Keyword: Other Regulatory Issues (tax, anti-money laundering, OFAC, and antitrust)

The Next Step: FinCEN Proposes to Require Reporting of Cryptocurrency Positions Held in Foreign Accounts

FinCEN recently took another important step toward bringing virtual currency into the financial assets reporting scheme.

Taxpayers that have $10,000 or more in a foreign bank account have long been required to file a foreign bank account report (or “FBAR”) on FinCEN Form 114. The penalties for failing to report foreign bank accounts are significant: $10,000 for a non-willful failure and the greater of $100,000 and up to 50 percent of the unreported account balance for willful failures. While the rules requiring the reporting are issued under the authority of the Bank Secrecy Act, the IRS administers the rules—and the IRS has been aggressive in assessing penalties for failures to report such holdings.

The application of the filing requirement to cryptocurrency has been the subject of some uncertainty. The uncertainty arises because the reporting requirement only applies to a “financial account.” A financial account includes, but is not limited to, a se­curities, brokerage, savings, demand, checking, deposit, time deposit or other account maintained with a financial institution (or other person performing the services of a financial institution). A financial account (per 31 CFR 1010.350(c)) also includes a commodity futures or options account, an insurance policy with a cash value (such as a whole life insurance policy), an annuity policy with a cash value and shares in a mutual fund or similar pooled fund (i.e., a fund that is available to the general public with a regular net asset value determination and regular redemptions). The regulations reserve “other investment fund,” presumably for a definition to come. However, in response to questions raised by the AICPA Virtual Currency Task Force in 2019, FinCEN stated that virtual currency was not subject to FBAR reporting. This was confirmed by FinCEN in 2020 as well.

Whether or not cryptocurrencies are subject to FBAR filing, such holdings may have to be included on the IRS’s Form 8938, Statement of Specified Foreign Financial Assets. Form 8938 is the counterpart to FinCEN 114.

Recent FinCEN Proposed Rule

On December 31, 2020, FinCEN issued Notice 2020-2 that announced a proposed rule that would amend the regulations implementing the Bank Secrecy Act regarding reports of foreign financial accounts (FBAR) to include virtual currency as a type of reportable account under 31 CFR 1010.350. The proposed rule does not specify an effective date.

The decision to treat cryptocurrency as subject to FBAR reporting significantly increases the potential penalties against those who fail to properly identify these accounts. Holders of virtual currency in foreign accounts should review this rule and prepare to report such holdings once the rule becomes effective.

Word on the Street Is That Virtual Currency Is the “New Gold,” and it’s Swiftly Moving Up the IRS Watchlist

The IRS has been increasingly active in its effort to ensure that virtual currency does not become a tool for tax evasion. This is not surprising, given that—as we started the last month of 2020—the value of Bitcoin, by far the most well-known cryptocurrency in the world, reached its highest level since 2017. Between June 2019 and July 2020, about 3.1 million active accounts were estimated to use bitcoin in the U.S.

Guidance

The IRS first started publishing guidance and notices on the federal income tax treatment of virtual currency in 2014. The first one among many was Notice 2014-21, which concluded that convertible virtual currency (virtual currencies that can be used to make purchases in the real economy and can be converted into government-issued currencies) should be treated as property for tax purposes. The next Notice, Rev. Rul. 2019-24, addressed the tax treatment of more specific types of virtual currency transactions, “hard fork” and “airdrop.” The IRS has also posted answers to frequently asked questions about virtual-currency transactions on its website. Starting with taxable year 2019, the IRS revised Schedule 1 to Form 1040 to require taxpayers to identify whether they engaged in any transaction involving virtual currency. The IRS plans on going even further as shown in a released draft of the revised Form 1040 for 2020, where it proposed placing the question about cryptocurrencies in a very prominent location—immediately below the taxpayer’s name and address.

More guidance might be forthcoming. One issue is whether the rules for broker reporting should apply to cryptocurrency transactions in the same way that they apply to trades in stocks and securities. The IRS believes that increased reporting leads to greater compliance. Earlier this year, the Chamber of Digital Commerce (the “Chamber”) submitted a comment letter to the IRS and the Department of Treasury to provide its views on potential forthcoming guidance on the reporting issue. The letter pointed out there is still some lack of clarity on the tax information reporting requirement for digital asset transactions, and that further instruction is needed for taxpayers to accurately interpret existing tax rules in the digital currency context. Some of the key areas on which the Chamber had requested clarification are: how “broker” is defined in the virtual currency context—which is critical for analyzing basis reporting requirements and certain information return filing obligations—and what factors are relevant for determining the location transactions take place, which can be a critical factor for cross-border transactions.

Enforcement Efforts

At the same time that it has been providing such guidance, the IRS has begun efforts to investigate possible tax evasion using virtual currency. The agency started its enforcement efforts in as early as 2016 when it served a “John Doe” Summons on one of the largest cryptocurrency exchanges in the country. The IRS demanded that the exchange produce a wide range of taxpayer identifying information and historical transaction records, and when the exchange refused to comply, the U.S. District Court for the Northern District of California ordered the exchange to turn over taxpayer information for those who conducted transactions worth more than $20,000 on its platform for the 2013 – 2015 period.

