,
90 tweets,
27 min read
Read on Twitter
@el33th4xor caught this. i'm going to break it down in a long, probably painful THREAD.
FinCEN issues, then maybe retracts, 30 pages of guidance that is stated to be a reiteration & consolidation of prior guidance "rules and interpretations to other common business models involving CVC (convertible virtual currency) engaging in the same ...activity" 
6 sections: 1. key concepts within the context of the guidance.
2 consolidates & explains current FinCEN regulations, previous
administrative rulings, & guidance involving the regulation of money transmission under the BSA. 3. summarizes FinCEN’s 2013 guidance
2 consolidates & explains current FinCEN regulations, previous
administrative rulings, & guidance involving the regulation of money transmission under the BSA. 3. summarizes FinCEN’s 2013 guidance
4 & 5 describe FinCEN’s existing regulatory approach to current and
emerging business models using patterns of activity involving CVC.
6 -a list of resources to which interested parties may refer
for further explanation about the content of the guidance
emerging business models using patterns of activity involving CVC.
6 -a list of resources to which interested parties may refer
for further explanation about the content of the guidance
No magic checklists here either, for those asking for rules-based certainty- FinCEN, like the SEC, look at "facts and circumstances." Labels given to conduct are not determinative of its status under the rules/guidance. Regulatory interps don't always port over to similar models.
a venture that does many things may qualify for many exceptions /many obligations- software that does some things may be exempt while business conduct by that same software purveyor may be regulated. Perhaps a shot at those who say money transmission activity is "just software?"
I like this nomenclature "value that substitutes for currency" a lot. Clearer than "medium of exchange" or "Funds." Very broad. Seems to dispense with lots of semantic/classification arguments about the thing transmitted -looks like it was written with utility #icos in mind.
Take everyone's favorite classification straddler #ETH. Sure, you can spend gas to run a smart contract, but most of its actual use is to transact the value of the instrument- buy a #cryptokitty , or trade for another asset. This language seems an attempt to eliminate doubt.
"In either case, the persons involved in the creation & subsequent distribution of the value (either for the original purpose or for another purpose) may be subject to additional regulatory frameworks ..." That's a not subtle reference to ICO issuers who by now know about the SEC
If your conduct that would be reg'd here by FinCEN is otherwise regulated by a bunch of other entities, you need to comply with those other regulator's obligations. What about the 2017 vintage ICO that didn't care about securities compliance?
Here's the meat: if you're transmitting and not exempt, you need to comply, irrespective of the technology you're using. (more tech agnosticism from our regulators- this is REALLY GOOD!)
regulators should not make rules or laws around tech! principles based regulation that allows for innovators to innovate are much better than letting policy and legal specialists decide technical issues. I wish more legislators and their aides thought this way.
Note the balky footnote language ("document instrumenting")- perhaps this is being fixed.
Just b/c you're reg'd by someone else (CFTC/SEC) doesn't mean you're out of the woods: if the broker /dealer transfers funds btwn customer & a third party
that is not part of the currency /commodity transaction, such transmission of
funds is no longer exempted- it's MT
that is not part of the currency /commodity transaction, such transmission of
funds is no longer exempted- it's MT
same if it's digital cert's for a commodity (again, do we see the reverberation in utility/ICOs anyone?)
here's a big Quote, especially for the utility crowd:
tldr: it looks like if you, your agent, your mechanism, or your software is using your security/commodity/future as a substitute for value, you're in FinCEN's MSB regulatory jurisdiction.
when assessing if a given instrument is a CVC, ignore labels, look at the function. Super duper broad.
moving on to S2. BSA applies to "all entities cognizable as
legal personalities," including unincorporated group[s] (i.e. DAOs) which is really broad, but doesn't yet apply to software. But...there are people behind software, and maybe "unincorporated group" is made for dex/dao.
legal personalities," including unincorporated group[s] (i.e. DAOs) which is really broad, but doesn't yet apply to software. But...there are people behind software, and maybe "unincorporated group" is made for dex/dao.
look at activities not status, doesn't matter if you are: a natural person /legal entity; licensed as a business; have employees /other natural persons acting as agents; operates at a brick-&-mortar, or through mechanical /software
agents ; or (e) is a for profit /nonprofit.
agents ; or (e) is a for profit /nonprofit.
