Introduction
On May 9, the Financial Crimes Enforcement Network of the US Department of the Treasury (FinCEN) issued guidance relating to how its regulations apply to certain businesses that transact in "convertible virtual currencies" (CVCs). Concurrently, FinCEN issued an advisory on illicit activity involving CVCs to assist financial institutions in identifying and reporting suspicious activity related to criminal exploitation of CVCs.
The Guidance does not establish any new regulatory expectations or requirements and instead consolidates current FinCEN regulations, together with related precedent and guidance dating back to 2011. Generally, FinCEN requires any person engaging in the business of money transmission or the transfer of funds, including CVCs, to (1) maintain an "effective" written anti-money laundering (AML) program and (2) register as a money services business (MSB). Additionally, if a money transmitter engages in a transaction that constitutes a "transmittal of funds," the money transmitter must also comply with the "Funds Transfer Rule" 1 and "Funds Travel Rule." 2
FinCEN regulations defined money transmission services as the acceptance of currency, funds or other value that substitutes for currency from one person and the transmission of currency, funds or other value that substitutes for currency to another person or location by any means.3 According to the Guidance, the labeling of the activity or the technology used in conducting such activity is not dispositive in assessing whether an activity constitutes "money transmission"; for FinCEN, a person's activities are what drive this determination: a person may be a money transmitter regardless of the technology employed.
Application of FinCEN Regulations to Common CVC-Related Business Models
The Guidance provides a number of examples as to when a person engaged in certain CVC-related business models constitutes a money transmitter, concentrating predominantly on three types of business activities: (1) wallet providers, (2) operators of electronic kiosks, and (3) decentralized applications, trading platforms and exchanges.4 The Guidance also discusses money transmission engaged in connection with fundraising for projects, such as initial coin offerings (ICOs). While we endeavor to discuss all the aforementioned topics in this client advisory, we discuss some in greater detail than others. The client advisory is not meant to be exhaustive insofar as some topics and "hot button issues" merit more discussion than others as they may affect your business.
Moreover, we note that certain US states and territories may have parallel requirements related to persons engaging in money transmission activities involving CVCs that are not necessarily identical. This advisory does not address state money transmitter requirements.5
For all business models, the key determining factor appears to be whether the business activity touches CVCs as part of a transmission of value or simply facilitates persons effectuating a transaction themselves. The former generally constitutes money transmission; the latter does not. The Guidance's distinction in this regard is paramount, as a failure to register as an MSB may be criminally prosecuted.6
Subject to limited exceptions, generally, persons engaged as money transmitters of CVC must register as MSBs with FinCEN.7 The Guidance concedes that the requirement does not apply to persons "functionally regulated or examined" by the Securities and Exchange Commission or the Commodity Futures Trading Commission, although the Guidance leaves unclear what FinCEN deems to be "functional regulation."
The Guidance describes CVCs as a type of virtual currency that either has an equivalent value as currency, or acts as a substitute for currency, and is therefore a type of "value that substitutes for currency." If transactions denominated in CVCs involve the transmission and acceptance of value, they will be subject to FinCEN regulations regardless of the form of the CVC or the type of ledger or technology utilized. There are no qualifications as to what may be deemed "value that substitutes currency." It also does not matter that value originally created for one purpose may be repurposed to be used as a currency substitute. The Guidance limits itself to the specific business models discussed, but does not provide guidance as to when other digital assets may fall within this definition.
The Guidance provides the following specific examples of how FinCEN's money transmitter regulations apply to a variety of common business models involving CVC:
CVC Wallets
FinCEN sets forth a four-factor test to determine whether a wallet provider needs to register as a MSB: (a) who owns the value; (b) where the value is stored; (c) whether the owner interacts directly with the payment system; and (d) whether the person acting as an intermediary has total independent control over the value. While there is no indication as to whether one factor weighs more heavily than others, it generally appears that providers of hosted/custodied wallets are MSBs and providers of unhosted wallets are not.
