Navigating FinCEN's Latest Guidance

The 2019 Guidance

As the cryptocurrency landscape proceeds to blossom, regulatory bodies like the Financial Crimes Enforcement Network, or “FinCEN,” continue to play a crucial role in shaping the industry’s legal framework. For a brief discussion on the history of FinCEN’s entanglement with crypto, see our article Evolution of FinCEN’s Crypto Guidance.

FinCEN’s latest guidance, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, was released in May 2019, and provides various examples of, and expands upon, the categories of “user,” “exchanger,” and “administrator” that were introduced in its 2013 guidance, Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies.

While originally targeting exchanges for operating as money transmitters, FinCEN has since expanded its interpretation to include hosted wallet providers as “exchangers,” and token issuers as “administrators.” In its latest guidance, FinCEN provides us with updated directives specifically addressing crypto activities falling under the realm of money transmission. With an increasing number of businesses engaging in crypto-related transactions, this guidance holds significant implications for both established players and emerging startups in the space.

In this article, we delve into FinCEN’s latest guidance on cryptocurrency and its impact on businesses operating as money transmitters, exploring the key provisions and compliance considerations essential for navigating this rapidly-evolving regulatory landscape. We will also analyze some of the guidance’s shortcomings, and the questions that have inevitably been summoned when attempting to apply regulations designed for the traditional banking system to blockchain technology. If putting a square peg in a round hole is difficult, make the square shape-shifting and you will understand the difficulties of trying to fit an expansive and dynamic technology like blockchain into a framework designed for intermediary-based, legacy banking.

Curious Cases

From fundraising ICOs to internet casinos, payment processors to mixers, multisig wallets to CVC kiosks, and decentralized exchanges to mining pools, FinCEN did its best to cover its bases by providing as many broad examples as it could. From there, FinCEN left it to seasoned lawyers to extrapolate those examples to the multitude of other products and services that exist in the crypto space, and determine whether any given activity is covered “money transmission” requiring registration with FinCEN. While each example has its benefits, and understanding each is necessary to understanding the whole, this section will highlight just a few of the more knotty cases and discuss their implications for those seeking to maintain compliance in the space.

Wallets

Acknowledging the many variations and complexities of wallets, FinCEN laid out four elements that determine the regulatory treatment of such intermediaries: (1) who owns the value; (2) where the value is stored; (3) whether the owner interacts directly with the payment system where the CVC runs; and, (4) whether the person acting as intermediary has total independent control over the value. From there, FinCEN applied these factors to two illustrative examples: the difference between hosted and unhosted wallets, and the effect of adding multiple signature requirements to a wallet.

Hosted v. Unhosted

Hosted wallets are wallets where user funds are controlled by third parties, whereas unhosted wallets are wallets where users control the funds. FinCEN made clear: “[h]osted wallet providers are account-based money transmitters that receive, store, and transmit CVCs on behalf of their accountholders, generally interacting with them through websites or mobile applications.” FinCEN then added that the regulations applying to the host vary depending on: (a) whether the wallet owner is a financial institution, agent, or foreign or domestic counterparty and (b) the type of transactions channeled through the wallet, but failed to provide any color on what the variations may be.

Unhosted wallets, on the other hand, are software hosted on a person’s computer, phone, or other device that allow the person to conduct transactions in CVC, and do not require an additional third party to conduct transactions. Unhosted wallets, therefore, do not qualify as money transmitters as long as the person executing a transaction through the unhosted wallet is doing so to purchase goods or services on the user’s own behalf.

For those offering wallet-related services, it is important to remember the factors FinCEN analyzes, and understand how they apply to the services provided. When it comes to wallet services, FinCEN appears to be primarily concerned with who controls the flow of funds and whether the owner is interacting directly on-chain.