A person qualifies as a money transmitter if that person’s
activities include receiving one form of value from one person and transmitting either the same or a different form of value to another person or location, by any means... "in either order." This should concern #Lightning
activities include receiving one form of value from one person and transmitting either the same or a different form of value to another person or location, by any means... "in either order." This should concern #Lightning
doesn't matter if it's per transaction (short term hold of assets for transmittor) or on account;
conditional transfer only on certain conditions also doesn't exempt (Again, maybe a problem for #lightning and for algobots too?)
you're not a regulated MT if you do these things, and these things are strictly construed (meaning, you're not going to wow the regulator by saying what you do is kinda like armored cars... but with blockchain... unless that's maybe all you do?)
MSBs need to do a lot of things: "operate under a culture of compliance supported by senior leadership, [which] will dictate the basic norms of behavior, knowledge, and transparency under which the management team, employees, and service providers will be held accountable."
develop, implement, & maintain a written anti-money laundering program (“AML program”) that is designed to prevent the MSB from being used to facilitate money laundering & terrorist financing. Must: (a) incorporate policies, procedures & internal controls
designed to assure ongoing compliance (including verifying customer identification, filing reports, creating and retaining records, and responding to law enforcement requests); (b) designate an individual responsible to assure day-to-day compliance with the program and BSA
reqs; (c) provide training for appropriate personnel, including training in the detection of suspicious transactions; and, (d) provide for independent review to monitor & maintain an adequate program. AML program must be approved by the owner/rep of the financial institution
i.e. Board of Directors. Must be reasonably designed to meet the
requirements of the BSA, & structured to be risk-based.
MSBs should assess their individual exposure based on customer base, geographies served, & the financial products and services offered.
requirements of the BSA, & structured to be risk-based.
MSBs should assess their individual exposure based on customer base, geographies served, & the financial products and services offered.
TLDR: policies that are written, approved by leadership/management, developed in light of the facts/customers/business activities of the enterprise, reasonable in light of risk, with a workforce that is trained, and enforcing the policy, subject to audit.
consistent with prior guidance: must conduct a risk assessment, know its customers, register w/in 180 days, comply with recordkeeping/reporting (SAR, CTR etc), comply with Funds Transfer Rule, Funds Travel Rule.
How many crypto transactions through intermediaries comply with the Funds Travel Rule?
CVC transactions need to comply with the reporting required by the Travel Rule. (here's a quick ref: sec.gov/about/offices/…)
compliance with the Travel Rule may occur on the same system as the transfer or on another system as long as it happens before or at the time of transmittal of value.
Obligations to comply & register apply to domestic & foreign entities doing biz in whole /in substantial part within the US,even if the foreign-located entity has no physical presence in the US. If you're not in the US, serving US people, & not registered/compliant, look out.
moves on to recounting the 2013 Guidance. Still wish they'd define "as a business..." as its not clear (to me) what threshold or type of activities make a user become an exchanger...
"another location" includes real currency from person to CVC in that person's account.
To the New Stuff!: P2P exchangers need to register and comply. They "generally advertise & market their services through classified advertisements, specifically designed platform websites, online forums, other social media, and word of mouth." Advertising looks critical here
Doesn't matter if transaction occurs online or in person. P2P needs to register & comply. "However, a natural person engaging in such activity on an infrequent basis and not for profit or gain would be exempt from the scope of money transmission." Fine hair to split-"infrequent"
also, "not for profit or gain" may suggest miners/traders who need to convert CVC into fiat to pay bills may not, for that conduct alone, be obligated to register & comply. Otherwise- are we talking about really bad traders? Nebulous...
(d) whether the person acting as intermediary has total independent control over the value. Breaks down analysis by hosted/unhosted, multisig. Let's dive in:
Hosted/Unhosted: here's your typical custodial wallet or exchange abused for wallet purposes. I like how the definition indicates that the hosting platform has total control, but the user has contract rights to direct the assets. They're paying attention to exchanges here!
Hosts of these sorts of wallets must comply with FinCEN, and their compliance obligation varies based on who is the customer- if its the host, must comply with internal policies. Again, a lot of discussion of the Travel Rule...
Users of unhosted, single sig wallets used "to purchase
goods or services on the user’s own behalf" arent MTs. How does this harmonize w/the P2P guidance? Is "purchase good sand services on user's own behalf" to be read w/ "an infrequent basis and not for profit or gain"?
goods or services on the user’s own behalf" arent MTs. How does this harmonize w/the P2P guidance? Is "purchase good sand services on user's own behalf" to be read w/ "an infrequent basis and not for profit or gain"?
