Keyword: anti-money laundering

A “Key” OCC Interpretation – National Banks Can Provide Cryptocurrency Custody Services

Banking regulators took a significant step toward the mainstreaming of cryptocurrency recently when the Office of the Comptroller of the Currency (OCC) provided guidance about how a bank can provide custody services for cryptocurrency. In Interpretive Letter #1170, published on July 22, the OCC concludes that “a national bank may provide these cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency.”

The OCC’s Letter arrives at an opportune time, when, according to CipherTrace’s recently published findings, the majority of cryptocurrency transactions are cross-border and, on average, each of the top ten U.S. retail banks unknowingly processes an average of $2 billion in crypto-related transactions per year. Providing custody services might help bring more of these transactions in to the open.

The OCC Interpretive Letter

The Interpretive Letter—which was issued just a few short months after the former Coinbase chief legal officer Brian Brooks became the Acting Comptroller of the Currency—is a breakthrough in terms of bringing cryptocurrency within a regulated environment. The OCC outlined three sources of market demand for banks to provide cryptocurrency custody services: (1) cryptocurrency owners who hold private keys want to store them securely because private keys are irreplaceable if lost—misplacement can mean the loss of a significant amount of value; (2) banks may offer more secure storage services than existing options; and (3) investment advisors may wish to manage cryptocurrencies on behalf of customers and use national banks as custodians.

The OCC recognized that, as the financial markets become increasingly technological, there will likely be increasing need for banks and other service providers to leverage new technology and innovative ways to provide traditional services on behalf of customers. The OCC pointed out that cryptocurrency custody services fit neatly into the long-authorized safekeeping and custody services national banks provide for both physical and digital assets.

With respect to cryptocurrency, the Letter states that national banks may provide fiduciary and non-fiduciary custody services. Non-fiduciary custodial services typically entail providing safekeeping services for electronic keys, which, as discussed above, fit neatly into the types of activities national banks have historically performed. Specifically, the OCC explains that a bank that provides custody for cryptocurrency in a non-fiduciary capacity typically would not involve physical possession of the cryptocurrency but rather “essentially provide safekeeping for the cryptographic key that allows for control and transfer of the customer’s cryptocurrency.” Fiduciary cryptocurrency custody services (such as those where the service provider acts as trustee, administrator, transfer agent, or receiver, or receives a fee for providing investment advice) are permissible if conducted in compliance with the National Bank Act and other applicable laws and regulations (such as 12 CFR Part 9 and 12 U.S.C. Ch. 2). Banks are authorized to manage cryptocurrency assets in a fiduciary capacity just as they manage other types of assets in a fiduciary capacity.

Banks that provide cryptocurrency custody services have to comply with existing policies, laws, and regulations, and conduct its custody services in a safe and sound manner, including having adequate systems in place to identify, measure, monitor, and control the risks of its custody services. In particular, banks should ensure they assess the anti-money laundering (AML) risk of any cryptocurrency custodial services and update their AML programs to address that risk. It would be advisable for AML compliance personnel to be well-integrated in the development of cryptocurrency custodial services. Banks must also implement effective risk management programs and legal and regulatory reporting practices for these services. Cryptocurrency custody services may raise unique issues identified by the OCC, including the treatment of blockchain forks, and consideration of whether technical differences between cryptocurrencies (for example, those backed by commodities, those backed by fiat, or those designed to execute smart contracts) may require different risk management practices.

The OCC Letter points out that different cryptocurrencies may be subject to different regulations and guidance. For example, some cryptocurrencies are deemed securities and therefore are subject to federal securities laws and regulations. In addition, because crypto assets are thought of as offering a greater level of anonymity or as falling beyond the ken of centralized banking systems, they have been associated with illicit activity including money laundering. Consequently, banks must ensure that their AML programs are appropriately tailored to effectively assess customer risk and monitor crypto-related transactions. Just yesterday, the Financial Crimes Enforcement Network published an advisory warning that “[f]inancial institutions dealing in [cryptocurrency] should be especially alert to the potential use of their institutions to launder proceeds affiliated with cybercrime, illicit darknet marketplace activity, and other [cryptocurrency]-related schemes and take appropriate risk mitigating steps consistent with their BSA obligations.”

