The Bank Secrecy Act, Cryptocurrencies, and Fresh Tokens: What is Known and What Remains Ambiguous, Coin Center
The Bank Secrecy Act, Cryptocurrencies, and Fresh Tokens: What is Known and What Remains Ambiguous
Are compliance obligations triggered when the developers of a fresh decentralized token protocol sell them to U.S. persons?
This report summarizes how various activities performed with cryptocurrencies and similar tokens have thus far been characterized by FinCEN and other authorities for the purposes of determining the compliance obligations of persons performing those activities under the Bank Secrecy Act. This report will also describe an area where there is fine uncertainty in current law and interpretation: are BSA compliance obligations triggered when the developers of a fresh decentralized token protocol sell that token to U.S. persons (sometimes called a “token sale” or, more unluckily, an “ICO”)? The report concludes by recommending that FinCEN should clarify that certain token sales are not presently subject to regulation under the BSA. Should there be a desire to regulate these activities, FinCEN must engage in a formal rulemaking.
Coin Center is a non-profit research and advocacy center focused on the public policy issues facing cryptocurrency technologies such as Bitcoin. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using blockchain technologies. We do this by producing and publishing policy research from respected academics and experts, educating policymakers and the media about blockchain technology, and by engaging in advocacy for sound public policy.
A federal law, the Bank Secrecy Act (BSA),mandates that “financial institutions” (a broad category of businesses suggesting financial services[Two]) must collect and retain information about their customers and share that information with the Financial Crimes Enforcement Network (FinCEN), a bureau within the Department of the Treasury.[Three] The emergence of Bitcoin and follow-on decentralized crypto-tokens has raised an significant question. When do businesses dealing with these fresh technologies fit the definition of “financial institution” and become obligated to surveil and report on their customers?
This report will summarize and analyze how various activities performed with cryptocurrencies and similar tokens have thus far been characterized by FinCEN and other authorities for the purposes of determining the compliance obligations of persons performing those activities under the Bank Secrecy Act. This report will also describe an area where there is good uncertainty in current law and interpretation: are BSA compliance obligations triggered when the developers of a fresh decentralized token protocol[Four]sell that token to U.S. persons (sometimes called a “token sale” or, more unluckily, an “ICO”[Five])?
II. The two thousand thirteen Guidance
In 2013, FinCEN published guidance on the “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies” (“the Guidance”). The Guidance interprets rules previously promulgated by the Treasury (“the implementing regulations”) that implement the BSA.
A. Currency, Virtual Currency, and Convertible Virtual Currency
The Guidance invents a fresh term, “Virtual Currency,” that is not found elsewhere in the BSA or the implementing regulations. Virtual Currency is defined broadly in the Guidance to include all manner of items used as a “medium of exchange.” A narrower term, “Convertible Virtual Currency,” is defined as any virtual currency that “either has an equivalent value in real currency, or acts as a substitute for real currency.” Before we can determine the implications of this fresh term, we need to understand the reasoning behind its invention.
The BSA regulates “financial institutions.” The statute offers liberate definitions of various sub-categories of financial institution,[Ten] and grants power to the Treasury to craft fresh or more specific definitions through notice and comment rulemaking. In general, an inquiry into whether a person (individual or business) fits into one of several sub-categories of “financial institution” is focused on what activities that person performs (e.g. money transmission, foreign exchange, banking, etc.), and is not focused on which technologies are used to perform those activities.
However, the majority of these activities are defined in regards to exchanging, storing, or otherwise dealing with “currency,” or instruments denominated in “currency.” Currency is defined in the BSA implementing regulations as “the coin and paper money of the United States or of any other country[.]” Therefore, no activity performed using a private currency or cryptocurrency, like Bitcoin, would fit within the defined activities specifying “currency” as the medium for the activity.
The “money transmitter” sub-category of “financial institution,” however, has a broader definition. It extends to money transmission involving “currency … or other value that substitutes for currency.” Therefore, when the Guidance defines “convertible virtual currency,” it is not creating a freshly regulated activity or technology-based regulation out of entire cloth, but rather clarifying why activities performed using Bitcoin or any other currency substitute may fit within the existing definition of “money transmission” in the implementing regulations. As an significant aside, money transmitters, along with a few other types of person (e.g. prepaid providers) fall into a broader category of “money services business” (“MSB”), which in turn is one of several categories of “financial institution.” Because of this nesting, FinCEN, in guidance or administrative ruling, may refer to a virtual currency business as a “money transmitter” or as a “money services business” alternatively. For our purposes, the terms are interchangeable.
The definition of convertible virtual currency is deliberately broad and can lightly be applied to describe cryptocurrencies (e.g. Bitcoin), as well as Bitcoin-like tokens as found in other open blockchain protocols (e.g. Ether, XRP,[Legal] and others[Nineteen]). A token need not be designed to play a currency-like role in order to qualify; it need only (as per the definition of money transmission) be used as “value” that “substitutes for currency.” The fact that a token was invented to accomplish a very technical non-currency result (e.g. tallying votes amongst computers in a decentralized consensus protocol) will not undo that token’s eligibility for classification as a convertible virtual currency, if it is also used as a medium of exchange and can be a substitute for real currency.
