skip to Main Content

FinCEN Proposed Rule Change for Unhosted CVC Wallets

FinCEN Takes a Measured Approach to Money Laundering Risks Posed by Unhosted CVC Wallets

On December 18, the Financial Crimes Enforcement Network (FinCEN) released a proposed rule change for virtual currency transactions with unhosted wallets. Under the proposed change, banks and money services businesses (MSBs) would be required to verify the identity of their customer and submit reports for CVC transactions over $10,000  and keep records of CVC transactions greater than $3,000 when a counterparty uses an unhosted or otherwise covered wallet. “Otherwise Covered” wallets as those wallets that are held at a financial institution that is not subject to the BSA and is located in a foreign jurisdiction identified by FinCEN as jurisdictions of primary money laundering concern including Burma, Iran, and North Korea.

Under the proposed change, banks and money services businesses (MSBs) would be required to submit reports, keep records, and verify the identity of customers in relation to transactions above certain thresholds involving unhosted wallets. Information to be collected includes:

  1. The name and address of the financial institution’s customer;
  2. The type of convertible virtual currency (CVC) or legal tender digital asset (LTDA) used in the transaction;
  3. The amount of CVC or LTDA in the transaction;
  4. The time of the transaction;
  5. The assessed value of the transaction, in U.S. Dollars, based on the prevailing exchange rate at the time of the transaction;
  6. Any payment instructions received from the financial institution’s customer;
  7. The name and physical address of each counterparty to the transaction of the financial institution’s customer;
  8. Other counterparty information the Secretary may prescribe as mandatory on the reporting form for transactions subject to reporting pursuant to § 1010.316(b);
  9. Any other information that uniquely identifies the transaction, the accounts, and, to the extent reasonably available, the parties involved; and,
  10. Any form relating to the transaction that is completed or signed by the financial institution’s customer.

The full Notice of Proposed Rulemaking (NPRM) can be read here: https://public-inspection.federalregister.gov/2020-28437.pdf


This proposed rule would add a new recordkeeping requirement, requiring banks and MSBs to keep records and verify the identity of their hosted wallet customers, when those customers engage in transactions with unhosted or wallets hosted by a foreign financial institution not subject to effective anti-money laundering regulation (an “otherwise covered wallet”) with a value of more than $3,000.

According to the NPRM, Banks and MSBs would be required to verify and record the identity of their customer engaged in a reportable transaction, meaning transactions with unhosted or otherwise covered wallets. Notably:

“in the case of a transaction in which the bank’s or MSB’s customer is the sender and the bank or MSB is aware at the time of the transaction that reporting is required the bank or MSB should not complete the transmission of funds until such recordkeeping and verification is complete. Similarly, in the case of a transaction in which the bank’s or MSB’s customer is the recipient, the bank or MSB would need to obtain the required recordkeeping and verification information as soon as practicable. In addition, under the proposed rule, banks and MSBs would be expected to incorporate policies tailored to their respective business models should the bank or MSB be unable to obtain the required information, such as by terminating its customer’s account in appropriate circumstances.”

In determining the level of verification needed, the NPRM states:

“The bank or MSB would need to establish risk-based procedures for verifying their hosted wallet customer’s identity that are sufficient to enable the bank or MSB to form a reasonable belief that it knows the true identity of its customer.”

With respect to counterparty information that would be required to be collected and, in some cases, reported: 

“the proposed rule would require the reporting of certain identifying information including, at a minimum, the name and physical address of each counterparty.” 

In order to qualify for an exemption:

“banks and MSBs would need to have a reasonable basis to determine that a counterparty wallet is a hosted wallet at either a BSA-regulated financial institution or a foreign financial institution in a jurisdiction that is not on the Foreign Jurisdictions List.”

The NPRM also covers transactions that may involve multiple senders and recipients, indicating that:

“banks and MSBs would be required to report, keep records, and engage in verification with respect to such transactions, if the aggregate amount of CVC/LTDA transactions involving unhosted or otherwise covered wallets, either sent or received from their customer’s account, exceeds $10,000 in value within a 24-hour period.” 

While most blockchain transactions are open to the public, FinCEN argues that the use of blockchain analytics software alone isn’t enough to fully protect against money laundering concerns stemming from unhosted wallets, stating:

while data contained on some blockchains are open to public inspection and can be used by authorities to attempt to trace illicit activity, FinCEN believes that this data does not sufficiently mitigate the risks of unhosted and otherwise covered wallets… Blockchain analysis can be rendered less effective by a number of factors, including the scale of a blockchain network, the extent of peer-to-peer activity (i.e., transactions between unhosted wallets), the use of anonymizing technologies to obscure transaction information, and a lack of information concerning the identity of transferors and recipients in particular transactions. Additionally, several types of AEC (e.g., MoneroZcash, Dash, Komodo, and Beam) are increasing in popularity and employ various technologies that inhibit investigators’ ability both to identify transaction activity using blockchain data and to attribute this activity to illicit activity conducted by natural persons.” 

The notice also proposes a new reporting requirement for banks and MSBs to file a report similar to currency transaction reports (CTRs) for transactions between their customers’ hosted wallets and unhosted or otherwise covered wallets, either as senders or recipients. This reporting requirement would apply “even if the user of the unhosted or otherwise covered wallet is the customer for which the financial institution holds a hosted wallet.”

