Cryptocurrency Regulations & Best Practices
By Tamara Gunawardana
The U.S. cryptocurrency industry has doubled down its focus on regulatory compliance after increasing pressure from regulators that has culminated in recent enforcement actions and bad press. Coinbase, America’s largest cryptocurrency exchange had an insider trading scandal and class action lawsuit around the launching of Bitcoin cash. The Securities and Exchange Commission also received multiple complaints about fraud on their exchange related to a lack of anti-money laundering “AML” controls. In 2015, FinCEN issued their first enforcement order against San Francisco based Ripple Labs, Inc. They were assessed a $700 thousand civil fine for not implementing a comprehensive AML compliance program and specifically not reporting suspicious activity/transactions to FinCEN as required under the Bank Secrecy Act “BSA” . Coinbase and the cryptocurrency industry as a whole had no choice but to quickly invest more on ensuring compliance with BSA and state licensure compliance requirements to avoid the strategic, operational, financial and reputational risks of not doing so.
Over the past decade, U.S. regulators have debated the proper compliance requirements and jurisdictional authority over the cryptocurrency fin-tech industry causing some confusion. The Federal Office of Comptroller of the Currency “OCC” and the State of New York have been publicly opposing each other over the jurisdictional authority of the industry. It is not clear how the tug of war over legal jurisdiction by federal and state regulators will end. From a regulatory perspective, a set of uniform rules may emerge to regulate the industry as a whole or it could get even more fragmented. Consequently, it has been a challenge for the industry itself to determine how to maintain compliance with these various regulatory and sometimes competing frameworks.
Currently, the industry must comply with the BSA and FinCEN guidance which deems both cryptocurrencies (Bitcoin, Ethereum and Tron) and cryptocurrency exchanges (Coinbase) are types of money services businesses “MSBs” under the law. A MSB is required to obtain and maintain licenses in the State(s) in which they are incorporated and/or conducting business and register with FinCEN as a MSB . This requires MSBs have a documented and multi-faceted AML compliance program with a robust transaction monitoring and KYC components. The program must assess all laws, risks, and controls and be tested and updated on an ongoing basis.
A best practice cryptocurrency MSB compliance program should also review the applicability of different financial services compliance best practices such as unrequired training, criminal background checks of employees, insider trading policies and the hiring of Chief Compliance Officers. TRON, currently the 11th largest cryptocurrency by market capitalization is in the process of hiring a Chief Compliance Officer. Coinbase was the first to start this trend. Companies may also find value in benchmarking themselves against not only peers but traditional financial services companies with long-term sterling compliance records.
The cryptocurrency industry must continue to focus on improving their compliance programs. We know the regulations will likely change in this newly created industry. Therefore, It is strongly recommended that MSBs create a strong compliance culture and tone at the top, a key to every world-class compliance program. This will allow the industry to stay ahead of compliance curve by investing in experienced compliance personnel who can design compliance programs covering all aspects of current AML and MSB requirements and stay abreast of regulatory changes. CCOs and compliance personnel should also review financial industry best practices and determine applicability on an ongoing basis. This cannot be done soon enough to help the industry avoid the strategic, operational, financial and reputational risks of not doing so.