United States: SEC’s Division of Corporation Finance Clarifies That Participation in Certain Proof-Of-Stake Activities Does Not Require SEC Registration
On 29 May 2025, the SEC’s Division of Corporation Finance (the Division) issued a guidance statement (Statement) related to certain protocol staking activities. The Statement addresses the impact of federal securities laws on staking of crypto assets on networks that use proof-of-stake (PoS) as a consensus mechanism (PoS Networks). Such activity is referred to as “Protocol Staking” and such assets, “Covered Crypto Assets.”
Specifically, the Division stated that (i) staking Covered Crypto Assets on a PoS Network; (ii) the activities undertaken by third parties involved in the Protocol Staking process (including third-party node operators, validators, custodians, delegates and nominators); and (iii) providing certain ancillary services related to Protocol Staking in the manner described in the Statement do not involve the offer and sale of securities within the meaning of Section 2(a)(1) of the Securities Act of 1933 (the Securities Act) or Section 3(a)(10) of the Securities Exchange Act of 1934 and, therefore, do not need to register under the Securities Act, or fall within an exemption from registration.
The Statement provides guidance solely with respect to Protocol Staking activities undertaken in connection with self (or solo) staking, self-custodial staking directly with a third party and through custodial arrangements. The Statement does not cover instances where a custodian selects whether, when, or how much of an owner’s crypto assets to stake.
With respect to ancillary services, the Statement provides that service providers—including custodians—may engage in activities that are ministerial or administrative in nature, including providing slashing coverage, early unbonding, alternate rewards payment schedule and amounts, and the aggregation of crypto assets.
The Statement follows recent guidance from the Division providing greater clarity on the application of the federal securities laws to digital assets, including an FAQ that addresses broker-dealer custody of digital assets.
MISSING LINK: Court Dismisses Plaintiff’s Claim Due to Omission of Crucial Allegations
One of the basis principals of a lawsuit, which many plaintiffs seem to forget, is that the defendant being sued must be liable for the conduct alleged in the lawsuit. For instance, when claiming damages for prerecorded calls made without consent, a plaintiff must sufficiently allege that it is the defendant who made the calls in the first place. Another court has now held that a plaintiff has failed to satisfy this basic legal requirement.
In Lightfoot v. SelectQuote, Inc., No. 1:24-cv-04673, 2025 WL 154795 (N.D. Il. Jun. 2, 2025), the Court granted SelectQuote’s motion to dismiss the plaintiff’s claim because the plaintiff had not linked the alleged activity with SelectQuote. The plaintiff claimed that the calls in question featured the following prerecorded message:
Hello. Hello. Hello. This is Ashley, your health center representative. How are you doing today? I’m calling because the updated plans for Medicare have just been released, and it may give you some better access to things like dental, vision, hearing, and over-the-counter benefits. Now, these benefits aren’t automatically given, so we are calling to make sure that you actually are given everything you may be entitled to. There’s also an additional benefit, which you may qualify to get up to $148 a month. That is cash back to your Social Security, depending on your income. Now, I believe you do have Medicare Part A and B, correct? That’s awesome. Okay, this is all the information that I need for my site to check your eligibility, and it does look like you qualify, I’m going to go ahead and get started. Thank you.
Notably missing from the above message? The defendant’s name. According to the Lightfoot plaintiff’s allegations, the received calls all followed the same or a substantially similar script. Thus, SelectQuote was not identified as the caller in any of the messages.
Of course, where a plaintiff can actually allege that the defendant made the call in question, the caller usually identifies themselves as the defendant. Or at least there is call-back number providing this link to the defendant. The Lightfoot plaintiff could not allege any of these facts.
Instead, the plaintiff oddly pointed to other lawsuits against SelectQuote to somehow argue that SelectQuote made the calls at issue in their own case. That is not how the law works. Plaintiffs cannot get around the basic tenet of a lawsuit by pointing to other lawsuits, with entirely different fact patterns, where the calls might have actually been made by the defendant.
Sometimes, a plaintiff can get around the requirement that the defendant needs to have made the calls in question by arguing that the defendant is vicariously liable for those calls. This requires showing that the defendant had some type of authority, or ratified, the alleged calls. Although the Lightfoot plaintiff claimed to proceed on a theory of vicarious liability, the plaintiff did not make any of these allegations. Outside the conclusory claim that SelectQuote called plaintiff, which the court properly did not consider, the plaintiff did not make any allegations as to the defendant’s liability for the purported calls.
Fortunately for SelectQuote, the Lightfoot court did not agree with any of the plaintiff’s reasoning. The court dismissed the plaintiff’s claims, finding that there was no link between plaintiff’s claims and the calls at issue.
Protecting Sponsors from Emerging Portfolio Company Risks through Insurance
In addition to the normal operational and legal risks associated with owning and managing portfolio companies, 2025 has introduced or exacerbated a wave of geopolitical and macroeconomic risks such as inflation, tariffs, trade, depressed consumer sentiment, political risks, and credit risks. The resulting, increased risks faced by portfolio companies has caused a need for private equity sponsors to focus more closely on the insurance maintained at the portfolio company level, and not only the sponsor’s own policies. It is critical for sponsors to work closely with management of their portfolio companies, insurance brokers, and experienced coverage counsel to review and negotiate strong insurance for their portfolio companies. Savvy sponsors are able to utilize their leverage to negotiate bespoke, manuscript policy forms that can be used across their portfolio to provide consistent, strong protection for each of the sponsor’s portfolio companies.
Legal risks at the portfolio company level can impact sponsors not only by harming the value of their investment but also by leading to direct claims being brought against individuals the sponsor appointed to the portfolio company’s board and against the sponsor itself. These risks are particularly acute during times of economic distress or uncertainty, where creditors and other constituents commonly bring claims for breaches of fiduciary duty against directors and aiding and abetting claims against the appointing sponsor.
Coverage disputes in this scenario are both more likely and more difficult when strong coverage under both sets of policies – the sponsor’s own policy and the portfolio company’s policy – has not been negotiated and attention has not previously been given to ensuring that the two sets of policies work together. For example, careful attention needs to be given to policy provisions addressing whether and how a policy applies when an individual serves in multiple capacities and is sued in both capacities (e.g., as an employee of a sponsor and a board member of a portfolio company) and in what order multiple, potentially implicated policies (e.g., the sponsor’s policy and the portfolio company’s policy) apply. Additionally, particularly careful attention needs to be given to the renewal of insurance policies for portfolio companies experiencing financial distress, as insurers often use those circumstances as a basis for adding exclusions and provisions that can significantly limit coverage, such as exclusions that bar coverage when the company becomes insolvent, exclusions for claims brought by creditors, and other problematic provisions. Careful review, negotiation, and coordination of the language and structure of portfolio company policies and private fund‑level policies can help mitigate the risks arising from portfolio companies to sponsors and their associated individuals.
