Blockchain Compliance


FinCEN Cryptocurrency Regulation: All You Need To Know

Aug 7, 2023




13 min read

Businesses engaging in activities involving virtual currencies are subject to a number of obligations by relevant US Federal authorities, including the Financial Crimes Enforcement Network (FinCEN) and the US Department of the Treasury (Treasury).

These obligations include registration as a regulated entity, recordkeeping, reporting, and other anti-money laundering (AML) prescriptions set out by the Bank Secrecy Act and its associated implementing regulations (BSA).

Given the recent rapid rise and development of financial technology, FinCEN has also issued guidance dealing specifically with virtual currencies and related activities. To gain a deeper understanding of BSA and FinCEN cryptocurrency regulation and approach, we’ve compiled key information points in a series of three articles.

Firstly, let’s analyze the basics of FinCEN cryptocurrency regulation.

InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013. If you need assistance with compliance or fintech regulations, click here.

FinCEN Crypto Regulation
FinCEN Crypto Regulation

Who Regulates Crypto in the USA?

When dealing with any regulatory landscape, the first important step is to know which regulatory bodies make the rules. When it comes to cryptocurrency in the United States, these are:

  • Financial Crimes Enforcement Network (FinCEN): FinCEN regulates all crypto assets for purposes of AML and combating the financing of terrorism.

  • US Securities and Exchange Commission (SEC): the SEC regulates those crypto assets that could be considered to be securities under the Howey test.

  • The Commodity Futures Trading Commission (CFTC): The CFTC regulates those virtual currencies that could be considered commodities.

  • Officer of the Comptroller of Currency (OCC): The OCC is in charge of regulating banks that participate in the ecosystem of cryptocurrencies.

What are Cryptocurrencies for FinCEN?

FinCEN defines “virtual currency” (cryptocurrency) as a “medium of exchange that can operate like currency but does not have all the attributes of ‘real’ currency… including legal tender status.” Furthermore, FinCEN uses the term “convertible virtual currency” (CVC) to describe a kind of virtual currency that either:

  1. Has an equivalent value as ‘real’ currency; or

  2. Acts as a substitute for ‘real’ currency.

Consequently, CVCs are those virtual currencies that could be exchanged for real, hard currency. CVCs include the majority of existing cryptocurrencies, like Ethereum or Bitcoin, with the exception of digital assets with legal tender status (i.e. China’s digital yuan). This definition also includes stablecoins, such as Dai or Tether. As relative newcomers to the scene, these are digital assets designed to maintain a stable market price by tethering the value of the cryptocurrency to an external framework, like a fiat currency.

FinCEN has issued guidance and has provided advisory publications to clarify the application of the BSA to business models that are becoming more prominent. Two instances of such FinCEN crypto advisory publication endeavors are important to keep in mind:

  • In 2013, FinCEN became the first U.S. regulatory agency to issue interpretive guidance on virtual currencies. Here, FinCEN sought to clarify the application of BSA to “users,” “administrators,” and “exchangers” of virtual currency.

  • In 2019, FinCEN issued CVC guidance, thus consolidating all of the associated administrative rulings and guidance for the 2011–2019 period. With this guidance, FinCEN provided its interpretation of the BSA juxtaposed against many activities involving CVCs.

Four Important Money Services Business Considerations for FinTech Companies

With cryptocurrencies becoming more widespread and veering on the cusp of mass adoption, companies must take into account all regulatory implications of engaging in virtual currency activities. Crucially, it is important to:

1. Determine whether your company is a Money Services Business

The BSA states that a Money Services Business (MSB) is a legal “person wherever located doing business, whether or not on a regular basis or as an organized or licensed business concern, wholly or in substantial part within the United States,” functioning in any of the capacities which the act enumerates. This includes operating in the capacity of a “money transmitter.”

In general, a money transmitter is a “person that provides money transmission services,” which includes “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.”

Under the BSA, it is also established that natural persons acting as money transmitters but not for profit and not on a frequent basis—such as consumers using payment apps—are exempt from having an MSB status.

