FinCEN Advisory Emphasizes Importance of U.S.-Iran Sanctions and AML/CFT Compliance for Virtual Currency Businesses

On October 11, 2018, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) released an advisory (the Advisory) intended to help money services businesses (MSBs) and foreign financial institutions better understand how U.S. sanctions on Iran affect their compliance obligations under the Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) rules and under the U.S.-Iran sanctions enforced by the U.S. Department of the Treasury’s Office of Foreign Asset Controls (OFAC).[1]

While Iran has historically relied upon, among other things, precious metals, such as gold, to evade sanctions and to market Iranian goods abroad, FinCEN views virtual currency as another commodity that Iranians may rely on to avoid sanctions.  Since 2013, Iranians have participated in more than $3.8 million in bitcoin-denominated transactions annually.  As a result, companies subject to U.S. regulation that participate in the virtual currency markets should pay careful attention to the Advisory.

To confirm the importance of the Advisory, OFAC separately issued the Advisory to all persons who subscribe to OFAC updates and listed the Advisory on its website.  This, together with the discussion of OFAC obligations within the Advisory, demonstrates that FinCEN and OFAC may cooperate on enforcement of these obligations.  As a reminder, U.S. sanctions prohibit U.S. persons and U.S.-owned or -controlled foreign entities from entering into transactions involving Iran, the Government of Iran, or Iranian financial institutions.[2]

Use of Virtual Currency and Other Means to Evade Sanctions

Iranians can access virtual currency through three types of platforms: (1) Iran-based virtual currency exchanges; (2) non-Iran-based virtual currency exchanges; and (3) peer-to-peer exchanges (e.g., decentralized exchanges and “meetup” platforms).  Iran has previously used third-country fiat currency exchange houses and trading companies as money transmitters to process fund transfers through the United States to third-country beneficiaries in evasion of sanctions.  Similarly, Iranians may move funds out of the country by converting fiat currency to virtual currency using virtual currency exchange platforms and peer-to-peer exchange platforms.

The Advisory includes a list of “red flags” to assist MSBs and foreign financial institutions in identifying suspicious activity.  These include:

  • Use of forged documents;
  • Customer transactions that move through multiple exchanges;
  • Account holders that receive deposits from multiple persons;
  • Transactions related to precious metals, such as gold, that are linked to Iran or that involve unusually high volumes;
  • Customer logins from Iranian Internet Protocol (IP) addresses or accounts with an Iranian email address;
  • Customer or correspondent payments to or from virtual currency exchanges that appear to be operating in Iran; and
  • Unexplained transfers into a customer account from multiple individual customers combined with transfers to or from virtual currency exchanges.

MSBs should consider incorporating these suspicious activities and appropriate response protocols into their risk management AML/CFT , OFAC and Know Your Customer policies and procedures.

FinCEN Compliance Recommendations

FinCEN recommends that MSBs actively monitor transaction records to detect suspicious activity.  Specifically, the Advisory encourages MSBs to use technology to monitor open blockchain ledgers for activity that originates or terminates in Iran and investigate transactions to or from peer-to-peer exchange platforms.  Such fund flows may involve wire transactions from multiple accounts or locations together with transfers to or from virtual currency exchange platforms.

MSBs and non-U.S. based virtual currency businesses doing substantial business in the United States must comply with relevant OFAC sanctions and AML/CFT obligations.  The Advisory notes that these obligations may include screening against OFAC’s List of Specially Designated Nationals and Blocked Persons and complying with other OFAC-administered sanctions programs, including import and export restrictions.

FinCEN advises that institutions engaged in virtual currency business review OFAC’s March 2018 Frequently Asked Questions on sanctions issues related to virtual currency.[3]  OFAC views virtual and real currency as equivalent for sanctions compliance purposes.  Therefore, persons subject to OFAC jurisdiction may not engage in transactions in real or virtual currency prohibited by OFAC sanctions.