One promising development we have seen in the last year is that more sponsors (but still a distinct minority) have begun to negotiate strong, manuscript policies for all of their portfolio companies. Historically, the quality of coverage provided under directors and officers (“D&O”) policies issued to portfolio companies has been poor – and that continues to be true of the majority of portfolio company policies – but as more sponsors begin focusing on the quality of their portfolio companies’ policies, that should change.
Relatedly, we have also seen an increased focus on protecting individuals against the legal and regulatory risks they face from serving as directors of portfolio companies. This increased focus on individual protection has included an increased emphasis on obtaining dedicated insurance limits for individuals when the company is unable to provide indemnification (called “Side A” policies”) at the portfolio company‑level and to negotiate enhancements to such policies. It is critically important to ensure that sponsor policies and portfolio company policies respond seamlessly and in a prearranged coordinated fashion in these claims.
Of course, the types of litigation and regulatory risks covered by D&O policies are far from the only risks faced by portfolio companies and that can impact sponsors. For example, the increased frequency and severity of data breaches, ransom demands, and social engineering theft has made protection against cyber risks through strong cyber insurance policies critical for portfolio companies and their sponsors. The market for cyber insurance has hardened in the past several years, however – with increased premium costs and additional limitations on coverage – due to cyber insurers having paid out more and larger claims than they had anticipated for cyber events. The more challenging market has made it even more important for careful analysis and review of potential insurance coverage, particularly because it is rare for all cyber risks of concern to be covered under the same policy. Instead, it is common for cyber “crime” risks (for example, social engineering and fraudulent transfers) to be covered under a crime policy or endorsement to a fidelity bond, with other cyber risks (for example, data breaches and business interruption from cyber events) to be covered under a separate cyber policy. Coordinating these separate coverages is important to ensure that as broad a spectrum of cyber risks as possible are covered.
As the risks facing sponsors and their portfolio companies continues to evolve, the insurance they purchase must likewise evolve to match those risks. It is imperative that sponsors and their portfolio companies work with sophisticated insurance brokers and experienced coverage counsel to ensure that their portfolio companies obtain strong coverage. Sponsors also should enhance their leverage to negotiate manuscript policies that can be used by all of their portfolio companies (rather than placing coverage piecemeal) with additional enhancements added as needed – to help protect the sponsor’s investment and their individuals from the developing risks faced by their portfolio companies. This approach also will provide enhanced commercial leverage and legal protection to resolve claims more expeditiously and efficiently for greater amounts of coverage in order to manage emerging complex risks more effectively.
Additional Authors: Joshua M. Newville, Todd J. Ohlms, Robert Pommer, Seetha Ramachandran, Nathan Schuur, Jonathan M. Weiss, William D. Dalsen, Adam L. Deming, Adam Farbiarz & Hena M. Vora
Why the Family Office of the Future Needs Refreshed Operating Models
Advances in tech and a need for talent highlight opportunities for family offices to evolve, Wharton Global Family Alliance survey shows.
In brief
Risk management is among top priorities, but implications can be easy to overlook in outsourced services, data protection and succession planning.
Generative AI remains on the sidelines for now, but family offices can begin strengthening the foundation for the technology and exploring use cases.
Ernst & Young LLP (EY US) and the Wharton Global Family Alliance (Wharton GFA), a world-leading research forum created by the Wharton School of the University of Pennsylvania and the CCC Alliance, formed a three-year collaboration to advance knowledge on issues and trends impacting multigenerational family businesses and their offices. This article is an output of the collaboration and represents EY US’s views on the findings of the 2024 Family Office Benchmarking Report by the Wharton GFA.
Family offices face the need to re-evaluate their operating models over the near and long term, and they are increasingly choosing to leverage external providers specialized in a particular area of need. However, new research in the Wharton Global Family Alliance’s 2024 Family Office Survey shows the inherent obstacles to making the change from a do-it-yourself group to a lean, flexible organization capable of selecting and managing world-class partners.
It’s an exciting time for family offices to reframe potential challenges as competitive advantage. These relatively small organizations are tasked with implementing and working successfully with a huge array of disruptive new technologies. They must address a complex world that demands access to better information, as well as young workers who expect to be freed from low-value tasks by automation, outsourced services and increasing AI. Leveraging and controlling information means balancing risk and opportunity — AI, for example, promises to deliver extraordinary results, but users quickly realize that managing it requires a deep understanding of its inherent biases and opaque decision-making processes. And as family offices forge new relationships, each one exposes the family to new privacy concerns, and it requires management to focus on collaborating with firms that are often vastly larger than their family office clients.
It is therefore no surprise that family office respondents in the Wharton survey say their main priority currently, aside from driving higher investment returns, is managing risk. And when asked about their main risks, they cite information security and cyber risks, reputation management and privacy, and financial fraud and identity theft — all of which are part of the technology risk profile and supported by the back office. They are reflections of how much family offices have evolved in the past few years, as well as how much more that they can achieve with proactive consideration.
In this environment, technology, people and processes must all evolve in parallel. If a family office is working with new technology, they are confronted with the challenge of marrying it with existing staffing, governance and processes. Given the difficulty of hiring, we are forced to consider hybrid operating models that create access to different pools of talent, including outsourcing to service providers that have equal if not better capability and scalability, creating a new paradigm of sophisticated co-sourcing. Yet if handled improperly, such new operating models expand risk, not manage it. And with so much disruption in the present, it’s easy to lose sight of the future in the form of succession plans.
Methodology of the Wharton survey
The online survey instrument was developed and distributed in Q1 2024, both directly to family offices and through a select number of firms that have family office clients. Survey respondents are from 21 countries spread across North and South America, Europe, the Middle East, Asia and Australia. In the Wharton sample, 47% of the family offices serve 1-3 households, about 25% serve 4-6 households, and about 28% serve more than 7 households. About 30% of sample family offices employ 4-7 professionals and about 25% employ over 12 professionals. With respect to the assets under management, 34% of respondents have less than $500 million, 24% have $500 million to $1 billion, and 42% have greater than $1 billion.
Here are four areas of focus for striking the right operating model and moving into the future with confidence.
