Between the decline in cryptocurrency prices and the bankruptcy of several large players in the industry, today’s cryptocurrency companies face no shortage of challenges. However, cryptocurrency companies should not lose sight of their day-to-day obligations, particularly those concerning compliance.
In fact, both state and federal regulators continue to bring enforcement actions against cryptocurrency companies over alleged compliance deficiencies, resulting in substantial monetary penalties and, in extreme cases, even arrest of the companies’ founders.
The risk posed by inadequate compliance shows no signs of abating. Early-stage cryptocurrency companies can lay a foundation for future success by continually assessing their compliance obligations through a risk-based approach, and quickly addressing any deficiencies, particularly during periods of rapid expansion, as well as by vigilantly monitoring for new regulatory developments.
It is no secret that cryptocurrency regulation remains complicated, with several government regulators adopting differing and sometimes competing approaches.
1. Assess your business’s compliance risk and build a well-resourced compliance function
Cryptocurrency companies of all shapes and sizes would benefit from undertaking a dispassionate assessment of the compliance risks facing the company. The Financial Action Task Force (FATF), an independent, inter-governmental body that publishes global anti-money laundering compliance standards for both companies and governments, recommends that financial institutions, including cryptocurrency companies, adopt a risk-based approach to compliance.
This approach involves considering a company’s products, services, business model, customers, geography, and other factors in order to assess, and then address, the greatest risks to the company. As a company evolves and grows over time, these risks should be continually re-evaluated to ensure the company stays ahead of any developing compliance risks.
Cryptocurrency companies are often regulated by an alphabet soup of government entities. Some of the most common and well-known regulations include, for example:
- Registration and licensure requirements. Cryptocurrency companies are frequently required to register with various government regulators in order to operate, although companies may not always immediately recognize the requirement. For example, many cryptocurrency exchanges or ATMs are required to register as money services businesses with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network. Similarly, the New York State Department of Financial Services (NYSDFS) requires cryptocurrency companies to obtain a “bit license” if they conduct business in New York or with New York residents, which will likely include many companies that are not physically based in New York.
- Anti-money laundering and know your customer regulations. Many cryptocurrency companies must comply with Know Your Customer (KYC) regulations, which require these companies to collect substantial information regarding their customers during the onboarding process. Anti-money laundering (AML) laws also require that companies monitor transactions and report potentially suspicious activity. Together, these laws are designed to combat criminal activity and terrorist financing, as well as prevent transactions with sanctioned entities and individuals. Although these laws are widely known, in practice compliance can prove difficult, and cryptocurrency companies continue to be cited for alleged AML/KYC compliance failures.