Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 4, the Tennessee governor signed HB 316 / SB 268 to enact the Money Transmission Modernization Act, the money transmitter model law created by industry and state experts. Provisions under the Act amend Tennessee Code Annotated, Title 45, and are intended to (i) reduce regulatory burden by promoting coordination among the states in areas of regulation, licensing, and supervision; (ii) protect the public from financial crime; (iii) standardize activities that are subject to, or otherwise exempt from, licensure; and (iv) modernize safety and soundness requirements to protect customer funds while supporting innovative and competitive business practices. Under the Act, persons may not engage in the business of money transmission, or advertise, solicit, or hold themselves out as providing money transmission without being licensed. In addition to exempting federal and state agencies and financial institutions organized under the laws of any state or the United States, the Act now exempts “authorized delegates”—persons designated by a licensee to engage in money transmission on behalf of the licensee, and persons that fall within an outlined exemption, including persons appointed as an agent of the payee.
The Act also provides the commissioner of financial institutions with the authority to exercise various powers, including the use of the Nationwide Multistate Licensing System and Registry, and the ability to participate in multistate supervisory processes coordinated through the Conference of State Bank Supervisors, Money Transmitter Regulator Association, and others for all licensees that hold licenses in Tennessee and other states. While retaining the ability to conduct examinations of licensees, the commissioner may now examine or investigate an authorized delegate. The Act also updates licensee liability requirements related to net worth assets and surety bonds and make various other changes related to audit reports and disclosure permissions. The Act further provides that “[a] person shall not engage in the business of money transmission on behalf of a person not licensed under this chapter or not exempt pursuant to § 45-7-104,” and stipulates that “[a] person that engages in such activity provides money transmission to the same extent as if the person were a licensee, and is jointly and severally liable with the unlicensed or nonexempt person.” The Act takes effect January 1, 2024.
On March 15, the North Dakota governor signed SB 2119, which revises provisions related to money transmitters. The act, among other things, provides that a “person may not engage in the business of money transmission or advertise, solicit, or hold itself out as providing money transmission unless the person is licensed under this chapter.” The provision does not apply to a “person that is an authorized delegate of a person licensed under this chapter acting within the scope of authority conferred by a written contract with the licensee” or to exempt persons provided the person “does not engage in money transmission outside the scope of the exemption.” The act outlines provisions related to consistent state licensure, application for licensure, information requirements for certain individuals, reporting and recordkeeping requirements (including those related to anti-money laundering), and bond requirements. Provisions relating to examinations, investigations, and licensee supervision, as well as unauthorized activities are also discussed. The act also provides a comprehensive list of exemptions.
The act is effective August 1. For current licensees, the provisions take effect upon license renewal but no later than December 31.
Illinois announces new consumer protections for digital assets, proposes new money transmitter licensing provisions
On February 21, the Illinois Department of Financial and Professional Regulation (IDFPR) announced several legislative initiatives to establish consumer protections for cryptocurrencies and other digital assets and provide regulatory oversight of the broader digital asset marketplace. The Fintech-Digital Asset Bill (see HB 3479) would create the Uniform Money Transmission Modernization Act and provide for the regulation of digital asset businesses and modernize regulations for money transmission in the state. Among other things, the Fintech-Digital Asset Bill would require digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in the state. The bill also establishes various requirements for businesses, including investment disclosures, customer asset safeguards, and customer service standards. Companies would also be required to implement cybersecurity measures, as well as procedures for addressing business continuity, fraud, and money laundering. Notably, the Fintech-Digital Asset Bill replaces and supersedes the Transmitters of Money Act (see 205 ILCS 657) with the Money Transmission Modernization Act, in order to harmonize the licensing, regulation, and supervision of money transmitters operating across state lines. Provisions also amend the Corporate Fiduciary Act to allow for the creation of trust companies for the special purpose of acting as a fiduciary to safeguard customers’ digital assets, the announcement noted.
