District of California

12 13 14

/s/ Colin C. Sampson COLIN C. SAMPSON Assistant United States Attorney, Tax Division

15 16 17 18 19 20 21 22 23 24 25 26 27 Memorandum In Support of Ex Parte Petition For Leave to Serve John Doe Summons 16

Case Case3:13-cv-01938-TEH 3:16-cv-06658-JSC Document Document6 2-1 Filed04/29/13 Filed 11/17/16 Page1 Page of 1 of 22

...

E-45

2 3

4 5

7 8

UNITED STATES DISTRICT COURT FOR THE

NORTHERN DISTRICT OF CALIFORNIA

SAN FRANCISCO DIVISION

IN THE MATIER OF THE TAX LIABILITIES OF:

12 13 14 15 16 17 18 19 20 21

JOHN DOES, United States taxpayers who, at any time during the years ended December 31, 2004, through December 31, 2012, directly or indirectly had interests in or signature or other authority (including authority to withdraw funds, trade or give instructions or receive account statements, confirmations or other information, advice or solicitations) with respect to any financial accounts maintained at, monitored by, or managed through CIBC FirstCaribbean International Bank Limited, its predecessors, subsidiaries, and affiliates (collectively, FCIB) and financial accounts maintained at, monitored by, or managed through other financial institutions that FCIB permitted to transact client business through its United States correspondent account at Wells Fargo II·B~MOC*W~·N~A~

)

~ C~\7umber: ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) )

1938~11

[PR8f6~~D] ORDER GRANTING EX PARTE PETITION FOR LEAVE TO

SERVE "JOHN DOE" SUMMONS

____________________)

22 23

THIS MATTER is before the Court upon the United States of America's "Ex Parte Petition for

Leave to Serve "John Doe" Summons" (the "Petition"). Based upon a review of the Petition and

supporting documents, the Court has determined that the "John Doe" summons to Wells Fargo Bank,

N .A. relates to the investigation of an ascertainable group or class of persons, that there is a reasonable

basis for believing that such group or class of persons has failed or may have failed to comply with any

provision of any internal revenue laws, and that the information sought to be obtained from the [Proposed] Order Granting Ex Parte Petition For Leave To Serve "John Doe" Summons

Case Case3:13-cv-01938-TEH 3:16-cv-06658-JSC Document Document6 2-1 Filed04/29/13 Filed 11/17/16 Page2 Page of 2 of 22

April S DISTRICT TE C A T

rson

. Hende

helton E

Judge T

R NIA

RT U O

29th

UNIT ED

E-46

F D IS T IC T O R

Case Case4:11-cv-01686-PJH 3:16-cv-06658-JSC Document Document10 2-2 Filed04/07/11 Filed 11/17/16 Page1 Page 1ofof22

E-47

E-48

Case Case4:11-cv-01686-PJH 3:16-cv-06658-JSC Document Document10 2-2 Filed04/07/11 Filed 11/17/16 Page2 Page 2ofof22

Case 1:00-cv-03919-AJ Case 3:16-cv-06658-JSC Document 5Document Entered2-3 on FLSD Filed 11/17/16 Docket 10/31/2000 Page 1 of 2Page 1 of 2 E-49

Case 1:00-cv-03919-AJ Case 3:16-cv-06658-JSC Document 5Document Entered2-3 on FLSD Filed 11/17/16 Docket 10/31/2000 Page 2 of 2Page 2 of 2 E-50

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 1 of 16

E-51

) ) Civil Number: ) ) ) DECLARATION OF SENIOR REVENUE ) AGENT DAVID UTZKE IN SUPPORT ) OF EX PARTE PETITION FOR LEAVE ) TO SERVE “JOHN DOE” SUMMONS ) )

I, David Utzke, pursuant to 28 U.S.C. § 1746, declare and state:

I am employed as a duly commissioned Senior Revenue Agent by the Internal Revenue

27 Service and am assigned to the IRS’s Offshore Compliance Initiatives (OCI) program. I am assigned to Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

E-52

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 2 of 16

1 work on virtual currency issues. The OCI program develops projects, methodologies, and techniques for 2 identifying United States taxpayers who are involved in abusive offshore transactions and financial 3 arrangements for tax-avoidance purposes. Although this program typically involves abusive offshore 4 transactions and financial arrangements, the virtual currency issues I have been working on are not 5 limited to offshore activities. 2.

I have been an Internal Revenue Agent since January 2008. From approximately October

7 2009 until April 2012, I worked as an International Individual Compliance field agent specializing in 8 offshore investigations. After that, for approximately one and a half years, I was assigned as a Technical 9 Specialist on the Jurisdiction-to-Tax and U.S. Investment Activities IRS International Practice Network 10 where I worked on the emerging issue of virtual currencies. In October 2013, I was assigned to work in 11 the IRS OCI program. I am currently assigned to investigate tax non-compliance connected with the use 12 of virtual currencies. 3.

I graduated from the Federal Law Enforcement Training Center’s advanced course of

14 Economic Crimes Investigation and Analysis. I also hold a certificate of training in Open Source 15 Intelligence research, which includes both surface web and deep web investigations. My academic 16 credentials include a doctorate with relevant study in International Finance and Economics and a 17 master’s in Forensic Accounting and International Finance. I am a Certified Fraud Examiner and 18 Certified Forensic Interviewer. My continuing professional education training each year focuses on 19 tracking hidden offshore assets. I am an occasional lecturer at the Thomas Jefferson School of Law in 20 San Diego, California, on the topic of virtual currencies. In addition, I develop and deliver training 21 within the IRS on the topic of virtual currencies. 22 I.

BACKGROUND REGARDING VIRTUAL CURRENCIES

In 2013, at the request of the Senate Finance Committee, the Government Accountability

24 Office (GAO) completed a study of the use of virtual currency within virtual economies (such as on-line 25 role playing games) and outside of virtual economies. Through interviews with industry representatives, 26 tax professionals, IRS officials and academics, GAO identified several tax compliance risks associated 27 with virtual currencies, ranging from lack of knowledge of tax requirements and uncertainty over how to Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 3 of 16

E-53

1 report virtual currency transactions, to deliberate underreporting of income and tax evasion. See U.S. 2 Gov’t Accountability Office, GAO-13-516, Virtual Economies and Currencies: Additional IRS 3 Guidance Could Reduce Tax Compliance Risks (2013). 4

As the organization responsible for enforcing and administering the tax laws of the

5 United States, the IRS has determined that transactions in a virtual currency that is convertible into real 6 currency have tax consequences that may result in a tax liability. 7

In March 2014, the IRS issued Notice 2014-21, which describes how the IRS applies U.S.

8 tax principles to transactions involving virtual currency. A copy of Notice 2014-21 is attached as Exhibit 9 A. In Notice 2014-21, the IRS stated its position: virtual currencies that can be converted into traditional 10 currency are property for tax purposes, and a taxpayer can have a gain or loss on the sale or exchange of 11 a virtual currency, depending on the taxpayer’s cost to purchase the virtual currency (that is, the 12 taxpayer’s tax basis). 13

How virtual currency works

Virtual currency is a digital representation of value that functions as a medium of

15 exchange, a unit of account, and a store of value. In some situations, virtual currency operates like 16 “traditional currency,” i.e., the coin and paper money of a country that is designated as legal tender. 17 However, it does not have legal tender status in any jurisdiction. A virtual currency is “convertible” if it 18 has an equivalent value in traditional currency or acts as a substitute for traditional currency. 19 Convertible virtual currency can be digitally traded between users and can be purchased for, or 20 exchanged into, U.S. dollars, Euros, and other traditional or virtual currencies. 21

In a virtual currency system, a user creates a “wallet.” A wallet is a digital computer file

22 that contains information used in sending and receiving units of a virtual currency. When the wallet is 23 created, a random wallet address is generated; this is a unique alphanumeric identifier, which is 24 conceptually similar to an e-mail address. Basic wallets can be created free of charge. 25

A wallet holds any number of public keys with their associated private keys. The public

26 key and private key are conceptually similar to a user ID and a digital signature, respectively. A virtual 27 currency user will electronically send their public key to anyone with whom he or she wants to exchange Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

E-54

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 4 of 16

1 units of a virtual currency. The public key contains information that verifies the wallet and the private 2 key used to authenticate a transaction. If the transaction is signed by both parties, the transaction is 3 complete. 4

10.

A completed transaction is then introduced to a network of computers monitored by

5 competing groups of people called miners. Miners maintain the integrity of a sequential public list of all 6 transactions called the blockchain; miners also validate transactions that go into the blockchain with the 7 motive of earning virtual currency. 8

11.

After computers on the network confirm that a transaction is authentic, the transaction is

9 posted to a “block” – a grouping of transactions. When a specified number of confirmed transactions 10 have been grouped, a block is formed. Miners then compete against each other to find a solution to a 11 mathematical puzzle that depends on the contents of the block; once a solution is found, that block will 12 be added to the blockchain. When a new block is added to the blockchain, new virtual currency coins are 13 generated and awarded to the miner who discovered the mathematical puzzle solution that allows the 14 new block to be added to the blockchain. The cycle then repeats. 15

12.

All transactions in a virtual currency blockchain can be viewed by the public on any

16 computer connected to the Internet. However, the blockchain transactional history only reveals the date, 17 the time, the amount (denominated in virtual currency), and the wallet addresses associated with a 18 transaction. The blockchain does not identify the actual identities of the wallet owners. 19

13.

There are nearly a thousand virtual currencies, but the most widely known virtual

20 currency, and largest by capitalization, is bitcoin. Other virtual currencies mimicking bitcoin using the 21 blockchain technology are known as alternative coins or altcoins for short. Just a few examples of 22 altcoins are Ethereum, Litecoin, Ripple, Feathercoin, and Dogecoin. 23

How virtual currency can be obtained and utilized

14.

