CFTC, FinCEN, and SEC Warn of Crypto AML Enforcement
Based on a recent regulatory statement, entities involved with cryptocurrency or digital assets should revisit their anti-money laundering and countering the financing of terrorism obligations (AML/CFT) compliance under the Bank Secrecy Act (BSA).
On October 11, the leaders of the Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN), and the Securities and Exchange Commission (SEC) issued a joint statement (the “Joint Statement”) regarding the application of the BSA to activities involving digital assets. The Joint Statement “reminds” those involved with such activities of their AML/CFT obligations and specifically calls out those entities that would be subject to such obligations: futures commission merchants and introducing brokers (regulated by the CFTC), money services businesses (regulated by FinCEN), and broker-dealers and mutual funds (regulated by the SEC).
Potentially indicating a key concern of the regulators going forward, the Joint Statement notes that the applicability of AML/CFT obligations is not dependent on the terminology surrounding the applicable assets, but rather the nature of the assets themselves: “Regardless of the label or terminology that market participants may use, or the level or type of technology employed, it is the facts and circumstances underlying an asset, activity or service, including its economic reality and use (whether intended or organically developed or repurposed), that determines the general categorization of an asset, the specific regulatory treatment of the activity involving the asset, and whether the persons involved are “financial institutions” for purposes of the BSA.” Thus, while market participants refer to digital assets in many different ways, how assets are referred to should not have a bearing on BSA compliance. By way of example, the Joint Statement offers that “something referred to as an ‘exchange’ in a market for digital assets may or may not also qualify as an ‘exchange’ as that term is used under the federal securities laws.”
Following the general statement, each leader provides additional comments, which should guide entities subject to each applicable regulator’s review. Heath Tarbert (Chairman, CFTC) notes that introducing brokers and futures commission merchants are required to report suspicious activity and implement reasonably-designed AML programs, regardless of whether the digital assets qualify as commodities or are used as derivatives. Kenneth A. Blanco (Director, FinCEN) advises those handling digital assets to review FinCEN’s May 2019 interpretive guidance, under which FinCEN makes clear that many digital asset activities would qualify a person as a money services business subject to AML/CFT obligations (unless the person is registered with and functionally regulated and examined by the SEC or CFTC, whereby they would be subject to the BSA obligations of those regulators). Jay Clayton (Chairman, SEC) reminds persons engaged in activities involving digital assets as securities that they remain subject to federal securities laws, but certain rules also apply regardless of whether the assets are securities, such as broker-dealer financial responsibility rules.
The Joint Statement is yet another warning to the cryptocurrency markets following each regulator’s recent steps to clarify their positions on digital assets. This follows closely after the SEC’s April 2019 release of its “Framework for ‘Investment Contract’ Analysis of Digital Assets” and July 2019 joint statement on broker-dealer custody of digital asset securities with the Financial Industry Regulatory Authority. Additionally, FinCEN cited their May 2019 guidance which came shortly after FinCEN levied its first civil penalty against a peer-to-peer virtual currency exchanger for failure to meet AML requirements, amongst other violations, in April 2019.
The fact that the Joint Statement was issued jointly by multiple regulators may signal that the regulators intend to bring parallel actions in cases where they share jurisdiction, so entities operating under shared jurisdiction would have to deal with multiple cases at once. Such entities should not assume that if one regulator brings a case then the other regulators will not also do so. If anything, this Joint Statement makes clear that the regulators are most interested in those entities handling digital assets that had previously operated as though the AML/CFT obligations did not apply to them, so those without such programs in place should carefully evaluate their compliance in the near future.