Pseudo-anonymity and decentralization are the main characteristics of cryptocurrencies. However, by providing features such as enhanced privacy, unlawful acts including fraud, trafficking, money laundering, etc. become a serious financial and national security concern. Privacy attracts criminals and leads to different typologies of nefarious activities. Regulators aim to protect both customers and their assets from illicit behavior and as a result have increased oversight of the blockchain and digital asset space.
Arthur Hayes, a wealthy businessman and banker, is the former CEO of BitMEX, an opaque cryptocurrency exchange built from scratch; he is one of three billionaire co-founders. On April 6, 2021, Hayes surrendered to face US charges for violating the Bank Secrecy Act (BSA). The BSA is designed to, through a regulatory obligation, call on US financial institutions to assist US government agencies in detecting and preventing money laundering. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) found that BitMEX failed to implement appropriate policies, procedures, and internal controls to prevent clients using virtual private networks from accessing trading platforms and bypass internet protocol monitoring. [Full disclosure: I worked at FinCEN, the Treasury Department and the DOJ.]
Given the regulatory scrutiny and risk of abuse that cryptocurrency businesses are exposed to by both government and criminal actors, entities involved in digital assets and blockchain technology would be well advised to review their compliance programs and their best practices in order to insulate their businesses as the crypto world awaits new regulation spurred by an increase in financial cybercrime and governments reacting with zero tolerance.
The genesis of a “culture of compliance”
The consequences of non-compliance can be serious and range from civil monetary penalties and litigation to judicial termination of business activities and even imprisonment. Just as compliance obligations and potential penalties encourage companies to comply, compliance also encourages employees to act appropriately and responsibly towards the company and to demonstrate professionalism towards customers and sensitive data controlled by the company. ’employer. This professional and compliance-focused mindset is accomplished by embedding compliance into the corporate culture itself, especially values and behaviors. It is critical that compliance behaviors be modeled starting at the top, through senior management and senior management.
The return on investment in a culture of compliance comes into play as the business grows. As with BitMEX, it can be surprising how unprepared a company is to comply with regulations as it grows. In the United States, the BSA is not the only regulatory program involving crypto, nor is FinCEN the only federal regulator taking an interest in the digital asset space. To become and remain compliant, Virtual Asset Service Providers (VASPs) must adhere to the dynamic and evolving requirements of multiple regulatory authorities. Being familiar with the regulatory authorities in the region in which the company operates is essential to the strength of its compliance. Indeed, the cultural fundamentals of compliance – imposed on employees – may motivate them to meet requirements, but the company may not be fully equipped for this. Regulations critical to VASP compliance culture are promulgated by the following authorities:
The Office of Foreign Assets Control (OFAC): An office within the United States Department of the Treasury responsible for administering and enforcing economic sanctions against specific foreign countries, geographic regions, entities, and individuals in order to advance United States foreign policy and national security objectives.
The Financial Crime Enforcement Network (FinCEN): FinCEN’s mission is to protect the financial system from unlawful use, prevent money laundering, and enhance national security through the collection, analysis, and dissemination of financial intelligence and the strategic use of financial authorities.
Securities and Exchange Commission (SEC): The mission of the SEC is to protect investors; maintaining fair, orderly and efficient markets; and facilitate capital formation. The SEC strives to promote a market environment worthy of the public’s trust.
Commodity Futures Trading Commission (CFTC): protects the public from fraud, manipulation, and abusive practices related to the sale of commodity and financial futures and options contracts, and promotes open, competitive, and financially sound futures and options markets.
The aforementioned regulators govern a number of compliance obligations to accomplish their mission, namely: global economic sanctions, anti-money laundering, customer identification and Know Your Customer programs, securities law securities and commodity regulation. They hold crypto firms and other financial institutions accountable for any violations resulting from their customers’ transactions. As stated earlier, the consequences of non-compliance or failure to maintain a culture of compliance are severe. In some cases, this can be the death knell for a VASP. As a result, a compliance officer, regular compliance trainings, employee awareness programs, testing and monitoring of compliance checks, and a dedicated point of contact within the corporate legal department must be in place to ensure that compliance obligations are met.
Through Michael Fasanello, JD Director, Training and Regulatory Affairs Blockchain intelligence Group