Regulatory questions NFT collectors and sellers should prepare for

Christie’s recently made the global news as the first major auction house to offer a purely digital artwork with a non-fungible token (“NFT”). The work by the artist known as Beeple sold for more than $69m USD and the auction house accepted cryptocurrency—in this case, Ether—for payment. Proponents of this type of virtual asset trumpet the benefits of simplified and verifiable provenance, the ease of transfer of ownership, and the response to a demand for digital art by a new type of art patron. But, additional legal and regulatory questions are sure to arise with respect to NFTs.

One issue already percolating relates to securities laws and regulations. The buyer of the $69m Beeple artwork from Christie’s has purchased other digital art by Beeple and made shares of those collections available through a digital token called B.20. Consequently, a number of interesting legal debates about the parallels between NFTs and initial coin offerings (“ICOs”) have sprung up—especially since the value of B.20 rose as the bids on the Christie’s Beeple work rose higher and higher. Like ICOs, which have drawn the attention (and sometimes ire) of the US Securities and Exchange Commission (“SEC”), NFTs could be deemed a security in certain contexts, thereby triggering numerous securities-related requirements around marketing the sale, registering the sale, etc.

More recently, reports of hacked accounts have emerged at the marketplace Nifty Gateway, owned by Gemini Trust Company, LLC, a well-known cryptocurrency exchange that is chartered under the New York Department of Financial Services (“NYDFS”). One Nifty Gateway user claimed hackers purchased new NFTs in that day’s “drop” that were then immediately transferred to another wallet. While it is more likely that a dedicated NFT-specific marketplace like Nifty Gateway may have access to the same blockchain monitoring analytics tools (eg, Chainalysis, Elliptic) used by Gemini and other cryptocurrency exchanges to look for suspicious wallet addresses connected to dark markets or fraudulent behavior, it is less likely that a more traditional auction house has the ability to perform such Know-Your-Transaction (“KYT”) analytics. And even if the auction house or dealer sufficiently performs the counterpart to KYT, Know-Your-Customer (“KYC”), on those who create accounts for the purposes of buying or selling artwork, this analysis will not prevent irreversible NFT transfers in the event of an account takeover.

Outside of cybersecurity, cryptocurrency exchanges like Gemini, Paxos, Binance, and others are already subject to certain Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) legal and regulatory requirements at both the U.S. federal and state level. With respect to the art market more generally, outside of so-called “financial technology companies” (or, Fintechs), the Anti-Money Laundering Act of 2020 amended the definition of “financial institutions” for purposes of the BSA to include those in the antiquities business. Many expect further expansion of BSA requirements to others in the art market.

The Way Forward

NFTs represent an exciting and innovative opportunity to store value, own art, and capitalise on technological revolution, but they come with potential legal and regulatory compliance risks too. At this early stage, here are some practical things to consider:

• Blockchain analytics companies should begin monitoring for wallets involved in the theft of NFTs in the same way that they monitor for wallet addresses associated with sanctioned persons or suspicious behaviour.

• Thought should be given to creating the equivalent of a registry of stolen or fraudulently purchased NFTs, much like the databases maintained by the US Federal Bureau of Investigations, Interpol, and the private Art Loss Register.

• Cybersecurity insurance providers, already on notice from the NYDFS with respect to ransomware payments, should evaluate the application of policies to stolen digital artwork outside of the traditional property or art-specific coverage that may already apply to the theft or damage of physical works of art.

• Traditional art dealers and auction houses seeking to capitalise on a lucrative digital art market should carefully review with their own compliance personnel, or third-party compliance consultants, the types of requirements that may be triggered by NFTs, whether they relate to cybersecurity, securities laws, or potential application of the BSA and its AML programme requirements.

Paige Mason is a managing director with Guidepost Solutions and a former contractor attorney in the Asset Forfeiture Money Laundering Section (AFMLS, now known as Money Laundering and Asset Recovery) at the US Department of Justice.