News

Individuals who charge a fee to exchange bitcoins and other cryptocurrencies for government-issued banknotes must register, comply with anti-money laundering rules and report suspicious transactions, same as any company, according to the U.S. Treasury Department.

The department’s Financial Crimes Enforcement Network has instructed firms that exchange cryptocurrency to register as money services businesses, or MSBs, and adopt AML programs since 2013, but had stopped short of formally conveying those same expectations to individuals, preferring instead to communicate them through administrative rulings and enforcement.

Guidance issued by the bureau last week, however, makes explicit that the requirements extend to a much broader range of entities, including overseas exchanges with “substantial” U.S. business, and individuals who generate income from buying and selling cryptocurrency.

FinCEN carved out an exception for those who trade on an “infrequent basis and not for profit or gain,” and another for online forums “where buyers and sellers post their bids and offers” and “settle any matched transactions through an outside venue.”

Firms and individual exchangers that feature “anonymity enhanced” cryptocurrencies must also register and identify their clients regardless of the technological hurdles, according to the guidance.

The same expectations apply to mixers and tumblers, which FinCEN refers to as “anonymizing services provider[s].” Privacy advocates and money launderers alike have used such firms to manipulate blockchain records and thus obscure their ownership of bitcoins and other cryptocurrency.

FinCEN may see an influx of firms seeking to register in response to the guidance, but most—if not all—individuals are unlikely to register and would struggle to comply with AML program requirements, said Mike Lempres, former chief legal and risk officer at Coinbase, a San Francisco-headquartered exchange.

“A big takeaway is, if you thought you were in a gray area and FinCEN doesn’t think you’re in a gray area—register,” said Lempres, now an executive at Andreessen Horowitz, a Bay Area venture capital firm. “I would think that exchanges that are not registered would be very high on the list for potential enforcement.”

There may be precedent for an impending action.

In May 2013, two months after having first outlined some of its expectations for cryptocurrency exchanges in guidance, FinCEN named Liberty Reserve, a Costa Rica-incorporated digital payment processor, a primary money-laundering concern under the Patriot Act.

The website allowed anyone who provided a name, email address and birthdate to convert limitless sums of dollars and euros into “liberty dollars” and “liberty euros” and transfer them, including through third parties, without verification or due diligence.

FinCEN coordinated the action with federal prosecutors, who accused Liberty Reserve’s founders of running a “criminal bank-payment processor” that helped launder $6 billion in proceeds from cyber-enabled fraud and other illegal activity.

‘Darknet marketplaces’

FinCEN also issued a 12-page advisory Thursday warning cryptocurrency exchangers, MSBs and others to monitor for wallet addresses linked to “darknet marketplaces” or engaging in criminal activity on public websites.

Cryptocurrency firms should watch for customers that provide MSB-like services without registering, and also screen for transactions from IP addresses associated with Tor—a type of software designed to obscure a user’s identity and location.

Releasing the guidance and advisory in tandem could prompt even more reticence from banks to engage with the industry, three sources told moneylaundering.com.

For at least the last several months, one midsize bank on the East Coast has monitored for wires, credit card purchases and ACH transactions linked to cryptocurrency and reached out to customers who transfer large sum of cash to exchangers—only to find that some freely acknowledge they are running MSB-like services, a compliance officer at the lender said.

“We’ve taken the stance that we don’t bank [cryptocurrency] exchangers, so the battle is finding them and de-risking them.”

References to bitcoins or cryptocurrency in general have appeared in more than 47,000 suspicious activity reports in the six years since FinCEN first ruled on the issue. Half of those reports were filed by firms that exchange cryptocurrency or administer and manage their own.

Large U.S. exchanges have already implemented processes for offloading customers who use their platforms to run MSBs of their own, but banks must determine which of the red flags listed in the advisory are detectable by their current transaction-monitoring systems and adjust accordingly, said Carol Van Cleef, a Virginia-based attorney with LeClairRyan.

“For banks that haven’t already been looking [for cryptocurrency firms], this will be the first time they’ve got a real roadmap,” Van Cleef said. “There are certain players who tried to deny the applicability of these rules, and now it’s in black and white.”

A FinCEN spokesman declined to comment.

Contact Daniel Bethencourt at dbethencourt@acams.org