Talent and outsourced services for family offices
Data protection and its role in enabling the future
Generative AI: being positioned for tomorrow
Further into the future: succession planning
Chapter 1
Talent and outsourced services for family offices
Family offices are increasingly gaining specialized help during a disruptive time for tech and talent — an approach that can pay dividends but also can entail new forms of risk.
Chart description: The types of services and activities that are enabled through the use of a family office and a breakdown of who provided the same services and activities without a family office. Asset allocation ranks as the most-enabled activity, which was typically done by in-house staff.
Within the focus area of people, family offices rely on an array of advisors, as shown in the chart above, whether for common needs such as banking, accounting and legal services or even for less common items like education of family members and philanthropy. On average, family offices spend almost 40% of their budgets on outsourced services (about 30% in investment management as well as 10% in other areas such as back-office support services). With the exception of real estate assets and principal (direct) investments, which are generally managed in-house, the management of other asset classes is outsourced to specialist managers.
By leveraging multiple providers for non-investment services, family offices are gaining specialized help in a difficult market for talent — an excellent strategy in a very dynamic environment. Doing so does not come without risk, as they are also opening themselves up to greater complexity that must be managed. Further, more and more vendors in the market are looking to capitalize on the trend of buy rather than build and may not yet be fully qualified to offer complex and high-touch service needs in a cost-effective manner.
In terms of operating models, single-family offices are also considering new ways of leveraging external providers to support or operate certain functions that require the need for specialized platforms and resources, the separate EY Single Family Office study found. Many single-family offices are collaborating with external partners to support their agenda around risk and operational scalability. Our survey found that more than 90% of single-family offices are either currently leveraging or are considering co-sourcing functions related to risk management across the operating model.
Part of this acceleration toward third-party support stems from a broader set of external service providers — not just law and tax/accounting firms but also banks and others — with enhanced capabilities to support an outsourced model through greater scale and broad expertise to leverage. Such vendors are increasingly adopting institutional-grade industry accreditation to validate their process and control environments, with System and Organization Controls (SOC) and International Organization for Standardization (ISO) badges.
We recommend:
When outsource providers play a significant role in your operating model, bring the same controlled rigor (if not more) to evaluating and monitoring your partners at a board or committee level, just as you would oversee your internal executive team. That is typically done through better governance and oversight frameworks, in the form of service-level agreements (SLAs) and key performance indicator (KPI) regimes in service contracts, as well as advanced data management capabilities that look across platforms and systems.
Look to technology vendors or outsource service providers that have SOC or ISO accreditation as part of the selection or annual review process.
When a vendor says it leverages AI, do further diligence on what that means — is it bringing optical character recognition or machine learning capabilities on data, or supporting with workflow efficiencies, or making actual decisions?
Chapter 2
Data protection and its role in enabling the future
Family offices know that data is crucial to becoming better organizations and must be protected. But the Wharton survey reveals gaps between what family offices are saying and what they are doing.
In the Wharton survey, family offices realize that data underpins their future and must be protected, crossing the domains of technology and processes. As such, family offices want to do more with their data. Yet those intentions must be matched with concrete plans and risk management.
About a quarter of respondents to the Wharton survey (24%) say that their family office or its personnel data has been compromised/breached by hackers or other unauthorized users — a jump from 16.7% in 2022. And of that group, 34% say the breach was slightly or moderately costly, while 8% say the fallout was extremely costly.
On average, family offices employ less than one FTE IT professional and few of these are cybersecurity experts. Even though family offices have identified cybersecurity risk as a top concern, responses indicate that they are not taking sufficient steps to address these risks. Family offices must ensure that cyber and IT risks are evaluated and that response plans are vetted, drawing from a risk framework developed at a board level.
In general, the information technology department in a family office supports a broad range of services, delivered by both in-house IT staff and external vendors. Less than 30% of family offices carry cybersecurity insurance (down from 45% in 2022) despite the potential costs associated with a data breach. However, 75% of respondents reported that they have experienced phishing attacks, compared with 60% in 2022 — a 15-percentage-point increase.
Chart description: The areas within the family office that are evaluated to measure cybersecurity protocols. “Network, cloud and data center protection” was most highly evaluated with 82%.
The technology stack of a family office is truly mission critical as it enables many of the tasks associated with financial management, information consolidation and aggregation, along with client reporting. Wharton survey respondents tell us that they choose such a platform primarily based on how well it can adapt to the specific context of the family office, along with ease of use and accessibility. Cost and complete confidentiality, the other criteria offered in the survey, tie for the lowest ranking — another warning sign that security isn’t always treated as a priority.
Chart description: The criteria a family office uses to choose the best consolidation and/or aggregation platform. “Adaptability to my context” was the highest-ranking choice.
One way that family offices are strengthening their risk profiles is by leveraging external service providers that have prebuilt institutional-grade capabilities. A side effect of looking to these vendors for services comes along with the vendor’s track record of meeting the needs of other large allocators (such as fund managers and public pensions) with tighter operational risk requirements.
Recommended service
We recommend:
Before signing with a new vendor or service provider, review service contracts for considerations such as ownership of data (what they can use your data for and whom they can share it with) and data retention and retrieval after the service terminates.
Perform appropriate due diligence on a managed service provider outsourced IT. Examine how many other single family offices they service, the service location and familiarity with the technology the family office uses.
Ensure your risk management framework addresses cyber risk in line with the spread of your information across partners, especially if your operating model heavily relies on outsourcing. Consider leveraging vendors that support institutional allocators and that meet their risk management needs.
Chapter 3
Generative AI: being positioned for tomorrow
Talent and data are essential for advancing the most disruptive technology since the internet: GenAI. Family offices are mostly not leveraging GenAI yet, but they should be cautiously exploring it.
Chart description: How Artificial Intelligence tools affect family office investment management processes. Most respondents, 56%, said it had no effect.
Since becoming more simplified and consumer-facing, GenAI has rocketed up boardroom agendas — but at family offices, which are rightfully cautious, its impact is largely still not yet being felt in their operating models. Among respondents, 10% reported that they use AI tools to generate new investment ideas and themes, but 56% answered that AI tools have no impact on the investment management process and 25% responded they do not know the impact yet.
GenAI has multifaceted use cases. For instance, GenAI can be used to query existing financial data to create future scenarios or return just-in-time analysis that might take an analyst several hours. More broadly, overall decision-making capabilities about many data-driven topics can be enhanced with GenAI, and everyday worker productivity can be boosted as well.
