Do foreign digital currency exchanges taking US customers online have to be AML registered in the US?

By Christine Duhaime | July 21st, 2018

Do foreign digital currency exchanges that take US customers online have to be AML registered in the US?

Not unsurprisingly, the answer is yes.

Under US law, digital currency ​exchangers​ qualify as money transmitters and are subject to the obligations under the Bank Secrecy Act. Key concepts to know are that:

  • An exchanger is a person engaged in the business of exchanging digital currencies for real money or other digital currencies.
  • And if an exchanger, e.g., a business, accepts and transmits or buys or sells convertible digital currencies, it is a money transmitter under the regulations issued by FinCEN.
  • If the exchange accepts but does not transmit, it is not a money transmitter.
  • If you are a money transmitter, you must then comply with the Bank Secrecy Act and the registration obligations of FinCEN.

If you are a foreign digital currency exchange, you must register in the US if you onboard US customers whether F2F or Non F2F, who are located in the US even if none of your agents, agencies, branches or offices are physically located in the US.

Is “I don’t know where the online customer is from” a defense?

There are sometimes arguments made that a digital currency exchange that operates online may not know if it is onboarding US customers because the Non F2F online registration process involves providing an email address only.

That argument is problematic for an exchange because it evidences that the exchange has no anti-money laundering law, counter-terrorist financing or sanctions law compliance in place to identify its customers. If you do not know where your customer is from, how do you know they are not from a prohibited country? If you do not know who your customer is, how do you know they are not on a list of terrorists?

Moreover, all exchanges record and track IP addresses that provide the location of a customer when onboarding, and they know where each customer is visiting from. If an exchange does not, there are serious gaps at the exchange because it is conducting financial transactions without visibility, posing a threat to the financial system, the whole country and its bank. Such an exchange’s activities would make it aligned with the conduct of BTC-E and subject it to signifiant fines (see below).

Obligations for foreign exchanges taking US customers 

So what then, are the obligations required for foreign digital currency exchanges that take US customers online from another country?

They must:

  1. Register with FinCEN;
  2. In whatever state you accept customers online, you must then register, usually as a money services business, with that state;
  3. Comply with the Bank Secrecy Act obligations including having a competent anti-money laundering program that is risk-based, report transactions including suspicious transactions, verify the identity of customers, undertake record keeping, appoint an AML compliance officer, train and audit the exchange’s systems and the AML program.
  4. Appoint a US agent for legal service who is physically located in the US.

In practice, the obligations require the digital currency exchange to verify customer identity, conduct due diligence on its customers, file reports with the federal government, and create and maintain records pursuant to the Bank Secrecy Act.

Banking de-risking over AML failures 

Unfortunately, foreign digital currency exchanges that operate without authorization in the US by taking on US customers sometimes don’t realize that if they want to become registered and lawful in the future, that conduct harms them. That is because the registration process requires an exchange to disclose past unlawful operations or business practices that are inconsistent with the law. Foreign exchanges accepting US customers without registration in the US is an unlawful activity that is disclosable.

And then there is a greater risk to a digital currency exchange, which is the risk of being de-risked by its bank, or never getting banking services because they are deemed to be too risky for a bank. A foreign digital currency exchange that operates unlawfully in the US by taking US customers without being AML registered and processes financial transactions:

  • exposes the bank to massive fines by US bank regulators;
  • exposes the bank directors and officers to fines and criminal penalties;
  • demonstrates that it is not compliant with AML / CTF and sanctions law; and
  • breaches the terms and conditions of the contract for services it has with its bank.

No bank CEO will want to go to jail in the US for banking a digital currency exchange that is risky and does not comply with the law, and no CAMLO will expose the executives of a bank to that possibility.

Financial institutions and banks are beginning to ask for third party certifications that digital currency exchanges operate within the law and that for all the countries in which they accept clients, they are authorized and registered to do so by the applicable government agencies.

I think they should do more and require officers of digital currency exchanges to file periodic certifications to the bank confirming legal compliance, as well as filing third party AML certifications.  They are the only two ways banks can be protected and minimize risks when they provide services to digital currency exchanges. An exchange can have a compliance plan but the bank has no confirmation that compliance has been operationalized at a digital currency exchange unless it obtains external professional certifications. Banks obtain legal protection by being able to rely upon the two certifications.

