“BSA/AML Considerations for Digital and Virtual Currencies”
General Counsel and CCO
Circle Internet Financial, Inc.
“BSA/AML Considerations for Digital
and Virtual Currencies”
Squire Patton Boggs
June 24-25, 2014
Tweeting about this conference?
Deputy General Counsel
Payward, Inc. (Kraken)
• Key Questions
• Am I an MSB under the BSA?
• 7 categories including money transmitter
• Do I fall under any exemptions?
• 6 exemptions under the BSA
• If so, what do I need to do to comply with my AML obligations?
“Digital currencies are just a financial service and those who deal in them are a
financial institution. Any financial institution and any financial service could
potentially pose an AML threat. It depends on whether folks have the controls in
place to deal with those money laundering threats and that they are meeting their
AML reporting obligations.”
– Jennifer Shasky Calvary, FinCEN Director
• Regulators’ focus is the on and off ramps for Bitcoin to fiat
• Concern is use of digital currency for money laundering
and terrorist financing due to anonymous nature and
inability to understand counterparties
• Law enforcement is blind to Bitcoin benefits (their mission
is to follow the money and catch criminals no matter what
tool is used)
• FinCEN guidance on March 18, 2013
• Interpretive guidance – not a new “rule-making”
• Focused on transfers to/from fiat into digital currency
• Defined administrators and exchangers (“users” are exempt)
• More guidance was issued in January 2014 relating to
miners and investors
• Open issues and additional guidance:
• Travel Rule
• Guidance/regulations from OFAC, SEC, CFPB, CFTC, &FFIEC
• State money transmitter statutes/regulations
• International regulations
A Whole New Vernacular
• “Real currency” - the coin and paper money of the United States or of any other country
that [i] is designated as legal tender and that [ii] circulates and [iii] is customarily used and
accepted as a medium of exchange in the country of issuance.
• “Virtual currency” - a medium of exchange that operates like currency in some
environments, but does not have all the attributes of real currency. In particular, virtual
currency does not have legal tender status in any jurisdiction.
• “Convertible virtual currency” - a type of virtual currency that either has an equivalent
value in real currency, or acts as a substitute for real currency.
• “User” - A user is a person that obtains virtual currency to purchase goods or services.
• “Exchanger” - An exchanger is a person engaged as a business in the exchange of virtual
currency for real currency, funds, or other virtual currency.
• “Administrator” - A person engaged as a business in issuing a virtual currency and who has
authority to redeem such virtual currency, i.e. release and withdraw from circulation.
• “Centralized virtual currency” - A convertible virtual currency having a centralized
• “Decentralized virtual currency” - A convertible virtual currency (1) that has no central
repository and no single administrator, and (2) that persons may obtain by their own
computing or manufacturing effort.
John A. Beccia
General Counsel and Chief Compliance Officer
Circle Internet Financial, Inc.
• First determine if you are a regulated entity or whether you are exempt
• Understand where your customer is located and that you are in
compliance with laws of those jurisdictions
• Firms that are treated as money transmitters must comply with FinCEN
guidance and relevant state money transmitter laws
• Companies must have an AML program that includes:
• Know Your Customer (KYC) procedures
• Transaction monitoring
• Regulatory reporting (SARS)
• Uncertain guidelines make it difficult to operate in certain jurisdictions,
evaluate new products and services and form strategic partnerships
Compliance Program Checklist
Establish a strong tone at the top and commitment to compliance
Appoint a compliance officer to ensure that you have adequate resources
Prepare risk assessments for customers, products and services
Develop policies and procedures that outline roles and responsibilities
Conduct training and communicate frequently about risks
Establish regulatory change management program to track new regulations
(coordinate with industry groups such as DATA and Bitcoin Foundation)
Audit programs at least annually (further testing may be needed)
Create procedures for exceptions and escalating risk incidents
Develop relationships with regulators, prepare for examinations.
Provide ongoing reports to management, boards, and investors.
Four Pillars of an AML Program
• Customers provide insufficient, incomplete or suspicious information
that can not be verified
• Customers or transactions in high risks geographic regions
• Certain patterns of transaction activity (volumes, velocity, structure,
• Attempts for single user to purchase/sell digital currency from
numerous different bank accounts
• Anything that doesn’t pass the smell test
Directors and Officers: When
Are They at Risk for AML/BSA
Squire Patton Boggs, LLP
2550 M. St., N.W.
Washington, D.C. 20037
What is the climate?
