If you run a cryptocurrency exchange, particularly if it is a decentralized finance (DeFi) application, your compliance requirements for anti-money laundering (AML) laws and the Bank Secrecy Act (BSA) (31 U.S.C. § 5311 et seq.) will be onerous. Not taking the necessary steps to reach compliance, though, can lead to serious civil or even criminal sanctions.
Federal law enforcement agencies are closely scrutinizing cryptocurrency exchanges and DeFi applications for signs of illicit activity. They are extremely concerned that these platforms are being used to launder ill-gotten money or to fund illegal ventures, drug kingpins, and potentially even terrorists. With such high stakes at play, it is crucial for you to understand at least the basics of these laws and the legal requirements that they impose on cryptocurrency companies.
Here are four legal issues that the attorneys at Blockchain Lawyer, a group of blockchain attorneys at the federal business and defense law firm Oberheiden P.C., think that you should know about.
1. Decentralized Finance Applications are Seen With Suspicion By Law Enforcement
The core difference between a centralized and a decentralized cryptocurrency exchange is whether the exchange operates as a middleman for a trade. In centralized exchanges, the transaction goes through the financial institution or bank that runs the system. In decentralized exchanges, the transaction does not go through the institution. Instead, it goes straight from the seller to the buyer in a peer-to-peer exchange, often facilitated by smart contracts.
Decentralized exchanges are sought after by lots of different individuals for a variety of reasons.
Many people prefer them because they are easier to start trading on, as there is little onboarding with the exchange’s financial institution. To start trading, users can make an account without having to provide much information about themselves. That anonymity is another reason why people seek decentralized exchanges to transact in cryptocurrencies – they feel that decentralized exchanges are far more private than the ones that use centralized platforms, as the information surrounding their trades does not go through a third party that could potentially log it.
However, decentralized platforms are also sought out by nefarious actors who want to move money around without it being traced in order to evade taxation or to remove the taint of illegality. Without a financial institution in the middle of the transactions, decentralized exchanges are perfect for these traders.
This is why law enforcement sees decentralized exchanges as being ripe for misuse. If you create one of these exchanges, you can count on heavy scrutiny from law enforcement, who will blindly presume that you are catering to criminals rather than to traders who merely want an easier and more private setting to deal with crypto.
2. Decentralized Exchanges Are Usually Still Money Transmitters
Cryptocurrency exchanges that use a decentralized platform or structure often claim that their DeFi application makes them immune from oversight because they are no longer a “money transmitter” that could be regulated by the Financial Crimes Enforcement Network (FinCEN), the major law enforcement agency that deals with these exchanges. While the hands-off approach of DeFi applications may make it seem like the institution is no longer a part of the exchange, FinCEN’s 2019 guidance makes it clear that this is not enough to avoid regulation.
As a money transmitter, you still have compliance obligations under the Bank Secrecy Act and various anti-money laundering statutes.
3. Your Company Needs a Written Compliance Policy
As a money transmitter, your crypto exchange needs a compliance policy that comports with the requirements of the BSA. It has to be in writing and generally will have to include provisions that include:
- A reference to the laws that the policy aims to comply with
- A statement of purpose
- Clear definitions for all of the fundamental concepts used or mentioned in the policy
- Who is in charge of enforcing the compliance policy
- A statement about who has decision making authority within the organization
- Guidelines that set out what is to happen, should specific scenarios arise that could lead to a violation of the law
- How you comply with Regulation E (12 C.F.R. Part 1005), which covers electronic fund transfers
- How you prevent elder abuse on the platform
- When a suspicious activities report (SAR) has to be filed, as well as how it is filed
- How customer complaints are handled by the company
- A prohibition against unfair, deceptive, or abusive acts and practices and a statement about how these forms of conduct will be identified and penalized
- How due diligence is performed when selecting a vendor
- How transactions are monitored
- A policy regarding electronic signatures, including when they are required and how they are provided
- How unclaimed property is handled on the platform
- A provision on market manipulation that complies with the requirements under Commission Future Trading Commission (CFTC) guidelines
- When accounts are to be closed for misconduct
- How the company responds to requests by law enforcement for information
- How the company complies with the Office of Foreign Assets Control (OFAC) requirements
- The company’s privacy policy, which has to comply with the Graham-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999
- How the company will react to a disaster
- Data retention policies
- A change log of all prior revisions to the compliance policy
While this list is long, even more elements may be required for your exchange in some cases.
4. You Have to Enforce Your Compliance Policy
Just writing an adequate compliance policy for your crypto exchange or DeFi application is not enough, though. You also have to enforce its terms. Especially in a decentralized system, this can be quite difficult. The very hands-off nature of the platform can make enforcement tricky, and can make users see your compliance efforts as a betrayal of the spirit of the exchange. The costs of noncompliance, though, are steep, and it is law enforcement that gets to determine whether your compliance efforts are inadequate and deserving of scrutiny.
Comments are off this post!