FinCEN guidances have caused no shortage of confusion in the cryptocurrency community. The watchdog group has detailed the current financial laws and regulations that apply to cryptocurrency businesses several times over the past few years, but each subsequent announcement only seems to muddy the waters. This disconnect has made it difficult for many entrepreneurs – and even their customers – to understand exactly what’s required.
Do FinCEN regulations apply to individuals buying cryptocurrency? What information are customers required to provide? How secure is that information?
Or, if you’re a business, how can you keep your anti-money laundering (AML) compliance in order? What reports do you have to generate, file, and store, and when, and for how long?
It can be difficult finding a clear, no-nonsense rundown of the key guidances issued by FinCEN, which is why we authored this post. Whether you’re a cryptocurrency business or a crypto consumer, this post goes over the details that you need to know.
Remember: if you’re a cryptocurrency business and want help with your compliance, you can always reach out for a free consultation at the end of this post.
The First FinCEN Guidance (2013)
In 2013, the first FinCEN guidance on crypto was issued. It was the beginning of crypto AML and cryptocurrency compliance concerns.
The guidance was very broad, but it basically said that if you’re exchanging cryptocurrency, you’re considered a money transmitter and subject to rules affecting them. A user of crypto is not a money services business (MSB), but an administrator or exchanger is.
FinCEN also defined virtual currency as a medium of exchange that is not recognized as a national currency in any jurisdiction (compared to fiat currency, which is).
While FinCEN did try to define an exchanger as a person in the business of exchanging virtual currency for real currency, there were still a lot of questions about who, exactly, fell under these regulations. What made someone “in business” vs. a user of virtual currency?
As a result, additional guidance was needed.
The 2019 ‘Clarifying’ FinCEN Guidance
The next major FinCEN guidance on cryptocurrency was issued on May 9, 2019. This comprehensive statement was designed to answer many of the questions that had come up in the years since 2013, and to address recent developments in the crypto markets.
No New Regulations
The recent statement explicitly stated that the guidance did not contain new regulations. Instead, it was intended to answer questions and consolidate regulations and rulings that affected cryptocurrency compliance.
In short, cryptocurrency businesses are defined as money transmitters and are subject to the same registration, AML, and reporting responsibilities as other financial institutions.
Section 1: Defining Key Terms
One of the biggest questions people had about the initial 2013 guidance was simple: What, exactly, is a cryptocurrency business, and does FinCEN include users in their definition?
In section one, FinCEN defines a money transmitter as someone who operates a money services business (MSB). There are several examples given of what criteria could apply, including having a business title or facts and circumstances that describe an MSB.
The goal of FinCEN in this section is to avoid having people try to dodge the title of being a money services business (MSB).
Other definitions in this section include defining a “transmitter” as someone who initiates a transaction and a “transmitter” as someone who executes the transaction. The transmitter is the one subject to regulation. However, banks, individuals regulated by the SEC or CFTC, or individuals who exchange money infrequently and not for profit, are exempt.
The definition of virtual currency was expanded, so as to encompass not just Bitcoin compliance, but any substitute currency.
Section 2: Applying Bank Secrecy Act (BSA) Regulations to Money Transmission
An MSB has to have a written AML compliance program, and they need to register with FinCEN within 180 days of beginning to engage in money transmission.
It’s important to note that if the transactions involve the transmittal of funds, the Funds Travel Rule applies. This means you’ll need to disclose specific information about some transactions to the next financial institution in the transaction. This can be challenging for a crypto business to do, but there are best practices that can help.
FinCEN also expects a “culture of compliance” within the organization. This initiative should be supported from the top all the way down to the comprehensive AML training that front-line employees receive.
AML compliance programs should be focused on assessing and minimizing the risk of exposure to money laundering, financing terrorism, and financial crime. To mitigate these risks, companies are expected to manage customer relationships – which includes Know Your Customer (KYC) and Customer Due Diligence (CDD) processes.
Section 3: Common Business Models Related to Cryptocurrency
Based on your business model, do you need to register as an MSB? Chances are the answer is yes, and even if you are currently excluded it’s helpful to stay up-to-date in case things change.
Peer-to-Peer: These services are MSBs if the buyer or seller is advertising the services, and/or making a profit from exchanges.
CVC Wallets: There’s a 4-factor test for these businesses, including who controls the value, where the value is stored, whether the owner interacts directly, and whether the intermediary has total independent control of the value.
Hosted wallets are MSBs, but unhosted are not. Multi-sig wallets might be, depending on hosting.
Crypto ATMs are MSBs, as are DApps and Anonymity-Enhanced CVC Transactions.
Software providers are not MSBs.
Creating And Maintaining Your AML Compliance Program
As a user, you’re not considered an MSB. However, the businesses you use to buy and sell cryptocurrency are, so you may need to provide specific information to them so they can meet FinCEN’s compliance standards.
A cryptocurrency business needs to fully understand who their customer is and who is benefitting from the account. Also, if unusual activity occurs, the compliance officer within the company needs to review the transaction. If necessary, the officer may file a Suspicious Action Report (SAR).
Maintaining proper documentation and reporting helps create a paper trail that investigators can use if they want to look more deeply into a specific user or transaction.
Do you have a strong crypto AML program? If you’re not sure, let us review it for you. Contact us today for a free consultation. We can help you understand where the holes are and develop a strong strategy to meet compliance standards.