Cryptocurrency Regulation or How to figure out what the Regulator really wants

In many cases, the real message is hidden between the lines and the same is true for Cryptocurrency Regulation. To find out which rules apply, it pays off to read carefully. PlanetCompliance tells you where and how.

While the introduction of laws tailored specifically to the wave of innovation brought by cryptocurrencies may be slow, no one can seriously deny that the Blockchain space is no longer a lawless space. Instead, the discussion about the various aspects of blockchain applications, be in in the form of Distributed Ledgers, Smart Contracts or Cryptocurrencies and the interaction with existing or future regulatory framework is a lively one. However, without an entirely clear picture in the sense of dedicated laws and regulations, especially when considering the variations across jurisdictions, it is all the more important to follow what the representatives of regulators share during events or official statements to understand the direction. Having said that the direction may be fairly obvious, but nonetheless there is often plenty of room for interpretation, so any information that comes from the authorities should be welcomed. After all, whenever a director of some agency or senior manager of another gives a speech or publish their views, these statements are not spontaneous but prepared and as such have gone through a process of approval or at least some serious consideration.

As ever so often, an example might be better explain what we have in mind. Take the speech given by Kenneth A. Blanco, in his capacity as the Director of the Financial Crime Enforcement Network (FinCEN) at a recent blockchain conference in Chicago. FinCEN is a bureau of the U.S. Department of the Treasury with the mission to safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities. As such, the authority has a vivid interest especially in the potential use of cryptocurrencies for the purposes of money laundering, something that is a hot topic in the crypto sphere.

So Director Blanco made a couple statements in his speech that are very relevant to understand what the current regulatory situation is and how the authority intends to act upon. The tricky part is to read between the lines and interpret the message correctly. Admittedly, not always a simple task but let’s have a look at some of the things he said and try to decipher it:

On Virtual Currencies and Innovation

“Innovation in financial services can be a great thing—providing customers greater access to an array of financial services and at faster speeds than ever before.  However, as industry evolves and adopts these new technologies, we also must be cognizant that financial crime evolves right along with it, or indeed sometimes because of it, creating opportunities for criminals and bad actors, including terrorists and rogue states.

Virtual currency is an example of both aspects.  Major money services businesses are looking at how to incorporate blockchain payments to expedite remittances to locations around the world.  But like any payment system or medium of exchange, virtual currency has the potential to be exploited for money laundering and other illicit finance. 

Nobody here today wants to see innovative products and services misused to support terrorism, facilitate child exploitation, or become another vehicle for criminals to carry out fraud, identity theft, corruption, or extortion.  There are already too many victims out there who may never be made whole again, and harm can be done with devastatingly increasing speed, breadth, and obscurity in the digital world.

The BSA and its regulations are designed to guard against these threats, but these laws and regulations can only do so much on their own.  Compliance with our anti-money laundering (AML) and countering the financing of terrorism (CFT) framework is critical to protecting our financial system and safeguarding the incredible innovations within the FinTech space.

Our role at FinCEN is to protect and secure our financial system from those who seek to misuse important technological advancements for nefarious purposes—harming victims while undermining trust in our financial system upon which innovation and our country prosper.”

What it means

FinCEN may stress the importance of innovation but its focus is on how the bad guys use it or attempt to use it to launder their illicit proceeds in respect of money laundering or fund terrorism. The message here is that the current regulatory framework might be sufficient as it is, but that not everyone in the cryptocurrency industry adheres to the rules as much as they should. Thus, FinCEN will step up in the enforcement in these rules, so anyone providing related services should better get their KYC/AML structure in order. Because the result of non-compliance will be rather painful as the example of virtual currency exchange BTC-e shows, which was fined $110m for the violation of AML laws by FinCEN.

On Regulation of Virtual Currency

Director Blanco then highlighted that FinCEN has been active in the area of AML/CFT regulation and supervision with regard to virtual currencies for several years, referring to a number of administrative rulings and the work that has been done with other regulators like the SEC and the CFTC, in particular with regard to Initial Coin Offerings (ICOs). More importantly though is that he also chooses to make a few additional clarifications:

“First, as our March 2013 guidance indicates, FinCEN’s rules apply to all transactions involving money transmission—including the acceptance and transmission of value that substitutes for currency, which includes virtual currency.  Thus, our regulations cover both transactions where the parties are exchanging fiat and convertible virtual currency, but also to transactions from one virtual currency to another virtual currency. 