As familiarity with AI tools and their capabilities increases, family offices are more likely to embrace adoption. But today, that feels like a farther-out future: on average, family offices tell us that they have just 0.5 IT professionals on staff, who are typically more oriented around the “boxes and wires” of keeping technology operating instead of AI-specific domains. Another challenge is that many family offices invest in private markets, where unstructured data sets are not as accessible for identifying patterns, trends and correlations.
So what should family offices do now with GenAI? It’s better to leverage partners first as you build up your internal capabilities and adopt more specialized use cases within your organization. The first step is education to level up skills in the office and provide growth opportunities for employees, raising retention. The earliest use case could be using GenAI tools to work more efficiently: drafting communications, summarizing data, preparing family presentations and other tasks, guided by a thoughtful human worker.
Recommended service
We recommend:
As part of any strategy, the data component again looms as a primary concern. Data storage, construction and management are key foundational elements of GenAI, which can also present new risks to manage and information to keep secure.
Think about privacy and setting some ground rules on use. For example, uploading information to a public AI model poses a security risk, and data stored in the cloud for use by AI can also be breached — therefore, proven partners should be relied upon for AI tools, which must be thoroughly vetted. And relying on AI tools for decision-making could also compromise the fiduciary duty of care in ways that are difficult to understand.
Understand that “has no effect” is likely the wrong answer — the technology is poised to change business-as-usual in every sector. At a minimum, your vendors should be more heavily involved in GenAI, which should affect how you select and evaluate them.
Chapter 4
Further into the future: succession planning
Facing a mix of so many opportunities and challenges today, family offices are evolving dramatically — but they cannot lose sight of the people issues of tomorrow, particularly succession planning.
Forty percent of family offices in our sample were established after 2000. The original wealth creators account for 27%; 31% of the principals or beneficial owners of the family offices are in the second generation, while 25% of the principals or beneficial owners of family offices are in the fourth generation or later. Therefore, the good news is that most of family offices polled have some experience with a handoff from one generation to the next.
But while the operating entity may be prepared for succession, the family itself may not be. Families that have experienced disruption often experience issues on the family side, which damages the symbiotic relationship with the family office. About 40% of respondents reported that they have a formal succession plan for the leadership of the family office (moderately higher than 2022). And that figure is even lower — around 20% — for the family and for professional management of the family office, both of which represent double-digit declines from 2022. Additionally, a third of respondents reported that they have an informal succession plan (perhaps a verbal agreement).
The foundation for success relies on parallel governance, in which the family office provides operational confidence to the family member owners, who in turn return a patient capital base to the family office for investing and growth. Among the challenges they face, family offices primarily cite the young age of the next generation for planning their future roles (39%, compared to 26.2% in 2022) and the potential discomfort in discussing this sensitive subject matter (30%, a jump from 13.1% in 2022). And 22% say that no next-generation member is qualified to lead the family or family office, about the same as in the prior survey.
Chart description: The challenges facing family offices in respect to succession planning. The highest-ranking answer with 39% indicated “the next generation is too young to plan for their future roles.”
When it comes to trustees (who ultimately can control investments and businesses if deposited in trust), 58% of respondents reported that they are individual family members, while 50% reported that the trustees are non-family individual advisors. Based on our experience, an individual trustee tends to be an older generation, again raising the issue of succession.
Recommended service
We recommend:
Understand that transition planning can take a decade or more and that the best time to start thinking about family governance is before changes occur or transitions begin. Today’s owners should mentor the owners of the future for the cohesion, stewardship and competency needed to sustain a healthy business for generations.
Establish separate governance structures for the family and the family office, with clear communication and direction flowing between the two. The family governance focuses on developing a harmonious and capable shareholder base, while the office governance oversees strategy, growth and performance.
Regularly scrutinize who your trustees are and how they are qualified, with clear metrics. According to the survey, the most important criteria for selecting a trustee are privacy and confidentiality followed by loyalty and independence. Are these the best priorities?
Summary
To rapidly adapt to technological advancements and gain specialized services amid talent shortages, family offices must explore new operating models with a focus on effective governance and strategic planning. The Wharton Global Family Alliance’s 2024 Family Office Survey reveals the nuances between managing risk and capitalizing on it, showing areas that are being overlooked in a disruptive business environment.
North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions.
Key requirements, which mirror requirements under the federal Gramm-Leach-Bliley Act Safeguards Rule, include the following:
implementing a comprehensive information security program, including maintaining appropriate administrative, technical and physical safeguards;
designating a qualified individual responsible for overseeing, implementing and enforcing the financial corporation’s information security program;
basing an information security program on periodic risk assessments that incorporate designated content requirements and identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information, and reassessing the sufficiency of any safeguards in place to control these risks;
implementing safeguards to control the risks identified through the risk assessment, including but not limited to (1) implementing and periodically reviewing access controls; (2) implementing encryption of customer information held or transmitted by the financial corporation both in transit over external networks and at rest; (3) adopting secure development practices for in-house developed applications; (4) implementing multifactor authentication for any individual accessing any information system (unless the financial corporation’s qualified individual has approved in writing the use of a reasonably equivalent or more secure access control); (5) monitoring and logging user activity and (6) conducting continuous monitoring or periodic penetration testing and vulnerability assessments;
implementing a written incident response plan that addresses (1) the goals of the plan; (2) internal processes for responding to a security event; (3) clear roles, responsibilities, and levels of decision-making authority; (4) external and internal communications and information sharing; (5) requirements for remediating identified weaknesses in information systems and controls; (6) documentation and reporting regarding security events and related incident response activities and (7) evaluation and revision of the plan as necessary after a security event;
providing personnel with security awareness training that is updated as necessary to reflect risks identified by the risk assessment;
overseeing service providers by (1) taking reasonable steps to select and retain service providers capable of maintaining appropriate reasonable safeguards for customer information; (2) contractually requiring them to implement and maintain these safeguards and (3) periodically assessing the service providers based on the risk they present and the adequacy of their safeguards.
requiring the qualified individual provide reports in writing, at least annually, to the financial corporation’s board of directors or equivalent governing body addressing (1) the overall status of the security program and compliance with the Act and (2) material matters related to the information security program (e.g., risk assessments, security events, and recommendations for changes to the program).
