With lower transaction costs than credit cards and advantages to both users and business owners, virtual currency transactions are catching on. Despite their benefits, virtual currencies are squarely in the regulatory crosshairs.
On May 28, the Department of Justice indicted Liberty Reserve, a digital currency issuer and money transfer system, claiming it was “intentionally created, structured, and operated . . . to help criminals conduct illegal transactions and launder the proceeds.” The indictment also alleges unlicensed operation of a money transmission business and conspiracy. Bitcoin has also been making headlines. In May, the Department of Homeland Security seized accounts belonging to Mt. Gox—the largest Bitcoin currency exchange—for Mt. Gox’s failure to register as a money services business. More recently, the Bitcoin Foundation was warned that it may be acting as an unlicensed money transmitter. (See Payments Journal, 6/24/13). The Commodities Future Trading Commission may be considering regulating Bitcoins.
These moves follow the Financial Crimes Enforcement Network’s (“FinCEN”) clarifying guidance (March 18, 2013) on the applicability of its Money Services Business regulations to virtual currencies and portend a rising tide of enforcement in the virtual currency and emerging payments industries.
Scrutiny of emerging payment providers is not limited to virtual currencies—mobile apps with built-in payment features are also ripe for increased supervision. In January, Illinois issued a cease-and-desist order against mobile payment provider Square for unlicensed money transmission, saying Square was liable for $1,000 per day it operated without a license, $1,000 per violation of the Illinois law, and four times the value of funds transmitted in Illinois.
Providers of emerging payment products and systems must incorporate regulatory compliance into their operations to avoid penalties and enable their systems to grow. The brief road map of regulations below is a starting point for providers seeking to achieve compliance.
FinCEN Regs, Money Transmitter Laws and Other Sources of Supervision
FinCEN’s Money Services Businesses (“MSB”) regulations define MSBs to include: (1) dealers in foreign exchange; (2) check cashers; (3) issuers or sellers of traveler’s checks or money orders; (4) the United States Postal Services; (5) providers and sellers of prepaid access; and (6) money transmitters. The legal meanings of these terms are broad, and potentially ambiguous, leaving providers of emerging payment products and systems at risk of expansive interpretation. For example, the definition of “prepaid access” is “[a]ccess to funds or the value of funds that have been paid in advance and can be retrieved or transferred at some point in the future through an electronic device or vehicle,” and the term “money transmission” means “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.”
The applicability of the term “money transmission” to virtual currency was addressed by FinCEN in its March guidance, with FinCEN stating that while general users of virtual currency are not MSBs, administrators and exchangers of virtual currency are money transmitters, making them MSBs. FinCEN noted that “[t]he definition of a money transmitter does not differentiate between real currencies and convertible virtual currencies. Accepting and transmitting anything of value that substitutes for currency makes a person a money transmitter under the regulations implementing the [Bank Secrecy Act].” The Department of Homeland Security may have been relying on that clarification when acting against Mt. Gox, suggesting that providers of emerging payment products should pay close attention to FinCEN’s guidance. Although the guidance only discusses virtual currencies, it may herald a broadening view of the words “other value” and “another location” in the emerging approach to regulating money transmission.
State money transmitter laws, which are non-uniform, typically require maintenance of a state license by those engaged in the business of money transmission. Under these state laws, the term “money transmitter” broadly includes: (1) receiving money or monetary value for transmission; (2) selling or issuing stored value; and (3) selling or issuing payment instruments. These laws—which exist in 48 states plus DC, Puerto Rico, and the U.S. Virgin Islands—are being interpreted by some regulators to include emerging payment products and systems. At least 12 states have also transitioned their money transmitter licensing to NMLS—a nationwide, uniform licensing system with stringent application requirements.
Some states are considering reducing regulatory burdens on emerging payment providers, others are leaning toward expanded supervision, and some are combining both tendencies at once in their regulatory approaches. California, in the third group, is considering “common sense reforms” to its money transmitter laws to stimulate innovation but simultaneously threatening entities involved with Bitcoins with fines and criminal prosecution for unlicensed money transmission. Nebraska and Utah are in the increased regulation camp, with Nebraska having recently enacted a broad money transmitter act and Utah creating a supervisor of money services businesses.
In addition to FinCEN rules and state licensing laws, other regulations may impact providers of emerging payment products and systems, including stored value laws, the CFPB’s Remittance Transfer Rule, and rules of the Office of Foreign Assets Control compliance.
Compliance Approaches and Consequences
Whether any particular payment product or service falls within the regulations discussed above or another supervisory scheme depends on the purpose, features, functionality, flow of funds, and program participants, among other things.
If a law or regulation is applicable, the provider must ensure that each product or system is compliant. For example, FinCEN requires an effective anti-money laundering program for registered MSBs. In response to the seizure of its accounts, Mt. Gox began taking steps to meet its anti-money laundering obligations, such as verifying user accounts for limited purposes.
Providers deemed money transmitters under state law must obtain state licenses and comply with operating restrictions established by licensing laws. While states differ in their licensing requirements, detailed business information, corporate financial statements, officer and director information, surety bonds and licensing fees are typical. Licensees are usually subject to requirements such as filing annual reports, mandated record-keeping, and maintenance of permissible investments and customer complaint procedures.
Compliance can be costly and may require substantial resource commitments, but non-compliance can be even more costly, or lead to reputational damage. This creates uncertainty and intimidates investors and users. The Mt. Gox account seizure illustrates one such consequence, as did its widely-reported temporary freeze on withdrawal of Bitcoins in US dollar accounts. In a perhaps-not-unrelated development, Bitcoin prices steadily declined immediately following the regulatory actions against it and its largest exchange.
States regulating money transmitters may fine providers for non-complying transactions, as Illinois threatened in its cease-and-desist order to Square. Non-compliance with FinCEN’s regulations can result in penalties up to $5,000 per transaction. Additional enforcement actions will surely emerge as regulators seek to establish authority over this emerging industry. Significant numbers of customer complaints will also lead to higher levels of supervision, leading agencies such as the CFPB to step in. Indeed, the CFPB has already started tracking consumer complaints about money transmitters. Finally, “knowing” violations of the laws on money transmission are subject to criminal penalties, an unacceptable risk for financial services innovators.
The growth of emerging payment products is challenging existing regulatory frameworks. Financial regulators are bound to protect both the public and the financial system and are trying to determine whether new payment systems undermine or circumvent such protections. Some regulators have already begun pursuing virtual currency and payment system providers, with unhappy consequences for both financial innovators and their investors.
Providers of virtual currencies should proceed in these uncharted waters with caution, incorporating regulatory compliance in the creation, design and distribution of both products and operations. A “wait and see” compliance approach is no longer an acceptable option, as enforcement actions involving Mt. Gox, Liberty Reserve, Square, and the Bitcoin Foundation prove. Enforcement actions are on the rise and the lack of a thorough compliance element in a provider’s business plan and operations may become the equivalent of painting a target on a company’s back.
Margo Tank is a partner at BuckleySandler LLP, a financial services law firm in Washington, DC, New York and Los Angeles. She advises financial services providers and technology companies on structuring business programs and online platforms in compliance with the Electronic Signatures in Global and National Commerce Act (ESIGN) and the Uniform Electronic Transactions Act (UETA), and on compliance with other state and federal laws governing electronic and mobile financial services transactions, privacy and data security, electronic record management, money transmission and other payment methods (plastic or virtual), advertising and unfair or deceptive acts and practices. Contact her at firstname.lastname@example.org.