As part of its virtual currency compliance campaign announced in 2018 to address tax noncompliance related to virtual currency, in 2019 and again in 2020, the IRS sent thousands of warning letters to cryptocurrency holders whose tax returns did not match their virtual currency transaction records. While the IRS has not made it clear where it obtained the information about taxpayers’ transactions, one possible source of data could be Form 1099 reports from virtual currency exchanges. The IRS sent three different types of letters, varying in severity. The first type, Letter 6173, raised the possibility of an examination or enforcement activity if the taxpayer didn’t respond by a specific date and noncompliance persists. The other two, Letters 6174 and 6174-A, reminded taxpayers of their obligation to report.

According to the Internal Revenue Manual (IRM 5.1.18.20.3 (7-17-19)), the IRS uses normal investigative techniques to identify virtual currency including interviews, bank or credit card analysis, summonses of exchanges and financial institutions, review of Forms 1099-K, review of FinCEN Query reports, tracking and internet searches. While this set of instructions may appear relatively old-fashioned, the IRS’ latest moves demonstrate that it is upgrading its crypto-investigation toolbox. According to published reports, in September 2020, the IRS spent approximately $250,000 on a contract with Blockchain Analytics and Tax Services LLC, which will give the IRS access to blockchain analysis tools to track cryptocurrency transactions. Earlier in the summer, the IRS also signed a deal to purchase access to certain blockchain-tracing software for a year.

Despite the industrywide complaint that the IRS’s expectations with regards to holders of virtual currency are vague and unclear, this year, the IRS and the Department of Justice have started taking more proactive actions to prosecute taxpayers who allegedly committed a greater scale of tax evasion related to the use and trade of virtual currency. In October 2020, the Department of Justice charged software pioneer John McAfee with alleged evasion of tax by using cryptocurrency. In addition, on December 9, 2020, the SEC charged Amir Bruno Elmaani, founder of cryptocurrency called Oyster Pearl, with tax evasion. Elmaani allegedly evaded tax on millions of dollars of profits from cryptocurrency transactions and using shell companies and pseudonyms to conceal his income.

Increasing Regulation and Enforcement

All indications are that regulation and enforcement of the law with respect to virtual currency is increasing. On the regulatory side, earlier this month, a new U.S. congressional bill called the “Stablecoin Tethering and Bank Licensing Enforcement Act” was introduced that aims to regulate digital currencies by requiring certain digital currency issuers to obtain a banking charter and obtain approval from the Federal Reserve. Different government agencies are working in parallel to clarify tax payment and reporting obligations with respect to cryptocurrency, and the latest movements indicate that the enforcement actions are continuing.

We expect to see more enforcement actions in the upcoming administration. In November, the president-elect Joe Biden appointed Gary Gensler, a former Commodity Futures Trading Commission Chair under the Obama administration, to its presidential transition team. Gensler has testified before Congress about virtual currency and blockchain on several occasions, and while little information is known about Biden’s stance on cryptocurrency, Gensler called blockchain technology a “change catalyst” in a 2019 CoinDesk opinion and is generally considered to be “Bitcoin-friendly.” While it is generally unclear what Gensler’s long-term official position under the Biden administration will be, he is also on top of a list of potential picks for the SEC chair. Another clue that may provide some insight with regards to Gensler’s attitude towards cryptocurrency is his 2019 statement that Facebook’s proposed digital token, Libra, should be treated as a “security,” which establishes the basis for increasing regulatory oversight. (Cryptocurrency’s uncertain status as a security for tax purposes raises other tax issues.) The general industry consensus is that, while there is a growing acceptance of the legitimacy of cryptocurrency, it is likely that more regulatory and enforcement actions will continue by the SEC against issuers and intermediaries, and by the IRS against taxpayers. More regulation is not necessarily negative—it can create clearer guidelines and landscape for exchanges and virtual currency holders and enable them to better understand the regulatory and tax authorities’ expectations. That being said, it will be important for exchanges and taxpayers to closely follow the latest government guidelines with respect to virtual currency and ensure they comply with reporting and tax payment obligations.

A “Key” OCC Interpretation – National Banks Can Provide Cryptocurrency Custody Services

Banking regulators took a significant step toward the mainstreaming of cryptocurrency recently when the Office of the Comptroller of the Currency (OCC) provided guidance about how a bank can provide custody services for cryptocurrency. In Interpretive Letter #1170, published on July 22, the OCC concludes that “a national bank may provide these cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency.”

The OCC’s Letter arrives at an opportune time, when, according to CipherTrace’s recently published findings, the majority of cryptocurrency transactions are cross-border and, on average, each of the top ten U.S. retail banks unknowingly processes an average of $2 billion in crypto-related transactions per year. Providing custody services might help bring more of these transactions in to the open.

