Joint Statement on Digital Assets Highlights AML Regulatory Overlap
Leaders of FinCEN, CFTC and SEC Attempt an Intricate Dance of Competing Oversight of Virtual Currency.
On October 11, the leaders of the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Securities and Exchange Commission (“SEC”) issued a “Joint Statement on Acitivites Involving Digital Assets” in order to “remind persons engaged in activities involving digital assets of their anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA).” The regulation of cryptocurrency has been a constant topic of this blog.
The Joint Statement begins by making general observations about the AML obligations of cryptocurrency businesses regulated under the BSA, and the potential patchwork quilt of regulatory oversight:
AML/CFT obligations apply to entities that the BSA defines as “financial institutions,” such as futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses (MSBs) as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. Among those AML/CFT obligations are the requirement to establish and implement an effective anti-money laundering program (AML Program) and recordkeeping and reporting requirements, including suspicious activity reporting (SAR) requirements.
If a person falls under the definition of a “financial institution,” its AML/CFT activities will be overseen for BSA purposes by one or more of the Agencies (and potentially others). For example, the AML/CFT activities of a futures commission merchant will be overseen by the CFTC, FinCEN, and the National Futures Association (NFA); those of an MSB will be overseen by FinCEN; and those of a broker-dealer in securities will be overseen by the SEC, FinCEN and a self-regulatory organization, primarily the Financial Industry Regulatory Authority (FINRA).
This post will focus on the section of the Joint Statement which addresses a potential problem (as we have blogged) with all of these different regulators simultaneously asserting their respective power over cryptocurrency businesses. Specifically, BSA regulations pertaining to the definition of a MSB, at 31 C.F.R. § 1010.100(ff)(8)(ii), flatly state that a MSB does not include the following:
A person registered with, and functionally regulated or examined by, the SEC or the CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC[.]
Given this regulation, how can certain cryptocurrency businesses be subject to the claimed jurisdictions of FinCEN, the SEC and the CFTC? The October 11 Joint Statement addresses this issue as follows:
As set forth in the 2019 CVC Guidance, a number of digital asset-related activities qualify a person as an MSB that would be regulated by FinCEN. FinCEN’s BSA regulations also provide that any person “registered with, and functionally regulated or examined by, the SEC or the CFTC,” would not be subject to the BSA obligations applicable to MSBs, but instead would be subject to the BSA obligations of such a type of regulated entity. Accordingly, even if an introducing broker, futures commission merchant, broker-dealer or mutual fund acts as an exchanger of digital assets and provides money transmission services for the purposes of the BSA, it would not qualify as a money transmitter or any other category of MSB and would not be subject to BSA requirements that are applicable only to MSBs. Instead, these persons would be subject to FinCEN’s regulations applicable to introducing brokers, futures commission merchants, broker-dealers and mutual funds, respectively. These obligations include the development of an AML program and suspicious activity reporting requirements, as well as requirements under applicable CFTC or SEC rules. Furthermore, regardless of federal functional regulator, all financial institutions dealing in digital assets meeting the definition of “securities” under federal law must comply with federal securities law.
Although the above language stresses the potential application of multiple regulatory regimes to a single business, it does not even acknowledge the issue of potential money transmitter licensing requirements for cryptocurrency exchanges under state laws, which all vary and exist independent of federal law.
Finally, and not surprisingly, the Joint Statement declares that regulators will not feel constrained by the labels ascribed to the activity at issue by the virtual currency business itself:
We are aware that market participants refer to digital assets using many different labels. The label or terminology used to describe a digital asset or a person engaging in or providing financial activities or services involving a digital asset, however, may not necessarily align with how that asset, activity or service is defined under the BSA, or under the laws and rules administered by the CFTC and the SEC. For example, something referred to as an “exchange” in a market for digital assets may or may not also qualify as an “exchange” as that term is used under the federal securities laws. As such, regardless of the label or terminology that market participants may use, or the level or type of technology employed, it is the facts and circumstances underlying an asset, activity or service, including its economic reality and use (whether intended or organically developed or repurposed), that determines the general categorization of an asset, the specific regulatory treatment of the activity involving the asset, and whether the persons involved are “financial institutions” for purposes of the BSA.
