06 Jul What every crypto business should do for consumer protection
The time has come for entrepreneurs in the bitcoin and cryptocurrency space to implement robust consumer protection protocols. Here’s how.
Consumer protection is an evolving topic in cryptocurrency. Though crypto continues to attract growing consumer interest, concrete information on the risks of transacting isn’t often readily available.
This leaves consumers in the dark as to the protections afforded to them when they buy and sell assets like bitcoin.
Policymakers are aware of this discrepancy, and indeed consumer protection has emerged as a central theme of many of the proposed state-level licensing regimes and other pending legislation actively being considered.
If you’re reading the tea leaves, then the following should be obvious:
Consumer protection and a fair marketplace are key to the longterm viability of cryptocurrency.
So what can business owners do?
Quite a lot, in fact. It all starts with adopting a robust consumer protection policy.
Entrepreneurs running cryptocurrency financial institutions from BTMs all the way up to international exchanges should be leading this solution from the ground-up by making consumer protection a priority of business.
As a business owner, you set the tone, build goodwill in the market, and nurture lasting customer relationships.
You also get to help set the standard for the industry and remain on top of regulatory expectations which, as we’ve discussed before, provides a significant competitive advantage.
Simply put, taking a proactive approach to AML compliance and other regulatory considerations helps businesses stay ahead of trends, in addition to fostering a healthier competitive landscape.
But it’s not the competitive advantage that makes consumer protection critical. The “why” has to do with the ecosystem as a whole.
In the rest of this post we’ll cover:
- Why consumer protection matters
- What policy and protocols should look like
Let’s get started.
Why consumer protection matters
The purpose of consumer protection is simple: to protect consumers.
Sounds obvious, but that’s not all.
Good consumer protection policy also safeguards financial institutions against engaging, knowingly or otherwise, in unfair or deceptive practices, educates consumers about their rights and responsibilities, and redresses any consumer grievances.
We’ll cover each of these points in depth, but we want to make sure to emphasize the focus on consumer grievances now. Your consumer protection policy should focus heavily on potential complaints made by your customers, and how you record and resolve these issues as an institution.
Why is consumer protection required?
The Consumer Financial Protection Bureau (CFPB), established by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, is authorized and responsible for consumer protection within financial services.
Both traditional and non-bank financial institutions fall under its purview, and it not only creates the rules, it performs examinations and tracks consumer complaints.
What does this mean for crypto institutions?
Two things primarily (though not exclusively):
- Cryptocurrency businesses are considered MSBs by law and must, therefore, follow the same rules as traditional financial institutions.
- If cryptocurrency businesses do not have processes in place with regard to consumer protection, the complaints end up on the desk of state regulators, among others, drawing unwanted attention.
Ultimately, cryptocurrency financial institutions operating in the U.S. and/or offering services to U.S. citizens, regardless of where they are physically located, are required to comply with consumer protection laws and regulations.
Businesses are more or less “drafted” to help enforce a fair market, and prevent unfair, deceptive, or abusive acts and practices. One’s business is not an island with no influence on a wider market. When it comes to consumer protection, business owners are compelled to help police the financial sector.
Consumer protection is ‘good business’
Even in cases where the regulatory landscape is ambiguous or underdefined, such as in “no action” states, enforcing strong consumer protection is in the interest of the business owner.
When consumers lack education about the risks of cryptocurrency, or at worst, become the victims of scams, they need somewhere to turn to. If they can’t find advocates in the market, they will go to regulators.
Playing a proactive role in consumer protection creates trust within the market, particularly with new adopters of crypto.
More regulation to protect consumers is also inevitable. We’ve written at length about “no action” states and the trends suggesting that underregulated state jurisdictions will not last.
So the ideal solution is for the private sector to take up consumer protection as a value and a matter of “good business.” Increasing trust in the cryptocurrency market, as well as wider consumer adoption, starts with good customer service.
Educating newcomers and giving them opportunities for complaint remediation is good customer service, good self-regulation, and ultimately, good for business.
Key hallmarks of consumer protection policy
Let’s say you’re sold. Now you’re wondering, what should consumer protection policy and protocols look like?
Once again, the purpose of consumer protection is threefold:
- Protect consumers and the institution
- Educate consumers about risks and rights
- Address customer complaints
Consumer protection policy should, therefore, outline the procedures your business implements to meet these three considerations (as well as comply with any applicable consumer financial protection laws and regulations).
Strategically, your approach to procedures should focus on the following:
- Notice of risks
- Complaint remediation
We’ll cover each in more detail below.
Disclosures refers to the act of releasing relevant information that may influence the consumer’s decision to engage in a transaction or business relationship with the institution.
As a consumer yourself, you run into disclosures all the time. Among the most common disclosures are a Terms of Service document.
Whether you switch cell phone providers or sign up for a new social media account, you’re presented with a Terms of Service disclosure which explain how the company handles things like data collection and protection, information sharing, and your privacy as their customer.
Similar disclosures should also be offered by crypto financial institutions, whether at signup (in the case of an exchange) or even on the kiosk’s screen before approving a transaction (in the case of a BTM).
Other disclosures could include transaction fees and pricing (particularly important given that the price of cryptocurrencies can change at any given time) as well as AML compliance disclosures.
