On February 18, 2021, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay). This civil settlement resolved apparent violations of multiple sanctions programs related to digital currency transactions, and is the second OFAC enforcement case brought against a business in the blockchain industry. This case follows OFAC’s December 2020 civil enforcement action against another blockchain industry company, BitGo, Inc. (BitGo), for alleged violations of multiple US sanctions programs related to digital currency transactions. See our prior blog post on the BitGo action here.

BitPay, based in Atlanta, Georgia, offers a payment processing solution for merchants to accept digital currency as payment for goods and services. The apparent sanctions violations relate to digital currency transactions on the BitPay platform between individuals located in Cuba, North Korea, Iran, Sudan, Syria, and the Crimea region of Ukraine (annexed by Russia) and merchants in the United States and elsewhere. OFAC acknowledged that BitPay screened its customers, the merchants, against US sanctions lists, but stated that BitPay had reason to know that purchasers dealing with the merchants were located in comprehensively sanctioned jurisdictions because the company had location information, including Internet Protocol (IP) address data, about those persons. This case was not voluntarily disclosed, but OFAC found that the violations were not egregious.

According to OFAC, BitPay allowed persons in comprehensively sanctioned jurisdictions to conduct approximately $129,000 worth of digital currency transactions with BitPay’s merchant customers. As described in OFAC’s enforcement release, between approximately June 10, 2013, and September 16, 2018, BitPay processed 2,102 transactions from individuals with IP addresses located in the sanctioned jurisdictions. The transactions related to BitPay’s payment processing service. BitPay allegedly received digital currency payments on behalf of its merchant customers from those merchants’ buyers, who were located in sanctioned jurisdictions. BitPay then converted the digital currency into fiat, and then relayed that currency to its merchant customers.

BitPay collected certain pieces of information on the buyers including the buyers’ name, address, email address, and, starting in November 2017, the buyer’s IP addresses. However, BitPay’s transaction review process did not appropriately analyze this location and identification information, resulting in persons located in the comprehensively sanctioned jurisdictions making purchases from US merchants.

OFAC has previously cited companies for violations based, at least in part, on a failure to implement IP geo-blocking in a number of non-blockchain contexts, including actions targeting Amazon, Toronto-Dominion Bank, and Standard Chartered Bank, and in the BitGo action noted above.

Pursuant to OFAC’s Enforcement Guidelines, OFAC identified two factors that it determined to be aggravating factors:

  • BitPay failed to exercise “due caution or care for its sanctions compliance obligations” by allowing persons in sanctioned jurisdictions to transact with BitPay’s merchants using digital currency for approximately five years, while BitPay allegedly had sufficient location information to screen those customers; and
  • BitPay conveyed $128,582.61 in economic benefit to individuals located in several sanctioned jurisdictions, thereby damaging the integrity of those sanctions programs.

However, OFAC also found a number of mitigating factors:

  • BitPay implemented certain sanctions compliance controls as early as 2013, including due diligence and sanctions screening efforts on its merchant customers, and formalized its sanctions compliance program in 2014;
  • BitPay provided employee training, including to senior management, that merchant sign-ups from Cuba, Iran, Syria, North Korea, and Crimea, as well as trade with sanctioned individuals and entities, were prohibited;
  • BitPay is a small business and had not received a penalty notice or Finding of Violation from OFAC in the previous five years from the date of the earliest apparent violation;
  • BitPay cooperated with OFAC’s investigation into the apparent violations and terminated the conduct that led to the violations; and
  • BitPay implemented a series of measures intended to minimize the risk of a recurrence of the conduct in question. The controls included blocking IP addresses that appear to originate in comprehensively sanctioned jurisdictions, checking physical and email addresses of merchants’ buyers to prevent completion of an invoice if BitPay identifies a sanctioned jurisdiction address or email domain associated with a sanctioned jurisdiction, and launching BitPay ID, a customer identification tool that is mandatory for merchants’ buyers who wish to pay a BitPay invoice of $3,000 or above.

The company could have faced a statutory maximum civil monetary penalty of $619,689,816, but the penalty was reduced to $507,375 in accordance with OFAC’s Enforcement Guidelines.

The enforcement release highlighted the importance of having an appropriate risk-based compliance program and emphasized that companies providing digital asset services should take steps to mitigate sanctions risks associated with such services. The agency’s Framework for OFAC Compliance Commitments lays out factors it looks for when reviewing such programs. With respect to sanctions screening, OFAC noted that this case “emphasizes the importance of screening all available information, including IP addresses and other location data of customers and counterparties, to mitigate sanctions risks in connection with digital currency services.” Taken together, OFAC’s recent actions against BitGo and BitPay suggest the agency is placing increased focused on the blockchain industry and that companies that have not adopted and implemented a robust OFAC compliance program may be at risk in future enforcement actions.

