ADAM BSA Comment Letter

February 14, 2022
The Honorable Himamauli “Him” Das
Acting Director
Financial Crimes Enforcement Network
2070 Chain Bridge Rd
Vienna, VA 22182

Re: 86 FR 71201, Review of Bank Secrecy Act Regulations and Guidance

Dear Acting Director Das,

The Association for Digital Asset Markets (ADAM) appreciates the opportunity to comment on the Financial Crimes Enforcement Network (FinCEN’s) request for information and comment on its review of Bank Secrecy Act (BSA) regulations and guidance. ADAM believes this comment period is timely, as the increasing digitalization of financial services provides an opportunity to create a more efficient and effective anti-money laundering and countering the financing of terrorism (AML/CFT) regime for the United States.

We are writing to promote our views of a safe, effective, efficient, inclusive, and innovative financial services sector, especially as it relates to digital assets and their compliance with the BSA. ADAM represents a broad-based coalition of leading industry firms, which engage in a wide variety of digital asset activities. Many of ADAM’s members’ core businesses require a large number of transactions, which results in significant BSA compliance work. As such, ADAM is greatly interested in this request for information.

About ADAM

ADAM is a private, non-profit, membership-based association of firms operating in the digital asset markets and is a standards-setting body and self-governing association  committed to promoting market integrity and best practices. ADAM works with leading financial firms, entrepreneurs, and regulators to develop industry best practices that facilitate fair and orderly digital asset markets. In this vein, ADAM’s objectives are to: (1) protect market participants from fraud and manipulation; (2) provide clear standards for efficient trading, custody, and the clearing and settlement of digital assets; (3) encourage professionalism and ethical conduct by market participants; and (4) increase transparency and provide information to the public and governments about digital asset markets. In furtherance of these objectives, ADAM released a principles-based Code of Conduct (Code) in late 2019 that sets certain standards of professional conduct for ADAM members. In particular, the Code addresses the following areas:

  • Compliance and Risk Management;
  • Market Ethics;
  • Conflicts of Interest;
  • Transparency and Fairness;
  • Market Integrity;
  • Custody;
  • Information Security and Business Continuity; and
  • AntiMoney Laundering and Countering the Finance of Terrorism.

Every ADAM member agrees to adhere to the Code of Conduct. The goal is to bring professional standards into the nascent but rapidly-growing digital asset markets, to develop trust in those markets so that they can flourish.

Our members are at the cutting edge of innovation through the use of new technologies, such as blockchain. However, they recognize that proper regulation, conduct, and cooperation with law enforcement are essential to their businesses and to the development of a sustainable marketplace and public trust.

ADAM and its members are committed to working with lawmakers, regulators, and law enforcement to promote responsible innovation in the digital asset space in a manner that expands the availability of financial services. We welcome a clear regulatory picture because our members seek full compliance. As such, ADAM supports exercises, such as this request for information, to update or modernize laws that were not drafted with the digital economy in mind.

Overview

As mentioned previously, ADAM’s membership spans across many segments of the digital asset industry. In order to provide a practical and representative comment letter, ADAM has chosen to address the following areas: (1) FinCEN No-Action Authority & Other Forms of Regulatory Guidance and Relief; (2) Third-Parties and Compliance Regulatory Technology; (3) BSA Reciprocity with Other Financial Institutions; (4) BSA Reporting Thresholds; (5) BSA Value Study, Data Collection, and Cybersecurity Risks; (6) Involvement in SROs; (7) Regulatory Sandboxes; and (8) Privacy Tokens and Mixers.

FinCEN NoAction Authority & Other Forms of Regulatory Guidance or Relief

To date, FinCEN does not have a clear pathway for organizations to seek no-action relief in ways such as the Securities and Exchange Commission’s (SEC) & the Commodity Futures Trading Commission’s (CFTC) no-action process.  These processes have been very useful in allowing our securities and commodities frameworks to adapt to technological innovation. The Anti Money Laundering Act of 2020 asked FinCEN to study a no-action exemptive process, and ADAM thoroughly support’s FinCEN June 2021 letter to the Senate on its Assessment of No- Action Letters and welcomes FinCEN undertaking a rulemaking to adopt such a process.