Conclusion

Violation of OFAC sanctions is a strict liability offense.  Accordingly, virtual currency businesses should consider revisiting and strengthening their U.S. sanctions compliance policies and procedures in light of the Advisory to mitigate the risk of a violation.  The Advisory demonstrates that FinCEN, which regulates a broad swath of virtual currency businesses as MSBs, is cognizant of the illicit use of virtual currency by Iranian actors and may coordinate with OFAC to enforce U.S. sanctions.


Endnotes:
[1] Advisory on the Iranian Regime’s Illicit and Malign Activities and Attempts to Exploit the Financial System, FinCEN Advisory No. FIN-2018-A006 (Oct. 11, 2018), https://www.fincen.gov/sites/default/files/advisory/2018-10-11/Iran%20Advisory%20FINAL%20508.pdf.
[2] Sanctions Update: Rewind Your Iran Compliance Policy to January 2016 (May 9, 2018), https://www.perkinscoie.com/en/news-insights/sanctions-update-rewind-your-iran-compliance-policy-to-january.html.
[3] OFAC FAQs: Sanctions Compliance, U.S. Dep’t of the Treas., https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx (last accessed Oct. 13, 2018).

Cryptocurrencies: Matching insurance to risks and exposures

While cryptocurrencies and digital tokens — also known as “digital assets” — have disrupted traditional notions of commerce, capital and investing, there is another asset which any company engaged in this space will need: insurance. Given the rapidly-evolving nature of this new technology and the uncertainties surrounding applicable laws and regulations, it can be challenging to figure out the types of insurance products that should be considered. Any company engaged in this space should ask itself the following questions to help determine which lines of insurance it should consider.

Does it need Cyber Insurance?

  1. Does the company provide a technology service that might be subject to errors and omissions? For example, a cryptocurrency exchange provides a service to its customers that could be subject to mistake that causes a loss.
  2. Is there a risk of a privacy breach or breach of privacy regulations?
  3. Is there a risk of a security breach with respect to third parties which results in the following:
    • Corruption, destruction or deletion of a third-party’s electronic data?
    • Disclosure of third party’s private information?
    • Theft of third party’s data?
  1. Failure to prevent the transmission of malicious code into third party’s network?
  2. Is there a risk of a threat of cyber extortion, such as:
    • A threat to introduce or activate malicious code into a computer system?
    • A threat that someone will interrupt a computer system?
    • A threat that someone will damage or destroy a computer system?
    • A threat that someone will disseminate or improperly utilize a computer system or disrupt a network?
  3. Is there a risk that some “network” disruption will cause a loss of business income?

Does it need Commercial Crime Insurance?

  1. Is there a risk of employee theft?
  2. Is there a risk of vendor theft?
  3. Is there a possibility of loss of money or securities through a fraudulent electronic transfer?
  4. Is there a risk of “identity fraud” – using a company’s or a person’s identity to commit a crime?

Does it need Director’s & Officer’s Liability Insurance?

  1. Is there a risk that a shareholder or investor will allege that an officer or director was guilty of omissions, misstatements, misleading statements, neglect or breach of duty that that resulted in a decrease in the value of stock or other assets such as, possibly, a token?
  2. Is there a risk that shareholders or investors will bring a claim against the company alleging actual or alleged omissions, misstatements, misleading statements, neglect or breach of duty that violated securities laws and thereby caused a decrease in value of stock or other assets such as, possibly, a token?
  3. Is there a risk that a shareholder or investor will demand that the company investigate itself for some corporate wrongdoing for the purposes of determining whether the company should prosecute a derivative action?
  4. Is there a risk that governmental enforcement authority (e.g., SEC, FinCEN) will demand an interview of an officer or director for the purposes of investigating a possible regulatory or other legal violation?

Does it need Kidnap & Ransom Insurance for some employees?

  1. If company employees, particularly directors and officers, travel with “cold storage” wallets (i.e. a wallet that is not on-line but, rather, is on a thumb-drive, etc.), there could be a risk of kidnap or extortion in some regions.

