Keyword: anti-money laundering

FinCEN’s New Guidance for Cryptocurrency Businesses – Some Questions Answered, Some New Questions Raised, Careful Consideration a Must

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) released new guidance to clarify when the Bank Secrecy Act (BSA) will apply to businesses that involve cryptocurrencies (what FinCEN refers to as convertible virtual currencies, or CVCs). The BSA imposes anti-money laundering obligations on various U.S. financial institutions, including “money services businesses” (MSBs). Under the BSA, businesses that transact in cryptocurrencies may qualify as money transmitters, a type of MSB. Whether a business qualifies is important. An MSB must register with FinCEN, implement anti-money laundering controls, and ensure ongoing compliance with recordkeeping and reporting requirements (potentially an expensive and burdensome exercise) – the consequences of failing do so can be severe. But determining which such businesses qualify has been difficult, leaving many in the crypto industry uncertain as to their regulatory status.

FinCEN previously sought to aid in this analysis when it issued guidance in 2013 on the application of the BSA to “persons administering, exchanging, or using virtual currencies.” Although it provided some insight into how FinCEN viewed the cryptocurrency industry, that guidance seemed to raise as many questions as it answered. Various administrative rulings – in which FinCEN publicly advised certain businesses as to whether they were MSBs – helped to answer some of those questions. But those narrow rulings have been few and far between and can provide only limited guidance for a rapidly evolving industry. Through public statements, government officials have also sought to clarify how the BSA might apply to crypto businesses. In particular, a February 2018 letter from a senior Treasury Department official to Senator Ron Wyden suggested that almost all ICOs will constitute BSA-regulated money transmission.

FinCEN’s new guidance “consolidates current FinCEN regulations, and related administrative rulings and guidance issued since 2011, and then applies these rules and interpretations to other common business models involving CVC engaging in the same underlying patterns of activity.” In doing so it takes a step in the right direction, providing greater clarity as to FinCEN’s interpretation of its own regulations (at least to the extent your business model is one of the many covered). For example, the guidance describes why the provider of a hosted wallet likely will be an MSB by virtue of its exercise of total independent control over a customer’s cryptocurrency, whereas the provider of an unhosted wallet that vests the customer with total independent control likely will not. Similarly, the guidance explains that the operator of a trading platform that merely provides a forum where buyers and sellers can post bids and offers likely would not be an MSB, while the operator of a trading platform that additionally acts as an exchanger in consummating transactions between buyers and sellers likely would be. But gaps in FinCEN’s analysis still linger, new questions are raised, and it remains to be seen how useful this guidance will be as technology continues to advance and new and creative business models get off the ground.

And although the guidance signals that FinCEN is thinking about how the federal anti-money laundering laws apply to the cryptocurrency community, it does not signal how aggressive FinCEN will be in enforcing those laws against businesses that deal with cryptocurrency. To date, there have been just a handful of enforcement actions in the industry, including a civil penalty assessed against a peer-to-peer exchanger in April, which we previously discussed. One thing certain is that, in assessing potential BSA enforcement actions, FinCEN will rely heavily on this new guidance and expect businesses dealing in cryptocurrency to do the same. Persons and entities operating in this industry should evaluate (or reevaluate) whether they qualify as an MSB because of crypto-related activities in light of this new guidance.

FinCEN Shows a Little Bite to Go with Its Bark

Last week, the Financial Crimes Enforcement Network (FinCEN) backed up its strong public statements about enforcing the anti-money laundering (AML) laws with respect to cryptocurrency by bringing an enforcement action against an individual for violating the Bank Secrecy Act (BSA).

FinCEN, a bureau within the U.S. Department of Treasury tasked with safeguarding the financial system from illicit use and combating money laundering, has not been shy about expressing interest in blockchain and cryptocurrency issues. In a recent speech, Director Kenneth A. Blanco explained that “FinCEN has been at the forefront of ensuring that companies doing business in virtual currency meet their AML/CFT obligations regardless of the manner in which they do business.” He added that FinCEN “will continue to work with the SEC and CFTC to ensure compliance in this space and will not hesitate to take action when we see disregard for obligations under the BSA.” But FinCEN enforcement actions involving cryptocurrency activities have been infrequent. Since its landmark action against Ripple Labs in 2015, FinCEN’s only enforcement proceeding in this area was brought in 2017 against virtual currency exchanger BTC-e and its owner.