ADAM recognizes that formal steps to establish a no-action process will take time and may need Congressional authorization, and as such, ADAM supports FinCEN expanding its cooperation with industry groups to issue timely question and answer (Q/A) guidance documents. FinCEN presently publishes guidance documents intended to clarify issues or respond to questions of general applicability that arise under FinCEN regulations, such as with the application of FinCEN’s regulations to business models involving convertible virtual currency. ADAM and its members value this guidance and seek greater input into the process. ADAM believes that a regular Q/A process permitting industry associations and market participants to identify and ask questions regarding areas of ambiguity and receive written responses from FinCEN within a definite, reasonable timeframe, would further enhance clarity of the application of FinCEN regulations to the digital asset markets. Q/A guidance issued pursuant to greater industry engagement would improve compliance in a rapidly developing marketplace while FinCEN continues to consider a formal, no-action process of its own. ADAM believes that such a process would be squarely in line with your (Acting Director Das) January 2022 speech on the role of private partnerships.

Third Parties and Compliance Regulatory Technology

The BSA places a large burden on financial institutions to execute BSA compliance in-house and due to liability considerations, effectively limits the ability of financial institutions to use third- party vendors and compliance assistance. This in-house burden affects not just digital asset focused firms, but also a wide swath of financial institutions, including broker-dealers that handle a large number of transactions. Although FinCEN has considered providing guidance on the outsourcing of compliance functions by covered financial institutions, it has yet to issue such guidance or take a position on the matter.9 For the reasons described below, ADAM believes that FinCEN has an opportunity to measurably enhance the compliance functions of digital asset markets participants by issuing such guidance in the near term.

The high number of transactions that take place in a digital environment create a large compliance burden, especially for firms still in their growth state. In the digital asset sector, this has created a tremendous demand for BSA compliance talent, which places compliance officials at a premium and affords them numerous opportunities to make horizontal and vertical career moves. These opportunities lead to a high degree of turnover in compliance staff. Filling vacated or newly created positions can take multiple months to recruit, hire, and onboard. As such, a single departure can be extremely troubling to smaller firms that lack the compliance infrastructure of larger financial institutions.

For many covered financial institutions, including some ADAM members, reliance on third parties to perform AML compliance functions may substantially reduce risk and enhance program implementation. Accordingly, ADAM believes that FinCEN should address the use of third-party compliance experts as part of an effective, risk-based AML compliance program. FinCEN should consider issuing “best practices” or similar guidance on the use of third-party AML compliance experts to express its views on issues such as proper integration and third-party risk management. Doing so will help build stability in compliance programs, and allow growing firms to more confidently rely on third-party experts and quickly enhance their compliance programs when a need is presented. Additionally, centralized third-party service providers will be well positioned to most effectively engage with FinCEN on questions and update their compliance programs to support new FinCEN guidance and Q/As.

In addition to these benefits, a greater reliance on third parties by digital asset firms, especially in connection with blockchain transactions, will create the opportunity to improve compliance systems through the development of real time disaggregated compliance regulatory technology. Compliance regulatory technology is compliance technology built into blockchains. Such a system could, for example, apply a wrapper to a certain digital asset and encode a KYC piece of information every time the digital asset is moved. These software tools have the ability to lessen compliance burden and improve compliance functionality in areas such as the Travel Rule. Such technology is a near-term possibility, and will likely be developed and implemented by third parties. As such, FinCEN, through written guidance, should assure the industry that it can effectively leverage these types of compliance advancements, and express its views about how best to do so.

Reciprocity with Other Financial Institutions

Although there are limited circumstances in which a financial institution is permitted to rely on customer identification and customer due diligence performed by another financial institution, reliance is limited to only certain types of covered financial institutions and requires certification.