The Consumer Financial Protection Bill (see HB 3483) would grant the IDFPR authority to enforce the Fintech-Digital Asset Bill and strengthen the department’s authority and resources for enforcing existing consumer financial protections. Modeled after the Dodd-Frank Act, the Consumer Financial Protection Bill empowers the IDFPR with the ability to target unfair, deceptive, and abusive acts and practices by unlicensed financial services providers. The bill creates the Consumer Financial Protection Law and the Financial Protection Fund, and establishes provisions related to supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking. The Consumer Financial Protection Bill also includes provisions concerning court orders, penalty of perjury, character and fitness of licensees, and consent orders and settlement agreements, and makes amendments to various application, license, and examination fees. The bill does so by amending the Collection Agency Act, Currency Exchange Act, Sales Finance Agency Act, Debt Management Service Act, Consumer Installment Loan Act, and Debt Settlement Consumer Protection Act.
On February 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued Syria General License (GL) 23 to authorize, for 180 days, all transactions related to earthquake relief efforts that would ordinarily be prohibited by the Syrian Sanctions Regulations (SySR). Specifically, authorizations under GL 23 include “the processing or transfer of funds on behalf of third-country persons to or from Syria in support of” transactions related to earthquake relief efforts in the country. Additionally, “U.S. financial institutions and U.S. registered money transmitters may rely on the originator of a funds transfer with regard to compliance” for transactions related to earthquake relief efforts in Syria, provided that the financial institution does not know or have reason to know that the funds transfer is not related to such efforts. GL 23 does not permit any transactions prohibited under the SySR related to the importation of petroleum or petroleum products of Syrian origin into the U.S., or any transactions involving persons “whose property and interests in property are blocked pursuant to the SySR, other than persons who meet the definition of the term Government of Syria, as defined in section 542.305(a) of the SySR, unless separately authorized.” Additionally, OFAC advised financial institutions and others who may be engaged in disaster relief activities for Syria to contact OFAC directly to seek specific licenses or guidance should they believe their activities are not covered by existing authorizations or exemptions.
On January 4, NYDFS issued a consent order against a cryptocurrency trading platform for engaging in alleged violations of New York virtual currency, anti-money laundering, transaction monitoring, and cybersecurity regulations. According to the consent order, in 2020, NYDFS found significant deficiencies across the respondent’s compliance program, including its Know-Your Customer/Customer Due Diligence (KYC/CDD) procedures, Transaction Monitoring System (TMS), OFAC screening program, and AML risk assessments. As a result of these findings, the respondent agreed to improve its BSA/AML and OFAC compliance programs, including engaging an independent consultant to develop a remediation plan and improve its compliance program.
In 2021, NYDFS launched an investigation to determine whether the respondent’s compliance deficiencies had resulted in any legal violations. The investigation found “substantial lapses in [the respondent’s] KYC/CDD program, its TMS, and in its AML and OFAC sanctions controls systems, as well as issues concerning [the respondent’s] retention of books and records, and with respect to meeting certain of its reporting obligations to the Department.” NYDFS noted that in late 2020 and 2021, the respondent took steps to remediate the issues identified by the Department and the independent consultant; however, substantial weaknesses remained, and its compliance system was inadequate to handle the growing volume of the respondent’s business.
Under the terms of the consent order, the respondent must pay a $50 million civil penalty to NYDFS and invest $50 million in its compliance program. Additionally, an independent third party will continue to work with the respondent for another year, which may be extended at the Department’s sole discretion. NYDFS noted that the respondent has already taken steps to build a more effective and robust compliance program under the supervision of NYDFS and the NYDFS-appointed independent monitor. According to the respondent’s press release, the company “has taken substantial measures to address these historical shortcomings” and “remains committed to being a leader and role model in the crypto space, including partnering with regulators when it comes to compliance and other areas.”
