FinCEN Proposes Crypto Reporting and Recordkeeping Requirements

FinCEN Proposes Crypto Reporting and Recordkeeping Requirements

Recently proposed regulations could present significant compliance burdens for the banks and money service businesses that engage in cryptocurrency transactions with unhosted wallets or wallets held in jurisdictions specified by FinCEN. In this LawFlash, we summarize the proposed rule and provide some key takeaways and observations on what appears to be a continuation of the trend of subjecting such transactions to the equivalent requirements found in the traditional banking system.

The Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (the Proposal) on December 18, 2020, along with a short set of FAQs regarding proposed requirements for certain transactions involving convertible virtual currency (CVC) or digital assets with legal tender status (LTDA) (commonly referred to as cryptocurrencies).

As discussed below, under the Proposal, banks and money service businesses (MSBs) would be required to submit reports, keep records, and verify the identity of customers participating in transactions above certain thresholds involving CVC/LTDA wallets not hosted by a financial institution (also known as “unhosted wallets”) or CVC/LTDA wallets hosted by a financial institution in certain jurisdictions identified by FinCEN. A “wallet” allows a user to store, send, and receive cryptocurrency.

The Proposal was made pursuant to the Bank Secrecy Act (BSA) and the proposed reporting and recordkeeping rules are similar to the rules for transactions in currency and for bank wire transfers, respectively.

Relying on the Administrative Procedure Act’s exemption from the 60-day comment period, FinCEN originally provided 15 days for public comment, or until January 4, 2021. However, FinCEN noted that it will endeavor to consider any material comments received after the deadline as well. On January 15, FinCEN extended the comment period for an additional 15 days for comments on the proposed reporting requirements, and for 45 days for comments on the requirement to report counterparty information and the recordkeeping requirements. In so doing, FinCEN noted the volume of comments received, as well as the enactment of the Anti-Money Laundering Act of 2020 (Division F) of Public Law 116-283 (AML Act), which amended 31 USC § 5312(a)(3), the definition of “monetary instruments” in the BSA, on which FinCEN proposes to rely in determining that CVC/LTDA are monetary instruments.[1]

It is clear that FinCEN would like to rapidly implement these rules, although the volume of comments that FinCEN apparently received (more than 7,500) plus the enactment of the AML Act appear to have stayed the agency’s hand for a time. We still believe that the Proposal, especially the reporting requirements, will become effective in the revised timeframe.

BACKGROUND AND RATIONALE

As we previously discussed , in 2019, FinCEN issued guidance consolidating regulations, rulings, and prior guidance about cryptocurrencies and MSBs under the BSA. Along with the 2019 guidance, FinCEN issued an advisory to assist financial institutions in identifying and reporting suspicious activity or criminal use of cryptocurrencies.

The original Proposal was issued in response to both criminal actors’ use of and the national security risks posed by certain cryptocurrency transactions. The statement accompanying the Proposal’s release explains that the US government has found that bad actors are increasingly using cryptocurrencies to “facilitate international terrorist financing, weapons proliferation, sanctions evasion, and transnational money laundering as well as to buy and sell controlled substances, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals,” and engage in ransomware attacks, all of which have increased in severity.

FinCEN also stated that this new cryptocurrency Proposal will establish controls to protect US national security from various state-sponsored threats, including state-sponsored ransomware and cybersecurity attacks, sanctions evasion, and the financing of global terrorism.

PROPOSED RULE

Reporting Requirement

The proposed reporting requirement applies to CVC and LTDA transactions between a bank or MSB and a counterparty where (1) the transaction exceeds $10,000 in value and (2) the counterparty uses an unhosted or otherwise covered wallet. The Proposal defines “otherwise covered” wallets as those held at a financial institution that is not subject to the BSA and is located in a foreign jurisdiction identified by FinCEN as a jurisdiction of primary money laundering concern, including Burma, Iran, and North Korea. Transactions between hosted wallets and transactions where the counterparty wallet is hosted by a foreign financial institution, except for a foreign financial institution in a jurisdiction listed on the Foreign Jurisdictions List, would be exempt from the requirements.

