ICOs are affected by the latest guidelines, as are privacy coin transactions. Dex’s are not.
By Rakesh Sharma
Last week, the Financial Crimes Enforcement Network (FinCEN) updated its guidelines for cryptocurrency businesses. The agency, which is tasked with cracking down on financial crimes, offered guidance mainly related to the Banking Secrecy Act (BSA), which outlines the various responsibilities and disclosures to which Money Services Business (MSBs) must adhere to be regulation-compliant.
First, before conducting business, MSBs must obtain licenses in each state of their operation. For example, Coinbase is classified as an MSB under existing regulations and has licenses for operations in 48 states. That means 48 licenses.
The licenses themselves don’t cost much. But the additional regulatory burden of compliance and associated legal fees can add up to become substantial costs, especially for startups. For outfits that are not well-funded, an MSB classification risks taking money away from other important areas, such as product development.
FinCEN’s update largely preserves the status quo of its earlier guidelines, while also extending regulatory reach into some areas of the evolving cryptocurrency ecosystem. The rollout has not been perfect. Some aspects of the new guidelines are less than clear, and have confused lawyers by using similar definitions in different contexts, or by failing to clarify new or ambiguous terms.
Here is a brief summary of the most important points contained in FinCEN’s latest guidelines, in which the agency refers to cryptocurrencies as Convertible Virtual Currencies (CVC).
What’s different from FinCEN’s 2013 guidelines?
Not a lot. For the most part, FinCEN has reiterated its policy on the role of cryptocurrency exchanges as MSBs. The latest version adds the agency’s more recent thoughts on new developments in the cryptocurrency ecosystem, such as decentralized apps (dApps), Bitcoin ATMs, and privacy-focused coins.
What are the implications of the agency’s inclusion of dApps?
Recent months have seen an explosion in the use of decentralized apps on blockchain platforms. One estimate puts the number of dApps in the cryptocurrency ecosystem at 2,667. FinCEN is primarily concerned with the flow of fees, paid by app users, within the dApp ecosystem. The agency points out that the fees ultimately accrue to the owner/operator of such applications. “When dApps perform money transmission the definition of money transmitter will apply to the dApp, or both,” it states.
Essentially, this means that a user making a payment in cryptocurrency to the owner/operator of a dApp is engaging in money transmission, and will have to comply with regulations such as those related to anti-money laundering (AML) and Know your Customer (KYC). For dApp users, this means that they will need to furnish identification information. Owners/operators of dApps, meanwhile, will have to comply with disclosure policies related to AML and KYC. This could mean additional costs in the form of compliance fees. This has raised some eyebrows. Jake Chervinsky, a crypto lawyer, points out that the “owner/operator” terminology might be incorrect in the context of the crypto ecosystem.
What about online wallets?
In its guidelines, FinCEN addresses three types of wallets: hosted wallets, unhosted wallets and multi-signature wallets. Hosted wallets, or wallets that are provided by third-parties to users, are considered MSBs. Wallets of this type include those provided by exchanges for trading and storing cryptocurrencies. Unhosted wallets, or wallets that are hosted on an individual’s computer and used for personal transactions, are not considered MSBs. The vast majority of crypto wallets are hosted wallets. Multi-sig wallets are wallets that use multiple cryptographic signatures or keys for security. They may or may not be MSBs, depending on the circumstances and type of transactions being serviced. For example, if a multi-sig wallet is combined with an unhosted wallet, the resulting combination is not considered an MSB. For example, neither Electrum, an unhosted multisig bitcoin wallet, nor Ledger, a third-party hardware wallet, are considered MSBs.
Are ICOs affected by FinCEN’s latest guidance?
Yes. An ICO made to a select group of investors is a form of money transmission, according to FinCEN. This is because “at the time of the initial offering, the seller is the only person authorized to issue and redeem (permanently retire from circulation) units of CVC.” In the updated document, the agency mostly directs entrepreneurs to the SEC and CFTC for rules on ICO compliance. However, it states that the development of dApps using ICO funding constitutes the production of goods and services, and therefore falls outside the realm of MSB activity.
What other crypto-related services are affected by FinCEN’s guidance?
CVC kiosks, or Bitcoin ATMs in popular parlance, are also considered money transmission businesses under the guidelines. This is because they enable the conversion of fiat currencies into crypto (and, in some cases, the sending and receipt of value in the form of money).
Transactions and transfers with privacy-focused coins, like Monero, are also considered subject to money-transmission regulations, according to FinCEN. The agency has collected its thoughts regarding cryptocurrency businesses under the subhead, “Anonymity-enhanced CVCs,” a definition that covers cryptocurrency transactions structured to hide transaction information, and transactions that use privacy coins.
According to FinCEN, such transactions are considered to be money transmission transactions, and thus subject to MSB regulations. An exception is made for the software developers of such coins or services, because they are understood to be engaged in production, not transmission.
It’s important to note that the guidelines seem to conflate privacy-focused coins and the businesses that use them. For example, the agency writes that a money transmitter that operates in “anonymity-enhanced CVCs (privacy coins) for its own account or for the account of others (regardless of the frequency) is subject to the same regulatory obligations as when operating in currency, funds, or non-anonymized CVCs.” In other words, businesses or individuals that use privacy coins are subject to FinCEN regulations.
However, privacy-focused coins anonymize important information, such as owner and recipient details, that is explicitly required in AML and KYC laws. Requiring the owner/operator of a business that uses these coins to collect information about their customers could have important implications for their core service of enabling anonymous transfers on a blockchain.
Finally, decentralized exchanges, increasingly touted as the future of cryptocurrency trading, are not considered money transmission businesses in the new guidelines. The exceptions are those that host online wallets, or parties and counterparties, that utilize their services to settle a transaction.