'People are getting scammed': A top California regulator has major crypto worries

Suzanne Martindale, who leads California’s financial consumer-protection efforts, sees the industry moving fast and regular people getting hurt.

Suzanne Martindale

Suzanne Martindale told Protocol why regulating crypto has become critical and challenging.

Photo: DFPI

Suzanne Martindale, head of California’s Division of Consumer Financial Protection, had just joined the state’s financial regulatory body in early 2021 when crypto suddenly became a serious consumer concern.

Crypto’s explosive growth sparked heightened worries about consumers dabbling in a volatile market and getting ripped off in the process.

“I would say that 2021 really was the year that everything seemed to get turbocharged,” Martindale, a senior deputy commissioner at California's Department of Financial Protection and Innovation as well as head of the financial protection division, told Protocol.

“We are getting complaints where people are just straight-up being defrauded,” she said.

The resulting push to regulate crypto has kept Martindale busy.

She began the week by studying a new bill — AB 2269, filed by Assemblymember Timothy Grayson — that would require crypto companies offering financial products in California to register with the DFPI.

Martindale described the proposal as “a massive new bill that would create a new kind of crypto native licensing program in California.” It would be a big change for a state that’s taken a mostly hands-off approach, even as San Francisco’s become a hub for the crypto industry and Sand Hill Road has raised billions to invest in startups.

In an interview with Protocol, Martindale discussed why regulating crypto has become critical and challenging, given the industry’s rapid expansion, and how California can play an important role in this effort.

This interview has been edited for brevity and clarity.

What would California’s AB 2269 do if passed?

By and large, it is a bill that would create a new licensing regime for crypto finance. It would direct our department to stand up a new licensing program over crypto finance. It would sweep up a lot of the crypto-asset-related financial products out there and subject them to required licensing and examination. It is designed to be a consumer protection bill, to establish minimum standards for various crypto-related products and services.

What is in place now? What are crypto companies required to do given the current laws?

There’s no one-size-fits-all answer at this point. We've had discussions over the last several years. The term “fintech” has become popular, and you have tech companies wading into the financial services market.

You can talk about technology all day long, but when it comes to consumer finance, there are four kinds of activities people engage in: They're spending, they're saving, they're borrowing or they're investing. That's always where I start: What kind of activity are we talking about?

Because in some cases, some products and services that may be marketed as tech may still fall squarely under one of those buckets: “Oh, it looks like a deposit account. It looks like a form of payment. It looks like a loan or it looks like an investment product.”

What we look at is really the activity. There are different kinds of products out there. There's a wallet where you can hold assets. You may send money to a friend. You may be borrowing against your bitcoin, using it as collateral or you might be taking on an investment product.

There may be a different answer depending on the use case for what laws may or may not apply. That's the debate that everyone is having right now.

We're trying to take a measured approach. We don't want to go too slow or too fast. We want to do it right with the explosion in these offerings and the increasing activity at the retail customer level.

We know we need to act, but we want to do it right. We are getting complaints where people are just straight-up being defrauded. We know that there are people that are just outright just getting scammed, and so we don't want to move too slow either.

If this bill passes, what would be the next step for the DFPI?

We would have to put in a budget request to hire a bunch of new staff to implement this. We would have to pivot quite substantially to implement a new licensing program that may indeed override some of the work that we were contemplating doing on the regulatory and administrative level.

Wouldn’t it help provide clarity, or create more confusion potentially?

We need to analyze it. I'm someone who likes to be plain-speaking and give clear, your-grandma-can-understand kind of answers. Part of the challenge, part of the vexing challenge with crypto — and this has been the case for years in the area where crypto meets finance — even getting stakeholders to use a common set of terms, we're not even there yet.

You have people that are still saying “crypto assets” or “cryptocurrency.” In the Biden executive order, they use the term “digital asset.” By and large, in our executive order, we have “crypto assets and related” financial products and services.

People use different terms and have different kinds of preconceived notions in their heads about what this may or may not be. We need to all be speaking the same language as regulators and as stakeholders in this process so that we can be on the same page to even have coherent policy debates. And that's part of the challenge here.

New York introduced its own crypto licensing program a few years ago. What have been the big lessons from that experience?

I can't speak for New York. To create a crypto-specific licensing regime, that's one approach.

What we're doing right now is taking a look at the laws we already have. We have this new California Consumer Financial Protection Law that passed in 2020. That's modeled after Dodd-Frank. That gives us broad and flexible general authority over financial products and services.

We already have statutory authority, and a broad definition of financial product and service where we could leverage the existing tools we have to establish supervision and examination and potentially draft rules of the road through regulation for financial products and services.

There's an open question: Do you craft an entirely new bucket that's for crypto? Or do you leverage the existing laws that you already have and just clarify when a company that is engaging in financial products and services, XYZ-product features, you know, does it already fit under an existing bucket? Or do you have to create a new bucket?

That's kind of the open question that we're now going to be facing, particularly with this legislation now being introduced.

So, there's still a debate.

Very much so. Absolutely, there's a debate.

Coinbase wants a separate regulator for crypto.

