Fincen Fines Ripple Labs Over AML, Says Firm 'Enhancing' Protocol

The digital currency firm Ripple Labs just made history — but not the kind it's been hoping for.

U.S. authorities have fined the San Francisco startup $700,000 over violations of the Bank Secrecy Act, according to the Financial Crimes Enforcement Network's Tuesday press release. The settlement makes Ripple Labs the first virtual currency exchanger to face a civil enforcement action.

The action surprised digital currency experts and comes as a blow for the company, which has positioned itself as one of the most establishment-friendly firms in the field since it was founded in 2013. Two U.S. banks have signed up to use Ripple Labs' money settlement platform for cross-border transactions, and the Federal Reserve appeared to give the company's Internet protocol a veiled hat-tip in a recent paper on the future of the U.S. payments system. Ripple Labs has reportedly raised more than $33.5 million of venture capital, and CEO Chris Larsen is fond of saying, "We are builders, not disruptors" and touting the company's compliance program and eagerness to work with financial institutions.

But according to Fincen, in its early days Ripple Labs functioned as an unregistered money service business and neglected to comply with anti-money laundering regulations. The civil money penalty against Ripple Labs and its subsidiary, XRP Fund II, was jointly issued by Fincen and the U.S. Attorney's Office for the Northern District of California.

"Virtual currency exchangers must bring products to market that comply with our anti-money-laundering laws," Fincen director Jennifer Shasky Calvery said in a press release. "Innovation is laudable but only as long as it does not unreasonably expose our financial system to tech-smart criminals eager to abuse the latest and most complex products."

Monica Long, a spokeswoman for Ripple Labs, reiterated the company's focus on regulatory compliance Tuesday.

"An early company in an emerging, undefined fintech category, Ripple Labs was one of the first to proactively build out a compliance and risk program," Long said in a statement, pointing out that since January 2014 the company has hired a chief compliance officer, general counsel and BSA officer and continued to flesh out its AML program. "We’ve been consistent in our message of supporting a compliant and healthy Ripple ecosystem. We have not willfully engaged in criminal activity, nor has the company been prosecuted."

Ripple Labs' regulatory problems began when Fincen released guidance requiring firms that sell or exchange digital currency to register as MSBs in March 2013. All MSBs are subject to anti-laundering rules. Authorities allege that Ripple continued to sell its "native" virtual currency, known as XRP, for months after the guidance was issued without proper registration and without putting an AML program in place. Ripple Labs created a subsidiary, XRP II, to sell the currency in July 2013 and registered it as an MSB in September of that year, but neglected to establish sufficient AML protections, according to Fincen.

The settlement also cites XRP II for failing to report suspicious transactions, including processing a $250,000 transfer of virtual currency while waiving know-your-customer requirements for a Ripple Labs investor. The investor, Roger Ver had pleaded guilty to selling explosives on eBay in May 2002. (Ver, who could not immediately be reached for comment, has said that his prosecution more than 13 years ago was retaliation for political speech and that the product he was selling on Ebay was "basically a firecracker used by farmers to scare deer and birds away" and sold at Cabelas.)

As part of the settlement, Ripple Labs and XRP II have agreed to take measures to improve AML compliance, including limiting XRP transactions to registered money service businesses and hiring independent auditors to review the companies' BSA compliance every two years through 2020.

Ripple Labs will also make "enhancements" to its payment protocol that will allow the company "to appropriately monitor all future transactions," according to Fincen. This may come as worrisome news for Bitcoin entrepreneurs who have argued that regulation of their ecosystem should apply to companies on the edges of the network but not the software protocol. The meaning of the passage was parsed heavily on Twitter Tuesday evening. However, a spokesman for Ripple Labs said the company is simply "using publicly available data to monitor transactions across the Ripple network only to flag unusual activity."

Digital currency businesses have also argued that early-stage startups should have an "on-ramp" exempting them from some regulatory requirements until they achieve a certain scale, as long as they take certain steps to comply.

For reprint and licensing requests for this article, click here.
Bank technology Compliance Law and regulation KYC AML
MORE FROM AMERICAN BANKER