With this perfunctory matter of terminology out of the way, the Guidance then turns to the question of which persons dealing with convertible virtual currencies fit within the money transmitter sub-category of BSA-regulated financial institutions.
B. Exchangers, Users, and Administrators.
The Guidance creates and defines three categories of persons: administrators, exchangers, and users. It explains why only administrators and exchangers qualify as money transmitters and are therefore subject to BSA obligations.
Exchangers. With respect to exchangers, the Guidance reads:
An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency.
An . exchanger that (1) accepts and transmits a convertible virtual currency or (Two) buys or sells convertible virtual currency for any reason is a money transmitter under FinCEN’s regulations.
It’s critical to read these two sections together to avoid confusion, but the result of that careful reading is clear enough. Here are the essential points:
- You are an “exchanger” only if you run a business. The definition of “exchanger” requires that one be “engaged as a business in the exchange of virtual currency” so it does not include individuals buying or selling bitcoin as a individual investment or for other individual purposes.
- You are only a “money transmitter” if you are an “exchanger” that “accepts and transmits” or “buys and sells” bitcoins or another virtual currency. “Accepts and transmits” means you take bitcoin from one customer and send it (presumably on their behalf) to another person or persons. Note that you have to do both, accept and transmit. So if you only accept bitcoin from someone (possibly in come back for a good or service) then you are not a money transmitter. Similarly, if all you do is give bitcoin to someone else (again in come back for a good or service, or perhaps as a bounty) then you are also not a money transmitter. That said, you are a money transmitter if you are an exchanger who “buys and sells . . . for any reason.” So, providing a brokerage or exchange service for customers qualifies as money transmission.
- If you are a money transmitter, then you must conform with the obligations that the BSA and FinCEN place on those types of businesses. Those obligations are the same as those with which companies like PayPal and Western Union have had to obey for decades. They are, generally, three-fold: (1) register with FinCEN; (Two) have a risk-based know-your-customer (KYC) and anti-money-laundering (AML) program; and (Trio) file suspicious activity (SARs).
Users. Our interpretation of exchanger is reinforced by the definition of a user in the Guidance:
A user is a person that obtains virtual currency to purchase goods or services.
And there is a clear statement that users are not money transmitters under the relevant regulations and have no FinCEN compliance obligations:
A user of virtual currency is not an MSB under FinCEN’s regulations and therefore is not subject to MSB registration, reporting, and recordkeeping regulations.
Nonetheless, this definition of user can be a bit confusing because it seems to imply that for someone to be a user (and thus not a money transmitter), she must obtain bitcoin for the foot and express purpose of purchasing goods or services and not anything else, like investing, making a bounty or political contribution, or any other non-exchange-business reason. The problem is that if you are buying or selling your own bitcoins for your own private uses but not, specifically, to “purchase goods or services,” then under a stringent interpretation of the definition you are neither an exchanger (because you are not engaged as a business in exchange) nor a user (because you are not using the bitcoins to buy or sell goods or services). You are an undefined actor according to a stringent reading of the Guidance, and your compliance obligations are unclear.
Administrators. This final category of actors is actually less significant to users and developers of technologies like Bitcoin because a plain interpretation suggests it only relates to centralized virtual currencies that predated Bitcoin, such as E-gold or Liberty Reserve.
The Guidance defines administrator as goes after:
An administrator is a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency.
To fit into that definition you must be able to both issue and redeem the currency. Let’s say that I create a fresh virtual currency modeled on Bitcoin and that I premine a certain number of coins for myself and then release the software and sell some of my coins to interested buyers. At this point, perhaps I have “issued” fresh virtual currency. But, can I also “redeem” that currency? If, like Bitcoin, the network is decentralized, then I have no capability (much less “authority” as the definitions states) on that network to seize (withdraw from circulation) and redeem coins that are now held by users of the network. Contrast that with a centralized virtual currency like E-gold or Liberty Reserve where, because I am the party keeping the authoritative record of transactions on the network, I can always redeem the currency as well as issue it.
Our use of the terms centralized and decentralized and their use in making these distinctions is also in keeping with the spirit of the Guidance. Both centralized and decentralized virtual currency are described in the Guidance, and—with respect to centralized virtual currencies—their administrators are classified as money transmitters:
The 2nd type of activity involves a convertible virtual currency that has a centralized repository. The administrator of that repository will be a money transmitter to the extent that it permits transfers of value inbetween persons or from one location to another.
Given all this, we can see that administrators only exist in the centralized virtual currency context, so we don’t need to discuss them with respect to decentralized virtual currencies like Bitcoin, Ethereum, or Zcash where, once released, the units of cryptocurrency are out of the control of the developers and maintainers of the network.
In total, we can summarize the two thousand thirteen Guidance with respect to four key points:
- There are no administrators in the decentralized cryptocurrency/token space. So the key question for our purposes will always be: who qualifies as an exchanger and who qualifies as a user?