On November 3, the California Department of Financial Protection and Innovation (DFPI) released a new opinion letter covering aspects of the California Money Transmission Act (MTA) related to a cryptocurrency exchange’s transactions. The redacted opinion letter examines whether the inquiring company’s proposed business activities—which “will offer the purchase, sale, and trading of various cryptocurrencies using a platform provided by its affiliate and in conjunction with another affiliate that is a . . . registered broker-dealer”—are exempt from the MTA. Transactions on the company’s platform will involve the use of the company’s tokenized version of the U.S. dollar. Customers will deposit U.S. dollar funds into a company account where an equivalent amount of tokens will be created and used to facilitate a trade for cryptocurrency. The tokens can also be exchanged for U.S. dollars, or customers can hold the tokens in their wallet. According to the letter, the company says it “does not take custody of its client’s currencies or offer digital wallets,” but rather a “client’s digital wallet is directly linked to the platform and transacts on a peer-to-peer basis with other clients.” In addition to trading cryptocurrencies, the company also plans to allow customers to “trade in cryptographic representations of publicly listed securities,” thereby permitting customers to purchase, sell, or trade the securities tokens on the platform. The company will also be able to transfer customers’ shares of securities tokens from the platform to a customer’s traditional brokerage account. The company explained that these transactions of securities tokens will be covered by the company’s affiliate’s broker-dealer license.
DFPI concluded that because the Department has not yet “determined whether the issuance of tokenized versions of the U.S. Dollar or securities, or their use to trade cryptocurrencies, is money transmission,” it will not require the company to obtain an MTA license in order to perform the aforementioned services or to issue tokenized version of the U.S. dollar or securities. DFPI noted, however, that its conclusions are subject to change, and emphasized that its letter does not address whether the proposed activities are subject to licensure or registration under other laws, including the Corporate Securities Law of 1968.
D.C. Department of Insurance, Securities and Banking says certain Bitcoin activity subject to money transmission laws
Recently, the District of Columbia’s Department of Insurance, Securities and Banking (DISB) issued a bulletin informing industry participants engaging in or planning to engage in money transmission involving Bitcoin or other virtual currency “used as a medium of exchange, method of payment or store of value in the District” that such transactions require a money transmitter license. Specifically, the bulletin noted that DISB considers Bitcoin to be money for money transmission purposes. Relying on United States v. Larry Dean Harmon, DISB stated that while “money transmission is vaguely defined in DC Code,” the court’s decision “relied on the common use of the term “money” to mean a “medium of exchange, method of payment or store of value,” and that therefore Bitcoin functions like money. The bulletin also noted that the court found that while the D.C. Money Transmitters Act of 2000 specifically defined certain banking and financial terms, it did not define “money,” thereby reasoning “that the goal of the MTA is to regulate all kinds of transfers of funds, whether fiat currency, virtual currency or cryptocurrencies.”
Additionally, DISB noted that “engaging in the business of ‘money transmission’” includes “transactions where entities receive for transmission, store, and/or take custody, of Bitcoin and other virtual currencies from consumers via kiosks (aka BTMs), mobile applications and/or online transactions.” However, transactions where entities propose to sell and buy Bitcoin and other virtual currencies from consumers in exchange for cash payments via kiosks and/or online transactions are not considered to be money transmission. Entities that plan to engage in covered activities are subject to money transmission licensing requirements, DISB stated, explaining that whether an entity is required to obtain a money transmitter license depends on the individual facts and circumstances of each applicant, which include but are not limited to an applicant’s proposed business plan and flow of funds, as well as an applicant’s business model.
Special Alert: NYDFS fines trading platform for BSA/AML, transaction monitoring, and cybersecurity lapses
The New York Department of Financial Services and a trading platform on Aug. 1 entered into a consent order to resolve deficiencies identified during a 2019 examination and a subsequent investigation by the department’s enforcement section. The consent order focused on deficiencies related to Bank Secrecy Act and anti-money-laundering compliance, transaction monitoring, cybersecurity, and related New York certifications of compliance. The company will pay a $30 million civil monetary penalty and retain an independent consultant that will assist with remediating the issues highlighted in the order and report to NYDFS on remediation progress.
