FinCEN regulation of Unhosted Wallets

The Financial Crimes Enforcement Network (FinCEN) issued a notice titled “Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets” to seek public comments on a proposed rulemaking which would place an obligation on banks and money service businesses (MSBs) to submit reports, keep records, and verify the identity of customers in relation to transactions involving convertible virtual currency (CVC) or legal tender digital assets (LTDA). FinCEN has given the public 15 days to provide their comments on the proposed rule. FinCEN also proposes to establish a Foreign Jurisdictions List which includes countries with heightened AML risk which can also be expanded to include countries that have deficient regulatory frameworks. This article will also talk about the impacts of this List on other countries like India. 


The objective of this rule is to alleviate the risk of the increasing usage of CVC to facilitate international terrorist financing, weapons proliferation, sanctions evasion, and transnational money laundering. It also places reporting and recordkeeping obligations on banks and MSBs on transactions between customers of hosted and unhosted wallets.

Major Provisions

Tablet Monitor Display Conditions  - geralt / Pixabay
geralt / Pixabay
  • The rule proposes to make amendments to the Bank Secrecy Act to add a new section that identifies CVC and LTDA as “monetary instruments”. The new provision at 31 CFR 1010.316(a) includes a determination that CVC and LTDA are “monetary instruments” for the purposes of 31 U.S.C. 5313 and is not intended to impact the regulatory definition of “monetary instruments” at 31 CFR 1010.100(dd). It primarily added requirements to report transactions between a bank or MSBs hosted wallet and an unhosted wallet. The transaction reporting requirement would require banks to file a report similar to CTR for the transaction between their customers’ CVC or LTDA hosted and unhosted (covered) wallets, either as senders or recipient and would also apply if the user unhosted wallet is the customer for which the financial institution holds a hosted wallet.
  • Similar to the CTR reporting requirement, this proposed rule would require reporting of transactions in CVC or LTDA that aggregate to greater than $10,000 in one day. The rule would be enforceable on CVC and LTDA transaction reporting at a threshold of $10,000 in value and would treat multiple CVC and LTDA transactions as a single transaction if the bank or MSB has knowledge that they are by or on behalf of any person and result in value in or value out of CVC or LTDA above the threshold of $10,000 during a 24-hour period. The banks and MSBs will also follow risk-based procedures to determine whether to obtain additional information about their customer’s counterparties or take steps to confirm the accuracy of counterparty information.
  • The reporting requirements are standard as per BSA. It also provides “anti-structuring” rules that prevent structuring transactions to evade CTR requirements. In order to make the proposed reporting requirement effective, it is necessary to ensure that parties engaged in structuring, to avoid the new reporting requirement, are subject to penalties.
Seniors Eventide Miniature Figures  - wir_sind_klein / Pixabay
wir_sind_klein / Pixabay
  • Banks and MSBs verify and keep records of their hosted wallet customers who engage in a transaction with unhosted or otherwise covered wallet counterparties. They would be expected to incorporate policies tailored to their respective business models should the bank or MSB be unable to obtain the required information, such as by terminating its customer’s account in appropriate circumstances. The reporting requirement filed must be retained for five years from the date of the report and there is a 15 days deadline to apply for a new report from the date of a reportable transaction.
  • Banks and MSBs would be required to keep records and verify the identity of their customers engaging in transactions involving the withdrawal, exchange or other payment or transfer with a value of more than $3,000, as determined by the bank or MSB based on the prevailing exchange rate at the time of the transaction. Transactions with a value of greater than $10,000 would be subject to both the reporting, recordkeeping, and verification requirements.
  • FinCEN is proposing to require electronic recordkeeping based on the fact that such recordkeeping is the practical way in which businesses engage in CVC or LTDA transactions are likely to track their data and the most efficient form in which data can be provided to law enforcement and national security authorities. The name and address of the customer, along with financial information, will be collected when transacting between an unhosted and hosted wallet. This information would not need to be retained in any particular manner, so long as the bank or MSB is able to retrieve the information.

Foreign Jurisdiction List 

FinCEN proposed to define otherwise covered wallets as those wallets that are held at a financial institution that is not subject to the BSA and is located in a foreign jurisdiction identified by FinCEN on a List of Foreign Jurisdictions. Initially, FinCEN proposed that this list would comprise all the jurisdictions that have primary money laundering concerns like Burma, Iran and North Korea. But now, FinCEN also identified that the Foreign Jurisdiction List could be expanded to include jurisdictions that are identified to have significant deficiencies in their regulation of CVC or LTDA. This could have a great implication on other countries. 

The reason FinCEN is including the transactions with wallets hosted in jurisdictions listed on the Foreign Jurisdictions List is because these jurisdictions do not have an effective anti-money laundering regime to prevent suspicious activity and monitor transactions with due diligence. There is a lack of intermediation that would apply a variety of controls that reduces finance risk. FinCEN anticipates that the number of transactions subject to reporting and recordkeeping related to otherwise covered wallets hosted by foreign financial institutions located in jurisdictions on the Foreign Jurisdictions List will be more complex to be included in the Travel Rule and thus had to be regulated. 

It exempts reporting those transactions that are between a filer’s hosted wallet customer and a counterparty hosted wallet at a financial institution that is either regulated under the BSA or located in a foreign jurisdiction that is not on the Foreign Jurisdictions List. In making a determination of the applicability of the exemption to a wallet hosted by a foreign financial institution, banks and MSBs would need to confirm that the foreign financial institution is not located in a jurisdiction on the Foreign Jurisdictions List, and would need to apply reasonable, risk-based, documented procedures to confirm that the foreign financial institution is complying with registration or similar requirements that apply to financial institutions in the foreign jurisdiction.

The rule about expanding the Foreign Jurisdiction List to include jurisdictions that are identified to have significant deficiencies in their regulation of CVC or LTDA might have an impact on countries like India which is at its nuanced stages in regulating hosted and unhosted wallets. FinCEN is also very ambiguous about what is included in the bracket of “significant deficiencies in the regulation” could prove fatal. Thus this proposed rule has a greater impact on other countries than anticipated even though its motive is to regulate transactions with the USA.

Leave us a comment telling us what you think! And keep on the lookout for our next blog post coming soon. 

Leave a Comment

Your email address will not be published. Required fields are marked *