FinCEN is requesting comments on the proposed requirements be submitted by January 4. Specifically, they are looking for responses to the following questions 

  1. Has FinCEN been sufficiently clear that the impact of the definitional change to “monetary instruments” would be limited to the reporting, recordkeeping, verification, and other requirements of this proposed rule, and not to preexisting regulatory obligations such as the CTR reporting requirement at 31 CFR 1010.311? With respect to the reporting requirements in proposed 31 CFR 1010.316, FinCEN in particular requests comment on the following questions from law enforcement, financial institutions, and members of the public:
  2. Describe the costs from complying with the proposed reporting requirement.
  3. Describe the benefits to law enforcement from the data obtained from the proposed reporting requirement.
  4. Has FinCEN struck a reasonable balance between financial inclusion and consumer privacy and the importance of preventing terrorism financing, money laundering, and other illicit financial activity? If not, what would be a more appropriate way to balance these objectives?
  5. Describe how the costs of complying with the proposed reporting requirement, or the benefits to law enforcement from the data obtained from the proposed reporting requirement, would vary were FinCEN to adopt a higher or lower threshold than $10,000.
  6. Describe how the costs of complying with the proposed reporting requirement, or the benefits to law enforcement from the data obtained from the proposed reporting requirement, would vary were FinCEN to apply the reporting requirement to all CVC/LTDA transactions by hosted wallets, including those with hosted wallet counterparties.
  7. Should FinCEN add additional jurisdictions to the Foreign Jurisdictions List or remove jurisdictions currently on that list? Are there any particular considerations FinCEN should take into account when adding or removing jurisdictions?
  8. Has FinCEN provided sufficient clarity to financial institutions on the scope of the aggregation requirements that apply to the proposed CVC/LTDA transaction reporting requirement?
  9. Discuss the costs and benefits of modifying the aggregation requirement to require aggregation for the purposes of the proposed CVC/LTDA transaction reporting requirement across both fiat and CVC/LTDA transactions.
  10. Has FinCEN properly considered the extension of the mandatory and discretionary statutory exemptions at 31 U.S.C. 5313(d)-(e) that are currently applicable to the CTR reporting requirement to the proposed CVC/LTDA transaction reporting requirement?
  11. Has FinCEN extended exemptions either too broadly or too narrowly? Was FinCEN correct to not extend the exemption from the CTR reporting requirement at 31 CFR 1010.315 related to transactions between a non-bank financial institution and a commercial bank to the proposed CVC/LTDA transaction reporting requirement?
  12. Should FinCEN extend the obligation to file reports under the proposed CVC/LTDA transaction reporting requirement to financial institutions other than banks and MSBs (e.g., brokers-dealers, futures commission merchants, mutual funds, etc.)? What would be the cost and benefits of extending the proposed CVC/LTDA transaction reporting requirements to other financial institutions? With respect to the proposed recordkeeping, verification, and other requirements in connection with CVC/LTDA transactions, FinCEN in particular requests comment on the following questions from law enforcement, financial institutions, and members of the public:
  13. Describe the costs from complying with the proposed recordkeeping and verification requirements.
  14. Describe the benefits to law enforcement from being able to access data verified and obtained based on the proposed recordkeeping and verification requirements.
  15. Could the verification requirements be adjusted to enhance the benefits to law enforcement without a significant change to the costs to banks and MSBs, or to reduce the costs to banks and MSBs without a significant change in the benefit to law enforcement?
  16. Describe the potential changes to the costs and benefits that would be available to law enforcement were FinCEN to maintain the reporting requirement of 31 CFR 1010.316 but also require that banks and MSBs verify the identity of the counterparties of their hosted wallet customers.
  17. Is it necessary for the anti-structuring prohibition to be extended to the proposed CVC/LTDA transaction reporting requirement? With respect to the proposed recordkeeping requirements in 31 CFR 1010.410(g), FinCEN in particular requests comment on the following questions from law enforcement, financial institutions, and members of the public:
  18. Would it be appropriate for FinCEN to require additional data be retained pursuant to 31 CFR 1010.410(g)?
  19. Describe the costs from complying with the proposed recordkeeping and verification requirements.
  20. Describe the benefits to law enforcement from being able to access data verified and obtained based on the proposed recordkeeping and verification requirements.
  21. Could the verification requirements be adjusted to enhance the benefits to law enforcement without a significant change to the costs to banks and MSBs, or to reduce the costs to banks and MSBs without a significant change in the benefit to law enforcement?
  22. Describe the potential changes to the costs and benefits that would be available to law enforcement were FinCEN to maintain the recordkeeping requirement of 31 CFR 1010.410(g) but also require that banks and MSBs verify the identity of the counterparties of their hosted wallet customers.
  23. Is it reasonable to require that records be retained in electronic form? Are the retrievability criteria reasonable?
  24. Should FinCEN extend the obligation to keep records under the proposed CVC/LTDA transaction reporting requirement to financial institutions other than banks and MSBs (e.g., broker-dealers, futures commission merchants, mutual funds, etc.)?
  25. Describe technical challenges to implementation to could impact reasonable ability to implement these requirements.

 

 

Back To Top