Money Services Business

The South Dakota Division of Banking (the “Division”) issued a Memorandum notifying all licensed South Dakota money lenders and non-residential mortgage lenders that the Division has taken the position that they are subject to the Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) obligations imposed by a 2020 Final Rule published by the Financial Crimes Enforcement Network (“FinCEN”) regarding banks lacking a federal functional regulator (“Final Rule”). The Final Rule became effective in 2020, and the Memorandum requires licensees to comply by March 31, 2024.  No other state has taken this same position, and the Final Rule itself stated that it applied to approximately 567 banks. 

Accordingly, all money lender and non-residential mortgage lender licensees covered by the Memorandum must develop a BSA/AML compliance program that aligns with the Memorandum’s requirements, which are equivalent to that of a “bank” under FinCEN’s regulations. The compliance program must include a risk assessment, ongoing transaction monitoring, and filing of Suspicious Activity Reports (“SARs”) and Currency Transaction Reports (“CTRs”), among other requirements. In addition, licensees must register with FinCEN for BSA e-filing.

Continue Reading  South Dakota Regulator Requires BSA/AML Compliance for Money Lender Licensees and Non-Residential Mortgage Lenders

A Huge Monetary Penalty for Sprawling Allegations – But Will Zhao Receive a Prison Sentence?

As the world now knows, Binance Holdings Limited, doing business as Binance.com (“Binance” or the “Company”), has entered into a plea agreement with the U.S. Department of Justice (“DOJ”).  

Binance is registered in the Cayman Islands and regarded as the world’s largest virtual currency exchange. It agreed to plead guilty to conspiring to willfully violating the Bank Secrecy Act (“BSA”) by failing to implement and maintain an effective anti-money laundering (“AML”) program; knowingly failing to register as a money services business (“MSB”); and willfully causing violations of U.S. economic sanctions issued pursuant to the International Emergency Economic Powers Act (“IEEPA”). Despite the plea agreement, Binance will continue to operate.

Changpeng Zhao, also known as “CZ,” also pleaded guilty to violating the BSA by failing to implement and maintain an effective AML program. Zhao is Binance’s primary founder, majority owner, and – until now – CEO. As part of his plea agreement, Zhao has stepped down as the CEO, although he apparently will keep his shares in Binance.

As part of its plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total criminal penalty of $4,316,126,163. Binance also entered into related civil consent orders with the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Office of Foreign Assets Controls (“OFAC”). Zhao also entered into a consent order with the CFTC.

The allegations are vast and detailed, and much digital ink already has been spilled regarding this matter. Our discussion therefore will be relatively high-level. Distilled, the government alleges that Binance – under the direction of Zhao – tried to hide the fact that it operated in the U.S., purposefully avoided any meaningful AML compliance, and consequently laundered many millions of dollars’ worth of cryptocurrency involving extremely serious criminal conduct, including terrorism, child pornography, and U.S. sanctions evasion.

As for Zhao, and as we will discuss, whether he will go to prison – and if so, for how long – is an open and very interesting question. His sentencing currently is scheduled for February 23, 2024.

Continue Reading  Binance Settles Criminal and Civil AML and Sanctions Enforcement Actions for Multiple Billions – While its Founder, Owner and Former CEO Zhao Pleads Guilty to Single AML Crime

On October 23, the Financial Crimes Enforcement Network (“FinCEN”) published a notice of proposed rulemaking (“NPRM”) entitled Proposal of Special Measure Regarding Convertible Virtual Currency Mixing, as a Class of Transactions of Primary Money Laundering Concern.  Section 311 of the Patriot Act, codified at 31 U.S.C. § 5318A (“Section 311”), grants the Secretary of the Treasury authority – which has been delegated to FinCEN – to require domestic financial institutions and agencies to take certain “special measures” if FinCEN finds that reasonable grounds exist for concluding that one or more classes of transactions within or involving a jurisdiction outside of the United States is of “primary money laundering concern.” 

In this NPRM, FinCEN proposes to designate under Section 311 all convertible virtual currency (“CVC”) mixing transactions, as defined by the NPRM.  This designation would require imposing reporting and recordkeeping requirements upon covered financial institutions (“FIs”) regarding transactions occurring by, through, or to a FI when the FI “knows, suspects, or has reason to suspect” that the transaction involves CVC mixing.

The NPRM is complicated and raises complex questions.  We only summarize here, and note selected issues.  Comments are due on January 22, 2024.  FinCEN can expect many comments.