The OCC Interpretive Letter

The Interpretive Letter—which was issued just a few short months after the former Coinbase chief legal officer Brian Brooks became the Acting Comptroller of the Currency—is a breakthrough in terms of bringing cryptocurrency within a regulated environment. The OCC outlined three sources of market demand for banks to provide cryptocurrency custody services: (1) cryptocurrency owners who hold private keys want to store them securely because private keys are irreplaceable if lost—misplacement can mean the loss of a significant amount of value; (2) banks may offer more secure storage services than existing options; and (3) investment advisors may wish to manage cryptocurrencies on behalf of customers and use national banks as custodians.

The OCC recognized that, as the financial markets become increasingly technological, there will likely be increasing need for banks and other service providers to leverage new technology and innovative ways to provide traditional services on behalf of customers. The OCC pointed out that cryptocurrency custody services fit neatly into the long-authorized safekeeping and custody services national banks provide for both physical and digital assets.

With respect to cryptocurrency, the Letter states that national banks may provide fiduciary and non-fiduciary custody services. Non-fiduciary custodial services typically entail providing safekeeping services for electronic keys, which, as discussed above, fit neatly into the types of activities national banks have historically performed. Specifically, the OCC explains that a bank that provides custody for cryptocurrency in a non-fiduciary capacity typically would not involve physical possession of the cryptocurrency but rather “essentially provide safekeeping for the cryptographic key that allows for control and transfer of the customer’s cryptocurrency.” Fiduciary cryptocurrency custody services (such as those where the service provider acts as trustee, administrator, transfer agent, or receiver, or receives a fee for providing investment advice) are permissible if conducted in compliance with the National Bank Act and other applicable laws and regulations (such as 12 CFR Part 9 and 12 U.S.C. Ch. 2). Banks are authorized to manage cryptocurrency assets in a fiduciary capacity just as they manage other types of assets in a fiduciary capacity.

Banks that provide cryptocurrency custody services have to comply with existing policies, laws, and regulations, and conduct its custody services in a safe and sound manner, including having adequate systems in place to identify, measure, monitor, and control the risks of its custody services. In particular, banks should ensure they assess the anti-money laundering (AML) risk of any cryptocurrency custodial services and update their AML programs to address that risk. It would be advisable for AML compliance personnel to be well-integrated in the development of cryptocurrency custodial services. Banks must also implement effective risk management programs and legal and regulatory reporting practices for these services. Cryptocurrency custody services may raise unique issues identified by the OCC, including the treatment of blockchain forks, and consideration of whether technical differences between cryptocurrencies (for example, those backed by commodities, those backed by fiat, or those designed to execute smart contracts) may require different risk management practices.

The OCC Letter points out that different cryptocurrencies may be subject to different regulations and guidance. For example, some cryptocurrencies are deemed securities and therefore are subject to federal securities laws and regulations. In addition, because crypto assets are thought of as offering a greater level of anonymity or as falling beyond the ken of centralized banking systems, they have been associated with illicit activity including money laundering. Consequently, banks must ensure that their AML programs are appropriately tailored to effectively assess customer risk and monitor crypto-related transactions. Just yesterday, the Financial Crimes Enforcement Network published an advisory warning that “[f]inancial institutions dealing in [cryptocurrency] should be especially alert to the potential use of their institutions to launder proceeds affiliated with cybercrime, illicit darknet marketplace activity, and other [cryptocurrency]-related schemes and take appropriate risk mitigating steps consistent with their BSA obligations.”

While there has been limited enforcement of federal law against banks for crypto-currency related activity, earlier this year, the OCC brought its first crypto-related enforcement action, against M.Y. Safra Bank for deficient AML processes for digital asset customers. The OCC concluded that the Bank’s deficiencies included its failure to: (1) appropriately assess and monitor customer activity flowing to or from high-risk jurisdictions; (2) conduct ongoing testing of its due diligence processes; (3) implement sufficient controls for its digital assets customers, including cryptocurrency money service businesses (MSBs); (4) address the risk created by the significant increase in wire and clearing transactions created by the cryptocurrency MSB customers; and (5) notify the OCC of its significant deviation from its previous business plan. In the Matter of M.Y. Safra Bank, SFB, AA-NE-2020-5, Consent Order (Jan. 30, 2020).

The OCC’s Letter should give comfort to many banks that have been bystanders to the growth of the cryptocurrency market. Now banks can offer more cryptocurrency-based financial services with more certainty, although many questions will likely be answered through greater participation. More marketplace involvement by traditional banks will in turn have a beneficial effect. Smaller businesses wishing to engage in cryptocurrency-based transactions now may do so by interacting with large, stable, and well-regulated banking institutions.

OCC’s Consideration of an MSB Regime

OCC’s Interpretive Letter may be part of a broader movement by the OCC to promote greater integration of cryptocurrencies into mainstream financial services. Acting Comptroller of the Currency Brooks announced on a podcast on June 25 that the OCC intends to unveil a new bank charter including a national payments charter that will pave the way for nationwide participation by cryptocurrency payments companies. As contemplated, that charter would be equivalent to FinCEN’s MSB registration process and stand in (under the doctrine of preemption) for individual state-level MSB licensing requirements. It also should answer questions like how the Community Reinvestment Act might apply to banks that do not take deposits and how the OCC will impose capital standards on companies that do not bear credit risk.