The chart below provides a snapshot of the Bank Secrecy Act (BSA) obligations as applied to various wallet providers:
Type of Provider |
Who Owns the Value |
Where the Value is Stored |
Flow/Control of Value |
Regulatory Implications |
Hosted wallet provider (including multiple signature) |
Owner of CVCs |
Either the wallet or represented as an entry in the accounts of the host |
Owner of CVCs interacts directly with the host and not the payment system; host has control over the value |
MSB (Registration required) |
Unhosted wallet provider (not multiple signature) |
Owner of CVCs |
Wallet |
Owner of CVCs interacts with the payment system directly and exercises total independent control over the value |
Not an MSB |
Unhosted wallet provider (multiple signature) |
Owner of CVCs |
Wallet |
Owner of CVCs has control of transactions and wallet provider does not accept or transmit value on behalf of the CVC owner, even if a second authorization key is required by the provider |
Not an MSB |
Decentralized Applications (DApps)
DApps refer to software programs that operate on a peer-to-peer (P2P) network of computers running a blockchain platform, designed so they are not controlled by a single person or group of persons. An owner-operator of a DApp may perform a wide variety of functions, including administering software for a fee, which is often denominated in CVCs. When DApps perform money transmission (accepting and transmitting value), the DApp, its owner-operator(s), or both, are money transmitters that must register as MSBs.
Anonymity-Enhanced CVC Transactions
Anonymity-enhanced CVC transactions are transactions either (a) denominated in regular types of CVCs, but structured to conceal information otherwise generally available; or (b) denominated in types of CVCs specifically engineered to prevent their traceability (also called privacy coins). Whether an anonymizing services provider is a money transmitter under FinCEN regulations depends on the specific role performed by the provider. A provider that accepts CVCs and retransmits them in a manner to obscure tracing the CVCs back to its source would be a money transmitter. However, a provider of anonymizing software would not be a money transmitter. FinCEN regulations exclude from the definition of money transmitter suppliers of tools (communications, hardware or software) that may be utilized in money transmission (i.e., anonymizing software) on grounds they are engaged in trade and not in money transmission. By contrast, a person who utilizes the software to anonymize the person's own transactions would constitute either an exempt user or a money transmitter, depending on the purpose of each transaction.
Payment Processing Services
Payment processors of CVCs are financial intermediaries that enable traditional merchants to accept CVCs from customers in exchange for goods and services sold, and fall within the definition of a money transmitter.
CVC-Related Business Models Which May Be Exempt From FinCEN Regulations
Despite FinCEN's broad definition of what constitutes money transmission services, the Guidance specifies certain CVC-related business models which are exempt from qualifying as a money transmission service.
CVC Trading Platforms and Decentralized Exchanges
CVC P2P trading platforms are online forums enabling buyers and sellers of CVCs to find one another and may also facilitate trades. If the CVC trading platforms just allow buyers and sellers of CVCs to solicit bids and offers from one another, and the parties themselves settle any matched transactions independently of the trading platform (either through individual wallets or other wallets independent of the trading platform), such platforms are not money transmitters. Conversely, where the trading platform serves to "match" transactions by purchasing CVCs from the seller, and selling it to a corresponding buyer, it would in fact be a money transmitter.
Initial Coin Offerings
Two common business models involving ICOs are: (a) ICO pre-sales, or a sale of CVC to a distinct set of preferred buyers; and (b) ICOs raising funds through offering digital debt or equity among a group of lenders or investors, which in turn will finance a future project (possibly consisting of the creation of a new CVC). The Guidance does not cover every possible ICO business model, but rather focuses on how BSA regulations might apply to the aforementioned models.
In the first type of ICO, a seller of the CVC is a money transmitter because at the time of the ICO, the seller is the only person authorized to issue and redeem (permanently from circulation) the new units of CVCs. In the second type of ICO, if the sale or offering is regulated by the functional regulations of other regulators, such as the SEC or CFTC, the seller does not have to register as a MSB, but is still subject to the BSA's AML requirements. The actual development of a DApp, even if it is the creation of a CVC, financed through ICO fundraising is not considered to be money transmission.
While the Guidance is presented as a consolidation of current FinCEN regulations, administrative rules and interpretive guidance, it does offer greater clarity in highlighting specific CVC-related business models falling under or being exempt from FinCEN regulations, which were previously unclear. The interpretations contained in the Guidance may extend to other business models consisting of similar facts and circumstances.
