On October 11, the leaders of the Commodities Futures Trading Commission (CFTC), Financial Crimes Enforcement Network (FinCEN), and the Securities and Exchange Commission (SEC) issued a joint statement regarding anti-money laundering (AML) compliance for persons engaged in certain activities involving digital assets. While the statement largely reaffirms known agency guidance and existing regulations, it is noteworthy for a number of reasons.
First, the joint statement, issued from multiple regulators, is the first of its kind in the digital asset space with respect to AML and may indicate an intent of regulators to show that their approach to AML compliance is aligned and to coordinate more closely on AML compliance going forward. While each of the three regulators has published guidance regarding digital assets and has engaged in related enforcement actions, there has not been any public indication to date that such efforts have been coordinated across agencies.
Indeed, industry has sometimes felt regulators were pulling in different directions. For example, the degree to which protocol governance is decentralized may be an important consideration in determining whether a particular digital asset is a security (see additional analysis from Steptoe here). However, as protocol governance becomes increasingly decentralized it may simultaneously become more difficult to ensure the relevant ecosystem is not utilized for money laundering, terrorist financing, or other illicit activities. If this joint statement is an initial step toward closer inter-agency coordination, such a shift would likely be welcome by industry.
Second, the joint statement underlines that there are multiple ways a person dealing in digital assets may be considered a “financial institution” as defined in FinCEN regulations and the Bank Secrecy Act, the statute underpinning most AML regulations, and therefore required to comply with related AML regulatory obligations.
For example, persons exchanging or administering convertible virtual currency (CVC) will generally be viewed as engaging in money transmission, requiring them to register with FinCEN as a money services business (MSB) and comply with applicable regulatory requirements. (See FinCEN’s recent guidance here). Similarly, futures commission merchants and introducing brokers required to register with the CFTC and broker-dealers and mutual funds required to register with the SEC also have AML compliance obligations under the BSA.
The joint statement emphasizes “[t]he nature of the digital asset-related activities a person engages in is a key factor in determining whether and how that person must register with the CFTC, FinCEN, or the SEC” and that persons cannot rely on common industry usage of words such as “exchange” which may mean one thing in common industry parlance but another thing under the applicable regulatory regimes.
With respect to entities potentially falling within the scope of multiple regulatory regimes, the joint statement explains that “FinCEN’s BSA regulations also provide that any person ‘registered with, and functionally regulated or examined by, the SEC or the CFTC,’ would not be subject to the BSA obligations applicable to MSBs, but instead would be subject to the BSA obligations of such a type of regulated entity.” In other words, if an entity meets the definition of an MSB, but is also registered with and regulated/examined by the CFTC or SEC, it should follow the AML-related rules for such CFTC or SEC registered entities.
The joint statement also notes that regardless of the type of financial institution an entity is considered under the BSA, “all financial institutions dealing in digital assets meeting the definition of ‘securities’ under federal law must comply with federal securities law.” Therefore, an MSB dealing in unregistered securities could potentially violate applicable securities laws even if it did not otherwise meet the requirements for SEC registration.
While there are significant overlaps between the AML regulations applicable to MSBs and to CFTC and SEC registered entities, there are also some key differences, meaning how a financial institution is regulated can have important implications for its AML compliance program.
Overall, the joint statement does not appear to alter any of the agency’s previously stated positions, but it does underline the continued focus of the US government on AML compliance and highlights the necessity for companies in the digital asset space to carefully assess their compliance obligations and take steps to ensure they meet those obligations.