Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 28, the Financial Action Task Force (FATF) updated pre-existing guidance on its risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The updated guidance revises guidance originally released in 2019. According to FATF standards, countries are required to “assess and mitigate their risks associated with virtual asset financial activities and providers; license or register providers and subject them to supervision or monitoring by competent national authorities.” The guidance includes updates on certain key areas, such as: (i) expanding the definitions of VAs and VASPs; (ii) applying FAFT standards to stablecoins; (iii) adding guidance regarding the risks and the tools available to countries for the purpose of addressing money laundering and terrorist financing risks for peer-to-peer transactions; (iv) revising VASP licensing and registration guidance; (v) adding guidance for the public and private sectors on the implementation of the “travel rule”; and (vi) adding a section for principles of information-sharing and co-operation amongst VASP Supervisors. FATF also noted that the “guidance addresses the areas identified in the FATF’s 12-Month Review of the Revised FATF Standards on virtual assets and VASPs requiring further clarification and also reflects input from a public consultation in March - April 2021.”
Recently, the California Department of Financial Protection and Innovation (DFPI) released two new opinion letters covering aspects of the California Money Transmission Act (MTA) related to bitcoin automated teller machines (ATMs) and kiosks and the Agent of Payee exemption.
- Bitcoin ATM Kiosk. The redacted opinion letter explains that the sale and purchase of bitcoin through ATMs/kiosks described by the inquiring company is not activity that is subject to licensure under the MTA. DFPI states that the customer’s purchase of bitcoin directly from the company “does not involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.” In each instance, the transaction would only be between the customer using the ATM/kiosk and the company, the bitcoin would be sent directly to the customer’s virtual currency wallet, no third parties are involved in the transmission, and the company does not hold digital wallets on behalf of customers. DFPI reminds the company that its determination is limited to the presented facts and circumstances and that any change could lead to a different conclusion. Moreover, the letter does not relieve the company from any FinCEN or federal regulatory obligations.
- Agent of Payee Exemption. The redacted opinion letter analyzes a proposed future service to be provided by the inquiring company and determines whether the service meets the agent of payee exemption from the MTA. The company and its global affiliates “provide a global, fully integrated suite of back-end service, including sales compliance management, fraud prevention, risk management, tax and regulatory fee calculation, billing optimization, and remittance services to manufacturers, merchants, and retailers” (collectively, “brands”) that want to sell or license products and services to shoppers. The company proposes a future service, which will allow brands to sell products directly to shoppers and transfer the products to the shoppers. The company will not take title to or purchase the products and will continue to provide its suite of back-end services including payment processing, tax and regulatory fees calculations, and refund processing. The company’s contracts with the brands appoint the company as the agent of the brands for facilitating product sales and receiving payments and funds from shoppers. Agreements will also be entered between the company and the shoppers with terms that state a shopper’s payment to the company is considered payment to the brand, which extinguishes the shopper’s payment liability. The company will accept funds for the sale of products on behalf of the brands, and at the conclusion of the sale, will settle the funds paid by the shoppers and remit sales taxes to the appropriate authorities. The company will be the entity responsible for paying and reporting taxes accrued by the sales to shoppers.
DFPI states that the company will “receive money for transmission,” thus triggering the license requirement in the MTA, by receiving funds from the shoppers in the sales transactions. However, the company qualifies for the Agent of Payee exemption because the company will be the recipient of money from the shoppers as an agent of the brands pursuant to a written contract, and payments from the shoppers to the company as the agent will satisfy the shoppers’ payment obligation to the brands. DFPI further notes that refunds facilitated by the company on behalf of the brands will be a reversal of the original transactions with the shoppers, and therefore will not require licensure. Finally, DFPI notes that by contract, the company will be legally responsible for paying local sales taxes on transactions. According to the agreement, because the company will pay taxes on its own behalf, and will not be paying taxes owed by the shoppers, its tax payments will not constitute money transmission. DFPI reminds the company that its determination is limited to the presented facts and circumstances and that any change could lead to a different conclusion.