- Exchangers are persons in the business of running an exchange service who either “accept and transmit” bitcoins or similar tokens or “buy or sell” bitcoins or similar tokens. These persons will be treated as money transmitters and must register, collect information about their users, and do other BSA-related compliance.
- Users are persons who obtain bitcoins or tokens solely to purchase goods or services. These persons do not qualify as money transmitters, but it is unclear if the category is intended to cover all persons using bitcoins or tokens who are not exchangers, or if the category is rigorously limited to individuals purchasing goods or services with bitcoins or other tokens.
- If users is narrowly interpreted, then there are a host of other persons, including software developers and investors, who are not exchangers as defined and also not users as defined, and the guidance is silent regarding their status as money transmitters.
III. Later Administrative Rulings and Settlements
Since 2013, FinCEN has issued several administrative rulings clarifying how the original Guidance applies to specific fact patterns described by companies who have sought clarification. Additionally, in two thousand fifteen FinCEN reached a settlement with Ripple Labs that also includes an interpretation of the Guidance that may be relevant to other companies in the space.
A. Two thousand fourteen Software and Investment Administrative Ruling
In 2014, FinCEN, in an administrative ruling (the Software and Investment Ruling), clarified how software development relates to the Guidance:
The production and distribution of software, in and of itself, does not constitute acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency.
This interpretation makes it clear that software development alone cannot rise to the level of money transmission. It’s unclear whether we would call developers users but the result is the same; they are not subject to BSA regulation.
The Software and Investment Ruling also seemingly expanded the category of user with respect to investment activities:
[W]hen the Company invests in a convertible virtual currency for its own account, and when it realizes the value of its investment, it is acting as a user of that convertible virtual currency within the meaning of the guidance. As a result, to the extent that the Company thresholds its activities stringently to investing in virtual currency for its own account, it is not acting as a money transmitter and is not an MSB under FinCEN’s regulations.
So, buying and selling as an investment for yourself does not qualify as being an exchanger. As long as you are dealing only with your own virtual currency, and not acting as a third-party intermediary for others (e.g. running an exchange as a business), you are not a money transmitter and are not subject to FinCEN rules.
Note that this administrative ruling was suggested to a “company,” not an individual, so this exemption does not depend on the entity in question being an individual rather than a business operating for profit. If you run a business that has invested in bitcoin and you sell those investments for profit, then you are an unregulated user not a regulated exchanger. If you run a business, however, that is explicitly engaged in helping others buy, sell, or send bitcoin or another decentralized token, then you are a regulated exchanger and do need to register with FinCEN and conform with its rules.
B. Ripple Labs Settlement
In May of 2015, FinCEN reached a settlement agreement with Ripple Labs, a company that builds products utilizing the decentralized cryptocurrency known as XRP. In the settlement agreement’s “Statement of Facts and Violations,” the following activity is described as a disturbance of the Bank Secrecy Act as interpreted by the Guidance:
Notwithstanding the Guidance, and after that Guidance was issued, Ripple Labs continued to engage in transactions whereby it sold Ripple currency (XRP) for fiat currency (i.e., currency announced by a government to be legal tender) even however it was not registered with FinCEN as an MSB. Via the month of April 2013, Ripple Labs effectuated numerous sales of XRP currency totaling over approximately $1.Trio million U.S. dollars.
So the disturbance addressed by the settlement was evidently a sale of XRP by Ripple Labs. To be clear, Ripple Labs was selling tokens (XRP) that it, the company, possessed. Ripple Labs was not an intermediary selling on behalf of someone else. This could indicate that merely selling tokens on your own account qualifies you as an exchange, seemingly contradicting the interpretation in the Software and Investment Ruling.
The Ripple settlement Statement of Facts and Violations also lists other things that Ripple did under the subheading “violations”:
Ripple Labs has previously described itself in federal court filings and in a sworn affidavit as “a currency exchange service providing on-line, real-time currency trading and cash management . . . . Ripple facilitates the transfers of electronic cash equivalents and provides virtual currency exchange transaction services for transferrable electronic cash equivalent units having a specified cash value.”
But note that this paragraph sets forward how Ripple Labs described itself; it does not state anything Ripple Labs actually did. At no point does the Settlement Agreement or its Statement of Facts and Violations explain how these self-descriptions amounted to a disturbance.
It is true that Ripple (the network) is more complicated than Bitcoin as far as marketing and technical capacities are worried because the Ripple network uses “gateways” to budge not just XRP but also a range of foreign currencies on behalf of the network’s users. It is also true that these gateways are exchanging electronic cash equivalents and foreign currencies as a business for their customers (which fits our understanding of the definition of exchanger fairly well). But Ripple Labs doesn’t (and never did) run or endorse those gateways, and none of these extra facts and details about the Ripple protocol are listed as violations in the settlement. So, the only putative disturbance of the Guidance and the Bank Secrecy Act set forward in the settlement agreement is the sale of XRP described above.
Does the Ripple Settlement contradict the Software and Investment Ruling? At what point is selling from your own account something that you can do as an unregulated user, and when does it rise to the level of you becoming an exchanger? What made Ripple Labs different than the company in the Software and Investment Ruling that sold Bitcoin from its own account?