•Decreasingly less Tolerance for
•Go After Individuals Who Either
Engage in Criminal Activity, or Who
Could Have, But Failed to, Prevent
Congressional Oversight Intensifies
• Senate Banking Committee hearing March 7th
Comptroller of the Currency, Hon. Thomas J. Curry
Treasury Undersecretary for Terrorism and Financial
Intelligence, Hon. David Cohen
Governor, Board of the Federal Reserve, Hon. Jerome
Chairman Tim Johnson (D –
• Chairman’s opening remarks:
“The government depends on bank compliance programs to detect
and prevent money laundering... And [as] the recent major penalty
cases [show], U.S. banks failed to deal effectively with funds from
non-U.S. banks or affiliates... How can we ensure uniform
compliance and enforcement of U.S. and international rules?”
“We should consider today the full range of remedies in cases like
these including BSA injunctions from the industry [for] those
individuals who violate the rules...”
ARE REGULATORS FOCUSED ONLY ON
Testimony of the Comptroller, Tom Curry:
“Although many of our recent enforcement actions have
involved large banks, BSA is an issue for institutions of all sizes.
In fact, as large banks improve their BSA/AML programs and
jettison higher risk lines of business, we are concerned that
money-launderers will migrate to smaller institutions.”
SEC - Mary Jo White
“Another core principle of any strong enforcement
program is to pursue responsible individuals
wherever possible. That is something our
enforcement division has always done and will
continue to do. Companies, after all, act through
their people. And when we can identify those
people, settling only with the company may not be
sufficient. Redress for wrongdoing must never be
seen as ‘a cost of doing business’ made good by
cutting a corporate check.”
OCC -- Chairman Curry
“We believe at the OCC that you need to hold CEOs and
the boards of directors accountable for BSA/AML policies
and procedures and their compliance program.”
“we are looking at our authority under Section 8 of the
FDIC Act to actually remove from office or prohibit from
banking those individuals that violate BSA programs. So we
are looking to try to tighten up the legal duties and
authorities of individuals at banks and then to enable us to
take an appropriate level at the civil, administrative level,
and potentially to assist the criminal authorities.”
Enforcement Actions outside
the virtual currency context
Highly Publicized Consent Orders:
• JP Morgan Chase (January 2013)
• Citibank (April 2012)
• HSBC (October 2010)
• Bank of Montreal (April 2013)
Recent OCC Enforcement
• JPMC Bank, N.A., Columbus, Ohio (January 2013):
Insufficient internal controls, independent testing, customer
due diligence, risk assessment, and SAR processes
(monitoring, investigating, and decision-making)
Lack of enterprise-wide policies and procedures to ensure
foreign branch suspicious activity involving customers of
other bank branches was effectively communicated to other
affected branch locations and AML operations staff
Lack of enterprise-wide policies and procedures to ensure
that, on a risk basis, customer transactions at foreign
branches were assessed, aggregated, and monitored.
• Failure to maintain adequate BSA compliance
program, file SARs, and conduct appropriate due
diligence on foreign correspondent accounts
ensure independence of AML compliance staff;
ensure clear lines of authority and responsibility for
BSA/AML and OFAC compliance with respect to lines of
business and corporate functions;
require new products and services be subject to high level
ensure all customer due diligence processes are automated
and accessible; and
conduct look back of certain account/transaction activity and
• Five Directors & Executive Officers of Security Bank,
N.A., North Lauderdale, Florida (January 2013)
2010 C&D Order - safety and soundness and BSA
deficiencies, including inadequate AML program and SAR
Former officers and directors failed to ensure bank complied
with BSA/AML requirements and failed to comply with May
2010 C&D Order
Directors approved appointment of Secretary of Board who
previously had been convicted of tax evasion, a violation of
Former CEO brought high risk business to Bank knowing it
was ill-equipped to monitor and control the accounts.
• Directors & Officers of Security Bank
Civil Money Penalties assessed against each director & officer
between $8,500 and $20,000.
Personal C&D Orders requiring each director and officer to:
(i) notify any depository institution of the C&D Order prior
to accepting any position
(ii) notify OCC each time application is made for employment
with a depository institution
(iii) obtain “appropriate” BSA / AML training; and
(iv) provide “appropriate” BSA / AML training for bank
officers and directors within the individual’s
supervision and control.
FIRST BANK OF DEL., WILMINGTON (NOV. 2012).
Bank failed to adequately oversee MSB and third
party payment processor relationships and related
programs (e-payments) and services.
Concurrent Civil Money Penalties of $15 million
Bank assets sold and its charter revoked by
Delaware Bank Commissioner
“To make money, First Bank of Delaware entered into
risky lines of business and chose to disregard its [BSA]
responsibilities. As a result of its failure to implement
systems and controls to identify and report suspicious
activities, as required by the BSA, financial predators
were able to victimize consumers.”