That changed last week when FinCEN assessed a civil penalty against Eric Powers, a “peer-to-peer exchanger” of virtual currency, for violations of the BSA. In agreeing to pay a $35,350 penalty, Powers admitted that he willfully violated the BSA by failing to (i) register as a money services business (MSB), (ii) implement written policies and procedures for ensuring BSA compliance, and (iii) report suspicious transactions and currency transactions.

The Powers action does not provide much insight into one of the more difficult questions a company whose business involves virtual currency faces: whether it qualifies as an MSB that is subject to the BSA. FinCEN guidance from 2013 indicates that the BSA generally will apply to “exchangers” and “administrators” of convertible virtual currencies. Unlike many virtual currency companies, Powers seems to have clearly fit within FinCEN’s definition of an exchanger – through online postings he advertised his intention to purchase and sell bitcoin for others, and he completed purchases and sales by delivering or receiving currency in person, through the mail, or via wire transfer. But in establishing that the BSA applied to Powers, FinCEN leans heavily on the 2013 guidance. That guidance in many ways is imprecise or unclear and it continues to create uncertainty as blockchain technology and virtual currency business models continue to evolve. But the Powers assessment confirms that other entities operating in the cryptocurrency space nevertheless should continue to evaluate their BSA obligations through the lens of that guidance to the extent possible.

Unlike those assessed against Ripple and BTC-e, the financial penalty assessed against Powers was relatively small. This might be because Powers was a natural person (potentially with a lesser “ability to pay” than larger incorporated entities), conducted a fairly small-scale operation, and paid larger sums as part of an earlier civil forfeiture action brought by the Maryland U.S. Attorney. While those considerations warranted a lesser penalty in Powers’s case, FinCEN very well could apply the same law, guidance, and reasoning underlying the assessment to more extensive cryptocurrency operations. Director Blanco’s recent comments regarding FinCEN’s priorities and this latest enforcement action suggest that FinCEN likely will do just that. In other words, we wouldn’t be surprised if FinCEN brings more enforcement actions – levying more severe penalties – to enforce the BSA in the cryptocurrency industry. Persons and entities operating in this industry thus should focus on assessing their potential BSA obligations early and take affirmative steps to comply if required.

Appellate Court – Selling Bitcoin in Florida Requires a Money Services Business License

Following a recent opinion by a Florida appellate court, virtual currency dealers who do business in, from, or into Florida – even individuals in the business of selling their own virtual currency for cash – may be required to obtain a “money services business” license from Florida’s Office of Financial Regulation and maintain costly anti-money laundering programs in accordance with Florida and federal law or face criminal penalties.

On January 30, Florida’s Third District Court of Appeal reinstated criminal charges against Florida resident Michell Espinoza for money laundering and “unlawfully engaging in the business of a money transmitter and/or payment instrument seller without being registered with the State of Florida.” State v. Espinoza, No. 3D16-1860, slip op. (Fla. Dist. Ct. App. Jan. 30, 2019). The trial court had previously dismissed the charges against Espinoza, agreeing with his argument that selling Bitcoin does not qualify as “money transmitting” under Florida law because Bitcoin is not “money,” among other reasons. State v. Espinoza, No. F14-2923 (Fl. Cir. Ct. July 22, 2016). The appellate court disagreed and determined that even a person in the business of selling his own Bitcoin for cash is a “money transmitter” and “payment instrument seller” under Florida law and is therefore required to be licensed as a “money services business.”

The charges against Espinoza stem from a sting operation in 2013, in which undercover detectives contacted Espinoza through a Bitcoin exchange site, LocalBitcoins.com. Espinoza posted on that site that he would sell Bitcoins for cash through in-person transactions. Espinoza was not licensed or registered as a “money services business” with Florida or federal regulators. An undercover detective met Espinoza several times and paid him a total of $1500 cash for Bitcoin, earning Espinoza a profit. During those transactions, the undercover detective allegedly made clear his desire to remain anonymous and said he was involved in illicit activity. For example, the undercover detective allegedly told Espinoza that he needed the Bitcoin to buy stolen credit card numbers from Russians.