At this point it is significant to note that what we are discussing is a settlement agreement, not a court judgement. FinCEN is agreeing with Ripple Labs in this document not to prosecute Ripple Labs for “any of the conduct described in the statement of facts.” This means that the interpretation of the Guidance as found in the settlement is not precedential; it trusses only Ripple Labs and FinCEN with respect to prosecuting Ripple Labs. If a different company engages in similar behavior in the future but chooses not to lodge, then FinCEN would have to elaborate on its claims and clarify which specific acts were actually money transmission and which were not. That hasn’t happened, however, and the two thousand fifteen settlement order, as it stands, seems to contradict the Software and Investment Ruling at least as far as selling from one’s own account is worried. Two years on, this ambiguity has not been clarified.
IV. Applying the Guidance to various persons in the cryptocurrency space.
There are a broad multiplicity of businesses in the cryptocurrency space. Some will fit into the definition of exchanger and they will need to register with FinCEN and conform with KYC/AML requirements. Some will fit into the definition of user and they will not need to register or conform with KYC/AML requirements. None of the companies or individuals in the decentralized cryptocurrency space will fit the definition of administrator.
To make this discussion clear we need categories of our own to describe the various business models that might or might not fit into the definition of exchanger or user. We can use the following categories:
- Custodial Exchange — A company that connects token/bitcoin buyers and sellers, holds their tokens/bitcoin as a custodial intermediary during the exchange, and/or acts as a broker.
- Non-custodial Exchange — A company that permits buyers and sellers to post and accept suggest messages, communicate, and find each other for direct peer-to-peer transactions used to lodge a trade.
- Non-custodial Wallet Developer — A company that makes, updates, and services software that permits individuals to hold their own tokens/bitcoins locally on their individual devices.
- Total Knot or Miner — A company or individual that runs bitcoin or other decentralized token network software that relays signed transaction messages and/or writes fresh blocks to the network’s blockchain.
- Fresh Token Developer — A company or individual that creates software that, when run by a network of peers, creates a fresh decentralized token like bitcoin.
- Fresh Token Developer and Seller — A token developer, as described above, who also sells some initial distribution of the token to interested buyers.
Now we’ll take each of these categories and see if they fit the definition of exchanger and therefore will be a money transmitter that needs to register and obey, or if they fit the definition of user and therefore clearly do not need to serve.
A custodial exchange will undoubtedly be an exchanger and a money transmitter according to the guidance. Such a company runs an exchange service as a business and both “buys and sells” bitcoin and “accepts and transmits” bitcoin for their users (rather than merely for their own account). This is not a debated or contested interpretation and, indeed, major custodial exchanges in the U.S. are registered with FinCEN.
An analysis of the implementing regulations leads us to a similar conclusion, albeit via a more complicated path. The foundational question remains, does the custodial exchange “accept and transmit” bitcoin for their users? “Accept” is not defined in the BSA, but it is a defined term in the implementing regulations:
A receiving financial institution, other than the recipient’s financial institution, accepts a transmittal order by executing the transmittal order. A recipient’s financial institution accepts a transmittal order by paying the recipient, by notifying the recipient of the receipt of the order or by otherwise becoming obligated to carry out the order.
This definition is strongly reliant on the term “transmittal order” so we should also take a look at the implementing regulations’ definition of that term:
The term transmittal order . . . is an instruction of a sender to a receiving financial institution, transmitted orally, electronically, or in writing, to pay, or cause another financial institution . . . to pay, a immobile or determinable amount of money to a recipient if:
(1) The instruction does not state a condition to payment to the recipient other than time of payment;
(Two) The receiving financial institution is to be reimbursed by debiting an account of, or otherwise receiving payment from, the sender; and
(Three) The instruction is transmitted by the sender directly to the receiving financial institution or to an agent or communication system for transmittal to the receiving financial institution.
A bitcoin transaction, if it is sent from one custodial exchange to another may fit this definition of transmittal order, and the sender’s exchange may then be said to “accept and transmit” the bitcoins. For example, let’s say Alice wants to use bitcoin to pay for footwear sold by a merchant. Let’s assume that Alice uses Coinland (a fictional custodial exchange) to safekeep her bitcoins. To pay for the boots, Alice will use an application on her phone to ask Coinland to send some amount of those bitcoins to a bitcoin address that was provided to her by the shoe merchant. Let’s say the shoe merchant uses a different custodial exchange, Bitprocess (another fictional company) to accept bitcoin payments. In this case, there is a colorable argument that Coinland has been instructed by Alice to cause another financial institution, Bitprocess, to pay or become obligated to pay a designated amount of Bitcoin to the merchant. Coinland executes that order. Coinland’s activity in the transaction may fit the definition of “accept” in the implementing regulations.
A non-custodial exchange is very likely not an exchanger or a money transmitter. If, like Craigslist or any other online classified advertising service, the business merely helps individual buyers and sellers find and communicate with each other, then it is never “accepting and transmitting” tokens or bitcoins for its users, nor is it “buying or selling” tokens or bitcoins. It may be commonly understood as an exchange because it deals in exchange-related information (e.g. order-books, offers, acceptances, communications inbetween buyers and sellers) but it, as a company, is never doing the actual currency conversion or treating the actual tokens or money; that all happens peer-to-peer.