Right. I understand that people get frustrated all the time with the fact that technology outpaces the law. The California Consumer Financial Protection Law gives us broad definitional jurisdiction over financial products and services. You can call yourself whatever you want, but what we're going to ask is: What are you doing?

Are you offering a product or service that facilitates deposit taking? Does it look a lot like banking? Are you offering some sort of product that looks like an investment? Are you maybe a security? Are you offering a way to send or receive funds? Does that look like payments? Or are you offering something that gives people an advance on funds that kind of sounds like credit or loans?

Again, the four pillars of consumer finance are spending, saving, borrowing and investing. So we're going to look at the activity first. So I'm always going to ask the question: Do we need a new law? Do we need a new licensing regime? Or are these products, all things being equal, already covered by existing financial laws?

Maybe those financial laws aren't good enough. Maybe they don't quite fit. But let's start with what authority do we already have before we're looking at whether there are actual changes [we need to make] or you need a new license, or you need a new regulator completely to somehow handle these products and services.

All of those things you mentioned many crypto companies are doing.

Yeah. If there is something in a particular statute that just doesn't quite fit, let's have a conversation about it. But I think starting at the high level, I am not someone who says, “Oh, there's a new technology involved. Therefore, we need entirely new laws.”

That may or may not actually be the case. You really have to drill down, look at the facts and circumstances, look at what these companies are actually offering. Again, there's no one-size-fits-all answer in this.

That's why the executive order in California includes extensive stakeholder engagement. We published our invitation to comment a few days ago. We asked a series of questions about approaches to regulating this space. We're also directed to develop consumer protection principles.

At a very high level, if you want to be a good guy, here's the kinds of things you should be thinking about.

A lot of it's going to be pretty common sense, like truth in advertising, good customer service and a way to have error resolution procedures so people can fix problems, have a way to handle complaints — stuff that traditional companies have long been required to do under various laws.

We're going to be having meetings with various stakeholders and various industry segments and obviously with community groups and people who are using these products as retail customers to get a better sense for where the biggest risks are and where we should be allocating our resources to really provide some sanity to what is still an increasingly growing and often volatile ecosystem.

What are the most common consumer complaints you’ve received?

Some of it's been customer service issues. Some of it's been criminal fraud: the romance scams and affinity scams. It's — often, unfortunately — heartbreaking that there's just really very little we can do.

How do you compare the need to regulate crypto with the way other past trends or technologies had to be regulated?

It's moving very fast. I would say that 2021 really was the year that everything seemed to get turbocharged. For a while, it was just some early adopters and people that had money to burn. It was folks that were kind of crypto enthusiasts who were comfortable with the speculative nature of it. It was a relatively small pool of people, largely in the tech world, who are engaging.

But last year was the first year that we started getting complaints from regular folks that were saying, “Hey, I saw what I think was going to be a great deal and I thought, ‘Oh, this would be an alternative to traditional banks, and I could put my savings in it’ and, oops, my account got wiped out by a hacker and now I have no money.”

Last year was the first year we really heard that.

It's still an emerging issue. It doesn't quite compare to — I'm remembering back in the years building up to the foreclosure crisis, where community groups and advocates are sounding the alarm bell: “This is a ticking time bomb; you're putting people in mortgages they can't afford.” Then we hit that precipice and the global collapse of the financial system.

I don't think that we're there, in part because this has become a parallel system, right? These folks, by and large, are not in the banking system. So it's not quite the same thing as the real estate bubble of the 2000s or anything like that.

It still feels like early days. But it also feels like the pace is so much faster. It does feel like the next year to two years are going to be very critical for regulators across jurisdictions to start to put down some guardrails where the law is clear, where [if] there are obvious violations really start to draw some lines in the sand, like, “No, this is clearly illegal.”

The next year or two I think is going to be critical.

Another trend is the growing interest of institutional investors in crypto, highlighted by Fidelity’s announcement that it plans to allow retirement account holders to invest in bitcoin.

Certainly, we're seeing a lot of capital flowing. That certainly is going to be of interest to us. We're not necessarily going to say that a lot of investment in a particular space is an unqualified good or unqualified bad.

We need to take a look at what's going on and get the best information and then just make sure that we are adaptive. People may find this odd coming from a regulator, but we're trying to be nimble here. We're trying to get in front of these emerging issues so that we're not waiting until after everyone's been ripped off, or you and the bad actors have made good money and the good actors have been outcompeted. We don't want that to happen.

Again, we have to balance that with: If we rush in too fast before we have good information, we could potentially make the wrong call. We don't want to make the wrong call.

Where the money flows may or may not be indicative of what actually is responsible. It just indicates stakeholder interest, and it means that we need to be where those conversations are happening.

California, historically, has been known to set the pace for different areas of regulations. How do you view efforts to regulate crypto in Washington and other states?

Well, California, on its own, is the fifth-largest economy in the world. Often, businesses and industries often start and grow here. We are a resource-rich state in more ways than one. In many instances, where California goes, so goes the nation. We do think we have a responsibility to play a leadership role in this space.

Washington can't do everything from Washington. We strongly believe that there is an important role for states to play in regulating industries and protecting our residents. So we’re doing this all in concert with our federal partners. We don't want to create conflicting rules that don't make sense.


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories