1.21 - Financial Crimes Enforcement Network (FinCEN)
FinCEN was among the first of the federal agencies to provide explicit guidance on the application of its regulation to cryptocurrency, money services businesses (MSBs), and money transmitters. It has also engaged in a number of enforcement actions that have resulted in significant penalties, one of its leaders has spoken publicly about the agency’s approach, and it has proposed (but not implemented) a rule for how banks and money services businesses must treat virtual currency.
Starting in 2013, FinCEN issued guidance on the application of its freshly implemented (in 2011) rule regarding MSBs to those administering, exchanging, or using what it calls “convertible virtual currencies,” (CVCs) which it defines as virtual currency that “either has an equivalent value in real currency, or acts as a substitute for real currency.” FinCEN, FIN-2013-G001, Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies, at 1(2013.03.18).
In most situations, FinCEN concluded those who administer or provide an exchange platform for virtual currencies are subject to FinCEN’s MSB regulations, but those who simply use CVCs for the purchase of goods or services are not. Id. at 2–3. That conclusion holds whether the administrator or exchanger is centralized or decentralized. Id. at 3–5.
In 2019, FinCEN expanded on its prior guidance to describe the application of its regulations to a wide variety of business models. FinCEN, FIN-2019-G001, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (2019.05.09). Weighing in at 30 pages, this significantly more comprehensive coverage still provides only basic guidance as to how FinCEN interprets its regulations to the wide variety of businesses making use of CVCs in one form or another. As seemingly minor facts can flip the determination of whether an individual or business is subject to FinCEN’s regulations, entities who may come within FinCEN’s regulatory ambit should thus carefully scrutinize the sections of this guidance that may be applicable to their activities and consider reaching out to FinCEN directly to provide individual guidance or an administrative ruling. See id. at 30.
The guidance covers the below list of situations. Because the analysis is so fact specific, specific FinCEN conclusions as to the type of business are omitted.
- Natural persons providing CVC money transmission (P2P exchangers)
- CVC wallets (including hosted, unhosted, and multiple signature wallet providers)
- CVC kiosks / electronic terminals
- Decentralized Applications (DApps), DApp developers and users
- Anonymity-enhanced CVC transactions (including anonymizing services providers, anonymizing software provider, anonymity-enhanced CVC providers, and money transmitters that accept or transmit anonymity-enhanced CVCs)
- Payment processing services involving CVC money transmission
- Internet casinos
- CVC trading platforms and decentralized exchanges
- Raising funding for development or other projects, Initial Coin Offerings (ICOs)
- CVC creators, CVC miners, distributed applications for conducting CVC transactions
- Mining pools, cloud miners
For businesses that are MSBs, FinCEN advises that they must implement and maintain an “effective written anti-money laundering program” which must, at a minimum: (a) incorporate policies, procedures and internal controls reasonably designed to assure ongoing compliance (including verifying customer identification, filing reports, creating and retaining records, and responding to law enforcement requests); (b) designate an individual responsible to assure day-to-day compliance with the program and BSA requirements; (c) provide training for appropriate personnel, including training in the detection of suspicious transactions; and, (d) provide for independent review to monitor and maintain an adequate program. Id. at 10. The program must make a risk-based determination of the MSB’s exposure to criminal activity based on its customer profile. Id. And of course the business will have a variety of “recordkeeping, reporting, and transaction monitoring obligations” that are set forth in 31 CFR §§ 1010 and 1022, such as filing suspicious activity reports (SARs) and currency transaction reports (CTRs). Id.
In late 2019, FinCEN joined with the CFTC and FTC to issue guidance on activities involving digital assets. CFTC, FinCEN, and SEC, Joint Statement on Activities Involving Digital Assets (2019.10.11). The statement reminded entities that the BSA applies to all covered financial institutions, including transactions involving digital assets, and that covered financial institutions must have an AML/CFT program with respect to digital assets — regardless of whether the asset is classified as a security, commodity, or derivative.
It further commented that entities need to be careful to analyze what type of asset they are handling and determine which regulatory body is appropriate to register with for that particular use case. FinCEN included a separate statement pointing to its recently issued guidance on CVCs, encouraged covered entities to review the guidance, and its application to money services businesses.
Two notable enforcement actions came after FinCEN’s first guidance but before its second. In 2015, FinCEN ordered Ripple Labs, Inc. to pay $700,000 for its willful violations of the Bank Secrecy Act’s registration, record keeping, and reporting requirements. FinCEN, In re Ripple Labs, Inc. (Assessment of Civil Money Penalty), No. 2015-05 (2015.05.15). FinCEN found that Ripple had also failed to implement an effective anti-money laundering program. This fine came at the same time as a $450,000 forfeiture agreed to by Ripple with the U.S. Attorney’s Office for the Northern District of California. See U.S. Dep’t of Justice, Settlement Agreement (2015.05.05). Given that XRP, the Ripple token, had a market cap of approximately $700 million at the time of the fines, this appears to be a relatively light penalty.