Another way to characterize what these companies do is: development of a web-based software contraption (e.g. a website) that facilitates peer-to-peer exchange. As we discussed earlier, FinCEN’s Software and Investment Ruling describes mere software development and distribution as outside the scope of BSA regulation.
Additionally, the individual buyers and sellers, assuming they are merely opening or closing their own individual investment positions, will likely be found to be users as per the Software and Investment Ruling. This will almost certainly be the case if both the buyer and seller are merely exchanging bitcoin to and from their individual software wallets (i.e. a truly peer-to-peer transaction without a custodial intermediary involved). If, however, while negotiating a sale of Bitcoin either the buyer or seller knows that they are helping their counterparty stir money into or out of a custodial exchange for particular purposes (especially illicit purposes) then they may be treated as an exchanger. There will be more on this question later, in a section on applicable case law.
A non-custodial wallet developer is likely not an exchanger or a money transmitter. This company does not buy and sell tokens or bitcoins, but they do help individuals hold and transmit their own tokens or bitcoin by building and supporting software instruments (e.g. wallet apps). The operative question here is, again, whether the developer of the software ever “accepts and transmits” the bitcoin or tokens. The Software and Investment Ruling indicates that FinCEN would not treat this activity as money transmission because the wallet developer is engaging only in the “production and distribution of software.”
Recall our previous discussion of custodial exchanges and the hypothetical where Alice is paying a merchant for footwear using bitcoin. Imagine that Alice was not using a custodial wallet provider to hold her bitcoins and initiate transactions. Imagine, instead, that she was initiating the transaction herself by running non-custodial wallet software on a smartphone she carries with her. In this case, Alice, herself, is sending bitcoins to an address managed by Bitprocess, and Bitprocess is obligated to pay those bitcoins to the merchant. The developer who wrote the software that Alice runs on her phone has not been ordered to do anything with respect to this payment, and—indeed—they are likely unaware of the payment and have no power or obligation to execute a transmittal order or otherwise cause Bitprocess to pay the Merchant; Alice has that power.
Bitprocesss, as the merchant’s custodial exchange, is a money transmitter, but the company that developed the software Alice uses is not. The developers simply built the implements that permitted Alice to compose and broadcast bitcoin transaction messages on the peer-to-peer network. She does this using her phone all by herself and without an intermediary acting on her behalf.
This interpretation of “accept” can be buttressed with a look at how acceptance is understood in other legal realms. For example, acceptance is a well understood concept in the law of contracts and delivery of physical goods. A token or bitcoin is not a flawless analog for a physical good, and contract law is not a ideal analog for administrative law dealing with money transmission regulation. However, in these legal traditions “acceptance” is something that happens after delivery and only once there has been reasonable chance to inspect and reject the item. At the very least we would expect that for there to be an acceptance of bitcoin or tokens, the recipient should be given actual control or possession of the tokens (something akin to “tender of delivery”) and they should have and retain the capability to determine the future of token’s disposition—e.g. they can unilaterally send them to someone else or withhold them from others indefinitely. A person who merely designs and distributes wallet software will not have access to the data essential to controlling the bitcoins or tokens kept in that wallet—i.e. the private keys—therefore they never will have accepted anything from the users of their software products and should not fit the definition of an exchanger or money transmitter.
A person running a utter knot or a miner is not an exchanger or a money transmitter. These persons run computers that relay signed transaction messages via the network and, in the case of miners, they may bundle signed transactions into a block for addition to the blockchain. While this activity bears a superficial resemblance to financial intermediaries relaying bank wires, the nature of cryptocurrency networks means that none of these participants ever actually accepts the tokens. Only the person designated by the sender as the recipient in a cryptocurrency transaction message can ever spend the funds. Merely relaying or intercepting the transaction message does not grant the total knot or miner any actual control over the cryptocurrency being sent.
“Acceptance” also has a legal definition in the payments context, and it is generally understood as: “the receipt of a check or other negotiable instrument by a bank or another drawee.” A bitcoin transaction message received or broadcast by a total knot is not a “negotiable instrument” because it is not an “unconditional promise or order to pay a immobilized amount of money.” If I attempt to send you a bitcoin, but my transaction message doesn’t get relayed or included in a block, I am not in breach of any promise to pay you (assuming we don’t have any other agreements outside of my broadcasting the message on the bitcoin network).
Eventually, there’s the question of a miner who is rewarded with fresh bitcoins for maintaining the network (as per the cryptocurrency’s new-money-creation schedule). If the miner uses these bitcoins to buy fresh mining hardware for its business, are they an exchanger or a user? Clearly they are a user because they fit the basic definition: “A user is a person that obtains virtual currency to purchase goods or services” and FinCEN, in another administrative ruling (Mining Ruling), also made it clear that “obtains” can be by any means, including mining:
How a user obtains a virtual currency may be described using any number of other terms, such as “earning,” “harvesting,” “mining,” “creating,” “auto-generating,” “manufacturing,” or “purchasing,” depending on the details of the specific virtual currency model involved. The label applied to a particular process of obtaining a virtual currency is not material to the legal characterization under the BSA of the process or of the person engaging in the process to send that virtual currency or its equivalent value to any other person or place. What is material to the conclusion that a person is not an MSB is not the mechanism by which a person obtains the convertible virtual currency, but what the person uses the convertible virtual currency for, and for whose benefit.
