On May 9, 2019, FinCEN released guidelines for applying the rules to some of the Business Models for Attracting Convertible Virtual Currencies. To remind individuals under the Banking Secrets Act (BSA) about how FinCEN rules relating to companies providing monetary services (MSBs) apply to certain business models related to the transfer of money denominated in value, which replaces currency, in particular, convertible virtual currencies (CVCs).

This guidance does not establish any new regulatory expectations or requirements. Rather, it consolidates current FinCEN regulations, and related administrative rulings and guidance issued since 2011, and then applies these rules and interpretations to other common business models involving CVC engaging in the same underlying patterns of activity.

This guidance is intended to help financial institutions comply with their existing obligations under the BSA as they relate to current and emerging business models involving CVC by describing FinCEN’s existing regulatory approach to the issues most frequently raised by industry, law enforcement, and other regulatory bodies within this evolving financial environment. In this regard, it covers only certain business models and necessarily does not address every potential combination of facts and circumstances. Thus, a person working with a business model not specifically included in this guidance may still have BSA obligations.

The overall structure of this guidance is as follows:

Section 1 defines certain key concepts within the context of the guidance. Although the titles or names assigned to these key concepts may coincide with terms customarily used by industry and share similar attributes, for purposes of the guidance their meaning is limited to the definition provided in the guidance.

Section 2 consolidates and explains current FinCEN regulations, previous administrative rulings, and guidance involving the regulation of money transmission under the BSA. By consolidating and summarizing rules and interpretation in a single Section, this guidance provides a resource to help financial institutions comply with their existing obligations under the BSA as they relate to current and emerging activities involving CVC.

Section 3 summarizes the development and content of FinCEN’s 2013 guidance on the application of money transmission regulations to transactions denominated in CVC.

Sections 4 and 5 describe FinCEN’s existing regulatory approach to current and emerging business models using patterns of activity involving CVC. This approach illustrates how FinCEN fits existing interpretations about certain activities to other activities that at first may seem unrelated, but conform to the same combination of key facts and circumstances.

Finally, Section 6 contains a list of resources to which interested parties may refer for further explanation about the content of the guidance, or to assist in evaluating facts and circumstances not expressly covered in this guidance.

Source: United States Department of the Treasury Financial Crimes Enforcement Network | FinCEN.gov

Report for the first three months of the current year CipherTrace Cryptocurrency Intelligence (April 2019).

Cryptocurrency Thefts, Scams, and Fraud Could Tally More than $1.2 Billion in First Quarter 2019.

Criminals stole more than US$356 million from exchanges and infrastructure during the first quarter of 2019. Among these losses, exit scams—which CipherTrace is considering the implosion of QuadrigaCX to be one—robbed cryptocurrency users of nearly US$195 million. On top of these numbers, the New York Attorney General’s Office revealed what they allege is a fraud involving the loss of $851 million by a major cryptocurrency exchange, Bitfinex. Cyber criminals also developed ingenious new techniques to drain millions more from user accounts and wallets. These thefts only represent the losses that are visible. CipherTrace estimates the true number of crypto asset losses was much higher.

46% Increase in the Number of Cross-Border Payments from US Cryptocurrency Exchanges Over the Last Two Years.

CipherTrace research conducted in Q1 revealed a major hole in the current cryptocurrency regulatory fabric with respect to cross-border payments. An analysis of 164 million BTC transactions revealed that cross-border payments from US exchanges to offshore exchanges increased from 45% from the twelve months ending Q1 2017 to 66% in the twelve months ending Q1 2019. This is significant because according to the International Consortium of Investigative Journalists, “$8.7 trillion, 11.5 percent of the world’s wealth, is hidden offshore.”

Once these payments reach exchanges and wallets in other parts of the globe they fall off the radar of US authorities. For now, it is uncertain if these cross border inter-exchange payments trigger the FinCEN requirement that “MSBs must keep a five-year record of currency exchanges greater than $1,000 and money transfers greater than $3,000.” But experts recommend MSBs retain tax ID/SSN for these transactions.

