While cryptocurrency is often used for legitimate purchases, the increase in use for unsavory products and services has caused regulators to pick up their game. Part of the appeal of cryptocurrency is the anonymity. Due to the trend of illicit characters continuing and increasing use of cryptocurrencies, and the responsibility of financial institutions to monitor and report suspicious activity under the Bank Secrecy Act (BSA), all sectors of the financial industry need to understand cryptocurrencies. Since cryptocurrency operates independently of a central bank, regulation of the transactions, specifically BSA, becomes much more difficult.
Regulatory agencies are proving they have taken notice of the use of cryptocurrencies; as in the spring of 2019, the Financial Crimes Enforcement Network (FinCEN) assessed a civil money penalty (CMP) to an individual for violating the BSA, which was the first CMP issued for matters dealing with cryptocurrency. The individual was aware of the requirements, but chose not to comply with the BSA in a variety of ways, such as:
- Not registering as a money service business (MSB). The individual sold and purchased cryptocurrency, specifically bitcoin, to and from others, including for and on behalf of others. The funds were transferred via physical delivery of currency in person, sending or receiving of currency through the mail, and/or coordinating transactions by wire through a depository institution. In addition, the individual discussed anti-money laundering (AML) regulations and how to circumvent those requirements, including registering as an MSB.
- Not having established a written AML program.
- Not filing suspicious activity reports (SARs). The individual failed to file SARs. Examples of the suspicious activity conducted include:
The facilitation of transactions with customers doing business on the darknet, specifically on a website that was shut down by federal law enforcement following highly publicized reports of illegal activity, including the promotion of money laundering by concealing the source of funds.
The individual engaged with a customer who used email addresses with The Onion Router (TOR) that makes is it difficult to determine the location and identity of the darknet user. The torrent service is not in and of itself suspicious, customers making transactions using these services however require additional due diligence for the customer identification, which was not conducted.
- Not filing currency transaction reports (CTRs). According to the BSA requirements, the individual should have filed over 200 CTRs.