While there has been limited enforcement of federal law against banks for crypto-currency related activity, earlier this year, the OCC brought its first crypto-related enforcement action, against M.Y. Safra Bank for deficient AML processes for digital asset customers. The OCC concluded that the Bank’s deficiencies included its failure to: (1) appropriately assess and monitor customer activity flowing to or from high-risk jurisdictions; (2) conduct ongoing testing of its due diligence processes; (3) implement sufficient controls for its digital assets customers, including cryptocurrency money service businesses (MSBs); (4) address the risk created by the significant increase in wire and clearing transactions created by the cryptocurrency MSB customers; and (5) notify the OCC of its significant deviation from its previous business plan. In the Matter of M.Y. Safra Bank, SFB, AA-NE-2020-5, Consent Order (Jan. 30, 2020).

The OCC’s Letter should give comfort to many banks that have been bystanders to the growth of the cryptocurrency market. Now banks can offer more cryptocurrency-based financial services with more certainty, although many questions will likely be answered through greater participation. More marketplace involvement by traditional banks will in turn have a beneficial effect. Smaller businesses wishing to engage in cryptocurrency-based transactions now may do so by interacting with large, stable, and well-regulated banking institutions.

OCC’s Consideration of an MSB Regime

OCC’s Interpretive Letter may be part of a broader movement by the OCC to promote greater integration of cryptocurrencies into mainstream financial services. Acting Comptroller of the Currency Brooks announced on a podcast on June 25 that the OCC intends to unveil a new bank charter including a national payments charter that will pave the way for nationwide participation by cryptocurrency payments companies. As contemplated, that charter would be equivalent to FinCEN’s MSB registration process and stand in (under the doctrine of preemption) for individual state-level MSB licensing requirements. It also should answer questions like how the Community Reinvestment Act might apply to banks that do not take deposits and how the OCC will impose capital standards on companies that do not bear credit risk.

Cryptocurrency and OFAC: Beware of the Sanctions Risks

A recent federal criminal action shows the depth of the U.S. government’s concern about the use of cryptocurrency (or virtual currency) to violate economic sanctions laws and the lengths to which it will go to charge such violations. The U.S. government is particularly concerned that sanctioned countries and parties have used cryptocurrency to avoid sanctions designed to isolate them, and to facilitate illicit activities, including money laundering and ransomware attacks. The U.S. Office of Foreign Assets Control of the Treasury Department (OFAC), which administers U.S. economic sanctions programs, indicated recently that it intends to devote more resources to cryptocurrency issues. Over the past year or so, OFAC has issued a number of subpoenas to virtual currency businesses, such as exchanges, regarding possible customers and transactions involving parties in sanctioned countries. OFAC will probably announce its first enforcement actions involving virtual currency at some point this year. In addition, as discussed in Orrick’s recent blog post, the U.S. Commodity Futures Trading Commission, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), and the U.S. Securities and Exchange Commission remain focused on AML risks presented by cryptocurrency.

In an unusual application of economic sanctions law, in November 2019 a U.S. citizen was arrested and charged by the U.S. Attorney for the Southern District of New York with violating U.S. sanctions after he traveled to North Korea and delivered a presentation and technical advice related to the use of cryptocurrency and blockchain technology. In the case, which did not involve cryptocurrency transactions, the U.S. Attorney charged Virgil Griffith, an Ethereum Foundation staff member, with conspiring to violate U.S. sanctions laws that generally prohibit the provision of unlicensed services to North Korea. According to the U.S. Attorney’s Office, Mr. Griffith had traveled to North Korea to attend and speak at the Pyongyang Blockchain and Cryptocurrency Conference, despite the U.S. government’s denial of his request for authorization to attend. The U.S. government alleges that at the conference Mr. Griffith and other attendees discussed how North Korea could use blockchain and cryptocurrency technology to launder money and evade sanctions.

OFAC has issued frequently asked questions emphasizing that compliance obligations remain the same regardless whether transactions are denominated in virtual currency or fiat, and has started to include in its Specially Designated Nationals and Blocked Persons List (SDN List) virtual currency addresses that are linked to sanctioned persons. Sanctions are enforced with the help of U.S. businesses, in particular banks and other financial institutions, which have implemented systems and internal controls to detect the involvement of designated persons or prohibited jurisdictions in transactions. The U.S. government expects a similar level of commitment from entities dealing in cryptocurrency. It is critical that U.S. virtual currency users, exchangers, administrators and other persons engaging in virtual currency transactions with any U.S. nexus take steps designed to ensure that they do not deal with U.S. sanctions targets, which include providing financial or other services to such parties. OFAC has advised technology companies, administrators, exchangers, and users of virtual currencies, and other payment processors, to implement risk-based compliance programs, which generally should include sanctions list screening. This is consistent with OFAC’s recommendations included in A Framework for OFAC Compliance Commitments issued in June 2019.