The Act also imposes new requirements regarding security incidents (i.e., “notification events”). A “notification event” means the acquisition of unencrypted customer information without the authorization of the individual to which the information pertains. Financial corporations must notify the Department of Financial Institutions as soon as possible and no later than 45 days after discovering a notification event that involves the information of at least 500 consumers. Notably, the Act specifies that a notification event “must be treated as discovered on the first day when the event is known to the financial corporation. A financial corporation is deemed to have knowledge of a notification event if the event is known to any employee, officer, or other agent of the financial corporation, other than the person committing the breach.” The Act will take effect on August 1, 2025.
Cryptocurrency in 401(k): A Balanced Approach Returns
Takeaway
The 2025 CAR does not alter ERISA’s substantive fiduciary standards and considerations but eases the DOL’s previously hostile enforcement stance toward cryptocurrency and similar digital assets in 401(k) plans, restoring a “neutral” DOL enforcement approach. 401(k) plan fiduciaries must still consider all relevant ERISA factors and apply the necessary care, skill, prudence, and diligence required by ERISA in managing their 401(k) plan fund lineup. They can now feel more assured that a decision to include cryptocurrency in their 401(k) plan will not be subjected to increased scrutiny by the DOL; however, they must remain vigilant regarding the risk of potential participant claims and class actions.
Related Links
Compliance Assistance Release No. 2025-01
Compliance Assistance Release No. 2022-01
Article
On May 28, 2025, the DOL released Compliance Assistance Release No. 2025-01. The 2025 CAR rescinds the DOL’s previous Compliance Assistance Release No. 2022-01 (2022 CAR), issued in 2022, which indicated an unfavorable DOL enforcement stance on including cryptocurrency and similar digital assets in 401(k) plan fund lineups.
In rescinding the prior guidance, the DOL states that the 2022 CAR articulated a standard of care that was inconsistent with ERISA’s fiduciary principles, and that the 2025 CAR “restores the [DOL’s] historical approach by neither endorsing, nor disapproving of, plan fiduciaries who conclude that the inclusion of cryptocurrency in a plan’s investment menu is appropriate.”
The DOL further reminds plan fiduciaries that, “[w]hen evaluating any particular investment type, a plan fiduciary’s decision should consider all relevant facts and circumstances and will “necessarily be context specific”, and that fiduciaries must “curate a plan’s investment menu ‘with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims’ for the ‘exclusive purpose’ of maximizing risk-adjusted financial returns to the plan’s participants and beneficiaries.”
COOKIE CUTTER SOLUTION? Senate Bill 690’s “Commercial Business Purpose Exemption” Could Crumble CIPA Lawsuits!
California Senate Bill 690 (“SB 690”) aims to amend CIPA by creating a broad exemption for the use of online tracking technologies if employed for a “commercial business purpose.” This means that companies could deploy cookies, pixels, chatbots, and session replay software to collect and analyze user data – even if it captures personal communications – without facing CIPA lawsuits.
As all of you CIPAWorld dwellers know, in recent years, CIPA has become one of the most aggressively litigated privacy laws in the nation, especially since the infamous CIPA / TCPA catastrophe. Since Javier’s massive expansion of CIPA, thousands of high-profile lawsuits and arbitration demands have been filed against companies allegedly surreptitiously intercepting or “wiretapping” consumer communications through technologies such as session replay software, chatbots, cookies, and pixel trackers – tools that assist legitimate businesses to capture keystrokes, chat transcripts, and browsing behaviors to better a consumer’s journey on its website (or you know even comply with the Telephone Consumer Protection Act). And along with CIPA’s $5,000 PER violation private right of action, it’s no surprise Plaintiff’s attorneys have been filing lawsuits en masse.
But perhaps not for much longer.
SB 690 was introduced by Democratic Senator Anna Caballero, and is rapidly emerging as the most important and controversial privacy legislation of 2025 as it makes it way through the state legislature. SB 690 proposes to amend the heavily litigated CIPA by carving out an exemption for the use of tracking technologies – including cookies, pixels chatbots, and session replay tools – when deployed for a legitimate “commercial business purpose.”
Specifically, SB 690:
Exempts a commercial business purpose from the general prohibition against eavesdropping or recording a confidential communication.
Specifies that the civil action, as authorized under current law for a person who has been injured by a violation of CIPA, does not apply to the processing of personal information for a commercial business purpose.
Specifies that a trap and trace device does not include a device or process that is used in a manner consistent with a commercial business purpose.
Specifies that a pen register does not include a device or process used in a manner consistent with a commercial business purpose.
Defines a “commercial business purpose” to mean the processing of personal information either performed to further a business purpose or subject to a consumer’s opt-out rights.
Makes its provisions retroactive and applicable to any case pending as of January 1, 2026. (Notably, when the bill was first introduced, the proposed exemption was explicitly retroactive and would have applied to any legal action pending as of January 1, 2026. This crucial provision would have impacted hundreds of active lawsuits currently making their way through California courts and tribunals, with plaintiffs in those cases seeing their claims effectively neutralized. However, this retroactivity drew sharp criticism from privacy advocates and plaintiffs’ attorneys, who argued that it amounts to a giveaway to corporate defendants and could deprive consumers of remedies for past privacy violations. Following a third reading of the Bill on May 29, 2025, the Senate removed the retroactive provision and ordered the amended bill to a second reading.)
The “commercial business purpose” phrase is defined in alignment with the California Consumer Privacy Act (“CCPA”) to harmonize CIPA with existing state data privacy standards. A “commercial purpose” is defined as the processing of personal information either performed to further a business purpose or subject to a consumer’s opt-out rights. SB 690 also proposes excluding any device that is used in a manner that is “consistent with a commercial business purpose” from the definitions of a pen register and trap and trace device. If passed, the use of online tracking technologies – that are currently under scrutiny – would likely fall under the “commercial purpose” exemption.
Proponents of the bill have argued that the CCPA already regulates how businesses collect, use, and share consumers data (including for website analytics and advertising) and creates opt-out rights, making additional protections under CIPA superfluous and unduly burdensome. If a business uses tracking tools in a manner consistent with the CCPA’s requirements then, under SB 690, they would not be considered in violation of CIPA.
“[SB 690] stops the abusive lawsuits against California businesses and nonprofits under the California Invasion of Privacy Act (CIPA) for standard online business activities that are already regulated by the California Consumer Privacy Act (CCPA).”
– Senator Caballero in a Press Release introducing the bill.