FinCEN’s 2013 Virtual Currency Guidance mandates that virtual currency users that acquire CVCs for purchasing goods or services are not an MSB. However, administrators of virtual currency that accept and transmit CVCs or buy or sell CVCs do qualify as money transmitters and are, as such, subject to BSA requirements for MSBs.

Additionally, the FinCEN 2019 guidance on CVCs establishes that qualification as an MSB is mainly contingent on one’s activities and not any formal business status. The 2019 guidance does state that the BSA applies to some common business models, for example, peer-to-peer exchangers or certain decentralized applications. It does not, however, remove all doubts, with the onus ultimately on individual companies to determine whether the MSB qualification applies.

2. Ensure your MSB has registered with FinCEN

If you determine your company to be an MSB and are operating in the U.S., you must register as such with FinCEN. This is the first crucial step for ensuring your operational framework is BSA compliant. The registration is done via FinCEN’s BSA E-Filing System and FinCEN Form 107.5. This registration must be renewed biannually. Failure to register as an MSA could result in the company being subjected to monetary penalties and even criminal prosecution.

Fines for failing to register can be quite steep. For example, in 2015, FinCEN found that Ripple Labs “willfully violated the mandatory registration requirement for MSBs,” among other things. Ripple Labs and its subsidiary XRP II LLC were required to pay $700,000 in penalties for multiple BSA violations. Additionally, FinCEN referred the issue to the US Attorney’s Office for the Northern District of California, for resolving any potential criminal charges.

3. Ensure your MSB has a quality AML program

All MSBs must have an effective, risk-based AML program in writing. There are certain minimum requirements for these programs. MSBs must devise, deploy, and keep in place an AML program that is sufficient to refrain the MSB from money laundering and terrorism financing activities.

These AML programs must be adequate to cater to unique risks associated with money laundering and the factual conditions of the MSB – for example, the geographic areas in which it operates, the structure of its client base, and the types of goods, services, and products it offers.

It is prudent for an MSB to consult with the most up-to-date list of “jurisdictions with strategic deficiencies in their AML regimes,” published by the Financial Action Task Force (FATF). Additionally, MSB AML programs must fulfill the aforementioned minimum requirements, including training all relevant personnel on their AML responsibilities, having a designated AML compliance officer, and having an independent audit function in place to ensure proper reviewing of the AML program’s appropriateness.

4. Ensure your MSB is compliant with all recordkeeping and reporting requirements

All MSBs face a large number of BSA recordkeeping and reporting requirements. For example, most MSBs must submit a suspicious activity report (SAR) via FinCEN Form 111 regarding activities or transactions related to potential legal and regulatory violations.

In the case that an MSB knows, suspects, or has a reason to suspect the existence of suspicious transactions that are conducted or attempted to be conducted by, at, or through an MSB – and that involve, or aggregate, funds or assets worth $2000 or more – the MSB must file a SAR.

FinCEN Funds Transfer Rule

The FinCEN Funds Transfer Rule is also known as the Travel Rule that requires financial institutions to collect and retain certain information related to funds transfers and transmittals. On March 15, 2019, FinCEN Director Kenneth A. Blanco was speaking at a Blockchain Symposium when he stated that the FinCEN Funds Transfer Rule should apply to all CVCs. Mr. Blanco also stated that: “FinCEN, through delegated examiners at the Internal Revenue Service, has been conducting examinations that include compliance with the Funds Travel Rule since 2014. In fact, to date, it is the most commonly cited violation by the IRS against MSBs engaged in CVC money transmission”.

Mr. Blanco’s comments were made following the release of FinCEN’s 2019 guidance on the application of AML rules, including the Travel Rule, to businesses engaging in virtual currency activities. Moreover, in the same year, the Financial Action Task Force (FATF), which combats money laundering and terrorism financing, issued its FATF Recommendation 16, which requires Virtual Asset Service Providers to share Know-Your-Customer (KYC) and Personal Identifiable Information data between the transacting receivers and senders before the transaction is executed. Virtual Asset Service Providers are, among others, cryptocurrency exchanges, custody providers, and Bitcoin ATMs.

