Written by Alison Wester, Partner
Cryptocurrencies such as Bitcoin, Dogecoin and others are getting a lot of attention. No longer the exclusive purview of early adopters, a growing number of people are utilizing cryptocurrencies (also known as digital or virtual currencies). With more than 4,000 crypto ATMs and kiosks currently operational in the Southeast, these transactions are becoming more common, not only in major metropolitan areas but also in more rural parts of the country.
Regulators are striving to quickly formulate consistent standards for monitoring and managing cryptocurrency’s risk potential. While the Financial Crimes Enforcement Network (FinCEN) issued guidance in 2019 and the regulatory agencies issued the “Interagency Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism National Priorities” on June 30, 2021, financial institution regulators continue to work to establish final expectations for the industry.
Given these regulatory priorities and the rise in the popularity of cryptocurrency transactions, financial institutions must actively work to mitigate the impact of crypto-related transactions on their risk profile and operations. We recommend a number of best practices described in the Bank Secrecy Act/Anti-Money Laundering program. Here are some of the most crucial steps financial institution leaders can implement now to identify and address crypto-related risks within their institution:
- Update policies and procedures to include risks associated with cryptocurrency businesses and transactions. Creating and implementing a comprehensive cryptocurrency policy that includes clear guidelines and procedures around cryptocurrency activity is a critical first step for financial institutions.
- Add cryptocurrency activity education/training for staff and board members. With virtual currency still an emerging phenomenon for financial institutions, many employees and even board members may have little or no understanding of the potential risks associated with crypto-related transactions. It is important to familiarize all institution personnel and other involved parties with the risks, teach them how to identify red flags and provide training on security protocols and reporting procedures.
- Identify the level of cryptocurrency activity in the BSA/AML risk assessment for the Financial Institution and its business customers. Including an analysis of the level of cryptocurrency activity in routine risk assessment not only helps alert leaders to potential problems, but also increases preparation for impending FinCEN requirements related to these transactions.
- Discuss AML software parameters and keyword identifiers within any automated BSA monitoring program and determine if the product is set up to detect various crypto-related transactions. Adjust the parameters as necessary. Regulators strongly encourage financial institutions to increase their use of technology in complying with BSA requirements. Optimizing the institution’s existing technology assets for maximum cryptocurrency-specific benefit is a strategy that’s both efficient and effective in helping meet the organization’s legal and ethical obligations.
- Include evaluation of cryptocurrency activity in annual account reviews for business and individual customers to identify any high-risk activity. As virtual currency goes mainstream, many customers with long-established accounts are likely to initialize cryptocurrency activities. However, unusual changes in the type, pattern or volume of crypto transactions in some cases can signify activity that deserves closer scrutiny.
- Consider incorporating an anticipated cryptocurrency activity question for any new accounts opened. Identifying these accounts proactively can help institution leadership focus attention on risk-prone areas and monitor these activities for risk. Institutions may also choose to require additional information and/or documentation from these applicants prior to approving a new account.
- Identify any customers that maintain Bitcoin ATMs. A good starting point would be conducting site visits to existing customers that maintain ATMs and determining if they have maintained Bitcoin ATMs on-site. If so, the account would have to be re-classified as a Money Service Business (MSB) as the Bitcoin ATMs process currency exchange transactions and fall under the definition of a MSB. The customer would then be required to comply with MSB requirements, including but not limited to FinCEN registration, state licensing, and establishing BSA/AML policies and procedures. For new privately-owned ATM customers, include a certification from the customer whether or not they maintain Bitcoin ATMs.
As the changes and modernizations stemming from the changing transaction landscape and the Anti-Money Laundering Act of 2020 are fully realized over the next several years, future requirements for the reporting of any digital currency transactions that flow through an institution are likely. Even before such a requirement becomes law, banks and credit unions financial institutions can and should develop strong protocols to monitor and mitigate risk associated with cryptocurrency transactions.
By taking a proactive stance to identify and limit these risks, bank institution leadership can protect their institutions and the broader community. Reach out to your Mauldin & Jenkins advisor for help preparing to comply with future FinCEN regulations while keeping your bank institution safe and sound.