Continue Reading  FinCEN Proposes to Require Recordkeeping and Reporting for CVC Mixing Transactions

Legislation Targets Unhosted Wallets, Validators and Digital Asset ATMs

On July 28th, Senators Elizabeth Warren (D-Mass), Roger Marshall (R-Kan.), Joe Manchin (D-W.Va.) and Lindsey Graham (R-S.C.), reintroduced the Digital Asset Anti-Money Laundering Act (the “Act”), legislation aimed at closing gaps in the existing anti-money laundering and countering of the financing of terrorism (AML/CFT) framework as it applies to digital assets. Senators Warren and Marshall previously had introduced the same piece of legislation in December 2022, but at that time it lacked widespread support and stalled in the Senate.

Now, potentially in response to crypto-friendly legislation that recently passed in the House, the Act gained momentum with a larger group of bipartisan legislators and may have a more promising future.  The Act also was reintroduced immediately on the heels of a successful amendment to the 2024 National Defense Authorization Act (NDAA) pertaining to AML compliance examinations for financial institutions under the Bank Secrecy Act (BSA) and the future regulation of anonymity-enhancing technologies, such as mixers or tumblers.  According to Senator Warren’s press release the Act currently enjoys the support of the Bank Policy Institute, the National District Attorneys Association, Major County Sheriffs of America, and the National Consumers League, among other groups.

As we discuss immediately below, the Act would make major changes to the current BSA/AML regulatory regime as it applies to digital assets.

Continue Reading  Bipartisan Group of Senators Re-Introduce the Digital Asset Money Laundering Act

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Finance Monitor podcast series, A Look at the Treasury Department’s April 2023 Report on Decentralized Finance or “DeFi.” 

In this episode, we follow up and expand upon our blog post regarding the U.S. Department of the Treasury’s April 6, 2023 report examining vulnerabilities

Report Offers Weak Insight on Causation but Lists Steps that Treasury Can and Should Take

The Department of Treasury (“DOT”) recently released its first ever strategy report (the “Strategy”) on the topic of de-risking, taking the form of a 54-page document that combines a summary of the problem of de-risking with an overview of recommended steps to solve it. While the Strategy is the first document of its kind issued by the U.S. government, it is not unexpected – Section 6215 of the Anti-Money Laundering Act of 2020 (“AMLA”) requires the DOT to develop a strategy to mitigate the adverse effects of de-risking after conducting interviews with regulators, non-profit organizations and other public and private stakeholders.

As we’ve discussed over the years, “de-risking” is a practice taken by financial institutions (FIs) to restrict certain categories of customers from accessing their services – typically due to the perception that the compliance risk associated with such customers would outweigh the benefits, financial or otherwise, of servicing them. It is important to note that the concept of de-risking is not about a customer’s individual risk profile; rather, de-risking involves a FI making a wholesale or indiscriminate determination about a category of customers, and failing to use an individualized risk-based approach favored by the anti-money laundering/countering the financing of terrorism (AML/CFT) regulatory framework.  As we have discussed, and as global watchdog groups have noted, de-risking often has a disproportionate impact on developing countries.  The Strategy itself notes that de-risking “prevent[s] low- and middle-income segments of the population, as well as other underserved communities, from efficiently accessing the financial system[.]” Thus, the issue of de-risking is intertwined with concerns regarding economic and ethnic disparities. 

As the Strategy notes, de-risking also can undermine development, humanitarian and disaster relief funds flowing to other countries.  Finally, de-risking can threaten the U.S. financial system because driving funds outside of the regulated financial system makes it harder to detect and deter illicit finance, and increases the risk of sanctions evasion. 

According to the Strategy, the profit motive of FIs is the main driver behind the ongoing problem of de-risking:  because the cost of compliance for risky categories of customers would be too high, FIs cannot justify providing services to them from a profitability perspective.

Arguably, this claim in the Strategy suffers from, at best, a certain lack of self-awareness and, at worst, a degree of hypocrisy, used to deflect a Congressional demand that the DOT address and ameliorate the problem of de-risking. Increasingly onerous BSA/AML regulations, the occasionally haphazard enforcement of those regulations, and the practical disconnect between the expectations of AML examiners and law enforcement agents arguably represent the true source of the compliance-related fears and costs that drive FIs to de-risk.  If banks and other FIs are rejecting certain customers wholesale, it’s often because they fear that they will get “dinged” during a regulatory examination for servicing such customers if perceived problems develop after the application of 20/20 hindsight, and because the compliance hoops can range from the onerous to the practically impossible.  Similar considerations are partially why FIs now file over four million Suspicious Activity Reports (“SARs”) annually, regardless of whether any given SAR is actually helpful to law enforcement: no one has been subjected to an enforcement action for filing too many SARs.

Continue Reading  Department of Treasury Issues Strategy on De-Risking

On April 6, 2023, the U.S. Department of the Treasury released a report examining vulnerabilities in decentralized finance (“DeFi”), including potential gaps in the United States’ anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulatory, supervisory, and enforcement regimes for DeFi.  The report concludes by making a series of recommendations, including the closing of “gaps” in the application of the Bank Secrecy Act (“BSA”) to the extent that certain DeFi services currently fall outside the scope of the BSA’s definition of a “financial institution” covered by the BSA.  The report cautions that it does not alter any existing legal obligations, issue any new regulatory interpretations, or establish any new supervisory expectations.

