U.S. Financial Regulators Clarify Oversight of AML/CFT Obligations in Connection With Digital Asset Activities

On October 11, 2019, the leaders of the U.S. Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN) and the U.S. Securities and Exchange Commission (SEC) (together, the Agencies) issued a joint statement highlighting the application of anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA) to persons engaged in activities involving digital assets (Joint Statement). On the same day, the SEC filed an emergency action to halt a digital asset distribution, citing BSA/AML concerns.¹

Key Takeaways

1. Engaging in digital asset activities may cause the individual or entity undertaking such activities to be considered a financial institution subject to the BSA.² 
2. All persons subject to the BSA, regardless of whether they are engaged in activities involving digital assets, are required to comply with the applicable AML/CFT obligations thereunder. These obligations extend to activities related to digital assets, regardless of whether the digital assets are characterized as convertible virtual currency, securities, or commodities or derivatives.
3. Digital asset activities of entities regulated by the SEC or CFTC, including activities that FinCEN might otherwise consider “money transmission,” will be subject to the AML/CFT oversight of those regulators, regardless of whether the underlying digital asset is deemed a security or commodity.
4. The SEC emergency action to block the offering of the digital asset “Grams” on the same day as the Joint Statement indicates the resolve of federal financial regulators to take legal action to stop perceived violations of the BSA.

Background

The BSA applies to “financial institutions.” The BSA and FinCEN’s implementing regulations define a “financial institution” to include money services businesses, securities broker-dealers, mutual funds, introducing brokers in commodities and futures commission merchants, among others.³ Financial institutions are required to undertake a number of AML/CFT obligations, including the establishment and implementation of an AML program.⁴ 

Previously, the Agencies individually indicated that based on the particular facts and circumstances, digital assets may be either value that substitutes for currency, securities or commodities or commodity derivatives.⁵ 

Implications of the Joint Statement

Regardless of how a digital asset is characterized, the AML/CFT obligations of financial institutions subject to the BSA extend to such digital asset activities. However, the characterization of a digital asset has important implications for other individuals and entities engaged in digital asset activities.

Otherwise Unregulated Digital Asset Participants

Individuals and entities that are not otherwise subject to the BSA should carefully analyze their activities with respect to digital assets to determine whether such digital assets are regulated financial instruments and whether their activities with respect to those digital assets would cause them to meet the definition of a financial institution under the BSA. As stated in the Joint Statement, “it is the facts and circumstances underlying an asset, activity or service, including its economic reality and use (whether intended or organically developed or repurposed), that determines the general categorization of an asset, the specific regulatory treatment of the activity involving the asset, and whether the persons involved are ‘financial institutions’ for purposes of the BSA” (emphasis added).⁶ For example, a person who does not typically effect transactions in securities but facilitates transactions in digital assets deemed to be securities may be a broker-dealer subject to the BSA and required to implement an effective AML program, among other requirements (including registration as a broker-dealer with the SEC and the Financial Industry Regulatory Authority (FINRA)). Similarly, a business that does not transmit fiat currency but provides exchange services for convertible virtual currency may be a money transmitter subject to the BSA and required to register with FinCEN as a money services business.

Regulated Financial Institutions

Persons already regulated under the BSA as financial institutions should be mindful that their AML/CFT obligations extend to digital assets, regardless of the type of financial institution they are or the characterization of the particular digital assets in which they are involved. Accordingly, financial institutions should take care to ensure that their AML programs and related practices and procedures sufficiently address activities related to digital assets to ensure compliance with the BSA. 

The Joint Statement reminds financial institutions that certain BSA obligations “apply very broadly and without regard to whether the particular transaction at issue involves a ‘security’ or a ‘commodity’ as those terms are defined under the federal securities [and commodities] laws” (emphasis added).

For example, if a securities broker-dealer registered with and regulated by the SEC engages in the exchange of convertible virtual currencies that are not securities, it will not be regulated by FinCEN as a money services business, but it will still be required to implement a reasonably designed AML program and report suspicious activity related to such transactions. 