In hosted wallets, someone other than the owner of the value controls transactions and has the ability to veto, or block, any given transaction because they “host” the funds on behalf of the funds’ owner. In unhosted wallets, on the other hand, the user is in ultimate control as the funds reside on a device they own and control. Thus, when offering wallet services, it is important to consider whether the wallet is hosted or unhosted, and the pros and cons of each design.

Multisig Wallets

Multiple-signature (“multisig”) wallets are those that require more than one private key for the wallet owner(s) to execute transactions. Typically, wallet owners maintain one private key locally, while the multisig wallet provider—or another designated entity—maintains the other private key for additional validation. When a wallet owner seeks to execute a transaction, they will usually submit to the provider a request that is signed with the wallet owner’s private key, and once the provider verifies this request, they will validate and execute the transaction using the second key.

FinCEN clarified that multisig wallet providers who restrict their role to creating unhosted wallets that require adding a second authorization key to the wallet owner’s private key in order to validate and complete transactions, the provider is not a money transmitter because it does accept and transmit value, but those who combine the services of a multisig wallet provider with a hosted wallet provider are money transmitters.

Careful not to give the impression that the question of whether wallet providers are money transmitters is as simple as hosted versus unhosted, FinCEN concluded by warning that “if the value is represented as an entry in the accounts of the provider, the owner does not interact with the payment system directly, or the provider maintains total independent control of the value, the provider will also qualify as a money transmitter, regardless of the label the person applies to itself or its activities.” Here, FinCEN tells us how each factor weighs for multisig wallets, and leaves it to developers and entrepreneurs to balance the risks and rewards of each configuration.

What FinCEN doesn’t make clear, however, is why multisig wallet providers that restrict their role to creating unhosted wallets that require adding a second authorization key to the wallet owner’s private key in order to validate and complete transactions do not have “total independent control of the value,” given that they have the ability to veto the transaction with the second key. Thus, it appears to be a combination of hosting the wallet (i.e., providing access to the wallet) as well as maintaining some control over the funds, via an additional signature requirement, or representing the value as an entry in the provider’s accounts, that FinCEN views as covered money transmission.

Decentralized Apps (“DApps”)

FinCEN did not shy away from the complications that arise from decentralization, instead choosing to address decentralization head-on and make clear that Decentralized Apps (DApps) cannot hide behind decentralization to avoid BSA regulations. FinCEN explained that “when DApps perform money transmission, the definition of money transmitter will apply to the DApp, the owners/operators of the DApp, or both.” If considering offering, or joining a community that offers, an exchange, wallet service, mixing pool, or any of the other manifold applications that are offered by blockchain technology, it is important to remember that the mere fact that the application is decentralized will not necessarily insulate those owning or operating the application from liability.

Mixers

FinCEN defines mixers as “[p]roviders of anonymizing services,” and differentiates between anonymizing services providers and anonymizing software providers. Anonymizing services providers are persons that accept CVCs and retransmit them in a manner designed to prevent others from tracing the transmission back to its source, and anonymizing software providers are suppliers of software a transmittor (or one who initiates a transaction, as opposed to a transmitter, or one who executes a transaction) would use for the same purpose. FinCEN made clear that anonymizing service providers are money transmitters, while anonymizing software providers are not, again emphasizing control over the funds.

FinCEN also made clear that anonymizing service providers were not exempt under the integral exemption, because that exemption requires “the person’s business [to] be different from money transmission itself, and the money transmission activity must be necessary for the business to operate…FinCEN determined that the added feature of protecting consumers’ information did not constitute an activity separate from the funds transmission itself, because the need to protect the consumers’ personal and financial information only arose in connection with the transmission of funds.”

In contrast, anonymizing software providers are exempt from the definition of money transmitter as those persons providing “the delivery, communication, or network access services used by a money transmitter to support money transmission services.” FinCEN reasoned that “suppliers of tools (communications, hardware, or software) that may be utilized in money transmission, like anonymizing software, are engaged in trade and not money transmission.”

