Part 3: Regulation & Compliance
There are those in the cryptocurrency industry that would rather see no regulation in the space, and lean into the anonymous and decentralized nature of blockchain technology. But for cryptocurrency to have the impact we want to see, it must be regulated. This is a good thing for both businesses, and the protection of consumers.
In North America, there are a number of regulatory bodies involved in oversight of the cryptocurrency market, and several compliance related activities that must accompany regulation, including financial registrations, AML / ATF policies, KYC requirements, and significant reporting requirements like the travel rule.
Anti Money Laundering (AML)
Anti money laundering procedures are designed to explicitly identify suspicious activity surrounding money movements that may indicate some level of criminality. Money laundering is the process of making money from criminal activity that seems like it comes from a legitimate source, and innovative criminals are always looking for fresh ways to launder their earnings.
While criminal activity is growing in cryptocurrency, it’s at an order of magnitude less than the overall growth of the market, representing less than 1% of overall activity. Even so, the same checks and balances that exist in traditional finance must also be deployed in crypto.
Know Your Customer (KYC)
Part of AML prevention comes from the practice of KYC, or know your customer. This is a process that entails gathering required information to properly identify account holders, and flagging certain types of users that could be at risk, such as Politically Exposed Persons (PEP) and Heads of International Organizations (HIO).
Know Your Transaction (KYT)
Getting a bit more granular, KYT, or know your transaction, looks at individual cryptocurrency transactions. It provides analytical context to the source and movement of funds, as they are transferred between wallets during a transaction.
You can think of wallets as a specific and unique address, just like an email or home address. These addresses can be flagged for malicious behavior, and there is a new breed of companies popping up that help to monitor and flag these suspicious addresses, or suspicious behavior around the cryptocurrency transfer.
Know Your Virtual Asset Service Provider (KYVASP)
Yet another newer layer of AML for cryptocurrency is the concept of Virtual Asset Service Providers (sometimes referred to as dApps). These are largely distributed services that exist in the decentralized finance (DeFi) space, which holders of cryptocurrency can interact with for access to advanced financial mechanisms.
Not every service provider is as safe as the next, so gaining an understanding of these services before use is key. An analytical review of a dApp, including the likely source of funds deposited/withdrawn, allows for a reasoned decision on whether or not to interact with the provider..
The Travel Rule was initially developed by the FATF and enforced by G7 countries for fiat currency movement. These guidelines and recommendations have now been released for cryptocurrency, and organizations operating in the space must adhere to these rules. It specifies certain details that must be included with cryptocurrency transactions so that provenance and identities around cryptocurrency movement can be fully understood.
Due to some of the cryptocurrency history in Canada, specifically surrounding now defunct exchange Quadriga CX, Canada has taken a fairly stern line on how they regulate cryptocurrency. There are a number of regulator frameworks that are typically required to work with crypto in Canada.
At the Federal level in Canada, you have several oversight bodies responsible for creation and enforcement of regulation. Most notably would be FINTRAC (Financial Transactions and Reports Analysis Centre of Canada) whose purpose is for the surveillance of money transactions that resemble money laundering or terrorist financing.
The Canadian Securities Administration (CSA) has offered some interim guidance that does allow organizations to operate, which they refer to as the Restricted Dealer Framework. If you are trading and custodying crypto, then you must register as a Restricted Dealer. Once registered you’re limited in the types of solutions you can provide to those approved specifically by the regulators.
Lastly, it may be required to register with IIROC (Investment Industry Regulatory Organization of Canada), which is a non-profit, national self-regulatory organization. IIROC oversees all registered investment dealers and trading activity on equities and debt markets in Canada. Oversight duties include monitoring members for compliance and enforcing securities regulations through quasi-judicial proceedings. This is both very costly to register, as well as maintain appropriate monitoring.
Provincial regulators exist in each province, handling both the oversight of regulation and enforcement of securities activity, for example the Ontario Securities Commission (OSC) and the Alberta Securities Commision (ASC). While cryptocurrency itself has not been deemed a security, it can become a security depending on how it’s handled.
For example, operating as any type of exchange, where you are trading dollars for crypto, puts your organization squarely in the sights of FINTRAC, where you must register as a Money Service Business, and specifically a Virtual Currency Dealer. A Money Services Business is used to describe a business that transmits or converts money, and operating as one drives a number of anti-money laundering activities that your business must adhere to.
If a single organization offers both trading (swapping dollars for cryptocurrency) and custody (storing that cryptocurrency in a wallet on behalf of a user) then they are deemed as creating a security. This stems from the fact that the cryptocurrency is not being ‘immediately’ delivered to a user, and instead the user receives a sort of IOU to retrieve their cryptocurrency later. Once you tip into this regulated area, you’re in the domain of the provincial regulators. It should be noted that it’s the location of your end-user that dictates the applicable laws and regulations, and exact specifics may change.
Working with crypto in the United States is typically a little easier than in Canada, though there are a number of regulatory bodies that are involved in the space. The location of your business and end user will determine the specific bodies that are required to be dealt with.
At the state level, it’s required that you are a Money Services Business, with the specific Money Transmitter designation which allows you to handle cryptocurrency. It should be noted that New York requires additional licensing in the form of a BitLicense, that is handled independently to MSB or Money Transmitter licenses.
At the federal level there are several bodies involved in regulation, each with specific duties in the creation and enforcement of legislation regarding virtual currencies. With multiple governmental entities involved, complexity of monitoring and reporting for compliance can be cumbersome and overwhelming at times.
For instance when processing transactions, it is important to verify individuals and/or wallets are not blacklisted in compliance with The Office of Foreign Assets Control (OFAC) requirements, which is in addition to FINCEN’s requirements to report AML, ATF, and other financial related crimes.
When considering cryptocurrency taxes, the Department of the Treasury (USDT - not the stablecoin) is responsible for enforcing the federal finance and tax laws, along with their role of supervising national banks and printing paper currency and coins. The USDT is most likely to be intimately involved in a US CBDC or regulation of the USD pegged stablecoin market as regulation matures.
In certain circumstances, if you are deemed as creating securities related products because of the structure of your cryptocurrency offering, you may be required to become a Regulated Dealer or Broker-Dealer.
Jump into Part 4 of this series, Building with and in Web3.