In 2017, FinCEN fined BTC-E over $110 million, and its founder Alexander Vinnik $12 million. FinCEN, In re BTC-E (Assessment of Civil Money Penalty), No. 2017-03 (2017.07.26). The fines arose out of BTC-E’s failure to register as an MSB, its lack of controls to monitor compliance with FinCEN regulations, or to keep the records or file the reports required by those regulations, and its efforts to direct users on how (despite being physically in the United States) they could evade the appearance of being in the United States by going through intermediaries. Additional minor enforcement actions have occurred, including a $35,000 fine and industry bar against an individual engaged as a peer-to-peer currency exchanger. FinCEN, News Release, FinCEN Penalizes Peer-to-Peer Virtual Currency Exchanger for Violations of Anti-Money Laundering Laws (2019.04.18).
In 2022, FinCEN (along with OFAC) settled with Bittrex for over $29 million. Treasury, Treasury Announces Two Enforcement Actions for over $24M and $29M Against Virtual Currency Exchange Bittrex, Inc. (2022.10.11). The settlement resulted from Bittrex's failure to maintain an effective AML program, failed to file any SARs for three years, and otherwise on a significant number of transactions involving sanctioned jurisdictions.
In 2014 and 2015, FinCEN issued six separate administrative rulings responding to various requests from sectors of the crypto industry. Those rulings addressed virtual currency mining operations, virtual currency software development and investment activity, renting computer systems for mining virtual currency, a virtual currency payment system, and a virtual currency trading platform.
Adressing virtual currency mining operations, FinCEN concluded that the act of mining Bitcoin and using it “solely for the user’s own purposes and not for the benefit of another,” means that “the user is not an MSB under FinCEN’s regulations, because these activities involve neither ‘acceptance’ nor ‘transmission’ of the convertible virtual currency and are not the transmission of funds within the meaning of the Rule.” FinCEN, FIN-2014-R001, Application of FinCEN’s Regulations to Virtual Currency Mining Operations, at 3 (2014.01.30).
Addressing virtual currency software development and certain investment activity, FinCEN concluded that when a company invests periodically in convertible virtual currency and produces and distributes software to facilitate the company’s investment in convertible virtual currency, the company is not a money services business for purposes of the BSA. FinCEN, FIN-2014-R002, Application of FinCEN’s Regulations to Virtual Currency Software Development and Certain Investment Activity, at 2, 4 (2014.01.30). This is because the mere production and distribution of software “does not constitute acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency,” id. at 2, and because, “when the Company invests in a convertible virtual currency for its own account, and when it realizes the value of its investment, it is acting as a user of that convertible virtual currency within the meaning of the guidance,” id. at 4, and is thus not an MSB pursuant to the BSA.
Addressing a company creating and renting a computer system for mining virtual currency, FinCEN concluded the mere creation of equipment that is rented out, even when intended for use in mining virtual currency, does not render the equipment creator an MSB because “regulations specifically exempt from money transmitter status a person that only provides the delivery, communication, or network data access services used by a money transmitter to supply money transmission services.” FinCEN, FIN-2014-R007, Application of Money Services Business regulations to the rental of computer systems for mining virtual currency, at 2–3 (2014.04.29).
Addressing a virtual currency trading platform that would “match offers to buy and sell convertible virtual currency for currency of legal tender,” FinCEN concluded the platform would be a money transmitter pursuant to the BSA because “[a] person that accepts currency, funds, or any value that substitutes for currency, with the intent and/or effect of transmitting currency, funds, or any value that substitutes for currency to another person or location if a certain predetermined condition established by the transmitter is met, is a money transmitter under FinCEN’s regulations.” FinCEN FinCEN, FIN-2014-R011, Application of FinCEN’s Regulations to a Virtual Currency Trading Platform, at 3 (2014.10.29). That is true “regardless of whether the exchanger acts as a broker (attempting to match two (mostly) simultaneous and offsetting transactions involving the acceptance of one type of currency and the transmission of another) or as a dealer (transacting from its own reserve in either convertible virtual currency or real currency).” Id. at 6.
Addressing a virtual currency payment system, FinCEN concluded that a company that takes credit card payments from consumers and sends the equivalent (less a fee) in Bitcoin to the merchant is a money transmitter. FinCEN, FIN-2014-R012, Application of FinCEN’s Regulations to a Virtual Currency Payment System, at 3 (2014.10.27). It reached that conclusion for the reasons stated above with respect to a trading platform — acting as a broker or dealer still satisfies being a money transmitter — and thus was an “exchanger” for purposes of the BSA. FinCEN further rejected that the company qualified for any exemption, because (a) it was not operating exclusively in a clearing and settlement system that accepts only BSA-regulated financial institutions, and (b) money transmission was the sole purpose of the business, not an integral component of another related activity. Id. at 4–5.
