On October 15, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anticipated Sanctions Compliance Guidance for the Virtual Currency Industry and updated two related Frequently Asked Questions (FAQs 559 and 646). OFAC has published industry-specific guidance for only a handful of other industries in the past two decades; the new guidance demonstrates the agency’s increasing focus on the virtual currency (VC) sector. It also clarifies US sanctions compliance practices in ways that could lay a foundation for future OFAC enforcement actions.

OFAC’s guidance was announced as part of broader US government enforcement priorities to combat ransomware, money laundering, and other financial crimes in the virtual currency sector, as noted in the Department of Justice’s recent announcement of a National Cryptocurrency Enforcement Team. The OFAC guidance was published in tandem with a Financial Crimes Enforcement Network (FinCEN) analysis of ransomware trends in suspicious activity reporting, but the guidance is directed at the VC industry in general and is not specific to ransomware. A ransomware actor who demands VC may or may not be a target of OFAC sanctions, and sanctioned actors may engage in a wide variety of VC transactions that do not involve ransomware. The recommended compliance practices in OFAC’s new guidance are focused on the full range of sanctions risks that arise from virtual currencies.

The guidance maintains OFAC’s longstanding recommendation for risk-based compliance programs, and builds on the May 2019 Framework for OFAC Compliance Commitments. The guidance also provides notable examples of compliance controls that are tailored to the unique risk and control environments of the VC sector.

Continue Reading OFAC Issues Compliance Guidance for the Virtual Currency Industry

On May 20, 2021, the U.S. Department of the Treasury (“Treasury”) released the American Families Plan Tax Compliance Agenda, a report detailing the Biden administration’s proposed measures to raise $700 billion in additional tax revenue over the next decade through the Internal Revenue Service (“IRS”) and its enforcement-related efforts (the “Report”).  Additional detail about these proposals will likely be available in Treasury’s “General Explanations of the Administration’s Fiscal Year 2022 Revenue Proposals,” the so-called Greenbook, which is expected to be released on May 28.

The Report finds that one of the best ways to increase the overall tax compliance rate is by increasing third-party reporting requirements.  The Report notes that, when income is subject to both third-party information reporting and withholding (such as wages), compliance is around 99%; when the income is subject to substantial information reporting but no withholding, compliance is around 95%; when the income is subject to limited information reporting, compliance is around 83%; but when income is not subject to information reporting (such as proprietorship or rental income), compliance drops to around 45%.[1]

The proposed new reporting regime would require two new filings related to cryptocurrency transactions.  In fact, the Report specifically states that the growth of virtual currency is a significant concern as it “already poses a significant detection problem by facilitating illegal activity broadly including tax evasion.”[2]

The first proposed new filing would build on the existing framework of IRS Form 1099-INT, which requires financial institutions to report interest income paid to U.S. persons in amounts of $10 or more, by expanding the reported data to include “gross inflows and outflows on all business and personal accounts from financial institutions, including bank, loan, and investment accounts . . . .”[3]  The Report further clarifies for purposes of this reporting regime, the term “account” includes those at “cryptoasset exchanges and custodians.”[4]

It is not clear how much this proposed new information reporting requirement will add.  The IRS is already working on regulations to implement an information reporting regime for cryptocurrency exchanges (and potentially other intermediaries) under its already-existing statutory authority to require information reporting by brokers.[5]  The financial account reporting in some ways seems narrower (in terms of the information that must be reported) than broker reporting, and in some ways (in terms of which intermediaries it applies to) potentially broader.

The second proposed new filing would expand the reporting of cash transactions[6] to include cryptocurrency transactions.  As such, businesses that accept cryptocurrencies would be required to report transactions that involve cryptoassets with a fair market value of more than $10,000.  Such a requirement might deter the use of cryptocurrency to make larger consumer purchases.  For example, if consumers use cryptocurrency to make large purchases (e.g., Overstock, Expedia, Christie’s), the transaction would be reported, but if they use a credit card, it wouldn’t.

If you have any questions about these proposals, please contact a member of Steptoe’s Blockchain & Cryptocurrency Group.

[1] The American Families Plan Tax Compliance Agenda, U.S. Dep’t of Treas., at 5 (May 2021), https://home.treasury.gov/system/files/136/The-American-Families-Plan-Tax-Compliance-Agenda.pdf (last visited May 21, 2021).

