Cryptocurrency’s mainstream boom increases BSA/AML risks


Driven by the global pandemic and shifts in the financial services industry, cryptocurrencies and digital payments are becoming increasingly mainstream. Rising interest in cryptocurrencies and uncertainty related to the traditional financial markets have piqued the interest of institutional investors and retail consumers alike. Some investors also view cryptocurrency as an anti-inflationary growth asset that can outperform other assets in an era of low returns from government bonds.

Companies operating as money transmitters and Money Service Businesses (MSBs) will need to be agile as they work to mitigate the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) risks associated with virtual currency transactions. With the majority of digital money transmission and cryptocurrency businesses categorized as MSBs, these companies may face significant risks around non-compliance with BSA/AML laws and regulations.




Market growth and increased BSA/AML risk


During the past year, virtual currencies have experienced significant growth. This growth, coupled with much lower barriers to entry, have led to widespread adoption by consumers seeking to gain access to and conduct transactions with virtual currencies. As evidence of this widespread adoption, leading cryptocurrency exchange Coinbase recently announced that its cryptocurrency-funded Visa debit card — the Coinbase Card — could be added to Google Wallet as a form of payment for consumers throughout Europe.

The ease and speed with which consumers can conduct mobile payments using their digital assets is an indicator that transaction monitoring programs will need to adjust to recognize potentially illicit activity occurring in a space not yet fully matured. The very ease-of-use considerations desired by consumers can be exploited for illicit purposes.

Global access to cryptocurrency markets and the decentralized nature of these blockchain-based operations can make tracing the source of funds extremely difficult. While market-leading entities may implement stringent BSA/AML controls and oversight on their customers, significant risks still remain vis à vis the counterparties to its customers, who may be the customers of crypto exchanges with less stringent controls and/or less concern for regulatory compliance.

Large tech companies are also adopting products and services to increase virtual currency adoption among their customer base. In November 2020, PayPal announced it would open its network to bitcoin and other cryptocurrencies. PayPal’s announcement stated that “all eligible PayPal accountholders in the U.S. can now buy, hold and sell cryptocurrency directly with PayPal.”

Large tech companies must be sure to implement BSA/AML controls to manage the attendant risks of cryptocurrency adoption. For example, to reduce the Know Your Customer (KYC) risk associated with cryptocurrency transactions, PayPal places certain restrictions on its customers (via the PayPal Cryptocurrency Terms and Conditions), clarifying that its customers “...will not be able to transfer Crypto Assets from your Cryptocurrencies Hub to another cryptocurrency wallet.”




Cryptocurrency’s impact on financial services

In recent years, technology has played an increased role in the financial services sector. The shift to digital forms of currency has been inevitable, due to the clear advantages and efficiencies these new payment forms bring to financial services. These efficiencies include greater access to customers, efficiency in processing, and speed of transactions — all non-trivial improvements to traditional payments systems. In addition, the growth of fintech firms, eager to deliver services or products traditionally viewed as banking, have increased the velocity of change and adoption with their drive to innovate through technology.


Traditional banking institutions have likewise begun to enter the digital assets industry, with Anchorage Digital Bank becoming the first federally chartered digital asset bank. In January 2021, the Office of the Comptroller of the Currency (OCC) provided conditional approval to Anchorage to serve as a custodian of digital assets, helping to bridge the gap between the banking industry and the growing popularity of virtual currencies. This expanded access and integration of digital assets into the traditional financial markets has caused regulators to revisit their charters to protect consumers and the integrity of the financial industry.




Regulatory impact


In March of 2013, FinCEN issued Guidance FIN-2013-G001 – Application of FinCEN’s Regulations to Persons Administering, Exchanging or Using Virtual Currencies. This guidance was released in response to questions as to what constitutes an MSB, and, in particular, what entities are considered money transmitters. FinCEN declared that virtual currencies are the same as traditional currencies. Accordingly, money transmitters must register with FinCEN and comply with all relevant BSA/AML regulations. FinCEN also defined Convertible Virtual Currency (CVC) as virtual currency that has the ability to act as a replacement for real and legal currency, with equivalent value to fiat currency.

Based on this guidance, non-bank companies engaging in virtual currency and other emerging digital asset companies are considered money transmitters by FinCEN and must comply with BSA/AML requirements. As online payments and virtual currencies continue to become popular, regulators are working to keep pace and are expanding their oversight to include currency, funds, or value that substitutes for currency.

All MSBs are required to develop and implement an BSA/AML compliance program. The program should reasonably prevent individuals from using the MSB to facilitate money laundering or to finance terrorist activities. Each BSA/AML compliance program must be written and consider the inherent risks, as well as establish internal policies, procedures, and controls. Additionally, these programs should include the designation of an AML officer, employee training, independent testing, and customer due diligence (CDD) protocols.

Virtual currencies were codified into the purview of the newly passed Anti-Money Laundering Act of 2020 (AMLA), a part of the National Defense Authorization Act for Fiscal Year 2021 and the 5th Anti-Money Laundering Directive (5AMLD). This broadening of the BSA/AML regulatory framework foreshadows the increased scrutiny expected from regulators on established entities as well as for institutions preparing to enter the virtual currency space.

These and other recent regulatory enhancements have highlighted the importance of leveraging emerging technologies, such as artificial intelligence and machine learning, in combating financial crime and terrorist financing. If financial institutions and other entities do not seek ways to integrate the latest technological advancements into their risk and compliance programs, they may struggle to respond to shifts in the industry and regulatory landscape.

Regulators have also noted the continued importance for financial institutions to understand with whom they are conducting business. KYC and Beneficial Ownership requirements have been expanded in both the U.S. and EU, under the AMLA and 5AMLD respectively. FinCEN has confirmed that Travel Rule requirements are also applicable to entities operating in the digital assets space, a clear demonstration of the importance of an entity’s understanding of its customer and transactional data in maintaining regulatory compliance. The pseudo-anonymity of virtual currencies has been leveraged by criminals to conduct a range of illegal activities. Regulators are looking to reduce that risk as the industry grows. For this reason, comprehensive KYC and BSA/AML programs are essential in identifying customer risk and mitigating the potential for illicit activity.





Potential penalties for non-compliance


Penalties for operation of unlicensed money transmission businesses can range from civil penalties of up to $5,000 for each violation and additional monetary penalties for each day a registration violation continues. In addition to civil penalties, criminal charges can result in up to five years of imprisonment. For example, in April 2021, The Department of Justice with support from international law enforcement agencies filed criminal charges against the founder of Bitcoin Fog, a cryptocurrency “mixer,” whose operations were designed to conceal the source of Bitcoin funds. Bitcoin Fog facilitated the movement of over 1.2 million Bitcoin, then valued at approximately $335 million. Founder Roman Sterlingov is being charged with money laundering, operating an unlicensed money transmitting business and money transmission without a license in the District of Columbia.

As cryptocurrencies gain broader usage, BSA/AML risks for all parties involved continue to expand. Companies operating as money transmitters or MSBs must keep abreast of evolving regulations to ensure compliance and mitigate those risks.




Our featured risk, compliance and controls insights