Keyword: Other Regulatory Issues (tax, anti-money laundering, OFAC, and antitrust)

A “Key” OCC Interpretation – National Banks Can Provide Cryptocurrency Custody Services

, , and

Banking regulators took a significant step toward the mainstreaming of cryptocurrency recently when the Office of the Comptroller of the Currency (OCC) provided guidance about how a bank can provide custody services for cryptocurrency. In Interpretive Letter #1170, published on July 22, the OCC concludes that “a national bank may provide these cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency.”

The OCC’s Letter arrives at an opportune time, when, according to CipherTrace’s recently published findings, the majority of cryptocurrency transactions are cross-border and, on average, each of the top ten U.S. retail banks unknowingly processes an average of $2 billion in crypto-related transactions per year. Providing custody services might help bring more of these transactions in to the open.

The OCC Interpretive Letter

The Interpretive Letter—which was issued just a few short months after the former Coinbase chief legal officer Brian Brooks became the Acting Comptroller of the Currency—is a breakthrough in terms of bringing cryptocurrency within a regulated environment. The OCC outlined three sources of market demand for banks to provide cryptocurrency custody services: (1) cryptocurrency owners who hold private keys want to store them securely because private keys are irreplaceable if lost—misplacement can mean the loss of a significant amount of value; (2) banks may offer more secure storage services than existing options; and (3) investment advisors may wish to manage cryptocurrencies on behalf of customers and use national banks as custodians.

The OCC recognized that, as the financial markets become increasingly technological, there will likely be increasing need for banks and other service providers to leverage new technology and innovative ways to provide traditional services on behalf of customers. The OCC pointed out that cryptocurrency custody services fit neatly into the long-authorized safekeeping and custody services national banks provide for both physical and digital assets.

With respect to cryptocurrency, the Letter states that national banks may provide fiduciary and non-fiduciary custody services. Non-fiduciary custodial services typically entail providing safekeeping services for electronic keys, which, as discussed above, fit neatly into the types of activities national banks have historically performed. Specifically, the OCC explains that a bank that provides custody for cryptocurrency in a non-fiduciary capacity typically would not involve physical possession of the cryptocurrency but rather “essentially provide safekeeping for the cryptographic key that allows for control and transfer of the customer’s cryptocurrency.” Fiduciary cryptocurrency custody services (such as those where the service provider acts as trustee, administrator, transfer agent, or receiver, or receives a fee for providing investment advice) are permissible if conducted in compliance with the National Bank Act and other applicable laws and regulations (such as 12 CFR Part 9 and 12 U.S.C. Ch. 2). Banks are authorized to manage cryptocurrency assets in a fiduciary capacity just as they manage other types of assets in a fiduciary capacity.

Banks that provide cryptocurrency custody services have to comply with existing policies, laws, and regulations, and conduct its custody services in a safe and sound manner, including having adequate systems in place to identify, measure, monitor, and control the risks of its custody services. In particular, banks should ensure they assess the anti-money laundering (AML) risk of any cryptocurrency custodial services and update their AML programs to address that risk. It would be advisable for AML compliance personnel to be well-integrated in the development of cryptocurrency custodial services. Banks must also implement effective risk management programs and legal and regulatory reporting practices for these services. Cryptocurrency custody services may raise unique issues identified by the OCC, including the treatment of blockchain forks, and consideration of whether technical differences between cryptocurrencies (for example, those backed by commodities, those backed by fiat, or those designed to execute smart contracts) may require different risk management practices.

The OCC Letter points out that different cryptocurrencies may be subject to different regulations and guidance. For example, some cryptocurrencies are deemed securities and therefore are subject to federal securities laws and regulations. In addition, because crypto assets are thought of as offering a greater level of anonymity or as falling beyond the ken of centralized banking systems, they have been associated with illicit activity including money laundering. Consequently, banks must ensure that their AML programs are appropriately tailored to effectively assess customer risk and monitor crypto-related transactions. Just yesterday, the Financial Crimes Enforcement Network published an advisory warning that “[f]inancial institutions dealing in [cryptocurrency] should be especially alert to the potential use of their institutions to launder proceeds affiliated with cybercrime, illicit darknet marketplace activity, and other [cryptocurrency]-related schemes and take appropriate risk mitigating steps consistent with their BSA obligations.”

While there has been limited enforcement of federal law against banks for crypto-currency related activity, earlier this year, the OCC brought its first crypto-related enforcement action, against M.Y. Safra Bank for deficient AML processes for digital asset customers. The OCC concluded that the Bank’s deficiencies included its failure to: (1) appropriately assess and monitor customer activity flowing to or from high-risk jurisdictions; (2) conduct ongoing testing of its due diligence processes; (3) implement sufficient controls for its digital assets customers, including cryptocurrency money service businesses (MSBs); (4) address the risk created by the significant increase in wire and clearing transactions created by the cryptocurrency MSB customers; and (5) notify the OCC of its significant deviation from its previous business plan. In the Matter of M.Y. Safra Bank, SFB, AA-NE-2020-5, Consent Order (Jan. 30, 2020).