Recordkeeping and Travel Rules

In 1995, the Board of Governors of the Federal Reserve and FinCEN issued a joint Rule for banks and other non-bank financial institutions. This Rule had to do with the information required to be included on transfers of funds and is made up of two parts – the Recordkeeping Rule and the Travel Rule.

The Recordkeeping Rule mandates that financial institutions collect and keep hold of the very same information that the Travel Rule pertains to. The Travel Rule mandates that each time a transfer of funds occurs, certain information has to be passed along and “travel” to each following financial institution in the transfer chain. To be compliant with the FinCEN Funds Transfer Rule, the following information is needed:

  • The name of the transmitter

  • The account number of the transmitter

  • The address of the transmitter

  • The identity of the financial institution

  • The transferred amount

  • The transfer date

FinCEN made clear that the financial institution of the recipient should retain the same information as the originator, as long as that information has been provided by the originating MSB.

2020 Modifications and Updates to the Rules

The Board of Governors of the Federal Reserve System and FinCEN issued a joint Notice of Proposed Rulemaking (NPRM) in October of 2020. The authorities sought to gather public comments on proposed amendments seeking to modify the Recordkeeping and Funds Transfer Rules by:

  • Lowering the requirement for collecting, retaining, and transmitting information when transferring and transmitting funds from $3,000 to $250, in the case where transactions are ending or have begun outside of the U.S.

  • Including CVCs in the existing definition of money

Later, in December of 2020, FinCEN issued an NPRM that would mandate cryptocurrency exchanges, banks, and MSBs to gather KYC data on any person transferring crypto equivalent to or greater than $3,000 in value, both from or to a private wallet. The NPRM would also require MSBs and banks to gather, maintain, and report all information about customers that take part in virtual currency transactions with unhosted wallets.

Equivalent requirements would also be placed on hosted wallet transactions held by a financial institution to which the BSA does not apply and that are located in any of the jurisdictions found on the FinCEN Foreign Jurisdictions List.

The NPRM would mean that impacted businesses would have to increase their KYC efforts - by collecting and storing data on, as well as reporting on more transactions than ever before. This would only increase the pressure on companies to invest more efforts in order to remain compliant.

Implementing a Risk-Based Approach to Prepare for FinCEN’s Funds Transfer Rule

The Funds Transfer Rule could structurally change how Virtual Asset Service Providers operate going forward. As documented by FATF, the best way of preparing for this is for cryptocurrency exchanges to utilize a risk-based approach based on FinCEN’s guidelines and have clear and defined procedures and policies in place. For example:

  1. Risk-assessing unhosted wallets. Incorporating risk assessment into the AML program of a crypto organization allows for higher levels of both protection and detection of suspicious unhosted wallet transactions. Using software that enables denial and freezing of transactions to achieve compliance is highly recommended.

  2. Third-party risk management. Having risk management procedures and standards for dealing with third parties will help transactions to be communicated within the ambit of BSA guidelines.

  3. Analyzing the market. Smaller firms should assess their market position with the utmost care and caution to ensure optimal doing of business. Making sure that best industry practices are being employed in order to prevent regulatory probes and, consequently, financial and reputational damage is of paramount importance.

The best way to ensure compliance with FinCEN Funds Transfer Rule is to have a strong Customer Due Diligence (CDD) and KYC process that collects crucial information while onboarding customers. The most advisable course of action is to engage an established, experienced expert on the matter, thus ensuring that your business is in good hands and remains fully compliant.

FinCEN Customer Due Diligence Rule

The FinCEN Customer Due Diligence Rule (CDD) amended BSA regulations to improve financial transparency and help prevent terrorists and other criminals from abusing companies to mask their illegal activities and launder money.

The CDD clarifies and reinforces customer due diligence requirements for U.S. banks, mutual funds brokers or dealers in securities, and futures commission merchants while introducing brokers in commodities and adding another requirement. It places a new requirement on covered financial institutions to identify and confirm the identity of natural persons who are the ultimate beneficial owners of legal entities that control, own, and make profits from companies when accounts are opened.

