The U.S. Treasury Wants to Know Your Customers, No Matter What the Currency


FinCEN, the Financial Crimes Enforcement Network, has indicated that cryptocurrencies will not get an enforcement “pass.”

By David Ma and Robert Braun

The Treasury Department has outlined its efforts to police electronic currencies in a letter to Sen. Ron Wyden after the lawmaker asked what the department was doing to ensure that Bitcoin and other cryptocurrencies are not being used by criminals to evade banking regulations.

Wyden, D-OR, is the ranking member of the Senate Finance Committee. He communicated his concern to the Treasury Department that cryptocurrencies could, among other uses, allow foreign governments to circumvent U.S. economic sanctions.

In its February 13, 2018 letter to Wyden, which surfaced in March, the Treasury Department reiterated its stance that cryptocurrency companies and trading organizations must comply with laws designed to combat money laundering and the financing of terrorism. To comply, these companies and organizations must investigate customers and report suspicious transactions to authorities.

While the letter does not go into further detail about what this would mean for established cryptocurrencies or Initial Coin Offerings (ICOs), some observers fear that this could mean that ICOs would be required to perform the same “Know Your Customer” (KYC) due diligence that banks do when customers open bank accounts. It also implies that cryptocurrency companies and organizations may have some obligation to monitor transactions made with their cryptocurrency.

But given the anonymous nature of cryptocurrencies, it would be difficult, from a practical perspective, for an ICO to perform the same “know your customer” diligence that a bank does.

In his letter to Wyden, U.S. Treasury Assistant Secretary for Legislative Affairs Drew Maloney said that the Treasury’s Financial Crimes Enforcement Network, known as FinCEN, maintains a team of analysts to examine BSA filings from virtual currency money services businesses (MSBs) and other emerging payment providers, including filings related to digital coins, tokens and ICOs.

Maloney noted that virtual currency exchangers and administrators have been subject to the BSA’s money transmitter requirements since 2011.

These requirements include that cryptocurrency issuers and exchanges must:

  • Register as Money Services Businesses (MSBs)
  • Prepare a written AML (anti-money laundering) compliance program
  • Adhere to Bank Secrecy Act (BSA) reporting requirements
  • Obtain customer identification information to comply with anti-money laundering requirements
  • Comply with all Office of Foreign Assets Control (OFAC) obligations.
  • While the letter is not definitive, the letter does signal that the government is continuing to closely monitor the cryptocurrency sector and may be readying further regulations.

Some ICOs have already registered with FinCEN in anticipation of future regulation, although most ICOs have not. In many cases, ICOs have launched outside of the United States specifically to avoid scrutiny by federal and state regulators. Maloney said in his letter that the Treasury Department, working with the IRS, has conducted “comprehensive, periodic examinations” of about one-third of the approximate 100 virtual currency issuers and exchangers that have registered with FinCEN. “Treasury expects businesses involved in ICOs to meet the BSA obligations that apply to them,” Maloney wrote.

Cryptocurrencies are popular among hackers, criminals, and those looking to transfer money anonymously. Bitcoin and other cryptocurrencies are not backed by any government, and do not identify users by name, though they are tracked by blockchain, an innovative way to keep a decentralized, public, secure record of all transactions. Blockchain has broad applications beyond cryptocurrency.

While regulators are wary of its black market potential, law-abiding investors and younger consumers comfortable with Square Cash are drawn to cryptocurrency, both as investments and as a way to quickly pay for goods and services.

Nearly 16.3 million Americans, or 8 percent of the U. S. population, own some form of cryptocurrency, according to a survey by the personal finance website  That number is expected to grow. Bitcoin topped the list at 5 percent, followed by Ethereum at 2 percent and Bitcoin Cash at 0.9 percent. Overseas, cryptopcurrencies are even more popular.

In February, the Senate Banking Committee heard testimony from the chairman of the Commodity Futures Trading Commission (CFTC), Christopher Giancarlo, and the chairman of the Securities and Exchange Commission (SEC), Jay Clayton. The regulators spoke more positively about Bitcoin and blockchain technology in general, which makes Bitcoin possible, than markets had expected, and said the government did not want to stifle financial innovation. Bitcoin prices rose to $7,650 following the hearing, after dipping below $6,000 just a day earlier.

At the same time, the Securities and Exchange Commission has warned the public about the potential for ICO scams. ICOs have been used by some startups as an alternative method of fundraising, sometimes drawing the ire of the SEC.

While the direction of regulation is unclear, what is known is that cryptocurrencies are gaining in popularity, and deserve attention as they become more widely used and commercially viable.

David Ma is a corporate attorney and a member of JMBM’s Cybersecurity and Privacy Group. He counsels public and private companies in mergers and acquisitions and corporate finance as well as general compliance and corporate governance, including cybersecurity issues. David represents a diverse client base, ranging from financial institutions to technology and start-up companies to manufacturing companies. Contact David at 310.785.5379.

Robert E. Braun is the co-chair of the Cybersecurity and Privacy Law Group at Jeffer Mangels Butler & Mitchell LLP. Bob helps clients to develop and implement privacy and information security policies, negotiate agreements for technologies and data management services, and comply with legal and regulatory requirements. He helps clients to develop and implement data breach response plans, and he and his team respond quickly to clients’ needs when a data breach occurs. Contact Bob at or +1 310.785.5331.

JMBM’s Cybersecurity and Privacy Group counsels clients in a wide variety of industries, including accounting firms, law firms, business management firms and family offices, in matters ranging from development of cybersecurity strategies, creation of data security and privacy policies, responding to data breaches and regulatory inquiries and investigations, and crisis management. The Cybersecurity and Privacy Group uses a focused intake methodology that permits clients to get a reliable sense of their cybersecurity readiness and to determine optimal, client-specific approaches to cybersecurity.