The OCC’s Letter should give comfort to many banks that have been bystanders to the growth of the cryptocurrency market. Now banks can offer more cryptocurrency-based financial services with more certainty, although many questions will likely be answered through greater participation. More marketplace involvement by traditional banks will in turn have a beneficial effect. Smaller businesses wishing to engage in cryptocurrency-based transactions now may do so by interacting with large, stable, and well-regulated banking institutions.

OCC’s Consideration of an MSB Regime

OCC’s Interpretive Letter may be part of a broader movement by the OCC to promote greater integration of cryptocurrencies into mainstream financial services. Acting Comptroller of the Currency Brooks announced on a podcast on June 25 that the OCC intends to unveil a new bank charter including a national payments charter that will pave the way for nationwide participation by cryptocurrency payments companies. As contemplated, that charter would be equivalent to FinCEN’s MSB registration process and stand in (under the doctrine of preemption) for individual state-level MSB licensing requirements. It also should answer questions like how the Community Reinvestment Act might apply to banks that do not take deposits and how the OCC will impose capital standards on companies that do not bear credit risk.

New York Looks Like it Might Loosen Up on Its Virtual Currency Regulation

On June 25, the New York State Department of Financial Services (NYDFS) published a “Conditional BitLicense” proposal for reforming its licensing framework that would make it easier for virtual currency businesses to obtain permission to operate in New York. The proposal was developed as part of a broader effort to respond to industry changes and concerns that NYDFS identified in its five-year review of its cryptocurrency licensing regime (which originally took effect in June 2015) under which more than two dozen cryptocurrency companies have been approved to do business in New York. Under the proposed regulations, a virtual currency firm will be authorized to operate in New York even if it does not have a full BitLicense from the state if it obtains a “conditional BitLicense” and partners with a firm that does have a full license. (To note, the conditional BitLicense has always existed, but this is the first time that the NYDFS has announced clear rules to help companies access the license.)

The NYDFS’s proposal is likely a welcome development. New York’s process for obtaining a full BitLicense is considered one of the toughest in the country and has long been unpopular with blockchain startups. Among the complaints: steep paperwork requirements and lengthy approval times. Under the proposed conditional licensing regulation, a cryptocurrency firm that wishes to operate in New York can bypass the difficulties of applying for a full license and instead apply for a conditional BitLicense, which would grant it operational privileges so long as it partners with another cryptocurrency firm that is fully licensed. Currently, the NYDFS envisions that under such a partnership, the licensed firm can assist in providing various services and support, including “those relating to structure, capital, systems, personnel, or any other support needed.”

The proposed application process is simple: In order to apply for such a license, the unlicensed cryptocurrency firm would need to inform the NYDFS of its intention to apply and provide a copy of the service agreement between the unlicensed cryptocurrency firm and the licensed cryptocurrency firm, as well as additional documentation. It is clear, however, that the NYDFS views this licensing framework as a temporary stepping stone; the NYDFS stated that it expects firms who obtain such conditional licenses to then apply for a full license within 2 years.

It is not entirely clear how the conditional license will operate in practice. It does not appear that any other state makes conditional licenses available. To that end, the NYDFS is inviting comments on its proposed regulation, including:

  1. What type of cryptocurrency firms would benefit the most from such a conditional license?
  2. What type of licensed firms would be best and most effectively able to partner with unlicensed firms under the terms of a conditional license?
  3. What types of services and support should a licensed firm provide for the firm with the conditional license?
  4. Should there be limits placed on the types of services that a licensed firm can provide?
  5. Should there be caps and limits on the total number of conditional arrangements that a licensed firm can enter? What other checks should be in place?
  6. Should the licensed firm be held accountable for initial due diligence of the firm wishing to obtain a conditional license and to what extent?
  7. Should ongoing due diligence be required?
  8. How should the licensed firm and firm with the conditional license divide responsibilities and obligations for ensuring compliance with legal and regulatory requirements?
  9. What is the best way to check for and resolve conflicts of interest between the two firms involved?
  10. What is the best way to structure such collaboration to limit any potential adverse effect on the markets?
  11. Are there other methods besides a conditional license that the NYDFS should consider?

NYDFS requests that all comments by submitted by August 10, 2020. Given that cryptocurrency regulation is generally uncharted territory, virtual currency firms should consider submitting comment to the NYDFS to assist it in developing this regulation further so that it is effective and workable.