Supporters of the bill note that CIPA’s private right of action is being abused far beyond its original purpose when the law was enacted in 1967:
“Beyond regulatory inconsistency, the unchecked barrage of CIPA lawsuits has done nothing to protect consumer privacy. Instead, these demand letters and lawsuits have created significant costs for California businesses, particularly small and mid-sized businesses – and non-profits – that lack the resources to defend against these claims. Trial lawyers have targeted businesses for using common digital tools such as chatbots—tools that are widely used to enhance user experience and do not constitute unlawful wiretapping or eavesdropping as originally intended under CIPA.
Trial lawyers have sued over 1,500 businesses since 2022, and have sent thousands more demand letters.”
While those in opposition – including of course the NCLC – argue that legislative history makes it clear they were concerned about the future of surveillance and wanting lasting privacy protections for Californians:
“When passed in 1967, CIPA was designed as a forward-looking protection against the full spectrum of technological intrusions into private life. The legislative history demonstrates a clear intention to address and regulate the growing threat of electronic surveillance. These concerns are consistent with the now ubiquitous and invasive commercial practices of internet-based tracking, profiling, and data commodification. CIPA was intended to be robust, technology-neutral, and protective of Californians’ right to control their private communications, regardless of the surveillance medium. The argument advanced by SB 690—that CIPA was intended to be limited to traditional wiretaps—is contradicted by the legislative record, which reveals a sophisticated understanding of, and alarm at, the ever increasing sophistication of private surveillance systems that propelled their vision past the 1960s and into the future.”
Opponents of the bill also argue that the CCPA was never meant to replace privacy laws like the CIPA and that the CCPA works on an opt-out basis but doesn’t let consumers file private lawsuits for most privacy violations – only for data breaches. CIPA, on the other hand, gives consumers the right to take business to court when their “conversations” are being “intercepted” or “recorded” without consent. The bill would take away privacy protections and give tech companies and businesses the right to secretly monitor and record conversations between consumers and business in real time – by claiming to act for a “commercial purpose,” they argue.
SB 690 is now advancing toward a full Senate vote and must be passed out of the California Senate this week – by June 6, 2025, to remain viable this session. Interestingly, it has received unanimous bipartisan support in Senate votes until now.
This could really be a big win for business using everyday common website tools – many tools that are just normal parts of running a website or improving customer experience and were not intended to be covered by a statute that was enacted back in 1967. SB 690 could drastically reduce CIPA risk for companies – and even potentially shape precedent for other states that have similar privacy statutes as California.
SEC Staff Issues Statement on Protocol Staking Activities
On May 29, 2025, staff in the SEC’s Division of Corporation Finance issued a statement on “Certain Protocol Staking Activities.” For certain “staking” activities on blockchain networks that use proof-of-stake (“PoS”) as a consensus mechanism (“PoS Networks”), the SEC staff is of the view that such activities do not involve the offer and sale of securities under the SEC’s Howey test.
The SEC staff’s views apply only to the following Protocol Staking activities and transactions (each a “Protocol Staking Activity”):
staking Covered Crypto Assets on a PoS Network;
the activities undertaken by third parties involved in the Protocol Staking process—including, but not limited to, third-party Node Operators, Validators, Custodians, Delegates and Nominators (“Service Providers”)—including their roles in connection with the earning and distribution of rewards; and
providing certain ancillary services that are administrative or ministerial in nature.
Additionally, the SEC staff’s views are limited only to Protocol Staking Activities undertaken in connection with the following types of Protocol Staking:
Self (or Solo) Staking, which involves a Node Operator staking Covered Crypto Assets it owns and controls using its own resources. The Node Operator may include one or more persons acting together to operate a node and stake their Covered Crypto Assets.
Self-Custodial Staking Directly With a Third Party, which involves a Node Operator, under the terms of the protocol, being granted the validation rights of owner(s) of Covered Crypto Assets. Reward payments may flow from the PoS Network directly to the Covered Crypto Asset owners or indirectly to them through the Node Operator.
Custodial Arrangements, which involve a Custodian staking on behalf of the owners of the Covered Crypto Assets that the Custodian holds on their behalf. For example, a crypto asset trading platform holding deposited Covered Crypto Assets for its customers may stake such Covered Crypto Assets on behalf of such customers on a PoS Network that permits delegation on behalf of and with the consent of customers. The Custodian will stake the deposited Covered Crypto Assets using its own node or select a third-party Node Operator. In the latter case, this selection is the Custodian’s only decision in the staking process.
Commissioner Peirce issued a statement on this topic, as did Commissioner Crenshaw.
SEC Staff Green Lights Various Staking Activities
The Securities and Exchange Commission’s (SEC) Division of Corporation Finance released a statement articulating its position that certain cryptocurrency staking activities fall outside the federal securities laws.[1] This development coincides with the House of Representatives introducing the Digital Asset Market Clarity Act, a comprehensive market structure bill for digital assets, signaling continued momentum toward regulatory clarity in the digital assets sector.
Covered Activities: Division’s Position on Three Staking Models
The Division expressed the view that three specific staking models do not constitute securities offerings under the Howey test. Self (or solo) staking is addressed most directly, where node operators stake their own crypto assets using their own validator infrastructure. The Division characterized this as purely administrative activity that generates protocol-determined rewards rather than profits from entrepreneurial efforts.
Self-custodial staking directly with third parties is also addressed favorably in the statement. Under this model, crypto asset owners retain custody of their assets while granting validation rights to third-party node operators. The statement noted that the node operator’s role remains ministerial rather than managerial, as they cannot guarantee or fix reward amounts beyond their service fees.
Custodial arrangements represent the most commercially relevant area covered by the statement. According to the Division, custodians may stake client assets provided certain conditions are met: customers retain ownership, custodians cannot use deposited assets for trading or leverage, and the custodian’s role remains limited to selecting validators rather than making discretionary investment decisions.
The statement also expressed the Division’s view that several “ancillary services” commonly offered by staking providers do not alter the legal analysis, including slashing coverage (indemnification against protocol penalties that forfeit staked assets for validator misconduct), early unbonding (allowing withdrawal of staked assets before the protocol’s required lock-up period ends), custom reward schedules, and asset aggregation to meet protocol minimums. The Division indicated these services maintain their non-securities character provided they remain administrative rather than managerial in nature.
What Remains Outside the Statement’s Scope
The Division’s statement contains important limitations on its applicability. It excludes staking services where providers guarantee, fix, or boost rewards beyond what the underlying protocol provides. Additionally, the Division’s position does not extend to arrangements where service providers decide “whether, when, or how much” to stake on a customer’s behalf, suggesting these retain potential securities law implications. The statement also does not cover arrangements where users transfer ownership of their crypto assets to service providers, or where custodians engage in trading, leverage, or other discretionary activities with deposited assets.
