Between the fall in cryptocurrency prices and the bankruptcy of several large players in the sector, today's cryptocurrency companies face numerous challenges. However, cryptocurrency companies must not lose sight of their day-to-day obligations, particularly those related to compliance.
In fact, both the state regulators as federales continue to take legal action against cryptocurrency companies for alleged compliance deficiencies, resulting in significant monetary penalties and, in extreme cases, even the detention of company founders.
The risk posed by inadequate compliance shows no signs of abating. Early-stage cryptocurrency businesses can lay the foundation for future success by continually evaluating their compliance obligations through a risk-based approach and quickly addressing any deficiencies, particularly during periods of rapid expansion, as well as by vigilant monitoring of new regulatory developments.
1. Assess your company's compliance risk and create a well-resourced compliance function
Cryptocurrency businesses of all shapes and sizes would benefit from conducting a dispassionate assessment of the compliance risks facing the business.. The Financial Action Task Force (FATF), an independent intergovernmental body that publishes global anti-money laundering compliance standards for both companies and governments, recommended that financial institutions, including cryptocurrency companies, take a risk-based approach to compliance.
This approach involves considering a company's products, services, business model, customers, geography and other factors in order to assess, and then address, the greatest risks to the company. As a business evolves and grows over time, these risks must be continually reassessed to ensure the business stays ahead of any developing compliance risks.
Cryptocurrency companies are often regulated by an alphabet soup of government entities. Some of the more common and well-known regulations include, for example
- Registration and license requirements. Cryptocurrency companies are frequently required to register with various government regulators in order to operate, although companies do not always immediately recognize the requirement. For example, many cryptocurrency exchanges or ATMs are bound to register as money service businesses with the US Department of Treasury's Financial Crimes Enforcement Network. Similarly, the New York State Department of Financial Services (NYSDFS) requires requiring cryptocurrency companies to obtain a "bit license" if they do business in New York or with New York residents, which will likely include many companies that are not physically headquartered in New York.
- Regulations against money laundering and "know your customer". Many cryptocurrency companies must comply with Know Your Customer (KYC) regulations, which require these companies to collect material information about their customers during the onboarding process. Anti-money laundering (AML) laws also require companies to monitor transactions and report potentially suspicious activity. Taken together, these laws are designed to combat criminal activity and terrorist financing, as well as prevent transactions with sanctioned entities and individuals. Although these laws are widely known, in practice they can be difficult to enforce, and cryptocurrency companies remain cited for alleged AML/KYC breaches.
Once early-stage businesses understand the risks they face, they must work to create a well-resourced compliance function to address those risks, prioritizing the most pressing ones, and meet the regulatory requirements applicable to the business. . A strong compliance department is one that has a sufficient number of compliance professionals with tools and resources commensurate with the risks facing the business.
A strong compliance function can benefit cryptocurrency companies in particular, helping them avoid costly financial penalties imposed by regulators, as well as the reputational hit that companies often suffer when facing scrutiny from regulators. Establishing a well-resourced compliance division can also provide additional comfort to potential investors, industry partners, or other counterparties who may have concerns about recent volatility in the cryptocurrency industry.
2. Continue to invest in compliance, especially during periods of rapid growth.
If an early-stage company finds its footing and begins to grow rapidly, the company's management is likely to face innumerable challenges and demands on its time. However, it is especially important that the company does not lose sight of its compliance obligations during this period. Although a company may have developed what it believes to be an adequate compliance function, during periods of growth a company's compliance department can quickly become overwhelmed by rapidly growing responsibilities.
For example, this was the case with the cryptocurrency trading platform Coinbase, Inc. which recently agreed pay $100 million in fines and compliance program enhancements to resolve the NYSDFS investigation into its allegedly flawed compliance program. Although the NYSDFS acknowledged that Coinbase had made substantial efforts to improve its compliance department, it nonetheless concluded that substantial weaknesses remained, driven, at least in part, by the rapid operational growth experienced by Coinbase during 2020 and 2021.
Coinbase's compliance department was allegedly understaffed and unable to keep up, leading to a large backlog of unreviewed transaction monitoring alerts and incomplete customer due diligence that allowed transactions to take place. suspects on the platform.
3. Continuously monitor the latest developments and regulatory guidance
It's no secret that cryptocurrency regulation remains complicated, with various government regulators taking different and sometimes conflicting approaches, notably the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). . Along with the collapse of several high-profile cryptocurrency companies, these divergent approaches have led to renewed appeals for more unified regulation of the cryptocurrency industry.
However, as a piecemeal approach to cryptocurrency regulation seems likely to continue at least in the short term, it is vital that cryptocurrency companies keep abreast of changes in regulatory guidance and enforcement trends, which It will allow them to more accurately assess the compliance risks facing their business.
For example, the SEC announced recently that regulating “emerging technologies and crypto assets” would be one of its priorities by 2023. In particular, the SEC intends to conduct examinations of broker-dealers and investment advisers who deal in “crypto assets or related crypto assets” to assess whether (1) they followed their “respective rules of care when making recommendations, referrals or providing investment advice” with respect to these assets, and (2) whether they “routinely reviewed, updated and improved their compliance, disclosure and management practices of risks." A company that regularly monitors regulatory guidance will be aware of the increased risk in these areas and will be able to adapt accordingly.
In addition, The SEC's "regulation by enforcement" approach makes keeping abreast of both regulatory developments, and even notable cryptocurrency litigation, all the more important to many cryptocurrency firms.. This is particularly true in relation to the open question of what, if any, cryptocurrencies should be considered "securities" under federal securities laws. For example, cryptocurrency firm Paxos Trust Co. will soon face a lawsuit from the SEC arguing that a stablecoin it issued, Binance USD, or BUSD, was a security. This fact would be of particular importance for the risk assessment carried out by issuers of similar stablecoins.
These examples demonstrate that frequent monitoring of new regulatory guidance will allow a company to better assess, and therefore address, its greatest compliance risks.
Efforts by regulators to ensure strong compliance programs in the cryptocurrency arena will continue into the next year and beyond. Given the turbulent state of the cryptocurrency industry, avoiding the substantial burdens of regulatory scrutiny is likely of the utmost importance to many companies. By establishing a strong and risk-based compliance function, ensuring it is capable of scaling alongside a growing business, and staying abreast of the latest regulatory guidance, cryptocurrency companies can better position themselves to weather the crypto winter. .