In order to buy virtual currency with a medium of exchange denominated in a traditional

25 currency, such as a conventional check, credit card, wire, Automated Clearing House (ACH) electronic 26 payments, the virtual currency user will have to find some way to transfer traditional currency to 27 someone who already has virtual currency and wishes to exchange it for traditional currency. This Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 5 of 16

E-55

1 exchange can occur with anyone holding a virtual currency, but tends to be handled through businesses 2 called virtual currency exchangers that trade between virtual currencies and traditional currencies. 3

15.

A virtual currency exchanger functions much like an exchanger for traditional currency

4 except it can exchange virtual currency for traditional currency or vice versa. Because virtual currency 5 exchangers may receive conventional checks, credit card, debit card, or wire transfer payments in 6 exchange for virtual currency, they are a link between virtual currency systems and conventional 7 banking and money-transmittal systems. 8

16.

A virtual currency exchanger may operate on one or more virtual currency platforms.

9 The exchange rate between traditional currency and virtual currency, and between different virtual 10 currency systems, is typically set by supply and demand, and different exchangers compete for business. 11 Because mechanisms exist for exchanging virtual currencies and traditional currencies, virtual 12 currencies have spread beyond online transfers between consumers; they are now used for purchases 13 from brick-and-mortar businesses as well as online merchants. 14

17.

Virtual currency exchangers may also provide wallet services, which allow a user to

15 quickly authorize virtual currency transactions with another user through the use of a traditional money 16 account held at the exchanger similar to a margin account held with a stock broker. Wallet accounts are 17 easily accessed through a computer or mobile device like a smartphone. A wallet can be held in a 18 number of different ways, but millions of users have a wallet provided by an exchanger. 19

18.

Some virtual currency exchangers are registered with the U.S. Treasury Department

20 Financial Crimes Enforcement Network (FinCEN) as Money Services Businesses. Registration carries 21 with it the requirement of following Anti-Money Laundering (AML) rules, including Know Your 22 Customer (KYC) rules. KYC principles require a registered exchanger to confirm and document the 23 identities of its customers and to relate each account to a known beneficial owner. 24 25 26 27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve â&#x20AC;&#x153;John Doeâ&#x20AC;? Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 6 of 16

E-56

19.

The graph below illustrates some of the ways in which individuals can obtain and spend

2 bitcoins. 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

U.S. Gov’t Accountability Office, GAO-14-496, Virtual Currencies’ Emerging Regulatory, Law

18 Enforcement, and Consumer Protection Challenges (2014), p. 8. 19 C.

Tax compliance concerns associated with the use of virtual currencies

20.

The primary virtual currency receiving attention regarding taxable transactions and tax

20 21 compliance is bitcoin because it is the most traded virtual currency and the largest by capitalization. 22 Bitcoin is a virtual currency that exists only on the Internet, does not have legal tender status (in contrast 23 to U.S. dollars or Euros), and has its own value units. 24 21.

Money is generally defined as having the functions of being a medium of exchange, a

25 unit of account, and a store of value. Bitcoin acts as a medium of exchange, as evidenced by the 26 existence of a marketplace for goods and services that can be purchased with it. Bitcoin is a unit of 27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 7 of 16

E-57

1 account - a unit of measure used to value goods, services, assets, liabilities, income, and expenses. 2 Bitcoin is also a store of value since it can be stored, retrieved, and exchanged for goods and/or services 3 at a later date. However, as previously noted it is not legal tender in any jurisdiction and is not treated as 4 currency for tax purposes. 5

22.

Bitcoin derives its value from its usefulness as a form of money that allows for pseudo-

6 anonymous, peer-to-peer transactions with the economic function of money (i.e., medium of exchange, a 7 unit of account, and/or a store of value) as stated above. 8

23.

The value of bitcoin against the U.S. dollar, as with many other world currencies, is

9 determined by supply and demand on the open market and affected by factors that are typically difficult 10 or impossible to forecast, such as an increase in investment into bitcoin financial technology startups, 11 security breaches, geopolitical regulatory issues, and bitcoin exchange collapses. In the simplest concept 12 of supply and demand, when demand for bitcoins increases, the price increases and when demand falls, 13 the price falls. 14

24.

As adoption of bitcoin as a store of value has grown, there is a growing trend of some

15 U.S. businesses making and accepting payments in virtual currency. Some reasons for this include the 16 ease, low cost, and purported anonymity of bitcoin transactions. 17

25.

There are many companies in the U.S. with international employees who are now paying

18 wages in bitcoin; doing so can reduce payroll costs by eliminating international wire fees and can 19 increase the speed with which their international employees receive their pay (minutes vs. weeks). 20

26.

Small businesses are in part attracted to bitcoin payments because there are no credit card

21 fees and no charge-backs from customer fraud, but many of these bitcoin payments have exchangers that 22 act as third-party intermediaries who convert the bitcoin payment to a fiat currency (fiat currency is legal 23 tender that is backed by the government that issued it) that is then transmitted to the merchant. 24

27.

As of January 2016, it was reported that more than 100,000 merchants globally were

25 accepting bitcoin payments with businesses such as Overstock.com, Home Depot, DirectTV, Dell, 26 Microsoft, Amazon, and Expedia topping the list. By Fall 2016, the number of merchants is forecast to 27 grow to 150,000. With bitcoin, a user can buy webhosting services, cars, homes, and even pizza and Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve â&#x20AC;&#x153;John Doeâ&#x20AC;? Summons 30

14630250.1

E-58

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 8 of 16

1 manicures. In 2015, there were 125,498 bitcoin transactions per day. Using the total bitcoins traded in 2 2015 and the 2015 bitcoin average price, I calculated the 2015 annualized transaction value in U.S. 3 dollars to be $10,116,817,608. 4

28.

Virtual currencies pose challenges for central banks, departments and ministries of

5 finance, and financial regulators. The main regulatory challenges posed by virtual currencies are the 6 prevention of money laundering, collection of taxes, consumer and investor protection, and the 7 calibration of monetary policy. 8

29.

A tax compliance challenge faced by taxpayers transacting in virtual currency is that it

9 may be difficult for individuals receiving income from virtual currencies to determine their tax basis for 10 calculating gains because they may have trouble determining the value of the virtual currency when they 11 first obtained it or in maintaining documentation to determine their tax basis. 12

30.

However, some taxpayers may deliberately use virtual currencies as a way to evade taxes.

13 Because transactions can be difficult to trace and many virtual currencies inherently have a pseudo14 anonymous aspect, taxpayers may use them to hide taxable income. This is illustrated by the actions of a 15 taxpayer I had the opportunity to interview, Taxpayer 1, who self-disclosed his virtual currency use 16 during his examination. 17

31.

After using a traditional abusive offshore arrangement for approximately 5 years,

18 Taxpayer 1 became fatigued with the effort required to manage his offshore accounts, attorneys, and 19 applicable regulations, and discovered virtual currency while conducting internet research on the topic. 20 Taxpayer 1 began testing the use of virtual currency and eventually abandoned the use of his offshore 21 structure. Taxpayer 1 was able to use virtual currency to repatriate his assets without governmental 22 detection. 23

32.

For example, Taxpayer 1 originally worked with a foreign promoter who set up a

24 controlled foreign shell company which diverted his income to a foreign brokerage account, then to a 25 foreign bank account, and lastly back to Taxpayer 1 through the use of an automated teller machine 26 (ATM). Once Taxpayer 1 abandoned the use of his offshore structure in favor of using virtual currency, 27 the steps described above were the same until his income reached his foreign bank account. Once there, Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve â&#x20AC;&#x153;John Doeâ&#x20AC;? Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 9 of 16

E-59

1 instead of repatriating his income from an ATM in the form of cash, Taxpayer 1 diverted his income to a 2 bank which works with a virtual currency exchanger to convert his income to virtual currency. Once 3 converted to virtual currency, Taxpayer 1’s income was placed into a virtual currency account until 4 Taxpayer 1 used it to purchase goods and services. Taxpayer 1 failed to report this income to the IRS. 5

33.

Below is a diagram I created to demonstrate Taxpayer 1’s activities with the area to the

6 left of the red diagonal line being the traditional offshore arrangement and the area to the right of the red 7 line the virtual currency structure. This demonstrates how Taxpayer 1 was able to effectuate large non8 cash transactions on a pseudo-anonymous basis. 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

34.

Two additional IRS exams in which I have assisted involved Taxpayer 2 and Taxpayer 3,

both corporate entities with annual revenues of several million dollars, that bought and sold bitcoins which resulted in the underreporting of income. Both taxpayers admitted disguising the amount they

27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

E-60

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 10 of 16

1 spent purchasing the bitcoins as deductions for technology expenses on their tax returns. The bitcoin 2 transactions were discovered after repeated requests for the original documentation necessary to 3 substantiate the technology expense items claimed on the tax returns. Both taxpayers ultimately 4 conceded that the corporate expenses were bitcoin transactions and thus not deductible. In addition, 5 Taxpayer 2 and Taxpayer 3 each had wallet accounts at bitcoin exchange Coinbase, Inc., the virtual 6 currency exchanger the IRS seeks to summon in this case. 7

35.

My research has also identified individuals prosecuted and convicted of federal crimes

8 for anti-money laundering and/or operating an unlicensed money services business involving virtual 9 currency transactions. IRS records indicate that these defendants never reported to the IRS their virtual 10 currency transactions. 11

36.

In addition, some taxpayers have openly acknowledged they consider using bitcoin in

12 order to avoid tax reporting requirements. See Bitcoin Celebrated As Way To Avoid Taxes, Huffington 13 Post (April 16, 2013) (www.huffingtonpost.com/2013/04/16/bitcoin-taxes_n_3093182.html). 14

37.

