Policy & Regulation

Regulators Expect Proactive Compliance: Spring 2019 Updates on Cryptocurrency Regulation

International and domestic regulation of cryptocurrency is substantially gathering pace. In the past ten days, four events (and many more tweetstorms) provided regulatory clarity for the industry: a keynote at the cryptocurrency conference Consensus by Sigal Mandelker, the Under Secretary for Terrorism and Financial Intelligence at the Department of the Treasury; a private sector consultation forum held by the Financial Action Task Force (FATF); the issuance of interpretive guidance from Financial Crimes Enforcement Network’s (FinCEN); and the inaugural FinCEN virtual currency Exchange.

Further guidance will follow, but these events make it clear that regulators are preparing for enforcement actions, and expect cryptocurrency businesses to have compliance best practices in place. Below, we detail key themes and takeaways so you’re best prepared for regulatory conversations.

Under Secretary Sigal Mandelker on Sanctions and AML at Consensus

Sigal Mandelker, the Under Secretary for Terrorism and Financial Intelligence at the U.S. Treasury, gave a speech yesterday, May 13, entitled “Understanding U.S. Sanctions and AML: What The Digital Currency World Needs To Know.”

Most notably, Under Secretary Mandelker emphasized the importance of proactive compliance and repeated that if cryptocurrency businesses wait until they are contacted by regulators to have their compliance houses in order, they are too late. In order for cryptocurrency businesses to succeed and thrive, they must be built on a foundation of anti-money laundering and combating the financing of terrorism (AML/CFT) from the beginning.

Specifically, regulators are going to see if cryptocurrency businesses registered as MSBs, designed effective AML programs, and established record-keeping and reporting measures. While acknowledging there is no one-size-fits-all solution for compliance programs, she outlined common themes of successful ones:

  1. Risk-based programs tailored for an organization’s particular business
  2. Know your customer (KYC) with sufficient due diligence
  3. Dynamic systems to ensure there are no transactions with sanctioned people or entities
  4. Clear communication with customers about prohibited activities against their terms of use

Under Secretary Mandelker also emphasized the importance of private sector partnerships and the value of detailed and innovative SARs, and concluded by applauding partners who prioritize compliance.

FATF Private Sector Consultation Forum

On May 6 and 7, FATF, the inter-governmental body that sets global standards relating to AML/CFT, hosted a private sector consultation forum to discuss industry feedback on FATF’s draft regulatory guidance. All 180+ member countries and industry participants committed to fighting money laundering, agreed the sector needs to be regulated, and acknowledged the importance of adhering to basic standards of AML programs, KYC, and Customer Due Diligence (CDD).

Most of the time at the forum was spent discussing the controversial recommendation 15-7(b), which mirrors the Travel Rule in the US and would require virtual asset service providers (VASPs), including cryptocurrency exchanges, not only to verify their customers’ identities, but also to identify the originators and beneficiaries of transfers over 1,000 USD and transfer that information to their VASP counterparty, where one exists. We discussed the challenges of the implementation of 7(b) here.

There was discussion of proposed solutions by the industry and academics, but given the requirement to comply already exists in the US, it appears likely that this regulation will be finalized without modifications to language or requirements. Upon finalization next month, regulatory supervision and enforcement will pick up across the globe. Many local regulators were waiting for this guidance in order to release local regulation in accordance with FATF. We expect to see a flurry of international regulatory activity.

FinCEN Interpretive Guidance

On May 9, FinCEN issued interpretive guidance discussing the application of their existing regulations to business models involving convertible virtual currencies (CVCs). Specifically, it clarifies for entities subject to the Bank Secrecy Act (BSA) how FinCEN regulations relating to money services businesses (MSBs) apply to business models that involve money transmission in CVCs.

This guidance does not establish any new regulatory expectations or requirements– all rules are unchanged and have been in effect since 2013– but it provides important regulatory clarity that seeks to remove ambiguity ahead of enforcement actions.