ADAM supports a process under the BSA and its implementing regulations, where all financial institutions subject to the BSA can rely on the customer identification and customer due diligence performed by another financial institution that is also subject to the BSA. Such a process could include safeguards, such as a certification requirement for the relied-upon financial institution. Ultimate responsibility would still rest with the financial institution relying on another to perform customer identification and customer due diligence on its behalf. This process would reduce the compliance burden for secondary financial service providers, such as digital asset firms who may receive customer referrals from a bank, and prevent customers from having to unnecessarily give their personal identification information (PII) to multiple institutions. This becomes especially relevant in a permissioned Decentralized Finance (DeFi) environment, where multiple firms or protocols may engage with a fully KYC’ed user brought onto the platform by a primary service providing firm.

As DeFi continues to grow, ADAM anticipates the development of private permissioned DeFi environments that will create private, permissive applications of KYC and customer due diligence beyond current requirements of the BSA. Many of these environments will be business-to-business facing with no general consumer element. Allowing reciprocity in these instances will reduce burden on the institutions conducting transactions with fewer compliance risks.

Reporting Thresholds

Reporting thresholds are a delicate subject that are the baseline of financial services compliance programs. The BSA contains a number of reporting thresholds for the filing of Currency Transaction Reports ($10,000), Suspicious Activity Reports ($2,000/$5,000) and Foreign Bank and Financial Account Reporting ($10,000). These requirements are contained in statutes or rules and are not updated regularly to account for inflation. Additionally, a recent rulemaking in October 2020 actually lowered reporting thresholds for the international travel rule by 92%.

In order to account for inflation, ADAM supports FinCEN establishing a regular look-back period to systematically update their statutory or rule-based reporting thresholds to account for inflation, ensure the usefulness of the data collected, and reduce compliance burden on financial institutions. By way of example, $10,000 in 1970, the year of enactment of the BSA, would be worth approximately $72,000 in 2022. A look-back procedure of the type advocated by ADAM would help FinCEN ensure that current reporting thresholds are kept in line with legislative intent.

ADAM also has concerns regarding the lowering of reporting thresholds. The lowering of thresholds would institute a significant compliance burden, would infringe users’ legally defined rights to privacy, and ultimately may not provide useful information for law enforcement. If FinCEN were to decide to lower other thresholds for good cause, ADAM requests that thresholds be constant across all overseen activities such as personal money transmission, bank transaction reporting, and casinos. Additionally, ADAM requests that FinCEN allow significant time for comments, and that any rule adopting lower reporting thresholds provide ample time to allow for compliance adjustments.

Similarly, as FinCEN continues to evaluate BSA compliance for digital asset firms, it is important to treat digital assets in the same way as other mediums of exchange and ensure that digital assets are treated fairly under the law. ADAM has concerns about the singling out of digital assets for lower reporting and recordkeeping thresholds, particularly if done for directed policy goals. FinCEN’s May 2019 clarified the application of FinCEN’s existing regulations to digital assets. However, a pending December 2020 rulemaking threatened to set recordkeeping requirements for digital currency transactions that go far beyond what is required for cash transactions. A technical solution does not exist for many of these proposed requirements and the broad-based collection of low value transactional data creates an undue cybersecurity risk.

Digital assets are an evolutionary payment form and their unique technical advantages such as onchain metrics provide the ability for real-time transaction monitoring; however, they should not be singled out for new reporting thresholds simply due to their digital nature. Growing subsets of digital assets, such as stablecoins have the potential to change the international payments landscape through the promotion of financial inclusion with low cost, fast, and secure transactions. An uneven application of rules without a proper cost-benefit analysis threatens to harm U.S. leadership, innovation, and competition in this emerging sector of the economy. As such, FinCEN should keep reporting requirements for digital assets in line with cash and all other means of exchange.