New York Looks Like it Might Loosen Up on Its Virtual Currency Regulation

On June 25, the New York State Department of Financial Services (NYDFS) published a “Conditional BitLicense” proposal for reforming its licensing framework that would make it easier for virtual currency businesses to obtain permission to operate in New York. The proposal was developed as part of a broader effort to respond to industry changes and concerns that NYDFS identified in its five-year review of its cryptocurrency licensing regime (which originally took effect in June 2015) under which more than two dozen cryptocurrency companies have been approved to do business in New York. Under the proposed regulations, a virtual currency firm will be authorized to operate in New York even if it does not have a full BitLicense from the state if it obtains a “conditional BitLicense” and partners with a firm that does have a full license. (To note, the conditional BitLicense has always existed, but this is the first time that the NYDFS has announced clear rules to help companies access the license.)

The NYDFS’s proposal is likely a welcome development. New York’s process for obtaining a full BitLicense is considered one of the toughest in the country and has long been unpopular with blockchain startups. Among the complaints: steep paperwork requirements and lengthy approval times. Under the proposed conditional licensing regulation, a cryptocurrency firm that wishes to operate in New York can bypass the difficulties of applying for a full license and instead apply for a conditional BitLicense, which would grant it operational privileges so long as it partners with another cryptocurrency firm that is fully licensed. Currently, the NYDFS envisions that under such a partnership, the licensed firm can assist in providing various services and support, including “those relating to structure, capital, systems, personnel, or any other support needed.”

The proposed application process is simple: In order to apply for such a license, the unlicensed cryptocurrency firm would need to inform the NYDFS of its intention to apply and provide a copy of the service agreement between the unlicensed cryptocurrency firm and the licensed cryptocurrency firm, as well as additional documentation. It is clear, however, that the NYDFS views this licensing framework as a temporary stepping stone; the NYDFS stated that it expects firms who obtain such conditional licenses to then apply for a full license within 2 years.

It is not entirely clear how the conditional license will operate in practice. It does not appear that any other state makes conditional licenses available. To that end, the NYDFS is inviting comments on its proposed regulation, including:

  1. What type of cryptocurrency firms would benefit the most from such a conditional license?
  2. What type of licensed firms would be best and most effectively able to partner with unlicensed firms under the terms of a conditional license?
  3. What types of services and support should a licensed firm provide for the firm with the conditional license?
  4. Should there be limits placed on the types of services that a licensed firm can provide?
  5. Should there be caps and limits on the total number of conditional arrangements that a licensed firm can enter? What other checks should be in place?
  6. Should the licensed firm be held accountable for initial due diligence of the firm wishing to obtain a conditional license and to what extent?
  7. Should ongoing due diligence be required?
  8. How should the licensed firm and firm with the conditional license divide responsibilities and obligations for ensuring compliance with legal and regulatory requirements?
  9. What is the best way to check for and resolve conflicts of interest between the two firms involved?
  10. What is the best way to structure such collaboration to limit any potential adverse effect on the markets?
  11. Are there other methods besides a conditional license that the NYDFS should consider?

NYDFS requests that all comments by submitted by August 10, 2020. Given that cryptocurrency regulation is generally uncharted territory, virtual currency firms should consider submitting comment to the NYDFS to assist it in developing this regulation further so that it is effective and workable.

FinCEN Sends Message to the Virtual Currency Industry: The Travel Rule Applies to You, Too

FinCEN Director Ken Blanco addressed this year’s Consensus Blockchain Conference on May 13, 2020. In a set of prepared remarks, Blanco recognized the unprecedented challenges that the COVID-19 pandemic has created for anti-money laundering compliance personnel, particularly in addressing virtual currency transactions. To meet those challenges and combat the increased risk of criminal exploitation of virtual currency markets, Blanco emphasized that U.S. authorities continue to expect that financial institutions comply with the “Travel Rule” – that is, the requirement to transmit certain identifying information regarding transaction counterparties to the next financial institution in the transaction chain – with respect to virtual currency transactions, among others.

Cybercriminals Have Adapted to the Pandemic – You Need to as Well

Blanco recited the principal ways in which cybercriminals have adapted to exploit vulnerabilities created by COVID-19. For example, cybercriminals have taken advantage of security vulnerabilities in remote working applications, including VPNs and remote desktop protocols, that are central to the new work-from-home paradigm. Scams intended to undermine “know your customer” processes, including deep-fake and credential-stuffing attacks, have also increased in recent months, as have scams involving virtual currency payments, extortion, ransomware, fraudulent medical products sales, and initial coin offerings. Blanco expects this illegal conduct to continue to increase during the pandemic, and he advised financial institutions to calibrate their security measures to those threats.

