Midnight Wonkishness
Hope you had a nice break. We welcome you back with deep dives on FDIC and IRS programs in cryptocurrency.
I started Brogan Law to provide top quality legal services to individuals and entities with legal questions related to cryptocurrency. Cryptocurrency law is still new, and our clients recognize the value of a nimble and energetic law firm that shares their startup mentality. To help my clients maintain a strong strategic posture, this newsletter discusses topics in law that are relevant to the cryptocurrency industry. While this letter touches on legal issues, nothing here is legal advice. For any inquiries email aaron@broganlaw.xyz.
After a few weeks of fun and games, this week seemed like a good opportunity for some good old-fashioned wonkishness. Here are my deep dives on two agency operations that have drawn attention from the cryptocurrency industry in recent weeks.
The Operation Chokepoint 2.0 Saga Continues
It’s not popular right now to defend federal agencies, but sometimes you gotta do what you gotta do.
A few weeks ago, we covered the Operation Chokepoint 2.0 scandal. Basically, what happened was Marc Andreessen went on Joe Rogan and said that the Consumer Financial Protection Bureau (CFPB) had been de-banking cryptocurrency entities and affiliated individuals for some time.
A lot of people were shocked by this, apparently, and there was a big brouhaha on X. Some really smart people who had been covering the story pointed out that actually the CFPB didn’t do this, it was the Federal Deposit Insurance Corporation (FDIC). Other than that though the story was basically confirmed and a lot of evidence came out.
To avoid any ambiguity, I have spoken to multiple sources in crypto who told me that they personally were dropped from financial institutions for no reason. De-banking happened, it was bad, there is no doubt about it.
The way this worked, insiders speculated, is that the FDIC would go to banks and tell them, “hey we’re not so sure about you providing banking services to crypto-related entities.” The banks, being completely beholden to the FDIC to continue operating1, dutifully removed anyone adjacent to the cryptocurrency industry from their rolls.
Since all the way back in June 2024, to investigate the FDIC’s interactions with financial institutions, Coinbase has led a campaign to use the Freedom of Information Act (FOIA) to attempt to uncover internal documents at the FDIC that might reveal exactly what happened. We covered some of their findings previously, but this week the FDIC released a more complete set of less-redacted documents.
The origin of these documents is the April 7, 2022 FIL-16-2022 memorandum titled “Notification of Engaging in Crypto-Related Activities.” This document is and has been public guidance for financial institutions to understand the FDIC’s treatment of cryptocurrency, in light of what it describes as “significant safety and soundness risks, as well as financial stability and consumer protection concerns.” Accordingly, this memorandum requested “all FDIC-supervised institutions that are considering engaging in crypto-related activities to notify the FDIC of their intent and to provide all necessary information that would allow the FDIC to engage with the institution regarding related risks.”
These “pause letters” that Coinbase discovered and GC Paul Grewel released on X show the general trend of enforcement according to these letters. See below a list compiled by the VC and journalist Nic Carter of the content of the pause letters:
Across 25 mostly unredacted documents, the FDIC can be seen requesting information and broadly denying the various (unidentified) programs permission to proceed with the proposed cryptocurrency-related activities. This rejection often takes the form “until we complete our review, we request that the Bank refrain from providing this service to its customers”, or similar.
These letters did not include explicit final determinations by the FDIC that the relevant programs were prohibited, and according to the Office of the Inspector General (OIG) “the FDIC did not (1) establish an expected timeframe for reviewing information and responding to the supervised institutions that received pause letters, and (2) describe what constitutes the end of the review process for supervised institutions that received a pause letter.” So this was, in effect, an indefinite prohibition.
These documents are certainly interesting, but some seem to be over-indexing their content. They do not show the kind of smoking gun communication that Mr. Andreessen suggested might exist on the Joe Rogan podcast so many weeks ago now. In fact, the FDIC’s internal memorandum about the program that was also released this week explicitly directed that the policy does not prohibit “(1) providing deposit accounts to [bitcoin ATMs], (2) loans to crypto-related entities that are not collateralized by crypto; and (3) deposit accounts used for the business operations of, or processing ACH payments for, crypto-related companies in which the bank does not hold/maintain the funds of the crypto-related companies’ customers.” So, if the FDIC was directing a wave of debanking, by my reading, it was outside of the FIL-16-2022 policy.
Reading these documents left me with more questions than answers. If this program was not “Operation Choke Point 2.0”, then how was that effectuated? Why did the FDIC work so hard to keep these relatively bland documents confidential? Nonetheless, it is an interesting insight into the workings of Biden-era agency enforcement. We are often critical of agency enforcement here, but I think with respect to the FDIC, we should give at least some benefit of the doubt.