A Significant Wave of Regulation Is Coming to the Cryptocurrency Economy.

Ultimately, thieves and scam artists will need to launder the cryptocurrency stolen or scammed in Q1 2019. Furthermore, this will require innovative new ways to cash out, and turn all that tainted virtual money into clean, spendable fiat currencies. And they will also need to get it done under the much more watchful eyes of government regulators and banks as a tsunami of tough new global anti-money laundering (AML) and counter-terror financing (CTF) regulations will roll over the crypto landscape in the coming year. As of April 2019, 17 countries plus the European Union within the jurisdiction of the Financial Stability Board had at least some regulation or standard-setting bodies dealing with cryptocurrencies. These bodies will be responsible for implementing regulations that enforce FATF policy and AMLD5.

In light of the huge losses suffered by users of QuadrigaCX, regulators in Canada and around the world are rethinking controls on the internal business practices and security operations of exchanges. In addition, regulators are beginning to recommend bans on privacy coins, as criminals are coming to prefer these new anonymous altcoins to bitcoin because they are more difficult to trace. Banks also continue to face problems coping with the coming wave of regulations as they increasingly recognize there are undetected cryptocurrency operations that are using their fiat payment networks and customer accounts. Plus, courts in some countries have ruled that banks must do business with licensed cryptocurrency companies.

Crypto Crime Evolves and Expands from the Virtual to the Real World.

The previous year’s crypto crime spree was dominated by major external exchange hacks around the globe—with the biggest occurring in Q1 2018. However, in the first quarter of this year, insiders, extortionists and scammers attempted a more diverse range of crypto crimes. As just one example, kidnappers in Norway demanded nine million euros (approximately US$10.3 million) ransom in Monero, a privacy coin, for a billionaire’s wife, who has not yet been returned. There were also two large insider thefts/misappropriations (QuadrigaCX and Bitfinex). This shift suggests that security against external hackers at exchanges is maturing under the pressure from regulators and customers to take necessary measures to prevent losses.

The geopolitical implications of cryptocurrencies also took center stage in Q1 2019 with countries competing to attract crypto businesses and foster related economic growth. Conversely, overt attempts to evade sanctions by hostile nations show that economic adversaries recognize the money laundering and terrorist financing potential of crypto assets. On March 6, 2019, the UN Security Council reported North Korean state-backed hackers successfully breached at least five cryptocurrency exchanges in Asia between January 2017 and September 2018, causing $571 million in losses.

Q1 2019 Crypto Crime Highlights:

- Thieves and scammers stole more than $356 million from exchanges and users.

- Customers suffered losses of approximately US$195 million when Canada’s major cryptocurrency exchange, QuadrigaCX, imploded after the CEO mysteriously perished in India, allegedly along with the passwords to virtually all of the exchange’s assets. CipherTrace analysis casts severe doubt that this was anything other than a theft, fraud, or foul play.

- On March 26, the New York Attorney General’s Office brought suit against the parent company of Bitfinex and Tether.
- The AG claimed Tether had failed to disclose a secret transfer of funds from the fiat pool of funds supposedly backing tether, which converted tether from asset-backed to debt-backed unbeknownst to tether holders.
- Bitfinex allegedly lost $851 million. The source of the loss was a Panamanian payment processor also used by QuadrigaCX.

- Iran announced the imminent launch of its long-rumored Crypto Rial, a state-backed stable coin developed with the express purpose of circumventing political sanctions and overcoming sanctions-related restrictions by SWIFT.

- The Russian Duma approved international use of the domestically developed SPFS as a ‘SWIFT alternative’ for cross-border payments in an effort to avoid political sanctions.

- The French government issued a report recommending a ban on privacy coins.

- The UN published the findings of a private report that concluded North Korean hackers looted $571 million from five cryptocurrency exchanges in Asia.

- Courts in some countries forced financial institutions to bank crypto asset businesses.

- The Bank of Mexico reportedly proposed banning financial institutions from transacting with crypto exchanges, citing money laundering and terror financing risks.

Source: CipherTrace.