• AML Compliance Officer
− Failed to effectively provide day to day
management of BSA/AML compliance program
in light of risk profile and volume of activity
− No notification of Board and personnel of
− Failure to escalate – shortcomings of monitoring
FINRA Enforcement Actions
• FINRA Rule 3310 (2002) - minimum standards for
AML compliance programs for broker-dealers
consistent with BSA: follows four pillars.
• FINRA stepping up enforcement of AML violations:
in 2012, 49 enforcement actions against broker-
dealers for AML violations
reflects a 36% increase from the 36 AML-related cases
concluded in 2011
Increased Attention on Management
“We believe at the OCC that you need to hold CEOs and the boards of
directors accountable for BSA/AML policies and procedures and their
“Most of the problems we find in BSA/AML programs are attributable to
the following root causes:
- the strength of an institution's compliance culture;
- its willingness to commit sufficient resources;
- the strength of its information technology and monitoring processes;
- its risk management.
The health of a bank's culture starts at the top. And so it's important that senior
management demonstrate a commitment to BSA/AML compliance. Employees
need to know BSA compliance is a management priority and that the
compliance function will receive the resources it needs to succeed, including
training and first-rate information technology.”
New Enforcement Mechanism at
• Major Matters Supervision Review Committee
established by the Comptroller in late 2012 to review all large bank
enforcement actions including BSA violations, BSA CMPs involving large
banks, and all prohibitions/removals against individuals for BSA
five members chaired by OCC’s Senior Deputy Comptroller for Bank
Supervision Policy and Chief National Bank Examiner (currently, John C.
other members include: the Chief of Staff; the Senior Deputy
Comptrollers for Bank Supervision Policy and Community Bank and
Large Bank Supervision; and the Chief Counsel.
New Guidelines Forthcoming on Corporate
Governance Impacting BSA/AML Compliance
“The OCC is in the process of drafting detailed guidance to
banks on sound corporate governance processes...
including business line accountability for BSA/AML
compliance and the independence of the compliance
Written Testimony of the Comptroller.
Possiblenew legislationintroducedSept. 16,
2013by Rep. Waters
• A clear shot across the bow of directors and officers:
• (7) Without serious consequences for institutions and individuals
who fail to protect financial institutions from illicit financial activity
– including significant fines, banning individuals from the industry,
and prison sentences for those who seek to actively evade anti-
money laundering controls, financial institutions and individuals
will continue to avoid compliance with U.S. anti-money laundering
rules and regulations.
• (8) Effective anti-money laundering programs must emphasize
sound corporate governance including business line accountability
and clear lines of legal responsibility for individuals, including board
members and chief executive officers.
Overview of allegations involving digital
• Liberty Reserve Indictment
• Mt. Gox seizure warrant
• Silk Road
• Allegations by the Government in miscellaneous
cases involving bitcoin
• Future outlook
• $6 billion money laundering scheme
• 7 owners and associates indicted
• Liberty Reserve was incorporated in Costa Rica in
• At least 200,000 customers in the U.S
• Processed more than 12 million transactions annually
• Not registered in the U.S. as a money-transmitting
Allegations and Legal
Allegations that the system was designed to attract criminals and criminal
activity through the website
Money Laundering under 18 USC 1956-1957
Conspiracy to operate an unlicensed money transmitting
business under 18 U.S.C. 371
“Operation of” an unlicensed money transmitter business
under 18 U.S.C 1960
Injunction against continued use of the webservice
The charging document in this case contains allegations relating
to the following offenses:
(Ct. 1) conspiracy to commit money laundering: an
illegal agreement, plus an overt act.
(Ct. 2) conspiracy to operate an unlicensed money
(Ct. 3) operation of an unlicensed money transmitter
Count 1: 18 U.S.C. 1956(h)
One simple element: an agreement to engage in money laundering.
Penalty: the same as the offense which is the object of the conspiracy.
The object of the conspiracy here:
• Engaging in monetary transactions using funds which were derived from unlawful activity which is
prescribed by the statute:
• What is a “monetary transaction?” Any of the following to the extent that it affects interstate or foreign
commerce “by, through or to a financial institution.”
• What is “criminally derived property?”
Property, constituting or derived from, proceeds obtained from a criminal offense.
“specified unlawful activity” includes crimes ranging from those involving banks or other financial
institutions to drug offenses to terrorist offenses to environmental crimes.
Allegations supporting count 1.
“Criminal design of Liberty”
• Didn’t use confirming identification, such as a credit card.
• Once registered, could do transactions with other users of Liberty.