[2] Id. at 20-21.

[3] Id. at 19.

[4] Id.

[5] See I.R.C. § 6045.

[6] See IRS Form 8300, Report of Cash Payments Over $10,000 Received in a Trade or Business, available at: https://www.irs.gov/pub/irs-pdf/f8300.pdf.

On March 19, 2021, the Financial Action Task Force (FATF), the global anti-money laundering standards-setting body, released draft guidance to clarify and supplement its 2019 guidance on a Risk-Based-Approach (RBA) to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). While FATF’s guidance is not technically binding on member countries, it is broadly followed by such jurisdictions, in part to avoid inclusion on FATF’s lists of jurisdictions with deficiencies in their anti-money laundering (AML) and countering the financing of terrorism (CFT) regimes. For example, FATF’s recommendation that the so-called “travel rule” be applied to VASPs is being widely implemented by jurisdictions around the globe, although the pace of such implementation varies considerably. Therefore, the draft guidance, which incorporates a number of substantial changes and additions, may have a significant impact on industry going forward.

As described in a FATF press release, there are six main areas of focus for the draft guidance:

  1. “clarify the definitions of VA and VASP to make clear that these definitions are expansive and there should not be a case where a relevant financial asset is not covered by the FATF Standards (either as a VA or as a traditional financial asset);
  2. provide guidance on how the FATF Standards apply to so-called stablecoins;
  3. provide additional guidance on the risks and potential risk mitigants for peer-to-peer transactions;
  4. provide updated guidance on the licensing and registration of VASPs;
  5. provide additional guidance for the public and private sectors on the implementation of the ‘travel rule;’ and
  6. include Principles of Information-Sharing and Co-operation Amongst VASP Supervisors.”

Of particular note are the implications for decentralized exchanges (DEXs) and decentralized applications (DApps), peer-to-peer (P2P) transactions, and implementation of the travel rule.

Continue Reading FATF Releases Draft Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers

On February 18, 2021, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay). This civil settlement resolved apparent violations of multiple sanctions programs related to digital currency transactions, and is the second OFAC enforcement case brought against a business in the blockchain industry. This case follows OFAC’s December 2020 civil enforcement action against another blockchain industry company, BitGo, Inc. (BitGo), for alleged violations of multiple US sanctions programs related to digital currency transactions. See our prior blog post on the BitGo action here.

BitPay, based in Atlanta, Georgia, offers a payment processing solution for merchants to accept digital currency as payment for goods and services. The apparent sanctions violations relate to digital currency transactions on the BitPay platform between individuals located in Cuba, North Korea, Iran, Sudan, Syria, and the Crimea region of Ukraine (annexed by Russia) and merchants in the United States and elsewhere. OFAC acknowledged that BitPay screened its customers, the merchants, against US sanctions lists, but stated that BitPay had reason to know that purchasers dealing with the merchants were located in comprehensively sanctioned jurisdictions because the company had location information, including Internet Protocol (IP) address data, about those persons. This case was not voluntarily disclosed, but OFAC found that the violations were not egregious.

According to OFAC, BitPay allowed persons in comprehensively sanctioned jurisdictions to conduct approximately $129,000 worth of digital currency transactions with BitPay’s merchant customers. As described in OFAC’s enforcement release, between approximately June 10, 2013, and September 16, 2018, BitPay processed 2,102 transactions from individuals with IP addresses located in the sanctioned jurisdictions. The transactions related to BitPay’s payment processing service. BitPay allegedly received digital currency payments on behalf of its merchant customers from those merchants’ buyers, who were located in sanctioned jurisdictions. BitPay then converted the digital currency into fiat, and then relayed that currency to its merchant customers.

BitPay collected certain pieces of information on the buyers including the buyers’ name, address, email address, and, starting in November 2017, the buyer’s IP addresses. However, BitPay’s transaction review process did not appropriately analyze this location and identification information, resulting in persons located in the comprehensively sanctioned jurisdictions making purchases from US merchants.

OFAC has previously cited companies for violations based, at least in part, on a failure to implement IP geo-blocking in a number of non-blockchain contexts, including actions targeting Amazon, Toronto-Dominion Bank, and Standard Chartered Bank, and in the BitGo action noted above.