There are four core requirements in the CDD Rule. Covered financial institutions are required to set up and maintain written policies and procedures that are devised to:

  1. Identify and verify customer identity

  2. Identify and verify the identity of ultimate beneficial owners of those companies that open accounts

  3. Develop customer risk profiles and, to that end, understand the underlying customer relationships, their nature, and purpose

  4. Perform ongoing monitoring to identify and report any and all suspicious transactions and to maintain and renew customer information based on risk.

For the purposes of these new requirements concerning beneficial ownership relations, financial institutions have to focus on any and all individuals that own a stake of 25% or more in a company and those who exert control over a company.

Need help with blockchain compliance?

Fill out the form below and our experts will get back to you.

FinCEN Ruling Examples

Finally, to help further illustrate the landscape of FinCEN cryptocurrency regulation, we’ve created a short, non-exhaustive compendium of some FinCEN rulings. The following is an instructive list. Careful considerations must be provided for each and every aspect of your business and corporate operations based on your company’s individual requirements.

1. Regulation: FIN 2014 R001

Situation: A company mines bitcoin, and the coins that were mined have not yet been transferred or use. The company could decide to: use the coins to procure goods/services, convert coins into legal tender, or transfer coins to the company owner.

Ruling: The company is a user of bitcoin and not an MSB if the mined coins are: for paying for goods/services or previously incurred debts, or for being distributed to owners, or if fiat currency or another virtual currency is purchased, as long as the currency is only used for making payments or invest.

2. Regulation: FIN 2014 R002

Situation: A company produces software that enables virtual currency purchase via automated collection of funds and payment in currency or legal tender. The company limits activities to convertible virtual security investments for its own account.

Ruling: The company is a user of the currency and not an MSB if it invests in convertible virtual currency for its own account. Any transfers to third parties on account of its counterparties, owners, or creditors could cause an MSB designation.

3. Regulation: FIN 2014 R007

Situation: A company rents mining systems to third parties, allowing them to mine virtual currencies. The system was devised by the company, and the third party provides mining pool information. All virtual currency the third party mines stays with it.

Ruling: The company is not an MSB if it solely rents the system to the third party, thus allowing it to obtain convertible virtual currency to fund exchange activities.

4. Regulation: FIN 2014 R011

Situation: A company sets up a trading platform for buying/selling virtual currency for legal tender. The company maintains a set of accounts for customers to deposit funds in, to cover exchanges - customers submit orders to sell or buy and the platform matches buy/sell orders. The company prohibits third party funding, payments from a customer to a third party, or inter-account transfers.

Ruling: The company is an MSB because it exchanges virtual currency. It is not a user because it accepts CVC from one person and transfers it to another.

5. Regulation: FIN 2014 R012

Situation: A company sets up a virtual currency payment system for merchants wanting to be paid in, for example, bitcoin, from their customers. The company provides payments to merchants in their own jurisdiction. The company receives payment from buyers in legal tender and transfers the equivalent amount of the virtual currency to the seller.

Ruling: The company is an MSB due to it accepting currency, funds, or other value that substitutes for currency from one person and transfers it to another location or person.

6. Regulation: FIN 2015 R001

Situation: A company provides internet brokerage services for buyers/sellers of precious metals. The company buys/sells precious metals on its own account and holds metals for buyers in a digital wallet on a blockchain. The company obtains transaction fees for transfers of digital certificates as well as a custody fee for metals held.

Ruling: The company is an MSB due to the use of customer-third party transfer of funds.

Listen to the Experts

With all of these numerous requirements, regulatory bodies, and regulations, developing a robust corporate compliance department is crucial.

If your company is a FinTech, or if you’re considering implementing Fintech solutions within your existing business structure, consider reaching out for outside expertise and experience. Engaging a specialized professional to craft a custom compliance solution like InnReg will not only save costs for your company but will actively put it ahead.

To access a more detailed, in-depth pool of analytical knowledge, contact InnReg today and consult a qualified, highly-experienced external expert on the matter. InnReg can help you and your business ensure a high level of ongoing FinCen cryptocurrency compliance while maintaining an optimal corporate structure that supports a good balance of costs and profits.

How Can InnReg Help?

InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.

We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.

If you need help with blockchain compliance, reach out to our regulatory experts today:

Published on May 30, 2022


Last updated on Aug 7, 2023

Latest LinkedIn Posts