The FinTech Revolution: Complying with Anti-Money Laundering Laws to Avoid Regulatory Enforcement Actions
This is the fourth installment in a series of articles. For more background on this topic, please read our first article in the series, An Introduction to Financial Technology; our second article, The FinTech Revolution: Enforcement Actions Brought against FinTech Companies and Their Implications; and our third article, The FinTech Revolution: The Impact of Blockchain Technology on Regulatory Enforcement.
As we recently highlighted, financial technology (“FinTech”) companies are attracting increasing attention from financial services regulators, owing in part to the proliferation of criminal actors who utilize FinTech companies to perpetrate frauds. In this article, we examine how companies can best minimize the risk of exposure to a regulatory enforcement action by ensuring their compliance with applicable Anti-Money Laundering (“AML”) laws.
The Bank Secrecy Act (“BSA”), 31 U.S.C. § 5311, et seq., was enacted to help root out criminal activity occurring within the banking system. Under the BSA and the implementing regulations promulgated by the Financial Crimes Enforcement Network (“FinCEN”), “financial institutions” are required to establish AML programs and to verify the identities of account holders through “Know Your Customer,” or “KYC,” provisions.1
Many FinTech companies squarely meet the definition of a “financial institution” under the BSA, as it includes banks, money services businesses (“MSBs”), brokers and dealers in securities, mutual funds, insurance companies, operators of credit card systems, and loan or finance companies.2 This definition covers, for example, peer-to-peer transfer systems (such as Venmo) and digital wallets (such as Google Wallet). FinTech companies that are not financial institutions may still be obligated to adhere to the BSA to have access to banks in order to promote their financial services. Indeed, many banks that originate loans or process payments on behalf of FinTech companies require them to have detailed AML compliance policies in place as part of the bank’s own KYC program.
In March of this year, FinCEN published a letter to the U.S. Senate Finance Committee setting forth its position that companies that sell virtual currencies, including through token sales such as Initial Coin Offerings (“ICOs”), must comply with AML requirements. Congress has further signaled to FinTech companies that may consider themselves beyond the BSA’s reach, including issuers or exchangers of digital currencies, to not get too comfortable. Toward the end of 2017, the Senate Judiciary Committee held a hearing to consider proposed Senate Bill 1241, which would expand the definition of a financial institution to include “[a]n issuer, redeemer, or cashier of prepaid access devices, digital currency, or any digital exchanger or tumbler of digital currency.”
Compliance with the BSA requires financial institutions to, among other things: 1) maintain an adequate AML and KYC program; 2) file Currency Transaction Reports (“CTRs”) for transactions over $10,000; 3) file Suspicious Activity Reports (“SARs”) when the institution “knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part)” involves money laundering, is designed to evade the requirements of the BSA, serves no apparent lawful purpose, or facilitates criminal activity; and 4) register with the Department of Treasury.3
The Legal Consequences of Noncompliance
Many FinTech companies, especially startups, are more focused on developing their products and services rather than dedicating scarce resources to develop and implement compliance programs. However, the BSA does not exempt fledgling companies from its scope. FinTech companies must have an effective AML program in place when they begin offering financial services or products to avoid exposure to a regulatory enforcement action. Failure to have a comprehensive AML compliance program in place can expose FinTech companies to other potential civil or criminal liability under the Racketeer Influenced Corrupt Organizations Act; the Financial Institutions Reform, Recovery, and Enforcement Act; the Anti-Fraud Injunction Statute; or the Federal Trade Commission Act.
FinTech companies must be aware of how the BSA applies to their business so that they can implement appropriate AML programs to reduce their legal exposure and avoid facilitating illicit activities. Given the complexities of this area of law and the risks associated with potential enforcement actions, FinTech companies should consult with legal counsel to develop a compliance program that will address all potential business lines. – ©2018 BLANK ROME LLP
- 31 U.S.C. § 5318(h), (l); 31 C.F.R. § 1010.200 (“Each financial institution (as defined in 31 U.S.C. § 5312(a)(2) or (c)(1)) should refer to Subpart B of its Chapter X Part for any additional program requirements…”).
- 31 C.F.R. § 1010.200, et seq.
- 31 C.F.R. §§ 1022.210; 1022.310; 1022.320; 1022.380; 1023.