Further, in the experience of the IRS, tax noncompliance increases when there is no third-

15 party information reporting. That is, taxpayers are less likely to report and pay taxes on income that is 16 not independently reported to the IRS by a third party. IRS “tax gap” studies consistently show that 17 compliance is far higher when reported income amounts are subject to information reporting by third 18 parties. The most recent such study, conducted in April 2016 based on 2008-2010 data, concluded that 19 the overall rate of underreporting of income that was not subject to third-party information reporting was 20 63 percent, compared to 7 percent for amounts subject to substantial information reporting but no 21 withholding, and 1 percent for amounts subject to substantial information reporting and withholding. See 22 Tax Gap Estimates for Tax Years 2008-2010, (April 2016) 23 (https://www.irs.gov/PUP/newsroom/tax%20gap%20estimates%20for%202008%20through%202010.p 24 df). Because there is no third-party reporting of virtual currency transactions for tax purposes, the 25 risk/reward ratio for a taxpayer in the virtual currency environment is extremely low, and the likelihood 26 of underreporting is significant. 27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 11 of 16

38.

E-61

The characteristics of virtual currencies could also enable them to replace traditional

2 abusive tax arrangements as the preferred method for tax evaders, because such currencies are not 3 subject to taxation at the source (i.e. withholding), are largely anonymous, and, as peer-to-peer systems, 4 do not involve traditional financial intermediaries. 5

Coinbase, Inc.

39.

Coinbase, Inc., is a Delaware corporation that operates a bitcoin wallet and exchange

7 business headquartered in San Francisco, California. According to its website (www.coinbase.com), the 8 company currently offers buy/sell trading functionality in 32 countries, maintains over 4.9 million 9 wallets with wallet services available in 190 countries, 3.2 million customers served, and $2.5 billion 10 exchanged in bitcoin. Additional research on Coinbase shows that in the 30-day period ending 11 December 14, 2015, Coinbase was the fourth largest exchanger globally of bitcoin into U.S. dollars and 12 the largest exchanger in the U.S. of bitcoin into U.S. dollars. Coinbase started business in June 2012 as a 13 digital wallet service. By October 2012, the company launched the ability to buy and sell bitcoin 14 through bank transfers. 15

40.

In 2014, Coinbase grew to one million users, acquired the blockchain explorer service

16 Blockr and the web bookmarking company Kippt, secured insurance covering the value of bitcoin stored 17 on their servers, and launched a “vault system” for secure bitcoin storage. During 2014, Coinbase also 18 formed partnerships with Overstock, Dell, Expedia, Dish Network, Time Inc., and Wikipedia and 19 assisted Stripe, Braintree, and PayPal in accepting bitcoin payments. 20

41.

In January 2015, Coinbase received an additional $75 million from a number of investors

21 including the New York Stock Exchange and a subsidiary of USAA. According to Coinbase, this was 22 the first time any traditional financial institutions had taken direct stakes in a bitcoin enterprise. Later in 23 January, Coinbase launched what it claimed to be the first regulated U.S.-based bitcoin exchange. 24

42.

As of December 2015, Coinbase has four main products: (1) an exchange for trading

25 bitcoin and fiat currency (funded through bank or wire transfers); (2) a wallet for bitcoin storage and 26 transactions; (3) an application programming interface (API) for developers and merchants to build 27 applications and accept bitcoin payments; and (4) “Shift Card,” the first U.S.-issued bitcoin debit card. Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

E-62

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 12 of 16

1 The Shift Card is a VISA branded debit card that enables Coinbase users in the U.S. (currently only 2 twenty-four states and Washington, D.C.) to spend bitcoin anywhere VISA is globally accepted. 43.

On April 23, 2013, Coinbase registered with FinCEN as a Money Transmitter (MSB

4 Registration Number: 31000025767705) (Coinbase re-registered with FinCEN on December 8, 2014 5 (MSB Registration Number 31000057750785). As a Money Transmitter, Coinbase is required by the 6 Bank Secrecy Act and FinCEN regulations to develop, implement, and maintain an effective anti-money 7 laundering program that, among other things, includes a process for verifying customer identification. 8 Coinbase’s user agreement states that all U.S. users who wish to use Coinbase’s USD Wallet or the 9 Coinbase Exchange, at minimum, must: 

10 11

Establish a Coinbase Account by providing a name, authenticating an e-mail address, and accepting the Coinbase User Terms;



Add and verify a phone number;



Add and verify a bank account;



Add personal details (full name, date of birth, residential address); and



Complete identity verification by answering a few questions.



In addition, users based in New York State conducting a bitcoin transaction in

excess of $3,000 must submit a copy of an acceptable form of identification (i.e.

passport, state driver’s license, or state identification card).

44.

Based on the information set forth above, I have reason to believe that Coinbase is in

20 possession of records identifying customers with wallet accounts, their transactional history of 21 exchanging dollars for bitcoin, and their use of Shift debit cards. 22 II.

THE “JOHN DOE” SUMMONS REQUIREMENTS HAVE BEEN MET

45.

In accordance with the recommendation of GAO that the IRS plan specific compliance

24 activities to address the tax compliance risks posed by virtual currencies, the IRS has commenced an 25 investigation to determine the correct federal income tax liabilities, for the years ended December 31, 26 27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 13 of 16

E-63

1 2013, 2014, and 2015, of United States persons who conducted transactions in a convertible virtual 2 currency as that term is defined in IRS Notice 2014-21. 3

46.

To facilitate this investigation, the IRS is seeking the Court’s permission to serve,

4 pursuant to sections 7602 and 7609(f) of the Internal Revenue Code (26 U.S.C.), a “John Doe” summons 5 on Coinbase, Inc. A copy of this summons is attached as Exhibit B. 6

47.

As described below: (1) the “John Doe” summons to Coinbase relates to the investigation

7 of an ascertainable group or class of persons; (2) there is a reasonable basis for believing that this group 8 or class of persons has failed or may have failed to comply with provisions of the internal revenue laws; 9 and (3) the information and documents sought to be obtained from the examination of the records or 10 testimony (and the identity of the persons with respect to whose tax liabilities the summons has been 11 issued) are not readily available from sources other than Coinbase. 12

The summons describes an ascertainable class of persons

48.

The proposed “John Doe” summons seeks information regarding United States persons

14 who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions 15 in a convertible virtual currency as defined in IRS Notice 2014-21. 16

49.

This class of persons is ascertainable in that the individuals in the class are particularized

17 from the general public by their characteristics of being United States persons who transacted in a 18 convertible virtual currency. 19

Members of the “John Doe” class may have failed to comply with internal revenue laws 1. Internal revenue laws require United States taxpayers to report and pay tax with respect to transactions in virtual currency

21 22 23 24 25 26

50.

For federal tax purposes, virtual currency is treated as property. General tax principles

applicable to property transactions apply to transactions using virtual currency. See IRS Notice 2014-21. 51.

Under general tax principles applicable to property transactions, the following virtual

currency transactions are reportable in the manner indicated:

27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

E-64

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 14 of 16



Wage, salary, or other income paid to an employee with virtual currency, is

reportable by the employee as ordinary income and subject to employment taxes

paid by the employer. 

Virtual currency received by a self-employed individual in exchange for goods or

services is reportable as ordinary income and is subject to self-employment tax.

This would include a person who “mines” virtual currency as a trade or business. 

7 8

Virtual currency received in exchange for goods or services by a business is reportable as ordinary income.



Gain on the exchange of virtual currency for other property is generally reportable

as a capital gain if the virtual currency was held as a capital asset and as ordinary

income if it is property held for sale to customers in a trade or business. 

12 13

Gain on the sale of property held as a capital asset in exchange for virtual currency is reportable as a capital gain.



Payments made in virtual currency are subject to information reporting

requirements to the same extent as payments made in real currency or instruments

denominated in real currency.

52.

Taxpayers who have engaged in such virtual currency transactions and have not properly

18 reported them have failed to comply with internal revenue laws. 19 20 21

53.

2. The IRS has reason to believe that members of the “John Doe” class may have failed to comply with one or more requirements of the internal revenue laws As noted above, the experience of the IRS is that tax noncompliance increases in the

22 absence of third-party information reporting. This experience is a reasonable basis to believe that 23 members of the “John Doe” class may have failed to comply with the internal revenue laws of the 24 United States because there is no third-party reporting of transactions in virtual currency for tax 25 purposes. 26 27 Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve “John Doe” Summons 30

14630250.1

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 15 of 16

54.

E-65

In addition, based on my experience with several virtual currency cases, in each case the

2 taxpayers who held virtual currency accounts have concealed the existence of their virtual currency 3 account, virtual currency transactions, and their virtual currency income from the IRS. 4

55.

A basic Google search for avoid taxes with bitcoin returns numerous results containing

5 discussions of ways to avoid and evade paying taxes by using bitcoin or other virtual currencies: 6 7 8 9 10 11 12 13 14 15 16 17 18 19

56.

In addition, as discussed in paragraphs 30-33, during my investigation, I interviewed

20 Taxpayer 1 and learned that he had switched from using an offshore structure by which to repatriate his 21 income and avoid detection to using a virtual currency structure to accomplish the same illegal goal. 22 Further, as discussed in paragraph 34, I assisted in two cases involving Taxpayer 2 and Taxpayer 3, both 23 corporate entities that disguised the amount they spent purchasing bitcoins as technology expenses 24 which they improperly deducted on their tax returns. Both taxpayers ultimately conceded that these 25 expenses were bitcoin transactions involving property and thus not deductible. 26

57.