FinCEN Sends Message to the Virtual Currency Industry: The Travel Rule Applies to You, Too

and

FinCEN Director Ken Blanco addressed this year’s Consensus Blockchain Conference on May 13, 2020. In a set of prepared remarks, Blanco recognized the unprecedented challenges that the COVID-19 pandemic has created for anti-money laundering compliance personnel, particularly in addressing virtual currency transactions. To meet those challenges and combat the increased risk of criminal exploitation of virtual currency markets, Blanco emphasized that U.S. authorities continue to expect that financial institutions comply with the “Travel Rule” – that is, the requirement to transmit certain identifying information regarding transaction counterparties to the next financial institution in the transaction chain – with respect to virtual currency transactions, among others.

Cybercriminals Have Adapted to the Pandemic – You Need to as Well

Blanco recited the principal ways in which cybercriminals have adapted to exploit vulnerabilities created by COVID-19. For example, cybercriminals have taken advantage of security vulnerabilities in remote working applications, including VPNs and remote desktop protocols, that are central to the new work-from-home paradigm. Scams intended to undermine “know your customer” processes, including deep-fake and credential-stuffing attacks, have also increased in recent months, as have scams involving virtual currency payments, extortion, ransomware, fraudulent medical products sales, and initial coin offerings. Blanco expects this illegal conduct to continue to increase during the pandemic, and he advised financial institutions to calibrate their security measures to those threats.

Blanco explained that the “entire AML community has been adapting in real time” to the COVID-19 pandemic and its economic fallout, and he urged financial institutions to stay alert for malicious or fraudulent transactions. FinCEN issued notices on March 16 and April 3 advising financial institutions of their AML obligations during the COVID-19 pandemic and provided a direct contact mechanism to report urgent COVID-19 related issues. Blanco also advised that FinCEN is publishing advisories highlighting common types of fraud, theft, and money laundering activities related to the pandemic. Orrick’s May 27, 2020 Client Alert details steps that the Financial Action Task Force (“FATF”) – the global money laundering and terrorist financing watchdog – has advised that financial institutions consider taking to ensure continued compliance with their AML obligations.

The End of an Era? Regulators Expect to Know Who Is Transacting in Virtual Currencies

Turning to his “primary theme,” Blanco stated that the United States expects financial institutions to comply with the Travel Rule – full stop. There is no exception for virtual currency transactions. The Rule requires institutions processing virtual currency transactions valued at $3,000 or more to pass on and retain certain identifying information – including names, addresses, and account numbers – of both transaction counterparties to the next financial institution in the transaction chain. Blanco praised steps taken by FATF last June to establish international standards that are consistent with the U.S. Travel Rule.

The Travel Rule’s application to virtual currency transactions has been a source of resentment for Blockchain advocates who view the technology’s unique ability to facilitate anonymous transactions as one of its most revolutionary attributes. However, others have embraced the Rule for the role it has played in legitimizing the use of virtual currencies by law-abiding, mainstream actors as a safe alternative to traditional currencies.

Blanco’s comments make clear that FinCEN is firmly in the latter camp and views the Travel Rule as a key enforcement tool to prevent the proliferation of black markets and other illicit uses of Blockchain technology. In his words, “[a]ny asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”

Blanco reported that recordkeeping violations – such as violations of the Travel Rule – are the most common violations that FinCEN’s delegated IRS examiners have found being committed by money services businesses engaged in virtual currency transmission. Nevertheless, he stated that he is optimistic about the growth of cross-sector organizations and working groups focused on improving compliance with the Travel Rule and developing complementary international standards. Blanco stressed the importance of collaboration between government, law enforcement, and private companies, both during the COVID-19 pandemic and beyond. Blanco explained that it is the shared responsibility of the public and private sectors to ensure that virtual currency “technology does not get hijacked by criminals” to become a “conduit for crime, hate, and harm.”

Help Us to Help You

Blanco closed with an invitation to the private sector to strengthen its collaboration with regulators and law enforcement to combat illegal uses of virtual currencies. Since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (“SARs”) involving virtual currency exploitation, over half of which came from the virtual currency industry. Those SARs are critical to FinCEN’s and law enforcement’s efforts to combat criminality and FinCEN’s efforts to educate industry participants about trends in illicit virtual currency use through its advisory and FinCEN Exchange programs.

Despite these efforts, Blanco explained that “[r]isks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions.” FinCEN and its delegated IRS examiners are taking a close look at the AML/CFT controls on transactions in virtual currencies, and Blanco advised his audience to consider whether their controls are adequate to fulfill their duties to maintain risk-based AML programs. Blanco explained that FinCEN is also taking seriously the rise in foreign money services businesses seeking to do business with U.S. persons or operating in the U.S. without complying with U.S. AML regulations. Put simply, “[i]f you want access to the U.S. financial system and the U.S. market, you must abide by the rules.”