Further, businesses providing anonymizing services (commonly called “mixers” or “tumblers”), which seek to conceal the source of the transmission of virtual currency, are money transmitters when they accept and transmit convertible virtual currency, and, therefore, have regulatory obligations under the BSA.

In short, individuals and entities engaged in the business of accepting and transmitting physical currency or convertible virtual currency from one person to another or to another location are money transmitters subject to the AML/CFT requirements of the BSA and its implementing regulations. 

To comply with these obligations, virtual currency money transmitters are required to (1) register with FinCEN as a money services business, (2) develop, implement, and maintain an AML program designed “to prevent the [MSB] from being used to facilitate money laundering and terrorist finance,” and (3) establish recordkeeping, and reporting measures, including filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).

It is important to understand that these requirements apply equally to domestic and foreign-located convertible virtual currency money transmitters, even if the foreign located entity has no physical presence in the United States, as long as it does business in whole or substantial part within the United States.

Similarly, we would expect financial institutions adopting new FinTech to assess and understand whether the new financial products and services may be vulnerable to exploitation for financial crime; and whether this financial service activity has AML/CFT obligations under FinCEN’s regulations.  We can help answer the question, but avoiding the question for fear of the answer is not a legitimate strategy; indeed it is unwise.”

What it means

Various aspects that may not have been clear from the underlying regulations are straightened out without having to issue any additional legal acts or introducing new rules. It’s as simple as that and the message is: Current rules apply to all transactions involving money transmission, just as they apply to tumblers/mixers, i.e. services that are trying to conceal real identities, so you better comply with them and register accordingly. This is regardless of whether you’re based in the US or not if you do the slightest bit of business there. The same is true for any kind of new FinTech product or service and ignorance is no excuse.

 

 

On Examination and Supervision Efforts

“Examination and supervision are critical components of our efforts to proactively mitigate potential illicit finance risks associated with virtual currency. 

Working closely with our delegated BSA examiners at the Internal Revenue Service (IRS), FinCEN has worked to ensure that virtual currency money services businesses understand and comply with their regulatory obligations through effective supervisory examinations.  FinCEN and the IRS have examined over 30 percent of all registered virtual currency exchangers and administrators since 2014.  Our goal is to ensure that all virtual currency money transmitters undergo regular, routine compliance examinations—just like every other U.S. financial institution—to help illuminate weaknesses and strengthen protocols before a lapse occurs.

Our efforts here have had a tangible, positive impact on compliance programs, and we have seen SAR filings from virtual exchanges rise tremendously over the past few years.

Also important is that our examinations have included a wide array of virtual currency businesses:  virtual currency trading platforms, administrators, virtual currency kiosk (or ATM) companies, crypto-precious metals dealers, and individual peer-to-peer exchangers.  We have focused on both registered and unregistered exchanges.

This variety is important because, whether a business is operating as an individual peer-to-peer exchanger of one virtual currency, or a large, multi-national trading platform offering numerous virtual currencies, we expect you to comply with your AML/CFT regulatory obligations.

And there is no question we have noticed some compliance shortcomings. 

All financial institutions should be implementing a strong AML program long before they first receive notice that an examination is forthcoming.  We have been surprised to see financial institutions establish an adequate number of compliance staff and take appropriate steps to meet their regulatory requirements only after they receive notice. 

Let this message go out clearly today:  This does not constitute compliance.

Compliance does not begin because you may get caught, or because you are about to be discovered.  That is not a culture that protects our national security, our country, and our families.  It is not a culture we will tolerate.

A strong culture of compliance should be part of building your operations from the ground up, and you can expect that we will identify where this is not taking place and take appropriate action.

There is too much at stake in this space, for our nation, for our financial system, for our communities, and for our families.  We will hold companies and individuals accountable when they disregard their obligations and allow the financial system to be exploited by criminal actors, whether in wire transfers or cryptocurrencies.

My hope is that professionals like yourselves take the time to read about the details of actions taken by FinCEN—even if they aren’t assessments against banks—to learn ways to improve your own compliance regime.”

