FinCEN Proposes New Reporting, Recordkeeping and Verification Requirements for Transactions Involving Unhosted Wallets

Skadden, Arps, Slate, Meagher & Flom LLP

Jamie L. Boucher Eytan J. Fisch Joe Sandman Javier A. Urbina

On January 7, 2021, the original 15-day comment period ended for a proposed rule announced by the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) that would impose new reporting, recordkeeping and verification requirements on banks and money services businesses (MSBs) with respect to certain virtual currency transactions (the Proposed Rule). The Proposed Rule would require banks and MSBs to (i) file a report with FinCEN for transactions exceeding $10,000 in value that involve convertible virtual currency (CVC1) or digital assets with legal tender status (Legal Tender Digital Assets or LTDA2) held in a wallet not hosted by a financial institution (“unhosted wallet”) or a wallet hosted by a financial institution in a jurisdiction identified by FinCEN (“otherwise covered wallet”); and (ii) keep records of a customer's CVC or LTDA transactions and counterparties, including verifying the identity of their customer, if their customer’s counterparty uses an unhosted or otherwise covered wallet and the transaction is greater than $3,000.

Many key industry players sharply criticized FinCEN for the limited comment period that it provided, stressing that it would deprive FinCEN of important feedback and could result in the imposition of extensive requirements without adequately addressing ambiguities and barriers to implementation implicated by the Proposed Rule. In light of the concerns raised by the industry regarding the Proposed Rule and the more than 7,500 comments that FinCEN received during the initial comment period, FinCEN issued a notice on January 14, 2021, indicating that it will reopen the comment period for the Proposed Rule. FinCEN will provide an additional 15 days, until January 30, 2021, for comments on the proposed reporting requirement (except with respect to reporting of counterparty information) and an additional 45 days, until March 1, 2021, for comments on the requirement to report counterparty information and the proposed recordkeeping requirement. FinCEN noted that it has continued to receive, and will review, comments submitted between January 7, 2021, and the publication of its notice extending the comment period.

U.S. regulators and prosecutors continue to focus their attention on the virtual currency and digital assets industry. In addition to recent enforcement actions, on October 27, 2020, FinCEN and the Board of Governors of the Federal Reserve System proposed to lower the threshold for international funds transfers from $3,000 to $250 under the Recordkeeping Rule and Travel Rule. That rule has not yet been finalized. (See our November 2020 client alert, “FinCEN and Federal Reserve Propose to Significantly Lower Threshold for International Funds Transfers Under Recordkeeping and Travel Rules”).

New Reporting Requirement for CVC/LTDA Transactions Exceeding $10,000

Similar to the existing Currency Transaction Reporting (CTR) requirement, the Proposed Rule would require banks and MSBs to file a report with FinCEN for each CVC or LTDA transaction exceeding $10,000 that involves an unhosted or “otherwise covered wallet.” The report would need to be filed with FinCEN within 15 days of the reportable transaction(s) using a Value Transaction Report form, which FinCEN indicated will be similar to the existing CTR Form 112. The current anti-structuring rule would be expanded to also prohibit the evasion of the proposed reporting requirement. Additionally, this reporting requirement would apply regardless of whether the bank’s or MSB’s customer acts as the sender or recipient of the transaction, and even if the user of the unhosted or otherwise covered wallet is a customer for which the bank or MSB holds a hosted wallet. A transaction where any one participating wallet is unhosted or otherwise covered also would be subject to the reporting requirement.

FinCEN proposed to define an “otherwise covered wallet” as a wallet that is held at a financial institution that is not subject to the BSA and is located in a foreign jurisdiction identified by FinCEN on a List of Foreign Jurisdictions, which FinCEN is proposing to establish. The List of Foreign Jurisdictions would initially be comprised of jurisdictions designated by FinCEN as jurisdictions of primary money laundering concern (currently, Burma, Iran and North Korea) but could in the future be expanded to include jurisdictions with significant deficiencies in their regulation of CVC and LTDA.