On January 1, 2021, the United States enacted the National Defense Authorization Act for Fiscal Year 2021 (NDAA) after the US House of Representatives and US Senate voted to override a presidential veto of the law. Included within the NDAA are a significant number of provisions related to anti-money laundering (AML) and countering the financing of terrorism (CFT), including provisions reforming the Bank Secrecy Act (BSA), a collection of statutes underpinning most of the current AML regulatory framework. These amendments, many of which have been under consideration for years, represent the most substantial AML-related reforms enacted since at least the USA PATRIOT Act of 2001. Below, we outline ten of the most significant AML provisions contained in the NDAA. Given the breadth of the reforms, it is particularly important for US “financial institutions” – including money services businesses (MSBs) and other non-traditional financial institutions subject to the BSA – to carefully review the Act to understand how their compliance obligations may have changed or may change in the future as the Act is implemented via regulation.

Continue Reading Ten Key Takeaways from the NDAA’s AML Reforms

On December 30, 2020, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $98,380 settlement with BitGo, Inc. (BitGo). This civil settlement, regarding apparent violations of multiple sanctions programs related to digital currency transactions, is the first published OFAC enforcement action against a business in the blockchain industry.

BitGo, based in Palo Alto, California, is an “institutional digital asset custody, trading, and finance” company. The apparent sanctions violations relate to 183 instances in which BitGo failed to prevent individuals and/or entities located in Crimea, Cuba, Iran, Sudan, and Syria from using its non-custodial secure digital wallet management service. All of these jurisdictions were subject to comprehensive embargoes under OFAC regulations during at least part of the time that the transactions occurred. OFAC stated that BitGo had reason to know that users in these comprehensively sanctioned jurisdictions were using its services through Internet Protocol (IP) address data collected for security purposes, and allegedly had failed to implement controls to prevent users in such jurisdictions from accessing its services. (The violations and settlement did not involve enterprise or custodial services provided by BitGo Trust Company, Inc., an affiliate of BitGo, Inc.)

According to OFAC, between approximately March 10, 2015, and December 11, 2019, BitGo processed 183 digital currency transactions totaling $9,127.79 using its hot wallet management service for users in the comprehensively sanctioned jurisdictions who had signed up for hot wallet accounts.

Continue Reading OFAC Announces First Ever Enforcement Action Targeting a Digital Asset Company

As 2020 finally comes to a close, it is time to consider year-end tax planning. One bright spot this year has been the performance of cryptocurrencies. Bitcoin, in particular, is trading at or near all time highs, considerably above its previous peak at the end of 2017. Other cryptocurrencies, like Ether, have also had considerable returns this year. Taxpayers holding significantly appreciated cryptocurrency may be considering the best way to optimize their charitable giving. Below we describe the tax benefits of making donations of appreciated cryptocurrency, as well as other tax considerations for both donors and charities.

Continue Reading Charitable Contributions of Cryptocurrency: Tax Benefits and Other Considerations for Donors and Charities

On October 23, 2020, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and the Federal Reserve Board published a joint notice of proposed rulemaking inviting comments on proposed modifications to regulations implementing the Bank Secrecy Act (BSA). First, the agencies propose to lower the monetary threshold contained in the so-called “recordkeeping rule” and “travel rule” pursuant to which financial institutions are required to collect and retain information on certain funds transfers and transmittals of funds and provide such information to other financial institutions in the payment chain. Second, the proposed rule would amend the definition of “money,” as used in those rules, to clarify that it includes convertible virtual currency (CVC) and digital assets with legal tender status.

Under the current version of the recordkeeping rule, banks and nonbank financial institutions are required to collect and retain information that relates to funds transfers and transmittals of funds of $3,000 or more. The travel rule then requires banks and nonbank financial institutions to send collected information on funds transfers and transmittals of funds to other banks or nonbank financial institutions participating in the transfer or transmittal. The purpose of retaining an information trail in this manner is to help prevent money laundering and other financial crimes.

Continue Reading FinCEN Invites Comments on Proposed Amendments to Funds Recordkeeping and Transfer Rules

The OECD released a report titled Taxing Virtual Currencies: An Overview of Tax Treatments and Emerging Tax Policy Issues on October 12. The report, which was prepared and endorsed by the 137 members of the OECD’s Inclusive Framework on Base Erosion and Profits Shifting, provides a comprehensive analysis of the approaches and policy gaps across the main types of taxes (i.e., income, consumption, and property taxes).

