Suzanne Martindale, head of California’s Division of Consumer Financial Protection, had just joined the state’s financial regulatory body in early 2021 when crypto suddenly became a serious consumer concern.
Crypto’s explosive growth sparked heightened worries about consumers dabbling in a volatile market and getting ripped off in the process.
“I would say that 2021 really was the year that everything seemed to get turbocharged,” Martindale, a senior deputy commissioner at California's Department of Financial Protection and Innovation as well as head of the financial protection division, told Protocol.
“We are getting complaints where people are just straight-up being defrauded,” she said.
The resulting push to regulate crypto has kept Martindale busy.
She began the week by studying a new bill — AB 2269, filed by Assemblymember Timothy Grayson — that would require crypto companies offering financial products in California to register with the DFPI.
Martindale described the proposal as “a massive new bill that would create a new kind of crypto native licensing program in California.” It would be a big change for a state that’s taken a mostly hands-off approach, even as San Francisco’s become a hub for the crypto industry and Sand Hill Road has raised billions to invest in startups.
In an interview with Protocol, Martindale discussed why regulating crypto has become critical and challenging, given the industry’s rapid expansion, and how California can play an important role in this effort.
This interview has been edited for brevity and clarity.
What would California’s AB 2269 do if passed?
By and large, it is a bill that would create a new licensing regime for crypto finance. It would direct our department to stand up a new licensing program over crypto finance. It would sweep up a lot of the crypto-asset-related financial products out there and subject them to required licensing and examination. It is designed to be a consumer protection bill, to establish minimum standards for various crypto-related products and services.
What is in place now? What are crypto companies required to do given the current laws?
There’s no one-size-fits-all answer at this point. We've had discussions over the last several years. The term “fintech” has become popular, and you have tech companies wading into the financial services market.
You can talk about technology all day long, but when it comes to consumer finance, there are four kinds of activities people engage in: They're spending, they're saving, they're borrowing or they're investing. That's always where I start: What kind of activity are we talking about?
Because in some cases, some products and services that may be marketed as tech may still fall squarely under one of those buckets: “Oh, it looks like a deposit account. It looks like a form of payment. It looks like a loan or it looks like an investment product.”
What we look at is really the activity. There are different kinds of products out there. There's a wallet where you can hold assets. You may send money to a friend. You may be borrowing against your bitcoin, using it as collateral or you might be taking on an investment product.
There may be a different answer depending on the use case for what laws may or may not apply. That's the debate that everyone is having right now.
We're trying to take a measured approach. We don't want to go too slow or too fast. We want to do it right with the explosion in these offerings and the increasing activity at the retail customer level.
We know we need to act, but we want to do it right. We are getting complaints where people are just straight-up being defrauded. We know that there are people that are just outright just getting scammed, and so we don't want to move too slow either.
If this bill passes, what would be the next step for the DFPI?
We would have to put in a budget request to hire a bunch of new staff to implement this. We would have to pivot quite substantially to implement a new licensing program that may indeed override some of the work that we were contemplating doing on the regulatory and administrative level.
Wouldn’t it help provide clarity, or create more confusion potentially?
We need to analyze it. I'm someone who likes to be plain-speaking and give clear, your-grandma-can-understand kind of answers. Part of the challenge, part of the vexing challenge with crypto — and this has been the case for years in the area where crypto meets finance — even getting stakeholders to use a common set of terms, we're not even there yet.
You have people that are still saying “crypto assets” or “cryptocurrency.” In the Biden executive order, they use the term “digital asset.” By and large, in our executive order, we have “crypto assets and related” financial products and services.
People use different terms and have different kinds of preconceived notions in their heads about what this may or may not be. We need to all be speaking the same language as regulators and as stakeholders in this process so that we can be on the same page to even have coherent policy debates. And that's part of the challenge here.
New York introduced its own crypto licensing program a few years ago. What have been the big lessons from that experience?
I can't speak for New York. To create a crypto-specific licensing regime, that's one approach.
What we're doing right now is taking a look at the laws we already have. We have this new California Consumer Financial Protection Law that passed in 2020. That's modeled after Dodd-Frank. That gives us broad and flexible general authority over financial products and services.
We already have statutory authority, and a broad definition of financial product and service where we could leverage the existing tools we have to establish supervision and examination and potentially draft rules of the road through regulation for financial products and services.
There's an open question: Do you craft an entirely new bucket that's for crypto? Or do you leverage the existing laws that you already have and just clarify when a company that is engaging in financial products and services, XYZ-product features, you know, does it already fit under an existing bucket? Or do you have to create a new bucket?
That's kind of the open question that we're now going to be facing, particularly with this legislation now being introduced.
So, there's still a debate.
Very much so. Absolutely, there's a debate.
Coinbase wants a separate regulator for crypto.
Right. I understand that people get frustrated all the time with the fact that technology outpaces the law. The California Consumer Financial Protection Law gives us broad definitional jurisdiction over financial products and services. You can call yourself whatever you want, but what we're going to ask is: What are you doing?