For example, it’s not uncommon for BTM operators to include a separate “Customer notice of KYC/CDD” which explains how the collection of certain identifying information from a client is used to mitigate risks associated with money laundering in accordance with federal law.
Notice of risks refers to the steps businesses take to inform consumers of the potential risks associated with the purchasing, holding, selling, exchanging, and otherwise transacting of cryptocurrency.
As we’ve covered in other articles, cryptocurrency poses a number of risks to consumers in the eyes of regulators.
First, regulators consider nascent technology as posing a higher level of inherent risk by default, meaning that no matter how safe cryptocurrency could hypothetically be designed to be, any new technology is perceived as carrying potentially unknown risks by virtue of being new to the ecosystem alone.
Second, many of the inherent features that enthusiasts find so appealing about cryptocurrency are also appealing to financial criminals.
Decentralization, pseudo-anonymity of transactions, the availability of funds within minutes of a transaction, and more benefits provide financial criminals with new pathways to exploit their victims using their tried and true schemes.
Third, there are marketplace risks that consumers, particularly those new to cryptocurrency, may not be aware of. Price fluctuations and crypto winters aren’t the only potential drawbacks consumers might want to understand before conducting transactions.
Irreversible transactions, currency volatility, and the fact that cryptocurrency is effectively unregulated are just some of the topics that a consumer should understand fully before executing a transaction, and business owners play a large role in educating the public on these topics.
Lastly, the potential for consumers to become the victims of scams and other fraudulent activity should be detailed in any notice of risks.
While fraud and scam activity have a “rich tradition” (read: sarcasm) extending beyond the invention of bitcoin and other cryptocurrency, as previously discussed, financial criminals are nonetheless attracted to it as a tool for their schemes.
We advocate an exhaustive disclosure detailing the different scam typologies, many of which are simply iterations of previous nefarious activities conducted via traditional financial services.
Some of the more common scams include, but are in no way limited to:
- IRS Scam: In which scammers impersonate the IRS and demand payments in cryptocurrency
- Social Security Scam: Similar to the IRS scam, but impersonators pretending to represent the Social Security office
- Classifieds Scam: Also known as a Craigslist scam, involves purchase of an item (like a car) with payment in crypto expected up front
- Romance Scam: In which a victim believes themselves to be in a romantic relationship online with a partner who is asking for payments in crypto
- Family Member in Danger Scam: In which a financial criminal poses as a member of a potential victim’s family asking for a wire of money to get out of some trouble
- Investment Scam: In which a cold caller offers a would-be victim an opportunity to “get in on the ground floor” of a scheme that seems too good to be true
- Prize Scam: In which the potential victim has won a prize, but must first pay a sum in cryptocurrency.
It’s important to note, as business owners, the overlap that many of these scam typologies have with Elder Financial Exploitation as well.
Fraud and scam typologies are numerous, continuously evolving, and only limited to the imagination of the criminal mind, and businesses play an essential role in helping to police the ecosystem for bad actors and protect consumers from becoming victims.
Other notices may include a warning about the tax implications of realizing a profit from cryptocurrency investment, certain cybersecurity risks, and good old-fashioned human error.
Complaint remediation refers to providing a platform for receiving, reviewing, and remediating consumer complaints addressed to the institution.
Two years ago, we predicted (rather, proffered) that customer service would become a major compliance topic in cryptocurrency.
While disclosures and notice of risks are foundational elements of good consumer protection policy, providing a venue for customers to air their grievances and observing procedures designed to remediate them plays a critical, ongoing role, so much so that we recommend this procedure be documented within its own policy.
The policy should outline a process for investigating, reviewing, and resolving consumer complaints, as well as criteria for escalation, board reporting, and recordkeeping.
Since consumer complaints will come from a variety of sources (e.g., social media, email, phone), different resolution strategies will be employed depending on the nature and severity of the complaint.
For example, in many cases, the best strategy for handling a public complaint on a review site or social media is to not respond at all. However, you may choose to attempt to resolve a specific public complaint privately through direct messaging the customer.
However, a Direct Message on a social platform with a specific complaint may be treated in much the same way you would handle a complaint that comes by way of email or direct phone contact.
Either way, it’s up to the institution and stakeholders like the BSA Compliance Officer to determine how to address consumer complaints and how quickly they should be resolved. Typically an appropriate time frame is 7 business days, though the sooner the better. In cases where a complaint cannot be resolved in that period of time, the BSA Compliance Officer will need to decide on the best path forward.
Finally, all complaints should be documented in a consumer complaint log, which can be as simple as a spreadsheet document with fields like name, date, nature of complaint, resolution, etc.
Takeaways for AML compliance
Remember that the purpose of consumer protection within the context of cryptocurrency is to protect consumers, safeguard the institution against engaging, knowingly or otherwise, in unfair or deceptive practices, educate consumers about their rights and responsibilities, and to redress any consumer grievances.
Expect that the emphasis on consumer protection within cryptocurrency will increase in the coming years, and plan for it with good policy and procedures that include disclosures, notice of risks, and critically, a detailed procedure for resolving consumer complaints.
Also, always remember that BitAML can help navigate these and other topics related to crypto AML compliance. Reach out here if you have questions.