The information and experience of the IRS suggests that many unknown U.S. taxpayers

27 engage in virtual currency transactions or structures. Because the IRS does not know the identity of the Declaration Of R/A David Utzke In Support of Ex Parte Petition For Leave to Serve â&#x20AC;&#x153;John Doeâ&#x20AC;? Summons 30

14630250.1

E-66

Case 3:16-cv-06658-JSC Document 2-4 Filed 11/17/16 Page 16 of 16

Case 3:16-cv-06658-JSC Document 2-5 Filed 11/17/16 Page 1 of 6

E-67

Notice 2014-21 SECTION 1. PURPOSE This notice describes how existing general tax principles apply to transactions using virtual currency. The notice provides this guidance in the form of answers to frequently asked questions. SECTION 2. BACKGROUND The Internal Revenue Service (IRS) is aware that “virtual currency” may be used to pay for goods or services, or held for investment. Virtual currency is a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value. In some environments, it operates like “real” currency -- i.e., the coin and paper money of the United States or of any other country that is designated as legal tender, circulates, and is customarily used and accepted as a medium of exchange in the country of issuance -- but it does not have legal tender status in any jurisdiction. Virtual currency that has an equivalent value in real currency, or that acts as a substitute for real currency, is referred to as “convertible” virtual currency. Bitcoin is one example of a convertible virtual currency. Bitcoin can be digitally traded between users and can be purchased for, or exchanged into, U.S. dollars, Euros, and other real or virtual currencies. For a more comprehensive description of convertible virtual currencies to date, see Financial Crimes Enforcement Network (FinCEN) Guidance on the Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (FIN-2013-G001, March 18, 2013). SECTION 3. SCOPE In general, the sale or exchange of convertible virtual currency, or the use of convertible virtual currency to pay for goods or services in a real-world economy transaction, has tax consequences that may result in a tax liability. This notice addresses only the U.S. federal tax consequences of transactions in, or transactions that use, convertible virtual currency, and the term “virtual currency” as used in Section 4 refers only to convertible virtual currency. No inference should be drawn with respect to virtual currencies not described in this notice. The Treasury Department and the IRS recognize that there may be other questions regarding the tax consequences of virtual currency not addressed in this notice that warrant consideration. Therefore, the Treasury Department and the IRS request comments from the public regarding other types or aspects of virtual currency transactions that should be addressed in future guidance. Comments should be addressed to:

Government Exhibit A _____________

E-68

Case 3:16-cv-06658-JSC Document 2-5 Filed 11/17/16 Page 2 of 6

Internal Revenue Service Attn: CC:PA:LPD:PR (Notice 2014-21) Room 5203 P.O. Box 7604 Ben Franklin Station Washington, D.C. 20044 or hand delivered Monday through Friday between the hours of 8 A.M. and 4 P.M. to: Courier’s Desk Internal Revenue Service Attn: CC:PA:LPD:PR (Notice 2014-21) 1111 Constitution Avenue, N.W. Washington, D.C. 20224 Alternatively, taxpayers may submit comments electronically via e-mail to the following address: Notice.Comments@irscounsel.treas.gov. Taxpayers should include “Notice 2014-21” in the subject line. All comments submitted by the public will be available for public inspection and copying in their entirety. For purposes of the FAQs in this notice, the taxpayer’s functional currency is assumed to be the U.S. dollar, the taxpayer is assumed to use the cash receipts and disbursements method of accounting and the taxpayer is assumed not to be under common control with any other party to a transaction. SECTION 4. FREQUENTLY ASKED QUESTIONS Q-1: How is virtual currency treated for federal tax purposes? A-1: For federal tax purposes, virtual currency is treated as property. General tax principles applicable to property transactions apply to transactions using virtual currency. Q-2: Is virtual currency treated as currency for purposes of determining whether a transaction results in foreign currency gain or loss under U.S. federal tax laws? A-2: No. Under currently applicable law, virtual currency is not treated as currency that could generate foreign currency gain or loss for U.S. federal tax purposes. Q-3: Must a taxpayer who receives virtual currency as payment for goods or services include in computing gross income the fair market value of the virtual currency? A-3: Yes. A taxpayer who receives virtual currency as payment for goods or services must, in computing gross income, include the fair market value of the virtual currency,

Case 3:16-cv-06658-JSC Document 2-5 Filed 11/17/16 Page 3 of 6

E-69

measured in U.S. dollars, as of the date that the virtual currency was received. See Publication 525, Taxable and Nontaxable Income, for more information on miscellaneous income from exchanges involving property or services. Q-4: What is the basis of virtual currency received as payment for goods or services in Q&A-3? A-4: The basis of virtual currency that a taxpayer receives as payment for goods or services in Q&A-3 is the fair market value of the virtual currency in U.S. dollars as of the date of receipt. See Publication 551, Basis of Assets, for more information on the computation of basis when property is received for goods or services. Q-5: How is the fair market value of virtual currency determined? A-5: For U.S. tax purposes, transactions using virtual currency must be reported in U.S. dollars. Therefore, taxpayers will be required to determine the fair market value of virtual currency in U.S. dollars as of the date of payment or receipt. If a virtual currency is listed on an exchange and the exchange rate is established by market supply and demand, the fair market value of the virtual currency is determined by converting the virtual currency into U.S. dollars (or into another real currency which in turn can be converted into U.S. dollars) at the exchange rate, in a reasonable manner that is consistently applied. Q-6: Does a taxpayer have gain or loss upon an exchange of virtual currency for other property? A-6: Yes. If the fair market value of property received in exchange for virtual currency exceeds the taxpayerâ&#x20AC;&#x2122;s adjusted basis of the virtual currency, the taxpayer has taxable gain. The taxpayer has a loss if the fair market value of the property received is less than the adjusted basis of the virtual currency. See Publication 544, Sales and Other Dispositions of Assets, for information about the tax treatment of sales and exchanges, such as whether a loss is deductible. Q-7: What type of gain or loss does a taxpayer realize on the sale or exchange of virtual currency? A-7: The character of the gain or loss generally depends on whether the virtual currency is a capital asset in the hands of the taxpayer. A taxpayer generally realizes capital gain or loss on the sale or exchange of virtual currency that is a capital asset in the hands of the taxpayer. For example, stocks, bonds, and other investment property are generally capital assets. A taxpayer generally realizes ordinary gain or loss on the sale or exchange of virtual currency that is not a capital asset in the hands of the taxpayer. Inventory and other property held mainly for sale to customers in a trade or

E-70

Case 3:16-cv-06658-JSC Document 2-5 Filed 11/17/16 Page 4 of 6

business are examples of property that is not a capital asset. See Publication 544 for more information about capital assets and the character of gain or loss. Q-8: Does a taxpayer who “mines” virtual currency (for example, uses computer resources to validate Bitcoin transactions and maintain the public Bitcoin transaction ledger) realize gross income upon receipt of the virtual currency resulting from those activities? A-8: Yes, when a taxpayer successfully “mines” virtual currency, the fair market value of the virtual currency as of the date of receipt is includible in gross income. See Publication 525, Taxable and Nontaxable Income, for more information on taxable income. Q-9: Is an individual who “mines” virtual currency as a trade or business subject to self-employment tax on the income derived from those activities? A-9: If a taxpayer’s “mining” of virtual currency constitutes a trade or business, and the “mining” activity is not undertaken by the taxpayer as an employee, the net earnings from self-employment (generally, gross income derived from carrying on a trade or business less allowable deductions) resulting from those activities constitute selfemployment income and are subject to the self-employment tax. See Chapter 10 of Publication 334, Tax Guide for Small Business, for more information on selfemployment tax and Publication 535, Business Expenses, for more information on determining whether expenses are from a business activity carried on to make a profit. Q-10: Does virtual currency received by an independent contractor for performing services constitute self-employment income? A-10: Yes. Generally, self-employment income includes all gross income derived by an individual from any trade or business carried on by the individual as other than an employee. Consequently, the fair market value of virtual currency received for services performed as an independent contractor, measured in U.S. dollars as of the date of receipt, constitutes self-employment income and is subject to the self-employment tax. See FS-2007-18, April 2007, Business or Hobby? Answer Has Implications for Deductions, for information on determining whether an activity is a business or a hobby. Q-11: Does virtual currency paid by an employer as remuneration for services constitute wages for employment tax purposes? A-11: Yes. Generally, the medium in which remuneration for services is paid is immaterial to the determination of whether the remuneration constitutes wages for employment tax purposes. Consequently, the fair market value of virtual currency paid as wages is subject to federal income tax withholding, Federal Insurance Contributions

Case 3:16-cv-06658-JSC Document 2-5 Filed 11/17/16 Page 5 of 6

E-71

Act (FICA) tax, and Federal Unemployment Tax Act (FUTA) tax and must be reported on Form W-2, Wage and Tax Statement. See Publication 15 (Circular E), Employerâ&#x20AC;&#x2122;s Tax Guide, for information on the withholding, depositing, reporting, and paying of employment taxes. Q-12: Is a payment made using virtual currency subject to information reporting? A-12: A payment made using virtual currency is subject to information reporting to the same extent as any other payment made in property. For example, a person who in the course of a trade or business makes a payment of fixed and determinable income using virtual currency with a value of $600 or more to a U.S. non-exempt recipient in a taxable year is required to report the payment to the IRS and to the payee. Examples of payments of fixed and determinable income include rent, salaries, wages, premiums, annuities, and compensation. Q-13: Is a person who in the course of a trade or business makes a payment using virtual currency worth $600 or more to an independent contractor for performing services required to file an information return with the IRS? A-13: Generally, a person who in the course of a trade or business makes a payment of $600 or more in a taxable year to an independent contractor for the performance of services is required to report that payment to the IRS and to the payee on Form 1099MISC, Miscellaneous Income. Payments of virtual currency required to be reported on Form 1099-MISC should be reported using the fair market value of the virtual currency in U.S. dollars as of the date of payment. The payment recipient may have income even if the recipient does not receive a Form 1099-MISC. See the Instructions to Form 1099-MISC and the General Instructions for Certain Information Returns for more information. For payments to non-U.S. persons, see Publication 515, Withholding of Tax on Nonresident Aliens and Foreign Entities. Q-14: Are payments made using virtual currency subject to backup withholding? A-14: Payments made using virtual currency are subject to backup withholding to the same extent as other payments made in property. Therefore, payors making reportable payments using virtual currency must solicit a taxpayer identification number (TIN) from the payee. The payor must backup withhold from the payment if a TIN is not obtained prior to payment or if the payor receives notification from the IRS that backup withholding is required. See Publication 1281, Backup Withholding for Missing and Incorrect Name/TINs, for more information. Q-15: Are there IRS information reporting requirements for a person who settles payments made in virtual currency on behalf of merchants that accept virtual currency from their customers?