Are you offering a product or service that facilitates deposit taking? Does it look a lot like banking? Are you offering some sort of product that looks like an investment? Are you maybe a security? Are you offering a way to send or receive funds? Does that look like payments? Or are you offering something that gives people an advance on funds that kind of sounds like credit or loans?
Again, the four pillars of consumer finance are spending, saving, borrowing and investing. So we're going to look at the activity first. So I'm always going to ask the question: Do we need a new law? Do we need a new licensing regime? Or are these products, all things being equal, already covered by existing financial laws?
Maybe those financial laws aren't good enough. Maybe they don't quite fit. But let's start with what authority do we already have before we're looking at whether there are actual changes [we need to make] or you need a new license, or you need a new regulator completely to somehow handle these products and services.
All of those things you mentioned many crypto companies are doing.
Yeah. If there is something in a particular statute that just doesn't quite fit, let's have a conversation about it. But I think starting at the high level, I am not someone who says, “Oh, there's a new technology involved. Therefore, we need entirely new laws.”
That may or may not actually be the case. You really have to drill down, look at the facts and circumstances, look at what these companies are actually offering. Again, there's no one-size-fits-all answer in this.
That's why the executive order in California includes extensive stakeholder engagement. We published our invitation to comment a few days ago. We asked a series of questions about approaches to regulating this space. We're also directed to develop consumer protection principles.
At a very high level, if you want to be a good guy, here's the kinds of things you should be thinking about.
A lot of it's going to be pretty common sense, like truth in advertising, good customer service and a way to have error resolution procedures so people can fix problems, have a way to handle complaints — stuff that traditional companies have long been required to do under various laws.
We're going to be having meetings with various stakeholders and various industry segments and obviously with community groups and people who are using these products as retail customers to get a better sense for where the biggest risks are and where we should be allocating our resources to really provide some sanity to what is still an increasingly growing and often volatile ecosystem.
What are the most common consumer complaints you’ve received?
Some of it's been customer service issues. Some of it's been criminal fraud: the romance scams and affinity scams. It's — often, unfortunately — heartbreaking that there's just really very little we can do.
How do you compare the need to regulate crypto with the way other past trends or technologies had to be regulated?
It's moving very fast. I would say that 2021 really was the year that everything seemed to get turbocharged. For a while, it was just some early adopters and people that had money to burn. It was folks that were kind of crypto enthusiasts who were comfortable with the speculative nature of it. It was a relatively small pool of people, largely in the tech world, who are engaging.
But last year was the first year that we started getting complaints from regular folks that were saying, “Hey, I saw what I think was going to be a great deal and I thought, ‘Oh, this would be an alternative to traditional banks, and I could put my savings in it’ and, oops, my account got wiped out by a hacker and now I have no money.”
Last year was the first year we really heard that.
It's still an emerging issue. It doesn't quite compare to — I'm remembering back in the years building up to the foreclosure crisis, where community groups and advocates are sounding the alarm bell: “This is a ticking time bomb; you're putting people in mortgages they can't afford.” Then we hit that precipice and the global collapse of the financial system.
I don't think that we're there, in part because this has become a parallel system, right? These folks, by and large, are not in the banking system. So it's not quite the same thing as the real estate bubble of the 2000s or anything like that.
It still feels like early days. But it also feels like the pace is so much faster. It does feel like the next year to two years are going to be very critical for regulators across jurisdictions to start to put down some guardrails where the law is clear, where [if] there are obvious violations really start to draw some lines in the sand, like, “No, this is clearly illegal.”
The next year or two I think is going to be critical.
Another trend is the growing interest of institutional investors in crypto, highlighted by Fidelity’s announcement that it plans to allow retirement account holders to invest in bitcoin.
Certainly, we're seeing a lot of capital flowing. That certainly is going to be of interest to us. We're not necessarily going to say that a lot of investment in a particular space is an unqualified good or unqualified bad.
We need to take a look at what's going on and get the best information and then just make sure that we are adaptive. People may find this odd coming from a regulator, but we're trying to be nimble here. We're trying to get in front of these emerging issues so that we're not waiting until after everyone's been ripped off, or you and the bad actors have made good money and the good actors have been outcompeted. We don't want that to happen.
Again, we have to balance that with: If we rush in too fast before we have good information, we could potentially make the wrong call. We don't want to make the wrong call.
Where the money flows may or may not be indicative of what actually is responsible. It just indicates stakeholder interest, and it means that we need to be where those conversations are happening.
California, historically, has been known to set the pace for different areas of regulations. How do you view efforts to regulate crypto in Washington and other states?
Well, California, on its own, is the fifth-largest economy in the world. Often, businesses and industries often start and grow here. We are a resource-rich state in more ways than one. In many instances, where California goes, so goes the nation. We do think we have a responsibility to play a leadership role in this space.
Washington can't do everything from Washington. We strongly believe that there is an important role for states to play in regulating industries and protecting our residents. So we’re doing this all in concert with our federal partners. We don't want to create conflicting rules that don't make sense.