In the event of an attack on U.S. soil, the National Guard is sent in to protect U.S. citizens. But if the United States financial system is attacked by foreign actors, who is responsible for protecting it? The answer if FinCEN. 

What is FinCEN?

FinCEN, or the Financial Crimes Enforcement Network, is a government agency that enforces compliance with policies by financial institutions to prevent and protect the U.S. financial system from money laundering, terrorism financing, and other financial crimes, as well as punishing those involved. FinCEN is a bureau of the U.S. Department of the Treasury that collects, stores, and analyzes financial transaction data to fight or prevent any possible misuse of the financial system. Three major players are involved in FinCEN’s modus operandi: regulatory agencies, law enforcement, and financial institutions.

As the U.S. Financial Intelligence Unit (FIU), FinCEN believes tracking and fighting financial crime is a dark web challenging to navigate and fight alone. Therefore, FinCEN collaborates with other entities and organizations when necessary. To protect the U.S. financial system from criminals and, by extension, the global financial system, it also exchanges information with other countries’ FIUs. The “Egmont Group” consists of 166 FIUs. Within these 166 independent FIUs, the Egmont Group guides the exchange of intelligence and cooperation.

Brief History of FinCEN

Founded in 1990, FinCEN fights the dirty money movement in the U.S. financial system. FinCEN made colossal progress in fighting dirty money between 1990 and 2022 using the information gathered through the Bank Secrecy Act (BSA).

The BSA provides financial institutions with policies to follow, while FinCEN ensures compliance. Since 1990, FinCEN has administered the Bank Secrecy Act, created 20 years earlier. The U.S. government gives FinCEN the authority to issue financial regulations and the BSA. All agency activities are reported to the “Under Secretary of the Treasury for Terrorism and Financial Intelligence” by Congress and the Secretary of the Treasury, who also appoints the director. 

As a result of the USA PATRIOT Act of 2001, FinCEN was given greater authority and access by making it possible to investigate high net-worth individuals suspected of money laundering and terrorism financing. In addition, FinCEN has recently dedicated considerable resources to monitoring and investigating money laundering activities involving cryptocurrencies and other decentralized digital assets. FinCEN’s progress over the past eleven years is discussed in the latter part of this article.

FinCEN and the U.S. Congress

As mandated by Congress, FinCEN collects, analyzes, and manages data associated with FinCEN’s purview, including other related data that help safeguard the financial system. Some of these responsibilities include:

• Issuing and interpreting government guidance and regulations.
• Ensure compliance with BSA regulations.
• Managing data filed by financial institutions under FinCEN’s reporting requirements.
• Supports law enforcement investigations and prosecution in civil enforcement actions.
• Collaborates with local, state, and federal regulatory bodies and law enforcement agencies.
• Exchanges information and coordinates with foreign financial intelligence units (FIU) counterparts on anti-money laundering and terrorism financing efforts.
• Support policymakers, regulatory bodies, law enforcement, and intelligence agencies.

What is the Bank Secrecy Act (BSA)?

As a result of the BSA’s relationship with FinCEN, it is important to understand what the BSA is all about. The Bank Secrecy Act (BSA) is a legislative requirement for U.S. financial institutions to prevent the illicit use of the financial system. U.S. financial organizations are expected to comply with all the stated requirements as part of the government’s efforts to combat financial crimes. For example, if a cash transaction or purchase by an individual or entity exceeds $10,000 per day, the BSA requires financial establishments to file a report. Additionally, if a transaction or a customer’s account raises suspicion, a report must be filed.

What Are the Data Collected by FinCEN?

By now, you should know that the BSA makes the rules, and FinCEN enforces compliance. So assuming the conditions surrounding them are met, what are the two most important data points that banks and non-banks must submit?

1. Suspicious Activities Reports (SARs)
2. Currency Transaction Reports (CTRs)

Suspicious Activities Reports (SARs)

Among the bank’s responsibilities under the BSA are monitoring, identifying, and reporting suspicious activities. If any suspicious activity is noticed, further investigation should be done to determine whether to file a SAR form. These steps must be completed within 30 days of the transaction date; below are some points to watch out for:

• Criminal violations of any amount.
• Violations of up to $5,000 or more when a suspect is known.
• A criminal offense is punishable by up to $25,000 when there is no suspect.
• A transaction aggregating $5,000 or more that may be money laundering or a violation of the BSA.

Currency Transaction Reports (CTRs)

Banks must submit an electronic currency transaction report (CTRs) for transactions above $10,000. Any time it is noticed that a customer is structuring transactions to avoid the $10,000 reporting threshold, a CTR should be filed regardless of the amount involved. The CTR must be submitted within 15 days of the transaction date.

