On October 11, 2019, the chairman of the U.S. Commodity Futures Trading Commission (“CFTC”), the director of the Financial Crimes Enforcement Network (“FinCEN”), and the chairman of the U.S. Securities and Exchange Commission (“SEC”) issued a joint statement (the “Joint Statement”) to remind persons and entities engaged in activities involving digital assets of their Anti-Money Laundering Countering the Financing of Terrorism (“AML/CFT”) obligations under the Bank Secrecy Act (“BSA”).
The Joint Statement reminds market participants that the AML/CFT obligations apply to entities the BSA defines as “financial institutions,” such as future commission merchants and introducing brokers obligated to register with the CFTC, money services business as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. Primarily amongst the AML/CFT obligations is the requirement to develop and implement an effective anti-money laundering program and record keeping and reporting requirements, including requirements for reporting suspicious activity.
The BSA, among other things, requires certain regulated entities, including financial institutions, to develop and implement AML compliance programs reasonably designed to assure and monitor compliance with the BSA and its implementing regulations. At a minimum, a regulated entity’s AML compliance program must include:
- A system of internal controls to ensure ongoing compliance;
- Independent testing of AML compliance;
- Designation of an individual or individuals responsible for managing BSA compliance;
- A comprehensive training program for appropriate personnel; and
- A customer identification program.
In recent years, regulators have also made it clear that the AML compliance programs must be tailored to the products offered, customer demographics, and the transaction history. In sum, financial institutions must take a hard look at their individual characteristics and develop an AML program that is reasonably designed to prevent bank customers from using financial systems for illicit purposes. Given the growth of virtual currencies and potential risks associated with the use of virtual currency for illicit purposes, it should come as no surprise that regulators are increasingly focused on ensuring that regulated entities appropriately update their AML/CFT compliance programs to take the risks associated with virtual currency into account.
The Joint Statement makes clear that the regulation of virtual currencies and digital assets in the United States will continue to be developed and overseen by multiple regulatory agencies. To determine which agency’s regulations and obligations thereunder apply, one must look to the nature of the respective digital asset-related activities and the characteristics of the respective digital asset or virtual currency. The Joint Statement includes a warning that the label or terminology used by market participants to describe the respective activity or digital asset will not impact the specific regulatory treatment afforded such activity or asset.
In sum, digital assets present a number of regulatory challenges for covered persons and entities, which will need to develop specific, effective processes in order to satisfy their AML/BSA obligations. In light of these challenges, as well as heightened expectations of government stakeholders, covered persons and entities should review and update existing policies, procedures, and systems to ensure they have the necessary infrastructure to deal with the unique regulatory issues presented by digital assets and currency.
