This article was written by Leonie Tear, Richard Mertl, Aaron Wolfson and Nikita Ajwani
The United States (“US”) government has continued its drive to regulate virtual currencies through the first half of 2019. Its chief tools have been:
- the introduction of new FinCEN guidance; and
- sanctions and enforcement action targeting foreign financial institutions that deal with sanctioned virtual assets.
We discuss the implications of both below.
On 9 May 2019, the Financial Crimes Enforcement Network (“FinCEN”) issued guidance (“Guidance”) on how the regulation of money services businesses (“MSBs”) under the Bank Secrecy Act (“BSA”) applies to business models involving, what FinCEN describes as, “convertible virtual currencies” (“CVCs”).
Importantly, the Guidance does not establish new requirements; it consolidates existing FinCEN regulations and rules and applies them to modern business models involving CVCs. This means that CVC businesses operating as money transmitters are required to register with FinCEN as MSBs and comply with BSA obligations such as:
- maintaining a culture of compliance supported by senior leadership;
- maintaining an effective risk based anti-money laundering and counter terrorist financing (“AML/CTF”) program. In this regard, FinCEN has also issued an Advisory on Illicit Activity Involving Convertible Virtual Currency to assist financial institutions in identifying “red flags” indicating the criminal exploitation of CVCs;
- ensuring the AML/CTF program includes putting in place policies and procedures relating to customer due diligence, recordkeeping, transaction monitoring and suspicious transaction reporting; and
- to the extent that any of its transactions constitute a transmittal of funds , complying with the recordkeeping requirements under the Funds Transfer Rule  and the information sharing requirements under the Funds Travel Rule .
These requirements apply to domestic and foreign located CVC money transmitters doing business in whole or substantial part within the United States.
Who qualifies as a “money transmitter”?
A CVC will generally qualify as a money transmitter if its activities include receiving a form of value from one person and transmitting it in any form to another person or location. A person that provides only delivery, communication or network access services to support a money transmission service (eg software providers) are not considered money transmitters. The Guidance emphasises that FinCEN interprets these exemptions very strictly, only applying them where a person fully conforms to the exemption based on its actual activities, not the label it gives itself.
The Guidance offers a non-exhaustive set of examples of CVC business models to which FinCEN’s money transmission regulations may apply, including:
- natural persons providing CVC money transmission (“P2P Exchangers”);
- hosted wallet providers;
- CVC kiosks (also referred to as ATMs or vending machines);
- decentralised applications – ie, a software program that operates a P2P network running a blockchain platform that is not controlled by a single person / group or administrator;
- a money transmitter that operates anonymity-enhanced CVCs for its own account or for the accounts of others (regardless of the frequency). Anonymity enhanced CVC transactions are those that are denominated in regular types of CVC but structured to conceal information otherwise available through the CVC’s native distributed public ledger or privacy coin transactions;
- CVC payment processors – interestingly, these are not eligible for the payment processor exemption because they do not satisfy all the required conditions such as operating through clearance and settlement systems that admit only BSA regulated financial institutions; and
- CVC denominated gambling businesses.
The guidance lists specific business models involving virtual currencies that may be exempt from the definition of money transmission, including the following:
A word of caution
The Guidance makes it clear that whilst it may refer to a pattern of activity as a business model using labels known to the industry (as above), the label does not determine the regulatory application – it is what the business does that counts.
Failing to comply with the BSA carries serious consequences that should not be taken lightly. An MSB is subject to FinCEN regulations. It is a federal crime for anyone to operate an MSB without proper licensing. MSBs need to (1) register with FinCEN, (2) develop, implement, and maintain AML programs designed to prevent the MSB from being used to facilitate money laundering or terrorist financing, and (3) establish recordkeeping and reporting measures, including filing Suspicious Activity Reports and Currency Transaction Reports with FinCEN. FinCEN has warned that CVC MSBs must do their compliance homework right from the start – not just wait until after they get a call from regulators or law enforcement.
FinCEN can and will issue fines for non-compliance. For example, an individual P2P Exchanger, Eric Powers, was recently fined US$35,350 for failing to register as an MSB, having no written policies in place to ensure compliance with the BSA and failing to report suspicious transactions.
Financial institutions and businesses engaged in emerging business activities involving CVC are well advised to study and become familiar with the new FinCEN Guidance on CVC and MSB.
The long arm of OFAC
The United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) took action in relation to virtual assets by placing Evrofinance Mosnarbank (“Evrofinance”) under US sanctions for its alleged connections with the sanctioned Venezuelan virtual asset, the Petro.