Some multi-sig operators that config wallets so the operator holds a key may need to register: "if the person combines the services of a multiple-signature wallet provider and a hosted wallet provider, that person will then qualify as a money transmitter."
"if the value is represented as an entry in the accounts of the provider, the owner
does not interact with the payment system directly, or the provider maintains
total independent control of the value, the provider will also qualify as a MT, regardless of the label"
does not interact with the payment system directly, or the provider maintains
total independent control of the value, the provider will also qualify as a MT, regardless of the label"
I hope folks at @Bitgo and other custodial multi-sig providers are reading....
Using a #Dapp to do this stuff? Doesn't matter. They are "mechanical agencies" of those who deploy them -"when DApps perform money transmission, the definition of money transmitter will apply to the DApp, the owners/operators of the DApp, or both." Registration time!
"a money transmitter cannot avoid its regulatory obligations because it chooses to provide money transmission services using anonymity-enhanced CVC." Calling @Monero @zcashco @wasabiwallet and a host of others - pay attention here.
"Providers of anonymizing services, (via “mixers” or “tumblers,”) are either persons that accept CVCs & retransmit them in a manner designed to prevent others from tracing the transmission back to its source (anonymizing services provider), or suppliers of software
a transmittor would use for the same purpose (anonymizing software provider). Anonymizing SvcP's are MTs and must register: "a person...who
provides anonymizing services by accepting value from a customer and transmitting the same or another type of value to the recipient,
provides anonymizing services by accepting value from a customer and transmitting the same or another type of value to the recipient,
in a way designed to mask the identity of the transmittor, is a money transmitter under FinCEN regulations. Can they comply with the Travel Rule? Can they comply with KYC? Vexing.
Anonymizing SoftP's are not MT's- providers of tools alone are engaged in trade and not transmitting; users of software are either users or exchangers. And, bingo- users of anonymizing software are prob not complying with the Travel Rule.
A person that uses anonymity-enhanced CVCs to pay for goods/services
on his own behalf would not be a MT. However, if the person uses the CVC to accept &transmit value from one person to another person or location, the person will fall under the definition of MT, if not exempted.
on his own behalf would not be a MT. However, if the person uses the CVC to accept &transmit value from one person to another person or location, the person will fall under the definition of MT, if not exempted.
A person that develops a decentralized CVC payment system will become a
MT if that person also engages as a business in the acceptance
& transmission of value denominated in the CVC it developed (even if the
CVC value was mined at an earlier date).
MT if that person also engages as a business in the acceptance
& transmission of value denominated in the CVC it developed (even if the
CVC value was mined at an earlier date).
The person would not be a money transmitter if that person uses the CVC it mined to pay for goods and services on his or her own behalf.
The person would not be a money transmitter if that person uses the CVC it mined to pay for goods and services on his or her own behalf.
MTs who accept & transmit anonymity enabled CVC have to get the identity information sufficient to comply with the Travel Rule.
Payment Processors that use anonymity enabled CVC /intergrate with merchant POS generally are MT & are not subject to payment processor exemption b/c they generally do not operate through clearance and settlement systems that admit only BSAregulated financial institutions.
Internet casinos that accept CVC regulated; included in the definition are "entities known as predictive markets, information markets, decision markets, idea futures, and event derivatives." Thoughts, @AugurProject ?
Any person engaged in the business of gambling that is not covered by the regulatory def. of casino, gambling casino, or card club, but accepts &transmits value denominated in CVC, may still be regulated under the BSA as a MT. FN- Gotta comply with one of FinCEN or Casino regs.
Decentralized Exchanges! may be exempt as MTs if they "only provide[] the delivery, communication, or network access services
used by a money transmitter to support money transmission services."
used by a money transmitter to support money transmission services."
if a CVC trading platform only provides a forum where buyers
/sellers of CVC post their bids /offers (with /without automatic matching of
counterparties), & the parties themselves settle any matched transactions through an outside venue
/sellers of CVC post their bids /offers (with /without automatic matching of
counterparties), & the parties themselves settle any matched transactions through an outside venue
(either through individual wallets or other wallets not hosted by
the trading platform), the trading platform does not qualify as a MT under FinCEN regulations. By contrast, if, the trading platform purchases the CVC from the seller & sells it to the buyer,
the trading platform), the trading platform does not qualify as a MT under FinCEN regulations. By contrast, if, the trading platform purchases the CVC from the seller & sells it to the buyer,
then the trading platform is acting as a CVC exchanger, & falls within the definition of money transmitter and its accompanying BSA obligations.
looks like a lot of needle holes to thread here, but DEX's & bulletin boards of the appropriate configuration may avoid MT registration & compliance.
