Actions Highlight Risky Mix of Sanctions Law, Inadequate Transaction Monitoring and Dealing with Anonymity-Enhanced Cryptocurrencies

The Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”) announced on October 11 simultaneous settlements with Bittrex, Inc. (“Bittrex”), a virtual currency exchange and hosted wallet provider. Under the OFAC settlement, Bittrex has agreed to pay $24,280,829.20 to settle its potential civil liability for 116,421 alleged violations of multiple sanctions programs. Under the FinCEN consent order, Bittrex agreed to pay a civil penalty of $29,280,829.20 for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”). FinCEN has agreed to credit Bittrex’s payment to OFAC against its penalty because it found that the alleged BSA violations “stem from some of the same underlying conduct”; thus, Bittrex’s total payments to the two regulators come to $29,280,829.20. 

According to the Department of the Treasury dual press release, the two settlements represent the first parallel enforcement actions by FinCEN and OFAC in the virtual currency and sanctions space. Also, it is OFAC’s largest virtual currency enforcement action to date. To further highlight the importance of the settlements, the press release quotes the OFAC Director Andrea Gacki and FinCEN Acting Director Himamauli Das, both sternly warning operators in the same environment as Bittrex to implement effective AML compliance and sanction screening programs.

It is conceivable that Bittrex, for years now, has been on notice that federal and state regulators are closely watching and expecting more comprehensive risk assessment programs and procedures from businesses transacting with virtual currency. As we previously blogged here, in 2019 the New York Department of Financial Services (“NYDFS”) denied Bittrex’s application for a Bitlicense, citing: “deficiencies in Bittrex’s BSA/AML/OFAC compliance program; a deficiency in meeting the Department’s capital requirement; and deficient due diligence and control over Bittrex’s token and product launches.”  In its letter denying Bittrex’s application, NYDFS set forth in detail the deficiencies it found in Bittrex’s BSA/AML/OFAC compliance program, noting that Bittrex’s compliance policies and procedures “are either non-existent or inadequate.”

As we will discuss, the FinCEN consent order highlights Bittrex’s alleged failure to address adequately the overall risk environment in which it operated, including transactions involving anonymity-enhanced cryptocurrencies, or AECs.  The consent order also highlights two repeated themes in enforcement actions: lack of adequate compliance staff, and a seemingly robust written compliance policy that was not matched by an effective day-to-day transaction monitoring system.

Continue Reading  OFAC and FinCEN Settle with Bittrex in Parallel Virtual Currency Enforcements

Report Focuses on Travel Rule Implementation – or Lack Thereof

The Financial Action Task Force (“FATF”) recently issued an updated review of the implementation of its anti-money laundering (“AML”) and counter-terrorist financing (“CFT”) standards to financial activities involving Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs), entitled Targeted Update On Implementation Of The FATF Standards On Virtual Assets And Virtual Asset Service Providers (“Report”). 

This post highlights the three main takeaways from the Report – with a focus on the FATF’s Travel Rule.  Condensed, the FATF Travel Rule requires the private sector to obtain and exchange beneficiary and originator information with VAs transfers valued at $1,000 or more. The Report also suggests that some DeFi arrangements are not truly “decentralized.”

Continue Reading  FATF Issues Targeted Update Report on Implementation of AML/CFT Standards on Virtual Assets

The Office of the Comptroller of the Currency (“OCC”) entered into a Consent Order (available here) with Anchorage Digital Bank (“Anchorage”), which requires Anchorage to create a compliance committee and take steps to remediate alleged shortcomings with respect to the implementation and effectiveness of Anchorage’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program.  Notably, Anchorage will pay no civil penalty.