Evrofinance is a Moscow-based bank, jointly owned by Russian and Venezuelan state entities, and was sanctioned under OFAC’s powers to sanction foreign financial institutions.
OFAC views the Venezuelan Petro as an attempt by the “illegitimate” Nicolas Maduro (“Maduro”) regime to circumvent US financial sanctions targeting Venezuela. Evrofinance is alleged to have been the primary international financial institution willing to finance the Petro.
US sanctions on Venezuela commenced in March 2015 and significantly increased during 2018 and early this year with the issuance of four additional Executive Orders (“EOs”). This was in response to what OFAC describe as a:
“historic economic and humanitarian collapse caused by extreme corruption and mismanagement” by the Maduro regime.
Maduro has refused to accept the legitimacy of the 2018 election of opposition leader Juan Guaido, who has the support of the US and other Western countries.
On 19 March 2018, OFAC issued EO 13827 prohibiting US persons from taking part in any dealings with any “digital currency, digital coin or digital token” that was issued by, for, on behalf of the Government of Venezuela. According to EO 13827, Maduro issued the Petro in an attempt to circumvent US sanctions. OFAC FAQ 564 makes it clear that this applies to the Petro and “petro-gold”.
On 28 January 2019, OFAC designated Petroleos de Venezuela SA (“PdVSA”), a Venezuelan state-owned oil company which OFAC has accused of having:
“long been a vehicle for corruption, embezzlement and money laundering by Maduro and his cronies”.
Sanctions are expected to stay in place against PdVSA until control of the oil sector rests with a US-recognised Venezuelan government. A series of General Licenses are in place authorising certain transactions with PdVSA (these are complex and different in nature and we are able to provide guidance if need be on those sanctions).
OFAC alleges that investors in the Petro were invited to purchase the Petro by wiring funds to an account held on behalf of the Venezuelan government at Evrofinance. According to OFAC:
“Evrofinance’s involvement in the Petro demonstrated Maduro’s hope that the Petro would allow Venezuela to circumvent U.S. financial sanctions.”
OFAC have stated that whilst most US and European based financial institutions have cut ties with Maduro’s regime, Evrofinance has continued its relationship with the regime and seen significant asset rises as a result. This included having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to, or in support of, PdVSA, in addition to funding the Petro. A statement on Evrofinance’s website in May 2018 (in Russian) denies all such connections.
What are the implications?
All property and interests in property of Evrofinance and of any entities that are owned, directly or indirectly, 50 percent or more, by Evrofinance, that are in the United States or in the possession or control of US persons are blocked and must be reported to OFAC. OFAC’s regulations generally prohibit all dealings by US persons or within (or transiting) the US that involve any property or interests in property of blocked or designated persons, such as Evrofinance.
Financial institutions and other businesses will need to analyse how this action could impact them and any ongoing relationships they may have with Evrofinance. This analysis should already be at an advanced stage in relation to winding down transactions with PdVSA.
Any business operating in whole or in part in the US should assess whether it is, or may be, required to register under the BSA. Failure to do so can have serious consequences.
Those operating in and through the US must take steps to put in place robust financial crime controls that comply with US laws and regulations. This should include sanctions screening of the OFAC lists; and governance, training, and transaction monitoring to enable suspicious activity to be identified and appropriately reported. The Petro is not the only virtual asset subject to US sanctions. As we have previously commented, individual addresses also appear as SDN identifiers. Virtual asset service providers need processes in place that allow them to be vigilant in relation to customer due diligence processes and the virtual assets they are willing to do business with.
We continue to work with banks, virtual asset service providers, and industry groups in relation to anti-money laundering, counter terrorist financing, and sanctions compliance. Please contact us if you require assistance.
 We prefer the term “asset” to currency but adopt FinCEN’s terminology here.
 As defined at 31 CFR § 1010.100 (ddd).
 See 31 CFR § 1010.410(e).
 See 31 CFR § 1010.410(f).
 While this article does not go into detail on the meaning of each business model, the Guidance specifically explains the scope and meaning of each “business model”. Please refer to the Guidance for more detail on what defines the business models.
The authors of this article are financial crime and fintech experts qualified to practice law in the United States, Hong Kong, England & Wales. The statements in this article represent opinion and interpretations only and are not to be construed as legal advice under any circumstances. If you believe that the U.S. law discussed in this article may apply to you and / or your organisation or if you have any questions, you may contact us for advice.