Cryptocurrency | Exchange Compliance

Exchange Compliance Attorney


Questions? Comments?

Let Us Know How We Can Help You.

What is exchange compliance?

A cryptocurrency exchange is the digital platforms in which both buying and selling of different cryptocurrencies (e.g., Bitcoin, Ethereum, Litecoin) is available. When deposits, withdrawals, or purchases of cryptocurrencies are made with fiat money within an exchange, that exchange can define its own set of operations. Since there is no regulated set of crypto exchange operations, some crypto exchanges follow exchange compliances to help mitigate the risk of fraudulent behavior. Examples of such compliances include but are not limited to Know Your Customer (KYC) for customer onboarding, Anti-Money Laundering (AML) for controls, identity verification as a security feature, and Strong Customer Authentication (SCA) as multi-factor authentication access for security purposes. Not every exchange has adopted such compliances, but these compliances are trending as a form of cyber security to protect digital investments.

Fraud prevention aside, exchanges also need to be compliant with the Internal Revenue System (IRS). The majority of crypto exchanges are required to track and report transactions to the IRS. And exchanges can report this information without approval from consumers. This is a tracking system for the IRS to gain insight into the taxes a citizen may owe on their personal cryptocurrency gains.

The assumption from most crypto investors is that cryptocurrency is untraceable, and their investments can remain anonymous. This is not true. With support from other agencies like INTERPOL and Europol, the IRS is becoming more advanced at globally tracing the transactions of digital currencies. For more information on how exchanges and cryptocurrency investors can comply with the IRS, visit our Cryptocurrency Tax Compliance page.

Exchange Compliance Cyber Security Examples

As cryptocurrency gains in popularity so do the opportunities for money laundering and covertly funding terrorism. In the past few years there have been billions of dollars laundered through cryptocurrency exchanges and cross-border funding of terrorist organizations. In order to prevent money laundering and implement strong fraud prevention configurations, some exchanges are implementing cyber security measures listed below.

1Know Your Customer (KYC)
This is the process a business can take in identifying and verifying a new customer when onboarding them to a new account. The main objectives of KYC are identifying the customer, verifying what is provided is not a false identity, understand the intentions of the customer’s financial activities, and monitor customer transactions to manage risk. Crypto exchanges that classify as fiat-to-crypto transactions have begun to adopt KYC as they work with traditional currency and conduct business with traditional financial institutions like banks, which are already subject to KYC standards and will generally only do business with entities that follow KYC procedures. Well known fiat-to-crypto exchanges that have adopted KYC are Bitfinex, Bitstamp, Bittrex, Coinbase, Gemini, Kraken, and OKEx. On the other hand, exchanges that are primarily crypto-to-crypto are slower to adopt KYC as they do not necessarily have to conduct business using fiat currency or work with traditional financial institutions. Popular crypto-to-crypto exchanges that have some KYC depending on the volume of crypto exchanged are Bibox, Huobi, and OKEx.
2Anti-Money Laundering (AML)
Anti-Money Laundering are the laws and controls in place that are intended to prevent criminals from disguising illegally acquired money as legitimate income. Under AML, financial businesses are required to monitor customer transactions and report any suspicious activity. Suspicious activity can include trade in illegal goods, tax evasion, market manipulation, misappropriated funds, and other financial criminal doings.
3Identity Verification or Electronic Identity Verification (eIDV)
Some exchanges have implemented identity verification features like providing a valid driver’s license as a layer of security.
4Strong Customer Authentication (SCA)
Strong Customer Authentication is a requirement by the EU to conduct multi-factor authentication access to prevent fraud on financial transactions.

