Keyword: FinCEN

Executive Order on Digital Assets Means Industry-Shifting Regulation Is Closer Than Ever

On March 9, 2022, Bitcoin prices surged and many in the crypto community celebrated as the Biden administration announced a sweeping executive order that acknowledges the key role digital assets will play in global financial systems. While the Order embraces crypto as the wave of the future, it calls for an intense focus on the industry that will undoubtedly lead to increased oversight and enforcement. Businesses that have believed themselves to be operating in a legal gray area may soon find themselves more explicitly subject to many of the same regulations as traditional financial service providers. The Order provides a simple rationale for aligning the new industry with existing regulatory standards: “same business, same risks, same rules.”

There is no cookie-cutter approach to analyzing how the coming changes will impact a business. We are tracking developments to help our clients look over the horizon and plan ahead. Below are the key takeaways from the Order:

  • The Order calls for an “unprecedented focus of coordinated action” to address the illicit use of digital assets. This will likely lead to increased criminal enforcement—including holding companies accountable for illegal activity perpetrated through their networks.
  • Numerous agencies have been tasked with developing policies and regulatory frameworks to protect consumers, investors, and businesses in the crypto sphere, with additional reporting to come as soon as within 90 days.
  • The administration supports responsible innovation related to digital assets, meaning technological advances that address privacy, security, controls against exploitation, and environmental responsibility.
  • These directives build on initiatives that have been pursued at the agency level, such as the creation of a DOJ task force to investigate and prosecute crypto crime.

******

The Biden administration’s move towards more digital asset oversight is now directed from the top. President Biden’s March 9 Executive Order calls for an “unprecedented focus of coordinated action” across all government agencies to mitigate the risks posed by the illicit use of digital assets. And this focus is not just domestic; the Order also directs agencies to work with foreign partners to align international frameworks and coordinate responses to risks—which may involve cross-border investigations and prosecution of misconduct. While the Order suggests the government will embrace digital assets in an unprecedented way, there is no doubt that increased criminal and regulatory enforcement will soon follow.

1. The sweeping Order outlines a “whole-of-government approach” to setting policy, establishing regulatory frameworks, and mitigating risks associated with digital assets.

Citing the explosive growth in digital assets, the Order makes the case for stronger oversight and increased regulation of cryptocurrencies. It announces six key priorities:

  • Protecting Consumers, Investors, and Businesses: The Treasury Department and other agency partners will develop policy recommendations to address the risks and opportunities of digital assets. Additionally, the Attorney General and others will report on the role of law enforcement agencies in detecting, investigating, and prosecuting crypto crime, and recommend appropriate regulatory or legislative actions.
  • Protecting U.S. and Global Financial Stability: The Financial Stability Oversight Council will identify economy-wide financial risks posed by digital assets and develop proposals to address such risks and any associated regulatory gaps.
  • Mitigating Illicit Finance and National Security Risks: The Order emphasizes the growing use of digital assets to facilitate cybercrime, money laundering, terrorist and proliferation financing, fraud, theft, and corruption. Building on the Treasury Department’s National Strategy for Combating Terrorist and Other Illicit Financing, a group of agencies will evaluate “opportunities to mitigate such risks through regulation” and develop a coordinated action plan. This plan will, among other things, address the role of law enforcement to increase compliance with AML/CFT, focusing on decentralized financial ecosystems, peer-to-peer payment activity, and obscured blockchain ledgers.
  • Reinforcing U.S. Leadership in the Global Financial System: The Department of Commerce will work with other agencies on a framework to drive U.S. competitiveness and leadership in, and leveraging of, digital asset technologies. The Treasury Department will similarly work across government to establish a framework for international engagement on issues such as foreign assistance, global compliance, and the promotion of international standards.
  • Promoting Access to Safe and Affordable Financial Services: The Treasury Department and other relevant agencies will produce a report on the future of money and payment services, recognizing the national interest in ensuring access to safe and affordable financial services.
  • Supporting Responsible Innovation: Various agencies will study and support technological advances in the responsible development, design, and implementation of digital asset systems. This means ensuring that digital asset technologies include privacy and security in their architecture, integrate controls to defend against illicit exploitation, and reduce negative climate impacts and environmental pollution from cryptocurrency mining.

Additionally, the Order places the “highest urgency” on research and development into the creation of a U.S. Central Bank Digital Currency (CBDC),[1] which it says has the potential to support efficient and low-cost transactions and foster greater access to the financial system. The Treasury Department and other agencies have been tasked with analyzing the potential implications of launching a U.S. CBDC.

2. The Executive Order comes on the heels of a new DOJ task force, the National Cryptocurrency Enforcement Team, aimed at investigating and prosecuting crypto crime.

In October 2021, Deputy Attorney General Lisa Monaco announced the creation of a National Cryptocurrency Enforcement Team (NCET) to “tackle complex investigations and prosecutions of criminal misuses of cryptocurrency,” including money laundering, ransomware and extortion schemes, and trading on dark markets for illegal drugs, weapons, and hacking tools.[2] The NCET is staffed by DOJ prosecutors with backgrounds in cryptocurrency, cybercrime, money laundering, and forfeiture. They work closely with various DOJ sections, U.S. Attorneys’ Offices, and the FBI. According to NCET Director Eun Young Choi, “the NCET will play a pivotal role in ensuring that as the technology surrounding digital assets grows and evolves, the department in turn accelerates and expands its efforts to combat their illicit abuse by criminals of all kinds.”[3] The creation of this task force suggests that the DOJ has both the resources and the will to investigate allegations of wrongdoing in the crypto sphere, and companies must remain vigilant in light of the increased risk of regulatory scrutiny.

3. The SEC has expressed a strong interest in regulating crypto trading platforms, while other agencies have announced a series of “policy sprints” focused on crypto assets.