Cryptocurrency and OFAC: Beware of the Sanctions Risks

, and

A recent federal criminal action shows the depth of the U.S. government’s concern about the use of cryptocurrency (or virtual currency) to violate economic sanctions laws and the lengths to which it will go to charge such violations. The U.S. government is particularly concerned that sanctioned countries and parties have used cryptocurrency to avoid sanctions designed to isolate them, and to facilitate illicit activities, including money laundering and ransomware attacks. The U.S. Office of Foreign Assets Control of the Treasury Department (OFAC), which administers U.S. economic sanctions programs, indicated recently that it intends to devote more resources to cryptocurrency issues. Over the past year or so, OFAC has issued a number of subpoenas to virtual currency businesses, such as exchanges, regarding possible customers and transactions involving parties in sanctioned countries. OFAC will probably announce its first enforcement actions involving virtual currency at some point this year. In addition, as discussed in Orrick’s recent blog post, the U.S. Commodity Futures Trading Commission, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), and the U.S. Securities and Exchange Commission remain focused on AML risks presented by cryptocurrency.

In an unusual application of economic sanctions law, in November 2019 a U.S. citizen was arrested and charged by the U.S. Attorney for the Southern District of New York with violating U.S. sanctions after he traveled to North Korea and delivered a presentation and technical advice related to the use of cryptocurrency and blockchain technology. In the case, which did not involve cryptocurrency transactions, the U.S. Attorney charged Virgil Griffith, an Ethereum Foundation staff member, with conspiring to violate U.S. sanctions laws that generally prohibit the provision of unlicensed services to North Korea. According to the U.S. Attorney’s Office, Mr. Griffith had traveled to North Korea to attend and speak at the Pyongyang Blockchain and Cryptocurrency Conference, despite the U.S. government’s denial of his request for authorization to attend. The U.S. government alleges that at the conference Mr. Griffith and other attendees discussed how North Korea could use blockchain and cryptocurrency technology to launder money and evade sanctions.

OFAC has issued frequently asked questions emphasizing that compliance obligations remain the same regardless whether transactions are denominated in virtual currency or fiat, and has started to include in its Specially Designated Nationals and Blocked Persons List (SDN List) virtual currency addresses that are linked to sanctioned persons. Sanctions are enforced with the help of U.S. businesses, in particular banks and other financial institutions, which have implemented systems and internal controls to detect the involvement of designated persons or prohibited jurisdictions in transactions. The U.S. government expects a similar level of commitment from entities dealing in cryptocurrency. It is critical that U.S. virtual currency users, exchangers, administrators and other persons engaging in virtual currency transactions with any U.S. nexus take steps designed to ensure that they do not deal with U.S. sanctions targets, which include providing financial or other services to such parties. OFAC has advised technology companies, administrators, exchangers, and users of virtual currencies, and other payment processors, to implement risk-based compliance programs, which generally should include sanctions list screening. This is consistent with OFAC’s recommendations included in A Framework for OFAC Compliance Commitments issued in June 2019.

Because a strict liability standard applies to unauthorized dealings with sanctioned parties and jurisdictions, U.S. persons dealing in cryptocurrency cannot avoid potential liability simply because they do not know the identity of the person with whom they are interacting. And the risk of dealing with sanctioned persons and jurisdictions when conducting virtual currency transactions will likely increase should nations like Iran and Russia further embrace cryptocurrency to try to avoid sanctions. In 2018, Iran reportedly acknowledged cryptocurrency mining as a legitimate industry, and in December 2019, Iran’s President reportedly proposed creation of a Muslim cryptocurrency to decrease reliance on the U.S. dollar. The U.S. government acted in 2018 to prohibit transactions involving Venezuela’s state virtual currency, the “Petro.”

To protect against potential sanctions violations, there are key steps that cryptocurrency users and exchanges can take. Crypto exchanges operating in the United States are required to register with FinCEN as money services businesses, to license themselves in the states in which they operate, and to exclude users in sanctioned jurisdictions and those on OFAC’s SDN List from transacting on the exchange. These exchanges should adopt and implement Know Your Customer procedures, including sanctions screening, to identify parties trading on their exchanges, and can employ geo-IP blocking to prohibit access by parties from sanctioned jurisdictions. They should perform transaction monitoring to detect suspicious activity and file required reports with FinCEN. U.S. persons trading in cryptocurrency should use exchanges committed to complying with U.S. sanctions requirements. If the exchange allows sanctioned parties to participate, a U.S. person could end up unknowingly trading with such a party and thus violating U.S. law. Exchanges operating outside the United States that want to attract U.S. users should also consider implementing such measures, to exclude targets of U.S. sanctions from trading. Non-U.S. exchanges that permit access to certain U.S. sanctions targets may risk imposition of U.S. “secondary sanctions” designed to deter non-U.S. persons from engaging in business with targets of U.S. sanctions.