How FinCEN Collects and Acts on Data

Since FinCEN administers the BSA and financial institutions’ compliance with banking regulations, it indirectly has access to data from different financial organizations and can track electronic and cash transactions. It is difficult to track these activities because money launderers complicate the processes by which the money is transferred, preventing the tracing of the funds while making them appear legitimate funds. Here are the steps FinCEN takes to receive and process data:

1. Receives SARs and CTRs — FinCEN receives Suspicious Activities Reports (SARs) and Currency Transaction Reports (CTRs) from financial institutions daily.
2. Analyzes The Data — The data supplied by these SARs and CTRs analyze individuals, entities, and criminal organizations, including the techniques employed in money laundering, terrorism financing, weapons proliferation, and other illegal activities.
3. Connect Unrelated Parties — The information supplied and the analyses done on them can help connect local or international criminal organizations and/or individuals that appear unconnected at an ordinary glance of the money transactions.
4. Law Enforcement Action — This information is then shared with law enforcement agencies, which will help in financial investigations. Over the years, information from FinCEN through submitted SARs & CTRs has been the most reliable source of information for criminal investigations.

SARs and CTRs filed by one bank can easily be combined with those filed by other banks and non-banking institutions. The interoperability nature of these pieces of data to create a bigger picture can easily tell a better story for FinCEN or law enforcement agencies to trace complex money laundering patterns by criminal groups.

FinCEN and Beneficial Ownership

2018 brought with it a new rule in the FinCEN requirements for banks. The Beneficial Ownership rule, also known as the Customer Due Diligence Final Rule (i.e. CDD Final Rule), requires financial institutions to conduct customer due diligence on entities wanting to use the bank’s services. The goal is to prevent criminals from laundering money through shell companies or using them for illegal financial activities.

What is Beneficial Ownership? 

A Beneficial Owner is a legal term describing an individual’s right to specific properties or a share of a company. By law, a beneficial owner is anyone who holds more than 25% of a company’s shares. This can be in the form of control over the company’s management or voting rights. Beneficial ownership can be simple or complex in organizations with many subsidiaries (in some cases, the subsidiaries have subsidiaries). Sometimes, these complex structures are intentionally set up for dubious purposes. For example, AML compliance requires customer due diligence on individual customers, while the new CDD Final Rule under FinCEN in 2018 extended this requirement to companies’ beneficial owners.

What are Shell Companies?

Shell companies are high-risk businesses with financial assets but no significant business activities, directors, or owners who are publicly known. No employees or revenues are generated; however, money flows in and out continuously. Shell companies are seen as international business corporations, personal investment vaults to protect assets or funds not needed for business operations. Criminals can also use them for fraud and money laundering. Since the owners are not publicly known, financial activities can only occur by revealing the individuals behind them. The high-risk nature of a shell company requires banks to carry out more detailed due diligence according to the 2018 FinCEN CDD Rule or Beneficial Ownership rule.

FinCEN and Virtual Currencies

Previously, the crypto community operated freely without regard to BSA, AML, and FinCEN regulations. However, that changed in 2019 when the then-serving director, Kenneth A. Blanco, recalled the 2011 Money Service Business (MSB) definition, which included virtual assets as well as convertible virtual currencies as part of the definition with the exact phrase “other value that substitutes for currency”. Immediately following this, crypto-related firms were warned to be prepared for compliance with BSA and AML regulations. If FinCEN classifies cryptocurrencies under MSBs, what then are MSBs?

What are MSBs?

Money Service Businesses (MSBs) is a term FinCEN, and other financial regulators use to classify businesses that transmit or convert currencies. MSBs are not limited to banks but include Non-Banking Financial Institutions (NBFIs). According to FinCEN, any business that deals with any of the following is considered an MSB:

1. Currency dealers
2. Exchanges of currencies (virtual asset service providers, such as exchanges, brokers, wallet providers, etc.)
3. Check cashing
4. Issuers of traveler’s checks, money orders, or stored value
5. Seller or redeemer of traveler’s checks, money orders, or stored value
6. Money transmitter
7. U.S. Postal Service

FinCEN And Crypto — The Journey So Far

Today’s overview and policies on cryptocurrencies and other virtual assets result from many years of gradual interference by the government. The timeline below shows the government’s step-by-step recommendations and actions over the years through FinCEN and other regulatory agencies:

• 2011 — virtual assets were added to the list of Money Service Businesses with the phrase “other value that substitutes for currency.”

• 2012 — Compliance was expected from MSBs operating in the U.S. This means complying with the BSA and AML regulations. Having been classified as MSBs the previous year, crypto service providers had no choice but to cooperate with regulators.

•  2013 — Due to virtual currencies being put on the same pedestal as traditional currencies, merchants were told to comply with BSA and AML regulations. Hence, exchangers and virtual currency transmitters must report to FinCEN whenever necessary based on BSA and AML thresholds.