For the SEC, the question of whether the agency will regulate cryptocurrency exchanges is not a matter of if, but when. When asked by reporters in January whether 2022 will be the year that the SEC starts regulating crypto trading platforms, SEC Chairman Gary Gensler responded: “You shouldn’t put timelines on yourself, but I will say I sure hope so.”[4] He went on to caution: “To the extent that folks are operating outside the regulatory perimeter, but are supposed to be inside, we will bring enforcement actions.”[5] This calls to mind the question of whether cryptocurrencies are securities, which, if answered in the affirmative, brings them well within the reach of the SEC’s Enforcement Division. While the answer may differ depending on the currency, Chairman Gensler has expressed a view that most cryptocurrencies are indeed securities and thus subject to regulation by the SEC.[6]

4. Nearly every relevant agency is marching towards more regulation.

The SEC and the Treasury Department are leaders in this space, but it seems that no agency wants to be left behind when it comes to regulating cryptocurrencies. At the same time that the DOJ and SEC were pursuing their own crypto strategies, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency conducted a series of interagency “policy sprints” focused on crypto assets.[7] Their goal was to analyze the applicability of existing regulations to crypto activities and establish a road map for further guidance. They promised to “provide greater clarity on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible” and articulate expectations for compliance with existing laws. Other regulatory initiatives being pursued at the agency level, including by the Treasury Department’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN), are detailed in our 2021 Year-End Crypto Roundup.

5. Up until now, regulators have had to address misconduct in the crypto market using outdated laws that didn’t always fit. This is about to change—giving regulators more tools (and power) than ever.

Even without a coordinated strategy or crypto-specific regulatory framework, agencies have found ways to hold companies and individuals accountable for crypto-related misconduct. For example, the SEC has brought numerous enforcement actions for fraudulent and unregistered digital asset offerings,[8] and the DOJ recently arrested two individuals in connection with an attempt to launder $4.5 billion in stolen cryptocurrency.[9] Last year, FinCEN and the Commodity Futures Trading Commission (CFTC) reached a $100 million settlement with cryptocurrency exchange BitMEX, and BitMEX founders recently pled guilty to criminal Bank Secrecy Act (BSA) regulations stemming from the company’s willful failure to establish, implement, and maintain an AML program. But despite these efforts, without tailored regulation, illicit activity is bound to fall through the cracks. The current landscape is bound to change dramatically as a result of the Biden administration’s Executive Order, and even companies operating entirely within the law need to be ready to shift how they do business to adapt to changing regulations. Whatever comes next, we are tracking developments closely to help our clients navigate these changes and mitigate regulatory and enforcement risk.

[1] See Board of Governors of the Federal Reserve, Money and Payments; The U.S. Dollar in the Age of Digital Transformation (Jan. 2022).

[2] U.S. Dep’t of Justice, Press Release, Deputy Attorney General Lisa O. Monaco Announces National Cryptocurrency Enforcement Team (Oct. 6, 2021).

[3] U.S. Dep’t of Justice, Press Release, Justice Department Announces First Director of National Cryptocurrency Enforcement Team (Feb. 17, 2022).

[4] Jennifer Schonberger, SEC’s Gensler wants crypto exchange regulation in 2022, warns on stablecoin, Yahoo Finance (Jan. 20, 2022).

[5] Id.

[6] Cheyenne Ligon, Gensler’s Crypto Testimony: 6 Key Takeaways, CoinDesk (Oct. 6, 2021).

[7] Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps (Nov. 23, 2021).

[8] See U.S. Securities & Exchange Commission, Cyber Enforcement Actions.

[9] U.S. Dep’t of Justice, Press Release, Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency (Feb. 8, 2022).

Non-U.S. Crypto and Other Money Services Businesses: Have Customers in the U.S.? Beware of AML and Sanctions Compliance Risk

Two recent guilty pleas involving a cryptocurrency exchange serve as a reminder to all money services businesses (“MSBs”)—including those ostensibly located outside the United States but that conduct business there—of the importance of implementing anti-money laundering (“AML”) programs and registering as MSBs with the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”). Last week, two founders and executives of BitMEX—a virtual currency derivatives exchange whose parent company was registered in the Seychelles but operated globally, including in the United States—pled guilty to criminal Bank Secrecy Act (“BSA”) violations stemming from the company’s willful failure to establish, implement, and maintain an AML program.[1]

The BitMEX enforcement action also highlights sanctions non-compliance risks. Without a Know Your Customer (“KYC”) program, BitMEX carried out transactions for customers based in Iran, a jurisdiction comprehensively sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As OFAC has made clear, sanctions compliance obligations remain the same regardless of whether transactions are denominated in virtual currency or fiat. A focus on sanctions compliance may become even more critical for cryptocurrency companies in the wake of the new far-reaching Russia-related sanctions imposed by the United States, the EU, and the UK, among other governments, in response to Russia’s invasion of Ukraine. OFAC and the New York State Department of Financial Services (“NYSDFS”) have warned that as sanctioned persons and jurisdictions “become more desperate for access to the U.S. financial system,” they are likely to turn to cryptocurrency to minimize the crippling effect of sanctions.

BitMEX Founders’ Guilty Pleas

The two BitMEX founders’ guilty pleas on February 24, 2022 follow the company’s settlement with U.S. regulators in August 2021, which was one of the largest-ever resolutions with a cryptocurrency exchange. While BitMEX was incorporated in the Seychelles, it had connections to the United States, including maintaining offices there and soliciting and accepting orders from U.S. customers. FinCEN and the Commodity Futures Trading Commission found that BitMEX was operating as an unregistered futures commission merchant under the BSA, and that it failed to comply with the BSA’s AML program requirements, including by failing to maintain an adequate customer identification program.  BitMEX resolved the allegations for $100 million, with a $20 million suspended penalty pending the company’s remediation and prevention measures, including ending all operations within the United States and no longer serving any U.S. customers.

