Legal Seminar, Denver, CO

071018 Discussion Draft

and transaction monitoring obligations set down in Parts 1010 and 1022 of 31 CFR Chapter X. Examples of such requirements include the filing of Currency Transaction Reports (31 CFR § 1022.310) and Suspicious Activity Reports (31 CFR § 1022.320), whenever applicable, general recordkeeping maintenance (31 CFR § 1010.410), and recordkeeping related to the sale of negotiable instruments (31 CFR § 1010.415). Furthermore, to the extent that any of the Company’s transactions constitute a “transmittal of funds” (31 CFR § 1010.100(ddd)) under FinCEN’s regulations, then the Company must also comply with the “Funds Transfer Rule” (31 CFR § 1010.410(e)) and the “Funds Travel Rule” (31 CFR § 1010.410(f)).” h. Further analogies may be drawn from FIN-2015-R001 (Aug. 14, 2015), in which FinCEN advised a business that essentially provided digital wallet services to facilitate the exchange of precious metals using blockchain technology. It charged fees for each transaction, as well as for the physical custody of precious metals that were traded by the users. When the Company issued a digital certificate of ownership in the precious metals that was freely transferable, it went beyond the role of a broker/dealer in commodities to an administrator that was considered a MSB. 2. But are these rules working? Using fiat currency to acquire a cryptocurrency in an exchange (e.g., Coinbase or Kraken) presents an opportunity for money to enter the pseudo-anonymous environment of peer-to-peer transactions, which are difficult to trace. A recent study shows lax behavior at major exchanges is letting criminals gain access to the system. See https://www.marketwatch.com/story/most-major-cryptocurrency-exchanges-lack- sufficient-background-checks-research-report-says-2018-06-06 o Coinbase ranks high (9/10) in achieving security standards; Kraken ranks 7/10. o But several wallets and exchanges rank at only 2. Network systems can be measured by the strength of the weakest link. 3. State regulations may also apply. State level licensing and regulation may also be applicable. According to a recent news report, NY has now licensed eight firms for cryptocurrency. See Alexandra Semenova, More Virtual Currency Services Get Approval in New York , BNA E LECTRONIC C OMMERCE & L AW R EPORT (June 20, 2018). 4. Ransomware Payments. Access to cryptocurrency can sometimes be necessary even for major, legitimate purposes. For example, victims of ransomware attacks may require a store of cryptocurrency to pay off hackers who hold their business systems or data “hostage”. See generally Edward A. Morse & Ian Ramsey, Navigating the Perils of Ransomware , 72 B US . L AW . 287 (2016-17). Some consulting firms dealing with these issues maintain a store of cryptocurrency to pay off hackers, which may be cheaper than the alternative of trying to restore data encrypted by malefactors. But note: since the identity and location of the payee may not be known, each payment presents a risk of violating sanction restrictions and financing terrorism.

22