Matthew Moses

Partner

New York

[email protected]

Read full biography at www.orrick.com
Matthew Moses is a partner in Orrick’s New York Office and a member of the White Collar, Investigations, and Compliance Group.

Matt has substantial experience representing financial institutions, corporations, and individuals in connection with government and internal investigations involving the Foreign Corrupt Practices Act (FCPA), the Bank Secrecy Act (BSA) and U.S. anti-money laundering (AML) regulations, U.S. economic sanctions administered by the Office of Foreign Assets Control (OFAC), and fraud-related laws and regulations. He also counsels clients on government-imposed compliance obligations, advising on designing, enhancing, and implementing compliance policies and procedures, conducting regulatory diligence for investments and other deals, and obtaining licenses or other guidance when appropriate.

Posts by: Matthew Moses

FinCEN Sends Message to the Virtual Currency Industry: The Travel Rule Applies to You, Too

and

FinCEN Director Ken Blanco addressed this year’s Consensus Blockchain Conference on May 13, 2020. In a set of prepared remarks, Blanco recognized the unprecedented challenges that the COVID-19 pandemic has created for anti-money laundering compliance personnel, particularly in addressing virtual currency transactions. To meet those challenges and combat the increased risk of criminal exploitation of virtual currency markets, Blanco emphasized that U.S. authorities continue to expect that financial institutions comply with the “Travel Rule” – that is, the requirement to transmit certain identifying information regarding transaction counterparties to the next financial institution in the transaction chain – with respect to virtual currency transactions, among others.

Cybercriminals Have Adapted to the Pandemic – You Need to as Well

Blanco recited the principal ways in which cybercriminals have adapted to exploit vulnerabilities created by COVID-19. For example, cybercriminals have taken advantage of security vulnerabilities in remote working applications, including VPNs and remote desktop protocols, that are central to the new work-from-home paradigm. Scams intended to undermine “know your customer” processes, including deep-fake and credential-stuffing attacks, have also increased in recent months, as have scams involving virtual currency payments, extortion, ransomware, fraudulent medical products sales, and initial coin offerings. Blanco expects this illegal conduct to continue to increase during the pandemic, and he advised financial institutions to calibrate their security measures to those threats.

Blanco explained that the “entire AML community has been adapting in real time” to the COVID-19 pandemic and its economic fallout, and he urged financial institutions to stay alert for malicious or fraudulent transactions. FinCEN issued notices on March 16 and April 3 advising financial institutions of their AML obligations during the COVID-19 pandemic and provided a direct contact mechanism to report urgent COVID-19 related issues. Blanco also advised that FinCEN is publishing advisories highlighting common types of fraud, theft, and money laundering activities related to the pandemic. Orrick’s May 27, 2020 Client Alert details steps that the Financial Action Task Force (“FATF”) – the global money laundering and terrorist financing watchdog – has advised that financial institutions consider taking to ensure continued compliance with their AML obligations.

The End of an Era? Regulators Expect to Know Who Is Transacting in Virtual Currencies

Turning to his “primary theme,” Blanco stated that the United States expects financial institutions to comply with the Travel Rule – full stop. There is no exception for virtual currency transactions. The Rule requires institutions processing virtual currency transactions valued at $3,000 or more to pass on and retain certain identifying information – including names, addresses, and account numbers – of both transaction counterparties to the next financial institution in the transaction chain. Blanco praised steps taken by FATF last June to establish international standards that are consistent with the U.S. Travel Rule.

The Travel Rule’s application to virtual currency transactions has been a source of resentment for Blockchain advocates who view the technology’s unique ability to facilitate anonymous transactions as one of its most revolutionary attributes. However, others have embraced the Rule for the role it has played in legitimizing the use of virtual currencies by law-abiding, mainstream actors as a safe alternative to traditional currencies.

