As this 2018 Allen & Overy White Paper explains, the Bank Secrecy Act provides that only persons considered “financial institutions” are subject to AML regulatory obligations. “[T]he definition of “financial institution” depends, inter alia¸ on registration requirements imposed by the Financial Crimes Enforcement Network (“FinCEN”) (with respect to money services businesses”), the Securities and Exchange Commission (“SEC”) (with respect to issuers, brokers, and dealers of securities), and the Commodity Futures Trading Commission (“CFTC”) (with respect to brokers and dealers of commodities and related financial derivatives).” In 2019 FinCEN issued guidance indicating that businesses dealing with Convertible Virtual Currencies (CVCs), a particular type of cryptocurrency, may be subject to the BSA as well. In addition, Allen & Overy note that states also apply their own regulatory requirements, such as the New York State Department of Financial Services “Bitlicense” regulation.
The White Paper notes that, “[w]hether qualifying as an MSB or a broker or dealer in securities or commodities, the BSA requires Financial Institutions to maintain a risk-based AML compliance program, apply a customer identification program (CIP), report suspicious activity and certain other transactions, and maintain certain records.” The confusion created by multiple regulatory schemes, however, has helped deter some financial institutions from directly engaging cryptocurrencies, but these banks are in danger of falling behind. Cryptocurrency will likely only continue to grow in importance, as China and Facebook already realize (both the country and the social media company are looking to develop their own cryptocurrencies).