The Florida appellate court’s determination that Bitcoins are “monetary value” and “payment instruments” under Florida law fits within a line of cases finding that Bitcoin qualifies as “money” for the purposes of money laundering and anti-money laundering laws. For example, in 2014 Judge Rakoff, a United States District Judge for the Southern District of New York, found that Bitcoin clearly qualifies as “money” or “funds” for the purposes of the federal money transmitter statute because “Bitcoin can be easily purchased in exchange for ordinary currency, acts as a denominator of value and is used to conduct financial transactions.” United States v. Faiella, 39 F. Supp. 3d 544, 545 (S.D.N.Y. 2014) (citing SEC v. Shavers, 2013 WL 4028182, at *2 (E.D. Tex. Aug. 6, 2013)). Some states have also codified virtual currency into their anti-money laundering regulations. For example, after the trial court determined that Bitcoin was not a “monetary instrument” that could be laundered under Florida’s money laundering statute, the Florida legislature amended the statutory definition of “monetary instruments” to explicitly include the term “virtual currency.” Fla. Stat. § 896.101(2)(f) (2017). Other states, however, have taken a different approach. Pennsylvania’s Department of Banking and Securities (“DoBS”), for example, recently published guidance that virtual currency, including Bitcoin, is not considered money under Pennsylvania law. “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania Department of Banking and Securities (Jan. 23, 2019).

The Florida appellate court found that Espinoza was operating as a “money transmitter” and therefore was a “money services business,” simply by engaging in the business of selling his own Bitcoin for cash and not otherwise acting as a middleman between parties. The trial court had applied the more common and narrow understanding that a “money transmitter” operates “like a middleman in a financial transaction, much like how Western Union accepts money from person A, and at the direction of person A, transmits it to person or entity B,” as explained by the appellate court.

To reach its conclusion, the Florida appellate court looked to the text of Florida’s money services business statute – which the court believes is critically different from federal regulations. Under both federal and Florida state law, a “money services business” is defined to include a “money transmitter.” Compare 31 C.F.R. § 1010.100(ff) with Fla. Stat. § 560.103(22). According to the Florida appellate court, the federal definition of “money transmitter” includes a third-party requirement. Under federal regulations, a “money transmitter” means a person engaged in the “acceptance of currency, funds or other value that substitutes currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” 31 C.F.R. § 1010.100(ff)(5(i)(A) (emphasis added). In comparison, the Florida statute defines a “money transmitter” as an entity “which receives currency, monetary value, or payment instruments for the purpose of transmitting the same by any means.” Fla. Stat. § 560.103(23). The Florida appellate court found that, in contrast to the federal regulations, the Florida statute’s “plain language clearly contains no third party transmission requirement in order for an individual’s conduct to fall under the ‘money transmitter’ definition” and, as such “decline[d] to add any third party or ‘middleman’ requirement.”

The appellate court’s interpretation of the text of Florida’s statute is disputable. From a statutory interpretation perspective, the middleman requirement is arguably inherent in the plain meaning of the word “transmit,” which is defined by Merriam-Webster as “to send or convey from one person or place to another.” (Notably, Pennsylvania’s DoBS recently issued guidance interpreting the word “transmitting” in a comparable state statute to include a third-party requirement. See “Money Transmitter Act Guidance for Virtual Currency Businesses,” Pennsylvania DoBS (Jan. 23, 2019) (interpreting statute that “[n]o person shall engage in the business of transmitting money by means of a transmittal instrument for a fee or other consideration with or on behalf of an individual without first having obtained a license from the [DoBS]” to impose a third-party requirement).) It would, therefore, be reasonable to interpret Florida’s statute as consistent with federal regulations. Moreover, the Florida appellate court’s interpretation of the statute could have broad and troubling consequences. Although dicta in the Florida appellate court’s decision make it seem like the court is making a distinction between “merely selling [one’s] own personal bitcoins” and “marketing a business,” the court’s statutory interpretation leaves open the possibility that the mere act of selling one’s own property – without registering as a “money services business” – could be a crime.

