More Related Content Similar to Inside Bitcoins_Shapiro (20) More from Mediabistro (20) Inside Bitcoins_Shapiro1. WASHINGTON, D.C. ATLANTA BRUSSELS DENVER
DUBAI HONG KONG LONDON MILAN NEW YORK PARIS SAN FRANCISCO SINGAPORE SYDNEY TOKYO TORONTO
A Practical Guide to
Bitcoin Regulation & Compliance
Bill Haraf
Managing Director
wharaf@promontory.com
Adam Shapiro
Director
ashapiro@promontory.com
December 10, 2013
© 2013 Promontory Financial Group, LLC. All rights reserved.
2. Today’s Regulatory Environment
• Innovator culture vs. Regulator culture
o Speed and creativity vs. caution and controls
o Increased regulatory skepticism about benefits of innovations, particularly
post financial crisis
• Financial institutions and markets are under more scrutiny than ever before
o In addition to safety and soundness, high level of oversight of BSA
compliance, data security, consumer protection, third party vendor
relationships, agency relationships, fairness and privacy programs
o Compliance programs are being held to “six sigma” standards
o Very large fines for BSA/OFAC violations
• These considerations have made banks and other FIs cautious about accepting
“high risk customers” such as digital currency firms
© 2013 Promontory Financial Group, LLC. All rights reserved.
2
3. Impact on Digital Currency Ecosystem
• Digital currencies are now receiving a high level of attention in Washington DC
and across the states
o From policymakers, regulators and law enforcement
o Key states such as California and New York getting close to decisions about
how to regulate digital currencies
• Current posture, generally speaking, is “watchful waiting”
o Don’t stifle innovation, but be cautious about potential risks and benefits
o E.g., Homeland Security & Banking Committee hearings last month
• Belief that the current regulatory framework can be adapted to accommodate
without major modifications, perhaps with definitional changes
o Money transmitter rules, futures and forwards, market making and dealing,
securities issuance
© 2013 Promontory Financial Group, LLC. All rights reserved.
3
4. Regulatory Risk Management
• Are you currently doing business in the U.S. and/or with U.S. customers?
• Could your business be subject to licensing and/or registration requirements?
• If so, are you taking regulatory and/or legal risk that can potentially put your
business in jeopardy and subject you to criminal sanctions?
• How much regulatory risk do you want to take? You can argue that your
business doesn’t require licensing and/or registration, but the regulators’
views will generally prevail in the courts
• Potential for personal liability, especially if law enforcement discovers unlawful
activity
• Do you think your company’s future is brighter as a component of mainstream
finance or outside of it?
© 2013 Promontory Financial Group, LLC. All rights reserved.
4
5. Licensing – Strategic Considerations
• Access to capital and banking relationships are critical success factors for
digital currency firms, but often difficult, at least today, to achieve
o Some banks are willing to provide services, as long as potential partner firms
have licenses or have started the licensing process
o Some larger investors now requiring licensing plans as a condition of
investment – heightened concern about personal liability of directors
• A license can be a “Good Housekeeping Seal of Approval”
o Demonstrates approvable financial and managerial resources and
attentiveness to an appropriate control environment
o The process can be onerous, but considerations are appropriate for a
company handling “other people’s money”
o Can protect your company from reputational damage caused by the unlawful
actions of unlicensed actors
• So what does the licensing application look like, and how is it judged?
© 2013 Promontory Financial Group, LLC. All rights reserved.
5
6. The Money Transmitter License Application
• Requirements vary state-by-state, but key components include:
o Background and qualifications of management, board and major shareholders
o A Business Plan
o Flow-of-Funds descriptions/diagrams
o Financial resources and stability of company, both now and against strategic
plans
o Descriptions of actual/planned systems and controls, particularly those
focused on:
Protection of customer funds
Anti money laundering (“AML”) and sanctions compliance
Privacy and data security
• The licensing application decision process involves regulatory judgment – not
everything is black & white
© 2013 Promontory Financial Group, LLC. All rights reserved.
6
7. Successfully Transitioning to Regulation
• Firms that are successful in minimizing regulatory concerns:
o Understand the public policy concerns regulators have in relation to digital
currencies and can articulate how the firm addresses them
o Devote resources and management time to the application process
o Set a positive tone for the regulatory relationship from the outset
o Invest appropriately in compliance staff and systems based on size and
activities
Key areas of regulatory focus currently are BSA/AML and protection of
customer funds
o Ensure that all employees recognize:
The importance of compliance
The need for greater process formality, documentation and recordkeeping in areas of regulatory focus
o Maintain good relationships with regulators and avoid “surprises”
© 2013 Promontory Financial Group, LLC. All rights reserved.
7
8. Effective Compliance Programs
• BSA/AML Programs
• Industry-wide BSA/AML Challenges
• Other Significant Compliance Issues
© 2013 Promontory Financial Group, LLC. All rights reserved.
8
9. The Four Pillars of BSA/AML Programs
• Internal controls based upon the MSB’s risk assessment, which are designed to
detect and deter money laundering and terrorist financing
• A designated BSA/AML compliance officer with the stature and qualifications
to implement and supervise the BSA/AML Program
• Independent testing of the MSB to measure compliance with the BSA
• Evidence of BSA/AML training for appropriate personnel
© 2013 Promontory Financial Group, LLC. All rights reserved.