Because a strict liability standard applies to unauthorized dealings with sanctioned parties and jurisdictions, U.S. persons dealing in cryptocurrency cannot avoid potential liability simply because they do not know the identity of the person with whom they are interacting. And the risk of dealing with sanctioned persons and jurisdictions when conducting virtual currency transactions will likely increase should nations like Iran and Russia further embrace cryptocurrency to try to avoid sanctions. In 2018, Iran reportedly acknowledged cryptocurrency mining as a legitimate industry, and in December 2019, Iran’s President reportedly proposed creation of a Muslim cryptocurrency to decrease reliance on the U.S. dollar. The U.S. government acted in 2018 to prohibit transactions involving Venezuela’s state virtual currency, the “Petro.”

To protect against potential sanctions violations, there are key steps that cryptocurrency users and exchanges can take. Crypto exchanges operating in the United States are required to register with FinCEN as money services businesses, to license themselves in the states in which they operate, and to exclude users in sanctioned jurisdictions and those on OFAC’s SDN List from transacting on the exchange. These exchanges should adopt and implement Know Your Customer procedures, including sanctions screening, to identify parties trading on their exchanges, and can employ geo-IP blocking to prohibit access by parties from sanctioned jurisdictions. They should perform transaction monitoring to detect suspicious activity and file required reports with FinCEN. U.S. persons trading in cryptocurrency should use exchanges committed to complying with U.S. sanctions requirements. If the exchange allows sanctioned parties to participate, a U.S. person could end up unknowingly trading with such a party and thus violating U.S. law. Exchanges operating outside the United States that want to attract U.S. users should also consider implementing such measures, to exclude targets of U.S. sanctions from trading. Non-U.S. exchanges that permit access to certain U.S. sanctions targets may risk imposition of U.S. “secondary sanctions” designed to deter non-U.S. persons from engaging in business with targets of U.S. sanctions.

In Case You Needed A Reminder – AML/CFT Regulations Apply to Transactions in Cryptocurrencies

Earlier this month, the leaders of the U.S. Commodity Futures Trading Commission, the Financial Crimes Enforcement Network, and the U.S. Securities and Exchange Commission released a joint statement reminding individuals engaged in transactions involving digital assets of their obligations under the Bank Secrecy Act (BSA) to guard against money laundering and counter the financing of terrorism.

Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regulations apply to all entities that the BSA defines as “financial institutions,” including futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. To comply with AML/CFT regulations, financial institutions are required to, among other things, implement anti-money laundering programs and comply with recording keeping and reporting requirements, including suspicious activity reporting (SAR) requirements.

The joint statement emphasized that AML/CFT regulations apply to financial institutions engaged in activities involving “digital assets,” including instruments that may qualify under applicable U.S. laws as securities, commodities, and security- or commodity-based instruments such as futures or swaps. Because digital assets and financial transactions in digital assets are referred to by many names – including “cryptocurrencies,” “digital tokens,” “virtual assets” and “initial coin offerings” – the regulators issuing the joint statement reminded financial institutions that commonly used labels may not necessarily align with how an asset, activity or service is defined under the BSA or under laws and rules administered by the CFTC and the SEC. The nature of the digital asset, activity or service, including underlying “facts and circumstances” and the asset’s “economic reality and use,” determines how it is regulated under federal laws and regulations.

By reminding industry participants that the nature of a digital asset and the manner in which it is used – and not industry lingo – determines how the digital asset is regulated, the CFTC, FinCEN and the SEC signaled that they are adopting the same framework courts already use to determine how to classify other types of assets under the federal securities laws. The joint statement indicates that regulators are continuing to take steps toward applying existing federal securities laws and regulations to digital currencies.

The FCA Reclassifies Cryptoassets, But Is It Moving Away From Its Technology Neutral Approach?

The Financial Conduct Authority (FCA) has released final guidance on cryptoassets in a policy statement that includes feedback from their January consultation paper. It is important to note that the policy statement is of a limited scope and focuses on whether different types of cryptoassets fall within the regulatory perimeter of the Financial Services and Markets Act 2000 (FSMA) and Electronic Money Regulations 2011 (EMRs). While the policy statement does touch upon the use of cryptoassets for payment services, prospectus requirements and anti-money laundering issues, it does not provide much new guidance on these areas.

In terms of whether cryptoassets fall within the regulatory perimeter, there is not much new or groundbreaking in the FCA’s approach – which is a good thing. The guidance closely follows the FCA’s views that it had set out in the consultation paper, and the FCA is aware that regulation outside its purview would require legislative changes. This being said, the guidance is useful in assisting token issuers and market players to classify whether the cryptoassets they deal with are subject to, or could potentially be subject to, the regulatory regime.

