When digital currency entrepreneurs today decry the regulation that is “stifling innovation” in their industry, they’re usually talking about money transmission regulation. Money transmission regulation exists at both the state and federal levels in the US.
Money Transmitters under Federal Law
On March 18, 2013, the Financial Crimes Enforcement Network (“FinCEN”) published guidance announcing that it would make no distinction between government (or “fiat”) currency and digital currencies like Bitcoin for the purposes of the money transmission laws. Thus, taking Bitcoin as an example:
- individuals and businesses who merely exchange Bitcoin for goods and services (and vice-versa) are not money transmitters.
- businesses that accept Bitcoin from one person and send it to another (or back to the same person) are money transmitters, and are not exempt from money transmission regulation simply because they do not deal in fiat currency.
- any business that exchanges fiat currency for bitcoins – or even one kind of digital currency for another – is a money transmitter.
- payment processors who accept Bitcoin from a merchant’s customers and pass dollars to the merchant are usually money transmitters.
Federal Money Transmitter Obligations
FinCEN regulates money transmitters pursuant to a legislative framework known as the Bank Secrecy Act (“BSA”), which includes elements of the Patriot Act together with other laws and implementing regulations. The primary consequences of this regulation is that money transmitters must:
- register with FinCEN;
- undergo an initial risk assessment and adopt a written anti-money laundering policy based on those risks;
- appoint a qualified compliance officer with a sufficient budget and qualifications commensurate with the business’ risks;
- train employees in the operationalization and implementation of the compliance program; and
- undergo regular independent testing and review of the business’ compliance program.
Money transmitters must also make extensive reporting to FinCEN concerning the personal information of their customers as well as transactional data, sometimes outright deny service to certain customers, and even continue servicing customers while permitting government agencies to monitor each of the transactions. Suspicious transactions – or even transactions in due course over a certain dollar amount – must be reported to FinCEN. In effect, the BSA deputizes financial institutions, requiring them to act as the government’s foot soldiers in its war on money laundering and illicit finance. In the cases of international or otherwise “high risk” clients, the business must take even more stringent identification measures.
Money Transmitters under State Law
Federal law requires mere registration, but state law requires licensure. A money transmission license is not a right; it’s a privilege, and whether any particular state will consider a business worthy of such a privilege depends entirely on the state in question. This makes tricky business of planning a nationwide licensing rollout because, by and large, state regulatory bodies have offered little guidance to Bitcoin businesses.
The one constant among the states is that they can exercise “extraterritorial jurisdiction”: any business servicing or soliciting the state’s citizens must satisfy that state’s licensing requirements, even if the business has no physical presence in that state. Thus, a Bitcoin business planning to service all United States customers must satisfy every one of the states’ licensing regimes, wherever located. This practice is a particular challenge to entrepreneurs dealing in digital currency, which, by design, is a borderless medium of exchange. A Bitcoin business located in New York City likely services each of its customers in much the same way, technologically, whether that customer lives in Gainesville, Green Bay, Genoa or Geneva. Yet, it must satisfy fifty different sets of often dissimilar licensing obligations.
Unfortunately, no state’s laws mention Bitcoin – or any other decentralized digital currency. The statutes are archaic. Many were conceived and drafted prior to the invention of the floppy disk, and were never intended to address anything more exotic than a wire transfer. The men who crafted these laws never considered that a computer could slip into a backpack, let alone store millions of dollars in convertible value.
A few states, like Texas and Kansas, have published official guidance on whether and how their laws apply to digital currency businesses. New York has taken a different approach, and proposed a digital currency-specific license informally dubbed the “BitLicense”. A digital currency company’s obligations under the BitLicense proposal differs significantly from its obligations under, say, a Georgia money transmitter license. Most states, though, have taken an approach that seems to digital currency business like a combination of “wait and see” and “I’ll know it when I see it.” That is, they have not offered formal guidance to the industry on how they intend to regulate digital currency businesses or even what particular business models will require licensure.
State Money Transmitter Obligations
Once filed, states will not approve all applications for licensure. The application process itself is rigorous and some applications will be rejected. Whereas FinCEN’s federal regulators see themselves as money laundering preventers, state regulators see themselves as consumer protectors. The goal of the application process is to ensure safety, soundness and solvency and the information required can include:
- Audited financial statements of the applicant business and any subsidiaries
- Personal financial records of all directors, principal officers, owner or 10% shareholders (“Control Persons”)
- Records of occupations for all Control Persons for the last fifteen years, including any disciplinary actions taken by any employer
- List of all lawsuits or criminal complaints against any Control Person in the last fifteen years
- Third-party criminal and civil background checks
- Marital, divorce and familial records, including names of dependents of Control Persons
- Fingerprints of Control Persons
In addition to the disclosure requirements, the financial obligations are substantial. Some money transmitters must carry at least a $500,000 surety bond, and bonding agents will require a recurring yearly payment of approximately 2% of the total bond amount, depending on the credit rating of the bond’s guarantor. An applicant must also satisfy minimum capitalization requirements that push well into the six figures.
When all is said and done, the initial financial outlay for what is often referred to as “full compliance” with federal and state laws can approach a seven-figure amount over the course of a year. Add to that the ongoing costs of annual reporting, recordkeeping, audits and legal fees, which after a few years tend to outstrip the initial outlay.
In the early days of March 2013, digital currency businesses assumed they were software companies just like the dot-com companies that came before them. They created new products in a largely unregulated space, a practice they call “permissionless innovation.” FinCEN’s publication of its now-famous guidance turned this attitude on its head. Instead of focusing on how a new product might disrupt existing finance business models, entrepreneurs were forced to focus on building a product that could fit into an ancient regulatory framework.
To a certain extent, this is the case for all businesses and all regulations. Digital currency entrepreneurs, though, have it much worse. These entrepreneurs are disrupting what is arguably the most heavily-regulated industry in the country, and they are dealing with regulations that were written for business models that have not changed significantly for decades.
There are at least two real-world consequence to this state of affairs. First, some new business models that could drastically improve the industry and benefit consumers won’t comply with U.S. law. These businesses either move offshore to innovate in foreign lands or simply quit and move on to a different product. To be sure, consumers may be better off as a result of losing some of these businesses. They may be money laundering operations, solvency disasters waiting to happen or any number of net-losses for the community. But others have the potential to unseat inefficient, entrenched incumbents, to connect the unbanked to the world financial system, and to generally do good for the country and the world with trivial AML or consumer protection risks.
Second, for those business models who can fit into the existing regulations, the frictional costs of determining how or even whether these obligations apply, combined with the costs of ongoing compliance, acts as a barrier to entry for bootstrapped software companies. Undesirably, it also acts as a barrier to entry for startups that are relatively well-funded. It is only the extraordinarily well-funded enterprises that seem to attempt compliance with all of money transmission obligations in the U.S. Most businesses are shut out. When entrepreneurs talk about “stifling innovation”, this is precisely what they mean.