E-72

Case 3:16-cv-06658-JSC Document 2-5 Filed 11/17/16 Page 6 of 6 6

A-15: Yes, if certain requirements are met. In general, a third party that contracts with a substantial number of unrelated merchants to settle payments between the merchants and their customers is a third party settlement organization (TPSO). A TPSO is required to report payments made to a merchant on a Form 1099-K, Payment Card and Third Party Network Transactions, if, for the calendar year, both (1) the number of transactions settled for the merchant exceeds 200, and (2) the gross amount of payments made to the merchant exceeds $20,000. When completing Boxes 1, 3, and 5a-1 on the Form 1099-K, transactions where the TPSO settles payments made with virtual currency are aggregated with transactions where the TPSO settles payments made with real currency to determine the total amounts to be reported in those boxes. When determining whether the transactions are reportable, the value of the virtual currency is the fair market value of the virtual currency in U.S. dollars on the date of payment. See The Third Party Information Reporting Center, http://www.irs.gov/TaxProfessionals/Third-Party-Reporting-Information-Center, for more information on reporting transactions on Form 1099-K. Q-16: Will taxpayers be subject to penalties for having treated a virtual currency transaction in a manner that is inconsistent with this notice prior to March 25, 2014? A-16: Taxpayers may be subject to penalties for failure to comply with tax laws. For example, underpayments attributable to virtual currency transactions may be subject to penalties, such as accuracy-related penalties under section 6662. In addition, failure to timely or correctly report virtual currency transactions when required to do so may be subject to information reporting penalties under section 6721 and 6722. However, penalty relief may be available to taxpayers and persons required to file an information return who are able to establish that the underpayment or failure to properly file information returns is due to reasonable cause. SECTION 5. DRAFTING INFORMATION The principal author of this notice is Keith A. Aqui of the Office of Associate Chief Counsel (Income Tax & Accounting). For further information about income tax issues addressed in this notice, please contact Mr. Aqui at (202) 317-4718; for further information about employment tax issues addressed in this notice, please contact Mr. Neil D. Shepherd at (202) 317- 4774; for further information about information reporting issues addressed in this notice, please contact Ms. Adrienne E. Griffin at (202) 3176845; and for further information regarding foreign currency issues addressed in this notice, please contact Mr. Raymond J. Stahl at (202) 317- 6938. These are not toll-free calls.

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 1 of 15

6XPPRQV

E-73

In the matter of Tax Liability of John Does* Internal Revenue Service (Division): Large Business & International Division Industry/Area (name or number): Withholding & International Individual Compliance Periods: Years ending 12/31/2013 through 12/31/2015

7KH &RPPLVVLRQHU RI ,QWHUQDO 5HYHQXH 7R Coinbase, Inc. $W You are hereby summoned and required to appear before David J. Utzke, Revenue Agent or Designee an officer of the Internal Revenue Service, to give testimony and to bring with you and to produce for examination the following books, records, papers, and other data relating to the tax liability or the collection of the tax liability or for the purpose of inquiring into any offense connected with the administration or enforcement of the internal revenue laws concerning the person identified above for the periods shown.

See attachment * "John Does" are United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency as defined in IRS Notice 2014-21.

'R QRW ZULWH LQ WKLV VSDFH

Government Exhibit B _____________

%XVLQHVV DGGUHVV DQG WHOHSKRQH QXPEHU RI ,56 RIILFHU EHIRUH ZKRP \RX DUH WR DSSHDU 1818 East Southern Avenue, Mesa, AZ 85204 / 626-927-1237 3ODFH DQG WLPH IRU DSSHDUDQFH DW Internal Revenue Service, 450 Golden Gate Avenue, San Francisco CA 94102

,56

on the

day of

,VVXHG XQGHU DXWKRULW\ RI WKH ,QWHUQDO 5HYHQXH &RGH WKLV

Department of the Treasury ,QWHUQDO 5HYHQXH 6HUYLFH

ZZZ LUV JRY Form 2039 (Rev. 10-2010) Catalog Number 21405J

\HDU GD\ RI

o'clock

m. \HDU

Program Manager Signature of issuing officer

Title

Signature of approving officer LI DSSOLFDEOH

Title

2ULJLQDO - to be kept by IRS

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 2 of 15

6HUYLFH RI 6XPPRQV 1RWLFH DQG 5HFRUGNHHSHU &HUWLILFDWHV

E-74 ] ,

3XUVXDQW WR VHFWLRQ ,QWHUQDO 5HYHQXH &RGH

I certify that I served the summons shown on the front of this form on: Date

Time TBD

TBD

+RZ 6XPPRQV :DV 6HUYHG

I certify that I handed a copy of the summons, which contained the attestation required by Â§ 7603, to the person to whom it was directed.

I certify that I left a copy of the summons, which contained the attestation required by Â§ 7603, at the last and usual place of abode of the person to whom it was directed. I left the copy with the following person (if any):

3. â&#x153;&#x2DC; I certify that I sent a copy of the summons, which contained the attestation required by Â§ 7603, by certified or registered mail to the last known address of the person to whom it was directed, that person being a third-party recordkeeper within the meaning of Â§ 7603(b). I sent the summons to the following address: Coinbase, Inc.

Signature

Title Revenue Agent

4. This certificate is made to show compliance with IRC Section 7609. This certificate does not apply to summonses served on any officer or employee of the person to whose liability the summons relates nor to summonses in aid of collection, to determine the identity of a person having a numbered account or similar arrangement, or to determine

Date of giving Notice:

whether or not records of the business transactions or affairs of an identified person have been made or kept. I certify that, within 3 days of serving the summons, I gave notice (Part D of Form 2039) to the person named below on the date and in the manner indicated.

Time:

Name of Noticee: Address of Noticee (if mailed):

+RZ 1RWLFH :DV *LYHQ

Signature

I gave notice by certified or registered mail to the last known address of the noticee. I left the notice at the last and usual place of abode of the noticee. I left the copy with the following person (if any).

I gave notice by handing it to the noticee. In the absence of a last known address of the noticee, I left the notice with the person summoned. â&#x153;&#x2DC; No notice is required.

Title

Revenue Agent I certify that the period prescribed for beginning a proceeding to quash this summons has expired and that no such proceeding was instituted or that the noticee consents to the examination. Signature

Title

Revenue Agent Form (Rev. 10-2010)

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 3 of 15

6XPPRQV

E-75

$WWHVWDWLRQ I hereby certify that I have examined and compared this copy of the summons with the original and that it is a true and correct copy of the original. Revenue Agent Signature of IRS officer serving the summons

Title

,56

on the

day of

,VVXHG XQGHU DXWKRULW\ RI WKH ,QWHUQDO 5HYHQXH &RGH WKLV

Department of the Treasury ,QWHUQDO 5HYHQXH 6HUYLFH

ZZZ LUV JRY Form 2039 (Rev. 10-2010) Catalog Number 21405J

\HDU GD\ RI

o'clock

m. \HDU

Program Manager Signature of issuing officer

Title

Signature of approving officer LI DSSOLFDEOH

Title

3DUW $ - to be given to person summoned

Case 3:16-cv-06658-JSC Document Sec. 2-6 7603. FiledService 11/17/16 Page 4 of 15 of summons

E-76 Provisions of the Internal Revenue Code

Sec. 7602. Examination of books and witnesses

(a) Authority to Summon, etc. - For the purpose of ascertaining the correctness of any return, making a return where none has been made, determining the liability of any person for any internal revenue tax or the liability at law or in equity of any transferee or fiduciary of any person in respect of any internal revenue tax, or collecting any such liability, the Secretary is authorized (1) To examine any books, papers, records, or other data which may be relevant or material to such inquiry. (2) To summon the person liable for tax or required to perform the act, or any officer or employee of such person, or any person having possession, custody, or care of books of account containing entries relating to the business of the person liable for tax or required to perform the act, or any other person the Secretary may deem proper, to appear before the Secretary at a time and place named in the summons and to produce such books, papers, records, or other data, and to give such testimony, under oath, as may be relevant or material to such inquiry; and (3) To take such testimony of the person concerned, under oath, as may be relevant or material to such inquiry. (b) Purpose may include inquiry into offense. - The purposes for which the Secretary may take any action described in paragraph (1), (2), or (3) of subsection (a) include the purpose of inquiring into any offense connected with the administration or enforcement of the internal revenue laws. (c) Notice of contact of third parties. (1) General Notice. - An officer or employee of the Internal Revenue Service may not contact any person other than the taxpayer with respect to the determination or collection of the tax liability of such taxpayer without providing reasonable notice in advance to the taxpayer that contacts with persons other than the taxpayer may be made. (2) Notice of specific contacts. - The Secretary shall periodically provide to a taxpayer a record of persons contacted during such period by the Secretary with respect to the determination or collection of the tax liability of such taxpayer. Such record shall also be provided upon request of the taxpayer. (3) Exceptions. - This subsection shall not apply(A) to any contact which the taxpayer has authorized, (B) if the Secretary determines for good cause shown that such notice would jeopardize collection of any tax or such notice may involve reprisal against any person, or (C) with respect to any pending criminal investigation. (d) No administrative summons when there is Justice Department referral.(1) Limitation of authority. - No summons may be issued under this title, and the Secretary may not begin any action under section 7604 to enforce any summons, with respect to any person if a Justice Department referral is in effect with respect to such person. (2) Justice Department referral in effect. - For purposes of this subsection(A) In general. - A Justice Department referral is in effect with respect to any person if(i) the Secretary has recommended to the Attorney General a grand jury investigation of, or the criminal prosecution of, such person for any offense connected with the administration or enforcement of the internal revenue laws or (ii) any request is made under section 6103(h)(3)(B) for the disclosure of any return or return information (within the meaning of section 6103(b)) relating to such person. (B) Termination. - A Justice Department referral shall cease to be in effect with respect to a person when(i) the Attorney General notifies the Secretary, in writing, that (l) he will not prosecute such person for any offense connected with the administration or enforcement of the internal revenue laws, (Il) he will not authorize a grand jury investigation of such person with respect to such an offense, or (lll) he will discontinue such a grand jury investigation. (ii) a final disposition has been made of any criminal proceeding pertaining to the enforcement of the internal revenue laws which was instituted by the Attorney General against such person, or (iii) the Attorney General notifies the Secretary, in writing, that he will not prosecute such person for any offense connected with the administration or enforcement of the internal revenue laws relating to the request described in sub paragraph (A)(ii). (3) Taxable years, etc., treated separately. - For purposes of this subsection, each taxable period (or, if there is no taxable period, each taxable event) and each tax imposed by a separate chapter of this title shall be treated separately. (e) Limitation on examination on unreported income. - The Secretary shall not use financial status or economic reality examination techniques to determine the existence of unreported income of any taxpayer unless the Secretary has a reasonable indication that there is a likelihood of such unreported income. Authority to examine books and witness is also provided under sec. 6420 (e)(2) - Gasoline used on farms: sec. 6421(g)(2) - Gasoline used for certain nonhighway purposes by local transit systems, or sold for certain exempt purposes; and sec. 6427(j)(2) - Fuels not used for taxable purposes. * * * *