Key takeaways include:

  • International reach: Although FinCEN is a US regulator, it has broad international reach over any business conducting “substantive” business with US persons. Therefore, international businesses need to pay attention if they source cryptocurrency from US exchanges or interact with US consumers.
  • Regulation is technology agnostic: If a person or business profits from the movement of money, regardless of the technology, it is a money transmitter and it is regulated. FinCEN makes it clear that the BSA applies to most cryptocurrency businesses, and that all cryptocurrency is subject to FinCEN regulations regardless of the technology that is used to transmit value.
  • Blockchain analysis: For the first time, FinCEN explicitly states blockchain analysis is an important part of an effective AML solution and a significant factor in cryptocurrency businesses’ ability to comply with the BSA. FinCEN makes it clear that KYC processes are also important, and cryptocurrency businesses should expect tough regulatory scrutiny on that as well.
  • Implementing The Travel Rule: The Travel Rule requires all financial institutions to include certain customer information in transmittal orders for funds transfers of 3,000 USD or more. Here, FinCEN reiterates that it applies to cryptocurrencies and formally puts the industry on notice that the Travel Rule will be enforced.
  • Culture of compliance: Building a culture of compliance is a critical part of an effective AML solution. This means cryptocurrency businesses should: brief their Board of Directors on the regulations and ensure they understand their regulatory responsibilities; have a BSA Officer; and have an independent reviewer who understands the industry evaluate their compliance programs.
  • Exemptions are few and far between: There are exemptions, but they are strict and apply to a small subset of business models.
  • The activity is what’s regulated: Qualification as an MSB is based on activity, not formal business status. An entity qualifies as a money transmitter if its activities include receiving one form of value (including CVCs) from one person and transmitting either the same or a different form of value to another person or location.
  • Implementing the Funds Transfer Rule: FinCEN believes that the transfer of CVCs is subject to the Funds Transfer Rule, which requires each entity involved in funds transfers must collect and retain certain information in connection with a transfer of 3,000 USD or more. This means cryptocurrency exchanges have to identify both the originator and the beneficiary of transactions over 3,000 USD. As a note, the Funds Transfer Rule specifically refers to the collection and retention of records, while the Travel Rule requires financial institutions to include certain information in transmittal orders for funds transfers before or at the time of transmission.

The similarities between FATF’s draft and FinCEN’s guidance and the timing of FinCEN’s issuance are not a coincidence. The US is leading international regulation, and is the key driver of FATF’s global regulatory guidance. The US clearly outlines the definitions and rules it wants the world to follow, and is positioning US policy as the model for future global regulation in this space.

FinCEN Exchange

On May 3, FinCEN hosted its inaugural Exchange event on virtual currency to encourage voluntary public-private information sharing partnership among law enforcement, financial institutions, and FinCEN. They showcased sanctions regulations and enforcement actions to demonstrate the value the sector brings to combating money laundering. Bringing these parties together to discuss the themes FinCEN sees in suspicious activity reports (SARs), regulatory examinations, and collaboration between law enforcement and the industry was extremely valuable and we would support future similar events in the US and internationally.

Key takeaways include:

  • FinCEN and OFAC now have enough data to benchmark the industry on regulatory compliance: Failure to file SARs or voluntarily disclose exposure to sanctions has been identified in examinations and benchmarking, and deficient internal controls are the most frequent violation citations in the space. In particular, exchanges need to improve independent testing, audits, and blockchain analysis.
  • Banks file as many virtual currency-related SARs as cryptocurrency businesses do: Of the 144 unique businesses that filed SARs with FinCEN last year, 42% were depository (i.e. banks), 42% were exchanges, and 16% were other financial services providers. We expect this ratio to change as banks become more sophisticated and file fewer defensive SARs, which are filed to avoid regulatory scrutiny but tend to be lower quality, and cryptocurrency businesses grow their compliance efforts.
  • FinCEN appreciates high quality SARs no matter what the dollar value: In general, the more data provided in SARs, the better. In particular, IP addresses, virtual currency addresses, hashes, email addresses, phone numbers, specific related communications, other financials, and supporting documents are helpful. Transaction hashes, financial forensics, filings on cryptocurrencies beyond Bitcoin, and filings on small amounts under 2,000 USD are cited as the biggest value adds.
  • FinCEN also pointed out specific weaknesses in the industry, including:
  1. Lack of internal controls, specifically related to sanctions screening
  2. Lack of SARs and currency transaction reports (CTRs) filed by P2P Exchangers
  3. Lack of tracking and reporting of cryptocurrencies beyond Bitcoin
  4. Lack of registration of non-domestic exchangers doing business with US customers
  • Anonymity Enhanced Cryptocurrencies (AECs) require special compliance efforts

 

The combination of Under Secretary Mandelker’s high profile speech, the information shared at Exchange, and the new guidance makes it clear that FinCEN is looking carefully at the compliance structures and frameworks organizations have in place and the information they are proactively sharing. By identifying deficiencies and setting clear expectations, FinCEN is setting the stage for more aggressive enforcement.

The Chainalysis team is standing by to help cryptocurrency businesses with transaction monitoring and compliance best practices. For more information about how Chainalysis’s blockchain analysis can help prepare your organization for regulatory action, contact us today.