Blanco explained that the “entire AML community has been adapting in real time” to the COVID-19 pandemic and its economic fallout, and he urged financial institutions to stay alert for malicious or fraudulent transactions. FinCEN issued notices on March 16 and April 3 advising financial institutions of their AML obligations during the COVID-19 pandemic and provided a direct contact mechanism to report urgent COVID-19 related issues. Blanco also advised that FinCEN is publishing advisories highlighting common types of fraud, theft, and money laundering activities related to the pandemic. Orrick’s May 27, 2020 Client Alert details steps that the Financial Action Task Force (“FATF”) – the global money laundering and terrorist financing watchdog – has advised that financial institutions consider taking to ensure continued compliance with their AML obligations.

The End of an Era? Regulators Expect to Know Who Is Transacting in Virtual Currencies

Turning to his “primary theme,” Blanco stated that the United States expects financial institutions to comply with the Travel Rule – full stop. There is no exception for virtual currency transactions. The Rule requires institutions processing virtual currency transactions valued at $3,000 or more to pass on and retain certain identifying information – including names, addresses, and account numbers – of both transaction counterparties to the next financial institution in the transaction chain. Blanco praised steps taken by FATF last June to establish international standards that are consistent with the U.S. Travel Rule.

The Travel Rule’s application to virtual currency transactions has been a source of resentment for Blockchain advocates who view the technology’s unique ability to facilitate anonymous transactions as one of its most revolutionary attributes. However, others have embraced the Rule for the role it has played in legitimizing the use of virtual currencies by law-abiding, mainstream actors as a safe alternative to traditional currencies.

Blanco’s comments make clear that FinCEN is firmly in the latter camp and views the Travel Rule as a key enforcement tool to prevent the proliferation of black markets and other illicit uses of Blockchain technology. In his words, “[a]ny asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”

Blanco reported that recordkeeping violations – such as violations of the Travel Rule – are the most common violations that FinCEN’s delegated IRS examiners have found being committed by money services businesses engaged in virtual currency transmission. Nevertheless, he stated that he is optimistic about the growth of cross-sector organizations and working groups focused on improving compliance with the Travel Rule and developing complementary international standards. Blanco stressed the importance of collaboration between government, law enforcement, and private companies, both during the COVID-19 pandemic and beyond. Blanco explained that it is the shared responsibility of the public and private sectors to ensure that virtual currency “technology does not get hijacked by criminals” to become a “conduit for crime, hate, and harm.”

Help Us to Help You

Blanco closed with an invitation to the private sector to strengthen its collaboration with regulators and law enforcement to combat illegal uses of virtual currencies. Since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (“SARs”) involving virtual currency exploitation, over half of which came from the virtual currency industry. Those SARs are critical to FinCEN’s and law enforcement’s efforts to combat criminality and FinCEN’s efforts to educate industry participants about trends in illicit virtual currency use through its advisory and FinCEN Exchange programs.

Despite these efforts, Blanco explained that “[r]isks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions.” FinCEN and its delegated IRS examiners are taking a close look at the AML/CFT controls on transactions in virtual currencies, and Blanco advised his audience to consider whether their controls are adequate to fulfill their duties to maintain risk-based AML programs. Blanco explained that FinCEN is also taking seriously the rise in foreign money services businesses seeking to do business with U.S. persons or operating in the U.S. without complying with U.S. AML regulations. Put simply, “[i]f you want access to the U.S. financial system and the U.S. market, you must abide by the rules.”

Cryptocurrency and OFAC: Beware of the Sanctions Risks

A recent federal criminal action shows the depth of the U.S. government’s concern about the use of cryptocurrency (or virtual currency) to violate economic sanctions laws and the lengths to which it will go to charge such violations. The U.S. government is particularly concerned that sanctioned countries and parties have used cryptocurrency to avoid sanctions designed to isolate them, and to facilitate illicit activities, including money laundering and ransomware attacks. The U.S. Office of Foreign Assets Control of the Treasury Department (OFAC), which administers U.S. economic sanctions programs, indicated recently that it intends to devote more resources to cryptocurrency issues. Over the past year or so, OFAC has issued a number of subpoenas to virtual currency businesses, such as exchanges, regarding possible customers and transactions involving parties in sanctioned countries. OFAC will probably announce its first enforcement actions involving virtual currency at some point this year. In addition, as discussed in Orrick’s recent blog post, the U.S. Commodity Futures Trading Commission, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), and the U.S. Securities and Exchange Commission remain focused on AML risks presented by cryptocurrency.

In an unusual application of economic sanctions law, in November 2019 a U.S. citizen was arrested and charged by the U.S. Attorney for the Southern District of New York with violating U.S. sanctions after he traveled to North Korea and delivered a presentation and technical advice related to the use of cryptocurrency and blockchain technology. In the case, which did not involve cryptocurrency transactions, the U.S. Attorney charged Virgil Griffith, an Ethereum Foundation staff member, with conspiring to violate U.S. sanctions laws that generally prohibit the provision of unlicensed services to North Korea. According to the U.S. Attorney’s Office, Mr. Griffith had traveled to North Korea to attend and speak at the Pyongyang Blockchain and Cryptocurrency Conference, despite the U.S. government’s denial of his request for authorization to attend. The U.S. government alleges that at the conference Mr. Griffith and other attendees discussed how North Korea could use blockchain and cryptocurrency technology to launder money and evade sanctions.