Pursuant to OFAC’s Enforcement Guidelines, OFAC identified two factors that it determined to be aggravating factors:

  • BitPay failed to exercise “due caution or care for its sanctions compliance obligations” by allowing persons in sanctioned jurisdictions to transact with BitPay’s merchants using digital currency for approximately five years, while BitPay allegedly had sufficient location information to screen those customers; and
  • BitPay conveyed $128,582.61 in economic benefit to individuals located in several sanctioned jurisdictions, thereby damaging the integrity of those sanctions programs.

However, OFAC also found a number of mitigating factors:

  • BitPay implemented certain sanctions compliance controls as early as 2013, including due diligence and sanctions screening efforts on its merchant customers, and formalized its sanctions compliance program in 2014;
  • BitPay provided employee training, including to senior management, that merchant sign-ups from Cuba, Iran, Syria, North Korea, and Crimea, as well as trade with sanctioned individuals and entities, were prohibited;
  • BitPay is a small business and had not received a penalty notice or Finding of Violation from OFAC in the previous five years from the date of the earliest apparent violation;
  • BitPay cooperated with OFAC’s investigation into the apparent violations and terminated the conduct that led to the violations; and
  • BitPay implemented a series of measures intended to minimize the risk of a recurrence of the conduct in question. The controls included blocking IP addresses that appear to originate in comprehensively sanctioned jurisdictions, checking physical and email addresses of merchants’ buyers to prevent completion of an invoice if BitPay identifies a sanctioned jurisdiction address or email domain associated with a sanctioned jurisdiction, and launching BitPay ID, a customer identification tool that is mandatory for merchants’ buyers who wish to pay a BitPay invoice of $3,000 or above.

The company could have faced a statutory maximum civil monetary penalty of $619,689,816, but the penalty was reduced to $507,375 in accordance with OFAC’s Enforcement Guidelines.

The enforcement release highlighted the importance of having an appropriate risk-based compliance program and emphasized that companies providing digital asset services should take steps to mitigate sanctions risks associated with such services. The agency’s Framework for OFAC Compliance Commitments lays out factors it looks for when reviewing such programs. With respect to sanctions screening, OFAC noted that this case “emphasizes the importance of screening all available information, including IP addresses and other location data of customers and counterparties, to mitigate sanctions risks in connection with digital currency services.” Taken together, OFAC’s recent actions against BitGo and BitPay suggest the agency is placing increased focused on the blockchain industry and that companies that have not adopted and implemented a robust OFAC compliance program may be at risk in future enforcement actions.

On January 1, 2021, the United States enacted the National Defense Authorization Act for Fiscal Year 2021 (NDAA) after the US House of Representatives and US Senate voted to override a presidential veto of the law. Included within the NDAA are a significant number of provisions related to anti-money laundering (AML) and countering the financing of terrorism (CFT), including provisions reforming the Bank Secrecy Act (BSA), a collection of statutes underpinning most of the current AML regulatory framework. These amendments, many of which have been under consideration for years, represent the most substantial AML-related reforms enacted since at least the USA PATRIOT Act of 2001. Below, we outline ten of the most significant AML provisions contained in the NDAA. Given the breadth of the reforms, it is particularly important for US “financial institutions” – including money services businesses (MSBs) and other non-traditional financial institutions subject to the BSA – to carefully review the Act to understand how their compliance obligations may have changed or may change in the future as the Act is implemented via regulation.

Continue Reading Ten Key Takeaways from the NDAA’s AML Reforms

On December 30, 2020, the US Department of the Treasury’s Office of Foreign Assets control (OFAC) announced a $98,380 settlement with BitGo, Inc. (BitGo). This civil settlement, regarding apparent violations of multiple sanctions programs related to digital currency transactions, is the first published OFAC enforcement action against a business in the blockchain industry.

BitGo, based in Palo Alto, California, is an “institutional digital asset custody, trading, and finance” company. The apparent sanctions violations relate to 183 instances in which BitGo failed to prevent individuals and/or entities located in Crimea, Cuba, Iran, Sudan, and Syria from using its non-custodial secure digital wallet management service. All of these jurisdictions were subject to comprehensive embargoes under OFAC regulations during at least part of the time that the transactions occurred. OFAC stated that BitGo had reason to know that users in these comprehensively sanctioned jurisdictions were using its services through Internet Protocol (IP) address data collected for security purposes, and allegedly had failed to implement controls to prevent users in such jurisdictions from accessing its services. (The violations and settlement did not involve enterprise or custodial services provided by BitGo Trust Company, Inc., an affiliate of BitGo, Inc.)

