Between the fall in cryptocurrency prices and the bankruptcy of several major players in the industry, today’s cryptocurrency companies are not short of challenges. However, cryptocurrency companies should not lose sight of their day-to-day obligations, especially those related to compliance.
In fact both stands And federal regulators continue to take enforcement action against cryptocurrency companies for alleged compliance shortcomings, resulting in significant monetary fines and, in extreme cases, even to arrest of the founders of the companies.
The risk of insufficient compliance does not appear to be diminishing. Early-stage cryptocurrency firms can lay a foundation for future success by continually assessing their compliance commitments through a risk-based approach, quickly addressing any shortcomings, particularly during periods of rapid expansion, and by vigilant monitoring to new regulatory developments.
It’s no secret that cryptocurrency regulation remains complicated, with different government regulators taking different and sometimes competing approaches.
1. Assess your company’s compliance risk and build a well-equipped compliance function
Cryptocurrency businesses of all shapes and sizes would benefit from an impartial assessment of the compliance risks facing the business. The Financial Action Task Force (FATF), an independent, intergovernmental body that publishes global anti-money laundering compliance standards for both businesses and governments, recommends that financial institutions, including cryptocurrency companies, take a risk-based approach to compliance.
This approach considers a company’s products, services, business model, customers, geography and other factors to assess and then address the greatest risks to the company. As a business evolves and grows over time, these risks must be continually reassessed to ensure the business stays ahead of all evolving compliance risks.
Cryptocurrency companies are often regulated by an alphabetical soup of government agencies. For example, some of the most common and well-known rules are:
- Registration and License Requirements. Cryptocurrency companies are often required to register with various government agencies in order to operate, although companies do not always immediately recognize the requirement. For example, many cryptocurrency exchanges or ATMs are required register as financial service providers with the United States Treasury Department’s Financial Crimes Enforcement Network. Similarly, the New York State Department of Financial Services (NYSDFS) requires cryptocurrency companies to obtain a “bit license” if they Do business in New York or with New York residents, which likely includes many businesses that are not physically located in New York.
- Anti-money laundering and know your customer regulations. Many cryptocurrency companies must comply with Know Your Customer (KYC) regulations, which require these companies to collect substantial information about their customers during the onboarding process. Anti-Money Laundering (AML) laws also require companies to monitor transactions and report potentially suspicious activity. Together, these laws are designed to combat criminal activity and terrorist financing and to prevent transactions with sanctioned entities and individuals. While these laws are well known, compliance can prove difficult in practice, and cryptocurrency companies continue to be so quoted due to alleged AML/KYC compliance errors.