BSA Value Study, Data Collection, and Cybersecurity

n 2019, FinCEN began conducting a “value study” on the BSA and related laws that was designed to determine whether the current laws and regulations are actually having an empirical (data-based) effect on the prevention of money laundering, and are not imposing a disproportionate burden on financial institutions. ADAM welcomes FinCEN’s completion and publication of the BSA value study as soon as possible, so that empirical discussions around the future of the BSA can take place.

ADAM believes that the continued collection and aggregation of BSA data creates a constantly renewed “honey pot” of PII, subjecting FinCEN’s BSA data management system to significant cybersecurity risks and attendant privacy implications. Given the recent spate a serious data breaches, including the nation-state Solar Winds attack, which compromised Department of the Treasury, Department of Justice, and Department of Commerce computer networks, and the publication of the “FinCEN Files,” which included detailed descriptions of confidential BSA data, ADAM believes that FinCEN should continue to take steps to improve its cybersecurity practices to ensure that confidential BSA data cannot be accessed by malicious actors. Additional consideration also should be given to balancing the risk to personal data exposure with the benefit of such data to law enforcement.

Across other Agencies, there have been significant concerns raised by the public and senior government officials alike when proposals are made for the government to become central repositories for sensitive data. Two important examples include the SEC’s Consolidated Audit Trail (“CAT”) and the CFTC’s Regulation Automated Trading (“Reg AT”) proposals. The SEC has been assessing the CAT for multiple years, partially due to the massive PII and cybersecurity implications involved. Such constant re-evaluation is prudent and ADAM supports FinCEN’s continued attention to cyber and privacy considerations implicated by its collection and maintenance of BSA data.

Involvement in SROs

Self-Regulatory Organizations (SROs) have a long history of working successfully with regulators such as the SEC and CFTC. FinCEN has historically been engaged with FINRA in coordinating standard-setting and examinations for broker-dealers, but does not have the same type of relationship with the National Futures Association (NFA). As the digital asset community grows, ADAM believes that there will be more opportunities for FinCEN to engage with industry SROs. ADAM has called for the creation of a digital asset markets-focused SRO, which, among other things, would perform BSA examinations for digital asset market participants on behalf of the SEC and CFTC.

FinCEN should reexamine its engagement with all self-regulatory organizations and identify best practices to ensure a coordinated and effective approach. FinCEN should also begin thinking about how to partner with a digital asset-focused SRO. A discussion is needed about how an SRO could help FinCEN better identify and deter money laundering in digital asset markets, determine the data that would be useful for FinCEN and the SRO to focus on (such as data from real time monitoring), and outline an examination program specific to digital asset firms.

Regulatory Sandboxes

ADAM is supportive of the regulatory sandbox you (Acting Director DAS) outlined in your recent speech to the American Bar Association. Regulatory sandboxes have proven to be innovation-friendly approaches that have allowed government and the private sector to identify how best to tailor approaches to novel technological developments. ADAM and its members look forward to cooperating with FinCEN on a potential regulatory sandbox, especially as it relates to digital assets broadly, and stablecoins specifically.

Privacy Tokens and Mixers

Privacy tokens and mixers are two areas of the digital assets community that ADAM is studying in light of benefits and FinCEN rules and requirements.

Privacy tokens are a class of digital assets that are designed to conceal the identification of participating parties, with anonymity as a key feature. Blockchain analytic firms have ability to track these assets, and ADAM is studying the ability for digital asset firms that store or permit the exchange of such tokens for purposes of BSA compliance. ADAM looks forward to working with FinCEN to identify possible solutions to issues arising from privacy tokens.

Mixing services are services designed to conceal the origin and the distribution of digital assets and we have concerns that they are being used to hide fraud and protect scammers. When transacting in digital assets, it is near-impossible in real time to ascertain the digital asset sourcing prior to the immediate transaction at hand. FinCEN should provide guidance on transacting with digital assets emanating from a mixing service and place liability directly on the user interacting with the mixing service, not a party multiple transactions down the line. ADAM looks forward to working with FinCEN to identify possible solutions to the BSA compliance challenges presented by mixing services, privacy tokens, and other developing issues.

