Despite all of the hype around the rise of virtual currencies, banks have been conspicuously cautious in their approach, including their handling of potential customer involvement in the space. This is a smart approach.
Large U.S. and U.K. banks have barred credit cardholders from using bank-issued plastic to purchase cryptocurrencies. Some banks have refused to process international wire transfers relating to cryptocurrency transactions. A number have either declined to clear trades in bitcoin futures trading on U.S. exchanges or significantly limited the circumstances for doing so, including the customers for which they’ll clear trades. And many businesses in this space have found it difficult to establish traditional banking relationships.
This cautious approach is sensible; banks have reasonable apprehensions that credit and reputational risk is amplified when dealing with cryptocurrencies and their derivatives. For example, card issuers are concerned that unsophisticated and/or insolvent customers might use their cards to finance purchases of unregulated and highly volatile products — sticking the issuers with significant losses if customers, having speculated unsuccessfully, are unable to pay their credit card debt. The use of stolen cards to buy cryptocurrencies exacerbates the risk. As for bitcoin futures introduced by the CME and Cboe in recent months, trading in those derivatives have been subject to wide — at times extreme — price volatility, making clearing difficult and risky. Some observers, moreover, consider bitcoin futures to be subject to significant manipulation risks — concerns have been raised, for example, as to how the underlying reference rates are determined.
In addition to credit and reputational risk, banks have regulatory and litigation concerns related to customers’ transactions in cryptocurrencies and derivatives. A cautious approach serves to mitigate these risks, particularly in regard to anti-money laundering requirements. Fincen and other regulators have warned that pseudonymous cryptocurrency transactions can be abused to launder money or finance terrorism. In response, some commentators have pointed out that the blockchain technology behind bitcoin actually provides for increased visibility into transaction activity. Nevertheless, those seeking to impede the tracing of illicit flows of funds and the identification of responsible individuals can deploy technology to obscure or anonymize transaction data relating to virtual currencies. And even where transaction activity is completely observable, such as on a public blockchain, it does not solve the problem of anonymous/pseudonymous actors performing these transactions. Moreover, recent enforcement actions, such as the criminal and civil penalties jointly imposed against virtual currency exchange BTC-e in July 2017 by DOJ and Fincen, underscore that law enforcement has prioritized alleged money laundering involving virtual currencies.
Given this activity, financial institutions may be concerned about being able to comply with know-your-customer requirements and other obligations under the Bank Secrecy Act with regard to virtual currency transactions. In its 10-K filing for 2017, Bank of America noted that the use of cryptocurrencies “could limit our ability to track the movement of funds.” Monitoring such transactions for compliance with various sanctions regimes is also challenging; in fact, the Treasury Department’s Office of Foreign Assets Control recently issued FAQs/guidance on virtual currency, emphasizing that OFAC compliance obligations are the same whether the transaction is in fiat or virtual currency. If banks choose to engage in this space, they must, at a minimum, employ enhanced due diligence.
But the legal risk associated with cryptocurrency is not limited to AML and sanctions exposure. In a series of enforcement proceedings since 2015, the Commodity Futures Trading Commission has asserted that virtual currencies are “commodities” within the meaning of the Commodity Exchange Act and therefore subject to the CFTC’s enforcement authority. This proposition is not self-evident from reading the statutory definition, but a federal district judge,
In addition, the CEA prohibits aiding and abetting commodity fraud or manipulation. The statute creates a private right of action against alleged “aiders and abetters.” In recent years, aggressive plaintiffs’ lawyers have relied on this provision to launch civil claims (often in class actions) against financial institutions in connection with various types of alleged fraud and manipulation. It remains to be seen whether the plaintiffs’ bar will attempt to pin aiding and abetting liability on financial institutions for arguably facilitating customers’ wrongdoing involving cryptocurrencies or derivatives — such as by processing wire transfers or clearing futures trades — although such claims would seem difficult to sustain. Nevertheless, banks obviously remain attractive litigation targets and the risk of at least incurring significant costs to defend such claims cannot be discounted.
The bottom line is that cryptocurrencies and their derivatives have the potential to visit ample regulatory and litigation risks on banks. At least at this relatively early stage in the development of these financial products — and the evolving regulatory landscape surrounding them — financial institutions appear to be justified in proceeding cautiously.