What it means

If you haven’t got the message yet: Compliance matters! A lot! Only because you may not have been caught for any shortcomings, it doesn’t mean that you’re out of the woods. FinCEN will check for any wrongdoing even it lays in the past and it expects adequate Compliance provisions including sufficient staff. Also, and what might actually hurt more firms in the long run, it shows that the IRS has taken a very active interest in what happens in the crypto world. As history has taught us, the taxman has been and probably always will be very arduous and persistent in its efforts to punish people for not paying their taxes.

 

On Suspicious Activity Report (SAR) Filings

“Let me assure you, our success in protecting financial institutions and innovative virtual currency payment and FinTech systems from being exploited for money laundering and other illicit financing purposes depends very much on effective implementation by you, the private sector.

One great success we have seen recently is the substantial increase in virtual currency SAR filings over the past few years.

We now receive over 1,500 SARs per month describing suspicious activity involving virtual currency, with reports coming from both MSBs in the virtual currency industry itself and other financial institutions.  We see the industry developing new techniques for identifying suspicious activity in virtual currency, showing us what is possible and giving us unique insight into certain financial crimes.  By helping us identify and investigate this illicit activity, the industry can focus on legitimate applications and innovations, and stamp out negative perceptions of virtual currency as the coinage of the dark web and bad actors.

I know you frequently hear FinCEN and our law enforcement partners laud the importance and value of SARs, but I want to emphasize the differences these filings can make.  Recall the BTC-e case example I discussed earlier.  SAR filings played a critical role in the investigation of that case.  It was filings by both banks and other virtual currency exchanges that provided critical leads for law enforcement.  This information included beneficial ownership information, additional activity attributed to the exchange of which we were previously unaware, jurisdictional information, and additional financial institutions we could contact for new leads.  All of this was obtained through SARs and the supporting documents filed by financial institutions.

Other individual filings continue to help us work to combat threats here in this country, including the opioid crisis that has been plaguing communities across the nation.  On April 3, Attorney General Jeff Sessions recognized FinCEN’s participation in Operation Disarray, part of the Joint Counter Opioid Darknet Enforcement (J-CODE) effort—a nation-wide effort to target darknet drug traffickers across the country.  In this and other operations with law enforcement, BSA data has been instrumental.  We have worked with law enforcement to investigate leads provided in SARs on opioid vendors to combat the illicit use of virtual currency—leading to arrests of dealers and distributors, identification of overseas suppliers, and disruption of the marketplaces that have facilitated the distribution of these destructive, addictive opioids.”

What it means

Yes, the contribution made by everyone in the financial industry matter and we all need to watch out to make sure that criminals do not exploit the system. Yes, FinCEN has received an enormous amount of SARs and it might take time to work through these, but the agency is also beefing up its resources. FinCEN also stresses across the speech that it has increased its collaboration with other regulators around the globe. But the other takeaway here is that the authorities are closing in on criminals and that the chances to get away with something are getting slimmer and slimmer. Peers and other financial institutions are providing large amounts of information and in many cases it is only connecting the dots.

 

The bottom line

So, it is not always rocket science, especially if the speech concludes with a summary of the speaker’s key points, but as we have seen here, it pays off not to scroll down to the bottom right away and look carefully for what is written between the lines. However, of course, this example wouldn’t be complete without Director Blanco’s own conclusion:

“As I conclude, I want to make clear:

1) We are focused on swiftly and continuously building our capabilities and understanding in the emerging technologies space to (a) rapidly identify risks, (b) close gaps, and (c) support responsible innovation through clarity;

2) SAR reporting is of critical importance to our work in the virtual currency space to help identify emerging threats and typologies, (a) for the sake of the victims that are targeted, (b) for financial institutions to better understand and effectively report on these threats, and (c) for public trust and reliance in the good work being done in the financial innovation space;   

3) We will continue to update our guidance relating to emerging technology, such as virtual currency, in close dialogue with industry, so that we are improving our understanding of both the risks and the clarity that is needed to support responsible innovation; and

4) FinCEN will aggressively pursue individuals and companies who do not take their obligations under U.S. law seriously, whether by targeting victims or enabling those who do.”