FinCEN has made clear, in its latest fine against Ripple Labs, that even if an ‘exchange’ or ‘administrator’ fails to register at a Federal level for their activities, that they are still subject to requirements under the Bank Secrecy Act:
Both exchangers and administrators are MSBs that must register with FinCEN unless they fall within an exemption. And regardless of whether they have registered as required, MSBs are subject to certain additional requirements under the Bank Secrecy Act and its implementing regulations.
These requirements are as follows:
Under the Bank Secrecy Act, an MSB is required to implement an AML program that, at a minimum: (a) incorporates policies, procedures and internal controls reasonably designed to assure ongoing compliance; (b) designates an individual responsible for assuring day to day compliance with the program and Bank Secrecy Act requirements; (c) provides training for appropriate personnel including training in the detection of suspicious transactions; and (d) provides for independent review to monitor and maintain an adequate program. 31 C.F.R. §§ 1022.210(d).
Plus a requirement for suspicious activity reporting:
Further, an MSB must report transactions that the MSB “knows, suspects, or has
reason to suspect” are suspicious, if the transaction is conducted or attempted by, at,
or through the MSB, and the transaction involves or aggregates to at least $2,000.00
in funds or other assets. 31 C.F.R. § 1022.320(a)(2).