OFAC has issued frequently asked questions emphasizing that compliance obligations remain the same regardless whether transactions are denominated in virtual currency or fiat, and has started to include in its Specially Designated Nationals and Blocked Persons List (SDN List) virtual currency addresses that are linked to sanctioned persons. Sanctions are enforced with the help of U.S. businesses, in particular banks and other financial institutions, which have implemented systems and internal controls to detect the involvement of designated persons or prohibited jurisdictions in transactions. The U.S. government expects a similar level of commitment from entities dealing in cryptocurrency. It is critical that U.S. virtual currency users, exchangers, administrators and other persons engaging in virtual currency transactions with any U.S. nexus take steps designed to ensure that they do not deal with U.S. sanctions targets, which include providing financial or other services to such parties. OFAC has advised technology companies, administrators, exchangers, and users of virtual currencies, and other payment processors, to implement risk-based compliance programs, which generally should include sanctions list screening. This is consistent with OFAC’s recommendations included in A Framework for OFAC Compliance Commitments issued in June 2019.

Because a strict liability standard applies to unauthorized dealings with sanctioned parties and jurisdictions, U.S. persons dealing in cryptocurrency cannot avoid potential liability simply because they do not know the identity of the person with whom they are interacting. And the risk of dealing with sanctioned persons and jurisdictions when conducting virtual currency transactions will likely increase should nations like Iran and Russia further embrace cryptocurrency to try to avoid sanctions. In 2018, Iran reportedly acknowledged cryptocurrency mining as a legitimate industry, and in December 2019, Iran’s President reportedly proposed creation of a Muslim cryptocurrency to decrease reliance on the U.S. dollar. The U.S. government acted in 2018 to prohibit transactions involving Venezuela’s state virtual currency, the “Petro.”

To protect against potential sanctions violations, there are key steps that cryptocurrency users and exchanges can take. Crypto exchanges operating in the United States are required to register with FinCEN as money services businesses, to license themselves in the states in which they operate, and to exclude users in sanctioned jurisdictions and those on OFAC’s SDN List from transacting on the exchange. These exchanges should adopt and implement Know Your Customer procedures, including sanctions screening, to identify parties trading on their exchanges, and can employ geo-IP blocking to prohibit access by parties from sanctioned jurisdictions. They should perform transaction monitoring to detect suspicious activity and file required reports with FinCEN. U.S. persons trading in cryptocurrency should use exchanges committed to complying with U.S. sanctions requirements. If the exchange allows sanctioned parties to participate, a U.S. person could end up unknowingly trading with such a party and thus violating U.S. law. Exchanges operating outside the United States that want to attract U.S. users should also consider implementing such measures, to exclude targets of U.S. sanctions from trading. Non-U.S. exchanges that permit access to certain U.S. sanctions targets may risk imposition of U.S. “secondary sanctions” designed to deter non-U.S. persons from engaging in business with targets of U.S. sanctions.

IRS Hints at Form 8938 Requirements for Reporting Crypto Assets Held at a Foreign Exchange

With the emergence of digital assets, the question has arisen whether digital assets held in “wallets” in foreign exchanges need to be reported on Internal Revenue Service (IRS) Form 8938, Statement of Specified Foreign Financial Assets. Form 8938 is the IRS counterpart for the FBAR, or Foreign Bank Report, which certain holders of foreign bank accounts must file with FinCEN. Form 8938 was added as part of the HIRE Act at the same time the Foreign Account Tax Compliance Act (commonly known as FATCA) was adopted in 2010. The penalty for a failure to file Form 8938 is $10,000. However, it is not clear that Form 8938 applies to digital assets.

The answer requires one to dig through the underlying statutes and the instructions to Form 8938. We start with Internal Revenue Code Section 6038D, which requires reporting of “specified foreign financial assets.” Under Code Section 6038D, a “specified foreign financial asset” is (1) a financial account maintained by a foreign financial institution and (2) one of the following foreign financial assets if they are held for investment and not held in an account maintained by a financial institution: (a) any stock or security issued by a person other than a United States person; (b) any financial instrument or contract held for investment that has an issuer or counterparty other than a United States person, and (c) any interest in a foreign entity. The term “financial account” means, with respect to any financial institution, (a) any depository account, (b) any custodial account and (c) any equity or debt interest in such financial institution (other than interests regularly traded on an established securities market).