The message: a business may not self-describe itself beyond the reach of an undesired regulator.
The Joint Statement begins by making general observations about the AML obligations of cryptocurrency businesses regulated under the BSA, and the potential patchwork quilt of regulatory oversight:
AML/CFT obligations apply to entities that the BSA defines as “financial institutions,” such as futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses (MSBs) as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. Among those AML/CFT obligations are the requirement to establish and implement an effective anti-money laundering program (AML Program) and recordkeeping and reporting requirements, including suspicious activity reporting (SAR) requirements.
If a person falls under the definition of a “financial institution,” its AML/CFT activities will be overseen for BSA purposes by one or more of the Agencies (and potentially others). For example, the AML/CFT activities of a futures commission merchant will be overseen by the CFTC, FinCEN, and the National Futures Association (NFA); those of an MSB will be overseen by FinCEN; and those of a broker-dealer in securities will be overseen by the SEC, FinCEN and a self-regulatory organization, primarily the Financial Industry Regulatory Authority (FINRA).
This post will focus on the section of the Joint Statement which addresses a potential problem (as we have blogged) with all of these different regulators simultaneously asserting their respective power over cryptocurrency businesses. Specifically, BSA regulations pertaining to the definition of a MSB, at 31 C.F.R. § 1010.100(ff)(8)(ii), flatly state that a MSB does not include the following:
A person registered with, and functionally regulated or examined by, the SEC or the CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC[.]
Given this regulation, how can certain cryptocurrency businesses be subject to the claimed jurisdictions of FinCEN, the SEC and the CFTC? The October 11 Joint Statement addresses this issue as follows:
As set forth in the 2019 CVC Guidance, a number of digital asset-related activities qualify a person as an MSB that would be regulated by FinCEN. FinCEN’s BSA regulations also provide that any person “registered with, and functionally regulated or examined by, the SEC or the CFTC,” would not be subject to the BSA obligations applicable to MSBs, but instead would be subject to the BSA obligations of such a type of regulated entity. Accordingly, even if an introducing broker, futures commission merchant, broker-dealer or mutual fund acts as an exchanger of digital assets and provides money transmission services for the purposes of the BSA, it would not qualify as a money transmitter or any other category of MSB and would not be subject to BSA requirements that are applicable only to MSBs. Instead, these persons would be subject to FinCEN’s regulations applicable to introducing brokers, futures commission merchants, broker-dealers and mutual funds, respectively. These obligations include the development of an AML program and suspicious activity reporting requirements, as well as requirements under applicable CFTC or SEC rules. Furthermore, regardless of federal functional regulator, all financial institutions dealing in digital assets meeting the definition of “securities” under federal law must comply with federal securities law.
Although the above language stresses the potential application of multiple regulatory regimes to a single business, it does not even acknowledge the issue of potential money transmitter licensing requirements for cryptocurrency exchanges under state laws, which all vary and exist independent of federal law.
Finally, and not surprisingly, the Joint Statement declares that regulators will not feel constrained by the labels ascribed to the activity at issue by the virtual currency business itself:
We are aware that market participants refer to digital assets using many different labels. The label or terminology used to describe a digital asset or a person engaging in or providing financial activities or services involving a digital asset, however, may not necessarily align with how that asset, activity or service is defined under the BSA, or under the laws and rules administered by the CFTC and the SEC. For example, something referred to as an “exchange” in a market for digital assets may or may not also qualify as an “exchange” as that term is used under the federal securities laws. As such, regardless of the label or terminology that market participants may use, or the level or type of technology employed, it is the facts and circumstances underlying an asset, activity or service, including its economic reality and use (whether intended or organically developed or repurposed), that determines the general categorization of an asset, the specific regulatory treatment of the activity involving the asset, and whether the persons involved are “financial institutions” for purposes of the BSA.
The message: a business may not self-describe itself beyond the reach of an undesired regulator.