The above, of course, is just a generic overview and is certainly not meant to present an exhaustive list of all of the types of insurance that any company might need. Those determinations can only be made after a very specific assessment of the role that a company s playing in the crypto-currency space and the risks that it faces. Further, there are nuances to all of these lines of coverages and they vary among different insurers. In addition, all companies engaged the crypto-currency space should expect to undergo fairly rigorous scrutiny by insurance underwriters who will seek to determine, for example, whether the company is at least attempting to be compliant with potentially-applicable regulations and has appropriate safe-guards in place, such as a data security incident response plan.

Robert Jacobs is a member of the firm’s Insurance Regulatory practice group and has presented on Insurance Risks for Blockchain at Enterprise Risk Conferences and to several of the firm’s clients. The firm’s Insurance Regulatory practice group specifically represents policy holders and is uniquely positioned to be a great value add to our clients.

Blockchain Week in Review – Week of October 8-12, 2018

U.S. Developments

Regulatory Updates

FinCEN Issues Advisory on Illicit Iranian Activities

On October 11, 2018, the U.S. Treasury Department Financial Crimes Enforcement Network (“FinCEN”) issued an advisory to help money services businesses  and foreign financial institutions better understand the U.S. Anti-Money Laundering/Combating the Financing of Terrorism (“AML/CFT”) risks related to Iranian activity.  The report encourages financial institutions to “consider reviewing blockchain ledgers for activity that may originate or terminate in Iran” and “utilize technology created to monitor open blockchains and investigate transactions to or from P2P exchange platforms.”  It also reminds foreign companies that “a non-U.S.-based exchanger or virtual currency provider doing substantial business in the United States is subject to AML/CFT obligations and OFAC jurisdiction.”  The U.S. Treasury Department Office of Foreign Asset Controls (“OFAC”), which administers the U.S. sanctions programs, distributed this advisory on behalf of FinCEN to those who subscribe to OFAC updates.  This shows a level of cooperation between these two agencies, as does the discussion of OFAC jurisdiction in the FinCEN advisory.             

SEC Brings Enforcement Action Against Blockvest LLC and Reginald Buddy Ringgold, III

On October 11, 2018, the U.S. Securities and Exchange Commission (“SEC”) announced that it had obtained an emergency court order halting the planned sale by Blockvest LLC and its founder, Reginald Buddy Ringgold, III, of BLV tokens.  Ringgold marketed the Blockvest Decentralized Exchange as the “first [U.S.] licensed and regulated tokenized crypto currency exchange and index fund.”  Moreover, he misrepresented to potential investors that the sale of BLV tokens had been “registered” and “approved” by the SEC, the Commodity Futures Trading Commission (“CFTC”) and the National Futures Association (“NFA”) and that Blockvest was “partnered” with and “audited by” Deloitte.

The BLV token would allow purchasers to earn a return by holding the tokens in Blockvest’s digital wallet.  The defendants filed Form D for a $100 million offering of BLV tokens, claiming an exemption from registration under Rule 506(c).  However, the Blockvest website indicated that defendants were conducting a Regulation A+ offering open to unaccredited investors.  Ringgold also stated at a conference that the defendants received “Reg A approval from the SEC.”  Accordingly, although the defendants claimed an exemption from registration, they did not comply with Rule 506(c) and solicited unaccredited investors.

Ringgold also claimed that a made-up agency called the “Blockchain Exchange Commission” had blessed his project.  The U.S. District Court for the Southern District of California issued an order freezing the defendants’ assets  and providing other emergency relief.  The SEC alleges in its complaint that the defendants violated the antifraud and securities registration provisions of the federal securities laws.

The NFA had sent a cease-and-desist letter to the defendants earlier this year in connection with misrepresentations made by the defendants.  Blockvest is a registered commodity trading adviser, but Ringgold and others associated with the business are not.  

CFTC Chairman Giancarlo Discusses Cryptoasset Markets in Fox Business Interview 

On October 12, 2018, CFTC Chairman J. Christopher Giancarlo discussed cryptoasset markets in an interview on Fox Business.  He explained that “[w]e’ve still got a long way to go, there’s a lot of issues in some of these spot exchanges, a lack of transparency, a lot of conflict of interest, a lack of systems and systems safeguards, and that’s a concern.  But you know, like all things, it takes time to mature, and with the movement of more institutional investors into the space, I think we’ll see that.”