The report addresses the following areas, across more than 50 jurisdictions (based on responses to questionnaires supplemented with publicly available materials):

  • The characterization and legality of virtual currencies;
  • The income tax consequences across the different stages of a virtual currency’s lifecycle, from creation to disposal;
  • The consumption and property tax treatment of virtual currencies;
  • Common tax policy challenges and emerging issues; and
  • Considerations for policymakers.

Continue Reading OECD Releases Report on Tax Policy Approaches and Gaps in the Taxation of Virtual Currencies

On September 16, 2020, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published an advanced notice of proposed rulemaking (ANPRM) seeking comments on regulatory changes to enhance the effectiveness of anti-money laundering compliance programs of regulated financial institutions. As described in FinCEN’s press release, the ANPRM presents an opportunity for financial institutions to provide comments on “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (BSA).” While FinCEN has published a number of rules in recent years through formal notice and comment procedures, the rules have been fairly targeted to issues such as customer due diligence. FinCEN has also issued a number of guidance documents, including guidance applying FinCEN’s rules to certain entities in the blockchain industry, but did not accept public comments from industry at the time. Therefore, the publication of the ANPRM presents a relatively rare opportunity for regulated entities to be heard on a range of AML programmatic and compliance issues.

Continue Reading FinCEN Seeks Comments on Effectiveness of AML Programs, Presenting Rare Opportunity for FinTech and Blockchain Companies

As regulators from across the US government continue to grapple with the rapid expansion of financial technology (FinTech) and digital assets, the Office of the Comptroller of the Currency (OCC) has adopted a welcoming position toward such technology and taken three recent steps with the potential to significantly benefit industry. First, the OCC is planning to propose a new national bank charter for payments companies, including those dealing with digital assets, that may allow such companies to obtain a single national license rather than licenses in each state in which they operate. Second, on July 22, 2020, the OCC issued an interpretive letter clarifying that national banks and federal savings associations may provide cryptocurrency custody solutions on behalf of their customers. Third, on June 4, 2020, the OCC issued an advanced notice of proposed rulemaking (ANPR) seeking comments on the digital activities of national banks and federal savings associations. All three developments have the potential for significant, positive impact on industry.

Continue Reading OCC Leans Forward on FinTech and Digital Assets

On June 24, the five-year anniversary of New York’s virtual currency licensing regime known as the BitLicense, the New York Department Financial Services (DFS) published new guidance and FAQs related to approval for use of specific currencies and the licensing process, as well as a proposed conditional licensing framework. The measures offer important insight for companies holding or considering applying for a BitLicense and represent the most significant changes and proposed changes since the regulation’s initial issuance in 2015.

Guidance for Adoption or Listing of Virtual Currencies

Under the BitLicense regime, licensees and approved charter holders under the New York Banking Law (collectively, “VC Entities”) are required include virtual currencies (“coins”) they plan to “list” in their initial application to DFS. Historically, in order to list new assets VC Entities were required to go back to DFS to seek approval. Given the proliferation in coins available over the past five years this became a cumbersome and time-consuming system. In order to remedy this issue, in December of 2019, DFS issued proposed guidance to allow licensees to “offer and use new coins in a timely and prudent manner.” After receiving public comments, DFS has now published final guidance creating “two separate frameworks designed to enhance speed and efficiency in a VC Entity’s adoption or listing of coins.” These two frameworks include (1) “a general framework for a VC Entity’s creation of a firm-specific policy for the adoption or listing of a new coin, without DFS’s prior approval, through the process of self-certification” and (2) “a general framework for the process of Greenlisting coins for wider usage.”

Continue Reading New York Publishes New Guidance and Proposed Changes to BitLicense on Five-Year Anniversary

In a series of remarks over the past year, SEC Commissioner Hester Peirce laid the groundwork for a potential SEC safe harbor for developmental token offerings, which could provide a registration exemption for three years to give token networks a sufficient incubation period to achieve “maturity.”

The theory behind the proposed safe harbor is that the current regulatory framework functions as a barrier to launching token networks because offerors fear they may be treated as securities before they have time to mature into decentralized networks. The safe harbor would exempt certain tokens, subject to various conditions, with the aim of creating a regulatory environment that promotes fairness and predictability, while encouraging new offerings and the concomitant competition and innovation that could flow therefrom.

Continue Reading Proposed SEC Safe Harbor Could Provide New Tokens With an Enforcement Grace Period Before Hitting Open Water