(a) In general - A summons issued under section 6420(e)(2), 6421(g)(2), 6427(j)(2), or 7602 shall be served by the Secretary, by an attested copy delivered in hand to the person to whom it is directed, or left at his last and usual place of abode; and the certificate of service signed by the person serving the summons shall be evidence of the facts it states on the hearing of an application for the enforcement of the summons. When the summons requires the production of books, papers, records, or other data, it shall be sufficient if such books, papers, records, or other data are described with reasonable certainty (b) Service by mail to third-party recordkeepers. (1) In general. - A summons referred to in subsection (a) for the production of books, papers, records, or other data by a third-party recordkeeper may also be served by certified or registered mail to the last known address of such recordkeeper. (2) Third party record keeper. - For purposes of paragraph (1), the term third-party recordkeeper means (A) any mutual savings bank, cooperative bank, domestic building and loan association, or other savings institution chartered and supervised as a savings and loan or similar association under Federal or State law, any bank (as defined in section 581), or any credit union (within the meaning of section 501 (c)(14)(A)); (B) any consumer reporting agency (as defined under section 603(f) of the Fair Credit Reporting Act (15 U.S.C. 1681 a(f)); (C) Any person extending credit through the use of credit cards or similar devices; (D) any broker (as defined in section 3(a)(4) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(4)); (E) any attorney; (F) any accountant; (G) any barter exchange (as defined in section 6045(c)(3)); (H) any regulated investment company (as defined in section 851) and any agent of such regulated investment company when acting as an agent thereof; (I) any enrolled agent; and (J) any owner or developer of a computer software source code (as defined in section 7612(d)(2)). Subparagraph (J) shall apply only with respect to a summons requiring the production of the source code referred to in subparagraph (J) or the program and data described in section 7612(b)(1)(A)(ii) to which source code relates.

Sec. 7604. Enforcement of summons

(a) Jurisdiction of District Court. - If any person is summoned under the internal revenue laws to appear, to testify, or to produce books, papers, records, or other data, the United States district court for the district in which such person resides or is found shall have jurisdiction by appropriate process to compel such attendance, testimony, or production of books, papers, records, or other data. (b) Enforcement. - Whenever any person summoned under section 6420(e)(2), 6421 (g)(2), 6427(j)(2), or 7602 neglects or refuses to obey such summons, or to produce books, papers, records, or other data, or to give testimony, as required, the Secretary may apply to the judge of the district court or to a United States Commissioner for the district within which the person so summoned resides or is found for an attachment against him as for a contempt. It shall be the duty of the judge or Commissioner to hear the application, and, if satisfactory proof is made, to issue an attachment, directed to some proper officer, for the arrest of such person, and upon his being brought before him to proceed to a hearing of the case; and upon such hearing the judge or the United States Commissioner shall have power to make such order as he shall deem proper, not inconsistent with the law for the punishment of contempts, to enforce obedience to the requirements of the summons and to punish such person for his default or disobedience. * * * *

Sec. 7605. Time and place of examination (a) Time and place. - The time and place of examination pursuant to the provisions of section 6420(e)(2), 6421 (g)(2), 6427(j)(2), or 7602 shall be such time and place as may be fixed by the Secretary and as are reasonable under the circumstances. In the case of a summons under authority of paragraph (2) of section 7602, or under the corresponding authority of section 6420(e)(2), 6421 (g)(2) or 6427(j)(2), the date fixed for appearance before the Secretary shall not be less than 10 days from the date of the summons.

Sec. 7610. Fees and costs for witnesses (a) In general. - The Secretary shall by regulations establish the rates and conditions under which payment may be made of (1) fees and mileage to persons who are summoned to appear before the Secretary, and (2) reimbursement for such costs that are reasonably necessary which have been directly incurred in searching for, reproducing, or transporting books, papers, records, or other data required to be produced by summons. (b) Exceptions. - No payment may be made under paragraph (2) of subsection (a) if (1) the person with respect to whose liability the summons is issued has a proprietary interest in the books, papers, records or other data required to be produced, or (2) the person summoned is the person with respect to whose liability the summons is issued or an officer, employee, agent, accountant, or attorney of such person who, at the time the summons is served, is acting as such. (c) Summons to which section applies. - This section applies with respect to any summons authorized under section 6420(e)(2), 6421 (g)(2), 6427(j)(2), or 7602.

Sec. 7210. Failure to obey summons

Any person who, being duly summoned to appear to testify, or to appear and produce books, accounts, records, memoranda or other papers, as required under sections 6420(e)(2), 6421(g)(2), 6427(j)(2), 7602, 7603, and 7604(b), neglects to appear or to produce such books, accounts, records memoranda, or other papers, shall, upon conviction thereof, be fined not more than $1,000, or imprisoned not more than 1 year, or both, together with costs of prosecution.

Form 2039 (Rev. 10-2010)

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 5 of 15

E-77

Notice of Payment Information for Recipients of IRS Summons If you are a third-party recipient of a summons, you may be entitled to receive payment for certain costs directly incurred which are reasonably necessary to search for, reproduce, or transport records in order to comply with a summons. This payment is made only at the rates established by the Internal Revenue Service to certain persons served with a summons to produce records or information in which the taxpayer does not have an ownership interest. The taxpayer to whose liability the summons relates and the taxpayer's officer, employee, agent, accountant, or attorney are not entitled to this payment. No payment will be made for any costs which you have charged or billed to other persons. The rate for search costs is limited to the total amount of personnel time spent locating and retrieving documents or information requested by the summons. Specific salaries of such persons may not be included in search costs. In addition, search costs do not include salaries, fees, or similar costs for analysis of material or for managerial or legal advice, expertise, research, or time spent for any of these activities. If itemized separately, search costs may include the actual costs of extracting information stored by computer in the format in which it is normally produced, based on computer time and necessary supplies. Time for computer search may be paid. Rates for reproduction costs for making copies or duplicates of summoned documents, transcripts, and other similar material may be paid at the allowed rates. Photographs, films, and other material are reimbursed at cost. The rate for transportation costs is the same as the actual cost necessary to transport personnel to locate and retrieve summoned records or information, or costs incurred solely by the need to transport the summoned material to the place of examination.

In addition to payment for search, reproduction, and transportation costs, persons who appear before an Internal Revenue Service officer in response to a summons may request payment for authorized witness fees and mileage fees. You may make this request by contacting the Internal Revenue Service officer or by claiming these costs separately on the itemized bill or invoice as explained below.

Instructions for requesting payment After the summons is served, you should keep an accurate record of personnel search time, computer costs, number of reproductions made, and transportation costs. Upon satisfactory compliance, you may submit an itemized bill or invoice to the Internal Revenue Service officer before whom you were summoned to appear, either in person or by mail to the address furnished by the Internal Revenue Service officer. Please write on the itemized bill or invoice the name of the taxpayer to whose liability the summons relates. If you wish, Form 6863, Invoice and Authorization for Payment of Administrative Summons Expenses, may be used to request payment for search, reproduction, and transportation costs. Standard Form 1157, Claims for Witness Attendance Fees, Travel, and Miscellaneous Expenses, may be used to request payment for authorized witness fees and mileage fees. These forms are available from the Internal Revenue Service officer who issued the summons. If you have any questions about the payment, please contact the Internal Revenue Service officer before whom you were summoned to appear. Anyone submitting false claims for payment is subject to possible criminal prosecution.