According to OFAC, between approximately March 10, 2015, and December 11, 2019, BitGo processed 183 digital currency transactions totaling $9,127.79 using its hot wallet management service for users in the comprehensively sanctioned jurisdictions who had signed up for hot wallet accounts.

Continue Reading OFAC Announces First Ever Enforcement Action Targeting a Digital Asset Company

As 2020 finally comes to a close, it is time to consider year-end tax planning. One bright spot this year has been the performance of cryptocurrencies. Bitcoin, in particular, is trading at or near all time highs, considerably above its previous peak at the end of 2017. Other cryptocurrencies, like Ether, have also had considerable returns this year. Taxpayers holding significantly appreciated cryptocurrency may be considering the best way to optimize their charitable giving. Below we describe the tax benefits of making donations of appreciated cryptocurrency, as well as other tax considerations for both donors and charities.

Continue Reading Charitable Contributions of Cryptocurrency: Tax Benefits and Other Considerations for Donors and Charities

On October 23, 2020, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and the Federal Reserve Board published a joint notice of proposed rulemaking inviting comments on proposed modifications to regulations implementing the Bank Secrecy Act (BSA). First, the agencies propose to lower the monetary threshold contained in the so-called “recordkeeping rule” and “travel rule” pursuant to which financial institutions are required to collect and retain information on certain funds transfers and transmittals of funds and provide such information to other financial institutions in the payment chain. Second, the proposed rule would amend the definition of “money,” as used in those rules, to clarify that it includes convertible virtual currency (CVC) and digital assets with legal tender status.

Under the current version of the recordkeeping rule, banks and nonbank financial institutions are required to collect and retain information that relates to funds transfers and transmittals of funds of $3,000 or more. The travel rule then requires banks and nonbank financial institutions to send collected information on funds transfers and transmittals of funds to other banks or nonbank financial institutions participating in the transfer or transmittal. The purpose of retaining an information trail in this manner is to help prevent money laundering and other financial crimes.

Continue Reading FinCEN Invites Comments on Proposed Amendments to Funds Recordkeeping and Transfer Rules

The OECD released a report titled Taxing Virtual Currencies: An Overview of Tax Treatments and Emerging Tax Policy Issues on October 12. The report, which was prepared and endorsed by the 137 members of the OECD’s Inclusive Framework on Base Erosion and Profits Shifting, provides a comprehensive analysis of the approaches and policy gaps across the main types of taxes (i.e., income, consumption, and property taxes).

The report addresses the following areas, across more than 50 jurisdictions (based on responses to questionnaires supplemented with publicly available materials):

  • The characterization and legality of virtual currencies;
  • The income tax consequences across the different stages of a virtual currency’s lifecycle, from creation to disposal;
  • The consumption and property tax treatment of virtual currencies;
  • Common tax policy challenges and emerging issues; and
  • Considerations for policymakers.

Continue Reading OECD Releases Report on Tax Policy Approaches and Gaps in the Taxation of Virtual Currencies

On September 16, 2020, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published an advanced notice of proposed rulemaking (ANPRM) seeking comments on regulatory changes to enhance the effectiveness of anti-money laundering compliance programs of regulated financial institutions. As described in FinCEN’s press release, the ANPRM presents an opportunity for financial institutions to provide comments on “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (BSA).” While FinCEN has published a number of rules in recent years through formal notice and comment procedures, the rules have been fairly targeted to issues such as customer due diligence. FinCEN has also issued a number of guidance documents, including guidance applying FinCEN’s rules to certain entities in the blockchain industry, but did not accept public comments from industry at the time. Therefore, the publication of the ANPRM presents a relatively rare opportunity for regulated entities to be heard on a range of AML programmatic and compliance issues.

Continue Reading FinCEN Seeks Comments on Effectiveness of AML Programs, Presenting Rare Opportunity for FinTech and Blockchain Companies