While we watch to see whether Espinoza will appeal this decision to the Florida Supreme Court, virtual currency dealers should be aware that selling virtual currency in, from or into Florida may require a money services business license and the maintenance of an anti-money laundering program.

FCA Proposes Guidance on Cryptoassets, but Questions Remain

In January, the UK’s Financial Conduct Authority (FCA) released a consultation on potential guidance on cryptoassets that provides useful direction on how cryptoassets fall within the current regulatory regime. This consultation, one of the publications resulting from the Cryptoasset Taskforce’s October 2018 final report, does not drastically alter the current regulatory landscape, but rather provides clarity on the FCA’s current regulatory perimeter. The consultation also references a consultation by Her Majesty’s Treasury (HMT) that is expected in early 2019, which will explore legislative changes and potentially broaden the FCA’s regulatory remit on cryptoassets.

The FCA consultation on guidance asks for responses to the questions it poses by April 2019. The FCA does not intend to publish its final guidance until this summer; the guidance noted in this consultation paper is subject to change and should not be considered the FCA’s definitive position. However, subject to the feedback that is received, the consultation gives a good indication of the FCA’s thinking with regards to the regulation and classification of cryptoassets. Some of the points highlighted in the consultation are discussed below.

Exchange Tokens / Anti-Money Laundering

The FCA has confirmed that exchange tokens, such as Bitcoin, Litecoin or Ether, do not fall within the regulatory perimeter. This had already been expressed in the Cryptoasset Taskforce’s report, but it is useful to have it repeated here.

However, exchange tokens will be caught (along with other cryptoassets) by the 5th Anti-Money Laundering Directive (5AMLD), which will be transposed into UK law by the end of 2019. HMT will formally consult on this, but the FCA expects that 5AMLD will catch exchange between cryptoassets and fiat currencies or other cryptoassets, transfer of cryptoassets, safekeeping or administration of cryptoassets and provision of financial services related to an issuer’s offer and/or sale of cryptoassets. Being caught by the 5AMLD does not, by itself, mean the cryptoasset will be subject to FCA regulation.

Security Tokens

The FCA’s discussion on the classification of security tokens is arguably the most anticipated part of its guidance on cryptoassets. The discussion makes clear that cryptoassets that fall within the definition of a security will be treated as such. However, given that cryptoassets can provide a range of rights and other characteristics, it can be difficult to determine whether they do fall within such definition. While noting that it can be difficult to categorize tokens, the guidance describes the most relevant traditional forms of specified investments that security tokens may fall into. The guidance also notes that products that derive their value from or reference cryptoassets, such as options, futures, contracts for difference and exchange-traded notes, are likely to fall within the regulatory perimeter, even if the underlying cryptoasset does not.

The FCA states in its guidance that tokens that are issued in exchange for other cryptoassets, and not for fiat currency, will not necessarily be exempt from the regulatory regime if they are considered security tokens.

Issuing of one’s own security tokens does not require the issuing company to have a regulatory licence, in the same way that issuing one’s own shares does not require a licence. However, authorization must be obtained by any exchanges in which the tokens are traded, advisers and brokers, and the financial promotions regime will need to be complied with.

Shares / Debt instruments

According to the consultation, if a cryptoasset has the features of a share then it will be considered a specified investment and certain activities involving it will require authorization or exemption. In determining whether a cryptoasset is classed as a share, the FCA has noted that a separate legal personality, and a body which survives a change of member, are significant but not determinative factors in classifying the cryptoasset. Other factors include whether the cryptoasset provides voting rights, control, ownership, access to a dividend based on the performance of the company or rights to distribution of capital on liquidation. Interestingly, the FCA has noted that the definition is dependent on company and corporate law.

