12 Aug Cryptocompliance 101: How To Assess HIFCA And HIDTA Risk For MSBs
If you’re newer to crypto, you might hear the acronyms HIFCA and HIDTA tossed about in relation to risk analysis. if so, you’ve probably wondered what they mean.
If you’re just looking for a quick answer, this post will explain what HIFCA and HIDTA are in broad strokes. But keep in mind, this is for educational purposes only. We can’t emphasize enough the importance of working with compliance professionals in the crypto space on comprehensive risk assessments that include HIFCA and HIDTA considerations, and offer free consultations for that reason (see bottom of this article).
This article is a continuation of our series of cryptocompliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance. Today, we’re focusing on HIFCA and HIDTA – what they are, how they affect an MSB’s risk, and how to fit them into a BSA compliance program.
What Is HIFCA?
HIFCA is an acronym that stands for High Intensity Financial Crime Area and refers to high-risk areas in the United States for money laundering and related financial crimes. Law enforcement efforts in these areas are heightened at the federal, state, and local levels to detect and prevent these crimes.
HIFCAs were introduced as part of the Money Laundering and Financial Crimes Strategy of 1998 and currently include the following counties in the United States:
- California Northern District: Alameda, Contra Costa, Del Norte, Humboldt, Lake, Marin, Mendocino, Monterey, Napa, San Benito, San Francisco, San Mateo, Santa Cruz, Sonoma
- California Southern District: Los Angeles, Orange, Riverside, San Bernardino, San Luis Obispo, Santa Barbara, Ventura
- Southwest Border: Arizona (all counties), Texas (counties bordering and adjacent to counties bordering the US-Mexico border – see the full map here)
- South Florida: Broward, Indian River, Martin, Miami-Dade, Monroe, Okeechobee, Palm Beach, St. Lucie
- Illinois (Chicago): Cook, Dupage, Kane, Lake, McHenry, Will
- New York (and New Jersey): New York (all counties), New Jersey (all counties)
- Puerto Rico (and the U.S. Virgin Islands): Puerto Rico (all counties), U.S. Virgin Islands (all areas)
You can follow the link to view the full HIFCA regional map on the FinCEN website.
What Is HIDTA?
HIDTA is an acronym that stands for High Intensity Drug Trafficking Area. It’s a federal program created by Congress through the Anti-Drug Abuse Act of 1988 and is administered by the White House Office of National Drug Control Policy.
The HIDTA program provides resources to federal, state, local, and tribal agencies so they can coordinate activities to reduce drug trafficking and production in specific areas of the United States.
Today, HIDTA covers 18.3% of all counties in the United States and 65.5% of the population. There are 28 HIDTAs across the country, which are established based on criteria developed by the Office of National Drug Control Reauthorization Act of 2006. They are:
- Central Florida
- Central Valley California
- Gulf Coast
- Los Angeles
- New England
- New York/New Jersey
- North Central
- North Florida
- Northern California
- Puerto Rico/U.S. Virgin Islands
- Rocky Mountain
- South Florida
- Southwest Border
- Texoma (formerly North Texas)
You can follow the link to see the HIDTA map of counties included in the program.
What Do HIFCA And HIDTA Mean For Cryptocurrency Businesses?
HIFCA and HIDTA matter to MSBs because they have a significant place in a company’s risk assessment. If your business operates within one or more HIFCAs or HIDTAs, it will have a direct impact on your risk profile, and thus, your entire AML compliance program. This includes your red flags, transactional policies, state licensure, and everything else.
You need to know what impact HIFCA and HIDTA have on your business before you even try to build your AML compliance program, which is why it’s so important to work with a compliance expert from the very beginning.
A crypto risk assessment will give you a clear understanding of your MSB’s risk profile. It shows you where your business might be vulnerable by identifying what could go wrong and how likely it is that something will go wrong. With this information, you can evaluate your own risk tolerance levels and develop risk mitigation strategies as well as a solid AML compliance program that effectively protects you, your business, and your customers.
Are There Any Exceptions?
If you’re an MSB/money transmitter, there are no exceptions. However, large-scale MSBs and crypto exchanges have to think about the risk mitigation more than most since they likely operate in multiple states and HIFCA and HIDTA jurisdictions.
But even if you operate a single Bitcoin ATM, you need to understand these types of risks because they could be affecting your business right now. It’s also very likely that they’ll affect you in the future if you have plans to grow your business.
For example, if you’re in a designated HIFCA, HIDTA, or both, or you want to expand your business and buy another BTM in a designated HIFCA or HIDTA, then you’ll need to review your risk assessment to ensure you’re operating in line with your risk tolerance levels.
Key Takeaways For Crypto Business
Remember, this article is for educational purposes only and only provides an introduction to HIFCA, HIDTA, and the need for ongoing risk assessments. A compliance expert, particularly one with experience in crypto, will leave no stone unturned when it comes to your risk profile.
Bottom-line, if you don’t know what HIFCA or HIDTA are and you don’t know how they affect your MSB, then you need to have a risk assessment done.
And if you’ve had a risk assessment done but your business has changed or you haven’t had an assessment done in over a year, it’s time to schedule another to keep ahead of continually changing regulations and demographic trends.
Use the form below to schedule a free, no-pressure consultation with the cryptocompliance experts at BitAML and learn if you need a risk assessment done.