FinCEN and Virtual Currency
by Amy Kleinschmit
Chief Compliance Officer
5/16/2019

The Financial Crimes Enforcement Network (FinCEN) has issued a couple nuggets of information that are – or should be – of interest to the BSA folks.

FinCEN recently issued, FIN-2019-G001 - Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, which can be found here, and FIN-2019-A003 - Advisory on Illicit Activity Involving Convertible Virtual Currency, which can be found here.

FIN-2019-A003 was issued by FinCEN to “assist financial institutions in identifying and reporting suspicious activity concerning how criminals and other bad actors exploit convertible virtual currencies (CVCs) for money laundering, sanctions evasion, and other illicit financing purposes, particularly involving darknet marketplaces, peer-to-peer (P2P) exchangers, foreign-located Money Service Businesses (MSBs), and CVC kiosks.”

As noted in the advisory, “According to FinCEN’s analysis of BSA and other data, illicit actors have used CVCs to facilitate criminal activity such as human trafficking, child exploitation, fraud, extortion, cybercrime, drug trafficking, money laundering, terrorist financing, and to support rogue regimes and facilitate sanctions evasion. Additionally, the increased use of CVC has made legitimate users and financial intermediaries the target of sophisticated cyber intrusions aimed at theft of CVC. Of particular concern is that CVC has come to be one of the principal payment and money transmission methods used in online darknet marketplaces that facilitate the cybercrime economy.”

The advisory further explains/defines darknet marketplaces, unregistered peer-to-peer exchangers, unregistered foreign-located MSBs, and CVC Kiosks. It then includes a number of red flags that financial institutions can use in evaluating potential abuses involving abuse of virtual currencies.

Some examples include –

  • A customer receives multiple cash deposits or wires from disparate jurisdictions, branches of a financial institution, or persons and shortly thereafter uses such funds to acquire virtual currency.
  • A customer receives a series of deposits from disparate sources that, in aggregate, amount to nearly identical aggregate funds transfers to a known virtual currency exchange platform within a short period of time.
  • Customer’s phone number or email address is connected to a known CVC P2P exchange platform advertising exchange services.
  • A customer conducts transactions with CVC addresses that have been linked to extortion, ransomware, sanctioned CVC addresses, or other illicit activity.
  • A customer significantly older than the average age of platform users opens an account and engages in large number of transactions, suggesting their potential role as a CVC money mule or a victim of elder financial exploitation.
  • A customer shows limited knowledge of CVC despite engagement in CVC transactions or activity, which may indicate a victim of a scam.
  • A customer declines requests for “know your customer” documents or inquiries regarding sources of funds.

These are just a few of the 30 “red flags” listed in the advisory. Credit unions should review this advisory and the “red flags”.

With regard to the SAR, the advisory details the information that would be useful to law enforcement when investigating. Therefore, be sure to include this information in the SAR form and narrative, as applicable, when suspicious activity may involve CVC - virtual currency wallet addresses; account information; transaction details (including virtual currency transaction hash and information on the originator and the recipient); relevant transaction history; available login information (including IP addresses); mobile device information (such as device IMEI); information obtained from analysis of the customer’s public online profile and communications.

FinCEN requests that financial institutions reference this advisory by including the key term: “CVC FIN-2019-A003” in the SAR narrative to indicate a connection between the suspicious activity being reported and possible illicit activity involving CVC. Using the new, mandatory SAR Form that took effect on January 1, 2019, financial institutions should reference this advisory using the above key term in SAR field 2 (“Filing Institution Note to FinCEN”).

Enforcement Action

This guidance follows last month’s enforcement action and civil money penalty that was issued by FinCEN. The basis of the civil money penalty was that the individual was a “money transmitter” and therefore violated Bank Secrecy Act’s requirements regarding Money Service Businesses (MSB). Specifically, he failed to (a) register as an MSB with FinCEN; (b) establish and implement an effective written anti-money laundering (AML) program; (c) detect and adequately report suspicious transactions; and (d) report currency transactions.

We have discussed MSB requirements in the past, therefore, the focus of this article is not to review that, rather to discuss that the particular individual was required to register as an MSB with FinCEN because he operated as an exchanger of convertible virtual currency. Thus, FinCEN’s enforcement action was focused on an exchanger of convertible virtual currency being a money transmitter, which is an MSB. This is consistent with FinCEN previously issued guidance from 2013 and serves as a good reminder of FIN-2013-G001, Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies. In its press release, FinCEN notes that this is its first enforcement action against a peer-to-peer virtual currency exchanger and the first instance in which it has penalized an exchanger of virtual currency for failure to file CTRs.  

As discussed in the enforcement action, “Between December 6, 2012 and September 24, 2014, Mr. Powers conducted over 1,700 transactions as a money transmitter. He did so as a peer-to-peer exchanger of the convertible virtual currency bitcoin, purchasing and selling bitcoin to and from others. Mr. Powers was not simply a “user” of virtual currency (i.e., someone who obtains and uses convertible virtual currency to purchase real or virtual goods or services for his own benefit). Exchangers of convertible virtual currency, like Mr. Powers, are “money transmitters” as defined in 31 C.F.R § 1010.100(ff)(5),7 as well as “financial institutions” as defined in 31 C.F.R § 1010.100(t), and must comply with BSA regulations.”

Among, the individual’s violations of BSA and MSB requirements to implement an adequate anti-money laundering program (AML). The enforcement action notes, “In fact, in March 2013 Mr. Powers publicly stated on the Internet he would assist customers that wanted to circumvent AML obligations. Further, while acting as a virtual currency exchanger, Mr. Powers did not file any BSA reports and had no written procedures for doing so.”

 

Please contact Amy Kleinschmit with any of your compliance related questions.

 

 

<< Go to Memo List