On October 22, the Financial Action Task Force (FATF) announced that it concluded its October plenary, which is the sixth session since the beginning of the Covid-19 pandemic. According to the announcement, utilizing a hybrid approach of both virtually and in-person participation, FATF “advanced its core work on virtual assets, beneficial ownership transparency, and illicit finance risks.” Among other things, the FATF: (i) approved an updated version of its Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers for publication; (ii) proposed changes to beneficial ownership standards; (iii) approved the commencement of a study on Illicit Proceeds Generated from the Fentanyl and Related Synthetic Opioids Supply Chain; (iv) adopted an update to its 2016 confidential report on terrorist financing risk indicators; and (v) issued a statement regarding Afghanistan that reaffirmed the “United Nations Security Council Resolutions that Afghanistan should not be used to plan or finance terrorist acts, emphasiz[ing] the importance of supporting the work of non-governmental organizations in the country and maintaining the flow of humanitarian assistance to the Afghan people, and for governments to facilitate information sharing with their financial institutions on any emerging illicit finance risks related to Afghanistan.”
On October 15, the U.S. Treasury Department announced additional steps to help the virtual currency industry combat ransomware and prevent exploitation by illicit actors. The guidance builds upon recent “whole-of-government” actions focused on confronting “criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement.” (Covered by InfoBytes here.) The newest industry-specific guidance—part of the Biden administration’s efforts to counter ransomware threats—outlines sanctions compliance best practices tailored to the unique risks associated with this space. According to Treasury, there is a “need for a collaborative approach to counter ransomware attacks, including public-private partnerships and close relationships with international partners.”
The same day, the Financial Crimes Enforcement Network (FinCEN) released new data analyzing ransomware trends in Bank Secrecy Act reporting filed between January 2021 and June 2021. The report follows FinCEN’s government-wide priorities for anti-money laundering and countering the financing of terrorism priorities released in July (covered by InfoBytes here). Issued pursuant to the Anti-Money Laundering Act of 2020, the report flags “ransomware as a particularly acute cybercrime concern,” and states that in the first half of 2021, FinCEN identified $590 million in ransomware-related suspicious activity reports (SARs)—an amount exceeding the entirety of the value report in 2020 ($416 million). If this trends continues, FinCEN warns that ransomware-related SARs submitted in 2021 will have a higher transaction value than similar SARs filed in the previous 10 years combined. FinCEN attributes this uptick in activity to several factors, including an increasing overall prevalence of ransomware-related incidents, improved detection and incident reporting, and an increased awareness of reporting obligations and willingness to report by financial institutions.
In conjunction with the “growing prevalence of virtual currency as a payment method,” Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions compliance guidance for companies in the virtual currency industry, including technology companies, exchangers, administrators, miners, wallet providers, and financial institutions. OFAC warned that “sanctions compliance obligations apply equally to transactions involving virtual currencies and those involving traditional fiat currencies,” and that participants “are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions.” Among other things, the guidance will assist participants on ways to evaluate risks and build a risk-based sanctions compliance program. OFAC also updated related FAQs 559 and 646.
On October 6, the DOJ announced the launch of the National Cryptocurrency Enforcement Team (NCET), which will focus on addressing “complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.” According to the DOJ, the NCET will combine “the expertise of the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section (MLARS), Computer Crime and Intellectual Property Section (CCIPS) and other sections in the division, with experts detailed from U.S. Attorneys’ Offices.” Among other things, the NCET will: (i) develop strategic priorities for investigations and prosecutions involving cryptocurrency; (ii) identify areas for increased investigative and prosecutorial focus; (iii) develop and maintain relationships with federal, state, local, and international law enforcement agencies involved in cryptocurrency cases; (iv) train federal prosecutors and law enforcement agencies in investigative and prosecutorial strategies; and (v) coordinate with private sector actors in cryptocurrency matters. In announcing the program, Deputy Attorney General Lisa Monaco stated that “[a]s the technology advances, so too must the Department evolve with it so that we’re poised to root out abuse on these platforms and ensure user confidence in these systems.”
