one of the first companies in the fledgling field to start creating programs to comply with the new regulations.
“We couldn’t agree more with Chief Weber’s observation that a ‘Wild West environment’ is untenable in financial services,” Ripple spokeswoman Monica Long said in a statement. “To that end, and as the government has recognized in today’s agreement, Ripple Labs has cooperated extensively with the government during its investigation and has taken a number of important steps over the years to build and strengthen our compliance programs.”
Ripple took the federal enforcement action in stride. On May 19, the company announced that it had raised $28 million from investors including IDG Capital Partners and the corporate venture arms of CME Group and Seagate Technology. The company plans to expand its role as as a provider of real-time transaction settlements for banks and corporations, through an Internet-based technology in which XRP can be used as a nexus between cross-currency trades.
However, many companies can find it challenging to understand and apply the FinCEN regulations.
“Most businesses in this area are genuinely trying to comply with the law, but need guidance on how to do that because the regulators’ views are constantly developing,” attorney Seetha Ramachandran says. Ramachandran is litigation special counsel at Schulte Roth & Zabel, and a former federal prosecutor who served as co-head of the Department of Justice’s money laundering and bank integrity unit.
FinCEN has defined two classes of businesses that are usually required to register as money services businesses and to maintain in-house anti-money laundering monitoring programs. The first class includes administrators of virtual currencies who can put such units of value into circulation or withdraw them. In the second class are the exchangers, who trade virtual currencies for government-backed currencies, or for other virtual currencies or funds.
In general, people who use virtual currencies simply to pay for real or virtual goods are not bound by the obligations of money services businesses, the agency has said.
But FinCEN has spent the last two years fielding questions about how its regulations would apply to specific kinds of companies or individuals, such as investors in virtual currencies, companies that distribute software to facilitate the purchase of these currencies, and Bitcoin miners.
Virtual currency businesses can get help navigating through the regulatory complexities from an established network of consulting firms and attorneys that is already helping banks manage their obligations under FinCEN’s strictures.
BlockScore has carved out a niche in that industry sector. The startup tailored its services for innovative young companies that might be low-priority customers for giant global firms such as Navigant and Protiviti, Morton says. BlockScore allows companies to get up and running with its service almost immediately, while larger firms may take three months or more to evaluate potential customers and negotiate contracts, he says.
BlockScore is not a comprehensive compliance service, but it tackles a key element of business anti-money laundering programs: verifying the identities of customers who want to execute transactions. Morton, BlockScore’s president, says the company now has hundreds of customers, including financial institutions, fantasy sports betting outfits, and Seattle-based Coinsafe, a virtual currency business.
As part of its service, BlockScore continuously scans government watchlists for names suspected in criminal schemes such as fraud and identity theft. Its customer base also includes companies whose primary activity is not currency trading, but nevertheless need to know who they’re dealing with. These include ride-sharing companies that sign up drivers, and online pharmaceutical businesses that ship prescription drugs.
Financial institutions that ferret out false identities and possible wrongdoers by complying with FinCEN’s “Know-Your-Customer/Know-Your-Counterparty” rules may not only help government investigators catch crooks—they may also avoid becoming the focus of a government probe themselves.
Often, the financial institution is not necessarily the original target of an investigation.
“Prosecutors typically start by looking at other criminal activity,” Ramachandran says. “Then they focus on where the underlying transactions were conducted—which can sometimes lead to an investigation of a financial institution for Bank Secrecy Act violations.”
Ripple Labs may have ended up under the microscope for a similar reason, some observers have speculated. One of the individuals mentioned by government authorities in the list of Ripple’s violations was Roger Ver, a Bitcoin advocate with a prior federal felony conviction for storing and mailing explosive devices, according to Ripple’s settlement agreement with prosecutors. Ver, who was known to Ripple because he was an investor in the company, was allowed to execute a $250,000 sale of XRP to a third party without filling out a “know your customer” form and submitting his identification to Ripple, prosecutors said.
Under its agreement with federal authorities, Ripple must now require all new and continuing customers to submit identification. It must also scrutinize its past transactions, and report any questionable sales or exchanges to the government.
BlockScore, which provides identity verification, refers its customers to outside experts such as attorneys to learn how they can comply with other requirements for money services businesses. These include drawing up a company anti-money laundering policy, employing an anti-money laundering compliance officer, training employees to guard against illegal activity, and reporting suspicious transactions.
“It does become onerous for a small company to comply with these things,” Morton says. However, Morton sees the government’s move to bring virtual currencies under a clear regulatory framework as a big boost for the industry. It helps startups create legitimate businesses and dispel wariness among potential investors and customers, he says.
In his dealings with regulators, Morton says he has found that they want to create an environment to help companies comply with the FinCEN rules. “It’s not designed to ensnare people trying to operate a legitimate business,” Morton says.
When companies do miss the mark, however, both companies and individual company officers can be vulnerable to civil or criminal prosecution.
“Individuals can be charged under the Bank Secrecy Act,” Ramachandran says. “We haven’t seen it very often in the criminal context. But there have been a number of regulatory actions charging AML [anti-money laundering] and other compliance officers individually.”
“There is a concern in the industry that those people responsible for compliance programs face individual liability for what may be an organizational failure,” Ramachandran says.
Small companies, however, can’t simply outsource their compliance obligations to an outside firm of experienced experts, Morton says. A third-party vendor isn’t privy to everything that goes on within a client company, and has no power to make the client comply fully with the law, he says.
“Somebody inside the company has to take responsibility,” Morton says.