The guidance confirms that cryptoassets will fall within the regulatory regime, if they meet the definition of specified investments, under the FSMA (Regulated Activities) Order 2001 (RAO), the definition of transferable securities under the Markets in Financial Instruments Directive (MiFID) or the definition of e-money in the EMRs. The guidance notes that the most relevant specified investments for cryptoassets are:

  • Shares
  • Debt instruments
  • Warrants
  • Certificates representing certain securities
  • Rights and interests in investments

The guidance deviates from the consultation paper in classifying the different types of cryptoassets. The previous categories had been security tokens, which were regulated, and exchange tokens and utility tokens, which were unregulated unless they met the definition of e-money under the EMRs. The new categories are:

  • Security tokens
  • E-money tokens
  • Unregulated tokens

The definition of security tokens remains the same, that is, those tokens that meet the definition of specified investments under the RAO and fall within the regulatory perimeter. The previous categories of utility tokens and exchange tokens have been reclassified as e-money tokens, which are those tokens (either utility or exchange tokens) that meet the definition of e-money, and unregulated tokens which, as the name suggests, fall outside the regulatory sphere. This new approach is far clearer from a regulatory standpoint and acknowledges that utility and exchange tokens did not need to be classified separately when considering whether they were regulated.

Less obvious, and potentially more interesting, the policy statement also indicates a change from the FCA’s previous technology-neutral approach. This is not spelled out, and we suspect the FCA would still claim to be technology-neutral; however, the guidance notes that the use of particular technology may raise operational issues unique to that technology and the FCA will consider this as part of its ongoing regulation.

The policy statement also notes the transposition of the 5th Anti-Money Laundering Directive (5AMLD) into UK law by January 2020, although separate guidance on this will be issued. The policy statement confirms that the UK’s approach goes beyond that required by the 5AMLD with regards to cryptoassets, and the Government proposes to extend the Anti-Money Laundering regulations to all cryptoasset exchanges, cryptoasset transfers on behalf of another person and issuance of new cryptoassets, for example an ICO.

This shift towards a less technology-neutral approach is also shown in the FCA’s recent consultation on banning contracts for difference (CFDs) and CFD-like products that reference cryptoassets to retail investors. This consultation comes on the heels of the FCA imposing restrictions on the sale of all CFDs and CFD-like products to retail investors. We would argue, and suspect a technology-neutral approach to support, that CFDs and CFD-like products that reference cryptoassets should be treated in the same way as CFDs and CFD-like products that reference other assets. Given that the ban which is being consulted on only targets those products that reference cryptoassets, is it possible that the FCA is moving away from its technology-neutral approach and towards specific cryptoasset regulation?

FinCEN’s New Guidance for Cryptocurrency Businesses – Some Questions Answered, Some New Questions Raised, Careful Consideration a Must

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) released new guidance to clarify when the Bank Secrecy Act (BSA) will apply to businesses that involve cryptocurrencies (what FinCEN refers to as convertible virtual currencies, or CVCs). The BSA imposes anti-money laundering obligations on various U.S. financial institutions, including “money services businesses” (MSBs). Under the BSA, businesses that transact in cryptocurrencies may qualify as money transmitters, a type of MSB. Whether a business qualifies is important. An MSB must register with FinCEN, implement anti-money laundering controls, and ensure ongoing compliance with recordkeeping and reporting requirements (potentially an expensive and burdensome exercise) – the consequences of failing do so can be severe. But determining which such businesses qualify has been difficult, leaving many in the crypto industry uncertain as to their regulatory status.

FinCEN previously sought to aid in this analysis when it issued guidance in 2013 on the application of the BSA to “persons administering, exchanging, or using virtual currencies.” Although it provided some insight into how FinCEN viewed the cryptocurrency industry, that guidance seemed to raise as many questions as it answered. Various administrative rulings – in which FinCEN publicly advised certain businesses as to whether they were MSBs – helped to answer some of those questions. But those narrow rulings have been few and far between and can provide only limited guidance for a rapidly evolving industry. Through public statements, government officials have also sought to clarify how the BSA might apply to crypto businesses. In particular, a February 2018 letter from a senior Treasury Department official to Senator Ron Wyden suggested that almost all ICOs will constitute BSA-regulated money transmission.

