Transferring money between friends can be a big hassle, and a number of startups are seeking to offer new peer-to-peer money transfer options. However, given the fungibility of money and increasing concern with terrorist financing, money laundering and fraud, there are a number of regulatory requirements to be aware of.
Companies in the peer-to-peer money transfer industry are generally referred to as “money transmitters.” Federally, money transmission is defined as “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” This does not include a company that sells a product or provides a service and accepts money electronically; rather, it applies to the business of facilitating funds transfers from one customer to another customer. PayPal, Venmo, Western Union, and MoneyGram are some common examples.
First, a money transmitter must comply with state regulations in every state in which it does business – not just the state in which it is organized. In Michigan, for example, this would entail compliance with the Money Transmission Services Act (“MTSA”), which requires registration and licensing with the Department of Insurance and Financial Services (“DIFS”). Among other requirements, the MTSA requires that a money transmitter: (a) have a net worth of $100,000 or more, depending on number of locations (§487.1013(1)); (b) have a surety bond of at least $500,000(§487.1013(5)); and (c) submit a list of all criminal convictions, material litigation and bankruptcy events for each control person of the money transmitter (§ 487.1012(2)). Money transmitters must pay a $600 investigation fee upon application, plus a $2,500 base license fee, plus an annual license fee set by the DIFS. Requirements in other states may vary from Michigan’s.
Second, on a federal level, a money transmitter falls under the broader heading of a money service business (“MSB”), which also includes currency exchange, check cashing, traveler’s checks, money orders, and stored value/prepaid cards. All MSBs must comply with the Bank Secrecy Act (“BSA”), which is designed to prevent and detect money laundering and terrorist financing. The Financial Crimes Enforcement Network (“FinCEN”) is the federal regulatory agency primarily responsible for BSA compliance.
Under the BSA and related regulations, MSBs must register with FinCEN. This registration is a bit different than state-level registration; the FinCEN registration is meant to enable MSBs to electronically file certain reports required under the BSA. MSBs must file currency transaction reports (“CTR”) with FinCEN for any transaction that involves more than $10,000 in currency. This does not apply to money transfers conducted entirely electronically; it only applies to transactions in which more than $10,000 in physical currency is deposited, withdrawn or exchanged.
The next type of report, a Suspicious Activity Report (“SAR”) is more applicable than CTRs to online money transmitters. A SAR must be filed with FinCEN if a single transaction (or related series of transactions) appears ‘suspicious’ and equals $2,000 or more. A transaction is ‘suspicious’ if it appears to: involve funds derived from or in furtherance of illegal activity; be structured to evade reporting requirements (i.e. the $10,000 CTR threshold); or serve no apparent business or lawful purposes. An MSB is required to maintain a copy of every SAR filed and the accompanying supporting documentation for a period of five years after filing. MSBs should also keep records of investigations that do not culminate in a SAR filing in order to demonstrate an effective SAR program.
In addition to SAR-specific recordkeeping, the BSA outlines a number of other recordkeeping requirements, both for recording transactions and identifying customers. Notably, if the customer (sender or recipient) is not an established customer, then for every transaction, an MSB is required to obtain an identification number (i.e. social security number, alien identification number, passport number) or to record a lack thereof; for in-person transactions, the MSB must also verify the customer’s identity by checking a government-issued identification card. If the customer is an “established customer” then the MSB need not verify this information for each transaction; however, the definition of established customer requires that customer information – including a social security number (or similar identification) – be kept on file. ‘Know Your Customer’ (KYC) best practices include verification of customer information at the time of account opening – either by documentary methods (i.e. review of government document) or non-documentary methods (i.e. checking a customer’s Social Security Number against credit reporting agency records); however, an MSB is not explicitly required to verify customer information under the BSA regulations.
Finally, MSBs are required to implement a process to receive, process, and respond to law enforcement requests for information. Under Section 314(a) of the Patriot Act, certain law enforcement agencies may request information through FinCEN from financial institutions regarding customers or transactions reasonably suspected of involvement in money laundering activities. An MSB must designate a point person to receive such requests, provide that person’s contact information to FinCEN, and ensure that requests are handled in a timely manner.