But what if this miner goes and sells the tokens they mined for dollars; are they now an exchanger? The Software and Investment Ruling suggests that the miner is merely selling from her own account and is, therefore, excluded. And the Mining Ruling was specifically directed at a company with this exact fact pattern:
From time to time, as your letter has indicated, it may be necessary for a user to convert Bitcoin that it has mined into a real currency or another convertible virtual currency, either because the seller of the goods or services the user wishes to purchase will not accept Bitcoin, or because the user wishes to diversify currency holdings in anticipation of future needs or for the user’s own investment purposes. In undertaking such a conversion transaction, the user is not acting as an exchanger, notwithstanding the fact that the user is accepting a real currency or another convertible virtual currency and transmitting Bitcoin, so long as the user is undertaking the transaction solely for the user’s own purposes and not as a business service performed for the benefit of another. A user’s conversion of Bitcoin into a real currency or another convertible virtual currency, therefore, does not in and of itself make the user a money transmitter.
FinCEN has been very clear about miners; they are users, not exchangers, and they are not subject to BSA financial surveillance requirements. It is reasonable that the same analysis would apply to stakers in a proof-of-stake decentralized token scheme, or other participants on a decentralized computing system who are automatically rewarded with tokens for their fair maintenance of the network infrastructure.
A fresh protocol developer who does not sell tokens to others but, instead, gives them away or distributes them through mining (e.g. Bitcoin’s release schedule) is likely not an exchanger or a money transmitter for the same reasons as the non-custodial wallets and exchanges described above. As per the Software and Investment Ruling, this person or company is only engaged in the “production and distribution of software” and they do not “accept and transmit” tokens or bitcoins for others.
A fresh protocol developer who also sells their protocol’s tokens may or may not be an exchanger under the Guidance. This area is enormously uncertain and warrants further analysis. As we previously discussed, according to the Software and Investment Ruling, a company that sells virtual currency from its own account is treated by FinCEN as a user. In the context of creating a fresh virtual currency or token, the creator is selling from their own account when they sell something they created. It would therefore seem clear that a person developing and selling fresh bitcoin-like tokens is not a money transmitter because they fit into the expanded understanding of user according to FinCEN’s administrative rulings, which would save them from being classified as regulated exchangers.
Unluckily, given the Ripple Settlement, it’s not that elementary. In that settlement, FinCEN alleged that Ripple Labs, merely by selling XRP that it wielded as a business, qualified as an exchanger and therefore a money transmitter.
One might attempt and square this circle by suggesting that the Software and Investment Ruling only applies to companies that are making and then selling investments in bitcoin or tokens, and doesn’t apply to persons that have bitcoins or tokens for reasons other than investment (e.g. development, experimentation, etc). However, recall that in the Mining Ruling FinCEN explained how selling from one’s own account does not qualify as being an exchanger and suggested that how one obtains the tokens before selling them is immaterial to the question:
The label applied to a particular process of obtaining a virtual currency is not material to the legal characterization under the BSA of the process or of the person engaging in the process to send that virtual currency or its equivalent value to any other person or place. What is material to the conclusion that a person is not an MSB is not the mechanism by which a person obtains the convertible virtual currency, but what the person uses the convertible virtual currency for, and for whose benefit.[Sixty-nine]
And that ruling suggested that “creating” is one of the descriptive labels that fall within the term “obtaining” tokens. A developer that pre-mines tokens running on a decentralized network of its own design is, almost certainly, “creating” those tokens. If they then sell them, how is that distinguishable from a mining company that sells bitcoin on its own account? This is unclear.
V. Fresh Token Sales: An response in the regulations?
At this point we’ve reached the end of the guidance material that’s most likely helpful to discuss. Guidance is merely the agency’s interpretation of the actual laws that control—laws that were passed by Congress and that FinCEN is tasked with enforcing (not creating or reinventing). In the case of the two thousand thirteen Virtual Currency Guidance, we are actually two steps eliminated from the statute. The Guidance interprets FinCEN’s previously promulgated rules found in the Code of Federal Regulations (31 CFR Part 1010), which, in turn, interpret and implement the actual law passed by Congress, the Bank Secrecy Act.
The implementing regulations have this definition of money transmission:
The term “money transmission services” means the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.
Let’s analyze this by looking at a hypothetical: Let’s say Alice develops a brand fresh decentralized virtual currency, pre-mines some units of virtual currency for herself (let’s call them AliceCoins), and then sells some AliceCoins to her friend Bob, who’d like to invest in AliceCoin, for dollars in a face-to-face cash transaction. Is Alice a money transmitter? Let’s walk through the questions in the analysis:
Has she “accepted” currency from one person? Yes, Bob gave her dollars.