The Department of Justice charged four of the company’s founders and executives in October 2020. In announcing that two of them, Arthur Hayes and Benjamin Delo, had pled guilty to willfully violating the BSA, the Department of Justice alleged that these two founders “closely” followed the U.S. regulatory developments and were aware of their BSA obligations due to U.S. customers’ trading on BitMEX. Yet, they allegedly took affirmative steps purportedly designed to exempt BitMEX from the application of U.S. laws like AML requirements and KYC requirements. For example, according to prosecutors, “the defendants caused BitMEX to formally incorporate in the Seychelles, a jurisdiction they believed had less stringent regulation, and from which they could still serve U.S. customers and operate within the United States without performing AML and KYC.” Without “even basic” AML policies in place, BitMEX became “in effect a money laundering platform” and a “vehicle for sanctions violations.”

Takeaways

This development illustrates the significant risks to which foreign-located MSBs expose themselves if they have U.S. customers but fail to comply with the BSA. Incorporating in a “friendlier” jurisdiction, like the Seychelles in the BitMEX case, does not protect an MSB from BSA liability if it operates in the United States. The BSA applies to MSBs “wherever located” if they conduct business “wholly or in substantial part within the United States.” Thus, all MSBs, including those transmitting cryptocurrency—with any U.S. nexus—should take note of the BSA requirements. Those include registering with FinCEN; implementing a written AML program with policies, procedures, and internal controls, including regarding customer identification and verification; and controls to detect and report suspicious activity. The AML programs must be commensurate with the risks posed by the location, size, nature and volume of the services provided by the MSB and be effective in preventing the MSB from being used to facilitate money laundering and the financing of terrorist activities.

An effective AML/KYC program will also help ensure compliance with sanctions regulations. As noted, cryptocurrency exchanges will likely face increased sanctions risks due to the sweeping sanctions recently imposed against Russian banks, entities, and individuals by the United States, EU, UK, and other governments, and additional measures that may be imposed in the coming days or weeks. As such, cryptocurrency exchanges may face, and must address, “unique risks.”

By implementing a KYC program, which includes sanctions screening, cryptocurrency companies can help ensure they do not engage, directly or indirectly, in transactions prohibited by sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions. To ensure compliance, cryptocurrency exchanges should also employ geolocation and IP-address blocking to prohibit access by parties from sanctioned jurisdictions, perform transaction monitoring to detect suspicious activity, and file required reports with FinCEN and OFAC. Exchanges operating outside the United States that do not yet have but want to attract U.S. users should also consider implementing such measures.

[1] Also last week, on February 25, 2022, BitConnect founder Satish Kumbhani was indicted in a cryptocurrency Ponzi scheme, which the government alleges deprived investors worldwide, including in the United States, of over $2 billion. According to the indictment, to avoid regulatory scrutiny and conceal BitConnect’s fraudulent scheme, Kumbhani evaded and circumvented U.S. regulations, including those enforced by the FinCEN. Among other things, BitConnect never registered with FinCEN, as required under the BSA.

The Next Step: FinCEN Proposes to Require Reporting of Cryptocurrency Positions Held in Foreign Accounts

FinCEN recently took another important step toward bringing virtual currency into the financial assets reporting scheme.

Taxpayers that have $10,000 or more in a foreign bank account have long been required to file a foreign bank account report (or “FBAR”) on FinCEN Form 114. The penalties for failing to report foreign bank accounts are significant: $10,000 for a non-willful failure and the greater of $100,000 and up to 50 percent of the unreported account balance for willful failures. While the rules requiring the reporting are issued under the authority of the Bank Secrecy Act, the IRS administers the rules—and the IRS has been aggressive in assessing penalties for failures to report such holdings.

The application of the filing requirement to cryptocurrency has been the subject of some uncertainty. The uncertainty arises because the reporting requirement only applies to a “financial account.” A financial account includes, but is not limited to, a se­curities, brokerage, savings, demand, checking, deposit, time deposit or other account maintained with a financial institution (or other person performing the services of a financial institution). A financial account (per 31 CFR 1010.350(c)) also includes a commodity futures or options account, an insurance policy with a cash value (such as a whole life insurance policy), an annuity policy with a cash value and shares in a mutual fund or similar pooled fund (i.e., a fund that is available to the general public with a regular net asset value determination and regular redemptions). The regulations reserve “other investment fund,” presumably for a definition to come. However, in response to questions raised by the AICPA Virtual Currency Task Force in 2019, FinCEN stated that virtual currency was not subject to FBAR reporting. This was confirmed by FinCEN in 2020 as well.

Whether or not cryptocurrencies are subject to FBAR filing, such holdings may have to be included on the IRS’s Form 8938, Statement of Specified Foreign Financial Assets. Form 8938 is the counterpart to FinCEN 114.

Recent FinCEN Proposed Rule

On December 31, 2020, FinCEN issued Notice 2020-2 that announced a proposed rule that would amend the regulations implementing the Bank Secrecy Act regarding reports of foreign financial accounts (FBAR) to include virtual currency as a type of reportable account under 31 CFR 1010.350. The proposed rule does not specify an effective date.

The decision to treat cryptocurrency as subject to FBAR reporting significantly increases the potential penalties against those who fail to properly identify these accounts. Holders of virtual currency in foreign accounts should review this rule and prepare to report such holdings once the rule becomes effective.

“But if You Fall, You Fall Alone” – The SEC Goes After Ripple

Seven years after Ripple Labs, Inc. first began to sell its digital asset XRP, the Securities and Exchange Commission on December 22, 2020, filed a Complaint in the Southern District of New York against Ripple and its current and former CEOs, alleging that since it began these sales, Ripple has been engaged in an unregistered securities offering through the sale of its XRP token within the United States and worldwide. In the action, which does not allege fraud, the SEC is seeking injunctive relief, disgorgement with prejudgment interest, and civil penalties.

The SEC applied a legal analysis similar to that in other enforcement actions against offerors of digital assets, such as Kik and Telegram. What separates the Ripple Complaint from others is the years-long history of activity the SEC draws upon to allege that the Defendants created substantial risk to investors through asymmetric information disclosures for their own personal gain—the very thing the securities laws are designed to protect against.