SEC Seeks to Enforce Subpoena Involving Planned Token Sale

On October 9, 2018, the SEC filed a subpoena enforcement action against Saint James Holding and Investment Company Trust and its trustee, Jeffre James.  The SEC is investigating an alleged pump-and-dump scheme in the stock of Cherubim Interests, Inc. after suspending trading in Cherubim securities in February.  The SEC alleges that Cherubim issued false public statements claiming that it had executed a $100 million financing commitment to conduct a token sale for St. James Trust.  The subpoena requests the production of documents related to Cherubim’s statements about St. James Trust and the token sale.

Policy Updates

U.S. Senate Committee on Banking, Housing and Urban Affairs Holds Hearing on Cryptocurrency and Blockchain

On October 11, 2018, the U.S. Senate Committee on Banking, Housing and Urban Affairs held a hearing on cryptocurrency and blockchain featuring testimony from Nouriel Roubini, Professor of Economics at New York University, and Peter Van Valkenburgh, Director of Research at Coin Center.  Roubini dubbed crypto “the Mother of All Scams” and argued that blockchain is nothing more than a spreadsheet.  Van Valkenburgh retorted with a narrative that framed cryptoassets and blockchain as important emerging technologies that will benefit from “light-touch pro-innovation policy.”   He noted that many token sales were unregistered securities offerings or scams but explained that legitimate token sales may be conducted in compliance with the securities laws and regulations.

Roubini’s written testimony is available here.  Van Valkenburgh’s written testimony is available here.

FSB Concludes Cryptoassets Are Not a Threat to Financial Stability

On October 10, 2018, the Financial Stability Board (“FSB”) issued a report titled “Crypto-asset markets: Potential channels for future financial stability implications.”  In an accompanying press release, the FSB stated: “Based on the available information, crypto-assets do not pose a material risk to global financial stability at this time.  However, vigilant monitoring is needed in light of the speed of market developments.”  The report encourages regulators to monitor cryptoasset markets but acknowledges that there is a lack of helpful market data and information.

International Developments

Policy Updates

The following topic is covered in the Fintech Week in Review – Week of October 8-12

IMF and World Bank Launch Bali FinTech Agenda

Regulatory Updates

Managing Director of the Monetary Authority of Singapore Provides Insight Into Priorities

The Managing Director of the Monetary Authority of Singapore (“MAS”), Ravi Menon, stated in an interview on October 9, 2018 that the MAS is working to “bring the banks and cryptocurrency fintech startups together to see if there is some understanding they can reach.”  Additionally, he explained that many of the token sales conducted in Singapore do not constitute securities offerings.  He noted, “If  they are not a security, then we don’t have a problem with it. We’ve seen quite a lot of ICO activity that is not security related . . . And there’s a lot of interesting business models out there trying to raise capital in interesting ways, which as far as the consumers are aware of what these are, we have no issues.”

United Arab Emirates Announces Plans to Regulate Token Sales as Securities

The United Arab Emirates Securities & Commodities Authority announced that it is drafting rules that will govern token sales under its securities jurisdiction and is working with industry to develop trading platforms for cryptoassets.  The Authority plans to have finalized regulations in place by mid-2019.

Venezuela Requires Citizens to Purchase Passports Using Petros

Venezuelan citizens must now pay for new passports using the country’s oil- and mineral-backed cryptoasset, the Petro.  Each passport costs 2 Petros, which is four times the country’s monthly minimum wage.  The Petro token sale will begin on November 5, 2018.

The above is a summary of one of the significant legal and regulatory actions that occurred over the past week. This alert is not intended to be a comprehensive list of all such developments, but rather a selection of publicly-reported news that may be of particular interest.  