IRS Hints at Form 8938 Requirements for Reporting Crypto Assets Held at a Foreign Exchange

With the emergence of digital assets, the question has arisen whether digital assets held in “wallets” in foreign exchanges need to be reported on Internal Revenue Service (IRS) Form 8938, Statement of Specified Foreign Financial Assets. Form 8938 is the IRS counterpart for the FBAR, or Foreign Bank Report, which certain holders of foreign bank accounts must file with FinCEN. Form 8938 was added as part of the HIRE Act at the same time the Foreign Account Tax Compliance Act (commonly known as FATCA) was adopted in 2010. The penalty for a failure to file Form 8938 is $10,000. However, it is not clear that Form 8938 applies to digital assets.

The answer requires one to dig through the underlying statutes and the instructions to Form 8938. We start with Internal Revenue Code Section 6038D, which requires reporting of “specified foreign financial assets.” Under Code Section 6038D, a “specified foreign financial asset” is (1) a financial account maintained by a foreign financial institution and (2) one of the following foreign financial assets if they are held for investment and not held in an account maintained by a financial institution: (a) any stock or security issued by a person other than a United States person; (b) any financial instrument or contract held for investment that has an issuer or counterparty other than a United States person, and (c) any interest in a foreign entity. The term “financial account” means, with respect to any financial institution, (a) any depository account, (b) any custodial account and (c) any equity or debt interest in such financial institution (other than interests regularly traded on an established securities market).

One issue for digital asset holders is whether a person who holds such assets in a wallet maintained at a foreign exchange is holding an asset in a “foreign financial institution.” What is a financial institution? This is defined in Code Section 1471(d)(5) as an entity that (a) accepts deposits in the ordinary course of a banking or a similar business, (b) as a substantial portion of its business, holds “financial assets” for the account of the others, or (c) is engaged (or holds itself out as being engaged) primarily in the business of investing, reinvesting or trading in securities, partnership interests, commodities or any interests in such securities, partnership interests or commodities. A foreign financial institution includes investment vehicles such as foreign mutual funds, foreign hedge funds and foreign private equity funds. Very generally, financial assets are securities, commodities, notional principal contracts, insurance contracts, or annuity contracts or interests in any of the foregoing. Both the terms “security” and “commodity” are defined by reference to Code Section 475, a section of the Code that was adopted in 1993, preceding the emergence of digital assets. For example, gold is a commodity under this provision, and anyone holding gold in an offshore account would need to report the account. Should the same rules apply to bitcoin or bitcoin gold held in a wallet in an offshore exchange? The IRS has not yet taken a position on whether cryptocurrency is a security or a commodity, which it could do by a regulation or a notice. This is key to the analysis of whether or not the crypto exchange is a foreign financial institution.

At least one recent, unofficial statement provides insight into the IRS’s thinking on the reporting obligation on Form 8938. Recently, according to Tax Notes, an IRS official was asked if the IRS will assess penalties against taxpayers who haven’t been disclosing digital assets on Form 8938, and the official responded that, if taxpayers had been reporting taxable cryptocurrency transactions on their returns during prior years and properly filed Form 8938 going forward, the IRS probably would not pursue them for prior tax years. Of course, this is merely an unofficial statement, and the IRS could formally decide otherwise or examiners could take different positions during the course of an exam. Either way, taxpayers that have not been reporting their cryptocurrency transactions should file Form 8938 as soon as possible and consider filing amended returns.

Information reporting is certainly a key issue for the IRS that will drive the tax compliance process. In a sign of the attention that the IRS is giving to the reporting, the draft version of IRS Form 1040, Schedule 1, now includes a question regarding financial interests in “virtual currencies,” much like the question relating to ownership of foreign bank accounts presently on Schedule B.

Wyoming, the “Equality State,” Seeks to Level the Playing Field for Digital Assets Businesses

and

In its continued effort to establish itself as the go-to jurisdiction for digital asset businesses, Wyoming, through its Department of Audit, Division of Banking, recently published a digital asset custody regime for its newly created, special purpose depository institutions (SPDIs). SPDIs are banking institutions authorized to take custody of digital assets. If they function as intended, SPDIs may prove to be a solution to, among other things, digital asset companies’ money transmitter licensing woes.

