The Financial Crimes Enforcement Network (FinCEN) recently issued guidance consolidating current FinCEN regulations, rulings, and guidance about cryptocurrencies and money services businesses (MSBs) under the Bank Secrecy Act (BSA). Along with the May 9 guidance, FinCEN issued an advisory to assist financial institutions in identifying and reporting suspicious activity or criminal use of cryptocurrencies.

While FinCEN said that the guidance merely restates its existing positions on cryptocurrencies under the BSA, the significance, and possible value, of the guidance is that it provides several real-world examples of current and emerging business models that use cryptocurrencies and how FinCEN regulations would apply to the models. Such examples include the following:

Peer-to-Peer (P2P) Exchangers

  • P2P exchangers are (typically) natural persons engaged in the business of buying and selling cryptocurrencies.
  • As money transmitters, per the guidance, P2P exchangers are required to comply with applicable BSA obligations, including registering with FinCEN as an MSB and complying with anti-money laundering (AML) program, recordkeeping, and reporting requirements (including filing SARs and CTRs).

Cryptowallets

  • Cryptowallets are interfaces for storing and transferring cryptocurrencies, and could include mobile wallets, software wallets, and hardware wallets.
  • The guidance outlines the following four factors used to determine if a wallet provider needs to register as an MSB:
    1. Who owns the value
    2. Where the value is stored
    3. Whether the owner interacts directly with the payment system where the cryptocurrency runs
    4. Whether the person acting as intermediary has total independent control over the value
  • Based on these factors, the guidance makes a sharp distinction between hosted and nonhosted wallets (custodial vs. noncustodial).
  • For hosted wallets, generally the owner of the currency interacts with the host and the host has total independent control over the value of the wallet (although it is contractually obligated to access the value only on instructions from the owner). To determine its specific requirements under the BSA, the host must look to the nature of the owner and the types of transactions that it channels to or from the owner.
  • Nonhosted wallets are software hosted on a person’s computer, phone, or other device that allow the person to store and conduct transactions. Generally, the value (by definition) is the property of the owner and is stored in a wallet, while the owner interacts with the payment system directly and has total independent control over the value. Insofar as the person conducting a transaction through the nonhosted wallet is doing so to purchase goods or services on the user’s own behalf, such person is not a money transmitter and is not subject to the BSA.

Cryptocurrency Kiosks

  • Cryptocurrency kiosks are described by FinCEN as ATMs for cryptocurrencies.
  • The guidance treats cryptocurrency kiosks as MSBs, meaning that an owner-operator must comply with regulations governing money transmitters.

Decentralized Applications (DApps)

  • DApps is a term that refers to software programs that operate on a P2P network of computers running a blockchain platform.
  • When a DApp performs money transmissions, the definition of money transmitter, and the requirements that go along with it, will apply to the DApp, the owners/operators of the DApp, or both.

Anonymity-Enhanced Cryptocurrencies

  • Certain cryptocurrencies (also called privacy coins) are specifically engineered to prevent their tracing through distributed public ledgers, and certain cryptotransactions are structured to conceal information otherwise generally available.
  • The guidance states that such transactions and currencies are subject to the same regulatory regime as nonenhanced cryptocurrencies.

Payment Processing Services

  • Payment processors are financial intermediaries that enable traditional merchants to accept cryptocurrencies from customers in exchange for goods and services sold.
  • According to the guidance, payment processors fall within the definition of money transmitters and would be subject to BSA requirements since they do not operate through a clearance system that admits only BSA-regulated institutions.

Internet Casinos

  • Internet casinos are virtual platforms created for betting on the possible outcome of events related to a number of gaming models, but they accept deposits and bets and issue payouts denominated in cryptocurrencies.
  • The guidance states that any person engaged in the business of gambling who is not covered by the regulatory definition of casino but accepts and transmits value denominated in cryptocurrency may still be regulated under the BSA as a money transmitter and would have to register with FinCEN.

The guidance also enumerates specific business models that, depending on the facts and circumstances, may not be MSBs, such as certain cryptocurrency trading platforms and decentralized exchanges, ICOs, cryptocurrency miners, and DApp developers.

Further, the guidance reiterates that entities such as banks or other financial institutions that are registered with the CFTC and SEC are excluded from the definition of an MSB for purposes of the BSA (although they would still have to abide by the BSA regulations applicable to their own status).

Takeaways

While FinCEN on one level may be correct in saying that the guidance does nothing more than restate existing FinCEN positions, we believe it goes further by applying current FinCEN positions to a number of real-world fintech business models. By doing do, the guidance may help resolve uncertainties about how federal AML/MSB requirements apply to a diverse range of business models and activities in the fintech industry. It may also, however, result in the broader application of MSB registration and regulatory (AML) requirements than some businesses might expect. That said, the guidance should be of meaningful assistance to affected businesses that are trying to understand the application of federal AML requirements to their specific business models and activities, and for that reason, it is worthy of close review by fintech firms—in addition to any guidance issued by the SEC regarding the status of cryptoassets securities.