In recent years, we’ve seen many headlines about crypto scams, money laundering and eye-popping hacks draining millions from accounts and funds. Unfortunately, lawlessness on the crypto wild west frontier continued in 2022, with high-profile arrests and Chainalyis reporting that four deposit addresses received over $1 billion in illicit funds last year.
The emergence of cryptocurrency presents unique challenges for all stakeholders as governments grapple with uncertainty about integrating digital currencies into their financial systems and global transactions.
Cryptocurrency compliance regulations are evolving in real-time; they are not yet set in stone. The current landscape is very complex as regulatory requirements and obligations vary depending on the jurisdiction. Cryptocurrency businesses must track moving targets of regulations from multiple jurisdictions and agencies, while at the same time complying with privacy laws which are also evolving.
A major driver of the demand for regulation is to detect, prevent and prosecute criminal activity. As noted, criminal organizations have been using cryptocurrency to launder money for years, and other financial crimes are still all too common. Governments and regulators are scrambling to get on top of the situation and reverse a disturbing growth pattern in the trend, as shown below:
Let’s look at an overview of the current cryptocurrency compliance regulations through the lens of preventing criminal activity. The financial crimes compliance category is broadly referred to as AML or anti-money laundering.
Overview of the Global AML Crypto Compliance Regulatory Landscape
The global AML regulatory landscape for cryptocurrencies is complex and still evolving. The map below shows the general adoption status for global crypto.
Many crypto businesses are international, and they need to be aware of the cryptocurrency regulatory requirements in each country where they operate. Below is a sampling of some key regulatory bodies and laws that cryptocurrency businesses must consider, especially for AML compliance.
Several regulatory bodies enforce AML rules for crypto in the US:
FinCEN (Financial Crimes Enforcement Network) is a bureau of the US Department of the Treasury responsible for enforcing AML laws and regulations for all financial institutions, including cryptocurrency businesses.
FinCEN has issued guidance on applying AML regulations to virtual currency businesses and proposed rules that would require virtual currency exchanges to maintain records and file reports on transactions over certain thresholds.
- The SEC (Securities and Exchange Commission) also plays a role in enforcing AML regulations for crypto. While the SEC primarily regulates securities offerings, it has also taken enforcement action against crypto businesses for violations of AML regulations.
- CFTC (Commodity Futures Trading Commission) regulates commodities and futures markets, including certain cryptocurrency derivatives. The CFTC has also taken enforcement action against crypto businesses for violations of AML regulations.
- State regulations: Further complicating the regulatory landscape, some states in the US have also enacted their own AML regulations that apply to cryptocurrency businesses operating within their borders.
European Securities and Markets Authority (ESMA): The ESMA has issued guidance on regulating cryptocurrencies and ICOs in the EU.
Financial Conduct Authority (FCA): The FCA has issued guidance on regulating cryptocurrencies and stated that cryptocurrencies might fall under its jurisdiction if classified as financial instruments.
Monetary Authority of Singapore (MAS): MAS has issued guidance on regulating cryptocurrencies and has established a regulatory framework for cryptocurrency exchanges and ICOs.
Japan Financial Services Agency (FSA): The FSA is creating guidelines for the Act on Prevention of Transfer of Criminal Proceeds (APTCP).
The Australian Securities and Investments Commission (ASIC): The ASIC is signaling it will take a more assertive approach to crypto regulation and testing which crypto assets can be regulated within its existing powers.
Financial Action Task Force (FATF): The FATF is an international body that sets standards for anti-money laundering and counter-terrorism financing (AML/CFT) measures.
Understanding Crypto Compliance
Compliance is a broad term covering three related areas: securities, taxes, and financial crime detection and prevention.
SEC securities regulations and IRS capital gains tax compliance rules apply to individuals and businesses. They affect initial coin offerings (ICOs), crypto miners, merchants who accept cryptocurrency, and individuals who buy or sell goods or services with crypto or invest in cryptocurrency. For a deep dive into SEC and tax compliance, see our ZenLedger guides:
From the standpoint of financial crimes, crypto compliance refers to regulations intended to detect, prevent and prosecute criminal activity such as money laundering, black market activity, tax evasion, and terrorist financing.