9
10. Key Resources
• BSA/AML Examination Manual for Money Services Businesses (Financial
Crimes Enforcement Network (“FinCEN”), 2008)
• BSA/AML Examination Manual (Federal Financial Institutions Examination
Council, 2010). Applicable to banks rather than MSBs, but useful for
requirements related to Office of Foreign Assets Control (“OFAC”) compliance
and more generally for best practices, particularly in relation to:
o BSA/AML Risk Assessment
o Customer Identification Program
o Customer Due Diligence
• Risk-Based Approach: Guidance for Money Service Businesses (Financial
Action Task Force, July 2009)
• FinCEN and OFAC websites (www.fincen.gov and
http://www.treasury.gov/resource-center/sanctions/Pages/default.aspx)
© 2013 Promontory Financial Group, LLC. All rights reserved.
10
11. Key BSA/AML Controls – Program
• Written policy/program (and associated procedures)
• Risk assessment
o Inherent Risk
o Quality of Controls and Residual Risk
o Proposed Corrective Action/Enhancements
• Staffing
• Documentation (if it’s not written down, it didn’t happen)
• Risk-based training
o Baseline training for all staff, contractors and board members
o More detailed training for people with key roles implementing the program
o Evidence of materials and completion
• Governance and oversight
o
o
o
o
QA and monitoring
Escalation and whistleblowing
Reporting and action tracking
Tone at the top
© 2013 Promontory Financial Group, LLC. All rights reserved.
11
12. Key Controls – Know Your Customer (“KYC”)
• Customer Identification and Verification
o Scope of program:
All customers?
Legal minimum?
Somewhere in between (FATF best practice)?
o Cost effective verification:
Automation
What to do about potential customers that don’t pass
• OFAC/Economic Sanctions
o Applies regardless of regulated status
o Broader than KYC (e.g. transaction parties, staff, contractors etc.)
o Real-time compliance
• Customer Due Diligence/Enhanced Due Diligence
o Ambiguous application to MSBs…
o … but clearly justified on a risk-based basis
o FFIEC Manual for banks helps with best practices
© 2013 Promontory Financial Group, LLC. All rights reserved.
12
13. Key Controls – Transaction Monitoring and Investigations
• Transaction Monitoring
o Both automated and manual
o Key typologies include:
Patterns/smurfing
Unusually large transactions
Structuring
Indications of illicit activity
o Leveraging the block chain
o Controls over changes to monitoring thresholds
• Investigations
o Investigate all alerts and referrals
o Review affected customer(s) wider activity for related/similar transactions
o If found not to be suspicious, document the reason
o If suspicious, file a Suspicious Activity Report within 30 days of detection of
the fact pattern
© 2013 Promontory Financial Group, LLC. All rights reserved.
13
14. Key Controls – Reporting, Recordkeeping and Information Sharing
• Suspicious Activity Reporting
• Currency Transaction Reporting and Currency or Monetary Instruments
Reporting (not relevant to many Bitcoin business models)
• Funds Transfer Recordkeeping
• The Travel Rule – not designed with Bitcoin and digital currencies in mind!
• Foreign Bank and Financial Accounts Reporting
• Subpoena handling and other government requests
• 314(b) Information Sharing (at last something that is optional)
© 2013 Promontory Financial Group, LLC. All rights reserved.
14
15. Know Your Counterparty – Bitcoin’s Major BSA/AML Challenge
• U.S. authorities believe that firms need counterparty information for effective
transaction monitoring and OFAC compliance
• U.S. expects major payments systems to provide – or make available –
beneficiary and originator information to all financial institutions involved in
the payment chain (e.g. SWIFT messaging changes)
• Choice for the Bitcoin community – define a workable way to achieve this or
risk having an unworkable one imposed for U.S.-related business
• Real tensions between BSA/AML expectations on the one hand and privacy
concerns on the other. Needs careful thought:
o A good first step – sharing of non-personally identifiable information
o Ability to tag wallets (hosted or independent) as Identity Verified
o No transmission of identity information – firms can pull as required
o Firms store information only when required by recordkeeping requirements
© 2013 Promontory Financial Group, LLC. All rights reserved.
15
16. Other Key Compliance Issues
• Consumer Compliance
o Regulation E (and consumer expectations)
o Fees, disclosures and receipts
o Consumer understanding and market risk
• Information Security & Privacy
o Safeguarding of customer funds and privacy of consumer information critical
both to regulatory acceptance and consumer adoption
o Current wave of hacks and thefts unhelpful to both causes
o Incumbent on firms to demonstrate
• Compliance beyond money transmission
o Futures and other derivatives
o Securities
o Lending
o Fractional reserve banking
© 2013 Promontory Financial Group, LLC. All rights reserved.
16
17. Regulatory Examinations
• Frequency and rigor of examination of small firms is less than for large
financial institutions
o Several year cycle typical
o Multi-state (but not all states) coordination process
o Process:
o Document request
o Onsite exam
o Exit meeting
o Written findings
o 4 “Cs” of regulatory communication:
o Candor
o Coherence
o Consistency
o Courtesy
© 2013 Promontory Financial Group, LLC. All rights reserved.
17