One issue for digital asset holders is whether a person who holds such assets in a wallet maintained at a foreign exchange is holding an asset in a “foreign financial institution.” What is a financial institution? This is defined in Code Section 1471(d)(5) as an entity that (a) accepts deposits in the ordinary course of a banking or a similar business, (b) as a substantial portion of its business, holds “financial assets” for the account of the others, or (c) is engaged (or holds itself out as being engaged) primarily in the business of investing, reinvesting or trading in securities, partnership interests, commodities or any interests in such securities, partnership interests or commodities. A foreign financial institution includes investment vehicles such as foreign mutual funds, foreign hedge funds and foreign private equity funds. Very generally, financial assets are securities, commodities, notional principal contracts, insurance contracts, or annuity contracts or interests in any of the foregoing. Both the terms “security” and “commodity” are defined by reference to Code Section 475, a section of the Code that was adopted in 1993, preceding the emergence of digital assets. For example, gold is a commodity under this provision, and anyone holding gold in an offshore account would need to report the account. Should the same rules apply to bitcoin or bitcoin gold held in a wallet in an offshore exchange? The IRS has not yet taken a position on whether cryptocurrency is a security or a commodity, which it could do by a regulation or a notice. This is key to the analysis of whether or not the crypto exchange is a foreign financial institution.

At least one recent, unofficial statement provides insight into the IRS’s thinking on the reporting obligation on Form 8938. Recently, according to Tax Notes, an IRS official was asked if the IRS will assess penalties against taxpayers who haven’t been disclosing digital assets on Form 8938, and the official responded that, if taxpayers had been reporting taxable cryptocurrency transactions on their returns during prior years and properly filed Form 8938 going forward, the IRS probably would not pursue them for prior tax years. Of course, this is merely an unofficial statement, and the IRS could formally decide otherwise or examiners could take different positions during the course of an exam. Either way, taxpayers that have not been reporting their cryptocurrency transactions should file Form 8938 as soon as possible and consider filing amended returns.

Information reporting is certainly a key issue for the IRS that will drive the tax compliance process. In a sign of the attention that the IRS is giving to the reporting, the draft version of IRS Form 1040, Schedule 1, now includes a question regarding financial interests in “virtual currencies,” much like the question relating to ownership of foreign bank accounts presently on Schedule B.

Wyoming, the “Equality State,” Seeks to Level the Playing Field for Digital Assets Businesses

In its continued effort to establish itself as the go-to jurisdiction for digital asset businesses, Wyoming, through its Department of Audit, Division of Banking, recently published a digital asset custody regime for its newly created, special purpose depository institutions (SPDIs). SPDIs are banking institutions authorized to take custody of digital assets. If they function as intended, SPDIs may prove to be a solution to, among other things, digital asset companies’ money transmitter licensing woes.

One major impediment to entering the U.S. market for digital asset companies is the requirement to obtain money transmitter licenses from individual states. Applying for these licenses state by state can be expensive and burdensome, and some states have created additional hurdles for digital asset companies. New York, for example, requires digital asset companies to obtain a “BitLicense,” which is notoriously difficult to obtain, to operate in the state. California may soon follow suit, imposing substantial licensing requirements under Assembly Bill 1489, which has been introduced in the legislature.

Wyoming is trying a different approach. In establishing SPDIs, Wyoming is helping blockchain companies avoid the costs of these burdensome licensing regimes while still protecting customers by taking advantage of a regulatory benefit enjoyed by banking institutions like SPDIs. Per the Bank Secrecy Act, banks are exempt, as a general matter, from needing money transmitter licenses.

Further, advocates argue that the SPDIs will provide a solution for startups seeking to operate in New York without a BitLicense. Federal law, through the Riegle-Neal Amendments Act, protects the parity of national banks and the state-chartered banks of other states. Accordingly, if a state exempts a national bank from a regulation, then other state-chartered banks must be exempt from that regulation as well. Because New York exempts national banks from the requirement to obtain a BitLicense to operate, so the argument goes, Wyoming’s SPDIs – which are state-chartered banks – should be exempted from that requirement as well. This theory remains untested, and New York has not taken a position on whether it will exempt SPDIs from needing a BitLicense to operate there. Perhaps Wyoming’s status as “The Equality State” will prompt New York to provide its state-chartered banks with “equal” treatment.

While the first new SPDIs could become operational by early 2020, which might provide a work-around for the current money transmitter licensing barriers facing digital asset companies, there remain a few obstacles for a company desiring to take advantage of the law, albeit surmountable ones.

First, SPDIs are required to maintain a minimum capital requirement of $5 million – making it prohibitive for most startups to charter their own SPDI. However, multiple companies may partner with one unaffiliated SPDI to pool assets. Assuming cooperation among market players, startups should be able to find enough capital among other SPDIs to satisfy the capital requirement. Second, SPDIs are required to maintain the principal operating headquarters and the primary office of its CEO in Wyoming, but – as we know – the excellent skiing, beautiful vistas and abundant wildlife in Wyoming provide ample justification for setting up shop there.

Wyoming’s creation of SPDIs comes on the heels of other pro-blockchain moves by the state, including authorizing corporations to issue securities via “certificate tokens in lieu of stock certificates,” creating a FinTech sandbox that enables startups to receive waivers from laws or regulations that may unnecessarily burden their ability to test new products and services, and classifying digital assets as property.

Wyoming’s small population and limited infrastructure may make it difficult to attract personnel and capital to create a competitive SPDI market. But with sufficient incentives, and the opportunity to engage in a potentially lucrative and groundbreaking industry, Wyoming is making a bid to become the crypto capital of the U.S.