Anchorage is not any regular entity overseen by the OCC:  it is a cryptocurrency custodian.  As we will discuss, the timing of the Consent Order indicates that even when regulators permit crypto activities by financial institutions, they remain cautious, particularly as to BSA/AML compliance.  The OCC’s actions send a clear message that regulated entities offering emerging technology financial services must adhere to the same BSA/AML monitoring and reporting requirements as more traditionally regulated entities.
Continue Reading  OCC Targets BSA/AML Compliance by Anchorage Digital Bank – Only 15 Months After Granting National Trust Bank Charter to the Crypto Custodian

The U.S. Government Accountability Office (“GAO”) recently issued a public version of a more detailed and confidential report previously sent to Congress summarizing the GAO’s review of the use of virtual currencies to facilitate human and drug trafficking.  The GAO’s report, Additional Information Could Improve Federal Agency Efforts to Counter Human and Drug Trafficking, (“the Report”) is lengthy.  The GAO examined two issues:  (1) U.S. agencies’ collection of data on the use of virtual currencies for human and drug trafficking; and (2) the steps taken and challenges faced by U.S. agencies to counter human and drug trafficking facilitated by virtual currencies.  In this post, we will describe the Report at a high level, but will focus on the emerging trends identified in the Report and the GAO’s recommendations to counter the use of virtual currency in facilitating human and drug trafficking by amending BSA/AML regulation of virtual currency kiosks, otherwise known as virtual currency ATMs, so as to identify specific locations.
Continue Reading  GAO Publishes Report on Nexus Between Virtual Currencies and Human and Drug Trafficking Financing

Farewell to 2021, and welcome 2022 — which hopefully will be better year for all.  As we do every year, let’s look back — because 2021 was a very busy year in the world of money laundering and BSA/AML compliance, and 2022 is shaping up to be the same.

Indicative of the increased pace and

Proposed Reporting Rules Will Require Careful Parsing for Businesses and Revision of CDD Rule for Banks

As we initially blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on December 7 a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership (“BO”) reporting requirements of the Corporate Transparency Act (“CTA”).  FinCEN’s press release is here; the NPRM is here; and a summary “fact sheet” regarding the NPRM is here.

The CTA requires defined entities – including most domestic corporations and foreign entities registered to do business in the U.S. – to report beneficial owner information (“BOI”) and company applicant information to a database created and run by FinCEN upon the entities’ creation or registration within the U.S.  This database will be accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

Congress passed the CTA because the ability to operate through legal entities without requiring the identification of BOI is a key AML risk for the U.S. financial system.  The CTA seeks to mitigate this risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, and other offenses.  We often have blogged on the CTA and these impending regulations (see herehereherehere and here).

The NPRM describes who must file a BOI report, what information must be reported, and when a report is due.  Although this blog post is lengthy, it still only summarizes the NPRM, which is 55 pages long in the Federal Register.  The NPRM envisions broad and often complicated reporting requirements under the CTA, including an ongoing duty to update any changes in information.

Further, this NPRM addresses “only” BOI reporting.  FinCEN will engage in two additional rulemakings under the CTA to (1) establish rules for who may access BOI, for what purposes, and what safeguards will be required to protect such information; and (2) revise and conform FinCEN’s existing CDD rule for financial institutions.  As we will discuss, the NPRM undermines hopes that the CTA regulations would simplify the compliance obligations of financial institutions already covered by the CDD rule, which requires covered financial institutions to obtain BOI from certain entity customers.  To the contrary, the NPRM indicates that FinCEN will complicate and expand the definitions of the two groups of individuals qualifying as BOs – those exercising “substantial control” and those with a 25% “ownership interest” – and amend the existing CDD rule accordingly, so that the CTA regulations and the CDD rule supposedly align.

The potential application of these regulations is sweeping.  FinCEN estimates at least 25 million existing U.S. companies will have to make a report under the CTA when the proposed regulations become effective.  And approximately three million new entities created each year in the U.S. potentially will be subject to the regulations going forward.  The NPRM does not address the additional amount of foreign entities registered to do business in the U.S. covered by the CTA.
Continue Reading  Proposed Beneficial Ownership Reporting Regulations Under the CTA:  Broad and Complex

Notice is First of Three Sets of Regulations for the CTA

Yesterday, the Financial Crimes Enforcement Network (“FinCEN”) issued a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”), which requires defined entities – including foreign entities with a presence in the U.S. – to report their