FinCEN guidance: crypto firms take notice

On 9^th May, FinCEN issued guidance on the ‘Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies’. While the guidance does not set forth any new regulatory requirements, it does combine all FinCEN regulations, rulings, and guidance around convertible virtual currencies (CVCs) since they were issued going back to 2011.

In addition to the guidance, FinCEN also issued an advisory to highlight the risks associated with virtual currencies and how to identify and report suspicious activity. These come on the heels of its April statement which announced the first time ever penalty against a peer-to-peer cryptocurrency trader for failure to comply with the Bank Secrecy Act (BSA).

Trader Eric Powers was fined $35,000 and is barred from providing money transmission services because of his failure to register as a money transmitter and failure to file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).

Convertible virtual currencies clarifications

As noted, the purpose of the FinCEN Guidance release was to provide more clarification based on questions raised around dealing with convertible virtual currencies. The format of the release consists of six sections:

• Key concepts and definitions [relating to CVC’s]
• Explanation of current regulations and previous rulings
• Summary of FinCEN’s 2013 guidance on regulations around transactions denominated in CVC
• BSA guidance to common business models
• Exemptions
• Available resources

One key point raised in the definitions, is that FinCEN’s definition of “money transmitter” includes a “person that provides money transmission services” or “any other person engaged in the transfer of funds”. As a result, these individuals are subject to comply with all the rules and regulations set forth in the Bank Secrecy Act.

The FinCEN Advisory (FIN-2019-A003) highlights the risks posed by virtual currencies and identifies five platforms used by criminals in their illicit activities:

• Darknet marketplaces
• Unregistered or illicitly operating P2P exchangers
• Unregistered foreign-located MSBs
• Unregistered or illicitly operating CVC kiosks
• Illicit activity leveraging CVC kiosks
• Other potentially illicit activity

Within each of them, a total of 30 red flags were identified; however, they weren’t specific to virtual currencies. These red flags would apply to other types of businesses and transactions. For example, there are five flags identified in darknet marketplaces. The five flags should raise concern for any type of transactions, not uniquely to CVC transactions.  Even more broadly, any connection to darknet marketplaces should draw concern. The same would apply to unregistered foreign-located MSBs.

Overall, the guidance and advisory served as a good “refresher” course; but more importantly, it showed clearly that providers of services for CVC’s need to comply with these regulations as any other money transmitter or money services business would do.

Regulations around cryptocurrencies have been around for quite some time. Most enforcement actions thus far have been more from the US Securities and Exchange Commissions (SEC) side of the house; however, that is starting to shift. Compliance to FinCEN regulations, specifically those outlined in the Bank Secrecy Act are starting to take shape.

We will begin seeing more enforcement actions in this area which will quickly escalate the need for solid AML programme and solutions.  The need will encompass not just client due diligence, but also a solid transaction monitoring platform and screening for bad actors.

By Ted Sausen, AML Subject Matter Expert at NICE Actimize