On Dec. 18, 2020, the Financial Crimes Enforcement Network (“FinCEN”) of the U.S. Department of the Treasury issued for public comment a notice of proposed rulemaking (the “NPRM“ or “Proposed Rule”) that would require banks and money services businesses (“MSBs”) to (1) submit reports for transactions exceeding $10,000 USD involving convertible virtual currency (“CVC”) or digital assets with legal tender status (“legal tender digital asset,” or “LTDA”); (2) maintain records of customers’ CVC and LTDA transactions exceeding $3,000 USD; and (3) verify the identity of those customers engaging in CVC or LTDA transactions exceeding $3,000 USD with counterparties using wallets that are either (i) not hosted by a financial institution (“Unhosted Wallets”) or (ii) hosted by a financial institution, but located in a jurisdiction listed on FinCEN’s Foreign Jurisdictions List, which FinCEN is proposing to establish (“High-Risk Jurisdiction Wallet”).[1] The NPRM specifically requests feedback from financial institutions to 24 questions and prompts. Comments may be submitted to FinCEN by Jan. 4, 2021. The shortened notice-and-comment period is due to the Proposed Rule’s close bearing on issues of foreign affairs.

FinCEN concurrently released a set of Frequently Asked Questions (“FAQs“) providing high-level supplementary guidance as to how the Proposed Rule would impact financial institutions and combat illicit criminal activity. For example, wallets are classified as either “hosted” or “unhosted”; and the rules proposed are similar to those already established for transactions in currency and wire transfers. The FAQs define a hosted wallet as “a digital account hosted by a third-party financial institution, which allows the account-holder (the user) to store, send, and receive cryptocurrency,” and define an unhosted wallet as a wallet that is “not hosted by a third-party financial system […] similar to an anonymous bank account, because the only identifier of the holder is a code. “

Reporting Requirements for CVC and LTDA Transactions Exceeding $10,000 USD

The Proposed Rule would require banks and MSBs to file a report for transactions in excess of $10,000 USD initiated between their own customers’ CVC and LTDA hosted wallets and Unhosted Wallets or High-Risk Jurisdiction Wallets. The requirement would apply to both those customers that are senders of CVC or LTDA and those that are recipients of CVC or LTDA, including when customers transfer such CVC or LTDA to themselves. The NPRM further notes that foreign-located MSBs would be required to comply with the Proposed Rule’s CVC and LTDA reporting requirement, but the requirement would apply only to those activities within the United States.

Similar to the existing currency transaction report (“CTR”) filing requirement, the Proposed Rule would require banks and MSBs to verify and record the identity of the individual presenting the CVC or LTDA transaction, as well as record the identity, account number, and the social security or taxpayer identification number, if any, of any person or entity on whose behalf such transaction is to be effected. Verification of identity must occur through examination of a document (e.g., a driver’s license). The Proposed Rule also provides banks and MSBs 15 days from the date of the reportable transaction to file the CTR, and for purposes of determining whether the $10,000 USD threshold is reached, the NPRM explains that “only CVC or LTDA transactions would need to be aggregated together.” It further notes, “a report would not be required when the total value of a person’s CVC or LTDA transactions plus the person’s currency transactions in a 24-hour period is greater than $10,000 in value, … but the total value of the person’s CVC or LTDA transactions alone is not greater than $10,000 in value.”

FinCEN is proposing exemptions to this reporting requirement that would make this requirement inapplicable to CVC or LTDA transactions either between hosted wallets held by Bank Secrecy Act —regulated financial institutions or where the counterparty wallet is hosted by a foreign financial institution, except where that foreign financial institution is located in a jurisdiction listed on FinCEN’s Foreign Jurisdictions List.

Additionally, the Proposed Rule would also modify the prohibition on structuring to capture transactions conducted in CVC or LTDA.

Recordkeeping Requirements for Customers’ CVC and LTDA Transactions Exceeding $3,000 USD

The Proposed Rule provides that banks and MSBs would be required to collect and keep the following information related to a CVC or LTDA transaction involving the withdrawal, exchange or other payment or transfer, by, through or to such bank or MSB where (i) a counterparty uses an Unhosted Wallet or High-Risk Jurisdiction Wallet; and (ii) the transaction exceeds $3,000 USD:

  1. Name and physical address of the financial institution’s customer;
  2. Type of CVC or LTDA used in the transaction;
  3. Amount of CVC or LTDA in the transaction;
  4. Time of the transaction;
  5. Assessed value of the transaction in USD, based on the exchange rate circulating at the time of the transaction;
  6. Payment instructions received from the financial institution’s customer, if applicable;
  7. Name and physical address of each counterparty;
  8. Other counterparty information the Secretary of the Treasury may prescribe as mandatory on the reporting form for transactions subject to reporting under 31 CFR § 1010.316;
  9. Any other information that uniquely identifies the transaction, the accounts and the parties involved; and
  10. Any form relating to the transaction that is completed or signed by the customer.

The Proposed Rule would not require banks and MSBs to aggregate multiple transactions for the purpose of determining whether the $3,000 USD threshold has been met. It further provides that a bank or MSB would be expected to “follow risk-based procedures, consistent with their AML/CFT program, to determine whether to obtain additional information about their customer’s counterparties or take steps to confirm the accuracy of counterparty information.”

Identity Verification Requirements for Customers Engaging in CVC and LTDA Transactions Exceeding $3,000 USD

The Proposed Rule would require banks and MSBs to verify the identity of their hosted wallet customers when those customers engage in transactions exceeding $3,000 USD with Unhosted Wallets or High-Risk Jurisdiction Wallets. To that end, the Proposed Rule calls for banks and MSBs to establish risk-based procedures for verifying a hosted wallet customer’s identity — procedures sufficient to allow a bank or MSB to reasonably believe that it knows the customer’s true identity. The NPRM explains that these risk-based procedures would be predicated on “the bank’s or MSB’s assessment of the relevant risks, including those presented by the nature of their relationship with their hosted wallet customer, the transaction activity, and other activity associated with each counterparty and the CVC or LTDA assets.” The NPRM further notes that this verification requirement would include verifying the identity of a person accessing a customer’s account who is not the customer, but who may be initiating a transaction on the customer’s behalf.

Request for Feedback

FinCEN also requests feedback in response to 24 questions that it poses to the public. The questions, some of which are reproduced below, concern an array of issues related to the Proposed Rule.

  • For purposes of the Proposed Rule’s CVC/LTDA transaction reporting requirement with respect to High-Risk Jurisdiction Wallets, FinCEN currently includes Burma, Iran and North Korea on its Foreign Jurisdictions List. FinCEN asks which additional jurisdictions, if any, should be added to the Foreign Jurisdictions List, and whether there are particular considerations that should be taken into account when adding or removing jurisdictions to this list.
  • FinCEN has proposed to apply the CVC or LTDA transaction reporting requirement only to banks and MSBs. FinCEN requests feedback as to whether it should extend the obligation to file reports under the Proposed Rule’s CVC or LTDA transaction reporting requirement to financial institutions other than banks and MSBs, such as brokers-dealers, futures commission merchants and mutual funds.
  • While FinCEN believes that those financial institutions already providing CVC or LTDA wallet hosting services are likely capable of handling the implementation of the Proposed Rule’s requirements, FinCEN acknowledges that the initial costs of implementation may be non-trivial. Accordingly, FinCEN asks for input as to what the technical challenges to implementation could be and what might impact a financial institution’s reasonable ability to implement these requirements.

Banks and MSBs engaging in such transactions are encouraged to review the Proposed Rule and any final rule that is issued and modify their existing internal controls, policies and procedures accordingly.