FinCEN plans to issue a value transaction report form similar to but distinct from the existing currency transaction reporting (CTR) form that will require the reporting of information on the filer, transaction, hosted wallet customer, and each counterparty. Pursuant to the Proposal, banks and MSBs will have 15 days from the date on which a reportable transaction occurs to file a report with FinCEN. The Proposal also includes an aggregation requirement if the financial institution has knowledge that a transaction is one of multiple CVC/LTDA transactions involving a single person within a 24-hour period that aggregate to value in or value out of greater than $10,000.

In its January notice extending the comment period, FinCEN reiterated that it is not modifying the regulatory definition of “monetary instruments” or otherwise altering existing BSA regulatory requirements applicable to “monetary instruments” in FinCEN’s regulations, including the existing CTR requirement and the existing transportation of currency or monetary instruments reporting requirement.

Recordkeeping and Verification Requirement

The Proposal would require banks and MSBs to keep records of a customer’s CVC or LTDA transactions and counterparties, and verify the identity of their customers, if a counterparty uses an unhosted or otherwise covered wallet and the transaction is greater than $3,000. They would also be required to verify the identity of the person accessing the customer’s account, which may be someone conducting a transaction on the customer’s behalf.

Consistent with the bank’s or MSB’s AML/CFT program, the bank or MSB would need to establish risk-based procedures for verifying their hosted wallet customer’s identity that are sufficient to enable the bank or MSB to form a reasonable belief that it knows the true identity of its customer. For example, financial institutions should check FinCEN for the registration of a counterparty that purports to be a regulated MSB and for foreign financial institutions, and “would need to apply reasonable, risk-based, documented procedures to confirm that the foreign financial institution is complying with registration or similar requirements that apply to financial institutions in the foreign jurisdiction.”

In addition, banks and MSBs would be expected to incorporate policies tailored to their respective business models should a bank or MSB be unable to obtain the required information, such as by terminating its customer’s account in appropriate circumstances.

The proposed recordkeeping and verification requirements would not apply to transactions between hosted wallets (except for otherwise covered wallets). Such transactions are already covered under existing AML requirements.

Unlike other recordkeeping requirements, the recordkeeping requirement in the Proposal would require the electronic retention of information based on the fact that such recordkeeping is the practical way in which businesses engaged in CVC or LTDA transactions are likely to track their data and the most efficient form in which data can be provided to law enforcement and national security authorities. Furthermore, the information must be retrievable by the bank or MSB by reference to the name or account number of its customer, or the name of its customer’s counterparty.

Collected Data

Under the Proposal, FinCEN expects that banks and MSBs would be able to employ a single set of information collection and verification procedures to satisfy both the reporting and the recordkeeping requirements. The data to be collected would include the following:

The name and address of the financial institution’s customer

The type of CVC or LTDA used in the transaction

The amount of CVC or LTDA in the transaction

The time of the transaction

The transaction hash

The assessed value of the transaction, in US dollars, based on the prevailing exchange rate at the time of the transaction

Any payment instructions received from the financial institution’s customer

The name and physical address of each counterparty to the transaction of the financial institution’s customer

Other counterparty information the secretary of the US Department of the Treasury may prescribe as mandatory on the reporting form for transactions subject to reporting pursuant to Section 1010.316(b)

Any other information that uniquely identifies the transaction, the accounts, and, to the extent reasonably available, the parties involved

Any form relating to the transaction that is completed or signed by the financial institution’s customer

KEY TAKEAWAYS AND OBSERVATIONS

Notably, the Proposal does not impact direct peer-to-peer (P2P) cryptocurrency transactions; rather it only imposes a reporting and recordkeeping burden on banks and MSBs. However, the requirement will indirectly affect all users of unhosted wallets that engage in any transactions with banks and MSBs, which will be required to gather information from such users in order to comply with the new rule.

FinCEN has said that these new reports will allow law enforcement agencies to protect national security by more quickly and accurately tracking money flows to identify and stop terrorist attacks, drug and human trafficking, and cybercrime. However, it is unclear whether the rule as written will accomplish these goals when parties generally set up a new wallet even for transactions that are fully compliant with the law. This can make the records kept and reported essentially useless with regard to tracking patterns of money flows to identify and stop bad actors.

As regulators continue to monitor and address cryptoassets and distributed ledger technology activities, we expect to see further guidance and regulations by FinCEN and other federal agencies in 2021 and beyond.