Thus, if considering offering mixing services, it may be worthwhile to consider offering software instead, and charging a monthly subscription fee. What FinCEN does not tell us, however, is how Software as a Service, or SaaS, solutions will be viewed. On the one hand, the software aspect is considered a tool offered in trade rather than transmission, while on the other hand, the service aspect could be viewed as transmission. Depending on the service provided by the software, and the structure of the arrangement, those offering SaaS solutions in the mixing space would do themselves well by consulting an attorney.

Payment Processors

Despite the payment processor exemption, which says that persons who only “[a]ct as a payment processor to facilitate the purchase of, or payment of a bill for, a good or service through a clearance and settlement system by agreement with the creditor or seller,” FinCEN explained that cryptocurrency payment processors fall within the definition of a money transmitter because they fail to satisfy all the required conditions for the exemption.

To be eligible for the payment processor exemption, a person must: (1) facilitate the purchase of goods or services, or the payment of bills for goods or services (not just the money transmission itself); (2) operate through clearance and settlement systems that admit only BSA-regulated financial institutions; (3) provide its service pursuant to a formal agreement; and (4) enter a formal agreement with, at a minimum, the seller or creditor that provided the goods or services and also receives the funds.

As FinCEN pointed out, those operating in the crypto space will almost always fail the second requirement, as few, if any, clearance and settlement systems exist that admit only BSA-regulated financial institutions. However, that is not to say that they do not exist, or cannot exist. As more compliant companies enter the space, this hurdle will seem less insurmountable, and FinCEN will be forced to reconsider its position that payment processors fail to satisfy all the required conditions.

Trading Platforms and Decentralized Exchanges

In its discussion on trading platforms and decentralized exchanges, FinCEN delineated between those platforms that merely match buyers and sellers, and those that match buyers and sellers and also help execute the transaction.

FinCEN regulations exempt from money transmitter status those persons who only provide the delivery, communication, or network access services used by a money transmitter to support money transmission services. In that regard, FinCEN explained in its 2019 Guidance that crypto trading platforms that “only provide[] a forum where buyers and sellers of [crypto] post their bids and offers (with or without automatic matching of counterparties), and the parties themselves settle any matched transactions through an outside venue (either through individual wallets or other wallets not hosted by the trading platform), the trading platform does not qualify as a money transmitter.”

On the other hand, trading platforms that, when transactions are matched, purchases the crypto from the seller and sells it to the buyer, then the trading platform is acting as an exchanger, and qualifies as a money transmitter and is subject to its accompanying BSA obligations.

Fundraising via ICOs

FinCEN also swept those selling crypto in an ICO under the umbrella of money transmitter, explaining how they are administrators because “at the time of the initial offering the seller is the only person authorized to issue and redeem … the new units of [crypto].” It does not matter whether the exchange of crypto for another type of value is instantaneous or deferred to a later date, or whether the sale pertains to an application or platform that is already operational or goes toward one that is under development. Thus, those considering an ICO will likely need to register as an MSB, unless the ICO also qualifies as a security offering, and the company registers with the SEC. In either case, consulting an attorney is the best way to ensure compliance, and avoid violating regulations that can carry severe punishments.

Conclusion

FinCEN’s latest guidance on cryptocurrency and money transmission underscores the agency’s commitment to adapting regulatory frameworks to address the unique challenges posed by digital assets. By providing clarity on regulatory requirements, FinCEN aims to foster innovation while mitigating the risks associated with crypto-related transactions.

Businesses potentially operating as money transmitters in the cryptocurrency space must carefully review and implement the guidance to ensure compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations. Staying informed about regulatory developments and actively engaging with regulators will be paramount for navigating the evolving regulatory landscape effectively. As the industry continues to mature, proactive compliance efforts will not only safeguard businesses, but also contribute to building trust and legitimacy in the broader financial ecosystem.

Whether you are an investor, entrepreneur, or business involved in cryptocurrency, our team is here to provide the legal counsel needed to maneuver this complex landscape. If you believe we can be of assistance, schedule a consultation here.