The financial crimes compliance category is often broadly referred to as AML or anti-money laundering. AML compliance involves:
- Identity verification
- Transaction monitoring
- Reporting suspicious activity to regulatory authorities
Any business that engages in cryptocurrency transactions is subject to AML regulations, depending on the specific jurisdiction and the nature of the transactions. This includes businesses such as cryptocurrency exchanges, wallet providers, and other virtual asset service providers (VASPs).
KY-Everything for AML Cryptocurrency Compliance
One hallmark of cryptocurrency is the ability to keep transactions anonymous. While anonymity is great news for privacy-rights advocates, it also has obvious appeal to criminals interested in money laundering and other illicit financial activity.
Governments have been fighting international money laundering schemes for decades. Today many are adapting existing regulations to cover cryptocurrency transactions.
Know Your Customer(KYC), Know Your Business (KYB), Know Your Transaction (KYT), and AML are all regulatory requirements and best practices related to the use, storage, and transfer of all currency, now including cryptocurrencies.
AML is one of the major reasons for KY-everything regulations. AML refers to laws, regulations, and best practices to prevent money laundering and other illegal financial activities. For an in-depth look at 2022 AML crypto activity, see Chainalysis’ Crypto Money Laundering 2022 report.
For cryptocurrency businesses, AML compliance typically involves implementing measures such as KYC, KYB, and KYT, to detect and prevent illegal activity. AML is an essential tool for protecting the financial system’s integrity and preventing the use of cryptocurrencies for illicit purposes.
Know your Customer (KYC) and Know Your Business (KYB)
As the US regulatory agency responsible for combating money laundering and terrorist financing, FinCEN has issued guidance applying its regulations to cryptocurrencies.
KYC refers to verifying customers’ identities before allowing them to use a service or platform. Similarly, KYB refers to verifying businesses’ identity as a condition of using a service or platform.
KYB compliance typically involves collecting information about the company, such as its legal structure, ownership, and business activities, and using that information to verify its identity. KYB is vital for preventing money laundering and other illegal activities that criminals may attempt to carry out through businesses.
Compliance requirements in the US vary depending on the type of business and industry involved. KYC and KYB requirements are similar.
- Customer Identification Program (CIP): Under US law, financial institutions and money service businesses must establish and maintain a CIP for collecting and verifying certain customer information, such as name, date of birth, address, and government-issued ID.
- Customer Due Diligence (CDD): US financial institutions and money service businesses must also conduct CDD to monitor customer activity to detect and prevent money laundering and terrorist financing.
- Enhanced Due Diligence (EDD): EDD is used for customers at a higher risk of infiltration, terrorism financing, money laundering, and other information collection is often necessary.
- State Regulations: Cryptocurrency businesses operating in the US may also be subject to state-level regulations related to KYC compliance.
KYT (Know Your Transaction)
KYT is the process of using software tools to analyze and identify suspicious cryptocurrency transactions indicative of money laundering, terrorist financing, or other illegal activities.
KYT compliance activities for cryptocurrency businesses in the US include:
- Risk-based approach: Cryptocurrency businesses must adopt a risk-based approach to AML and CTF compliance, which involves assessing the level of risk associated with different types of customers, transactions, and geographic regions.
- Transaction monitoring: Cryptocurrency businesses must implement effective transaction monitoring programs to detect suspicious activity and prevent money laundering and terrorist financing.
- Suspicious activity reporting: When suspicious activity is detected, cryptocurrency businesses must file a Suspicious Activity Report (SAR) with FinCEN. Law enforcement uses SARs to investigate and prosecute money laundering and terrorist financing.
The Travel Rule for Cryptocurrency Transactions
The travel rule is a standard established by the Financial Action Task Force (FATF). In cryptocurrency, it refers to a regulatory requirement for financial institutions and virtual asset service providers (VASPs) involved in facilitating cryptocurrency transactions.