Blanco’s comments make clear that FinCEN is firmly in the latter camp and views the Travel Rule as a key enforcement tool to prevent the proliferation of black markets and other illicit uses of Blockchain technology. In his words, “[a]ny asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”

Blanco reported that recordkeeping violations – such as violations of the Travel Rule – are the most common violations that FinCEN’s delegated IRS examiners have found being committed by money services businesses engaged in virtual currency transmission. Nevertheless, he stated that he is optimistic about the growth of cross-sector organizations and working groups focused on improving compliance with the Travel Rule and developing complementary international standards. Blanco stressed the importance of collaboration between government, law enforcement, and private companies, both during the COVID-19 pandemic and beyond. Blanco explained that it is the shared responsibility of the public and private sectors to ensure that virtual currency “technology does not get hijacked by criminals” to become a “conduit for crime, hate, and harm.”

Help Us to Help You

Blanco closed with an invitation to the private sector to strengthen its collaboration with regulators and law enforcement to combat illegal uses of virtual currencies. Since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (“SARs”) involving virtual currency exploitation, over half of which came from the virtual currency industry. Those SARs are critical to FinCEN’s and law enforcement’s efforts to combat criminality and FinCEN’s efforts to educate industry participants about trends in illicit virtual currency use through its advisory and FinCEN Exchange programs.

Despite these efforts, Blanco explained that “[r]isks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions.” FinCEN and its delegated IRS examiners are taking a close look at the AML/CFT controls on transactions in virtual currencies, and Blanco advised his audience to consider whether their controls are adequate to fulfill their duties to maintain risk-based AML programs. Blanco explained that FinCEN is also taking seriously the rise in foreign money services businesses seeking to do business with U.S. persons or operating in the U.S. without complying with U.S. AML regulations. Put simply, “[i]f you want access to the U.S. financial system and the U.S. market, you must abide by the rules.”

Appellate Court – Selling Bitcoin in Florida Requires a Money Services Business License

Following a recent opinion by a Florida appellate court, virtual currency dealers who do business in, from, or into Florida – even individuals in the business of selling their own virtual currency for cash – may be required to obtain a “money services business” license from Florida’s Office of Financial Regulation and maintain costly anti-money laundering programs in accordance with Florida and federal law or face criminal penalties.

On January 30, Florida’s Third District Court of Appeal reinstated criminal charges against Florida resident Michell Espinoza for money laundering and “unlawfully engaging in the business of a money transmitter and/or payment instrument seller without being registered with the State of Florida.” State v. Espinoza, No. 3D16-1860, slip op. (Fla. Dist. Ct. App. Jan. 30, 2019). The trial court had previously dismissed the charges against Espinoza, agreeing with his argument that selling Bitcoin does not qualify as “money transmitting” under Florida law because Bitcoin is not “money,” among other reasons. State v. Espinoza, No. F14-2923 (Fl. Cir. Ct. July 22, 2016). The appellate court disagreed and determined that even a person in the business of selling his own Bitcoin for cash is a “money transmitter” and “payment instrument seller” under Florida law and is therefore required to be licensed as a “money services business.”

The charges against Espinoza stem from a sting operation in 2013, in which undercover detectives contacted Espinoza through a Bitcoin exchange site, LocalBitcoins.com. Espinoza posted on that site that he would sell Bitcoins for cash through in-person transactions. Espinoza was not licensed or registered as a “money services business” with Florida or federal regulators. An undercover detective met Espinoza several times and paid him a total of $1500 cash for Bitcoin, earning Espinoza a profit. During those transactions, the undercover detective allegedly made clear his desire to remain anonymous and said he was involved in illicit activity. For example, the undercover detective allegedly told Espinoza that he needed the Bitcoin to buy stolen credit card numbers from Russians.