Telegram Emergency Action Highlights BSA Concerns

The SEC filed an emergency action and obtained a temporary restraining order against Telegram Group Inc. and its wholly owned subsidiary TON Issuer Inc. (Telegram) for conducting an alleged unregistered securities offering of digital assets.⁷ The SEC’s complaint states that the digital assets being offered, called “Grams,” are not a currency as described in marketing documents but rather securities. 

According to the complaint, Telegram indicated Grams would be integrated with its popular messaging application, Messenger. Messenger features a number of privacy features, which the SEC connects to the use of Messenger by individuals engaged in illicit activities. Telegram contemplates Messenger users to fulfill certain “Know Your Customer/Anti-Money Laundering” requirements, but the complaint notes that Telegram has stated that it “will have no access to this information.” In particular, the SEC states in the complaint that once Grams are distributed to the public, it may be difficult, if not impossible, to trace who purchased Grams. In addition, it is uncertain whether identification of parties to transactions in the secondary market for Grams will be ascertainable which further highlights the SEC’s BSA concerns with respect to the distribution of Grams.

Final Thoughts

The BSA requires financial institutions to implement and maintain robust AML/CFT compliance programs and practices. Persons involved in activities related to digital assets should ensure that neither their activities nor the regulatory characterization of a particular digital asset results in inadvertently being subject to the BSA without the requisite AML/CFT program in place. The failure to do so may result in civil and/or criminal actions taken by the Agencies. Additionally, for financial institutions subject to the BSA that have not done so already, now is the time to review AML programs to ensure that policies and procedures are reasonably designed to address any activities related to digital assets. 

¹ SEC Halts Alleged $1.7 Billion Unregistered Digital Token Offering (Oct. 11, 2019), www.sec.gov/news/press-release/2019-212.
² The Joint Statement defines “digital assets” to include instruments that may be securities, commodities or security- or commodity-based instruments such as futures or swaps under applicable law and notes that such assets may be variously referred to as virtual assets,” “crypto-assets,” “digital tokens,” “digital coins,” “digital currencies,” “cryptocurrencies,” and “convertible virtual currencies.”
³ 1 U.S. Code § 5312(a)(2); 31 CFR § 1010.100(t).
⁴ As noted in the Joint Statement, “[a]n AML Program must include, at a minimum, (a) policies, procedures, and internal controls reasonably designed to achieve compliance with the provisions of the BSA and its implementing regulations; (b) independent testing for compliance; (c) designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls and (d) ongoing training for appropriate persons. Rules for some financial institutions refer to additional elements of an AML Program, such as appropriate risk-based procedures for conducting ongoing customer due diligence.”
⁵ See Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, FIN-2019-G001 (May 9, 2019) (available at www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models) (summarizing FinCEN guidance interpreting the term “value that substitutes for currency”); Framework for “Investment Contract” Analysis of Digital Assets (April 3, 2019) (available at www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets) (providing guidance for analyzing whether a digital asset is offered and sold as an investment contract and therefore is a security); CFTC Primer on Virtual Currencies (October 17, 2017) (available at www.cftc.gov/sites/default/files/idc/groups/public/%40customerprotection/documents/file/labcftc_primercurrencies100417.pdf) (providing an overview of the CFTC’s oversight of digital assets).
⁶ See our previous Sidley Updates: Financial Crimes Enforcement Network Guidance Regarding Convertible Virtual Currencies, Wallets, ICOs, DApps and More, SEC FinHub’s Digital Asset Framework: A Guide for Issuers and Secondary Trading Markets, One Pie, Many Slices: Recent Court Decisions Carve Up SEC and CFTC Jurisdiction in Virtual Currency.
⁷ Securities and Exchange Commission v. Telegram Group Inc. et al., No. 1:19-cv-09439 (S.D.N.Y. Oct. 11, 2019).