Banks are also asking for third party legal sign offs in respect of ICOs that digital currency exchanges list to confirm that the ICOs were launched legally and are not inconsistent with the securities legislation – both in terms of the ICO itself and the exchange’s function as a listing platform and what they are seeking is confirmation by legal counsel that the ICO was legally issued and that the exchange is registered with the requisite securities commission to trade that particular ICO.

Penalties

Foreign digital currency exchanges taking US customers are as liable as US exchanges for violations of US law. Last year, the US issued a civil penalty against BTC-E for US$110 million for willful violations of US anti-money laundering law and assessed a penalty of US$12 million against one of its administrators. What BTC-E did for Non F2F online onboarding was to obtain a username, a password and an e-mail address and once it had those, it conducted financial transactions by accepting digital currencies and fiat. Anti-money laundering law requires that exchanges conduct know you customer procedures at the account opening and onboarding phase, before a financial transaction, not after. There is no such thing as customer exit KYC – KYC is a customer entrance obligation.

A willful violation would arise when a foreign digital currency exchange does not inform itself about US law or engages unqualified persons for AML law. For example, a foreign digital currency exchange has legal advice, internal or external in respect of US law and ignores the legal advice, although that is arguably more than willful – it is knowingly unlawful.

A foreign person employed at or controlling a digital currency exchange that is convicted of money laundering can face up to 20 years in prison and fines of millions of dollars. Any property involved in a transaction or traceable to the proceeds of the criminal activity, including property and bank accounts (even if some of the money in the account is legitimate), may be subject to forfeiture.

Compliance also requires that digital currency exchanges investigate financial crimes and when warranted, file suspicious activity reports. Failures by companies to investigate financial crime alerts and to submit SARs, have resulted in penalties of up to US$97 million by the US government.

Liability can often be personal as well, as against compliance officers who fail to comply with anti-money laundering law at their companies. Liability has never attached, however, in cases where the CAMLO’s function is underfunded or not funded, or there is no buy-in or support from the directors for a compliance department, although CAMLO’s are expected to resign in those situations. Regulators recognize that there are instances where a CAMLO is appointed and the appointment is for show only, meaning that there is no desire or resources allocated by the company for a CAMLO to be an operational position. CAMLOs are also expected to file a report when they resign over a failure of the compliance function at their company.

The chart below, from Thomson Reuters, provides some interesting cases of personal liability of CAMLOs.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

US indicts 12 Russian nationals for money laundering and hacking

By Christine Duhaime | July 14th, 2018

The US has indicted 12 Russian foreign nationals for hacking, conspiracy and money laundering for allegedly interfering with the 2016 US presidential election. According to the indictment, Russia operated an intelligence agency called GRU which obtained confidential documents from the Clinton campaign systems by hacking and systematically released them to sway public opinion. According to the Indictment, the Russian hackers spoofed computers with fake Google emails to obtain access to computer emails and databases containing documents related to Hilliary Clinton and her presidential campaign.

The hackers, in what they believed was a move to avoid detection, used Bitcoin and the same Bitcoin wallet address to rent a server in Malaysia, register domain names and pay for other services. In total, they are alleged to have laundered $95,000 worth of Bitcoin in furtherance of their hacking activities. They also mined Bitcoin from their computers in order to pay for services. Unlike cash and other types of financial transactions, Bitcoin can be traced backwards online, even with tumblers and such, for financial crime purposes, and unlike traditional financial transactions, the identity of the owner of a Bitcoin wallet can also be determined.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

清华大学计划将区块链技术应用于文物保护

By Christine Duhaime | July 13th, 2018

By Tongtong Xu

作为中国最高学府之一的清华大学日前递交了一项关于将区块链技术应用于文物保护的专利申请。

根据在4月递交,今天得到披露的专利,三位教员一同研发了一个区块链技术的系统概念,目的是储存并分享有重要意义的文物的数字版本。作为发明者的谭嘉嘉(音译)和陆小步(音译)向大家解释了这个系统的两个重要组成部分。

第一部分包括一个可以对重要文物进行扫描的3D计算模型,目的是在扫描之后能为储存提供一个数字范围的表格。在第二步中,该系统将每一项物品的数据通过一个叫做“Hashing”的加密过程自动储存在私有区块链上。

尽管专利申请并没有直接解释关于他们会如何开发该私有区块链的各方细节,发明者表明说初阶段的探索已在去年四月腾讯发布的区块链平台上进行测试。

See the full patent application below:

https://www.scribd.com/document/383768782/Tsinghua-University-Patent#from_embed?campaign=SkimbitLtd&ad_group=100652X1574425X38331168130bda0dedb41cbaf98a34f5&keyword=660149026&source=hp_affiliate&medium=affiliate