The Howey test is used to determine if a financial instrument is an “investment contract” and thus a security. An investment contract was defined by the Supreme Court in SEC v. W. J. Howey Co., 328 U.S. 293 (1946), as an investment in a common enterprise with a reasonable expectation of profits or returns derived from the entrepreneurial or managerial efforts of others. Applying that test, the SEC alleges that purchases of XRP constituted investments, and the XRP offering constituted a common enterprise because the fortunes of the participants were tied together. In typical cases brought by the SEC to date alleging that a form of cryptocurrency is a security, these two prongs of the Howey test have been easily met.

As to the third prong: the SEC alleges that purchasers of XRP reasonably expected their profits to be derived from the efforts of the Defendants, pointing to their efforts to create, control, and manage secondary markets for XRPs, to develop XRP use cases, and to work with banks and other financial intermediaries to implement said use cases. In contrast, note that SEC officials have declared that Bitcoin is not a security—and at least one former commissioner has stated that, in his view, Ether, in its current decentralized form isn’t either—because those tokens do not meet the “reasonable efforts of others” prong of the test, since there is no single third party the token holders are reliant upon for the their continued management and success. (The SEC has elaborated on this analysis in the Framework for “Investment Contract” Analysis of Digital Assets.) The SEC is arguing that this is not the case with Ripple, because, according to the Complaint, XRP investors are not in any position to undertake “various, complex, expensive and all-encompassing strategies about when or how to sell XRP into the markets to protect XRP’s price, volume, and liquidity. Nor are XRP investors in any position to increase significantly ‘demand’ or ‘value’ for XRP by developing a ‘use’ for the token through entrepreneurial efforts—at least not without Ripple’s support.”

The 71-page, 404-paragraph fact-intensive Complaint appears designed to leave little to doubt about the extensive history of the conduct alleged. (According to the Complaint, the statute of limitations as to possible claims against the company was tolled six times.) The SEC’s efforts to bolster its legal conclusions includes, oddly, a footnote citing to guidance from a sister regulator, FinCEN, for its views on the application of the federal securities laws to convertible virtual currencies. And the lengthy Complaint overpleads the SEC’s case, devoting substantial discussion to facts suggesting manipulative conduct designed to support the price of XRP through artificial means, although the SEC does not go so far as to include a cause of action for manipulation. 

In sum, it is unclear whether the attention given by the SEC’s Complaint to dated facts, and allegations that go well beyond the causes of action, constitutes a litigation strategy; a hint about the future direction of SEC cryptocurrency enforcement efforts; or compensation for the SEC’s inaction with respect to this company until now. But it does beg the question as to why the SEC allowed Ripple to operate for as long as it did before bringing this Complaint, during which the XRP attained widespread distribution and heavy concentration with some investors.

Word on the Street Is That Virtual Currency Is the “New Gold,” and it’s Swiftly Moving Up the IRS Watchlist

The IRS has been increasingly active in its effort to ensure that virtual currency does not become a tool for tax evasion. This is not surprising, given that—as we started the last month of 2020—the value of Bitcoin, by far the most well-known cryptocurrency in the world, reached its highest level since 2017. Between June 2019 and July 2020, about 3.1 million active accounts were estimated to use bitcoin in the U.S.

Guidance

The IRS first started publishing guidance and notices on the federal income tax treatment of virtual currency in 2014. The first one among many was Notice 2014-21, which concluded that convertible virtual currency (virtual currencies that can be used to make purchases in the real economy and can be converted into government-issued currencies) should be treated as property for tax purposes. The next Notice, Rev. Rul. 2019-24, addressed the tax treatment of more specific types of virtual currency transactions, “hard fork” and “airdrop.” The IRS has also posted answers to frequently asked questions about virtual-currency transactions on its website. Starting with taxable year 2019, the IRS revised Schedule 1 to Form 1040 to require taxpayers to identify whether they engaged in any transaction involving virtual currency. The IRS plans on going even further as shown in a released draft of the revised Form 1040 for 2020, where it proposed placing the question about cryptocurrencies in a very prominent location—immediately below the taxpayer’s name and address.

More guidance might be forthcoming. One issue is whether the rules for broker reporting should apply to cryptocurrency transactions in the same way that they apply to trades in stocks and securities. The IRS believes that increased reporting leads to greater compliance. Earlier this year, the Chamber of Digital Commerce (the “Chamber”) submitted a comment letter to the IRS and the Department of Treasury to provide its views on potential forthcoming guidance on the reporting issue. The letter pointed out there is still some lack of clarity on the tax information reporting requirement for digital asset transactions, and that further instruction is needed for taxpayers to accurately interpret existing tax rules in the digital currency context. Some of the key areas on which the Chamber had requested clarification are: how “broker” is defined in the virtual currency context—which is critical for analyzing basis reporting requirements and certain information return filing obligations—and what factors are relevant for determining the location transactions take place, which can be a critical factor for cross-border transactions.

Enforcement Efforts

At the same time that it has been providing such guidance, the IRS has begun efforts to investigate possible tax evasion using virtual currency. The agency started its enforcement efforts in as early as 2016 when it served a “John Doe” Summons on one of the largest cryptocurrency exchanges in the country. The IRS demanded that the exchange produce a wide range of taxpayer identifying information and historical transaction records, and when the exchange refused to comply, the U.S. District Court for the Northern District of California ordered the exchange to turn over taxpayer information for those who conducted transactions worth more than $20,000 on its platform for the 2013 – 2015 period.

As part of its virtual currency compliance campaign announced in 2018 to address tax noncompliance related to virtual currency, in 2019 and again in 2020, the IRS sent thousands of warning letters to cryptocurrency holders whose tax returns did not match their virtual currency transaction records. While the IRS has not made it clear where it obtained the information about taxpayers’ transactions, one possible source of data could be Form 1099 reports from virtual currency exchanges. The IRS sent three different types of letters, varying in severity. The first type, Letter 6173, raised the possibility of an examination or enforcement activity if the taxpayer didn’t respond by a specific date and noncompliance persists. The other two, Letters 6174 and 6174-A, reminded taxpayers of their obligation to report.