Addressing a company that created digital certificates of ownership of precious metals and jewels that could be transferred via the Bitcoin blockchain rails, FinCEN concluded that the business was a money transmitter because the digital certificates were meant to facilitate exchange between the initial customer and a third party. FinCEN, FIN-2015-R001, Application of FinCEN’s Regulations to Persons Issuing Physical or Digital Negotiable Certificates of Ownership of Precious Metals, at 3 (2015.08.14). Additionally, the company did not qualify for an exemption for e-currencies or e-precious metals because “the Company is going beyond the activities of a broker or dealer in commodities and is acting as a convertible virtual currency administrator (with the freely transferable digital certificates being the commodity-backed virtual currency).” Id. at 4.
Most recently, FinCEN's Associate Director of Enforcement and Compliance gave a talk at the Chainalysis Links conference noted that Virtual Asset Service Providers (VASPs) can only achieve their full potential if they "proactively adopt and uphold high standards for compliance," which means implementing "a rigorous risk-based approach to compliance and to [their] customer relationshiops and transactional activity." Alessio Evangelista, Associate Director, Enforcement and Compliance Division, Prepared Remarks During Chainalysis Links Conference (2022.05.19). He further warned of VASPs that are "willing to do business with problematic companies up until the day of an OFAC designation or criminal indictment, even when there were clearly observable red flags and indicators of wrongdoing that they could—and arguably should—have taken note of long ago." Such businesses, he warned, could find themselves on the wrong end of an enforcement action, particularly where "there is a willful disregard for regulatory requirements." He concluded his remarks, however, by seeking partnership with the industry "to prioritize transparency and accountability, and to share information" in a way that will "raise the bar for the next generation of financial services."
In August 2018, FinCEN Director Kenneth Blanco gave remarks at the Chicago-Kent Block (Legal) Tech Conference at the Chicago-Kent College of Law. Prepared Remarks of FinCEN Director Kenneth A. Blanco (2018.08.09). In those remarks, Blanco discussed FinCEN ’s approach to virtual currency and financial innovation and the value of BSA filings in executing FinCEN’s mission. Regarding its approach to virtual currency, Blanco stated generally that FinCEN supports innovation but must try to prevent innovation from empowering criminal enterprises to use money to support their activities in a way they otherwise could not. Blanco also covered the history of guidance and administrative rulings FinCEN had issued.
Regarding enforcement, Blanco remarked that examination programs of registered virtual currency businesses had led to “SAR filings from virtual exchanges ris[ing] tremendously over the past few years,” resulting in “over 1,500 SARs per month describing suspicious activity involving virtual currency.” Id. He also stressed that FinCEN expects entities to be proactive about compliance, commenting that “[c]ompliance does not begin because you may get caught, or because you are about to be discovered. . . . It is not a culture we will tolerate.” Id.
In February 2018, Drew Maloney, the Assistant Secretary for Legislative Affairs at the Department of the Treasury, responded to a letter from Senator Ron Wyden that sought information regarding FinCEN’s oversight and enforcement of virtual currency financial activities. Drew Maloney, Ass’t Sec. for Leg. Affairs, Letter to Sen. Ron Wyden (2018.02.13).
Maloney highlighted that FinCEN has a team of analysts that specifically review BSA filings from virtual currency money services businesses, “including filings pertaining to digital coin tokens, and Initial Coin Offerings” and highlighting FinCEN’s 2013 guidance. Id. at 1. Maloney further explained that FinCEN has “[b]lockchain network analytic tools [that] can also tie a targeted bitcoin address to other potentially identifiable persons that have transacted with the particular bitcoin address and may have information that could potentially help identify beneficial owners,” and such analysis is further supported by traditional investigative methods such as issuing subpoenas to virtual currency businesses.
In late 2020, FinCEN proposed a rule to make explicit (and with the force of law) the obligations of banks and MSBs with respect to CVCs. See U.S. Treasury, The Financial Crimes Enforcement Network Proposes Rule Aimed at Closing Anti-Money Laundering Regulatory Gaps for Certain Convertible Virtual Currency and Digital Asset Transactions (2020.12.18); FinCEN, Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets, 85 Fed. Reg. 83840 (proposed 2020.12.23) (to be codified at 31 C.F.R. pts. 1010, 1020, 1022).
The proposed rule would have imposed on banks and money services businesses the formal requirement to report CVC transactions exceeding $10,000 to FinCEN. The proposed rule would further have required banks and MSBs to keep records of the CVC transaction history of their customers (including the counterparties) if the counterparty uses an unhosted wallet and the transaction exceeded $3,000. (Both “bank” and “money services business” are defined by regulation in 31 C.F.R. § 1010.100).)
Despite extending the period for public comment in early 2021 to March 29, 2021, FinCEN has yet to issue a final rule based on its proposal. See FinCEN, Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets (Extension Notice), 86 Fed. Reg. 7352 (issued 2021.01.28).
Sources are listed in reverse chronological order.