FinCEN’s new guidance “consolidates current FinCEN regulations, and related administrative rulings and guidance issued since 2011, and then applies these rules and interpretations to other common business models involving CVC engaging in the same underlying patterns of activity.” In doing so it takes a step in the right direction, providing greater clarity as to FinCEN’s interpretation of its own regulations (at least to the extent your business model is one of the many covered). For example, the guidance describes why the provider of a hosted wallet likely will be an MSB by virtue of its exercise of total independent control over a customer’s cryptocurrency, whereas the provider of an unhosted wallet that vests the customer with total independent control likely will not. Similarly, the guidance explains that the operator of a trading platform that merely provides a forum where buyers and sellers can post bids and offers likely would not be an MSB, while the operator of a trading platform that additionally acts as an exchanger in consummating transactions between buyers and sellers likely would be. But gaps in FinCEN’s analysis still linger, new questions are raised, and it remains to be seen how useful this guidance will be as technology continues to advance and new and creative business models get off the ground.

And although the guidance signals that FinCEN is thinking about how the federal anti-money laundering laws apply to the cryptocurrency community, it does not signal how aggressive FinCEN will be in enforcing those laws against businesses that deal with cryptocurrency. To date, there have been just a handful of enforcement actions in the industry, including a civil penalty assessed against a peer-to-peer exchanger in April, which we previously discussed. One thing certain is that, in assessing potential BSA enforcement actions, FinCEN will rely heavily on this new guidance and expect businesses dealing in cryptocurrency to do the same. Persons and entities operating in this industry should evaluate (or reevaluate) whether they qualify as an MSB because of crypto-related activities in light of this new guidance.

FinCEN Shows a Little Bite to Go with Its Bark

Last week, the Financial Crimes Enforcement Network (FinCEN) backed up its strong public statements about enforcing the anti-money laundering (AML) laws with respect to cryptocurrency by bringing an enforcement action against an individual for violating the Bank Secrecy Act (BSA).

FinCEN, a bureau within the U.S. Department of Treasury tasked with safeguarding the financial system from illicit use and combating money laundering, has not been shy about expressing interest in blockchain and cryptocurrency issues. In a recent speech, Director Kenneth A. Blanco explained that “FinCEN has been at the forefront of ensuring that companies doing business in virtual currency meet their AML/CFT obligations regardless of the manner in which they do business.” He added that FinCEN “will continue to work with the SEC and CFTC to ensure compliance in this space and will not hesitate to take action when we see disregard for obligations under the BSA.” But FinCEN enforcement actions involving cryptocurrency activities have been infrequent. Since its landmark action against Ripple Labs in 2015, FinCEN’s only enforcement proceeding in this area was brought in 2017 against virtual currency exchanger BTC-e and its owner.

That changed last week when FinCEN assessed a civil penalty against Eric Powers, a “peer-to-peer exchanger” of virtual currency, for violations of the BSA. In agreeing to pay a $35,350 penalty, Powers admitted that he willfully violated the BSA by failing to (i) register as a money services business (MSB), (ii) implement written policies and procedures for ensuring BSA compliance, and (iii) report suspicious transactions and currency transactions.

The Powers action does not provide much insight into one of the more difficult questions a company whose business involves virtual currency faces: whether it qualifies as an MSB that is subject to the BSA. FinCEN guidance from 2013 indicates that the BSA generally will apply to “exchangers” and “administrators” of convertible virtual currencies. Unlike many virtual currency companies, Powers seems to have clearly fit within FinCEN’s definition of an exchanger – through online postings he advertised his intention to purchase and sell bitcoin for others, and he completed purchases and sales by delivering or receiving currency in person, through the mail, or via wire transfer. But in establishing that the BSA applied to Powers, FinCEN leans heavily on the 2013 guidance. That guidance in many ways is imprecise or unclear and it continues to create uncertainty as blockchain technology and virtual currency business models continue to evolve. But the Powers assessment confirms that other entities operating in the cryptocurrency space nevertheless should continue to evaluate their BSA obligations through the lens of that guidance to the extent possible.

Unlike those assessed against Ripple and BTC-e, the financial penalty assessed against Powers was relatively small. This might be because Powers was a natural person (potentially with a lesser “ability to pay” than larger incorporated entities), conducted a fairly small-scale operation, and paid larger sums as part of an earlier civil forfeiture action brought by the Maryland U.S. Attorney. While those considerations warranted a lesser penalty in Powers’s case, FinCEN very well could apply the same law, guidance, and reasoning underlying the assessment to more extensive cryptocurrency operations. Director Blanco’s recent comments regarding FinCEN’s priorities and this latest enforcement action suggest that FinCEN likely will do just that. In other words, we wouldn’t be surprised if FinCEN brings more enforcement actions – levying more severe penalties – to enforce the BSA in the cryptocurrency industry. Persons and entities operating in this industry thus should focus on assessing their potential BSA obligations early and take affirmative steps to comply if required.