• 2015 — $700,000 fine against Ripple Labs (XRP token) for operating without proper registration as an MSB. This First Civil Enforcement Action Against a Virtual Currency Exchanger was direct proof that the regulations put in place by government agencies were being enforced.

• 2017 — a foreign-based MSB, BTC-e, was fined $110 million for operating without a license in the U.S. with an allegation of approximately $4 billion laundered funds. The founder, Alexander Vinnick, was extradited to the U.S. on August 4th, 2022, to face criminal charges leveled against him. This is another indication that regulators are ready to crush down virtual asset service providers that do not comply with all regulations.

• 2019 — In April 2019, FinCEN penalized a peer-to-peer crypto exchanger for violations of AML laws. Mr. Eric Powers was the first non-company crypto trader punished for violating the FinCEN regulations (in his case, civil money penalty). It further confirmed that whether an individual or a company serves as an MSB, it is a must to register as one and comply with BSA reporting requirements.

• 2019 — In May 2019, FinCEN released interpretative guidance requiring crypto businesses involved in Convertible Virtual Currencies (CVC) to see themselves as MSBs and ensure compliance with FinCEN and the BSA regulations.
  Other activities in 2019 included the joint approach to fighting AML non-compliance issued by the U.S. Securities and Exchange Commission (SEC) and U.S. Commodity Futures Trading Commission (CFTC). As well, stablecoins were classified as money transmitters in November 2019.

• 2020 — FinCEN required crypto exchanges to submit SARs for transactions above $10,000, just like traditional financial institutions. Additionally, the 2020 proposed regulation would require wallet owners to be identified for transactions over $3,000; this information could be requested by FinCEN if necessary for a criminal investigation.
• 2021 — Similar to the above 2020 proposed bill, the Biden administration showed interest in the crypto industry with new rules regarding cryptocurrency exchanges as brokers that must comply with BSA/AML reporting and record-keeping requirements like the traditional banking systems.
• 2021 — In September 2021, the U.S.  Commodity Futures Trading Commission (CFTC) charged 14 crypto firms for lack of registration and two for making misleading statements about their cryptocurrencies to the public users.
• 2022 — The White House gave an Executive Order for the government to ensure the responsible creation of digital assets with careful assessment of the risks and benefits of developing a digital dollar managed by the central bank. As stated in the executive order, the U.S. Central Bank Digital Currency (CBDC) may have the potential to support low-cost transactions, efficient for cross-border fund transfers with lesser risks compared to other digital currencies by private entities without complete governmental control. In global finance, the dollar retains its unique role due to this.

For eleven consecutive years (2011 – 2022), the government’s approach to cryptocurrency has been to belittle and regulate it. As shown in the executive order, they strive to maintain government-controlled currency as the only legal tender. Unfortunately, the timeline above doesn’t cover all that has happened, but it provides the roadmap showing the undivided focus of the government on cryptocurrency through FinCEN and other financial regulators. 

What is the Travel Rule?

Financial institutions must exchange customer information during financial transactions following FinCEN’s Travel Rule. The sender’s details must be exchanged with the beneficiary’s bank, and the record must be kept. 

Cryptocurrency exchanges must also comply with these requirements stipulated in the updated FATF Recommendation 15 for Virtual Assets Service Providers (VASPs). FinCEN requires financial institutions to comply with the following travel rules whenever money is transmitted:

• The name of the transmitter (sender)
• The account number of the transmitter, if used
• The address of the transmitter
• The identity of the transmitter’s financial institution
• The amount of the transmittal order
• The execution date of the transmittal order
• The identity of the recipient’s financial institution

If the beneficiary receives the fund, the following details should be made available by the beneficiary bank:

• The name of the recipient
• The address of the recipient
• The account number of the recipient
• Any other specific identifier of the recipient

Below is the same list of travel rule requirements specifically for Virtual Asset Service Providers (VASPs) according to FATF. The originator VASP must share the following sender information with the beneficiary VASP during a transaction: 

• Originator’s name (customer)
• Originator account number used for the transaction
• Unique identifiable information, e.g., national identity number, passport number, social security number, driving license number, residential address, etc.

The beneficiary VASP must share the following recipient information with the originator VASP in return once the fund is received:

• Beneficiary name (customer)
• Beneficiary account number used for the transaction

Conclusion

Undoubtedly, the government’s focus through FinCEN is to ensure proper use of the financial system, no matter which traditional institutions or emerging blockchain solutions are involved. This implies that FinCEN’s bedrock is “financial data” from financial-related companies and organizations, which FinCEN uses to build patterns and stories criminals use to exploit the financial system. This data must be provided and available at the right time to remain compliant. To gather data, we need to develop a customer identification program involving an effective KYC procedure. 

Identity.com

The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please refer to our documents for more information about how we can help you with FinCEN compliance.