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

23 members of transnational criminal organization arrested for money laundering

By Christine Duhaime | July 12th, 2018

Europol announced today that the Spain and Columbia collectively arrested 23 members of an unidentified transnational criminal organization (the “Group”) involved in laundering the proceeds of crime on behalf of other unidentified transitional criminal organizations. The Group didn’t launder a lot of money – only €2 million.  The Group allegedly used Bitcoin to launder funds and part of the law enforcement action involved orders to freeze Bitcoin wallet addresses in Spain. The wallet addresses were set up in Spain for Columbian drug traffickers. According to Europol, drug traffickers used Bitcoin to hide the origin and movement of funds.  However, since they and the wallet addresses were located and the subject of what appears to be mareva orders, it’s fairly evident that Bitcoin financial transactions can reveal the identity of the transactors, as well as the transactions.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Woman who bought Bitcoin with $300,000 in cash in grocery bags, going to jail for one year

By Christine Duhaime | July 9th, 2018

A woman in California, who admitted operating an unlicensed in-person digital currency exchange where she traded cash for Bitcoin,  was sentenced today to 12 months in federal prison, three years of supervised release, and a fine of US$20,000.

Theresa Tetley pled guilty to conducting an illegal business and engaging in unlawful monetary transactions involving Bitcoin, and laundering the proceeds of crime. She was part of Localbitcoins.com and exchanged up to US$10 million for customers across the US. Her exchange was not registered with FinCEN and she had no anti money-laundering system in place, such as customer due diligence and transactional reporting of required financial transactions.

During one translation with an undercover DEA agent, she agreed to exchange the proceeds from illegal drug trafficking on the darknet. She had been de-risked by one bank and used her sister to conduct financial transactions for her.

She was arrested when she attempted to buy Bitcoin with US$300,000 cash that she had in two grocery bags.

Tetley was ordered to forfeit 40 Bitcoin, US$292,264.00 in cash and several gold bars.

Under US law, a money transmitting business must register with the federal government as a money services business, specifically, with FinCEN, which is part of the US Department of Treasury.

Registration as a money services business (“MSB”) triggers obligations for that financial institution. For example, under the Bank Secrecy Act, an MSB is required, among other things, to:

      • Develop, implement, and maintain an effective written anti-money laundering program that is reasonably designed to prevent the MSB from being used to facilitate money laundering and terrorist financing;
      • Report transactions that the MSB knows, suspects, or has reason to suspect are suspicious, including funds derived from illegal activity or involve the use of the MSB to facilitate criminal activity, if the transactions are conducted or attempted by, at, or through the MSB, and the transactions involve or aggregate to at least US$2,000 in funds or other assets; and
      • File a report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such MSB which involves a transaction in currency of more than US$10,000.

In practice, the obligations require an MSB to verify customer identity, conduct due diligence on its customers, file reports with the federal government, and create and maintain records pursuant to the Bank Secrecy Act.

In the US, digital currency exchanges that exchange Bitcoin for cash in person either comply with the law, and register with FinCEN (like traditional banks), or choose not to register with the federal government, or are perhaps unknowledgeable in respect of the law, as is the case with smaller companies in the new Bitcoin space.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Canadian Court orders transfer of 420 Bitcoin held by ICO founder, smack during Court hearing

By Christine Duhaime | July 9th, 2018

On Friday, a Québec Court ordered the founder of an illegal ICO, Dominic Lacroix, to transfer $3.7 million worth of Bitcoin during a Court hearing and threatened him with incarceration if he did not immediately do so. Lacroix created the Plexcoin ICO which is the subject of an enforcement action by the SEC. According to the SEC, Plexcoin raised over $15 million from investors on the basis of alleged fraudulent misrepresentations to American residents. The ICO is illegal in the US and no decision has been rendered as to its legality or not in Canada. That’s because no court in Canada has determined Bitcoin is money and a provincial government has formally opined in respect of that.

Continue reading

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Violent robberies of digital currency executives and traders up over 100% in 2018 as another Bitcoin trader robbed at gun point during home invasion

By Christine Duhaime | July 8th, 2018

Massachusetts armed home invasion

A Bitcoin trader, who runs a digital currency exchange associated with Localbitcoins, was robbed at gun point in his home by two men who demanded he turn over Bitcoin and cash. The home invasion took place in Massachusetts in the early morning of July 6, 2018. The two suspects were later caught and arrested by state police. It is believed that they staked out the home before, and were aware that the home owner operated a digital currency exchange. The home owner, Austin Nedved, managed to run out the front door and call police.