ADAM appreciates FinCEN’s considerations of the comments above. ADAM and its members stand ready to answer any questions you may have, and we look forward to continued collaboration with FinCEN.

Sincerely,

Michelle Bond
Chief Executive Officer
Association for Digital Asset Markets (ADAM)

###

  • Review of Bank Secrecy Act Regulations and Guidance, 86 Fed. Reg. 71201 (Dec. 15, 2021).
  • ADAM is a broad-based industry group that includes a wide variety of market participants, including trading platforms, custodians, investors, asset managers, traders, liquidity providers, and brokers. Our members are firms that are active in digital asset markets or seek to participate in those markets. ADAM members include: Anchorage Digital, N.A.; BitGo; BitOoda; BlockFi; BTIG; CMT Digital; CoinFund; Cumberland; Digital Asset Council of Financial Professionals; Dunamis Trading; Eventus Systems; Fireblocks; FTX.com; FTX.us; Hxro Foundation; Galaxy Digital; Genesis; Grayscale; GSR; HRT; Multicoin Capital; Oasis Pro Markets; Parataxis; Paxos; Robinhood Crypto; Sarson Funds; Solidus Capital; Symbiont; Symphony Communications; WisdomTree; and XBTO. ADAM law firm partners include: Anderson Kill; DLA Piper; DLx Law; Mayer Brown; Morgan Lewis; and Murphy & McGonigle.
  • Association for Digital Asset Markets, Code of Conduct (Nov. 12, 2019), available at
    http://www.theadam.io/code/.
  • See, e.g., FTX US, Regulations and Licensure Information, FTX US, available at https://help.ftx.us/hc/en- us/articles/360046877253-Regulation-and-Licensure-Information (detailing federal and state regulatory and licensure information for FTX, an ADAM member); Diogo Mónica & Nathan McCauley, US Marshals Choose Anchorage Digital to Custody, Service Seized Digital Assets (July 28, 2021), available at https://medium.com/anchorage/us-marshals-choose-anchorage-digital-to-custody-service-seized-digital-assets- 70587f5faec9 (announcing Anchorage Digital as the provider of digital asset custody and financial services for the United States Marshals Service)
  • SEC, Staff No-Action, Interpretive, and Exemptive Letters (Jan. 28, 2021), available at https://www.sec.gov/regulation/staff-interpretations/no-action-letters; CFTC, Staff Letters (Dec. 22, 2021), available at https://www.cftc.gov/LawRegulation/CFTCStaffLetters/index.htm.
  • FinCEN, A Report to Congress: Assessment of No-Action Letters in Accordance with Section 6305 of the Anti- Money Laundering Act of 2020 (June 28, 2021), available at https://www.fincen.gov/sites/default/files/shared/No- Action%20Letter%20Report%20to%20Congress%20per%20AMLA%20for%20ExecSec%20Clearance%20508.pdf.
  • FinCEN, FIN-2019-G001, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (May 9, 2019), available at https://www.fincen.gov/sites/default/files/2019- 05/FinCEN%20Guidance%20CVC%20FINAL%20508.pdf.
  • Him Das, Prepared Remarks of FinCEN Acting Director Him Das, Delivered Virtually at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference, FinCEN (Jan. 13, 2022), available at https://www.fincen.gov/news/speeches/prepared-remarks-fincen-acting-director-him-das-delivered- virtually-american-bankers.
  • See SAR Confidentiality of Suspicious Activity Reports, 75 Fed. Reg. 75,593, 75,601 (Dec 3. 2010), available at https://www.fincen.gov/sites/default/files/shared/SAR%20Confidentiality%20final%20rule_11-22-2010.pdf.
  • The OCC, for example, has issued third party risk management guidance applicable to national banks that outsource certain compliance functions, including the “fil[ing] of compliance reports under the Bank Secrecy Act.” OCC Bull. No. 2020-10, Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29 (Mar. 5, 2020), available at https://occ.gov/news-issuances/bulletins/2020/bulletin-2020-10.html. Banks are also expressly permitted to rely on third parties in the CIP context, subject to certain conditions. See FinCEN, Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act (Apr. 28, 2005), available at https://www.fincen.gov/index.php/resources/statutes- regulations/guidance/interagency-interpretive-guidance-customer-identification.