[1] As a result of the AML Act, the BSA now defines the term “monetary instruments” as, among other things, the value that substitutes for any monetary instrument described in the other categories.

[View source.]

Will crypto chancers finally be subjected to AML and KYC rules? An oxymoron if ever there was one - FinanceFeedsThe world’s Forex industry news source

Will crypto chancers finally be subjected to AML and KYC rules? An oxymoron if ever there was one

The US government considers cryptocurrency and the industry behind it to be a massive threat to national security and financial stability…. and they are right!

We all know that most cryptocurrency orientated enterprises are either operated by shysters, mavericks or rebels, none of whom have the background, corporate ethics or expertise of those who have spent their careers building and evolving the electronic financial markets industry.

When will the cryptocurrency silliness end?

Ever since the bow tie-wearing, waistcoat-toting mavericks began to parade their anarchistic attempts to circumvent the established financial markets system by introducing various hairbrained digital currency schemes, there has been one catastrophe after another, ranging from fake exchanges stealing from depositors to illicit marketplaces being closed down by the US Department of Justice.

Ten years is a very long time, and certainly long enough for the general public to understand that a non-existent currency traded on a non-existent exchange is the equivalent to snake oil, only with massive self-imposed volatility and leverage, making the inevitable losses more significant than simple, old fashioned snake oil.

It took a very long time. Long enough for some retail brokers to get themselves involved in trading cryptocurrency CFDs which in some cases cost them tens of millions of dollars in a short time. FinanceFeeds is privy to inside information that showed losses at two firms of $17 million and $40 million respectively within one week at the end of 2017, one of which was a publicly listed entity which hid this unfortunate scenario by reporting the entire year in one quarter, presumably to avoid shareholder furore.

Then came all the ICO fraud, and inability to withdraw from various ‘exchanges’ that the proponents who all came out of nowhere with no industry expertise and were uttering the word ‘crypto’ at every opportunity with almost foaming-at-the-mouth obsession, all of which are now either under sanctions, in jail or on the run.

Surely by now, with the penny finally dropping at the FCA, the world would finally begin to understand that any digital currency is a fraud.

There is to be no technology revolution, no bitcoin-fueled empowerment of the masses and no removal of the properly established banks and non-bank trading entities in the name of non-existent, unbacked garbage peddled under the false premise of distributed blockchain ‘fintech’.

We have seen the self-appointed ne’erdowells attempting to call regulators out on their curtailing of cryptocurrency related activities, which has come far too late, claiming that the Financial Conduct Authority’s (FCA) recent decision to ban the sale of derivatives and exchange traded notes (ETNs) linked to cryptoassets to retail customers is a huge setback for the UK in maintaining its dominant position as a global fintech hub.

Seriously? Surely they mean that it is quite the opposite, and represents a welcome and long overdue step toward protecting the entire electronic trading and financial services sector in the United Kingdom along with its clients from crypto villains.

The FCA has not given up, however, and has given rise to a number of regulators following suit.

This week, FinCEN, which is the financial regulation department of the United States Department of Treasury is now looking toward establishing a uniform Anti-Money Laundering (AML) structure for cryptocurrency transactions.

FinCEN has proposed a new rule looking to subject cryptocurrency transactions to similar AML reporting requirements placed on other financial institutions by the Bank Secrecy Act.

Through this proposed rule, FinCEN is seeking to address the illicit finance threat created by one segment of the CVC market and the anticipated growth in LTDAs based on similar technological principles. FinCEN proposes to address this threat by establishing a new reporting requirement with respect to certain transactions in CVC or LTDA, that is similar to the existing currency transaction reporting requirement, and by establishing a new recordkeeping requirement for certain CVC/LTDA transactions, that is similar to the recordkeeping and travel rule regulations pertaining to funds transfers and transmittals of funds.

FinCEN is providing a 15-day period for public comments with respect to this proposed rule. FinCEN has determined that such a comment period is appropriate for several reasons.

First, FinCEN assesses that there are significant national security imperatives that necessitate an efficient process for proposal and implementation of this rule. As explained further below, U.S. authorities have found that malign actors are increasingly using CVC to facilitate international terrorist financing, weapons proliferation, sanctions evasion, and transnational money laundering, as well as to buy and sell controlled substances, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals.