Appellate Court – Selling Bitcoin in Florida Requires a Money Services Business License

Following a recent opinion by a Florida appellate court, virtual currency dealers who do business in, from, or into Florida – even individuals in the business of selling their own virtual currency for cash – may be required to obtain a “money services business” license from Florida’s Office of Financial Regulation and maintain costly anti-money laundering programs in accordance with Florida and federal law or face criminal penalties.

On January 30, Florida’s Third District Court of Appeal reinstated criminal charges against Florida resident Michell Espinoza for money laundering and “unlawfully engaging in the business of a money transmitter and/or payment instrument seller without being registered with the State of Florida.” State v. Espinoza, No. 3D16-1860, slip op. (Fla. Dist. Ct. App. Jan. 30, 2019). The trial court had previously dismissed the charges against Espinoza, agreeing with his argument that selling Bitcoin does not qualify as “money transmitting” under Florida law because Bitcoin is not “money,” among other reasons. State v. Espinoza, No. F14-2923 (Fl. Cir. Ct. July 22, 2016). The appellate court disagreed and determined that even a person in the business of selling his own Bitcoin for cash is a “money transmitter” and “payment instrument seller” under Florida law and is therefore required to be licensed as a “money services business.”

The charges against Espinoza stem from a sting operation in 2013, in which undercover detectives contacted Espinoza through a Bitcoin exchange site, LocalBitcoins.com. Espinoza posted on that site that he would sell Bitcoins for cash through in-person transactions. Espinoza was not licensed or registered as a “money services business” with Florida or federal regulators. An undercover detective met Espinoza several times and paid him a total of $1500 cash for Bitcoin, earning Espinoza a profit. During those transactions, the undercover detective allegedly made clear his desire to remain anonymous and said he was involved in illicit activity. For example, the undercover detective allegedly told Espinoza that he needed the Bitcoin to buy stolen credit card numbers from Russians.

The Florida appellate court’s determination that Bitcoins are “monetary value” and “payment instruments” under Florida law fits within a line of cases finding that Bitcoin qualifies as “money” for the purposes of money laundering and anti-money laundering laws. For example, in 2014 Judge Rakoff, a United States District Judge for the Southern District of New York, found that Bitcoin clearly qualifies as “money” or “funds” for the purposes of the federal money transmitter statute because “Bitcoin can be easily purchased in exchange for ordinary currency, acts as a denominator of value and is used to conduct financial transactions.” United States v. Faiella, 39 F. Supp. 3d 544, 545 (S.D.N.Y. 2014) (citing SEC v. Shavers, 2013 WL 4028182, at *2 (E.D. Tex. Aug. 6, 2013)). Some states have also codified virtual currency into their anti-money laundering regulations. For example, after the trial court determined that Bitcoin was not a “monetary instrument” that could be laundered under Florida’s money laundering statute, the Florida legislature amended the statutory definition of “monetary instruments” to explicitly include the term “virtual currency.” Fla. Stat. § 896.101(2)(f) (2017). Other states, however, have taken a different approach. Pennsylvania’s Department of Banking and Securities (“DoBS”), for example, recently published guidance that virtual currency, including Bitcoin, is not considered money under Pennsylvania law. “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania Department of Banking and Securities (Jan. 23, 2019).

The Florida appellate court found that Espinoza was operating as a “money transmitter” and therefore was a “money services business,” simply by engaging in the business of selling his own Bitcoin for cash and not otherwise acting as a middleman between parties. The trial court had applied the more common and narrow understanding that a “money transmitter” operates “like a middleman in a financial transaction, much like how Western Union accepts money from person A, and at the direction of person A, transmits it to person or entity B,” as explained by the appellate court.

To reach its conclusion, the Florida appellate court looked to the text of Florida’s money services business statute – which the court believes is critically different from federal regulations. Under both federal and Florida state law, a “money services business” is defined to include a “money transmitter.” Compare 31 C.F.R. § 1010.100(ff) with Fla. Stat. § 560.103(22). According to the Florida appellate court, the federal definition of “money transmitter” includes a third-party requirement. Under federal regulations, a “money transmitter” means a person engaged in the “acceptance of currency, funds or other value that substitutes currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” 31 C.F.R. § 1010.100(ff)(5(i)(A) (emphasis added). In comparison, the Florida statute defines a “money transmitter” as an entity “which receives currency, monetary value, or payment instruments for the purpose of transmitting the same by any means.” Fla. Stat. § 560.103(23). The Florida appellate court found that, in contrast to the federal regulations, the Florida statute’s “plain language clearly contains no third party transmission requirement in order for an individual’s conduct to fall under the ‘money transmitter’ definition” and, as such “decline[d] to add any third party or ‘middleman’ requirement.”