IRS Department of the Treasury Internal Revenue Service

www.irs.gov Form 2039 (Rev. 10-2010) Catalog Number 21405J

Part B - to be given to person summoned

Restriction on examination of records. - No 6 examination Case 3:16-cv-06658-JSC Document (d) 2-6 Filed 11/17/16 Page of 15 of any records required to be Sec. 7609. Special procedures for third-party summons produced under a summons as to which notice is required under subsection (a) may be E-78 made -

(a) Notice(1) In general. - If any summons to which this section applies requires the giving of testimony on or relating to, the production of any portion of records made or kept on or relating to, or the production of any computer software source code (as defined in 7612(d)(2)) with respect to, any person (other than the person summoned) who is identified in the summons, then notice of the summons shall be given to any person so identified within 3 days of the day on which such service is made, but no later than the 23rd day before the day fixed in the summons as the day upon which such records are to be examined. Such notice shall be accompanied by a copy of the summons which has been served and shall contain an explanation of the right under subsection (b)(2) to bring a proceeding to quash the summons. (2) Sufficiency of notice. - Such notice shall be sufficient if, on or before such third day, such notice is served in the manner provided in section 7603 (relating to service of summons) upon the person entitled to notice, or is mailed by certified or registered mail to the last known address of such person, or, in the absence of a last known address, is left with the person summoned. If such notice is mailed, it shall be sufficient if mailed to the last known address of the person entitled to notice or, in the case of notice to the Secretary under section 6903 of the existence of a fiduciary relationship, to the last known address of the fiduciary of such person, even if such person or fiduciary is then deceased, under a legal disability, or no longer in existence. (3) Nature of summons. - Any summons to which this subsection applies (and any summons in aid of collection described in subsection (c)(2)(D)) shall identify the taxpayer to whom the summons relates or the other person to whom the records pertain and shall provide such other information as will enable the person summoned to locate the records required under the summons. (b) Right to intervene; right to proceeding to quash. (1) Intervention. - Notwithstanding any other law or rule of law, any person who is entitled to notice of a summons under subsection (a) shall have the right to intervene in any proceeding with respect to the enforcement of such summons under section 7604. (2) Proceeding to quash. (A) In general. - Notwithstanding any other law or rule of law, any person who is entitled to notice of a summons under subsection (a) shall have the right to begin a proceeding to quash such summons not later than the 20th day after the day such notice is given in the manner provided in subsection (a)(2). In any such proceeding, the Secretary may seek to compel compliance with the summons. (B) Requirement of notice to person summoned and to Secretary. - If any person begins a proceeding under subparagraph (A) with respect to any summons, not later than the close of the 20-day period referred to in subparagraph (A) such person shall mail by registered or certified mail a copy of the petition to the person summoned and to such office as the Secretary may direct in the notice referred to in subsection (a) (1 ). (C) Intervention, etc. - Notwithstanding any other law or rule of law, the person summoned shall have the right to intervene in any proceeding under subparagraph (A). Such person shall be bound by the decision in such proceeding (whether or not the person intervenes in such proceeding). (c) Summons to which section applies. (1) In general. - Except as provided in paragraph (2), this section shall apply to any summons issued under paragraph (2) of section 7602(a) or under sections 6420(e)(2), 6421(g)(2), 6427(j)(2), or 7612. (2) Exceptions. - This section shall not apply to any summons (A) served on the person with respect to whose liability the summons is issued, or any officer or employee of such person; (B) issued to determine whether or not records of the business transaction or affairs of an identified person have been made or kept; (C) issued solely to determine the identify of any person having a numbered account (or similar arrangement) with a bank or other institution described in section 7603(b)(2)(A); (D) issued in aid of the collection of(i) an assessment made or a judgment rendered against the person with respect to whose liability the summons is issued, or (ii) the liability at law or in equity of any transferee or fiduciary of any person referred to in clause; or (E) (i) issued by a criminal investigator of the Internal Revenue Service in connection with the investigation of an offense connected with the administration or enforcement of the internal revenue laws, and (ii) served on a person who is not a third-party recordkeeper (as defined in section 7603(b)). (3) John Doe and Certain Other Summonses. - Subsection (a) shall not apply to any summons described in subsection (f) or (g). (4) Records. - For purposes of this section, the term records includes books, papers, and other data.

(1) before the close of the 23rd day after the day notice with respect to the summons is given in the manner provided in subsection (a)(2), or (2) where a proceeding under subsection (b)(2)(A) was begun within the 20-day period referred to in such subsection and the requirements of subsection (b)(2)(B) have been met, except in accordance with an order of the court having jurisdiction of such proceeding or with the consent of the person beginning the proceeding to quash. (e) Suspension of Statute of Limitations. (1) Subsection (b) action. - If any person takes any action as provided in subsection (b) and such person is the person with respect to whose liability the summons is issued (or is the agent, nominee, or other person acting under the direction or control of such person), then the running of any period of limitations under section 6501 (relating to the assessment and collection of tax) or under section 6531 (relating to criminal prosecutions) with respect to such person shall be suspended for the period during which a proceeding, and appeals therein, with respect to the enforcement of such summons is pending. (2) Suspension after 6 months of service of summons. - In the absence of the resolution of the summoned party's response to the summons, the running of any period of limitations under section 6501 or under section 6531 with respect to any person with respect to whose liability the summons is issued (other than a person taking action as provided in subsection (b)) shall be suspended for the period(A) beginning on the date which is 6 months after the service of such summons, and (B) ending with the final resolution of such response. (f) Additional requirements in the case of a John Doe summons. Any summons described in subsection (c)(1) which does not identify the person with respect to whose liability the summons is issued may be served only after a court proceeding in which the Secretary establishes that (1) the summons relates to the investigation of a particular person or ascertainable group or class of persons, (2) there is a reasonable basis for believing that such person or group or class of persons may fail or may have failed to comply with any provision of any internal revenue law, and (3) the information sought to be obtained from the examination of the records or testimony (and the identity of the person or persons with respect to whose liability the summons is issued) is not readily available from other sources. (g) Special exception for certain summonses. A summons is described in this subsection if, upon petition by the Secretary, the court determines, on the basis of the facts and circumstances alleged, that there is reasonable cause to believe the giving of notice may lead to attempts to conceal, destroy, or alter records relevant to the examination, to prevent the communication of information from other persons through intimidation, bribery, or collusion, or to flee to avoid prosecution, testifying, or production of records. (h) Jurisdiction of district court; etc. (1) Jurisdiction. - The United States district court for the district within which the person to be summoned resides or is found shall have jurisdiction to hear and determine any proceedings brought under subsection (b)(2), (f), or (g). An order denying the petition shall be deemed a final order which may be appealed. (2) Special rule for proceedings under subsections (f) and (g).- The determinations required to be made under subsections (f) and (g) shall be made ex parte and shall be made solely on the petition and supporting affidavits. (i) Duty of summoned party. (1) Recordkeeper must assemble records and be prepared to produce records.On receipt of a summons to which this section applies for the production of records, the summoned party shall proceed to assemble the records requested, or such portion thereof as the Secretary may prescribe, and shall be prepared to produce the records pursuant to the summons on the day on which the records are to be examined. (2) Secretary may give summoned party certificate. - The Secretary may issue a certificate to the summoned party that the period prescribed for beginning a proceeding to quash a summons has expired and that no such proceeding began within such period, or that the taxpayer consents to the examination. (3) Protection for summoned party who discloses. - Any summoned party, or agent or employee thereof, making a disclosure of records or testimony pursuant to this section in good faith reliance on the certificate of the Secretary or an order of a court requiring production of records or the giving of such testimony shall not be liable to any customer or other person for such disclosure. (4) Notice of suspension of statute of limitations in the case of a John Doe summons. - In the case of a summons described in subsection (f) with respect to which any period of limitations has been suspended under subsection (e)(2), the summoned party shall provide notice of such suspension to any person described in subsection (f). (j) Use of summons not required. Nothing in this section shall be construed to limit the Secretary's ability to obtain information, other than by summons, through formal or informal procedures authorized by sections 7601 and 7602.

Form 2039 (Rev. 10-2010)

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 7 of 15

6XPPRQV

E-79

'R QRW ZULWH LQ WKLV VSDFH

,56

on the

day of

,VVXHG XQGHU DXWKRULW\ RI WKH ,QWHUQDO 5HYHQXH &RGH WKLV

Department of the Treasury ,QWHUQDO 5HYHQXH 6HUYLFH

ZZZ LUV JRY Form 2039 (Rev. 10-2010) Catalog Number 21405J

\HDU GD\ RI

o'clock

m. \HDU

Program Manager Signature of issuing officer

Title

Signature of approving officer LI DSSOLFDEOH

Title

3DUW & - to be given to noticee

Case 3:16-cv-06658-JSC Document Sec. 2-6 7603. FiledService 11/17/16 Page 8 of 15 of summons

E-80 Provisions of the Internal Revenue Code

Sec. 7602. Examination of books and witnesses

Sec. 7604. Enforcement of summons

Sec. 7210. Failure to obey summons

Form 2039 (Rev. 10-2010)

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 'DWH Page 9 of 15 XXXXXXX

E-81

$GGUHVV Enclosed is a copy of a summons served by the IRS to examine records made or kept by, or to request testimony from, the person summoned. If you object to the summons, you are permitted to file a lawsuit in the United States district court in the form of a petition to quash the summons in order to contest the merits of the summons. If you are the taxpayer, see important information below on the suspensions of your periods of limitation under I.R.C. section 7609(e)(1) and (e)(2).

*HQHUDO 'LUHFWLRQV 1. You must file your petition to quash in the United States district court for the district where the person summoned resides or is found. 2. You must file your petition within 20 days from the date of this notice and pay a filing fee as may be required by the clerk of the court. 3. You must comply with the Federal Rules of Civil Procedure and local rules of the United States district court.

,QVWUXFWLRQV IRU 3UHSDULQJ 3HWLWLRQ WR 4XDVK 1. Entitle your petition ''Petition to Quash Summons.'' 2. Name the person or entity to whom this notice is directed as the petitioner. 3. Name the United States as the respondent. 4. State the basis for the court's jurisdiction, as required by Federal Rule of Civil Procedure. See Internal Revenue Code Section 7609(h). 5. State the name and address of the person or entity to whom this notice is directed and state that the records or testimony sought by the summons relate to that person or entity. 6. Identify and attach a copy of the summons.

,56 Department of the Treasury ,QWHUQDO 5HYHQXH 6HUYLFH

ZZZ LUV JRY Form 2039 (Rev. 10-2010) Catalog Number 21405J

7. State in detail every legal argument supporting the relief requested in your petition. See Federal Rules of Civil Procedure. Note that in some courts you may be required to support your request for relief by a sworn declaration or affidavit supporting any issue you wish to contest. 8. Your petition must be signed as required by Federal Rule of Civil Procedure 11. 9. Your petition must be served upon the appropriate parties, including the United States, as required by Federal Rule of Civil Procedure 4. 10. At the same time you file your petition with the court, you must mail a copy of your petition by certified or registered mail to the person summoned and to the IRS. Mail the copy for the IRS to the officer whose name and address are shown on the face of this summons. See 7609(b)(2)(B). The court will decide whether the person summoned should be required to comply with the summons request.

