Crypto and Compliance | Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Download PDF

A digital asset trust company entered into a consent order with the Office of the Comptroller of the Currency (“OCC”) on Thursday for failing to have the appropriate anti-money laundering and Bank Secrecy Act compliance protocols in place.

Anchorage Digital Bank, N.A. (“Anchorage”) neither admitted nor denied the findings in the consent order but has announced that it is in the process of taking the actions necessary to comply.

The specific OCC findings include that “As of 2021, the Bank failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.”

A key component of Anchorage’s compliance requirements is that it must form an AML/BSA committee within 15 days. A majority of that committee has to be comprised of non-Anchorage employees. Establishing a compliance committee from the initiation of any project managing digital assets is a critical first step in creating a culture of compliance and carrying out regulatory requirements. As Anchorage was ordered, these committees are most effective when primarily filled with non-decision makers within the company.

As one of the few OCC-chartered digital asset trust companies, the OCC’s jurisdiction and the applicable federal regulations over Anchorage was not an issue. As the Biden administration and other federal agencies grapple with what appears to be imminent crypto regulation, however, compliance for non-chartered crypto companies remains an exercise in piecing together best practices from other regulated areas. Startups and established crypto trading companies need to be sure they have the proper internal compliance controls in place.