  • See 31 C.F.R. §§ 1010.230(j), 1020.220(a)(6).
  • FinCEN, Agencies Invite Comment on Proposed Rule under Bank Secrecy Act (Oct. 23, 2020), available at https://www.fincen.gov/news/news-releases/agencies-invite-comment-proposed-rule-under-bank-secrecy-act.
  • Inflation Calculator, available at https://www.usinflationcalculator.com/ (last visited Feb. 10, 2022).
  • See infra section on BSA Value Study, Data Collection, and Cybersecurity.
  • Supra note 7.
  • Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets, 86 Fed. Reg. 3897 (proposed Jan. 15, 2021) (to be codified 31 CFR 1010, 1020, 1022), available at https://www.federalregister.gov/documents/2021/01/15/2021-01016/requirements-for-certain-transactions- involving-convertible-virtual-currency-or-digital-assets.
  • ADAM, Comment Letter on Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets (Jan. 4, 2021), available at http://www.theadam.io/wp-content/uploads/2021/04/FinCEN-Comment- Ltr-on-Self-Hosted-Wallets-ADAM-1.4.21.pdf.
  • Robert Baldwin, ADAM, House Financial Services Testimony (July 27, 2021), available at http://www.theadam.io/wp-content/uploads/2021/07/Robert-Baldwin-ADAM-Congressional-Testimony.pdf.
  • Kenneth A. Blanco, Prepared Remarks of FinCEN Director Kenneth A. Blanco, delivered at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference (Dec. 10, 2019), available at https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth- blanco-delivered-american-bankers.
  • Reuters Staff, SolarWinds hack was “largest and most sophisticated attack” ever: Microsoft president, REUTERS (Feb. 14, 2021), available at https://www.reuters.com/article/us-cyber-solarwinds-microsoft-idUSKBN2AF03R.
  • Int’l Consortium of Investigative Journalists, FinCEN Files (2021), available at https://www.icij.org/investigations/fincen-files/.
  • CFTC, Self-Regulation and Self-Regulatory Organizations in the Futures Industry (Nov. 25, 2005), available at https://www.cftc.gov/foia/fedreg05/foi051125a.htm; SEC, Self-Regulatory Organization Rulemaking (Mar. 2, 2021) , available at https://www.sec.gov/rules/sro.shtml.
  • GAO, GAO-19-582, Agencies and Financial Institutions Share Information but Metrics and Feedback Not Regularly Provided 63, 68 (Aug. 2019), available at https://www.gao.gov/assets/gao-19-582.pdf.
  • Michelle Bond, Let Crypto Regulate Itself, The Information (Nov. 15, 2021), available at https://www.theinformation.com/articles/let-crypto-regulate-itself.
  • Supra note 8.
  • See, e.g., FCA, Regulatory Sandbox, (July 23, 2020), available at https://www.fca.org.uk/firms/regulatory- sandbox/regulatory-sandbox-cohort-6.
  • CoinMarketCap, Top Privacy Tokens by Market Capitalization (2022), available at https://coinmarketcap.com/view/privacy/. Although privacy tokens are sometimes associated with nefarious activities, payment data is intrinsically private, For example, it may reveal personal preferences and medical information, or serve as an indicator of personal wealth. Privacy tokens offer the protection of privacy to such sensitive information.
  • Danny Nelson & Marc Hochstein, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops, CoinDesk (Sept. 21, 2021), available at https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how- chainalysis-flags-crypto-suspects-for-cops/.
  • See, e.g., Mixing it Up: Does DOJ’s case against Helix preview what’s next for Bitcoin Fog and the future of crypto mixing? TRM (May 21, 2021), available at https://www.trmlabs.com/post/mixing-it-up.