Continue Reading  U.S. Treasury Releases Report and Recommendations Regarding Vulnerabilities in Decentralized Finance

We previously blogged on an advisory issued by FinCEN alerting financial institutions to the various financial mechanisms used by traffickers of fentanyl and synthetic opioids to launder the burgeoning proceeds of their illicit activities. In the years since, the volume of that drug trade has only increased, as tragically evidenced in part by the skyrocketing rate of fentanyl-related deaths per year – in the U.S. alone, rising from around 28,000 to almost 70,000 in the past five years.

Recognizing this as a global concern requiring transnational solutions to address it, on November 30 the Financial Action Task Force (“FATF”), an intergovernmental organization comprised of 38 national members and two regional organizations (the EU and the Gulf Cooperation Council), released a report, coordinated by the U.S. and Canada, on money laundering stemming from trade in fentanyl and synthetic opioids, with specific recommendations for counteracting the cash flow of the groups engaged in this activity.

The report attempts to focus greater attention on the transnational aspect of the global fentanyl trade. It notes that the trade is fueled by organized crime groups which are able to utilize a high level of sophistication both in the acquisition of drugs for sale and distribution, and in the subsequent laundering of proceeds.

Continue Reading  Countering Financial Flows From the Illicit Trade in Fentanyl and Synthetic Opioids

The “Highlights” — To Russia, With Crypto

The Financial Crimes Enforcement Network (“FinCEN”) issued on November 1 a Financial Trend Analysis regarding ransomware-related Bank Secrecy Act (“BSA”) filings during the second half of 2021 (the “Report”).  This publication follows up on a similar ransomware trend analysis issued by FinCEN regarding the first half of 2021, on which we blogged here.  

In the most recent analysis, FinCEN found that both the number of ransomware-related Suspicious Activity Reports (“SAR”) filed, and the dollar amounts at issue, nearly tripled from 2020 to 2021.  The notable takeaways from the Report include:

  • Ransomware-related SARs were the highest ever in 2021 (both in number of SARs and in dollar amounts of activity reported).
  • Ransomware-related SARs reported amounts totaling almost $1.2 billion in 2021.
  • Approximately 75% of ransomware-related incidents between June 2021 and December 2021 were connected to Russia-related ransomware variants.

The Report, which stated that the majority of these ransomware payments were made in Bitcoin, serves as a particular reminder to cryptocurrency exchanges of their role in both identifying and reporting ransomware-related transactions facilitated through their platforms.  The Report stresses that SAR filings play an essential role in helping FinCEN identify ransomware trends.

Continue Reading  FinCEN Reports Staggering Increase in Reported Ransomware Attacks

On October 19, 2022, the U.S. Attorney’s Office for D.C., on behalf of the Financial Crimes Enforcement Network (“FinCEN”), filed a civil complaint against Larry Dean Harmon (“Harmon”), seeking $60 million in civil penalties for alleged violations of the Bank Secrecy Act (“BSA”) in connection with Harmon’s involvement in now-defunct cryptocurrency services Helix and Coin Ninja LLC.  The complaint seeks to obtain a judgment on FinCEN’s 2020 Assessment of Civil Money Penalty against Harmon (“Assessment”), which is attached to the complaint and includes a detailed statement of facts.

As we have blogged, Harmon previously pled guilty to operating an unlicensed money transmitter business.  Harmon’s sentencing hearing in the criminal case has been continued, and he reportedly has been attempting to cooperate with the government.  It appears that the civil complaint may represent something of a formality:  it seeks to reduce the assessment against Harmon to an actual civil judgment, upon which the government can collect in theory, in anticipation of Harmon’s criminal sentencing and any potential additional matters in which he may attempt to cooperate.

According to the complaint, starting in 2014, Harmon operated Helix, a bitcoin “mixing” service, which Harmon allegedly advertised explicitly as a way for customers to conceal their identities from the government.  The statement of facts attached to the Assessment alleged that Harmon “publicly advertised Helix on Reddit forums dedicated to darknet marketplaces, actively seeking out and facilitating high-risk transactions directly through customer service and feedback.”  Such “mixing” services – designed to maximize anonymity – increasingly have drawn the ire of the government, as reflected by the recent and controversial action by the Office of Foreign Assets Control to sanction virtual currency “mixer” – or passive technology – Tornado Cash.  

Continue Reading  DOJ Files Lawsuit for $60 Million in Civil Penalties for Alleged BSA Violations by Crypto “Mixer”