In a speech delivered at the West Coast Anti-Money Laundering Forum on May 6, 2015, Financial Crimes Enforcement Network ("FinCEN") Director Jennifer Shasky Calvery announced that FinCEN has “recently launched a series of supervisory examinations of businesses in the virtual currency industry.”

Ms. Shasky Calvery’s comments came one day after FinCEN’s Assessment of a $700,000 civil money penalty against virtual currency business Ripple Labs Inc. and its subsidiary, XRP II, LLC (together, “Ripple”) for alleged violations of the Bank Secrecy Act ("BSA"). The charges include failure to (1) register as an money services business ("MSB"), (2) file suspicious activity reports on certain transactions, and (3) establish the requisite elements of a basic AML program.  The Assessment does not indicate how the penalty was calculated, so it is unclear exactly how each alleged violation contributed to the total penalty amount.

MSBs operating in the virtual currency industry should be aware of at least two important points in light of these simultaneous developments.

First, with formal examinations on the horizon, virtual currency businesses must be prepared to demonstrate not only technical compliance with the requirements of the BSA, but qualitative compliance with the Act as well.

Many of FinCEN's allegations against Ripple, which appear in the Statement of Facts and Violations, read as relatively straightforward violations of the BSA – particularly the company’s alleged failure to register as an MSB, designate a compliance officer, or establish a training program for personnel.  Such mistakes should be avoidable to MSBs operating in the virtual currency industry, so long as they are aware that they meet the definition of an “MSB” and make an effort to comply with the BSA.  However, FinCEN’s announcement that it has “launched a series” of formal BSA examinations of virtual currency businesses means that MSBs will be under increased scrutiny, and therefore less obvious shortcomings could become the basis for enforcement.

Businesses should keep in mind that the IRS/FinCEN BSA/AML Examination Manual for Money Service Businesses describes a risk-based examination program whereby the examiner conducts an initial BSA risk assessment of the MSB in order to determine the scope and focus of the examination.  The most comprehensive of FinCEN/IRS examinations could include thorough reviews of policies, procedures and programs, employee interviews, and transaction testing. Examiners will likely be focused on evaluating the four pillars of the MSBs’s AML program, which are described in 31 C.F.R. 1022.210: (1) internal controls, (2) the establishment of a BSA compliance officer, (3) the quality and frequency of independent review, and (4) the adequacy of training of appropriate personnel.  MSBs should be prepared to demonstrate that they have satisfactorily addressed all four pillars, and that they are aware of their own unique risk exposures and are committed to mitigating them.

Second, documentation of BSA/AML program achievements is important.

FinCEN is authorized to assess civil money penalties for certain "negligent" and “willful” violations of the BSA. As noted in FinCEN’s Assessment against Ripple, this latter standard is lower than one might think: “In civil enforcement of the Bank Secrecy Act under 31 U.S.C. § 5321(a)(1), to establish that a financial institution or individual acted willfully, the government need only show that the financial institution or individual acted with either reckless disregard or willful blindness. The government need not show that the entity or individual had knowledge that the conduct violated the Bank Secrecy Act, or that the entity or individual otherwise acted with an improper motive or bad purpose.”

Ripple admitted to "willfully" violating the BSA in connection with the Assessment.  However, an MSB seeking to challenge an allegation that it willfully violated the BSA should be prepared to show evidence of a strong culture of compliance with the BSA, a thorough understanding of their unique risk profile and an ongoing commitment to BSA risk mitigation.  Evidence can be preserved in mission statements, value statements, training materials and meeting minutes.  As virtual currency companies ramp up the breadth and efficacy of their AML programs, they should remain cognizant of the fact that examiners will be scrutinizing these programs closely.  Thus, documenting interim progress, small and medium achievements and a culture of compliance is now more important than ever.

For more information, you can find a copy of FinCEN's assesment of a civil money penalty against Ripple Labs here, and a copy of FinCEN's Statement of Facts and Violations setting forth its allegations here.