According to the Internal Revenue Manual (IRM 5.1.18.20.3 (7-17-19)), the IRS uses normal investigative techniques to identify virtual currency including interviews, bank or credit card analysis, summonses of exchanges and financial institutions, review of Forms 1099-K, review of FinCEN Query reports, tracking and internet searches. While this set of instructions may appear relatively old-fashioned, the IRS’ latest moves demonstrate that it is upgrading its crypto-investigation toolbox. According to published reports, in September 2020, the IRS spent approximately $250,000 on a contract with Blockchain Analytics and Tax Services LLC, which will give the IRS access to blockchain analysis tools to track cryptocurrency transactions. Earlier in the summer, the IRS also signed a deal to purchase access to certain blockchain-tracing software for a year.

Despite the industrywide complaint that the IRS’s expectations with regards to holders of virtual currency are vague and unclear, this year, the IRS and the Department of Justice have started taking more proactive actions to prosecute taxpayers who allegedly committed a greater scale of tax evasion related to the use and trade of virtual currency. In October 2020, the Department of Justice charged software pioneer John McAfee with alleged evasion of tax by using cryptocurrency. In addition, on December 9, 2020, the SEC charged Amir Bruno Elmaani, founder of cryptocurrency called Oyster Pearl, with tax evasion. Elmaani allegedly evaded tax on millions of dollars of profits from cryptocurrency transactions and using shell companies and pseudonyms to conceal his income.

Increasing Regulation and Enforcement

All indications are that regulation and enforcement of the law with respect to virtual currency is increasing. On the regulatory side, earlier this month, a new U.S. congressional bill called the “Stablecoin Tethering and Bank Licensing Enforcement Act” was introduced that aims to regulate digital currencies by requiring certain digital currency issuers to obtain a banking charter and obtain approval from the Federal Reserve. Different government agencies are working in parallel to clarify tax payment and reporting obligations with respect to cryptocurrency, and the latest movements indicate that the enforcement actions are continuing.

We expect to see more enforcement actions in the upcoming administration. In November, the president-elect Joe Biden appointed Gary Gensler, a former Commodity Futures Trading Commission Chair under the Obama administration, to its presidential transition team. Gensler has testified before Congress about virtual currency and blockchain on several occasions, and while little information is known about Biden’s stance on cryptocurrency, Gensler called blockchain technology a “change catalyst” in a 2019 CoinDesk opinion and is generally considered to be “Bitcoin-friendly.” While it is generally unclear what Gensler’s long-term official position under the Biden administration will be, he is also on top of a list of potential picks for the SEC chair. Another clue that may provide some insight with regards to Gensler’s attitude towards cryptocurrency is his 2019 statement that Facebook’s proposed digital token, Libra, should be treated as a “security,” which establishes the basis for increasing regulatory oversight. (Cryptocurrency’s uncertain status as a security for tax purposes raises other tax issues.) The general industry consensus is that, while there is a growing acceptance of the legitimacy of cryptocurrency, it is likely that more regulatory and enforcement actions will continue by the SEC against issuers and intermediaries, and by the IRS against taxpayers. More regulation is not necessarily negative—it can create clearer guidelines and landscape for exchanges and virtual currency holders and enable them to better understand the regulatory and tax authorities’ expectations. That being said, it will be important for exchanges and taxpayers to closely follow the latest government guidelines with respect to virtual currency and ensure they comply with reporting and tax payment obligations.

FinCEN Sends Message to the Virtual Currency Industry: The Travel Rule Applies to You, Too

FinCEN Director Ken Blanco addressed this year’s Consensus Blockchain Conference on May 13, 2020. In a set of prepared remarks, Blanco recognized the unprecedented challenges that the COVID-19 pandemic has created for anti-money laundering compliance personnel, particularly in addressing virtual currency transactions. To meet those challenges and combat the increased risk of criminal exploitation of virtual currency markets, Blanco emphasized that U.S. authorities continue to expect that financial institutions comply with the “Travel Rule” – that is, the requirement to transmit certain identifying information regarding transaction counterparties to the next financial institution in the transaction chain – with respect to virtual currency transactions, among others.

Cybercriminals Have Adapted to the Pandemic – You Need to as Well

Blanco recited the principal ways in which cybercriminals have adapted to exploit vulnerabilities created by COVID-19. For example, cybercriminals have taken advantage of security vulnerabilities in remote working applications, including VPNs and remote desktop protocols, that are central to the new work-from-home paradigm. Scams intended to undermine “know your customer” processes, including deep-fake and credential-stuffing attacks, have also increased in recent months, as have scams involving virtual currency payments, extortion, ransomware, fraudulent medical products sales, and initial coin offerings. Blanco expects this illegal conduct to continue to increase during the pandemic, and he advised financial institutions to calibrate their security measures to those threats.

Blanco explained that the “entire AML community has been adapting in real time” to the COVID-19 pandemic and its economic fallout, and he urged financial institutions to stay alert for malicious or fraudulent transactions. FinCEN issued notices on March 16 and April 3 advising financial institutions of their AML obligations during the COVID-19 pandemic and provided a direct contact mechanism to report urgent COVID-19 related issues. Blanco also advised that FinCEN is publishing advisories highlighting common types of fraud, theft, and money laundering activities related to the pandemic. Orrick’s May 27, 2020 Client Alert details steps that the Financial Action Task Force (“FATF”) – the global money laundering and terrorist financing watchdog – has advised that financial institutions consider taking to ensure continued compliance with their AML obligations.

The End of an Era? Regulators Expect to Know Who Is Transacting in Virtual Currencies

Turning to his “primary theme,” Blanco stated that the United States expects financial institutions to comply with the Travel Rule – full stop. There is no exception for virtual currency transactions. The Rule requires institutions processing virtual currency transactions valued at $3,000 or more to pass on and retain certain identifying information – including names, addresses, and account numbers – of both transaction counterparties to the next financial institution in the transaction chain. Blanco praised steps taken by FATF last June to establish international standards that are consistent with the U.S. Travel Rule.