Under the travel rule, VASPs must collect and transmit information about the sender and receiver of the cryptocurrency, including their names, addresses, and account numbers or wallet addresses.
The purpose of the travel rule is to make it more difficult for criminals to launder money or finance terrorist activities through cryptocurrency transactions.
In the United States, for example, the travel rule applies to virtual currency transactions involving funds greater than $3,000. Failure to comply with the travel rule can result in regulatory sanctions, fines, and reputational damage for VASPs.
Insider Trading – Monitoring Employees
Crypto companies not only need to mitigate non-compliance risk from users, but also from employees, specifically around insider trading.
In July 2022 the SEC and DOJ filed the first crypto insider trading civil and criminal charges against a former manager in the assets and investing products group at Coinbase Global, Inc, his brother and a friend.
The SEC defines insider trading as ‘buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence, while in possession of material, non-public information about the security’.
The SEC specifies that insider trading violations may include the ‘tipping’ of such information, trading by the person ‘tipped’, and trading by those who misappropriate such information.
Crypto companies must take several steps to prevent insider trading, including:
- Implementing clear policies and procedures that prohibit insider trading and that clearly define what constitutes insider information.
- Providing regular training to employees on the dangers of insider trading, how to avoid it, and the consequences of violating company policies.
- Monitoring employee trading activities, especially those who have access to confidential information, to detect any suspicious activity.
- Prohibiting employees from buying or selling company securities or cryptocurrencies during blackout periods, which typically occur before the public release of financial results or other significant company events.
- Maintaining strict controls over access to confidential information and limiting access only to those who need it to perform their job duties.
Crypto companies should consult with experts in securities compliance law for assistance in setting up and maintaining effective policies and procedures to prevent employees from participating in insider trading activities.
Risks of Cryptocurrency AML Non-Compliance
In 2022, regulators levied $30 million in non-compliance fines on cryptocurrency firms. While this is a small fraction of the $6 billion assessed on trading and brokerages and $2 billion in the banking sector, the increasing pace of fines shows governments are putting resources behind compliance enforcement.
Non-compliance with crypto regulations can result in severe consequences for businesses and individuals. Some consequences of non-compliance include:
- Fines: Regulatory bodies such as the SEC, FinCEN, and others can impose fines on individuals and businesses that fail to comply with crypto regulations. The fine amount varies depending on the severity of the violation and the regulator’s discretion.
- Legal action: Non-compliance can result in legal action, including civil or criminal charges, fines, penalties, or even imprisonment.
- Reputational damage: Cryptocurrency drama is potent clickbait for media outlets. Media coverage of negative incidents can cause reputational damage, loss of customers and partners, and damage to brand image.
- Loss of license: Regulatory agencies can revoke the business license of non-compliant companies. This can result in the loss of the ability to operate in the industry and can significantly impact the business’ financial viability.
- Loss of investment: Investors may hesitate to invest in a business with a history of non-compliance or regulatory issues.
While compliance is challenging, the consequences of non-compliance can be fatal to a business. Seeking expert legal help is essential for crypto businesses to mitigate risks from legal issues with regulatory bodies.
One of the early promises of bitcoin was that it could remove the need for complicated financial intermediaries and oversight.
Unfortunately, theoretical use cases don’t account for powerful entrenched interests, global geopolitics, and the darker side of human nature. Integrating innovation into existing systems is always complicated and messy.
One bright spot for cryptocurrency companies is the availability of tech tools to help automate the data collection and reporting that new regulations require.
If you are an individual with crypto assets, ZenLedger can help you aggregate transactions across exchanges, compute your capital gain or loss, and auto-fill the IRS forms you need yearly. You can even use our tax loss harvesting tool to identify ways to save throughout the year.
Cryptocurrency businesses and stakeholders should regularly consult with legal and compliance experts in the countries and states where they operate to ensure they comply with all applicable regulations.
The above is for general info purposes only and should not be interpreted as professional advice. Please seek independent legal, financial, tax, or other advice specific to your particular situation.