• Rather than allowing direct funding or withdrawals, required users to
go through exchangers.
• Liberty recommended exchangers in countries such as Malaysia,
Vietnam, Russia and Nigeria, which do not require heavy regulation.
Count 1: “Criminal Use of
“The merchants who accepted Liberty were overwhelmingly criminal in
At least one defendant admitted: Liberty was “illegal” and everyone in USA
knows “LR is [a] money laundering operation that hackers use.”
• Traffickers of stolen data and credit cards.
• Peddlers of Ponzi schemes.
• Computer hackers
• Unregulated gambling.
• Underground drug dealing.
Count 1: “Criminal
Couldn’t get a license in C.R., and so created a portal that involved
use of “fake data.”
After FinCEN Notice, Defendants falsely stated to C.R. authorities
that it had been sold, when in fact it was operating underground
using shell companies.
Began transferring funds to other accounts in different countries.
Count2: Conspiracytooperatean unlicensedmoney
No allegation that defendants agreed to use unlicensed money
transmitter businesses; but rather:
1. LR was unlicensed.
2. Used money transmitters in other jurisdictions who in
fact were unlicensed.
3. From Nov. 29, 2011 to Dec. 6, 2011, caused $13.5
million in accounts in C.R. to be transferred to a shell
company in Cyprus.
Count 3: operation of an unlicensed money
LR was the unlicensed money transmitter
Unclear what money transfers form the basis
for count, although clear that substantial wire
transfers took place:
• $13.5 mill. From C.R. to Cyprus in
• Subject to proof beyond a reasonable doubt
• Requires evidence of intent.
• Need not await separate proceeding (as in civil
forfeiture), but can be resolved at same trial as
Liberty reserve - proliferation
• Liberty Reserve required only email address to open an
• Laundered company and customer money through shell
companies in Costa Rica, Cyprus, Australia, China, Hong
Kong, Morocco, Russia amongst others
• 7 exchangers owned/administrators by the principals,
• 35 other exchanger website, domains now seized (civil
• Exchangers providing money transmission services to LR
by taking from US persons, since LR did not have any
funding option connected to a financial instrument of any
Liberty reserve – actions taken
• Patriot Act, Section 311 - Special Measures
Special Measures for Jurisdictions, Financial
Institutions, or International Transactions of Primary
Money Laundering Concern
• US issued 30 requests pursuant to Mutual Legal
Assistance Treaties (MLAT)
Costa Rica, Netherlands, Cyprus, Australia, Canada,
China, Hong Kong, Morocco, Spain, Switzerland,
Sweden, Norway, Luxembourg and Russia.
Mt. Gox seizure
• Department of Homeland Security seizure
warrant – Unlicensed Money Transmitter,
Not registered with FINCEN
• @ Dwolla , Mutum Sigillum LLC, c/o
Mt.Gox(USA) , with Veridian Credit Union
• 3 days before Bitcoin 2013 conference*
MT. Gox – seizure warrant (D. Md.
“A company called ‘Mt. Gox,’ is the world's largest bitcoin exchange, and it
operates out of Tokyo, Japan. Mt. Gox has a subsidiary company known
as “’Mutum Sigillum LLC.’"
“An online payment processor, known as Dwolla, is located in Iowa. Bank
records show a number of deposits to the Mutum Sigillum account at Wells
Fargo originating from international wires sent from Sumitomo Mitsui
Bank in Japan. The wires indicate that the transfer is in the name of Mt.
Gox Company Ltd. for the benefit of the Mutum Sigillum LLC
“The funds being sent to Dwolla are those of Mt. Gox customers that
withdraw said funds from Mt. Gox and direct their transfer to Dwolla.”
MT. Gox (cont’d)
A Confidential Informant (CI-1), who resides and banks in Maryland
“establish[ed] a new account, while in Maryland, with both Mt. Gox and
Dwolla. After funding his Mt. Gox account with U.S. funds, he exchanged
the currency in his Dwolla account for bitcoins. During the past six months,
CI-1 exchanged the bitcoins back into U.S. dollars, which he directed Mt.
Gox to transfer to Dwolla on his behalf. The funds were then credited to his
“According to bank records, this transfer was completed through the
subsidiary, Mutum Sigillum LLC. This demonstrates that Mutum Sigillum
LLC is engaged in a money transmitting business but is not registered as
required with FinCEN.”
US v. Ulbricht (SDNY 2013)
• Ct. 1: conspiracy to engage in narcotics trafficking.
• Ct. 2: CCE
• Ct. 3: Computer Hacking conspiracy
• Ct. 4: Money laundering conspiracy
• Forfeiture of any profits or proceeds of illegal activity.
