Op Ed: A Quick-Start Token Sale Compliance Guide: What You Need to Know

A quick-start guide to planning and reaching AML and OFAC compliance goals if you're thinking about kicking off a token sale in the U.S.
A quick-start guide to planning and reaching AML and OFAC compliance goals if you're thinking about kicking off a token sale in the U.S.
Regulation - Op Ed: A Quick-Start Token Sale Compliance Guide: What You Need to Know

Compliance with Anti-Money Laundering (AML) rules and with the economic sanctions administered by the Treasury Department’s Office of Foreign Assets Control (OFAC) can be a daunting task for any business. When it comes to the fast-moving world of token sales and cryptocurrencies in general, much of the legal and regulatory landscape is yet to be settled, but the obligation to comply with AML and OFAC laws is clear. This quick start guide to AML and OFAC compliance aims to provide entrepreneurs and in-house counsel an early roadmap for planning and reaching their compliance goals as they think about kicking off a token sale.

This guide focuses on U.S. laws, but be aware that other countries also have laws in these two areas.

Steer Clear of Tainted Funds: Watch for Red Flags

It states the obvious, of course, to say steer clear of tainted funds. But whether you are starting a new cryptocurrency exchange business or selling tokens to raise money for your new project, it takes intentional focus and care to ensure that the funds moving into and through your business are not the product of illegal activity. With several recent notorious examples of theft, fraud and money laundering fresh in the minds of government regulators and investigators, it is even more imperative that entrepreneurs establish and use the right anti-money laundering procedures up front.

Whether your business model or planned token sale requires that you have a formal anti-money laundering program in place or not, you are always required to avoid conducting transactions involving criminal proceeds. Among others things, federal anti-money laundering laws prohibit the following types of financial transactions:

  • Concealment or Promotion Money Laundering, 18 U.S.C. § 1956(a)(1): This statute prohibits a transaction in the proceeds of crime in which a person knows that the property involved comes from some form of unlawful activity, even if that person does not know the precise nature of the underlying criminal activity. To be in violation of this law, there must be an intent on the part of the person conducting the transaction — most often proven through circumstantial evidence — to conceal the true nature, location, source, ownership or control of the funds, or to reinvest in or “promote” future criminal activity.
  • International Money Laundering, 18 U.S.C. § 1956(a)(2): This law applies even to “clean” funds that are not currently the proceeds of criminal activity but are sent internationally to “promote” certain categories of criminal activity.
  • Money Spending Statute, 18 U.S.C. § 1957: Applicable to transactions in criminal proceeds over $10,000, this law simply prohibits transactions where the participant (including currency exchangers, money transmitters, and brokers or dealers in securities or commodities) knows the funds are from some unlawful source.
  • Money Laundering Conspiracy, 18 U.S.C. § 1956(h): Two or more individuals who intend to conduct a transaction in criminal proceeds may be liable for any foreseeable offenses committed by their co-conspirators in furtherance of the scheme.

Not only are the above offenses subject to criminal or civil prosecution, but the proceeds of criminal activity, as well as any property “involved” in a money-laundering offense — which may include such things as non-tainted funds in the same account, commissions or fees, websites or even an entire business — are subject to criminal or civil forfeiture.

In this environment, then, is it enough, for example, to require a buyer of your tokens to represent to you in writing that the funds they are paying you with are “clean”? Maybe, but maybe not. If your buyer makes that representation but there are red flags around the transaction suggesting otherwise, those representations by themselves will not insulate you from liability.

As we discuss below, if your business model puts you in the category of being a money services business, you will need to take additional steps. If not, you will still want to make sure you know and understand your customer and their transaction; be on the lookout for transaction details that are not customary; and keep records of your due diligence.

You May Need to Register as a Money Services Business

Probably the most significant question you will need to answer in relation to your anti-money laundering obligations as you prepare to undertake a token sale is whether your sale amounts to “money transmitting” under federal law. Be aware that “money transmitters” are also highly regulated under each state’s laws, many of which require advance licensure; however, because state money transmitting laws are typically aimed at consumer protection rather than anti-money laundering, we do not address the issue of state regulation here other than to note that there is no uniform licensing scheme across the 50 states.

Under federal law, “financial institutions,” which include “money transmittersx” (a category of “money services businesses”), are regulated under the Bank Secrecy Act, 31 U.S.C. 5311, et seq., and are subject to a number of specific requirements that are defined and overseen by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). According to FinCEN, “money transmitting services” means:

the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.

FinCEN issued guidance in 2013 making clear that it views its money-transmitting regulations as applying to “persons creating, obtaining, distributing, exchanging, accepting or transmitting virtual currencies.” With regard to token issuers using a decentralized network, FinCEN has concluded that anyone who qualifies as a virtual currency “exchanger” is a money transmitter.

Even more specifically, while not formal industry guidance, in a letter responding to a Member of Congress (that became public in early March but was issued on February 13, 2018), FinCEN expressed its view that initial coin offerings (“ICOs”) qualify as money transmitting, stating:

A developer that sells convertible virtual currency, including in the form of ICO coins or tokens, in exchange for another type of value that substitutes for currency is a money transmitter and must comply with AML/[Combating the Financing of Terrorism] requirements that apply to [MSBs].

Importantly, entities or individuals who do not follow these rules and that operate an unlicensed money transmitting business are subject to criminal prosecution under 18 U.S.C. § 1960. Yet, to further complicate matters, FinCEN’s letter also noted that an ICO involving securities or derivatives might instead be subject to the authority of the Securities and Exchange Commission or Commodity Futures Trading Commission, each of which have separate — although similar — AML/CFT requirements.