One major impediment to entering the U.S. market for digital asset companies is the requirement to obtain money transmitter licenses from individual states. Applying for these licenses state by state can be expensive and burdensome, and some states have created additional hurdles for digital asset companies. New York, for example, requires digital asset companies to obtain a “BitLicense,” which is notoriously difficult to obtain, to operate in the state. California may soon follow suit, imposing substantial licensing requirements under Assembly Bill 1489, which has been introduced in the legislature.

Wyoming is trying a different approach. In establishing SPDIs, Wyoming is helping blockchain companies avoid the costs of these burdensome licensing regimes while still protecting customers by taking advantage of a regulatory benefit enjoyed by banking institutions like SPDIs. Per the Bank Secrecy Act, banks are exempt, as a general matter, from needing money transmitter licenses.

Further, advocates argue that the SPDIs will provide a solution for startups seeking to operate in New York without a BitLicense. Federal law, through the Riegle-Neal Amendments Act, protects the parity of national banks and the state-chartered banks of other states. Accordingly, if a state exempts a national bank from a regulation, then other state-chartered banks must be exempt from that regulation as well. Because New York exempts national banks from the requirement to obtain a BitLicense to operate, so the argument goes, Wyoming’s SPDIs – which are state-chartered banks – should be exempted from that requirement as well. This theory remains untested, and New York has not taken a position on whether it will exempt SPDIs from needing a BitLicense to operate there. Perhaps Wyoming’s status as “The Equality State” will prompt New York to provide its state-chartered banks with “equal” treatment.

While the first new SPDIs could become operational by early 2020, which might provide a work-around for the current money transmitter licensing barriers facing digital asset companies, there remain a few obstacles for a company desiring to take advantage of the law, albeit surmountable ones.

First, SPDIs are required to maintain a minimum capital requirement of $5 million – making it prohibitive for most startups to charter their own SPDI. However, multiple companies may partner with one unaffiliated SPDI to pool assets. Assuming cooperation among market players, startups should be able to find enough capital among other SPDIs to satisfy the capital requirement. Second, SPDIs are required to maintain the principal operating headquarters and the primary office of its CEO in Wyoming, but – as we know – the excellent skiing, beautiful vistas and abundant wildlife in Wyoming provide ample justification for setting up shop there.

Wyoming’s creation of SPDIs comes on the heels of other pro-blockchain moves by the state, including authorizing corporations to issue securities via “certificate tokens in lieu of stock certificates,” creating a FinTech sandbox that enables startups to receive waivers from laws or regulations that may unnecessarily burden their ability to test new products and services, and classifying digital assets as property.

Wyoming’s small population and limited infrastructure may make it difficult to attract personnel and capital to create a competitive SPDI market. But with sufficient incentives, and the opportunity to engage in a potentially lucrative and groundbreaking industry, Wyoming is making a bid to become the crypto capital of the U.S.

In Case You Needed A Reminder – AML/CFT Regulations Apply to Transactions in Cryptocurrencies

Earlier this month, the leaders of the U.S. Commodity Futures Trading Commission, the Financial Crimes Enforcement Network, and the U.S. Securities and Exchange Commission released a joint statement reminding individuals engaged in transactions involving digital assets of their obligations under the Bank Secrecy Act (BSA) to guard against money laundering and counter the financing of terrorism.

Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regulations apply to all entities that the BSA defines as “financial institutions,” including futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. To comply with AML/CFT regulations, financial institutions are required to, among other things, implement anti-money laundering programs and comply with recording keeping and reporting requirements, including suspicious activity reporting (SAR) requirements.

The joint statement emphasized that AML/CFT regulations apply to financial institutions engaged in activities involving “digital assets,” including instruments that may qualify under applicable U.S. laws as securities, commodities, and security- or commodity-based instruments such as futures or swaps. Because digital assets and financial transactions in digital assets are referred to by many names – including “cryptocurrencies,” “digital tokens,” “virtual assets” and “initial coin offerings” – the regulators issuing the joint statement reminded financial institutions that commonly used labels may not necessarily align with how an asset, activity or service is defined under the BSA or under laws and rules administered by the CFTC and the SEC. The nature of the digital asset, activity or service, including underlying “facts and circumstances” and the asset’s “economic reality and use,” determines how it is regulated under federal laws and regulations.

By reminding industry participants that the nature of a digital asset and the manner in which it is used – and not industry lingo – determines how the digital asset is regulated, the CFTC, FinCEN and the SEC signaled that they are adopting the same framework courts already use to determine how to classify other types of assets under the federal securities laws. The joint statement indicates that regulators are continuing to take steps toward applying existing federal securities laws and regulations to digital currencies.