But wait...there's more! #ICOs! (defined as securities sales of 2 types- small F&F or broader sale to finance a future project that may itself spawn a new CVC). Note: does not discuss 2015-2018 vintage pre-Dao ICOs.
For the first type, small sale to preferred investors, seller is an administrator & MT. Doesn't matter that "the payment system may migrate from one operational status to another at any point in its lifetime (for example, changing to a decentralized, protocol-driven system...)"
2nd type = Sale of equity/debt instrument to early backers, or hedges a previous investment in CVC through a derivative, such as a futures contract- (looks like a ref to a SAFT) usually incl. the creation of DApps, /new CVCs & the applications or platforms on which CVCs will run)
or new hedging instruments. Usually via distributed ledger platforms, in which investors receive a digital token as proof of investment. Depending on factors, when the project is concluded the investor may: (a) receive
new CVC in exchange for the token;
new CVC in exchange for the token;
(b) exchange the token for a DApp coin, which is a digital token that unlocks the use of DApps that provide various services; (c) use the original token itself as a new CVC or DApp coin; or (d) receive some other type of return on the original equity investment or debt instrument
Generally issuers of securities/commodities qualify for MT exemptions if the issuer is a domestic/foreign bank or a person registered with, &functionally regulated or examined by the SEC or CFTC, or a foreign financial agency that engages in financial activities like the SEC/CFTC
A person involved in ICO fundraising activity as issuer, intermediary, or investor that is a bank, foreign bank, or a person registered with, and functionally regulated or examined by the SEC or CFTC will not be an MSB
under FinCEN regulations.
under FinCEN regulations.
Their AML obligations will flow from FinCEN regulations governing those types of financial institutions. Also may qualify for exemption when acceptance &transmission of value is only integral to the sale of
goods or services different from money transmission.
goods or services different from money transmission.
If the person involved in the fundraising activity as an issuer, intermediary,/ investor is not a bank or a person registered with, & functionally regulated or examined by the SEC or CFTC, then any MT re: to the fundraising activity generally
will fall under the integral exemption, unless the asset is issued to serve as value that substitutes for currency. Seems like the exemption doesn't apply if you're selling a value substitute as a security or commodity. Will have to think this through....
Resale of digital tokens: The re-sale of the token or derivative does not create any BSA obligations for the initial investor. However, if a person is required to register as a bd or futures commission merchant, those rules will apply. This seems to ref to much of the improper
syndication and underwriting that went on in the 2015-2018 ICO era where a lot of non bd's were underwriting and syndicating ICOs....
For the much beleaguered #Dapp Devs: development ("the mere
act of creating the application") is not MT, but using a Dapp that does MT is MT.
act of creating the application") is not MT, but using a Dapp that does MT is MT.
Pre-mines! Treasury tokens! Yep. we got that too: if the premine is used "solely to purchase goods or services" on issuers own behalf, not an MSB. But
if a person mines CVC &uses it to engage in money transmission, such person
will be subject to all registration, reporting,etc
if a person mines CVC &uses it to engage in money transmission, such person
will be subject to all registration, reporting,etc
Do these goods or services include paying devs to build systems? What about treasury management? hmmm
Last ¬ least: Mining pools. When the leader of a centralized pool, cloud miner, or the unincorporated organization or software agency acting on behalf of its owner/administrator transfer CVC to the pool members or contract purchasers to distribute the amount earned, - not MT!
These transfers fall under the integral exemption (integral to the provision of services (the authentication of blocks of transactions through the combined efforts of a group of providers, or through the equipment of the cloud miner). But... if the leader,
cloud miner/software agency combine their managing & renting services w/hosting CVC wallets on behalf of the pool members /contract purchasers, the leader et al or the owneradministrator will fall under FinCEN’s definition of MT for engaging in account-based money transmission.
I'm done here. Thanks for reading! If you have any questions, feel free to DM, or contact a qualified lawyer to help you figure it out. This regulatory stuff is challenging, but (a) the regulators are listening and (b) qualified lawyers can help you sort it out.
@threadreaderapp unroll