In Case You Needed A Reminder – AML/CFT Regulations Apply to Transactions in Cryptocurrencies

Earlier this month, the leaders of the U.S. Commodity Futures Trading Commission, the Financial Crimes Enforcement Network, and the U.S. Securities and Exchange Commission released a joint statement reminding individuals engaged in transactions involving digital assets of their obligations under the Bank Secrecy Act (BSA) to guard against money laundering and counter the financing of terrorism.

Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regulations apply to all entities that the BSA defines as “financial institutions,” including futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. To comply with AML/CFT regulations, financial institutions are required to, among other things, implement anti-money laundering programs and comply with recording keeping and reporting requirements, including suspicious activity reporting (SAR) requirements.

The joint statement emphasized that AML/CFT regulations apply to financial institutions engaged in activities involving “digital assets,” including instruments that may qualify under applicable U.S. laws as securities, commodities, and security- or commodity-based instruments such as futures or swaps. Because digital assets and financial transactions in digital assets are referred to by many names – including “cryptocurrencies,” “digital tokens,” “virtual assets” and “initial coin offerings” – the regulators issuing the joint statement reminded financial institutions that commonly used labels may not necessarily align with how an asset, activity or service is defined under the BSA or under laws and rules administered by the CFTC and the SEC. The nature of the digital asset, activity or service, including underlying “facts and circumstances” and the asset’s “economic reality and use,” determines how it is regulated under federal laws and regulations.

By reminding industry participants that the nature of a digital asset and the manner in which it is used – and not industry lingo – determines how the digital asset is regulated, the CFTC, FinCEN and the SEC signaled that they are adopting the same framework courts already use to determine how to classify other types of assets under the federal securities laws. The joint statement indicates that regulators are continuing to take steps toward applying existing federal securities laws and regulations to digital currencies.

FinCEN’s New Guidance for Cryptocurrency Businesses – Some Questions Answered, Some New Questions Raised, Careful Consideration a Must

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) released new guidance to clarify when the Bank Secrecy Act (BSA) will apply to businesses that involve cryptocurrencies (what FinCEN refers to as convertible virtual currencies, or CVCs). The BSA imposes anti-money laundering obligations on various U.S. financial institutions, including “money services businesses” (MSBs). Under the BSA, businesses that transact in cryptocurrencies may qualify as money transmitters, a type of MSB. Whether a business qualifies is important. An MSB must register with FinCEN, implement anti-money laundering controls, and ensure ongoing compliance with recordkeeping and reporting requirements (potentially an expensive and burdensome exercise) – the consequences of failing do so can be severe. But determining which such businesses qualify has been difficult, leaving many in the crypto industry uncertain as to their regulatory status.

FinCEN previously sought to aid in this analysis when it issued guidance in 2013 on the application of the BSA to “persons administering, exchanging, or using virtual currencies.” Although it provided some insight into how FinCEN viewed the cryptocurrency industry, that guidance seemed to raise as many questions as it answered. Various administrative rulings – in which FinCEN publicly advised certain businesses as to whether they were MSBs – helped to answer some of those questions. But those narrow rulings have been few and far between and can provide only limited guidance for a rapidly evolving industry. Through public statements, government officials have also sought to clarify how the BSA might apply to crypto businesses. In particular, a February 2018 letter from a senior Treasury Department official to Senator Ron Wyden suggested that almost all ICOs will constitute BSA-regulated money transmission.

FinCEN’s new guidance “consolidates current FinCEN regulations, and related administrative rulings and guidance issued since 2011, and then applies these rules and interpretations to other common business models involving CVC engaging in the same underlying patterns of activity.” In doing so it takes a step in the right direction, providing greater clarity as to FinCEN’s interpretation of its own regulations (at least to the extent your business model is one of the many covered). For example, the guidance describes why the provider of a hosted wallet likely will be an MSB by virtue of its exercise of total independent control over a customer’s cryptocurrency, whereas the provider of an unhosted wallet that vests the customer with total independent control likely will not. Similarly, the guidance explains that the operator of a trading platform that merely provides a forum where buyers and sellers can post bids and offers likely would not be an MSB, while the operator of a trading platform that additionally acts as an exchanger in consummating transactions between buyers and sellers likely would be. But gaps in FinCEN’s analysis still linger, new questions are raised, and it remains to be seen how useful this guidance will be as technology continues to advance and new and creative business models get off the ground.

And although the guidance signals that FinCEN is thinking about how the federal anti-money laundering laws apply to the cryptocurrency community, it does not signal how aggressive FinCEN will be in enforcing those laws against businesses that deal with cryptocurrency. To date, there have been just a handful of enforcement actions in the industry, including a civil penalty assessed against a peer-to-peer exchanger in April, which we previously discussed. One thing certain is that, in assessing potential BSA enforcement actions, FinCEN will rely heavily on this new guidance and expect businesses dealing in cryptocurrency to do the same. Persons and entities operating in this industry should evaluate (or reevaluate) whether they qualify as an MSB because of crypto-related activities in light of this new guidance.