French Data Protection Authority Issues Guidance on Application of Blockchain to the GDPR

The French data protection authority, Commission Nationale de l’Informatique et des Libertés (CNIL), became the first European data protection authority to issue written guidance on the intersection of the use of blockchain technology and the General Data Protection Regulation (GDPR). The CNIL guidance provides welcome clarification on how to tackle some of the inherent tensions between GDPR and blockchain, although the CNIL left open certain important issues that will require deeper analysis and explanation in the future. Continue Reading

Blockchain Week in Review: Week of October 1-5, 2018

U.S. Developments

Federal Bank Regulators Issue Joint Statement on Collaborative BSA/AML Compliance

On October 3, 2018, a group of federal bank regulators and the Financial Crimes Enforcement Network (“FinCEN”) announced in a joint statement that banks and credit unions could collaborate and share resources to manage their Bank Secrecy Act (“BSA”) and anti–money laundering (“AML”) obligations.  Sharing resources through a collaborative arrangement helps banks to meet their BSA/AML compliance obligations by providing access to specialized expertise, at a reduced cost, that may be difficult to obtain in some markets.  The joint statement provides examples and guidance for how banks can manage their obligations more effectively and efficiently.  Nothing in the joint statement alters the four pillars of a bank’s BSA/AML compliance program: (1) a system of internal controls to ensure ongoing compliance; (2) independent testing of BSA/AML compliance; (3) designation of a BSA compliance officer; and (4) training of appropriate personnel.  With appropriate limits, each of these pillars can be addressed through a collaborative arrangement between banks. Continue Reading

SEC and FINRA Target Cryptocurrency Hedge Fund Manager and Broker-Dealers in New Wave of Digital Asset Enforcement Proceedings

The SEC and FINRA recently announced a series of enforcement actions against new types of actors in the digital asset space—private fund managers and broker-dealers. Continue Reading

Blockchain Week in Review – Week of September 24-28

The following summary is available in our sister blog, The Fintech Report.

Roundup of CFTC Resources

Blockchain Week in Review: Week of September 24-28, 2018

U.S. Developments

Cryptocurrency and the Colorado Money Transmitter License Act

On September 20, 2018, following months of consultation with the Colorado Attorney General’s office, Colorado’s Division of Banking released interim guidance interpreting the Colorado Money Transmitters Act and determining whether it applies to transfers of cryptocurrency. If virtual currencies were to be subject to the regulation, facilitating transfers, and therefore cryptocurrency exchanges, would require a license. The Division of Banking determined that cryptocurrency transfers are not the subject of the Colorado Money Transmitters Act because cryptocurrency is not a legal tender. However, a license may be required if legal tender is involved in a cryptocurrency transfer; for example if fiat currency (i.e., legal tender) is bought or sold on an exchange, or if an exchange has the ability to transfer legal tender through a cryptocurrency. The step has been lauded by the virtual currency community for fostering the development and growth of blockchain technology and cryptocurrency exchanges. Continue Reading

Blockchain Week in Review: Week of September 17-21, 2018

U.S. Developments

Hester Peirce Remarks at Cato Institute Conference

Hester Peirce made remarks at the Cato Institute’s Fintech Unbound conference on September 12, 2018. Commissioner Peirce commented that securities regulators are too risk averse, stating that “capital markets are all about taking risk, and queasiness around risk-taking is particularly inapt” and that “a key purpose of financial markets is to permit investors to take risks, commensurate with their own risk appetites and circumstances, to earn returns on their investments.” Continue Reading

Cryptocurrency Derivatives, Funds and Advisers: Key Considerations Under U.S. Commodity Laws (Part 2: The Regulation of Commodities – Quite Substantial, Even If Not Substantive)

This post originally appeared in The Derivatives and Repo Report, and can be accessed here.:

This post is the second in a series that outlines key considerations for investment funds and their advisers regarding the application of the U.S. commodity laws to cryptocurrency derivatives.  In Part 1, we focused on the status of cryptocurrencies as commodities and how that status relates to the jurisdiction of the U.S. Commodity Futures Trading Commission (the “CFTC”). Here, in Part 2, we provide an overview of the regulation of commodities and the commodity markets under the Commodity Exchange Act.

 

Blockchain Week in Review: Week of September 10-14, 2018

The following summary is available in our sister blog, The Fintech Report.

State Bank Regulators and NYDFS to renew litigation against OCC

Blockchain Week in Review: Week of September 10-14, 2018 Continue Reading

LexBlog