Inside Bitcoins_Shapiro


Published on


Published in: Economy & Finance, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Inside Bitcoins_Shapiro

  1. 1. WASHINGTON, D.C. ATLANTA BRUSSELS DENVER DUBAI HONG KONG LONDON MILAN NEW YORK PARIS SAN FRANCISCO SINGAPORE SYDNEY TOKYO TORONTO A Practical Guide to Bitcoin Regulation & Compliance Bill Haraf Managing Director Adam Shapiro Director December 10, 2013 © 2013 Promontory Financial Group, LLC. All rights reserved.
  2. 2. Today’s Regulatory Environment • Innovator culture vs. Regulator culture o Speed and creativity vs. caution and controls o Increased regulatory skepticism about benefits of innovations, particularly post financial crisis • Financial institutions and markets are under more scrutiny than ever before o In addition to safety and soundness, high level of oversight of BSA compliance, data security, consumer protection, third party vendor relationships, agency relationships, fairness and privacy programs o Compliance programs are being held to “six sigma” standards o Very large fines for BSA/OFAC violations • These considerations have made banks and other FIs cautious about accepting “high risk customers” such as digital currency firms © 2013 Promontory Financial Group, LLC. All rights reserved. 2
  3. 3. Impact on Digital Currency Ecosystem • Digital currencies are now receiving a high level of attention in Washington DC and across the states o From policymakers, regulators and law enforcement o Key states such as California and New York getting close to decisions about how to regulate digital currencies • Current posture, generally speaking, is “watchful waiting” o Don’t stifle innovation, but be cautious about potential risks and benefits o E.g., Homeland Security & Banking Committee hearings last month • Belief that the current regulatory framework can be adapted to accommodate without major modifications, perhaps with definitional changes o Money transmitter rules, futures and forwards, market making and dealing, securities issuance © 2013 Promontory Financial Group, LLC. All rights reserved. 3
  4. 4. Regulatory Risk Management • Are you currently doing business in the U.S. and/or with U.S. customers? • Could your business be subject to licensing and/or registration requirements? • If so, are you taking regulatory and/or legal risk that can potentially put your business in jeopardy and subject you to criminal sanctions? • How much regulatory risk do you want to take? You can argue that your business doesn’t require licensing and/or registration, but the regulators’ views will generally prevail in the courts • Potential for personal liability, especially if law enforcement discovers unlawful activity • Do you think your company’s future is brighter as a component of mainstream finance or outside of it? © 2013 Promontory Financial Group, LLC. All rights reserved. 4
  5. 5. Licensing – Strategic Considerations • Access to capital and banking relationships are critical success factors for digital currency firms, but often difficult, at least today, to achieve o Some banks are willing to provide services, as long as potential partner firms have licenses or have started the licensing process o Some larger investors now requiring licensing plans as a condition of investment – heightened concern about personal liability of directors • A license can be a “Good Housekeeping Seal of Approval” o Demonstrates approvable financial and managerial resources and attentiveness to an appropriate control environment o The process can be onerous, but considerations are appropriate for a company handling “other people’s money” o Can protect your company from reputational damage caused by the unlawful actions of unlicensed actors • So what does the licensing application look like, and how is it judged? © 2013 Promontory Financial Group, LLC. All rights reserved. 5
  6. 6. The Money Transmitter License Application • Requirements vary state-by-state, but key components include: o Background and qualifications of management, board and major shareholders o A Business Plan o Flow-of-Funds descriptions/diagrams o Financial resources and stability of company, both now and against strategic plans o Descriptions of actual/planned systems and controls, particularly those focused on:  Protection of customer funds  Anti money laundering (“AML”) and sanctions compliance  Privacy and data security • The licensing application decision process involves regulatory judgment – not everything is black & white © 2013 Promontory Financial Group, LLC. All rights reserved. 6
  7. 7. Successfully Transitioning to Regulation • Firms that are successful in minimizing regulatory concerns: o Understand the public policy concerns regulators have in relation to digital currencies and can articulate how the firm addresses them o Devote resources and management time to the application process o Set a positive tone for the regulatory relationship from the outset o Invest appropriately in compliance staff and systems based on size and activities  Key areas of regulatory focus currently are BSA/AML and protection of customer funds o Ensure that all employees recognize:  The importance of compliance  The need for greater process formality, documentation and recordkeeping in areas of regulatory focus o Maintain good relationships with regulators and avoid “surprises” © 2013 Promontory Financial Group, LLC. All rights reserved. 7
  8. 8. Effective Compliance Programs • BSA/AML Programs • Industry-wide BSA/AML Challenges • Other Significant Compliance Issues © 2013 Promontory Financial Group, LLC. All rights reserved. 8