Further, the Division’s statement does not address liquid staking, restaking, or liquid restaking activities. This omission leaves questions unanswered for liquid staking and restaking protocols that issue transferable tokens representing staked or restaked positions.
For entities currently offering staking services, the statement provides welcome clarity for basic staking models but requires careful analysis of specific operational features. Companies should evaluate whether their services include excluded elements such as reward guarantees or discretionary asset management that could trigger securities registration requirements.
The statement may also have implications for spot Ether exchange-traded funds (ETFs), which currently operate under SEC restrictions that prohibit the staking of their underlying ether holdings. The Division’s characterization of certain staking activities as administrative rather than investment-oriented could signal potential receptiveness to allowing ETF staking, though any such development would require separate regulatory determinations.
Commissioner Crenshaw’s Dissent
Commissioner Caroline Crenshaw issued a dissenting statement, arguing that the guidance contradicts established court precedents, particularly recent federal court decisions in SEC enforcement actions that found staking services could constitute investment contracts. Crenshaw emphasized that courts have recognized entrepreneurial efforts in staking services, including asset pooling that increases validation likelihood, technical infrastructure deployment that enhances returns, and sophisticated software systems that enable retail participation. She argued these elements satisfy Howey’s “efforts of others” requirement, contrary to the Division’s characterization of staking as purely ministerial.
The Commissioner also criticized the guidance’s use of securities law terminology like “custodian” and “custody” for services that lack corresponding investor protections. She warned that the statement creates false impressions of regulatory oversight while leaving investors exposed to risks including protocol slashing, technical failures, and potential insolvency of service providers.
[1]See Katten’s Quick Reads coverage of recent SEC staff statements regarding the classification of memecoins, proof-of-work mining, stablecoins here and here.
SEC Staff Declares Certain Protocol Staking Not a Security Transaction
On May 29, 2025, the U.S. Securities and Exchange Commission’s Division of Corporation Finance issued a statement clarifying its view that certain types of protocol staking—a process used in proof-of-stake (PoS) blockchain networks—do not involve the offer and sale of securities under federal law. The statement, which applies to staking activities involving “Covered Crypto Assets,” concludes that these activities are administrative or ministerial in nature and therefore fall outside the scope of the Howey test for investment contracts.
The Division’s position covers three common staking models: self-staking, self-custodial staking with a third party, and custodial staking through a service provider. In each case, the Division emphasized that the rewards earned are not derived from the entrepreneurial or managerial efforts of others, but rather from the protocol’s rules and the participant’s own actions.
To support its conclusion, the Division applied the Howey test, which asks whether there is an investment of money in a common enterprise with an expectation of profits from the efforts of others. According to the statement, protocol staking fails this test because participants retain ownership of their assets, rewards are earned by complying with protocol rules, not third-party management, and services like slashing protection or early unbonding are considered “ancillary” and not indicative of managerial effort.
The statement also notes that it does not address more complex staking models like liquid staking or restaking, nor does it carry legal force.
SEC Commissioner Caroline A. Crenshaw issued a dissent, arguing that the staff’s analysis misrepresents both the law and the facts. She pointed to recent court decisions that upheld the SEC’s enforcement actions against staking-as-a-service providers, where courts found that such services involved entrepreneurial efforts—including asset pooling, technical infrastructure, and liquidity enhancements—that satisfied the Howey test. Crenshaw criticized the staff’s framing of these features as “ancillary,” noting that courts have previously found similar features to be hallmarks of investment contracts. She also raised concerns about the use of terms like “custodian,” which may imply regulatory protections that do not exist in the crypto space. Crenshaw warned that the SEC’s current approach, which relies on staff statements and enforcement dismissals, sows confusion and undermines investor protection. As the crypto industry awaits a more comprehensive regulatory framework, stakeholders should remain cautious. The legal status of staking services may still depend on how they are structured and marketed, and whether courts continue to view them as investment contracts under existing law.
GET YOUR FAX STRAIGHT: Court Grants Class Certification In TCPA Fax Blast Case
Hey TCPAWorld!
Litigation is a pursuit of the truth, and the truth has a way of resurfacing—often from the same hands that tried to bury it.
In Loop Spine & Sports Ctr., Ltd. v. Am. Coll. of Med. Quality, No. 22 CV 4198, 2025 WL 1446504 (N.D. Ill. May 20, 2025), Loop Spine & Sports Center, Ltd. (“Plaintiff”), an Illinois chiropractic and sports injury company, sued American College of Medical Quality, Inc. (“ACMQ”), Affinity Strategies, and a former ACMQ executive, Daniel McLaughlin (collectively, the “Defendants”) for sending an unsolicited fax promoting a medical conference, alleging violations under the TCPA.
Plaintiff sought certification and the motion was granted.
Background
Here’s the rundown. ACMQ engaged McLaughlin, who then enlisted Jim Dodge (McLaughlin’s acquaintance) and Michael Henry (who is in the business of distributing faxes), to promote its 2022 “Care After Covid” conference via a “blast fax” campaign to doctors in the Chicago area. Id., at *2. Together, the group compiled 13,850 contacts to reach. Plaintiff was a recipient of one of the faxes and subsequently sued.
The parties disagree on two substantive factual issues related to class certification: (1) how many faxes were actually sent, with Plaintiff contending at least 6,500, while Defendants assert 28, and (2) whether Plaintiff or other putative class members provided permission for the fax. Defendants assert that Henry called Plaintiff, spoke to an employee, and obtained oral consent before sending the fax, however the employee testified to having no recollection of such a call.
Defendants attempted to reconcile Henry’s previously conflicting statements by claiming his reference to “a little over 6500 faxes delivered” meant the numbers were sent to a data cleaning service, but most of those faxes were not actually transmitted, and that Plaintiff’s “fax was part of [a] modest test run.” Id., at *3 (citations omitted). However, Defendants highlight that there is no evidence of any pre-suit mention of such a service, and Henry himself testified he has no records of any communication or transaction with a data cleaning provider. Plaintiff also emphasizes the inconsistencies in Henry’s testimony, stating he sent test faxes to 22 people, but originally mentioned 28 in his affidavit, and claimed in an email that he sent only a single fax.
Another wrinkle in the dispute is that, after being instructed to halt the blast fax campaign, Henry allegedly deleted all the relevant records—prompting Plaintiff to seek an adverse inference. Defendants counter that Henry is not a party to the case and that Plaintiff failed to timely raise the issue in its class certification motion, rendering any adverse inference unwarranted.
