What Every Crypto Company Needs to Know About Compliance
If you’re operating a digital asset exchange (or an MSB more generally), chances are you know how dangerous it can be to misunderstand the regulatory environment.
Here at Coral, we take compliance seriously — so, in case you’re not in the loop about what it means to comply with regulatory requirements in the United States as a money transmitter, this article breaks down what you should know.
First, it’s important to note we’ll be looking at compliance through a federal lens. There’s undoubtedly more complexity at the state level- a topic we’ll address in a future post.
For now, we’ll explore the federal regulatory landscape and steps needed to be compliant.
Next, we’ll take a look at the future of FinCEN, and finally, we’ll discuss what options exist to help you prepare for compliance.
The Watchdog:
FinCEN, the Financial Crimes Enforcement Network, regulates KYC requirements for financial institutions, which encompasses anti-money laundering (AML) and counter terrorist financing (CTF). It serves two roles — issuing AML/CFT regulations and monitoring illicit financial activities occurring through the U.S. financial system.
In the blockchain ecosystem, FinCEN is particularly important because many companies fall within the definition of a money services business (MSB), specifically money transmitters.
Are you a money transmitter?
If you touch or facilitate the transaction of cryptocurrencies, you’re probably an MSB.
In 2011, FinCEN changed the definition and regulations they use to regulate money service businesses. Thanks to these changes, “money transmission” now encompasses the acceptance and transmission of value that substitutes for currency. Translation: Virtual currency is a substitute and is now covered by MSB regulations.
There are three steps MSBs must take to comply with regulatory requirements:
- Register with FinCEN as a money services business
- Develop, implement, and maintain an AML program designed, “to prevent the [MSB] from being used to facilitate money laundering and terrorist finance”
- Establish record keeping and reporting measures, including filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).
According to FinCEN, their regulations applied to all transactions involving money transmission, including virtual currencies. This included transactions where individual parties exchanged “fiat and convertible virtual currency” in addition to those transactions from “one virtual currency to another.” They summed this up neatly by saying:
“In short, individuals and entities engaged in the business of accepting and transmitting physical currency or convertible virtual currency from one person to another or to another location are money transmitters subject to the AML/CFT requirements of the [Bank Secrecy Act] and its implementing regulations.”
For these reasons, being compliant often takes registering as a money transmitter and conducting an in-depth risk analysis of your platform’s exposure to money laundering. Businesses need to implement an anti-money laundering program based upon an internal assessment of the risks, and also comply with FinCEN’s record keeping regulations* (see below.) From there, businesses need to file Currency Transaction Reports, Suspicious Activity Reports, an ensure that record keeping is extremely well documented and compliant with both the “Funds Travel Rule” and the “Funds Transfer Rule.”
So, what happens if your business doesn’t proactively address these issues?
A case study in the consequences of not complying: BTC-e
One example of these consequences can be seen with the case of BTC-e. The company was initially a virtual currency exchange platform. As a major player in the market, they had over 700,000 customers and, according to FinCEN, were “…associated with bitcoin wallets that had received over 9.4 million bitcoins.”
FinCEN prosecuted the platform when BTC-e failed to establish policies to handle transactions that were anonymized and conducted through their platform. At the conclusion of the investigation, a $12 million civil money penalty was held against one of BTC-e’s “administrators,” Alexander Vinnik, which is currently the “largest individual liability penalty FinCEN has assessed to date.”
The company lacked even basic controls to prevent the use of its services for illicit purposes. As a result, they attracted and maintained a customer base that included many criminals who desired to conceal proceeds from crimes such as ransomware, fraud, identity theft, public corruption, and drug trafficking
What comes next?
FinCEN recently made efforts to better understand emerging technology, and in doing so, has worked to identify risks, close gaps, and support “responsible innovation through clarity.”
For example, FinCEN has established “FinCEN Exchange,” to work hand-in-hand with the private sector and law enforcement in order to allow financial institutions to engage with FinCEN and law enforcement agencies to share “industry developments, concerns, and risks and threats.”
Despite their proactive stance towards working with businesses, they are first and foremost a regulatory body that has specific guidelines for working as a MSB.
Still overwhelmed? There’s a solution!
To address the mounting scrutiny crypto companies have received from regulators like FinCEN, many have begun implementing traditional, bank level Know-Your-Customer (KYC) programs, often at the dismay of their users. It is trade-off many are reluctant to make, but one that is necessary to function in a compliant ecosystem.
The challenge is most organizations do not want to become experts at fraud monitoring or compliance management. The cost and complexity of implementing such programs can be overwhelming when it’s not an intended area of expertise.
If you find your organization in a situation where you need to move forward registering as a money services business, but don’t know where to begin on the fraud and compliance needs — the good news is there’s help!
Here at Coral, we’ve created a protocol for assigning risk scores to wallet addresses — we call the “trust scores.” We’re able to quickly determine if you’re about to send funds to an untrustworthy individual or possible scammer.
If you’re looking to make your platform more robust and compliant, Coral Protocol is a great addition to your platform.
Make sure to reach out if you have any questions, and check out our upcoming paper on compliance, the SEC, and FinCEN!
Sources For This Article:
*Record keeping regulations: Parts 1010 and 1022 of 31 CFR Chapter X.), 31 CFR § 1010.410, 31 CFR § 1022.310, 31 CFR § 1022.320, 31 CFR § 1010.410(f), 31 CFR § 1010.410(e)