  9. 9. The Four Pillars of BSA/AML Programs • Internal controls based upon the MSB’s risk assessment, which are designed to detect and deter money laundering and terrorist financing • A designated BSA/AML compliance officer with the stature and qualifications to implement and supervise the BSA/AML Program • Independent testing of the MSB to measure compliance with the BSA • Evidence of BSA/AML training for appropriate personnel © 2013 Promontory Financial Group, LLC. All rights reserved. 9
  10. 10. Key Resources • BSA/AML Examination Manual for Money Services Businesses (Financial Crimes Enforcement Network (“FinCEN”), 2008) • BSA/AML Examination Manual (Federal Financial Institutions Examination Council, 2010). Applicable to banks rather than MSBs, but useful for requirements related to Office of Foreign Assets Control (“OFAC”) compliance and more generally for best practices, particularly in relation to: o BSA/AML Risk Assessment o Customer Identification Program o Customer Due Diligence • Risk-Based Approach: Guidance for Money Service Businesses (Financial Action Task Force, July 2009) • FinCEN and OFAC websites ( and © 2013 Promontory Financial Group, LLC. All rights reserved. 10
  11. 11. Key BSA/AML Controls – Program • Written policy/program (and associated procedures) • Risk assessment o Inherent Risk o Quality of Controls and Residual Risk o Proposed Corrective Action/Enhancements • Staffing • Documentation (if it’s not written down, it didn’t happen) • Risk-based training o Baseline training for all staff, contractors and board members o More detailed training for people with key roles implementing the program o Evidence of materials and completion • Governance and oversight o o o o QA and monitoring Escalation and whistleblowing Reporting and action tracking Tone at the top © 2013 Promontory Financial Group, LLC. All rights reserved. 11
  12. 12. Key Controls – Know Your Customer (“KYC”) • Customer Identification and Verification o Scope of program:  All customers?  Legal minimum?  Somewhere in between (FATF best practice)? o Cost effective verification:  Automation  What to do about potential customers that don’t pass • OFAC/Economic Sanctions o Applies regardless of regulated status o Broader than KYC (e.g. transaction parties, staff, contractors etc.) o Real-time compliance • Customer Due Diligence/Enhanced Due Diligence o Ambiguous application to MSBs… o … but clearly justified on a risk-based basis o FFIEC Manual for banks helps with best practices © 2013 Promontory Financial Group, LLC. All rights reserved. 12
  13. 13. Key Controls – Transaction Monitoring and Investigations • Transaction Monitoring o Both automated and manual o Key typologies include:  Patterns/smurfing  Unusually large transactions  Structuring  Indications of illicit activity o Leveraging the block chain o Controls over changes to monitoring thresholds • Investigations o Investigate all alerts and referrals o Review affected customer(s) wider activity for related/similar transactions o If found not to be suspicious, document the reason o If suspicious, file a Suspicious Activity Report within 30 days of detection of the fact pattern © 2013 Promontory Financial Group, LLC. All rights reserved. 13
  14. 14. Key Controls – Reporting, Recordkeeping and Information Sharing • Suspicious Activity Reporting • Currency Transaction Reporting and Currency or Monetary Instruments Reporting (not relevant to many Bitcoin business models) • Funds Transfer Recordkeeping • The Travel Rule – not designed with Bitcoin and digital currencies in mind! • Foreign Bank and Financial Accounts Reporting • Subpoena handling and other government requests • 314(b) Information Sharing (at last something that is optional) © 2013 Promontory Financial Group, LLC. All rights reserved. 14
  15. 15. Know Your Counterparty – Bitcoin’s Major BSA/AML Challenge • U.S. authorities believe that firms need counterparty information for effective transaction monitoring and OFAC compliance • U.S. expects major payments systems to provide – or make available – beneficiary and originator information to all financial institutions involved in the payment chain (e.g. SWIFT messaging changes) • Choice for the Bitcoin community – define a workable way to achieve this or risk having an unworkable one imposed for U.S.-related business • Real tensions between BSA/AML expectations on the one hand and privacy concerns on the other. Needs careful thought: o A good first step – sharing of non-personally identifiable information o Ability to tag wallets (hosted or independent) as Identity Verified o No transmission of identity information – firms can pull as required o Firms store information only when required by recordkeeping requirements © 2013 Promontory Financial Group, LLC. All rights reserved. 15
  16. 16. Other Key Compliance Issues • Consumer Compliance o Regulation E (and consumer expectations) o Fees, disclosures and receipts o Consumer understanding and market risk • Information Security & Privacy o Safeguarding of customer funds and privacy of consumer information critical both to regulatory acceptance and consumer adoption o Current wave of hacks and thefts unhelpful to both causes o Incumbent on firms to demonstrate • Compliance beyond money transmission o Futures and other derivatives o Securities o Lending o Fractional reserve banking © 2013 Promontory Financial Group, LLC. All rights reserved. 16
  17. 17. Regulatory Examinations • Frequency and rigor of examination of small firms is less than for large financial institutions o Several year cycle typical o Multi-state (but not all states) coordination process o Process: o Document request o Onsite exam o Exit meeting o Written findings o 4 “Cs” of regulatory communication: o Candor o Coherence o Consistency o Courtesy © 2013 Promontory Financial Group, LLC. All rights reserved. 17
  18. 18. Thank You! Questions? Bill Haraf Managing Director Adam Shapiro Director © 2013 Promontory Financial Group, LLC. All rights reserved. 18