FinCEN offers guidance to clarify AML/CFT obligations related to cryptocurrencies

By: Ilian Vasco

I share a summary of the guide published on 9 May by The Financial Crimes Enforcement Networkwhich I am sure many of us have seen but have not had time to read. In principle, it is not about new regulations, but extends the existing ones to various business models that operate with cryptoassets and fiat money; ultimately all those that offer money services (MSB).

The starting point is that all money services businesses (MSBs) must be registered with FinCEN and have an AML programme, which involves: specifying a know-your-customer (KYC) policy, appointing a compliance officer, monitoring transactions and establishing suspicious transaction reports (SARs). 

An MSB is a person that conducts all or a significant portion of its business in the United States (even if not physically located in the United States) and operates directly or indirectly as a money transmitter. Money transmitters are those who transmit funds of some monetary value (this includes cryptocurrencies) and receive a profit from the transaction. 

However, there are numerous exceptions. Those who trade in Convertible Virtual Currencies (CVCs) and are regulated under the U.S. Securities and Exchange Commission (SEC). U.S. Securities and Exchange Commission (SEC); the U.S. Commodity Futures Trading U.S. Commodity Futures Trading Commission (CFTC) or are persons who sporadically engage in MSB activities are NOT required to comply with an AML program.

The following are examples of activities that must comply with the AML programme, although all have some exceptions: 

Peer-to-Peer services: As long as there is a profit to be made from the transaction.

CVC wallets: Depending on the type of wallet. 

CVC cashiers and kiosks. 

Decentralised applications (Daps): As long as they transmit value regardless of whether they make a profit. 

Mixers: As they are considered to provide a secure money transmission service. - CVC payment processors: With some exceptions. 

Decentralised DEX exchanges: As long as they trade tokens that have been listed as securities. 

ICOS emitters. 

Pools of miners: As long as they have a shared wallet from which CVS transmissions are made for all members of the pool. The guidance itself is interpretative in nature and if some key features are not met, an entity may interpret that it is not covered by the Bank Secrecy Act which requires it to implement the AML programme.


This guidance feels non-intrusive and seems to preserve some key features of cryptoassets (such as decentralisation of operations) given the numerous exceptions. Importantly, FinCEN seeks to regulate certain activities and not an entity per se, which can be seen as an attempt not to strangle the cryptoasset market. However, it leaves many practical ambiguities; for example, in the case of DApps and DEX which are decentralised platforms, where no one governs, owns or oversees, who or how could an AML system be implemented, if it is software that is open source?


Testing no more

Say 1, 2, 3, 4