Recently, the California Department of Financial Protection and Innovation (DFPI) released several new opinion letters covering aspects of the California Money Transmission Act (MTA) related to virtual currency and agent of payee rules. Highlights from the redacted letters include:
- Agent of Payee – Fund Transfers in Connection with Real Estate Closing Transactions. The redacted opinion letter reviewed whether a company—licensed as a money transmitter in several states, including California, and registered with FinCEN as a money services business—is eligible for the agent-of-payee exemption under the MTA. The company proposes to “facilitate fund transfers in connection with real estate closing transactions” during which it “will be authorized to receive real estate closing funds on behalf of its customer (the seller of real estate).” The payment funds will first flow from the buyer of real estate to the company via the buyer’s lawyer or title company, and then from the company to the seller after the company converts the funds from U.S. dollars to another currency. By providing these services, the company, as the seller’s agent, will receive money from the buyer pursuant to a preexisting written contract between the company and the seller. DFPI concluded that “[t]o the extent these fund transfers take place in California or are with, to, or from persons located in California, [the company’s] services constitute “receiving money for transmission” because [the company] receives money from the buyer for transfer to the seller.” However, DFPI noted that a provision in the written contract, which appoints the company as the agent of the seller when the seller is located in California, allows the company’s services to satisfy the requirements of the agent-of-payee exemption in Financial Code section 2010, subdivision (l). The agent-of-payee exemption, DFPI stressed though, does not apply to sellers outside of California.
- Bitcoin ATM Kiosk. Two redacted opinion letters (see here and here) examined whether the sale and purchase of bitcoin through ATMs/kiosks described by the companies is subject to licensure under the MTA. In each instance, the transaction will only be between the consumer using the ATM/kiosk and the company, the transaction will be completed instantly without involving third parties, and any bitcoin sold will be provided from the company’s own inventory. Moreover, the letters state that the companies do not hold virtual currency on behalf of customers nor do they act in a fiduciary capacity. Because the companies’ activities are limited to selling bitcoin, DFPI determined that an MTA license is not required because the activities “do not involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.” DFPI reminded the companies that its determination is limited to the activities specified in the letters and does not relieve them from any FinCEN, federal, or state regulatory obligations.
On July 29, NYDFS announced in an industry letter that it will start collecting gender, racial, and ethnic board and management composition data as of December 31, 2019 and 2020 from state-regulated (i) banking institutions with over $100 million in assets; (ii) non-depository financial institutions with over $100 million in gross revenue; and (iii) entities authorized to engage in virtual currency business activities. Citing its authority under Banking Law 37(3) to “require any banking organization to make special reports to her at such times as she may prescribe,” the Superintendent stated NYDFS plans to collect data over late summer and will publicly publish findings on an aggregate basis in the first quarter of 2022. The results will be categorized by institution type and other relevant factors to “allow firms to assess where they stand relative to their peers” and hopefully “raise the bar for the entire industry.” In the future, the NYDFS would consider collecting and disclosing similar information, “including on a more granular basis.” The letter also set out the NYDFS’ expectation that institutions would (i) make the diversity of their leadership “a business priority and integrate it into their corporate governance”; (ii) “pay close attention to their talent pipeline of future diverse leaders, in addition to the diversity of its affiliates”; and (iii) “view diversity like other strategic priorities.”
