Crackdown on Crypto Licensing: Regulators Target Fintechs Without Proper Registration
July 31, 2024
The Case
In 2024, we’ve witnessed a series of enforcement actions targeting cryptocurrency-focused fintech companies that provide legitimate services but fail to obtain proper licensing or registration.
Recent cases illustrate a growing trend in which federal and state regulators take swift action against firms operating without the necessary approvals. This crackdown underscores the importance of compliance with regulatory requirements for all virtual asset service providers in the US.
In March 2024, the Securities and Exchange Commission (SEC) charged a prominent cryptocurrency trading platform with acting as an unregistered dealer.
The SEC's action against this platform, which provides an online crypto asset trading service, highlights the agency's focus on ensuring that trading platforms and related services comply with US securities laws. Just a few months earlier, in February 2024, the SEC charged another crypto firm for failing to register the offer and sale of a crypto lending product that allowed investors to earn interest by depositing crypto assets.
The crackdown is not limited to the SEC. In March 2024, the Commodity Futures Trading Commission (CFTC) filed a civil enforcement action against a major crypto exchange for not registering as a swap execution facility and failing to implement adequate anti-money laundering (AML) protocols. Later, in May 2024, the CFTC charged another firm with not registering as a futures commission merchant while offering US persons access to digital asset derivative trading platforms.
In June 2024, state financial regulators also took action against a crypto company operating a mobile application for trading digital assets. The company was ordered to cease certain operations in the US and reimburse customers with virtual assets valued at $81.1 million due to its failure to obtain necessary licensing from 25 state financial regulators.
Regulatory Implications
Despite the lack of a clear overarching regulatory framework for crypto companies, these enforcement actions illustrate a clear trend: if a fintech company dealing in virtual assets plans to provide services to US customers, it must be registered or licensed with the appropriate federal and state regulators. The SEC, CFTC, Department of Justice (DOJ), and various state regulators have made it clear that non-compliance will lead to severe penalties, including cease-and-desist orders, fines, and requirements to reimburse customers.
The common theme emerging from these cases is that regulatory bodies expect fintech firms to maintain robust Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance programs. Registration requires demonstrating a company's ability to implement comprehensive BSA/AML and sanctions compliance programs. As seen with recent actions, failure to meet these requirements can lead to substantial legal and financial repercussions.
Practical Guidance for Firms
To avoid regulatory scrutiny and potential enforcement actions, cryptocurrency-focused fintech companies must prioritize licensing, registration, and compliance. We’ve provided critical steps for developing an effective AML and sanctions compliance program:
Conduct a Comprehensive Risk Assessment: Companies should regularly evaluate their exposure to AML and sanctions risks by considering factors such as their customer base, geographic regions of service, and types of virtual assets offered.
Formalize and Review AML and Sanctions Programs: Companies should establish a well-documented AML and sanctions compliance program and periodically review its effectiveness.
Know Your Customer (KYC): Implement a robust KYC program that includes a Customer Identification Program (CIP), CDD, and Enhanced Due Diligence (EDD) for higher-risk customers.
Monitor Transaction Activity: Develop procedures to monitor customer transactions and identify suspicious activity, including clear guidelines on when to file Suspicious Activity Reports (SARs) with FinCEN.
Regular Compliance Training: Conduct targeted training for all employees involved in AML compliance, tailored to their specific roles.
Independent Review: Conduct an independent review of the AML program at least annually or whenever significant changes occur.
Respond to Law Enforcement Requests: Establish clear procedures for responding to law enforcement requests, such as National Security Letters, subpoenas, and administrative orders.
Sanctions Compliance: Implement controls to ensure customers and their digital asset addresses are not sanctioned by the US Department of Treasury’s Office of Foreign Assets Control (OFAC).
Since its inception in 2013, InnReg has helped fintech companies—including crypto platforms—navigate the complexities of licensing, registration, and compliance in the evolving regulatory landscape. Our team of experts assists firms in designing robust compliance frameworks and mitigating risks to avoid costly enforcement actions.
The Securities and Exchange Commission (SEC) recently penalized a broker-dealer for failing to file Suspicious Activity Reports (SARs) as required under the Bank Secrecy Act.
FINRA recently fined two broker-dealers for failing to adequately supervise and monitor trading activities to detect and prevent potentially manipulative practices.
FINRA has issued an update detailing its ongoing efforts to monitor and regulate crypto asset-related activities among its member firms.