Please enter your email below to subscribe
Over two years ago , U.S. government regulators warned that virtual currency may be new, but the regulation framework is not, and the government expects those companies to be abiding by requirements applicable to money service businesses. These warnings have now resulted in the first civil enforcement case. Ripple Labs Inc., the second-largest cryptocurrency company after Bitcoin, and its wholly owned subsidiary XRP II LLC, recently paid a $700,000 civil penalty for acting as a money services business (MSB) and selling its virtual currency without registering all its entities with FinCEN, and by failing to implement and maintain an adequate anti-money laundering (AML) program designed to protect its products from use by money launderers or criminals of any type.
More significant than the penalty itself was the terms of the agreement. Ripple Labs agreed to conduct a three-year look back of transactions, and also have an outside expert review their program for BSA compliance for five years, until 2020. FinCen imposed these requirements even though the company had already taken significant steps to register and build a compliance program. The government, while recognizing Ripple Labs took some positive steps, ultimately found those steps to be insufficient and untimely.
Jennifer Shasky Calvery, the Director of FinCEN, recently confirmed this activity is indeed a “Ripple” and we should expect broader enforcement activity. She announced that FinCEN, working closely with the IRS-designated BSA experts to conduct reviews of virtual currency companies.
What does this mean for you?
If you are operating a virtual currency company, it’s critical to prepare and build an effective compliance program now, and before your business is subject to an examination or investigation. In addition to licensing as a money service business, core components of any AML program for a virtual currency company include designating a compliance officer; development of internal controls, policies and procedures; training; and independent testing.
One common issue that new businesses or start-ups sometimes have is ensuring that the AML compliance officer is fully trained. It does little good to designate someone who has no experience or understanding of the common issues and potential red flags. If you are in a position where you don’t have an experienced compliance officer in-house, it is critical to fund training for the individual designated (such as ACAMS conferences or other training opportunities) and rely on experienced outside experts to avoid missteps. You might also consider engaging an outside compliance firm to assist in the initial design of your compliance program.
Finally, if you get notice of an examination or any government inquiry, reach out to counsel or an outside advisor immediately. Make sure that all employees know that they should elevate any government visit or question to appropriate levels in the company. While it is preferable to take steps before the government knocks at your door, swift action even after government inquiry can sometimes help mitigate the penalty and damage.
Julie Myers Wood is chief executive officer for Guidepost Solutions LLC. She focuses on regulatory compliance and investigative work with significant experience as an independent monitor.