Analysis
To pursue class certification, Plaintiff must satisfy the Rule 23(a) prerequisites—numerosity, commonality, typicality, and adequacy—then show they qualify for a particular type of class action under Rule 23(b). Here, Plaintiff argues that it meets the Rule 23(b)(3) requirements that common questions of law and fact predominate and that class action resolution is superior to other methods.
Numerosity
To satisfy numerosity under Rule 23(a)(1), Plaintiff must show that the class is so numerous that joinder of all members is impractical, with the Seventh Circuit recognizing that around forty members typically suffices. Here, Plaintiff argues that even 1% of the 6,500 faxes which were allegedly delivered would establish numerosity. In particular, Plaintiff used the following correspondences between Henry and McLaughlin for support:
On August 6th, “I have scheduled this to run starting at 12 noon Sunday – if your happy with what the customer will receive it will go out”
On August 7th, “we are sending 14352 faxes today”
On August 8th, “we got a little over 6500 faxes delivered” and that the “second attempt” will pick up another 750
Id., at *4. Defendants counter by citing Henry’s post-suit deposition and affidavit claiming he only sent 28 faxes to parties who had consented, but the Court finds that this later testimony lacks credibility due to inconsistencies in Henry’s previous remarks, absence of corroborating evidence, and Henry’s deletion of relevant records. Ultimately, the Court concluded that Plaintiff has established numerosity.
Commonality
To satisfy commonality under Rule 23(a)(2), Plaintiff must show that there are common questions of law or fact capable of class-wide resolution, meaning the answers would resolve issues central to all class members. The Seventh Circuit holds that in cases under the TCPA, such as whether a fax is an advertisement, this standard is typically met because these are common questions across recipients, and “[n]othing about the instant case persuades the Court to depart from this general principle.” Id., at *5. The Court found commonality satisfied because the identical fax was allegedly sent to all recipients by the same marketing project, raising a shared legal question about whether the fax was an ad and who is liable for sending it. Defendants argue that the “distinction between traditional and online efaxes defeat commonality”, but the Court rejects this, noting that “commonality requires one common question, not the absence of any individual questions.” Id.
Typicality
Typicality under Rule 23(a)(3) requires that the representative plaintiff’s claims arise from the same course of conduct and share the same essential characteristics as the class members’ claims. Plaintiff, like all putative class members, allegedly received the same fax promoting the ACMQ conference, and the Defendants do not contest typicality. Thus, the Court concluded that typicality was satisfied.
Adequacy
Adequacy under Rule 23(a)(4) requires that the named plaintiff and their counsel fairly and adequately protect the interests of the class. Defendants challenged Plaintiff’s adequacy by pointing to Henry’s testimony that he received permission from Plaintiff to send the fax, suggesting Plaintiff was not harmed and thus unsuitable to represent the class. However, the Court found Henry’s testimony unconvincing, especially in light of the employee’s testimony that Plaintiff had a strict policy against receiving unsolicited faxes. The Court concluded that Henry’s statements did not undermine Plaintiff’s adequacy as a representative. Additionally, the Court found no issues with class counsel’s adequacy, noting their experience and lack of conflict. Accordingly, the Court determined that both Plaintiff and its counsel satisfied the adequacy requirement.
Rule 23(b)(3)
Rule 23(b)(3) requires that common questions of law or fact predominate over individual ones, and that a class action is superior to other methods for fairly and efficiently resolving the controversy. Predominance exists when core issues can be resolved on a class-wide basis, such as whether a fax was an advertisement, whether it violated the TCPA, and who is liable for the violation. Superiority is satisfied when a class action would promote efficiency and consistency in adjudication, especially for claims involving small individual stakes.
Defendants argued that predominance fails because individual issues—particularly whether each recipient consented to the fax—would require separate analysis. The Court rejected this, finding that Henry’s claim of consent only related to Plaintiff and not to other recipients, making consent a class-wide issue rather than an individualized one. Moreover, even if consent is an affirmative defense, it is the Defendants’ burden to prove and must be shown for each class member. The Court concluded that evidence of prior express permission did not predominate over the shared legal and factual questions. It also found superiority satisfied, noting that class-wide resolution would conserve resources and promote uniformity. Thus, Plaintiff met both the predominance and superiority requirements of Rule 23(b)(3).
Ascertainability
Ascertainability demands that a class is defined clearly and based on objective criteria. Defendants argued Plaintiff’s original class definition was improper because it hinged on whether faxes were sent “by or on behalf of” certain Defendants, making it a merits-based, fail-safe class. Id., at *7. In reply, Plaintiff proposed a revised definition:
“All persons with fax numbers, who on August 6–10, 2022, were sent faxes in the form of Exhibit A.”
Id. The Court found this new definition objective and free of merits issues, concluding ascertainability was satisfied.
Conclusion
Plaintiff’s Motion was granted, and the class is certified. The Court appointed Plaintiff as class representative and Edelman, Combs, Latturner & Goodwin, LLC as class counsel.
Keep in mind – the truth will find its way. Often delayed but rarely denied.
Until the next one, TCPAWorld!
Congress Unveils Highly Anticipated Cryptocurrency Market Structure Legislation
On 29 May 2025 the House Financial Services Committee (HFSC) and the House Agriculture Committee (Ag) unveiled their highly anticipated cryptocurrency market structure legislation.
The committees introduced the Digital Asset Market Clarity (CLARITY) Act to establish “clear, functional requirements for digital asset market participants, prioritizing consumer protection while fostering innovation.” The bill divides oversight over the digital assets market between the Securities and Exchange Commission (EC) and the Commodity Futures Trading Commission (CFTC).
HFSC Chair French Hill (R-AR) reportedly aims to have the Committee vote on this bill during its 10 June 2025 markup and to pass the legislation, along with stablecoin legislation, before Congress departs for its August recess.
The Committee introduced a discussion draft of the legislation earlier this month. They also held a roundtable discussion on the draft, which several Democratic lawmakers walked out of in protest, led by HFSC Ranking Member Maxine Waters (D-CA). The CLARITY Act, however, has garnered some bipartisan support, with three Democratic original co-sponsors, including Ag Committee Ranking Member Angie Craig (D-MN), as well as Reps. Ritchie Torres (D-NY) and Don Davis (D-NC).
Please see here for the bill text, and here for a section-by-section summary. We will continue to monitor and provide updates on the CLARITY Act.