In addition, ransomware attacks and associated demands for payment, which are almost exclusively denominated in CVC, are increasing in severity, and the G7 has specifically noted concern regarding ransomware attacks “in light of malicious actors targeting critical sectors amid Covid19″.

Second, the new requirements FinCEN is proposing to adopt represent a targeted expansion of BSA reporting and recordkeeping obligations, and FinCEN has engaged with the cryptocurrency industry on multiple occasions on the AML risks presented in the cryptocurrency space and carefully considered information and feedback received from industry participants.

These engagements have included a FinCEN Exchange event in May 2019, visits to cryptocurrency businesses in California in February 2020, an industry roundtable with the Secretary of the Treasury in March 2020, and a FinCEN Exchange event on cryptocurrency and ransomware in November 2020.

FinCEN also has received outreach on unhosted wallets in response to anticipated FinCEN regulatory action, including letters from CoinCenter, the Blockchain Association, Blockchain.com, Global Digital Asset & Cryptocurrency Association, Circle, and the Association for Digital Asset Markets.

Third, although FinCEN is publishing this proposal in the Federal Record and invites public comment, FinCEN has noted that notice-and-comment rulemaking requirements are inapplicable because this proposal involves a foreign affairs function of the Start Printed Page 83842United States and because “notice and public procedure thereon are impracticable, unnecessary, or contrary to the public interest.”

The proposal seeks to establish appropriate controls to protect United States national security from a variety of threats from foreign nations and foreign actors, including state-sponsored ransomware and cybersecurity attacks, sanctions evasion, and financing of global terrorism, among others.

Furthermore, undue delay in the implementation of the proposed rule would encourage movement of unreported or unrecorded assets implicated in illicit finance from hosted wallets at financial institutions to unhosted or otherwise covered wallets, such as by moving CVC to exchanges that do not comply with AML/CFT requirements.

Given that the US Department of Justice has got involved in the past in seizing the assets of certain cryptocurrency marketplaces, and the US Treasury has expressed its dim view of cryptocurrency schemes, it is only a matter of time before this ruse gets the death knell it deserves, along with its thick-accented, foaming at the mouth advocates.

FinCEN Looks to Rein In Cryptocurrency Transactions

A new proposal would subject financial institutions and exchanges to onerous recordkeeping and reporting requirements for certain digital currency transactions.

In a surprise release in the waning days of the Trump administration, the Financial Crimes Enforcement Network (FinCEN) division of the Department of the Treasury issued a proposed rule (the Proposal) that would impose significant new obligations on market participants in the cryptocurrency and digital asset market (Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets). The Proposal “would require banks and money service businesses (MSBs) to submit reports, keep records, and verify the identity of customers in relation to transactions involving convertible virtual currency (CVC) or digital assets with legal tender status (LTDA) held in unhosted wallets, or held in wallets hosted in a jurisdiction identified by FinCEN.”

Under the Proposal, CVC and LTDA, such as Bitcoin and Ether, would be deemed ‘‘monetary instruments’’ under the Bank Secrecy Act (BSA). This classification would bring them under the BSA’s existing anti-money laundering and countering the financing of terrorism recordkeeping and reporting requirements for currency transactions. The Proposal would also establish a new recordkeeping requirement for certain CVC and LTDA transactions, similar to the recordkeeping and travel rule regulations applicable to funds transfers.

Invoking “significant national security imperatives,” FinCEN issued the Proposal to curtail what it perceives as various “illicit finance threat[s]” facilitated by anonymous transactions involving CVC and LTDA, such as money laundering, drug trafficking, terrorist financing, weapons proliferation, cybercrime, and sanctions evasion.

What Would the Proposal Require?

The Proposal would require banks and cryptocurrency trading platforms to:

Comply with enhanced know-your-customer (KYC) and recordkeeping requirements for any transactions involving unhosted wallets (i.e., self-hosted, self-custodied, or private wallets) exceeding US$3,000, including information about the customer and the counterparty

File a Currency Transaction Report with FinCEN within 15 days for any transactions involving unhosted wallets exceeding US$10,000 in a 24-hour period, including information about the customer and the counterparty

Report multiple CVC and/or LTDA transactions involving a single person within a 24-hour period if exceeding US $10,000 in aggregate, across all of a bank or MSB’s offices and records, “wherever they may be located,” in order to preclude anonymous virtual currency transactions and illicit “structuring” (breaking large transactions into smaller ones to evade reporting requirements)

Virtual currency transactions between hosted wallets held at financial institutions subject to the BSA would be exempt from these requirements.