FinCEN’s New Guidance for Cryptocurrency Businesses – Some Questions Answered, Some New Questions Raised, Careful Consideration a Must

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) released new guidance to clarify when the Bank Secrecy Act (BSA) will apply to businesses that involve cryptocurrencies (what FinCEN refers to as convertible virtual currencies, or CVCs). The BSA imposes anti-money laundering obligations on various U.S. financial institutions, including “money services businesses” (MSBs). Under the BSA, businesses that transact in cryptocurrencies may qualify as money transmitters, a type of MSB. Whether a business qualifies is important. An MSB must register with FinCEN, implement anti-money laundering controls, and ensure ongoing compliance with recordkeeping and reporting requirements (potentially an expensive and burdensome exercise) – the consequences of failing do so can be severe. But determining which such businesses qualify has been difficult, leaving many in the crypto industry uncertain as to their regulatory status.

FinCEN previously sought to aid in this analysis when it issued guidance in 2013 on the application of the BSA to “persons administering, exchanging, or using virtual currencies.” Although it provided some insight into how FinCEN viewed the cryptocurrency industry, that guidance seemed to raise as many questions as it answered. Various administrative rulings – in which FinCEN publicly advised certain businesses as to whether they were MSBs – helped to answer some of those questions. But those narrow rulings have been few and far between and can provide only limited guidance for a rapidly evolving industry. Through public statements, government officials have also sought to clarify how the BSA might apply to crypto businesses. In particular, a February 2018 letter from a senior Treasury Department official to Senator Ron Wyden suggested that almost all ICOs will constitute BSA-regulated money transmission.

FinCEN’s new guidance “consolidates current FinCEN regulations, and related administrative rulings and guidance issued since 2011, and then applies these rules and interpretations to other common business models involving CVC engaging in the same underlying patterns of activity.” In doing so it takes a step in the right direction, providing greater clarity as to FinCEN’s interpretation of its own regulations (at least to the extent your business model is one of the many covered). For example, the guidance describes why the provider of a hosted wallet likely will be an MSB by virtue of its exercise of total independent control over a customer’s cryptocurrency, whereas the provider of an unhosted wallet that vests the customer with total independent control likely will not. Similarly, the guidance explains that the operator of a trading platform that merely provides a forum where buyers and sellers can post bids and offers likely would not be an MSB, while the operator of a trading platform that additionally acts as an exchanger in consummating transactions between buyers and sellers likely would be. But gaps in FinCEN’s analysis still linger, new questions are raised, and it remains to be seen how useful this guidance will be as technology continues to advance and new and creative business models get off the ground.

And although the guidance signals that FinCEN is thinking about how the federal anti-money laundering laws apply to the cryptocurrency community, it does not signal how aggressive FinCEN will be in enforcing those laws against businesses that deal with cryptocurrency. To date, there have been just a handful of enforcement actions in the industry, including a civil penalty assessed against a peer-to-peer exchanger in April, which we previously discussed. One thing certain is that, in assessing potential BSA enforcement actions, FinCEN will rely heavily on this new guidance and expect businesses dealing in cryptocurrency to do the same. Persons and entities operating in this industry should evaluate (or reevaluate) whether they qualify as an MSB because of crypto-related activities in light of this new guidance.

FinCEN Shows a Little Bite to Go with Its Bark

Last week, the Financial Crimes Enforcement Network (FinCEN) backed up its strong public statements about enforcing the anti-money laundering (AML) laws with respect to cryptocurrency by bringing an enforcement action against an individual for violating the Bank Secrecy Act (BSA).

FinCEN, a bureau within the U.S. Department of Treasury tasked with safeguarding the financial system from illicit use and combating money laundering, has not been shy about expressing interest in blockchain and cryptocurrency issues. In a recent speech, Director Kenneth A. Blanco explained that “FinCEN has been at the forefront of ensuring that companies doing business in virtual currency meet their AML/CFT obligations regardless of the manner in which they do business.” He added that FinCEN “will continue to work with the SEC and CFTC to ensure compliance in this space and will not hesitate to take action when we see disregard for obligations under the BSA.” But FinCEN enforcement actions involving cryptocurrency activities have been infrequent. Since its landmark action against Ripple Labs in 2015, FinCEN’s only enforcement proceeding in this area was brought in 2017 against virtual currency exchanger BTC-e and its owner.

That changed last week when FinCEN assessed a civil penalty against Eric Powers, a “peer-to-peer exchanger” of virtual currency, for violations of the BSA. In agreeing to pay a $35,350 penalty, Powers admitted that he willfully violated the BSA by failing to (i) register as a money services business (MSB), (ii) implement written policies and procedures for ensuring BSA compliance, and (iii) report suspicious transactions and currency transactions.