Has she transmitted a currency substitute to another person? No, she gave some AliceCoin (which might be a currency substitute) to the same person, Bob, who gave her the dollars.
Has she transmitted AliceCoin to another location? To response that question we must understand what the regulation is attempting to achieve by specifying “from one location to another.”
Generally, this language is used to describe a company that helps a person budge money from a bank account they have in one country, say the United States, to a bank account they have in another country, say Switzerland. The money is transmitted from one location to another even if it is not transmitted to another person but to an account the same person controls.
Asking whether someone has moved virtual currency inbetween two locations, however, is a very, very strange question in the context of decentralized virtual currency networks. There indeed is no location within which the virtual currency can ever be said to exist. Is it in the blockchain? In a way, yes, but not truly. The blockchain is just a list of past transactions that involve the currency; it doesn’t have any currency inwards of it; it is a data structure. Where is the blockchain? It is at the same time replicated across every computer on the decentralized network, which could lightly be most countries in the world at the same time. In our Alice and Bob example, is that blockchain another location? If so, what was the very first location for the transaction? Is it wherever Alice and Bob were standing in our face-to-face AliceCoin sale? What if the sale isn’t in person? What if Alice is negotiating with Bob over the Internet and one of them is in Fresh York while the other is in California. Which is the very first location?
It could also be said that an amount of virtual currency exists in the form of skill kept secret by a person. When Alice sends Bob some AliceCoins she’s sending them to an AliceCoin address that was generated by Bob’s smartphone or laptop along with the private key that is required to stir those AliceCoins in the future. So is the very first location the place they are meeting (where Bob’s cash switched forearms) and the 2nd location Bob’s phone, which generated and holds the private keys?
And yes, you can certainly use decentralized virtual currency networks to transmit value across an ocean, but it’s the decentralized network that is performing that function for you, or it might be said that you are performing that function for yourself when you cross national borders with a bitcoin software wallet on your phone, but it’s certainly not the creator of the virtual currency who performs that function.
This all reads more like a bad metaphysics treatise than a legal analysis with serious criminal consequences.
Even if we accept that the location has switched inbetween the dollars in palm to the private keys in phone, and even if we accept that this is a “transmission” that must only be performed by entities that are collecting information about their counterparties, how do we square this with the previous administrative rulings and the Ripple Settlement? How is anyone selling any virtual currency for any reason not always doing money transmission? Maybe they always are unless FinCEN determines they are not, but that would be an alarmingly arbitrary way to do regulation.
VI. Fresh Token Sales: An reaction in the case law?
There is only one judicial opinion, U.S. v. Faiella, that explicitly offers an interpretation of what “accept and transmit” means in the context of people selling tokens on their own account. The defendant, Faiella, was selling his own bitcoin’s peer-to-peer in exchange for dollars. Faiella argued that he was merely selling on his own account. The court, however, found that he was engaged in money transmission because he was, in fact, acting as an exchange intermediary inbetween his customers (the individual buyers) and the Silk Road (an online drug marketplace that held individual bitcoin accounts for its users). Here’s the court’s reasoning (emphases added):
Defendant argues that while Section one thousand nine hundred sixty requires that the defendant sell money transmitting services to others for a profit, see thirty one C.F.R. § 1010.100(ff)(Five)(1)(2013) (defining “money transmission services” to require transmission of funds to “another location or person”), Faiella merely sold Bitcoin as a product in and of itself. But, as set forward in the Criminal Complaint that initiated this case, the Government alleges that Faiella received cash deposits from his customers and then, after exchanging them for Bitcoins, transferred those funds to the customers’ accounts on Silk Road. Ind. ¶ Five; Complaint ¶¶ 14, 17-18. These were, in essence, transfers to a third-party agent, Silk Road, for Silk Road users did not have total control over the Bitcoins transferred into their accounts. Rather, Silk Road administrators could block or seize user funds. I, Complaint ¶¶ 29, 41. Thus, the Court finds that in sending his customers’ funds to Silk Road, Faiella “transferred” them to others for a profit.
Reasoning in the negative, this would indicate that selling directly to a buyer, rather than serving as an intermediary inbetween a buyer and another custodial institution, would not be transmission of funds to “another location or person.” However, that interpretation likely opens up the court’s reasoning to cover facts and situations that it did not contemplate.
Now, you might say, we need to look to the statute if the Guidance, the rulings, the regulations, and the case law are all unclear. Unluckily, that’s not how the Bank Secrecy Act works. That law merely tells the Department of Treasury and FinCEN to define a set of actors that are “Financial Institutions” and then to make them obey with anti-money-laundering recordkeeping and reporting requirements. It is silent on more specific questions such as these. As a result, we are left having surveyed all the relevant legal sources and we still do not have a clear understanding of when selling a decentralized currency you own and helped develop constitutes money transmission.
VII. Conclusions and Recommendations
FinCEN’s Virtual Currency Guidance brought much needed certainty to cryptocurrency innovators in 2013. It clearly lodged what was at the time the most fundamental question facing persons using or interested in using these networks: will I need to register with FinCEN and obey with the BSA if I’m helping others exchange their Bitcoin for dollars or other cryptocurrencies? The reaction was yes, exchangers are money transmitters. Subsequent administrative rulings clarified several remaining ambiguities: miners are not money transmitters, neither are investors or software developers.