Recently, California’s Department of Financial Protection and Innovation (DFPI) released a new opinion letter covering aspects of the California Money Transmission Act (MTA) related to certain cryptocurrency activities. According to the letter, the requesting company intends to provide an internet-enabled peer-to-peer (P2P) marketplace for the purchase and sale of certain decentralized digital currencies. The P2P marketplace will enable buyers and sellers of the specified cryptocurrency “to connect and arrange for the direct settlement of purchases and sales between such users” through a variety of means, such as bank transfers, gift cards, money transmission, debit card, credit card, among others. Additionally, the company’s P2P marketplace will allow customers to (i) buy goods or services with the specified cryptocurrency from unaffiliated, third-party online retailers who accept that cryptocurrency as a form of payment; (ii) exchange their cryptocurrency for the rights to a US dollar-backed stablecoin; and (iii) remit funds in different currencies, including foreign currency. The company emphasized that it will “not collect, store, or transmit any digital or fiat currency” in any of its four proposed products. DFPI concluded that the Delaware company’s proposed services are not subject to licensing under the MTA, explaining that the sale and purchase of cryptocurrency directly between two parties, in which the company does not facilitate the exchange of the fiat currency or the cryptocurrency, does not meet the definition of money transmission. Likewise, the company’s other proposed products do not constitute money transmission either. DFPI reminded the company, however, that its determination is limited to the facts as presented and that at any time DFPI may determine that the activities are subject to regulatory supervision. Moreover, the letter does not relieve the company from any FinCEN or federal agency obligations.
On June 25, the U.S. Treasury Department announced that the Financial Action Task Force (FATF) concluded its fourth plenary meeting, in which it “advanced its core work on virtual assets, proliferation finance, digital transformation, and peer member assessments.” Among other things, FATF finalized and adopted guidance on proliferation financing risk and mitigation. FATF also completed a second 12-month review on how well jurisdictions and the private sector have implemented anti-money laundering/combating the financing of terrorism (AML/CFT) obligations on virtual assets and virtual assets service providers (VASPs). FATF found that jurisdictions and the VASP sector continue to make progress implementing the revised standards, but that “weak or non-existent AML/CFT implementation in many countries remains a key source of risk.” Additionally, FATF completed a report examining the financing of racially or ethnically motivated violent extremists, completed a report on money laundering risks arising from conservation crimes, and adopted mutual evaluation reports on Japan and South Africa that provide assessments of both countries’ “AML/CFT and counter-proliferation financing legal frameworks as well as the measures in place to implement these frameworks effectively.”
On June 16, Chairwoman of the House Financial Services Committee Maxine Waters (D-CA) announced the organization of the “Digital Assets Working Group of Democratic Members” to develop “legislation and policy solutions” on issues emerging in the digital asset space, including those related to (i) the regulation of cryptocurrency; (ii) the use of blockchain and distributed ledger technology; and (iii) the potential development of a U.S. central bank digital currency (see InfoBytes coverage on matters related to a CBDC here). During the first hearing held by the Task Force on Financial Technology, Waters stated that the working group will “focus on making sure there is responsible innovation in the cryptocurrency and digital asset space,” noting that “[a]s cryptocurrencies, central bank digital currencies and other digital assets enter the mainstream, the Committee will look at how digital assets have begun to enter many aspects of our lives—from payments to investments to remittances—and consider how to devise legislation to support responsible innovation that protects consumers and investors while promoting greater financial inclusion.”
- Jonice Gray Tucker to discuss “Getting your company ready: Managing fair lending for IMBs” at the Mortgage Bankers Association Independent Mortgage Bankers Conference
- Jonice Gray Tucker to discuss “Be Your Compliance Best in 2022” at the California Mortgage Bankers Association webinar
- Lauren R. Randell to discuss “Significant legal developments in the Northeast” at the 37th Annual National Institute on White Collar Crime
- Jonice Gray Tucker to discuss “Small business & regulation: How fair lending has evolved & where it is heading?” at the Consumer Bankers Association Live program
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek
- Jonice Gray Tucker and Kari Hall to discuss “Equity, equality, regulation and enforcement – The evolving regulatory landscape of fair lending, redlining, and UDAAP” at the ABA Business Law Committee Hybrid Spring Meeting