There is a trend for token offerings to be packaged as “security token offerings” and promoted in accordance with security requirements, as ICOs are no longer attractive to investors. However, many of these “security token offerings” do not give equity rights. Calling a token a “security token” will not change the nature of the token itself. The FCA has not been clear on this subject, but arguably a security token that does not meet the company law and corporate law definition of a share can be treated as a utility token and not require the trading platform, broker or advisers to be licensed.

A cryptoasset that represents money owed to the token holder will be considered a debt instrument, and therefore will be considered a security token.

If the cryptoasset is considered a share or debt instrument, and is capable of being traded on the capital market, it will be considered a transferable security under the Markets in Financial Instruments Directive (MiFID), and the MiFID regime will apply. As with traditional securities, this does not require the security to be listed. If the cryptoasset is able to be transferred from one person to another in such a way that the transferee will acquire good legal title, it is likely a transferable security. It is important to note that a cryptoasset may be considered a share under the UK law, but not a transferable security under MiFID.

Warrants, certificates representing certain securities and rights and interests in investments

Warrants may be issued as cryptoassets in situations where an issuing entity issues A tokens, which will provide the token holder the right to subscribe for B tokens at a later date. If the B tokens represent shares or debentures (or other specified investments), then the A tokens will be considered warrants and therefore specified investments. It is important to note that for the A tokens to be warrants, the B tokens will need to be new cryptoassets issued by the issuing entity. If the A tokens provide a right to purchase B tokens from a secondary market, the A tokens will not be considered warrants.

Similarly, A tokens that provide the token holder with a contractual or property right over other investments (either in cryptoasset or traditional form) will be considered certificates representing certain securities. Cryptoassets which represent a right to or interests in other specified investments are also classified as securities.

Units in collective investment schemes

Certain cryptoassets may be considered units in a collective investment scheme, notably tokens that allow investors to invest in assets such as art or property. Provided the investments in the cryptoassets are pooled, and the income or profits that the cryptoasset holders receive are also pooled, it will likely be considered a unit in a collective investment scheme. Importantly, if the token holders have day-to-day control of the management of the investment, it will fall outside this definition.

Utility Tokens

Tokens that represent rewards, such as reward-based crowdfunding, or the access to certain services, will be considered utility tokens. Utility tokens do not have the features of securities, and therefore fall outside the regulatory perimeter. The FCA has noted that the ability to trade utility tokens on the secondary market will not affect the classification of the token – even though this may mean individuals purchase these as investments.

Payment Services and Electronic Money

The guidance confirms that the use of cryptoassets is not covered by the payment services, unless the cryptoasset is considered electronic money. However, where cryptoassets act as a vehicle for money remittance (i.e. the transfer of money from one account to another, perhaps with a currency exchange) then the fiat sides of the exchange will be caught by the payment services regulations.

While cryptoassets do not fall within the payment services regime, they may fall within the e-money one. To the extent that the cryptoasset is issued on receipt of funds (i.e. fiat currency, not other cryptoassets) and the cryptoasset is accepted by a person other than the electronic money issuer, it may be considered electronic money (unless it is excluded). This would include cryptoassets that are issued on receipt of GBP and are pegged to that currency, as long as the cryptoasset is accepted by a third party. Therefore, stablecoins that meet the definitions set out above may fall within the definition of electronic money.

Issues Outstanding

None of the guidance’s declarations is new, but the guidance does provide useful clarification. What is not clear is how utility or payment tokens wrapped in a security token wrapper but not containing traditional security/equity rights will be treated. In our view, if the token is a utility token dressed in a security token wrapper, it should not necessarily be treated as a security, for UK regulatory purposes including requiring an authorized multilateral trading facility (MTF) to carry out secondary trading. The FCA says nothing here conflicting with this, but it would be useful to have clarity in this regard.

Virtual Currencies Fall Within Scope of EU’s Fifth Anti-Money Laundering Directive

The fifth iteration of the Anti-Money Laundering Directive (MLD5) took effect in July 2018. In addition to several updates covering a wide range of anti-money laundering objectives, MLD5 extends its coverage to include certain cryptocurrency service providers.

Learn more about the updates under MLD5, including further details regarding the inclusion of cryptocurrencies within the scope of EU anti-money laundering and terrorist financing regulations, in this recent alert.