The appellate court’s interpretation of the text of Florida’s statute is disputable. From a statutory interpretation perspective, the middleman requirement is arguably inherent in the plain meaning of the word “transmit,” which is defined by Merriam-Webster as “to send or convey from one person or place to another.” (Notably, Pennsylvania’s DoBS recently issued guidance interpreting the word “transmitting” in a comparable state statute to include a third-party requirement. See “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania DoBS (Jan. 23, 2019) (interpreting statute that “[n]o person shall engage in the business of transmitting money by means of a transmittal instrument for a fee or other consideration with or on behalf of an individual without first having obtained a license from the [DoBS]” to impose a third-party requirement).) It would, therefore, be reasonable to interpret Florida’s statute as consistent with federal regulations. Moreover, the Florida appellate court’s interpretation of the statute could have broad and troubling consequences. Although dicta in the Florida appellate court’s decision make it seem like the court is making a distinction between “merely selling [one’s] own personal bitcoins” and “marketing a business,” the court’s statutory interpretation leaves open the possibility that the mere act of selling one’s own property – without registering as a “money services business” – could be a crime.

While we watch to see whether Espinoza will appeal this decision to the Florida Supreme Court, virtual currency dealers should be aware that selling virtual currency in, from or into Florida may require a money services business license and the maintenance of an anti-money laundering program.

FCA Proposes Guidance on Cryptoassets, but Questions Remain

In January, the UK’s Financial Conduct Authority (FCA) released a consultation on potential guidance on cryptoassets that provides useful direction on how cryptoassets fall within the current regulatory regime. This consultation, one of the publications resulting from the Cryptoasset Taskforce’s October 2018 final report, does not drastically alter the current regulatory landscape, but rather provides clarity on the FCA’s current regulatory perimeter. The consultation also references a consultation by Her Majesty’s Treasury (HMT) that is expected in early 2019, which will explore legislative changes and potentially broaden the FCA’s regulatory remit on cryptoassets.

The FCA consultation on guidance asks for responses to the questions it poses by April 2019. The FCA does not intend to publish its final guidance until this summer; the guidance noted in this consultation paper is subject to change and should not be considered the FCA’s definitive position. However, subject to the feedback that is received, the consultation gives a good indication of the FCA’s thinking with regards to the regulation and classification of cryptoassets. Some of the points highlighted in the consultation are discussed below.

Exchange Tokens / Anti-Money Laundering

The FCA has confirmed that exchange tokens, such as Bitcoin, Litecoin or Ether, do not fall within the regulatory perimeter. This had already been expressed in the Cryptoasset Taskforce’s report, but it is useful to have it repeated here.

However, exchange tokens will be caught (along with other cryptoassets) by the 5th Anti-Money Laundering Directive (5AMLD), which will be transposed into UK law by the end of 2019. HMT will formally consult on this, but the FCA expects that 5AMLD will catch exchange between cryptoassets and fiat currencies or other cryptoassets, transfer of cryptoassets, safekeeping or administration of cryptoassets and provision of financial services related to an issuer’s offer and/or sale of cryptoassets. Being caught by the 5AMLD does not, by itself, mean the cryptoasset will be subject to FCA regulation.

Security Tokens

The FCA’s discussion on the classification of security tokens is arguably the most anticipated part of its guidance on cryptoassets. The discussion makes clear that cryptoassets that fall within the definition of a security will be treated as such. However, given that cryptoassets can provide a range of rights and other characteristics, it can be difficult to determine whether they do fall within such definition. While noting that it can be difficult to categorize tokens, the guidance describes the most relevant traditional forms of specified investments that security tokens may fall into. The guidance also notes that products that derive their value from or reference cryptoassets, such as options, futures, contracts for difference and exchange-traded notes, are likely to fall within the regulatory perimeter, even if the underlying cryptoasset does not.

The FCA states in its guidance that tokens that are issued in exchange for other cryptoassets, and not for fiat currency, will not necessarily be exempt from the regulatory regime if they are considered security tokens.

Issuing of one’s own security tokens does not require the issuing company to have a regulatory licence, in the same way that issuing one’s own shares does not require a licence. However, authorization must be obtained by any exchanges in which the tokens are traded, advisers and brokers, and the financial promotions regime will need to be complied with.