23 year old Bitcoin kid killed

Earlier this year, a well known Bitcoin trader and blogger in Russia named Pavel Nyashin, who often boasted about his Bitcoin wealth online, was violently beaten and robbed of US$425,000 in Bitcoin in Russia. His apartment was trashed and his computer equipment stolen. As you can tell from his face, below, he took to Youtube and used the incident of what happened to him to raise awareness of the risks of violence to those in the Bitcoin community. He was later murdered in Russia, likely because he was vocal about what happened to him and filed a police report, although some believe he committed suicide. He was 23 years old.

In the first six months of 2018, there was an increase of over 100% in the number of violent attacks against executives of digital currency exchanges and traders, since 2017.

RIP Pavel Nyashin, Russian Bitcoin trader who was beaten and robbed for his Bitcoin and later murdered in May 2018.

Exchange executives are at high risk for extortion and kidnappings

Digital currency exchange owners and key executives, particularly those who have visibility, are increasingly at high risk for thefts, violent home invasions and extortion attempts.

Continue reading

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

블록체인 산업 발전을 위한 전문가의 조언

By Christine Duhaime | July 6th, 2018

By Eunji Lee

한국에선 블록체인 산업 성장속도가 빠르다는 것에 비해 정부의 제대로 된 지지가 미흡하다. 이 수동적인 정부의 태도가 국내 블록체인 산업 활성화가 무뎌지는 이유들 중 첫번째로 손 꼽힌다.

암호화폐는 블록체인을 기반으로 만들어지는 만큼 이미 ‘암호화폐 = 블록체인’이라는 인식이 강화된 상태에서, 암호화폐를 둘러싼 끊이지 않는 사건 사고가 블록체인 산업 이미지를 악화시킨다.

여러 거래소가 해킹당하고, 수많은 피해자들이 생기고 있는 도중에도, 여전히 정부는 피해자들을 보호할 수 있는 정책은 내놓지 않고있다. ICO 시장도 마찬가지다. 한국에 ICO 시장이 최근 급속도로 번창하면서, ‘코인 스캠’도 늘어나, 정부는 아무런 자세한 가이드라인없이 ‘모든 형태의 ICO를 전면 금지한다’라는 태도만 보였다. 이러한 태도는 오히려 한국 기술산업 발전을 더디게 만들 수 밖에 없다.

김진화 한국블록체인협회 이사는 “미국과 스위스 등 주요 금융 선진국들은 정부가 ICO를 제도권으로 끌어들이고 관련 규제와 감시기관을 지정해 사기를 걸러내고 있다. 지금처럼 ICO 관련 정책에 손을 놓고 있는다면 투자자 보호뿐 아니라 국내 블록체인 스타트업 투자 환경이 저해된다. 업계에는 큰 타격”이라고 강조했다.

이에 있어, 우수한 인재가 해외로 빠져나가는 한편 ICO를 준비하는 과정에서 기술 유출 가능성도 없잖다. 오정근 한국금융ICT융합학회장은 “블록체인은 4차 산업혁명 시대 핵심 기술이다. 국내 ICO 허용은 물론 세금을 낮추고 규제를 완화해 기업을 유치하도록 유인하는 특별법을 제정할 필요가 있다. 스위스 주크나 영국 맨섬처럼 특정 도시를 암호화폐 특구로 전략적으로 지정해 ‘한국판 크립토밸리’를 육성하는 것도 방법”이라고 말했다.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Human trafficking getting worse, not better

By Christine Duhaime | July 2nd, 2018

I wrote this post, below, 5 years ago, and sadly nothing has changed to reduce the incidents of human trafficking of young girls around the world, or to make their world a better and safer place. In fact, it has gotten worse. Now its a US$32 billion annual business – up from US$9 billion in 2013. The UK reported an increase in human trafficking in the last quarter of 2018 alone of 21% and a whopping 44% of the cases involved victims who are minors and the majority of those were forced sexual prostitution cases.

Continue reading

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Human trafficking prosecutions up 41% in US

By Christine Duhaime | July 2nd, 2018

According to a report released this week by the US Department of Justice, there were 41% more cases referred for criminal prosecution for human trafficking in 2015. In total, 1,923 johns and pimps were referred for prosecution, and of those, 1,049 were prosecuted and 93% convicted. The median prison sentence was 15 years.

Continue reading

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email