Ultimately, whether you will need to register with FinCEN as a money transmitter is going to depend on the specific facts and circumstances of your token sale and business model, but you will want to consider this question carefully.

If You Are a Money Services Business, Special AML Requirements Apply

If you are a money transmitter and subject to FinCEN’s regulations, you are subject to a number of specific requirements. First, you must register as a money-transmitting business within 180 days from the date the business was established and maintain a list of any agents working with you. Most broadly, money transmitters are required to:

develop, implement and maintain an effective anti-money laundering program, reasonably designed to prevent the money services business from being used to facilitate money laundering and the financing of terrorist activities.

Additionally, you will be subject to a number of reporting and record-keeping requirements, particularly the requirement to file Suspicious Activity Reports, or SARs, for transactions over $2,000 that appear to involve funds from illicit activity; be designed to evade reporting requirements under the Bank Secrecy Act; or serve no apparent lawful or business purpose.

To meet AML requirements, money transmitters must have a formal AML compliance program that includes the following four elements: 1) written policies and procedures; 2) a designated AML compliance officer; 3) independent review and monitoring of the AML program; and 4) a training program for relevant personnel regarding their AML responsibilities.

Finally, while it may be possible to assign the responsibilities for your AML program to a founder, manager or employee with other duties if your business does not currently support a stand-alone function, keep in mind that it is critical that this function be resourced and, most importantly, free from the influence of the business or sales side of the organization.

Operating a money transmitting business without meeting these requirements established by the Bank Secrecy Act could subject both your business and the individuals involved in it to civil and criminal penalties.

Do You Have Foreign Partners or Corporate Customers? Take These Extra Steps

Many participants in the cryptocurrency and token sale marketplace are based outside of the United States. If you have what FinCEN refers to as foreign “agents” — a term it uses to include “authorized delegates, foreign agents or counterparties, agents and sub-agents” — your AML program must meet additional requirements.

For example, if you have a contractual arrangement to make your tokens available to a foreign company or its customers through the foreign company’s software platform, you must:

  • conduct due diligence on foreign agents and counterparties;
  • consider a number of particular risk factors and do risk-based monitoring of your agents and counterparties; and
  • develop and implement a policy for corrective action and termination for non-compliant entities.

While you may be able to contractually allocate the responsibility for developing these policies, procedures and internal controls to your agent or counterparty, you will remain liable to ensure that they are fully operational.

OFAC Compliance: An AML Program Is Not Enough

Every U.S. person and business is required to avoid engaging in financial transactions with certain individuals, entities and countries that are subject to U.S. economic sanctions. Accordingly, when you offer your tokens for sale in a public or private offering, it is your obligation to ensure that none of your purchasers are on the list of prohibited individuals or entities maintained by the Treasury Department’s Office of Foreign Assets Control (OFAC). You also need to be sure that your customers and other business partners are not based in countries subject to broader economic sanctions, the list of which currently includes Cuba, Iran, North Korea, Syria and the Crimean region of Ukraine.

Compliance with the economic sanctions programs administered by OFAC and compliance with the AML laws established under the Bank Secrecy Act are often considered in the same breath. And, while effective OFAC screening and AML programs will certainly have areas of overlap, namely a robust customer identification procedure, they are two separate and distinct programs and responsibilities and you should have separate procedures for each.

OFAC compliance involves screening the names of individuals or entities against a highly complex and often-changing list of sanctioned parties, countries and regions. Most companies make use of third-party servicers to conduct this screening on their behalf, but it is prudent to do some due diligence to ensure those service providers themselves have the sophistication required to capture any potential prohibited transactions.

Can you shortcut this process by simply having your token buyer represent they are not on the OFAC sanctions list? While such representations are helpful, they are not sufficient. Unlike the risk-based compliance expectations, with AML requirements, you are strictly liable for OFAC screening failures and OFAC can pursue even minor violations.

Nonetheless, should you be found to have violated economic sanctions laws, the strength of your OFAC compliance program, along with your state of mind and other factors, will be considered in the determination of any penalty.

Be Ready to Demonstrate Your AML and OFAC Compliance

As with any business, when operating in the cryptocurrency space, you should be prepared for questions from a regulator or investigator with jurisdiction over the activity. Whether you are a money transmitter with a formal written AML program or not, one of the first demands you are likely to receive in any federal or state inquiry is to produce a copy of your AML program and policies as well as your customer identification procedures and screening protocols.

Examiners or investigators will be looking at whether you have taken the time to recognize and identify risk factors and risk categories for the counterparties with whom you are doing business. And they will look to see whether you have developed procedures intended to mitigate those risks and avoid conducting transactions with or for blocked parties or illicit funds. If you are equipped with written AML guidance and OFAC screening processes, including a clear allocation of responsibility within your company for ensuring compliance, you will be off to a good start.

There Is Room for Innovation

Federal agencies involved in regulating and overseeing the marketplace for token sales recognize the value to our society of the emerging technologies behind this activity, even if they are scrambling to catch up with the technology on an institutional level. While the burden to a new company of meeting the legal and regulatory requirements for AML and OFAC compliance is not insignificant, prior planning in these areas will protect your investment of time and resources and create room for greater innovation.

This is an guest post by Laurel Loomis Rimon, Senior Counsel at O’Melveny & Myers LLP . View expressed are hers alone and do not necessarily reflect those of BTC Media or Bitcoin Magazine. This article is intended for information purposes only and does not constitute legal advice. Please do your own due diligence.