The FIL-16-2022 policy was implemented literally on the eve of the Terra-Luna collapse. In the period during which these letters were being sent to banks, Three Arrows Capital, Celsius, Voyager, FTX/Alameda, BlockFi, and Genesis all spectacularly self-destructed. Shortly thereafter, there was a banking crisis causing Silvergate and SVB to be wound down.
It’s hard to remember now, but these were heady times. There was genuine concern that contagion from these runs could wipe out the entire cryptocurrency industry, or even cause a crash in the broader non-crypto economy. It is easy to see why the FDIC would be cautious in this macro environment.
And honestly, our priors here should be that the FDIC is the greatest thing since sliced bread2—because it is. The FDIC was chartered as a solution to the fundamentally volatile nature of demand deposits. Famously, the Great Depression was precipitated by devastating bank runs between 1929 and 1933. Well that never happened again, and it is because of the FDIC. Deposit insurance alters the incentive structure that caused bank runs, and so it stops them. It does this relatively cheaply, and has been revenue positive for the federal government throughout its existence. If you were to line up all the programs and policies the United States government has ever implemented, the FDIC would be very nearly the best one.
Its mandate is not to promote innovation; its mission is to “maintain stability and public confidence in the Nation’s financial system.” According to OIG, the reasoning behind these pause letters was to complete a “risk assessment to determine whether the Agency can sufficiently address crypto-asset-related risks through actions such as issuing guidance to supervised institutions.” Now, that may or may not be true. Maybe this was a bad-faith campaign against the industry. If it is true, though, that is exactly what the FDIC is supposed to do.
So here is the actual problem. It's not a few evil bureaucrats, it's a regulatory system that requires agency assent to operate, rather than requiring agency evaluation to prohibit operation. The default is backwards, and it is not just in banking, but in much of contemporary American regulatory affairs. If the FDIC needs years to evaluate cryptocurrency, then that is what it is, but our system should not be structured in such a way that this intransigence is able to stifle an entire industry.
Our economy is strong because of its relative deference to market forces, but our financial sector is managed more like a planned economy—only state favored firms are permitted to do business. For systemically important financial institutions this may be justified, but around the margins it cannot be. Some retail users of crypto will lose their money before this is all over, but the growth in economic activity from innovation will far outweigh these costs. We have to prioritize policies that permit this, and that means taking the oxygen regulator out of the FDIC’s hands and letting some small banks breathe a little. In the long run, this will enrich all of us.
The IRS Does Some Midnight Rulemaking
The IRS, on the other hand, is on a journey that I am far less inclined to countenance.
Cryptocurrency’s tax treatment is a somewhat thorny question. On-chain transactions could constitute taxable events, but are often only recorded pseudonymously—particularly on decentralized exchanges that do not KYC their users. This might tax advantage on-chain cryptocurrency transactions in some situations, but it isn't a durable benefit. Any taxes avoided through initial unattributable transactions can still be assessed later. So, unpleasant as it is, it is probably better for the industry to have clear tax rules that are universally applicable.
Likely for this reason, Congress included language in the 2021 Infrastructure Investment and Jobs Act (IIJA) that expressly expanded the definition of a “broker” to include “any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person.” The law also extended the requirement that such brokers report digital asset transactions and further prescribed that the IRS may set forth regulations concerning what reporting is required.
This was intended to go into effect on January 1, 2023, but the IRS failed to propose rulemaking to effect the new regulation until August 2023. At the time, the proposal generated substantial controversy in the cryptocurrency community because of its breadth, “capturing hosted wallet providers, payment processors, some decentralized finance (DeFi) entities and others.”
During the comment period, many lodged disapproval, which the IRS ignored. After promulgating final rulemaking concerning the less controversial CeFi aspects in June 2024, the IRS waited until after the election for the remaining DeFi portions. Of course, Donald Trump then won that election, and this meant that with the rule still pending the composition of the IRS leadership was likely to change in January. To some, this fact might have suggested that that the proposed rule was dead, but the IRS chose another path. Reporting began coming out in early December that a final rule would come before the end of the year, and on December 27, it did.
While the final rule differed from the 2023 proposal, it still imposes ongoing reporting obligations on two key cryptocurrency products—software wallets and DeFi front-ends. The standard is quite difficult to ascertain from reading the law, but it boils down to covering anyone who is “in a position to know the nature of the transaction”, which apparently means anyone who has such ongoing relationship with the custody of digital assets that they are able to ask users for information.3
I don’t want to sugarcoat this. This rule will, in one fell swoop, make DeFi as we know it illegal. Essentially any project that developed a front-end to use their product, like e.g. Uniswap, dYdX, or Aave, would, in effect, be required to KYC their customers. This would end the permissionless era of cryptocurrency. This decision is a little bizarre in light of the recent Fifth Circuit ruling in Van Loon v. Department of Treasury, 122 F.4th 549 (5th Cir. 2024), which suggested that immutable smart contracts on-chain are impervious to ownership and so outside of OFAC’s legal purview.