Certain government agencies have begun to place regulations on cryptocurrency exchanges. For example the Financial Crimes Enforcement Network (FinCen), the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC) are now defining cryptocurrency exchanges as money service businesses (MSBs) that are subject to the Bank Secrecy Act (BSA). The BSA defined by the Office of the Comptroller of Currency (OCC) states, “The OCC prescribes regulations, conducts supervisory activities and, when necessary, takes enforcement actions to ensure that national banks have the necessary controls in place and provide the requisite notices to law enforcement to deter and detect money laundering, terrorist financing and other criminal acts and the misuse of our nation's financial institutions.” Under BSA guidelines certain exchanges are required to incorporate fraud prevention methods like AML protocols, maintain accurate recordkeeping on transactions, submit Suspicious Activity Reports (SAR) should suspicious activity be red flagged, as well as other necessary measures. If cryptocurrency exchanges that are required to follow the BSA willingly violate the BSA program, then those exchanges and the businesses and people who own and operate them can be subject to criminal fines and/or prison sentencing.

Exchange Compliance Registrations and Regulations

In some instances, cryptocurrency exchanges will be required to register with certain U.S. government entities if they meet specific guidelines. Some examples of government entities that exchanges may need to register and comply with are:

1Securities and Exchange Commission (SEC)
If a cryptocurrency exchange meets the definition of a security, then it is subject to SEC registration and regulations. SEC regulations of cryptocurrency exchanges can help protect investors and prevent market manipulation.
2Financial Crimes Enforcement Network (FinCEN)
The U.S. Treasury Department’s FinCEN identifies businesses buying and selling cryptocurrency to consumers or transferring crypto on behalf of customers to financial businesses are required a registration with FinCEN, incorporate KYC, and maintain AML compliance. The purpose of such registrations and compliances is not only to protect investors but to also ensure that transactions executed on an exchange do not fund illegal activity (e.g., money laundering) or terrorism. Because exchanges can work globally and are decentralized (not regulated by a governing body) then terrorists have found ways to leverage exchanges to fund terrorist activities with cross-border transactions through an exchange.
3Combating the Financing of Terrorism (CFT)
Combating the Financing of Terrorism (CFT) (also known as Counterfinancing of Terrorism) is a task force set up to establish government laws, regulations, and guidelines on how to restrict funding to support terrorist groups or activities. This funding is closely linked to money laundering and having AML and KYC protocols in place will support CFT. The Financial Action Task Force (FATF) is a CFT task force comprised of 35 counties that work together to share data and create policies to prevent terrorism.
4Internal Revenue System (IRS)
Most exchanges are required to report cryptocurrency transactions made. Exchanges will also send crypto investors Form 1099-K or Form 1099-B so that consumers can appropriately report crypto gains for tax purposes.
5State specific regulations may apply.

Why do I need legal guidance on exchange compliances?

Regulations on exchange compliance in relation to cyber security and anti-money laundering are continuing to evolve. More and more crypto exchanges are trending to voluntarily include fraud prevention processes. If your business runs a cryptocurrency exchange or you interact with a cryptocurrency exchange, particularly a fiat-to-crypto exchange, you want to protect your earnings and yourself from financial crime. At Blake Harris Law, we provide legal advice on how to either secure your cryptocurrency exchange business or your crypto assets in an exchange from potential financial crime as well as address the issue should you seek legal support in the instance of fraud.

Additionally, the intricacies of exchange and cryptocurrency compliances with the IRS are not to be taken lightly. In most instances exchanges are required to record and report financial crypto transactions to the IRS and consumers for tax purposes. Failure to comply can end up in legal action and hefty fines. For more information about how and what to report to the IRS, visit our cryptocurrency tax compliance page.

Glossary of Important Terms

Here are some important terms to learn when it comes to exchange compliance:

1Security
Securities are financial instruments used to raise funds for public and private businesses. Securities can come in the form of equity, debt (e.g., loans), and hybrids (equity and debt).
2Exchange
A cryptocurrency exchange is the digital space in which both buying and selling operations of different digital currency is available.
3Money Laundering
Money laundering is an illegal process in which a criminal converts “dirty” money made from illegal activities, like selling drugs, and launders the money to make it “clean” so that it can be used through a legitimate business under the radar of authorities.

To find out how Blake Harris Law can help you with your exchange compliance, please call us at 833-ASK-BLAKE or contact us here.