FinCEN Director’s Speech Underscores the Need for Virtual Currency Businesses to Comply with the Bank Secrecy Act
Individuals and businesses that accept and transmit virtual currency must register with the Financial Crimes Enforcement Network (“FinCEN”) as a money service business (“MSB”). Registrants must develop and maintain an adequate anti-money laundering (“AML”) policy before they are audited by the Treasury Department. More audits of MSBs are likely in the foreseeable future.
On August 9, 2018, FinCEN Director Kenneth Blanco delivered prepared remarks at the 2018 Chicago-Kent Block (Legal) Tech Conference. The speech emphasized FinCEN’s view that individuals and businesses that accept and transmit anything of value that substitutes for currency, including virtual currency, are deemed money transmitters and must register with FinCEN pursuant to the Bank Secrecy Act (“BSA”). Money transmitters that register under the BSA are referred to as MSBs. He added that FinCEN’s “regulations cover both transactions where the parties are exchanging fiat and convertible virtual currency, [as well as] transactions from one virtual currency to another virtual currency.” FinCEN guidance refers to three categories of participants in the virtual currency industry: users, exchangers, and administrators. Exchangers and administrators must register as MSBs. Blanco, however, did specify that individuals and businesses who provide only the delivery, communication, or network data access services used by a money transmitter to supply money transmission services are exempt from registration.
Blanco also identified anonymizing services (i.e., “mixers” and “tumblers”), which seek to conceal the source of the transmission of virtual currency, as being subject to FinCEN regulation. Further, he stated that “these [registration] requirements apply equally to domestic and foreign-located convertible virtual currency MSBs, even if the foreign located entity has no physical presence in the United States, as long as it does business in whole or substantial part within the United States.”
Blanco also stated that, “[w]hile ICO [initial coin offering] arrangements vary and, depending on their structure may be subject to different authorities, one fact remains absolute: FinCEN, and our partners at the SEC and CFTC [Securities and Exchange Commission and Commodity Futures Trading Commission], expect businesses involved in ICOs to meet all of their AML/CFT [combating financial terrorism] obligations.”
Blanco emphasized that any business that falls within the agency’s broad purview of a MSB must take three steps:
- register with FinCEN as a money services business;
- develop, implement, and maintain an AML program designed “to prevent the [MSB] from being used to facilitate money laundering and terrorist finance;” and
- establish recordkeeping and reporting measures, including filing Suspicious Activity Reports (“SARs”) and Currency Transaction Reports (“CTRs”).
Blanco stated that many registrants have failed to develop an AML program, adding that compliance involves proactive measures, not reactive measures:
All financial institutions should be implementing a strong AML program long before they first receive notice that an examination is forthcoming. We have been surprised to see financial institutions establish an adequate number of compliance staff and take appropriate steps to meet their regulatory requirements only after they receive notice. Let this message go out clearly today: This does not constitute compliance. (Emphasis in original.)
Finally, Blanco provided some statistics. He said that, since 2014, the Internal Revenue Service (“IRS”) and FinCEN have conducted AML audits of approximately 30 percent of FinCEN’s registrants (FinCEN has delegated certain AML audit functions to the IRS). He also stated that FinCEN and the IRS intend to audit every registrant.
Blanco’s remarks underscore the need for companies that engage in virtual currency transactions to examine their activities in order to determine whether they need to register with FinCEN and adopt robust AML programs. As Blanco explained, registrants must have AML programs; if not, they will be sanctioned. Companies that are uncertain about the need to register should contact outside counsel immediately, and companies that are registered should ensure that they have adopted an adequate AML policy.
A copy of Blanco’s speech can be found here.
© 2018 Blank Rome LLP. All rights reserved. Please contact Blank Rome for permission to reprint. Notice: The purpose of this update is to identify select developments that may be of interest to readers. The information contained herein is abridged and summarized from various sources, the accuracy and completeness of which cannot be assured. This update should not be construed as legal advice or opinion, and is not a substitute for the advice of counsel.