Count 1 (narcotics conspiracy)
•“Dread Pirate Roberts”:
• Operated website in which thousands of drug dealers operated.
• Contracted for a Silk Road user to hire a hit man to kill another
user who was threatening to expose users on Silk Road.
• Conspired to possess drugs;
• Used a “communication facility” to further drug trafficking;
Count 2 (CCE)
•Count 1, but with 5 other persons
with whom the defendant occupied a
position as an “organizer” and
•Obtained substantial income from the
Count 3 (computer hacking)
•Silk Road provided a platform for the
purchase and sale of malicious
• Password theft; keyloggers; remote access
Count 4 (money laundering)
• Used bitcoin-based payment system to disguise (l) transaction
participants and (2) their locations.
• Relied on theory that the defendant used bit-coin to engage in
transactions involving illegal activity – namely narcotics
• Possible defense: virtual currency does not involve a
“monetary instrument” within the meaning of the money
• IRS 2014-21. “Under currently applicable law, virtual currency
is not treated as currency that could generate foreign currency
gain or loss for U.S. federal tax purposes.”
US v. FAIELLA AND SHREM
• Ct 1: OPERATING AN UNLICENSED MONEY TRANSMITTING
• Ct. 2: OPERATING AN UNLICENSED MONEY TRANSMITTING
• Ct. 3: Money Laundering Conspiracy
• Ct. 4: Failure to file a Suspicious Activity Report
Miscellaneous cases involving
United States v. Michael Mancil Brown (Nashville, Tenn.
Extortion and wire fraud scheme involving former
presidential candidate Mitt Romney’s tax returns.
Brown devised a scheme to defraud Romney, PWC and others
by falsely claiming that he had gained access to the PWC
internal computer network and had stolen tax documents for
Romney and his wife, Ann D. Romney, for tax years prior to
2010. Money to have been paid through a bitcoin account.
SEC v. Shavers (E.D. Tex. 2013)
• Shavers, operating under the Internet name “pirateat40,” offered and sold
BTCST investments over the Internet, raising more than 700,000 BTC in
principal investments from BTCST investors, or more than $4.5 million
based on the daily average price of BTC when the BTCST investors
purchased their BTCST investments.
11. In the November 3, 2011 solicitation on the Bitcoin Forum, Shavers wrote
that he was in the business of “selling BTC to a group of local people” and
offered investors up to 1% interest daily “until either you withdraw the
funds or my local dealings dry up and I can no longer be profitable.”
14. On or about November 22, 2011, in a post on the Bitcoin Forum, Shavers
wrote: “As with any movements in the market up or down I have enough
order activity going on that my risk is very limited. In most cases the coins
go uncovered less than a few hours, I have yet to come close to taking a
loss on any deal. With that said, in the event there was a huge change in
the market and I needed to personally cover the difference I am more than
willing to do so.”
• “[r]isk is almost zero”
• “Bitcoin Virtual Currency, Unique Features Present Distinct
Challenges for Deterring Illicit Activity” Medium level of confidence
that criminals will use this as forms of payment given that exchange
rate has risen sharply
Low level of confidence malicious actors will exploit Bitcoin
High level of confidence Bitcoin can be target of malware, botnets,
Bitcoin May be used as a means to move or steal funds and make
“donations” to illicit groups
• The Problem:
• Without a centralized authority, law enforcement faces difficulties detecting
suspicious activity, identifying users, and obtaining transaction records –
problems that might attract malicious actors to Bitcoin. Bitcoin might also
logically attract money launderers and other criminals who avoid traditional
financial systems by using the Internet to conduct global monetary transfers.
• The Solution:
• “the FBI assesses with medium confidence that law enforcement can identify,
or discover more information about malicious actors if the actors convert
their bitcoins into a fiat currency. Third-party bitcoin services may require
customers to submit valid identification or bank information to complete
transactions. Furthermore, any third-party service that qualifies as a money
transmitter must register as a money services business with the Financial
Crimes Enforcement Network (FinCEN) and implement an anti-money
FBI Assessment (cont’d)
• Recognize the need for a Compliance/AML program (primarily a
CDD process that makes sense while staying true to frictionless nature
of the payment system)
• Need legal counsel,
• Banks and other financial institutions must be informed as to the
• Avoid conduct giving rise to claims that the system was marketed or
pandered to criminals.
• The most drastic response will result from conduct giving rise to
claims that the defendant acted “knowingly” or with “reckless
Squire Patton Boggs, LLP
2550 M. St., N.W.
Washington, D.C. 20036