Criticism of the Proposal

Market responses to the Proposal have been vocal and generally disapproving. In particular, commentators and market participants have made the following criticisms:

The Proposal would require companies to keep records of and report certain cryptocurrency transaction information beyond what is currently required for cash transactions.

There are significant technical barriers to requiring MSBs to collect KYC information for non-customers using unhosted wallets.

MSBs are not completely capable of determining whether a wallet is “hosted” or “unhosted,” and the Proposal may, therefore, force entities to develop a whitelist of “hosted” wallets, or worse, report information about all transactions to comply with the Proposal.

MSBs may have no existing ability to obtain and verify the identity of counterparties and persons associated with an unhosted wallet address with which the MSB’s customer wishes to transact.

The Proposal will incentivize cryptocurrency users to move away from regulated crypto transaction services and use non-custodial wallets or unregulated services outside the US to carry out transactions.

The Proposal could reduce FinCEN visibility and enforcement capability by indirectly reducing transparency of cryptocurrency transactions.

The Proposal would create an uneven playing field that will benefit more traditional financial institutions with more resources and established KYC and recordkeeping capabilities.

The Proposal could inhibit adoption of cryptocurrencies and stymie development and innovation.

The Proposal could cause US-based market participants to move operations and jobs offshore to avoid the requirements.

The Proposal could diminish America’s role and competitiveness in the digital asset space, leaving innovation to countries where greater access to blockchain technology is allowed.

The Proposal could compromise consumer privacy by requiring the collection of excess data and personally identifiable information.

The Proposal could undermine the financial inclusion benefits of the crypto economy.

The Proposal could significantly hinder fundraising by nonprofit and non-government organizations.

The Proposal is vague and introduces legal uncertainty (e.g., it is unclear whether customer IP addresses or blockchain addresses must be collected and reported along with names and addresses; it is unclear how smart contracts and DeFi platforms would be treated under the Proposal).

The Proposal fails to provide economic impact analysis and estimates for the cost of implementing the rule, contrary to common practice in proposed rulemaking.

The Proposal’s comment period is inadequate, and indicates a lack of earnestness on the part of the Treasury to engage with cryptocurrency market participants.

Finalization of the Proposal without a compliance phase-in period or delay of effectiveness will deny market participants the adequate runway needed to update internal controls, policies, and procedures.

Are the Proposal’s Provisions Inevitable?

The Proposal, published in the Federal Register on December 23, 2020, ostensibly allowed for a public comment period of 15 days from date of publication, but FinCEN stated in the release that because the Proposal involves a foreign affairs function of the US, the “notice-and-comment rulemaking requirements are inapplicable.” Thousands of markets participants from individuals to exchanges have since submitted comments.

On January 14, 2021, FinCEN announced that it was extending the comment period for two provisions of the Proposal: (i) an additional 45 days for comments on the proposed requirements that banks and MSBs report certain information regarding counterparties to transactions by their hosted wallet customers, and on the proposed recordkeeping requirements, and (ii) an additional 15 days for comments on the proposed reporting requirements regarding information on CVC or LTDA transactions greater than US$10,000.

The comment period extension comes in the wake of Congressional enactment of the National Defense Authorization Act for Fiscal Year 2021 on January 1, 2021, an omnibus bill that includes the Anti-Money Laundering Act of 2020 (the Act). Several provisions of the Act serve to update the existing anti-money laundering regime in order to help safeguard the financial system from developing threats and account for emerging technologies and payment methods, such as virtual currencies. The Act, for example, expressly includes financial institutions and businesses engaged in the exchange or transmission of “value that substitutes for currency” — such as cryptocurrencies — within the scope of regulated entities. (See The Anti-Money Laundering Act of 2020: 5 Key Takeaways.)

The extended comment period for the Proposal may indicate that on matters related to the anti-money laundering regime, the Treasury is “continuing its active engagement with the cryptocurrency industry” in good faith. Market participants are hopeful that FinCEN will consider the substantive comments and criticisms of the Proposal before making any final determinations.