The Advisory
Released in conjunction with the Guidance, the Advisory reiterates established FinCEN requirements and warns of threats related to CVC misuse and reminds financial institutions of their affirmative compliance obligations to identify and report such misuse.8 The Advisory provides insight into how FinCEN reviews, identifies and determines illicit activity involving CVC. The Advisory highlighted the following main points:
- Risks posed by CVC;
- Types of abuses through the use of CVC;
- Red flags; and
- Recommendations of helpful suspicious activity report (SAR) filings.
As far as risks posed by CVC are concerned, the Advisory focuses on the premise that CVC may create illicit finance vulnerabilities, heightened by the introduction of anonymity-enhanced CVC. According to FinCEN's analysis of BSA and other data, illicit actors have used CVC to facilitate criminal activity such as human trafficking, child exploitation, fraud, extortion, cybercrime, drug trafficking, money laundering, terrorist financing, and to support rogue regimes and facilitate sanctions evasion. While the Advisory does not endeavor to propose solutions for how to mitigate the risks and threats posed by CVC, it does lay out numerous "red flag indicators" of abuse in the following areas: darknet marketplaces; unregistered or illicitly operating P2P exchangers; unregistered foreign-located MSBs; illicit activity leveraging CVC kiosks; and other potentially illicit activity. Businesses engaged in CVC transactions, as well as businesses doing business with those engaged in CVC transactions, should be aware of these red flag indicators and be prepared to report suspicious activity to the applicable regulatory authority.
Taken together, the Guidance and Advisory reaffirm that certain CVC-related business models do fall under FinCEN's regulations. Financial institutions and CVC-related businesses should consider the instructions and warnings provided by FinCEN in the Guidance and Advisory and should examine their risk profile and BSA obligations in light of the same.
2 31 CFR 1010.410(f)(1).
3 See 31 CFR § 1010.100(ff)(5). In 2011, FinCEN issued a final rule defining a MSB as "a person wherever located doing business, whether or not on a regular basis or as an organized or licensed business concern, wholly or in substantial part within the United States," operating directly, or through an agent, agency, branch, or office, who functions as, among other things, a "money transmitter." 31 CFR § 1010.100(ff). Further, according to the Guidance, FinCEN's regulations define the term "money transmitter" to include a "person that provides money transmission services," or "any other person engaged in the transfer of funds." 31 CFR § 1010.100(ff)(5).
4 The Guidance also covered internet casinos using CVCs, peer-to-peer exchangers and COTC trades – all of which may constitute money transmission.
5 For a general background regarding states' money transmitter requirements, see the Appendix to Digital and Digitized Federal And State Jurisdictional Issues by the American Bar Association Derivatives and Futures Law Committee, Innovative Digital Products and Processes Subcommittee Jurisdiction Working Group (March 2019).
6 For example, see In the Matter of BTC-E a/k/a Canton Business Corporation and Alexander Vinnik; In the Matter of Kustandy Rayyan D/B/A Thriftway Food Mart; In the Matter of Lee's Snack Shop, Inc. and Hong Ki Yi; In the Matter of King Mail & Wireless Inc., and Ali Al Duais; In the Matter of Ripple Labs, Inc. XRP Fund II, LLC; and In the Matter of Aurora Sunmart Inc. and Jamal Awad.
7 31 CFR § 1022.380.
8 A financial institution is required to file a SAR if it knows, suspects, or has reason to suspect a transaction conducted or attempted by, at, or through the financial institution involves funds derived from illegal activity, or attempts to disguise funds derived from illegal activity; is designed to evade regulations promulgated under the BSA; lacks a business or apparent lawful purpose; or involves the use of the financial institution to facilitate criminal activity. See generally, 31 CFR §§ 1010.320, 1020.320, 1021.320, 1022.320, 1023.320, 1024.320, 1025.320, 1026.320, 1029.320, and 1030.320. Suspicious activity involving CVC may be observable by financial institutions specializing in commerce related to CVC, financial institutions servicing such businesses, or financial institutions with customers actively involved in the use of CVC.