The Travel Rule’s application to virtual currency transactions has been a source of resentment for Blockchain advocates who view the technology’s unique ability to facilitate anonymous transactions as one of its most revolutionary attributes. However, others have embraced the Rule for the role it has played in legitimizing the use of virtual currencies by law-abiding, mainstream actors as a safe alternative to traditional currencies.

Blanco’s comments make clear that FinCEN is firmly in the latter camp and views the Travel Rule as a key enforcement tool to prevent the proliferation of black markets and other illicit uses of Blockchain technology. In his words, “[a]ny asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”

Blanco reported that recordkeeping violations – such as violations of the Travel Rule – are the most common violations that FinCEN’s delegated IRS examiners have found being committed by money services businesses engaged in virtual currency transmission. Nevertheless, he stated that he is optimistic about the growth of cross-sector organizations and working groups focused on improving compliance with the Travel Rule and developing complementary international standards. Blanco stressed the importance of collaboration between government, law enforcement, and private companies, both during the COVID-19 pandemic and beyond. Blanco explained that it is the shared responsibility of the public and private sectors to ensure that virtual currency “technology does not get hijacked by criminals” to become a “conduit for crime, hate, and harm.”

Help Us to Help You

Blanco closed with an invitation to the private sector to strengthen its collaboration with regulators and law enforcement to combat illegal uses of virtual currencies. Since 2013, FinCEN has received nearly 70,000 Suspicious Activity Reports (“SARs”) involving virtual currency exploitation, over half of which came from the virtual currency industry. Those SARs are critical to FinCEN’s and law enforcement’s efforts to combat criminality and FinCEN’s efforts to educate industry participants about trends in illicit virtual currency use through its advisory and FinCEN Exchange programs.

Despite these efforts, Blanco explained that “[r]isks associated with anonymity-enhanced cryptocurrencies, or AECs, remain unmitigated across many virtual currency financial institutions.” FinCEN and its delegated IRS examiners are taking a close look at the AML/CFT controls on transactions in virtual currencies, and Blanco advised his audience to consider whether their controls are adequate to fulfill their duties to maintain risk-based AML programs. Blanco explained that FinCEN is also taking seriously the rise in foreign money services businesses seeking to do business with U.S. persons or operating in the U.S. without complying with U.S. AML regulations. Put simply, “[i]f you want access to the U.S. financial system and the U.S. market, you must abide by the rules.”

IRS Hints at Form 8938 Requirements for Reporting Crypto Assets Held at a Foreign Exchange

With the emergence of digital assets, the question has arisen whether digital assets held in “wallets” in foreign exchanges need to be reported on Internal Revenue Service (IRS) Form 8938, Statement of Specified Foreign Financial Assets. Form 8938 is the IRS counterpart for the FBAR, or Foreign Bank Report, which certain holders of foreign bank accounts must file with FinCEN. Form 8938 was added as part of the HIRE Act at the same time the Foreign Account Tax Compliance Act (commonly known as FATCA) was adopted in 2010. The penalty for a failure to file Form 8938 is $10,000. However, it is not clear that Form 8938 applies to digital assets.

The answer requires one to dig through the underlying statutes and the instructions to Form 8938. We start with Internal Revenue Code Section 6038D, which requires reporting of “specified foreign financial assets.” Under Code Section 6038D, a “specified foreign financial asset” is (1) a financial account maintained by a foreign financial institution and (2) one of the following foreign financial assets if they are held for investment and not held in an account maintained by a financial institution: (a) any stock or security issued by a person other than a United States person; (b) any financial instrument or contract held for investment that has an issuer or counterparty other than a United States person, and (c) any interest in a foreign entity. The term “financial account” means, with respect to any financial institution, (a) any depository account, (b) any custodial account and (c) any equity or debt interest in such financial institution (other than interests regularly traded on an established securities market).

One issue for digital asset holders is whether a person who holds such assets in a wallet maintained at a foreign exchange is holding an asset in a “foreign financial institution.” What is a financial institution? This is defined in Code Section 1471(d)(5) as an entity that (a) accepts deposits in the ordinary course of a banking or a similar business, (b) as a substantial portion of its business, holds “financial assets” for the account of the others, or (c) is engaged (or holds itself out as being engaged) primarily in the business of investing, reinvesting or trading in securities, partnership interests, commodities or any interests in such securities, partnership interests or commodities. A foreign financial institution includes investment vehicles such as foreign mutual funds, foreign hedge funds and foreign private equity funds. Very generally, financial assets are securities, commodities, notional principal contracts, insurance contracts, or annuity contracts or interests in any of the foregoing. Both the terms “security” and “commodity” are defined by reference to Code Section 475, a section of the Code that was adopted in 1993, preceding the emergence of digital assets. For example, gold is a commodity under this provision, and anyone holding gold in an offshore account would need to report the account. Should the same rules apply to bitcoin or bitcoin gold held in a wallet in an offshore exchange? The IRS has not yet taken a position on whether cryptocurrency is a security or a commodity, which it could do by a regulation or a notice. This is key to the analysis of whether or not the crypto exchange is a foreign financial institution.

At least one recent, unofficial statement provides insight into the IRS’s thinking on the reporting obligation on Form 8938. Recently, according to Tax Notes, an IRS official was asked if the IRS will assess penalties against taxpayers who haven’t been disclosing digital assets on Form 8938, and the official responded that, if taxpayers had been reporting taxable cryptocurrency transactions on their returns during prior years and properly filed Form 8938 going forward, the IRS probably would not pursue them for prior tax years. Of course, this is merely an unofficial statement, and the IRS could formally decide otherwise or examiners could take different positions during the course of an exam. Either way, taxpayers that have not been reporting their cryptocurrency transactions should file Form 8938 as soon as possible and consider filing amended returns.

Information reporting is certainly a key issue for the IRS that will drive the tax compliance process. In a sign of the attention that the IRS is giving to the reporting, the draft version of IRS Form 1040, Schedule 1, now includes a question regarding financial interests in “virtual currencies,” much like the question relating to ownership of foreign bank accounts presently on Schedule B.