I don’t think the rule is incoherent though. It represents an extension of federal oversight to activity that the government is interested in, but does not currently have clear authority to regulate. To the extent DeFi entities are able to avoid KYC/AML obligations under the BSA or OFAC by deploying smart contracts which they do not control, this law divests them of that privilege. Obviously, the cryptocurrency industry should hate that, but you can see why the IRS would want to do it! It gives them more control, more visibility, and will potentially allow them to tax more stuff.
In fact, the IRS seems to take explicit steps to prevent future projects from using the “immutability” playbook to their advantage for tax purposes, saying:
“[T]o ensure that trading front-end service providers do not take steps to artificially avoid meeting the position to know standard, final §1.6045-1(a)(21)(ii) provides that, except as provided by the Secretary, a contractual or other restriction not required by law that limits the ability of the person providing trading front-end services to amend, update, or otherwise substantively affect the terms under which the services are provided or the manner in which the order is processed will be disregarded for purposes of determining if a person meets the position to know standard.”
What this means is you can’t use workarounds to avoid the reporting requirement—if they want the rule to apply to you, then they believe it applies to you, and that’s that.
Except, well, it actually isn’t. There are a number of avenues through which this rule may be spiked or nerfed before it is scheduled to take effect in 2027.
The first is the Congressional Review Act (CRA), which allows Congress to overturn a final regulation by joint resolution within 60 days of being issued. During Donald Trump’s first term as president in 2017, the CRA was used 16 times, and given cryptocurrencies' significant lobby and a Republican trifecta, it seems likely that it will be used here.
Second, there is already litigation filed by the Blockchain Association and DeFi Education Fund arguing that the rule is illegal. The case makes a number of arguments, but the strongest is simply that the definition of “broker” promulgated by the IRS is different than definition written in the plain language of the statute.
I am of two minds about this argument, on one hand, Congress seems to have intended to permit the IRS to define broker as it wished, as the contemporaneous “‘Technical Explanation of Section 80603, “Information Reporting For Brokers And Digital Assets,’ Of The Infrastructure Investment And Jobs Act” released by the Joint Committee on Taxation says in plain language:
The provision amends section 6045(c)(1) so that the definition of broker expressly includes any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person. The change clarifies present law to resolve uncertainty over whether certain market participants are brokers. The change is not intended to limit the Secretary’s authority to interpret the definition of broker. (emphasis added)
Then again, Joint Committee on Taxation reports are not legislative history4, and even legislative history is irrelevant where the language of a law is unambiguous. In this case, the definition of broker in the law is what it is, and it is not clear why the IRS should be able to expand this. Of course, in a Chevron world, they might still be able to, but now, under Loper Bright, it seems plausible that the IRS is not permitted to proceed with this broader extra-statutory definition of broker.
Finally, there is going to be tax legislation this year, in one form or another. The 2017 Trump tax cuts are expiring, and the Republicans are going to get something through, in the omnibus reconciliation bill (a “big, beautiful bill”) if nowhere else. If there is political will, this interpretation could be addressed there if nowhere else.
In net, it seems unlikely that these IRS rules ever go into effect. They are bad though, very bad, and a further reminder that the Cryptocurrency industry has to lock in affirmative legality over the next two to four years, or face practical extinction. The operation of DeFi as it is currently constructed fundamentally curtails the power of the government to monitor monetary transactions—that's the point—and that is an unstable equilibrium. Either cryptocurrency finds a safe harbor, or some opportunistic leftist will kill it some day. Time to put the pedal down.
Until next week.
Federally chartered depository banks cannot operate without FDIC insurance.
I checked and sliced bread was first sold in 1928, five years before the FDIC was chartered.
This seems to be meant to exclude hardware wallets, which, I suppose because they are not networked, are not in a position to ask. This distinction seems a little tortured to me.
In law, legislative history means, more or less, stuff lawmakers said on the floor of Congress about the bills they were passing while they debated it. When laws are profoundly ambiguous, courts will sometimes pretend to look to legislative history to determine what they mean. What courts actually do is make up their mind about what outcome they want and then cherry pick legislative history to bolster whatever arguments they want to make as to the strength of that interpretation, but I digress.