Although the Proposed Rule would exempt reporting of transactions with wallets hosted by a BSA-regulated institution or a financial institution located in a jurisdiction that is not on the List of Foreign Jurisdictions, banks and MSBs would be required to have a “reasonable basis” to apply such exception. For example, FinCEN explained that in analyzing whether a counterparty’s wallet is hosted by a BSA-regulated MSB, banks and MSBs would need to ensure that the MSB is registered with FinCEN. Similarly, banks and MSBs would need to confirm that a foreign financial institution is not located in a jurisdiction on the List of Foreign Jurisdictions and would need to apply reasonable, risk-based, documented procedures to confirm that the foreign financial institution is complying with applicable registration or similar requirements. Critics point out that banks and MSBs would face substantial practical and technical challenges in differentiating transactions that involve hosted wallets from those that do not. Blockchain addresses may not necessarily be registered or located at a specific location and do not readily show whether the wallet involved is hosted or unhosted.

Furthermore, the Proposed Rule would expand the aggregation requirement that applies to currency transactions to cover CVC and LTDA. Specifically, banks and MSBs would be required to file a report for multiple CVC or LTDA transactions known to be on behalf of the same person that in the aggregate exceed $10,000 in a 24-hour period. However, CVC or LTDA transactions would not need to be aggregated with fiat currency transactions. The Proposed Rule also makes clear that for purposes of aggregation, a bank or MSB must include all of its offices and records, wherever they may be located. Additionally, foreign-located MSBs would be required to comply with the proposed reporting requirement, including the related aggregation requirement, with respect to their activities in the United States.

Banks and MSBs also would be required to verify and record the identity of their customer engaged in a reportable transaction. This would include verifying the identity of the person accessing the customer’s account, which may be someone conducting a transaction on the customer’s behalf. Recognizing that CVC/LTDA transactions typically are not conducted in person (unlike currency transactions), FinCEN did not prescribe specific procedures for verifying a hosted wallet customer’s identity and instead proposed that a bank or MSB establish risk-based procedures consistent with the bank’s or MSB’s AML/CTF program.3 Most notably, banks and MSBs would be required to report, at a minimum, the name and physical address of each counterparty. Banks and MSBs would be expected to follow risk-based procedures to determine whether to collect additional information about their customers’ counterparties or take steps to confirm the accuracy of counterparty information. Because banks and MSBs are unlikely to know counterparties’ names and physical addresses, a financial institution may have to rely on information that its customer furnishes and may have no guarantee that the information is reliable.

New Recordkeeping and Verification Requirements for CVC/LTDA Transactions Greater Than $3,000

The existing Recordkeeping Rule requires U.S. financial institutions, including banks and MSBs, to collect and maintain certain information for funds transfers of $3,000 or more. The Proposed Rule would further require banks and MSBs to keep similar information for transactions greater than $3,000 between their customer and a counterparty using an unhosted or otherwise covered wallet. Notably, unlike with the Recordkeeping Rule, banks and MSBs would be required to collect the name and physical address of each counterparty to the transaction as well as other counterparty information prescribed by FinCEN. Banks and MSBs would be expected to follow risk-based procedures, consistent with their AML/CTF program, to determine whether to collect additional information about their customers’ counterparties or take steps to confirm the accuracy of counterparty information.

The Proposed Rule’s recordkeeping requirement would similarly exempt transactions involving wallets hosted by BSA-regulated institutions or foreign financial institutions located in a jurisdiction that is not on the List of Foreign Jurisdictions. Banks and MSBs would need to have a documented basis for applying this exemption, as in the case of the reporting requirement discussed above. Moreover, the obligation to verify a customer’s identity under the Proposed Rule’s recordkeeping requirement would be consistent with the prescriptions regarding verification imposed by the Proposed Rule’s reporting requirement. In contrast, no aggregation would be required for the purpose of the recordkeeping requirement.