The SEC’s Second No-Action Relief for Digital Tokens: Meaningful Relief or a Wolf in Sheep’s Clothing?

Pocketful of Quarters, Inc. (PoQ) is the second-ever recipient of no-action relief from the Division of Corporation Finance of the Securities and Exchange Commission for the issuance of “Quarters.” Quarters are a digital arcade token that is usable, like its conventional physical counterparts, across participating games and platforms. This no-action relief evidences a more thoughtful and sophisticated approach to the regulation of digital tokens and, in that respect, is welcome news to an industry that has been adrift since SEC Chairman Clayton’s statement in December 2017 that “[b]y and large, the structures of initial coin offerings that [he has] seen promoted involve the offer and sale of securities.” This no-action relief, though arguably unnecessary because Quarters are clearly not securities, confirms that certain classes of tokens are not subject to the requirements of the federal securities laws. Moreover, the conditions and restrictions imposed by the no-action letter on the issuance and use of Quarters are so onerous that the relief granted, while reaffirming, is not groundbreaking.

In the no-action relief, the Chief Legal Advisor to FinHub indicated that, subject to conditions, the Division would not recommend enforcement action to the Commission if PoQ offers and sells Quarters without registering the tokens as securities under Section 5 of the Securities Act and Section 12(g) of the Exchange Act. Some of the more significant conditions are:

  • The Quarters will be immediately usable for their intended purposes (gaming) at the time they are sold;
  • PoQ will restrict the transfer of Quarters through technological and contractual provisions governing the Quarters and the Quarters Platform that restrict the transfer of Quarters to PoQ or to wallets on the Quarters Platform;
  • Gamers will only be able to transfer Quarters to addresses of Developers with Approved Accounts or to PoQ in connection with participation in e-sports tournaments;
  • Only Developers and Influencers with Approved Accounts will be capable of exchanging Quarters for ETH at pre-determined exchange rates by transferring their Quarters to the Quarters Smart Contract;
  • Quarters will be made continuously available to gamers in unlimited quantities at a fixed price;
  • PoQ will market and sell Quarters to gamers solely for consumptive use as a means of accessing and interacting with Participating Games.

Considered as a whole, these conditions are so restrictive and duplicative that they raise doubt as to the necessity of the relief. For example, since Quarters will be made continuously available in unlimited quantities at a fixed price, no reasonable purchaser can expect the price of Quarters to increase and therefore cannot expect to profit from the purchase of Quarters. Accordingly, the transfer and secondary market trading restrictions are superfluous, and by highlighting them as a condition of the relief, CorpFin is effectively imposing conditions on a non-security.

Commissioner Hester Pierce raised a similar concern regarding the staff’s issuance of the first token no-action letter to TurnKey Jet, a charter jet company that sought to tokenize gift cards that could be used to charter its jet services. She stated that the offering of Turnkey tokens is so “clearly not an offer of securities that I worry the staff’s issuance of a digital token no-action letter . . . may in fact have the effect of broadening the perceived reach of our securities laws.” She continued by stating that the Turnkey no-action letter “effectively imposed conditions on a non-security.” Nevertheless, the Quarter’s no-action relief should be touted because it reestablishes the possibility of issuing a digital token that is not a security.

There are three additional aspects of PoQ’s letter requesting no-action relief that merit special attention: (i) the two-tiered token approach used by PoQ; (ii) the built-in token economics managed by a smart contract; and (iii) the condition that KYC/AML compliance reviews must be made at account initiation and on an ongoing basis.

First, Quarters are the second class of tokens that PoQ will issue, but the only one for which it sought no-action relief. PoQ conceded that the first class of tokens PoQ issued, “Q2 Tokens,” are securities, which were sold to investors through an exempt offering to raise funds to build the Quarters platform. The holders of the Q2 Tokens will benefit from the sale of Quarters by receiving, ratably, 15% of the funds collected from the sale of Quarters. This, or a similar, structure could prove beneficial to other investors that purchased tokens through an exempt offering and are now waiting for a return on their investment.

Next, the no-action relief implicitly approves the token economics of the PoQ network. According to PoQ’s letter requesting no-action relief, a portion of the funds received from the sale of Quarters will be used to compensate developers, influencers and Q2 Token holders in ETH. The funds distribution process will be managed by a smart contract. If Quarters are purchased with fiat currency, PoQ will transfer an equivalent amount of ETH to the Quarters Smart Contract upon such purchases for the purposes of such compensation.

Last, the no-action request raises, but leaves unanswered, a question pertinent to all token issuers: whether PoQ or any participant on the Quarters Platform must register with FinCEN as a money services business. Although this question is left unanswered, it appears that PoQ has built in some processes that would be required if it were a registered MSB. For example, a condition of the no-action relief states that: “to create an Approved Account, Developers and Influencers will be subject to KYC/AML checks at account initiation as well as on an ongoing basis.” In addition, the no-action request explains that purchases of Quarters through the PoQ Website “will occur via a licensed payment processor.” Similarly, purchases made through the Apple App store and Google Play store will occur via the standard payment processing solutions generally applicable to purchases made through those platforms; it is possible that this system was put in place to take advantage of one of the money transmitter exemptions such as the payment processor exemption. For the time being, however, it appears that PoQ has not registered with FinCEN; PoQ does not appear as a registered entity on FinCEN’s MSB Registrant database.

Though restrictive in its terms, the Quarters no-action relief demonstrates the SEC’s willingness to engage with token issuers and permit use of cryptocurrency outside of the SEC’s regulation, although the agency does not appear ready to give the concept free reign.

FinCEN’s New Guidance for Cryptocurrency Businesses – Some Questions Answered, Some New Questions Raised, Careful Consideration a Must

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) released new guidance to clarify when the Bank Secrecy Act (BSA) will apply to businesses that involve cryptocurrencies (what FinCEN refers to as convertible virtual currencies, or CVCs). The BSA imposes anti-money laundering obligations on various U.S. financial institutions, including “money services businesses” (MSBs). Under the BSA, businesses that transact in cryptocurrencies may qualify as money transmitters, a type of MSB. Whether a business qualifies is important. An MSB must register with FinCEN, implement anti-money laundering controls, and ensure ongoing compliance with recordkeeping and reporting requirements (potentially an expensive and burdensome exercise) – the consequences of failing do so can be severe. But determining which such businesses qualify has been difficult, leaving many in the crypto industry uncertain as to their regulatory status.