Shares / Debt instruments

According to the consultation, if a cryptoasset has the features of a share then it will be considered a specified investment and certain activities involving it will require authorization or exemption. In determining whether a cryptoasset is classed as a share, the FCA has noted that a separate legal personality, and a body which survives a change of member, are significant but not determinative factors in classifying the cryptoasset. Other factors include whether the cryptoasset provides voting rights, control, ownership, access to a dividend based on the performance of the company or rights to distribution of capital on liquidation. Interestingly, the FCA has noted that the definition is dependent on company and corporate law.

There is a trend for token offerings to be packaged as “security token offerings” and promoted in accordance with security requirements, as ICOs are no longer attractive to investors. However, many of these “security token offerings” do not give equity rights. Calling a token a “security token” will not change the nature of the token itself. The FCA has not been clear on this subject, but arguably a security token that does not meet the company law and corporate law definition of a share can be treated as a utility token and not require the trading platform, broker or advisers to be licensed.

A cryptoasset that represents money owed to the token holder will be considered a debt instrument, and therefore will be considered a security token.

If the cryptoasset is considered a share or debt instrument, and is capable of being traded on the capital market, it will be considered a transferable security under the Markets in Financial Instruments Directive (MiFID), and the MiFID regime will apply. As with traditional securities, this does not require the security to be listed. If the cryptoasset is able to be transferred from one person to another in such a way that the transferee will acquire good legal title, it is likely a transferable security. It is important to note that a cryptoasset may be considered a share under the UK law, but not a transferable security under MiFID.

Warrants, certificates representing certain securities and rights and interests in investments

Warrants may be issued as cryptoassets in situations where an issuing entity issues A tokens, which will provide the token holder the right to subscribe for B tokens at a later date. If the B tokens represent shares or debentures (or other specified investments), then the A tokens will be considered warrants and therefore specified investments. It is important to note that for the A tokens to be warrants, the B tokens will need to be new cryptoassets issued by the issuing entity. If the A tokens provide a right to purchase B tokens from a secondary market, the A tokens will not be considered warrants.

Similarly, A tokens that provide the token holder with a contractual or property right over other investments (either in cryptoasset or traditional form) will be considered certificates representing certain securities. Cryptoassets which represent a right to or interests in other specified investments are also classified as securities.

Units in collective investment schemes

Certain cryptoassets may be considered units in a collective investment scheme, notably tokens that allow investors to invest in assets such as art or property. Provided the investments in the cryptoassets are pooled, and the income or profits that the cryptoasset holders receive are also pooled, it will likely be considered a unit in a collective investment scheme. Importantly, if the token holders have day-to-day control of the management of the investment, it will fall outside this definition.

Utility Tokens

Tokens that represent rewards, such as reward-based crowdfunding, or the access to certain services, will be considered utility tokens. Utility tokens do not have the features of securities, and therefore fall outside the regulatory perimeter. The FCA has noted that the ability to trade utility tokens on the secondary market will not affect the classification of the token – even though this may mean individuals purchase these as investments.

Payment Services and Electronic Money

The guidance confirms that the use of cryptoassets is not covered by the payment services, unless the cryptoasset is considered electronic money. However, where cryptoassets act as a vehicle for money remittance (i.e. the transfer of money from one account to another, perhaps with a currency exchange) then the fiat sides of the exchange will be caught by the payment services regulations.

While cryptoassets do not fall within the payment services regime, they may fall within the e-money one. To the extent that the cryptoasset is issued on receipt of funds (i.e. fiat currency, not other cryptoassets) and the cryptoasset is accepted by a person other than the electronic money issuer, it may be considered electronic money (unless it is excluded). This would include cryptoassets that are issued on receipt of GBP and are pegged to that currency, as long as the cryptoasset is accepted by a third party. Therefore, stablecoins that meet the definitions set out above may fall within the definition of electronic money.

Issues Outstanding

None of the guidance’s declarations is new, but the guidance does provide useful clarification. What is not clear is how utility or payment tokens wrapped in a security token wrapper but not containing traditional security/equity rights will be treated. In our view, if the token is a utility token dressed in a security token wrapper, it should not necessarily be treated as a security, for UK regulatory purposes including requiring an authorized multilateral trading facility (MTF) to carry out secondary trading. The FCA says nothing here conflicting with this, but it would be useful to have clarity in this regard.

Virtual Currencies Fall Within Scope of EU’s Fifth Anti-Money Laundering Directive

The fifth iteration of the Anti-Money Laundering Directive (MLD5) took effect in July 2018. In addition to several updates covering a wide range of anti-money laundering objectives, MLD5 extends its coverage to include certain cryptocurrency service providers.

Learn more about the updates under MLD5, including further details regarding the inclusion of cryptocurrencies within the scope of EU anti-money laundering and terrorist financing regulations, in this recent alert.