Although the Proposed Rule’s reporting and recordkeeping requirements prescribe the collection and verification of similar information, FinCEN indicated that transactions with a value of greater than $10,000 would be subject to both requirements. FinCEN noted its expectation that banks and MSBs would be able to implement a single set of information collection and verification procedures to satisfy both requirements.

Further, FinCEN did not address whether the rule proposed in October 2020, which would reduce the $3,000 threshold under the Recordkeeping Rule to $250 for international funds transfers, would impact the $3,000 threshold included in the Proposed Rule’s recordkeeping requirement for CVC/LTDA transactions involving unhosted or otherwise covered wallets. It also remains unclear how FinCEN will resolve the potentially overlapping scopes of the Recordkeeping Rule and the Proposed Rule’s recordkeeping requirement, given that both could apply to “otherwise covered wallets.” While the current List of Foreign Jurisdictions only contains three jurisdictions, the potential overlap between both rules may become more pronounced if the list is expanded.

Future Considerations

FinCEN’s rationale behind the Proposed Rule is that the inherent anonymity of unhosted wallets enables bad actors to covertly move large sums of money across the globe to support illicit activities. FinCEN contends that the Proposed Rule’s reporting and recordkeeping requirements would allow law enforcement agencies to more effectively combat illicit finance risks associated with unhosted wallets. Key industry players have expressed concerns that the Proposed Rule could have a chilling effect on the use of unhosted wallets, which tend to serve unbanked and underbanked populations, and may hamper the evolution and adoption of blockchain technology in the U.S by forcing centralization on a nascent technology that is premised on the concept of decentralization. Others believe that the Proposed Rule may actually be counterproductive and push unhosted wallet users underground, making it more difficult to track transactions involving unhosted wallets. Notwithstanding the potential net benefits of the Proposed Rule, banks and MSBs may incur substantial compliance costs and face significant challenges in implementing its requirements.

FinCEN continues to consider several key aspects of the Proposed Rule, as reflected by the comments it requested, including: (i) whether FinCEN should extend the proposed reporting and recordkeeping requirements to financial institutions other than banks and MSBs (e.g., broker-dealers, futures commission merchants and mutual funds); (ii) whether the reporting requirement should be applied to all CVC/LTDA transactions, including those that involve hosted wallet counterparties; (iii) whether FinCEN has provided sufficient clarity on the scope of the aggregation requirement that applies to the proposed reporting requirement and whether aggregation should be required across both fiat and CVC/LTDA transactions; (iv) whether FinCEN should require that banks and MSBs verify the identity of the counterparties of their hosted wallet customers under the reporting and recordkeeping requirements; and (v) whether FinCEN should add additional jurisdictions to the List of Foreign Jurisdictions, including whether there are any particular considerations FinCEN should take into account when adding or removing jurisdictions.

FinCEN may decide to modify the Proposed Rule in response to the thousands of comments that it has received and additional comments that it may receive during the extended comment periods. FinCEN has indicated that a final rule implementing the proposed reporting requirement would be effective 30 days after its publication, except that the requirement to report counterparty information (if adopted) would not take effect for 60 days. A final rule implementing the recordkeeping requirement also would be effective 60 days after its publication.

________________________

1 CVC means a medium of exchange (such as cryptocurrency) that either has an equivalent value as currency or acts as a substitute for currency but lacks legal tender status.

2 LTDA means any type of digital asset issued by the United States or any other country that is designated as legal tender by the issuing country and accepted as a medium of exchange in the country of issuance.

3 FinCEN indicated that a bank may be able to leverage information it previously has collected and already is obligated to collect pursuant to the bank’s customer identification program and ongoing customer due diligence obligations. MSBs also may do the same to the extent they collect any such information pursuant to their obligation to maintain an adequate AML/CTF program.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.

BACK TO TOP