6XVSHQVLRQ RI 3HULRGV RI /LPLWDWLRQ If you are the taxpayer being examined/investigated by this summons and you file a petition to quash the summons (or if you intervene in any suit concerning the enforcement of this summons), your periods of limitation for assessment of tax liabilities and for criminal prosecutions will be suspended pursuant to I.R.C. section 7609(e)(1) for the tax periods to which the summons relates. Such suspension will be effective while any proceeding (or appeal) with respect to the summons is pending. Your periods of limitation will also be suspended under section 7609(e)(2) if the summoned person fails to fully respond to this summons for 6 months. The suspension under section 7609(e)(2) will begin 6 months after the summons is served and will continue until the summoned person finally resolves the obligation to produce the summoned information. You can contact the IRS officer identified on the summons for information concerning the suspension under section 7609(e)(2). If you contact the IRS officer for this purpose, please provide the following information: (1) your name, address, home and work telephone numbers and any convenient time you can be contacted and (2) a copy of the summons or a description of it that includes the date it was issued, the name of the IRS employee who issued it, and the name of the summoned person. The relevant provisions of the Internal Revenue Code are enclosed with this notice. If you have any questions, please contact the Internal Revenue Service officer before whom the person summoned is to appear. The officer's name and telephone number are shown on the summons. 3DUW ' - to be given to noticee

(d) Restriction examination of records. - No10 examination Case 3:16-cv-06658-JSC Document 2-6 Filedon 11/17/16 Page of 15 of any records required to be Sec. 7609. Special procedures for third-party summons produced under a summons as to which notice is required under subsection (a) may be E-82 made -

Form 2039 (Rev. 10-2010)

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 11 of 15

6XVSHQVLRQ RI &RUSRUDWH 7D[SD\HUÂśV 3HULRG RI /LPLWDWLRQV RQ $VVHVVPHQW ,I D &RXUW 3URFHHGLQJ LV %URXJKW 5HJDUGLQJ D 'HVLJQDWHG RU 5HODWHG 6XPPRQV

E-83

The IRS may issue designated or related summonses to examine the tax liability of certain corporations. A designated summons will be identified by a statement at the top of the summons that reads: "This is a designated summons pursuant to IRC 6503(j)." A related summons will be identified by a similar statement at the top of the summons indicating that it is a related summons issued pursuant to I.R.C. sec. 6503(j).

the day the court proceeding is brought. If the court orders any compliance with the summons, the suspension will continue until 120 days after the summoned person finally resolves his response to the summons. If the court does not order any compliance with the summons, then the period of limitations will resume running on the day after final resolution (but the period of limitations will not expire before the 60th day after final resolution).

If you are a corporate taxpayer and the IRS has issued a designated or related summons to investigate your tax liability, your period of limitations on assessment will be suspended if a court proceeding concerning the summons is begun. This suspension will be effective on

To obtain information about the dates of the suspension under section 6503(j), you can contact the IRS officer before whom the person summoned is to appear. The officer's name and telephone number are identified on the summons.

,56 Department of the Treasury ,QWHUQDO 5HYHQXH 6HUYLFH

ZZZ LUV JRY Form 2039 (Rev. 10-2010) Catalog Number 21405J

3DUW ( - to be given to the corporate taxpayer only if this is a designated or related summons

Case 3:16-cv-06658-JSC Document 2-6 FiledSummons 11/17/16 Page 12subsection— of 15 (2) Designated -- For purposes of this 6HF M ([WHQVLRQ ,Q FDVH RI FHUWDLQ VXPPRQVHV E-84 (1) In General— If any designated summons is issued by the Secretary to a corporation (or to any other person to whom the corporation has transferred records) with respect to any return of tax by such corporation for a taxable year (or other period) for which such corporation is being examined under the coordinated examination program (or any successor program) of the Internal Revenue Service, the running of any period of limitations provided in section 6501 on the assessment of such tax shall be suspended— (A) during any judicial enforcement period-(i) with respect to such summons, or (ii) with respect to any other summons which is issued during the 30-day period which begins on the date on which such designated summons is issued and which relates to the same return as such designated summons, and (B) if the court in any proceeding referred to in paragraph (3) requires any compliance with a summons referred to in subparagraph (A), during the 120 day period beginning with the 1st day after the close of the suspension under subparagraph (A). If subparagraph (B) does not apply, such period shall in no event expire before the 60th day after the close of the suspension under subparagraph (A).

(A) In General -- The term “designated summons” means any summons issued for purposes of determining the amount of any tax imposed by this title if-(i) the issuance of such summons is preceded by a review of such issuance by the regional counsel of the Office of Chief Counsel for the region in which the examination of the corporation is being conducted, (ii) such summons is issued at least 60 days before the day on which the period prescribed in section 6501 for the assessment of such tax expires (determined with regard to extensions), and (iii) such summons clearly states that it is a designated summons for purposes of this subsection. (B) Limitation -- A summons which relates to any return shall not be treated as a designated summons if a prior summons which relates to such return was treated as a designated summons for purposes of this subsection. (3) Judicial Enforcement Period -- For purposes of this subsection, the term “judicial enforcement period” means, with respect to any summons, the period – (A) which begins on the day on which a court proceeding with respect to such summons is brought, and (B) which ends on the day on which there is a final resolution as to the summoned person’s response to such summons.

Form (Rev.10-2010)

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 13 of 15 In the Matter of Tax Liability of John Does Attachment to Form 2039 Summons to Coinbase, Inc. (d/b/a Coinbase)

E-85

DOCUMENTS For each Coinbase user for which your records show any U.S. address, U.S. telephone number, U.S. e-mail domain, or U.S. bank account, produce the following records for the period January 1, 2013 through December 31, 2015 unless otherwise stated: 1.

Account/wallet/vault registration records for each account/wallet/vault owned or controlled by the user during the period stated above including, but not limited to, complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.

Any other records of Know-Your-Customer due diligence performed with respect to the user not included in paragraph 1, above.

For any account/wallet/vault with respect to which the registered user gave any third party access, control, or transaction approval authority, all powers of attorney, letters of wishes, corporate minutes, or other agreements or instructions granting the third party such access, control, or approval authority.

All records of account/wallet/vault activity including transaction logs or other records identifying the date, amount, and type of transaction (purchase/sale/exchange), the post transaction balance, the names or other identifiers of counterparties to the transaction; requests or instructions to send or receive bitcoin; and, where counterparties transact through their own Coinbase accounts/wallets/vaults, all available information identifying the users of such accounts and their contact information.

For each merchant user for which you act as Payment Service Provider, records of all payments processed, including records identifying the user of the wallet charged, if a Coinbase user, or the address of the wallet charged, if not, the date and amount of the transaction, and any other information that will enable the merchant to identify the transaction.

All correspondence between Coinbase and the user or any third party with access to the account/wallet/vault pertaining to the account/wallet/vault, including but not limited to letters, memoranda, telegrams, telexes, facsimiles, e-mail, letters of instruction, and memoranda of telephone or oral instructions received.

All periodic statements of account or invoices (or the equivalent).

1 14141608.1

E-86

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 14 of 15 In the Matter of Tax Liability of John Does Attachment to Form 2039 Summons to Coinbase, Inc. (d/b/a Coinbase)

All records of payments to or from the user by checks, wire or other electronic transfer, ACH transaction, PayPal transfer, credit or debit card transaction, money order, transfer to or from other digital currency wallet address, or any other method, including records reflecting the form, manner, nature, and purpose of such payment including, but not limited to, ABA routing number and other routing information, payment instructions, and any and all invoices, billing statements, receipts, or other documents memorializing and describing such transaction.

9. All exception reports produced by your AML system, and all records of investigation of such exceptions. For the purpose of this summons, you are required to produce all documents described in this attachment, whether located in the United States or otherwise, that are in your possession, custody, or control, or otherwise accessible or available to you either directly or through other entities. INSTRUCTIONS FOR PRODUCTION OF ELECTRONICALLY STORED RECORDS If the records requested herein are stored in your record retention systems and/or by your technology, data, or other service providers, it should be produced on electronic media according to the following criteria: I. Text Data A. Text data relating to transactions shall be produced within a data file: 1. Using a delimited ASCII text data format; or 2. Using software that can export to a commonly readable, nonproprietary file format without loss of data. 3. If text data is stored in a format readable only by proprietary software, provide a copy of software necessary to enable the data to be retrieved, manipulated, and processed by a computer. B. Text data files relating to transactions shall include field descriptions (e.g., account number, date/time, description, payee/payor, check number, item identifier, amount, etc.) II. Image Data A. Image data shall be produced in graphic data files in a commonly readable, nonproprietary format with the highest image quality maintained. B. Image data of items associated with transactions (e.g., cancelled checks, deposit slips, etc.) shall be: 1. Produced in individual graphic data files with any associated endorsements; 2. Linked to corresponding text data by a unique identifier; and 2 14141608.1

Case 3:16-cv-06658-JSC Document 2-6 Filed 11/17/16 Page 15 of 15

E-87

In the Matter of Tax Liability of John Does Attachment to Form 2039 Summons to Coinbase, Inc. (d/b/a Coinbase)

3. Image collections, OCR (optical character recognition), and image linking files must be produced in a Concordance load-ready format, ideally in a Concordance database. III. Encryption/Authentication A. Electronically stored records may be transmitted in an encrypted container. Decryption keys and/or passwords shall be produced separately at the time the data is produced. B. Authentication, such as hash coding, may be set by agreement. C. Affidavits or certificates of authenticity for the records may be included as part of the electronic production. If you have questions about the format in which to provide electronic data, please contact Revenue Agent David J. Hooczko by telephone at (626) 927-1237.

Before you produce any of the above-listed records, please contact Revenue Agent Utzke by telephone at (626) 927-1237 to discuss the terms of compliance. The personal appearance requirement is waived when the requested information is furnished by mail to Revenue Agent Utzke at 1818 East Southern Avenue, Mesa, AZ 85204.

3 14141608.1