Do bitcoin companies need to file Currency Transaction Reports?
In a previous post, we talked about the importance of a strong surveillance and monitoring procedure designed to catch suspicious activity and protect cryptocurrency money services businesses (MSBs) and money transmitters from financial crime, like money laundering.
As we discussed, good surveillance and monitoring practices are built upon a series of “red flags,” or custom alert routines that allow your employees to spot transactions that might not be on the up-and-up.
These red flags must be unique to your institution’s business model and risk profile, and every employee must be trained to screen for suspicious activity.
Meticulously detailed red flags are absolutely critical to robust bitcoin compliance. That’s why we encourage new business owners in the space to reach out to BitAML for a free consultation to help them understand their unique profile.
Usually, red flags are based on things like transaction frequency and customer information, but every institution involved in the exchange of currency, crypto or otherwise, will have red flags based on certain dollar amounts.
This is because there are reports regulators require your BSA Compliance Officer to file based on transaction size alone.
The most common report related to dubious transactions you will need to file is the Suspicious Activity Report (SAR). SARs are required to be filed with FinCEN by the Bank Secrecy Act (BSA) of 1970. We covered SARs in a previous blog post; you’re encouraged to check the post out later if you’ve missed it, but the gist is that SARs are catch-all reports governing a wide range of suspicious transaction criteria.
Does that mean as long as you file SARs to report suspicious activity you’re good to go?
Unfortunately, no. There are other reports you may need to file in addition to SARs on occasion. One of them is the Currency Transaction Report.
We’re continuing our series of cryptocompliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance. Today we’re talking about Currency Transaction Reports (CTRs). What they are, what will trigger them, how they should be filed (and how often), as well as a continued emphasis on the importance of strong reporting procedures in surveillance and monitoring.
What is a Currency Transaction Report (CTR)?
A CTR is a report to be filed electronically with FinCEN when a customer deposits, withdraws, exchanges, or otherwise transfers over $10,000 cash with a financial institution (i.e. $10,000.01 or more).
What does this look like in the context of a cryptocurrency business? Let’s say you’re a crypto ATM operator and a customer purchases bitcoin from one of your machines with over $10,000 in cash. That will require you to file a Currency Transaction Report.
Additionally, if a customer executes multiple transactions over the course of a day that add up to more than $10,000 (a process known as “structuring,” which qualifies as suspicious activity in its own right), a CTR will need to be filed.
As we said above and in our blog post on the topic, SAR filing is required based on a wide range of criteria. You might need to file a SAR if your customer cannot produce proper identification, or if you catch multiple customers using the same social security number.
For a CTR, the only criteria is the amount — $10,000.01 or more in transactions in a single day.
Additionally, for crypto, this works both ways. If you operate a cryptocurrency exchange, and a customer attempts to sell more than $10,000-worth of bitcoin in a single day, you will also need to file a cryptocurrency CTR.
Think of the CTR as an extra report you may have to file with FinCEN in addition to a SAR if the transaction involves $10,000.01 or more in a single day.
How should a CTR be filed?
Strong AML compliance requires you to build a culture of compliance at your institution. This means that every employee should be trained to spot suspicious activity in transaction data and forward such concerns to the BSA Compliance Officer.
While sending a note to the BSA Compliance Officer about a transaction you think should trigger a CTR, it is ultimately the BSA Compliance Officer’s role to determine if a CTR should be filed, as well as doing the actual filing.
FinCEN has an online portal for completing and filing CTRs. Basic information required includes the customer’s name and all available customer data, like their address, SSN, and business name. All CTRs should be filed by the BSA Compliance Officer in a timely manner.
Each report has its own term for filing, and the CTR is different (read: more urgent) than the SAR. It is absolutely crucial to file CTRs within FinCEN’s required timeframe after the date of the transaction.
Additionally, the BSA Compliance Officer should keep records of CTRs it files for a period of time so as to be quickly made available at the request of regulators.
How CTR reporting fits into bitcoin compliance
Your business should specify its policy for currency transaction reporting in its AML Program.
CTRs fit under the umbrella of Know Your Customer/Customer Due Diligence (KYC/CDD) reporting, and as noted previously, should correspond to specific red flags designed for your surveillance and monitoring protocol for spotting suspicious activity.
Bottom line, filing a CTR is an action you’ll have to take after specific red flags are tripped; the transaction amount that triggers the filing of a Currency Transaction Report should absolutely be included in your red flags.
Most traditional financial institutions (like banks) use software that automatically triggers electronic CTR filing. If available within onboard KYC software of, say, a cryptocurrency ATM, we do advise you use it at the discretion of your BSA Compliance Officer.
Ultimately, as explained above, CTR filing is under the purview of the BSA Compliance Officer. The BSA Compliance Officer is responsible for the analysis and disposition of any attempted or completed transactions that raise an obligation to file a report to government officials or law enforcement, as well as reporting suspicious transactions to your company’s Board of Directors.
However, we can’t stress this enough — all employees should be trained to spot suspicious activity in transaction data and be well-versed in your institution’s red flags.
If you need help designing an AML Program, surveillance and monitoring policy, and a reporting procedure, contact BitAML for a free consultation today.
It’s our job to help business owners understand how they can run businesses that comply with difficult federal and state regulations, and to enforce AML compliance across the cryptocurrency industry.