In 2017, however, with token sales and fresh decentralized token development accelerating, a remaining grey area menaces to dampen innovation in the US by casting a shadow of legal risk and uncertainty across some of the most arousing fresh projects in the ecosystem. Are the developers of a fresh decentralized token protocol also money transmitters if they sell their tokens to U.S. citizens? Applicable administrative rulings, the Guidance, the case law, and the Ripple Settlement Agreement point to different possible answers and none suggest any certainty.
Common understanding suggests that money transmission is an act performed by an intermediary, a person who stands inbetween two parties accepting money from one and transmitting it to another. When a person transacts directly with another person, providing them money for any reason—as a bounty, a payment, a donation, a grant, a tip—she does not play this intermediary role. She does not hold herself out as a trusted third party. She is engaged in private, private transactions rather than being engaged as a third party to the transactions of others.
Deputizing third-party intermediaries to surveil their users on behalf of the government is a policy choice Congress made long ago; one that carries risks to individual privacy but also potential benefits to national security and peace. It’s a tradeoff Congress made back in the 1970s and it isn’t going away anytime soon. However, mandating the same kind of surveillance from individuals who are not intermediaries—who are merely transacting on their own account with another citizen—is a considerable recalibration of the balance inbetween privacy and security. It tips the scales against private privacy and may even be unconstitutional.
This is not a recalibration that should be made merely by issuing administrative rulings or guidance, the treatment thus far taken by FinCEN when dealing with these questions. Instead, FinCEN should clarify that selling decentralized virtual currency on one’s own account does not constitute money transmission, regardless of whether the purpose of that sale is to pay a merchant, to sell tokens received through mining, or—indeed—to sell one’s own freshly invented decentralized token.
Should FinCEN or Congress wish to regulate this activity for financial surveillance purposes, that switch must be the subject of a larger, more public debate within a notice and comment rulemaking or an amendment to the statutory law itself. Only those formal processes can enable necessary debate over financial surveillance and the constitutionality of warrantless search.
 thirty one USC §§ 5311-5332.
[Three] FinCEN is a Bureau within the Treasury established by order of the Secretary of the Treasury (Treasury Order Numbered 105-08).
[Four] There are numerous different projects that use open source software to create a public network on the internet capable of recording and verifying significant data collective inbetween the network’s participants. If that collective data is related to a ledger of transactions made in a native token we often call these systems cryptocurrency networks. Bitcoin was the world’s very first cryptocurrency, and several similar projects have followed. However, the tokens described on that ledger need not be used as currency. Just as tokens and other bearer instruments in real life can represent various entitlements (e.g. theater tickets, vouchers, stock and bond certificates, etc.) so too can tokens described by a decentralized ledger maintained by an open network of participants. A list of many active token projects can be found at http://coincap.io. For more on building a token project on top of Ethereum’s existing decentralized computing infrastructure, see Peter Van Valkenburgh, “What does it mean to issue a token ‘on top of’ Ethereum?” Coin Center (May 2017) https://coincenter.org/entry/what-does-it-mean-to-issue-a-token-on-top-of-ethereum.
[Five] See Smith + Crown, What is a token sale (ICO)? (last accessed May 2017) https://www.smithandcrown.com/what-is-an-ico/.
 Department of the Treasury Financial Crimes Enforcement Network, FIN-2013-G001 Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (March Legitimate, 2013) available at https://www.fincen.gov/sites/default/files/collective/FIN-2013-G001.pdf.
 thirty one CFR §§ 1010-1060
 Guidance supra note six at one (“In contrast to real currency, “virtual” currency is a medium of exchange
that operates like a currency in some environments, but does not have all the attributes of real
currency. In particular, virtual currency does not have legal tender status in any jurisdiction.”).
 Id. (“This guidance addresses “convertible” virtual currency. This type of virtual currency either has
an equivalent value in real currency, or acts as a substitute for real currency.”).
 See e.g. thirty one CFR § 1010.100(ff)(1) where FinCEN defines a “dealer in foreign exchange” as a “person that accepts the currency, or other monetary instruments, funds, or other instruments denominated in the currency, of one or more countries in exchange for the currency, or other monetary instruments, funds, or other instruments denominated in the currency, of one or more other countries in an amount greater than $1,000 for any other person on any day in one or more transactions, whether or not for same-day delivery.”
 Additionally, according to the FinCEN guidance, virtual currency activities do not fall within the definition of prepaid access providers. See Guidance supra note six at note eighteen (explaining that “‘prepaid access’ under FinCEN’s regulations is limited to ‘access to funds or the value of funds.’ If FinCEN had intended prepaid access to cover funds denominated in a virtual currency or something else that substitutes for real currency, it would have used language in the definition of prepaid access like that in the definition of money transmission, which expressly includes the acceptance and transmission of “other value that substitutes for currency.”).
 Implementing Regulations supra note seven at § 1010.100(ff)(Five).