Legislation being considered in California and New Jersey, as well as other regulatory signals around the U.S., are a reminder that businesses in the bitcoin/cryptocurrency space must prioritize consumer protection.
We offer some practical tips you can implement right away.
It’s easy, in a new industry, to get swept up in the excitement of creating, building, and scaling. The bitcoin/cryptocurrency space is no different.
But recent signals from state regulators point to a wider trend that cryptocurrency business owners shouldn’t ignore, because they speak to how cryptocurrencies will be regulated in the coming years.
Currently, many state regulators maintain a “no action” or “no opinion” stance on certain cryptocurrency businesses. This means that they do not enforce specific regulations in their jurisdiction above and beyond what is required at the federal level of all cryptocurrency businesses classified as money services businesses/money transmitters.
What does this mean?
That all cryptocurrency businesses have AML compliance obligations they must meet in order to do business in the United States. But, depending on their business model and what states they do business in, they will need to adhere to additional, state-specific regulations, unless the state they operate in maintains a “no action” stance, which currently many if not most states do.
If this is your first introduction to the concept of state regulation for cryptocurrency, you might be thinking that all you need to do is limit your business to states with a “no action” stance.
Not so fast.
As we’ve written before, relying on “no action” is unsustainable. Every state will eventually adopt specific cryptocurrency regulations or apply existing regulations to crypto companies. And there’s good reason to believe it will happen as soon as this year.
So what will those regulations look like, and how can cryptocurrency businesses get a head start?
Recent Moves By State Regulators Point To A Common Theme
Regulators at the federal and state levels set their policies based on their own unique goals.
Federal regulation is primarily designed to protect the financial system and the U.S. economy from money launderers, terrorists, and other financial criminals.
At the state level, regulation is focused on consumer protection, and this is evident in some of the recent regulatory moves we’ve observed.
A bill proposed in the state of New Jersey in February would require all cryptocurrency businesses to obtain a license in order to continue operating. A license would include, among other things, registering a legal business name, providing copies of AML Programs built to comply with federal money transmission regulations, as well as transparent terms and conditions including fees.
Assemblywoman Yvonne Lopez said of the bill: “We must take steps to protect consumers looking to invest in cryptocurrency, while also allowing the sector to continue to develop and expand in New Jersey.“
California’s AB-2150 (not only have we reported on this bill before, we consulted on a previous version of it), includes substantial requirements somewhat similar to the New York BitLicense (albeit more thoughtful in implementation).
What’s more, Governor Gavin Newsom’s recent budget proposal includes an ambitious plan to reorganize the Department of Business Oversight, increase its funding, and expand its scope. The proposed changes would rebrand the department as the Department of Financial Protection and Innovation with emphasis on consumer protection in the context of innovative financial technology and products (read: bitcoin, cryptocurrencies, et al).
That’s not all.
The Massachusetts Division of Banks (DOB) has recently announced a series of “Fintech Innovation Hours,” designed as forums for regulators and fintech companies to break bread and share knowledge about financial innovation and technology.
Make no mistake: These events are information gathering sessions for the DOB regulators.
These forums are a proactive move on their part to establish relationships with business owners in the bitcoin and cryptocurrency space. Ultimately, these forums will inform state regulation in Massachusetts focused on, you guessed it, consumer protection.
It’s important to note that there’s nothing untoward about what the Massachusetts DOB is doing with these Fintech Innovation Hours. Far from it. Engaging business owners in the space will result in healthier dialogs and regulatory frameworks that accomplish their goal of consumer protection.
“Every state will eventually adopt specific cryptocurrency regulations or apply existing regulations to crypto companies. And there’s good reason to believe it will happen as soon as this year.“
Gathering input from the industry itself is far preferable to the reactionary policy route which impedes innovation. State regulators across the country would do well to model this approach.
But make no mistake; regulators are catching up to cryptocurrency.
So, what can you do right now to get yourself ready?