FinCEN previously sought to aid in this analysis when it issued guidance in 2013 on the application of the BSA to “persons administering, exchanging, or using virtual currencies.” Although it provided some insight into how FinCEN viewed the cryptocurrency industry, that guidance seemed to raise as many questions as it answered. Various administrative rulings – in which FinCEN publicly advised certain businesses as to whether they were MSBs – helped to answer some of those questions. But those narrow rulings have been few and far between and can provide only limited guidance for a rapidly evolving industry. Through public statements, government officials have also sought to clarify how the BSA might apply to crypto businesses. In particular, a February 2018 letter from a senior Treasury Department official to Senator Ron Wyden suggested that almost all ICOs will constitute BSA-regulated money transmission.

FinCEN’s new guidance “consolidates current FinCEN regulations, and related administrative rulings and guidance issued since 2011, and then applies these rules and interpretations to other common business models involving CVC engaging in the same underlying patterns of activity.” In doing so it takes a step in the right direction, providing greater clarity as to FinCEN’s interpretation of its own regulations (at least to the extent your business model is one of the many covered). For example, the guidance describes why the provider of a hosted wallet likely will be an MSB by virtue of its exercise of total independent control over a customer’s cryptocurrency, whereas the provider of an unhosted wallet that vests the customer with total independent control likely will not. Similarly, the guidance explains that the operator of a trading platform that merely provides a forum where buyers and sellers can post bids and offers likely would not be an MSB, while the operator of a trading platform that additionally acts as an exchanger in consummating transactions between buyers and sellers likely would be. But gaps in FinCEN’s analysis still linger, new questions are raised, and it remains to be seen how useful this guidance will be as technology continues to advance and new and creative business models get off the ground.

And although the guidance signals that FinCEN is thinking about how the federal anti-money laundering laws apply to the cryptocurrency community, it does not signal how aggressive FinCEN will be in enforcing those laws against businesses that deal with cryptocurrency. To date, there have been just a handful of enforcement actions in the industry, including a civil penalty assessed against a peer-to-peer exchanger in April, which we previously discussed. One thing certain is that, in assessing potential BSA enforcement actions, FinCEN will rely heavily on this new guidance and expect businesses dealing in cryptocurrency to do the same. Persons and entities operating in this industry should evaluate (or reevaluate) whether they qualify as an MSB because of crypto-related activities in light of this new guidance.

FinCEN Shows a Little Bite to Go with Its Bark

Last week, the Financial Crimes Enforcement Network (FinCEN) backed up its strong public statements about enforcing the anti-money laundering (AML) laws with respect to cryptocurrency by bringing an enforcement action against an individual for violating the Bank Secrecy Act (BSA).

FinCEN, a bureau within the U.S. Department of Treasury tasked with safeguarding the financial system from illicit use and combating money laundering, has not been shy about expressing interest in blockchain and cryptocurrency issues. In a recent speech, Director Kenneth A. Blanco explained that “FinCEN has been at the forefront of ensuring that companies doing business in virtual currency meet their AML/CFT obligations regardless of the manner in which they do business.” He added that FinCEN “will continue to work with the SEC and CFTC to ensure compliance in this space and will not hesitate to take action when we see disregard for obligations under the BSA.” But FinCEN enforcement actions involving cryptocurrency activities have been infrequent. Since its landmark action against Ripple Labs in 2015, FinCEN’s only enforcement proceeding in this area was brought in 2017 against virtual currency exchanger BTC-e and its owner.

That changed last week when FinCEN assessed a civil penalty against Eric Powers, a “peer-to-peer exchanger” of virtual currency, for violations of the BSA. In agreeing to pay a $35,350 penalty, Powers admitted that he willfully violated the BSA by failing to (i) register as a money services business (MSB), (ii) implement written policies and procedures for ensuring BSA compliance, and (iii) report suspicious transactions and currency transactions.

The Powers action does not provide much insight into one of the more difficult questions a company whose business involves virtual currency faces: whether it qualifies as an MSB that is subject to the BSA. FinCEN guidance from 2013 indicates that the BSA generally will apply to “exchangers” and “administrators” of convertible virtual currencies. Unlike many virtual currency companies, Powers seems to have clearly fit within FinCEN’s definition of an exchanger – through online postings he advertised his intention to purchase and sell bitcoin for others, and he completed purchases and sales by delivering or receiving currency in person, through the mail, or via wire transfer. But in establishing that the BSA applied to Powers, FinCEN leans heavily on the 2013 guidance. That guidance in many ways is imprecise or unclear and it continues to create uncertainty as blockchain technology and virtual currency business models continue to evolve. But the Powers assessment confirms that other entities operating in the cryptocurrency space nevertheless should continue to evaluate their BSA obligations through the lens of that guidance to the extent possible.

Unlike those assessed against Ripple and BTC-e, the financial penalty assessed against Powers was relatively small. This might be because Powers was a natural person (potentially with a lesser “ability to pay” than larger incorporated entities), conducted a fairly small-scale operation, and paid larger sums as part of an earlier civil forfeiture action brought by the Maryland U.S. Attorney. While those considerations warranted a lesser penalty in Powers’s case, FinCEN very well could apply the same law, guidance, and reasoning underlying the assessment to more extensive cryptocurrency operations. Director Blanco’s recent comments regarding FinCEN’s priorities and this latest enforcement action suggest that FinCEN likely will do just that. In other words, we wouldn’t be surprised if FinCEN brings more enforcement actions – levying more severe penalties – to enforce the BSA in the cryptocurrency industry. Persons and entities operating in this industry thus should focus on assessing their potential BSA obligations early and take affirmative steps to comply if required.