The Florida appellate court’s determination that Bitcoins are “monetary value” and “payment instruments” under Florida law fits within a line of cases finding that Bitcoin qualifies as “money” for the purposes of money laundering and anti-money laundering laws. For example, in 2014 Judge Rakoff, a United States District Judge for the Southern District of New York, found that Bitcoin clearly qualifies as “money” or “funds” for the purposes of the federal money transmitter statute because “Bitcoin can be easily purchased in exchange for ordinary currency, acts as a denominator of value and is used to conduct financial transactions.” United States v. Faiella, 39 F. Supp. 3d 544, 545 (S.D.N.Y. 2014) (citing SEC v. Shavers, 2013 WL 4028182, at *2 (E.D. Tex. Aug. 6, 2013)). Some states have also codified virtual currency into their anti-money laundering regulations. For example, after the trial court determined that Bitcoin was not a “monetary instrument” that could be laundered under Florida’s money laundering statute, the Florida legislature amended the statutory definition of “monetary instruments” to explicitly include the term “virtual currency.” Fla. Stat. § 896.101(2)(f) (2017). Other states, however, have taken a different approach. Pennsylvania’s Department of Banking and Securities (“DoBS”), for example, recently published guidance that virtual currency, including Bitcoin, is not considered money under Pennsylvania law. “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania Department of Banking and Securities (Jan. 23, 2019).

The Florida appellate court found that Espinoza was operating as a “money transmitter” and therefore was a “money services business,” simply by engaging in the business of selling his own Bitcoin for cash and not otherwise acting as a middleman between parties. The trial court had applied the more common and narrow understanding that a “money transmitter” operates “like a middleman in a financial transaction, much like how Western Union accepts money from person A, and at the direction of person A, transmits it to person or entity B,” as explained by the appellate court.

To reach its conclusion, the Florida appellate court looked to the text of Florida’s money services business statute – which the court believes is critically different from federal regulations. Under both federal and Florida state law, a “money services business” is defined to include a “money transmitter.” Compare 31 C.F.R. § 1010.100(ff) with Fla. Stat. § 560.103(22). According to the Florida appellate court, the federal definition of “money transmitter” includes a third-party requirement. Under federal regulations, a “money transmitter” means a person engaged in the “acceptance of currency, funds or other value that substitutes currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” 31 C.F.R. § 1010.100(ff)(5(i)(A) (emphasis added). In comparison, the Florida statute defines a “money transmitter” as an entity “which receives currency, monetary value, or payment instruments for the purpose of transmitting the same by any means.” Fla. Stat. § 560.103(23). The Florida appellate court found that, in contrast to the federal regulations, the Florida statute’s “plain language clearly contains no third party transmission requirement in order for an individual’s conduct to fall under the ‘money transmitter’ definition” and, as such “decline[d] to add any third party or ‘middleman’ requirement.”

The appellate court’s interpretation of the text of Florida’s statute is disputable. From a statutory interpretation perspective, the middleman requirement is arguably inherent in the plain meaning of the word “transmit,” which is defined by Merriam-Webster as “to send or convey from one person or place to another.” (Notably, Pennsylvania’s DoBS recently issued guidance interpreting the word “transmitting” in a comparable state statute to include a third-party requirement. See “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania DoBS (Jan. 23, 2019) (interpreting statute that “[n]o person shall engage in the business of transmitting money by means of a transmittal instrument for a fee or other consideration with or on behalf of an individual without first having obtained a license from the [DoBS]” to impose a third-party requirement).) It would, therefore, be reasonable to interpret Florida’s statute as consistent with federal regulations. Moreover, the Florida appellate court’s interpretation of the statute could have broad and troubling consequences. Although dicta in the Florida appellate court’s decision make it seem like the court is making a distinction between “merely selling [one’s] own personal bitcoins” and “marketing a business,” the court’s statutory interpretation leaves open the possibility that the mere act of selling one’s own property – without registering as a “money services business” – could be a crime.

While we watch to see whether Espinoza will appeal this decision to the Florida Supreme Court, virtual currency dealers should be aware that selling virtual currency in, from or into Florida may require a money services business license and the maintenance of an anti-money laundering program.