Practical Consumer Protection Tips Crypto Businesses Should Implement Now
Regardless of how far away your state is from developing regulatory frameworks like those being considered in California, you should be preparing your business for the inevitability of state regulation.
If you’re an entrepreneur in the cryptocurrency industry, the most important thing you can do to prepare is to demonstrate to regulators that you share consumer protection as a broad value and institutional goal.
Bringing your financial institution in-line with that goal will require some thoughtful work, but fortunately, the most effective changes you can make are largely practical and simple to implement.
Here are six things you can do to show regulators you take consumer protection seriously.
1. Transparent disclosures
Terms of Use, disclosures explaining any fees, the source of the price of the bitcoin or cryptocurrencies you support, and contact information (phone number preferred) for consumer questions, concerns, or complaints, should be conspicuously posted in multiple areas where your customers will come into contact with them (website, on kiosk screen, etc.).
Consumer protection and good customer service go hand-in-hand (plus, it just makes good business sense).
2. Aiding in consumer awareness efforts
As your business becomes aware of scam activity spreading in the cryptocurrency marketplace, your efforts to educate your customers and keep them safe do not go unnoticed by regulators.
Informing your customers of potential scam activity in the form of Craiglist scams, crypto romance scams, or other nascent archetypes shows that you are a collaborative partner in consumer protection.
3. Extra safeguards for customers aged 60+
Elder financial exploitation (EFE) is a significant problem in every corner of the financial system, and cryptocurrency is no exception. There are a number of methods cryptocurrency businesses can use to detect potential EFE, starting with requiring a government-issued identification with every transaction.
If you notice that a customer is aged 60 or greater, conduct additional due diligence to ensure they are not the victim of a financial scam.
4. Maintain detailed red flags to catch potentially suspicious activity
A comprehensive list of red flags unique to your institution is a must, but you must also vigilantly test transactions against them. This can be tricky in cryptocurrency, because there are new adopters every day, so signs of potentially suspicious activity might also simply be innocent naivete from a customer doing a transaction for the very first time.
How can you tell the difference? Conduct stronger customer due diligence. Ascertain whether the customer is open to answering your KYC/CDD questions. If the customer is resistant to such information gathering or attempts to abort a transaction prematurely, or appears nervous, these might be signs of suspicious activity that require reporting.
5. Limits for first-timer customers
On that note, first-time customers might be unfamiliar with reporting requirements and attempt to execute a large transaction or break a large amount into smaller transactions for completely innocent reasons.
The problem for you is that you don’t know whether a first-time customer is simply naive, or if they are a financial criminal seeking to exploit your business.
That’s why, regardless of the customer’s motive, you should enforce first-time customer limits. Consider “cooling-off” periods before the customer can transact again, or limits on the amount they can transact.
6. Logging consumer complaints
Like we said in point #1, consumer protection and good customer service go hand-in-hand.
The ability to show regulators that you take customer complaints seriously is a big sign of positive cooperation with consumer protection goals.
The good news is that consumer complaints can be kept in a simple spreadsheet, with pertinent information like name, the nature of the complaint, when it was logged, and any remediation actions your institution took.
Key Takeaways For Cryptocurrency Businesses
Regulators in key U.S. states are making bold moves to engage with the cryptocurrency sector, and this trend will only increase in the coming months/years. Sooner or later, every state will apply regulation to bitcoin and cryptocurrency businesses.
“Make no mistake; regulators are catching up to cryptocurrency.”
State regulators may take a more proactive approach and attempt to engage with business owners directly, collecting feedback in an effort to inform regulation that doesn’t hamper innovation or scare away businesses.
But whether your state takes a proactive approach or not, there are practical steps you can take now to prepare your business for the kind of regulatory framework that concerns itself with consumer protection. Plus, consumer protection just makes good business sense.
If you need help navigating AML compliance in the cryptocurrency industry, the compliance experts at BitAML can help. Reach out for a free consultation here.