The consent order has far-reaching implications for all financial services companies that come under the jurisdiction of the NYDFS.
The trading platform is a wholly owned subsidiary of a financial services company that offers U.S.-based retail investors the ability to trade stocks, options, and crypto currency on a commission-free basis through its broker-dealer subsidiary. The trading platform is licensed by the NYDFS to engage in virtual currency and money transmitter businesses in New York. Of primary concern for the NYDFS was the platform’s alleged reliance on its parent company’s compliance and cybersecurity programs through enterprisewide systems that the NYDFS found to be inadequate. Additionally, according to NYDFS, the platform allegedly had few to no qualified personnel or management involved in overseeing those programs, which NYDFS has implicitly indicated cannot be outsourced.
On August 2, NYDFS announced a consent order imposing a $30 million fine against a trading platform for alleged violations of the Department’s Virtual Currency Regulation (23 NYCRR Part 200), Money Transmitter Regulation (3 NYCRR Part 417), Transaction Monitoring Regulation (3 NYCRR Part 504), Cybersecurity Regulation (23 NYCRR Part 500), and for failing to maintain adequate Bank Secrecy Act/anti-money laundering (BSA/AML) obligations. According to a Department investigation, the platform’s BSA/AML compliance program contained significant deficiencies, including an inadequate transaction monitoring system. Among other things, the platform failed to timely transition its manual system to an automated transaction monitoring system, which was unacceptable for a program of its size, customer profiles, and transaction volumes, and did not devote sufficient resources to adequately address risks. The Department also found “critical failures” in the platform’s cybersecurity program, which failed to address operational risks, and that specific policies within the program did not fully comply with several provisions of the Department’s cybersecurity and virtual currency regulations. According to the press release, pursuant to NYDFS’s Transaction Monitoring Regulation and Cybersecurity Regulation, companies should only file a Certificate of Compliance with the Department if their programs are fully compliant with the applicable regulation.
In light of the program’s deficiencies, NYDFS stated that the platform’s 2019 certifications to the Department attesting to compliance with these regulations should not have been made and thus violated the law. The platform also “failed to comply with the Supervisory Agreement by failing to promptly notify the Department of (a) actual or material potential actions, proceedings, or similar process that were or may have been instituted against [the platform] or any affiliated entity by any regulatory body or governmental agency; and (b) of the receipt by [the platform], or any affiliated entity, of any subpoena from any regulatory body or governmental agency in which [the platform], or any affiliated entity, was the target of the investigation.” NYDFS determined that in addition to the penalty, the platform will be required to retain an independent consultant that will perform a comprehensive evaluation of its compliance with the Department’s regulations and the platform’s remediation efforts with respect to the identified deficiencies and violations.
A Buckley Special Alert is forthcoming.
Recently, the Connecticut Department of Banking (Department) issued an advisory on money transmission, providing general guidance on what types of activities and entities must be licensed. According to the advisory, transmission can occur whenever “a person takes possession or control of monetary value belonging to another person” and holds it for a period of time, or transmits it to a third party. The Department noted that “[t]he increased use of technology to enable immediate payment mechanisms, as well as the explosion of virtual currency, has caused significant disruption to traditional money transmission systems.” The Department also acknowledged that many consumers do “not realize or understand the regulatory landscape that applies” to using money transmitters. Among other things, the advisory listed entities that traditionally provide transmission services like bill payers, payroll processors, and issuers and sellers of prepaid cards and money orders. The advisory also discussed Connecticut’s license application and penalties for unlicensed transmission, explaining that licensure goes through the Nationwide Multistate Licensing System and involves disclosing pertinent information concerning all “control persons.”