The Powers action does not provide much insight into one of the more difficult questions a company whose business involves virtual currency faces: whether it qualifies as an MSB that is subject to the BSA. FinCEN guidance from 2013 indicates that the BSA generally will apply to “exchangers” and “administrators” of convertible virtual currencies. Unlike many virtual currency companies, Powers seems to have clearly fit within FinCEN’s definition of an exchanger – through online postings he advertised his intention to purchase and sell bitcoin for others, and he completed purchases and sales by delivering or receiving currency in person, through the mail, or via wire transfer. But in establishing that the BSA applied to Powers, FinCEN leans heavily on the 2013 guidance. That guidance in many ways is imprecise or unclear and it continues to create uncertainty as blockchain technology and virtual currency business models continue to evolve. But the Powers assessment confirms that other entities operating in the cryptocurrency space nevertheless should continue to evaluate their BSA obligations through the lens of that guidance to the extent possible.

Unlike those assessed against Ripple and BTC-e, the financial penalty assessed against Powers was relatively small. This might be because Powers was a natural person (potentially with a lesser “ability to pay” than larger incorporated entities), conducted a fairly small-scale operation, and paid larger sums as part of an earlier civil forfeiture action brought by the Maryland U.S. Attorney. While those considerations warranted a lesser penalty in Powers’s case, FinCEN very well could apply the same law, guidance, and reasoning underlying the assessment to more extensive cryptocurrency operations. Director Blanco’s recent comments regarding FinCEN’s priorities and this latest enforcement action suggest that FinCEN likely will do just that. In other words, we wouldn’t be surprised if FinCEN brings more enforcement actions – levying more severe penalties – to enforce the BSA in the cryptocurrency industry. Persons and entities operating in this industry thus should focus on assessing their potential BSA obligations early and take affirmative steps to comply if required.

NYDFS to Virtual Currency Exchange: Don’t Let the Door Hit You on Your Way Out

The New York Department of Financial Services virtual currency license is back in the spotlight after NYDFS announced that it had rejected the application of Bittrex Inc., a virtual currency exchange, to conduct virtual currency business in the Empire State. The NYDFS virtual currency license, or BitLicense, is notoriously difficult to obtain, having been granted to only 19 companies since it was implemented in July 2014. Although all BitLicense application denials are technically publicly available (but not published), the announcement of Bittrex’s application denial in such a public way is a first for the regulator. The rejection letter states that “Bittrex has failed to demonstrate responsibility, financial and business experience, or the character and fitness to warrant the belief that its business will be conducted honestly, fairly, equitably and carefully. . . .” The denial, coupled with the requirement that Bittrex immediately close up shop in New York, marks a very public rebuke of the exchange, which Bittrex met with a prompt and strongly worded response of its own.

Bittrex submitted its BitLicense application on August 10, 2015. On April 10, 2019, NYDFS publicly announced the rejection of Bittrex’s application. New York allowed Bittrex to operate in the state during the three and a half year application process under the terms of a safe harbor. According to NYDFS’s public rejection letter, the prolonged application process culminated in a four-week on-site review of Bittrex’s operations by NYDFS in February 2019. As a result of the on-site review, NYDFS rejected Bittrex’s BitLicense application based primarily on “deficiencies in Bittrex’s Bank Secrecy Act (BSA), Anti-Money Laundering (AML) and Office of Foreign Assets Control (OFAC) compliance program; a deficiency in meeting the Department’s capital requirement; and deficient due diligence and control over Bittrex’s token and product launches.” This long list of deficiencies, after such a long and laborious application process, appears at odds with the Department’s statement that “throughout Bittrex’s application process, the Department worked steadily with Bittrex” to address deficiencies in some of the very same areas found to be deficient during the February 2019 review.

According to the rejection letter, Bittrex has approximately 35,000 New York-based users who must now find a new exchange on which to trade. This is not going to be an easy task because Bittrex is a market leader listing 212 digital assets on its exchange. By way of comparison, Coinbase, which received its BitLicense in January 2017, lists six digital assets on its exchange (not including the digital assets listed on Coinbase Pro).

Within hours Bittrex responded to the public rejection with its own statement asserting that the rejection “harms rather than protects New York customers,” and stating that “Bittrex fully disputes the findings of the NYDFS” in its rejection letter. According to Bittrex, the NYDFS rejection letter contains “several factual inaccuracies” which Bittrex addresses in its response letter.

Given the public nature of this confrontation and the status of New York as a major financial hub, it is unlikely that we have heard the last of this from the parties involved. In the interim, industry participants should review the NYDFS rejection letter and Bittrex’s response, both of which provide helpful insight into the BitLicense application process and the requirements that digital asset companies have to meet if they seek to offer services in New York.