Cryptocurrency is a highly disruptive technology and its continued success will hinge on regulators and mainstream adoption. For cryptocurrency companies to remain compliant, they must continue to invest in growth, update their products, and stay ahead of the curve.
Some cryptocurrency companies have been found to have failed to comply with state and federal regulators, resulting in substantial monetary penalties and, in some cases, even arrest of the company’s founders. As a result, these companies face significant challenges in attempting to establish themselves as legitimate players in the field.
Cryptocurrency companies must continuously assess their compliance obligations in a risk-based approach in order to remain compliant with evolving regulations. Failing to do so can result in costly fines and bans, as well as damage to the company’s reputation and its ability to operate. Companies should also vigilantly monitor for new regulatory developments, as they may pose a threat to the safety and security of cryptocurrencies and the companies that operate them.
It should not come as much of a surprise that cryptocurrency regulation remains complicated, as different government regulators adopt differing and sometimes competing approaches. As a result, it can be difficult for either consumers or businesses to understand exactly how cryptocurrency works and what specific regulations apply to them.
1. Assess your business’s compliance risk and build a well-resourced compliance function
A dispassionate assessment of the compliance risks facing cryptocurrency companies would reveal a number of areas of focus, including ensuring that user data is protected, identifying and addressing any vulnerabilities in the company’s infrastructure, and closely monitoring developments in the cryptocurrency space. In light of these risks, companies should adopt a risk-based approach to compliance and appoint an executive responsible for overseeing all aspects of compliance programming.
As a company evolves and grows over time, it is essential that any potential compliance risks are constantly re-evaluated in order to stay ahead of potential problems. By considering a company’s products, services, business model, customers, geography, and other factors, an assessment can be made of the greatest risks to the company. If any risk is deemed as significant or imminent, then action may need to be taken in order to protect the company’s assets and ensure compliance with regulations.
One of the main reasons that cryptocurrency companies are often regulated by an alphabet soup of government entities is because cryptocurrencies are still relatively new. This means that there is not yet a clear regulatory framework in place. Additionally, many governments see cryptocurrencies as an opportunity to make money, which means that they may be stricter with how these companies operate than they would be with traditional banks or other financial institutions.
- Registration and licensure requirements. Cryptocurrency companies are frequently required to register with various government regulators in order to operate, although companies may not always immediately recognize the requirement. For example, many cryptocurrency exchanges or ATMs are required to register as money services businesses with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network. Similarly, the New York State Department of Financial Services (NYSDFS) requires cryptocurrency companies to obtain a “bit license” if they conduct business in New York or with New York residents, which will likely include many companies that are not physically based in New York.
- Anti-money laundering and know your customer regulations. Many cryptocurrency companies must comply with Know Your Customer (KYC) regulations, which require these companies to collect substantial information regarding their customers during the onboarding process. Anti-money laundering (AML) laws also require that companies monitor transactions and report potentially suspicious activity. Together, these laws are designed to combat criminal activity and terrorist financing, as well as prevent transactions with sanctioned entities and individuals. Although these laws are widely known, in practice compliance can prove difficult, and cryptocurrency companies continue to be cited for alleged AML/KYC compliance failures.