During a crowded session at the Bitcoin 2013 show in San Jose today, a panel of businesspeople and attorneys addressed the knotty challenges faced by bitcoin businesses trying to comply with regulatory guidance.
It's an issue that was lent new urgency this past week with the US government's seizure of assets connected with a subsidiary of Mt. Gox, the world's largest bitcoin exchange.
Bitcoin businesses have also been treading carefully in the wake of new guidance recently issued by the US Financial Crimes Enforcement Network (FinCEN), which spells out registration and reporting requirements for money services businesses (MSBs) using virtual currencies. Several bitcoin exchange closures have been linked to the guidance.
Bitcoin companies need to take regulations seriously and be aware they must comply from the first transaction they undertake, warned panel member J. Dax Hansen, a Seattle attorney with the law firm of Perkins Coie who specializes in payments, technology and international business.
"These laws ... have civil penalties and criminal liability attached to them," Hansen noted. "If you get it wrong, the stakes are very high and it's critical to figure out what your model is and make sure that you have your ducks in a row."
Hansen advises companies that aren't sure about anything to submit all questions in writing to FinCen.
"If you send them in, I think FinCEN has indicated that they're willing to figure out what the right answers are," he said.
Ryan Straus, an attorney who founded a specialist payments team at the Seattle law firm of Graham & Dunn, noted that, in the US, financial regulations have a different focus at the federal and the state level.
"The federal government's worried about money transmission, about money laundering, anti-money laundering and terrorism financing ..., Straus said. "On the state side, we're primarily concerned about consumer protection."
On that front, the finality of bitcoin transactions -- as opposed to credit-card payments where unhappy customers can request chargebacks -- can be a thorny issue.
"Finality is a hard thing to sell from a consumer protection standpoint," Straus said, adding that state regulations can be tough. "I have yet to find a state that is more lenient than the federal government."
Hansen agreed.
"The states are the problem," Hansen said. "The federal regime is manageable. You register ..., you keep records, you file suspicious activity reports."
Meeting "know-your-customer" requirements can be especially difficult when dealing with bitcoins. And Hansen questions whether all bitcoin activities are actually money transferring and subject to those regulations.
"Banks are not subject to state money transmitter laws," he said. "You can talk about partnering with someone who has licenses in all the relevant states, or is exempt from these laws, and is willing to provide the services."
One audience member asked whether bitcoin businesses could obtain provisional licensing while working toward full compliance with financial regulations.
"There is no interim licensing," Straus said. "The barrier to entry is a hard issue to absorb for money transmitters ... The alternative is to be a bank or other financial institution, and that's really expensive."
Fulfilling all the necessary requirements can also be time-consuming, said Claire Sammon Roberts, senior vice president of operations and risk management for San Francisco-based ZipZap, which enables online cash transactions.
"Prior to ZipZap and another company I worked for, we got money transmitter licenses in all states," Roberts said. "It took 18 months" ... and that was with a team of people working on it full time.
"I had to be available whenever a regulator wanted to ask me questions," she said. "A couple didn't want to give us licenses until they actually saw me ... so I went to visit them in their respective states."
Taking the time to make sure everything is done right, though, is critical, noted Ryan Singer, president and chief operating officer of the US-based bitcoin exchange platform Tradehill.
"You don't want to get denied, because if you get denied by one, you have to go back and report to everyone that you got denied by someone and that's an ugly place to be," Singer said.
Like it or not, bitcoin-based businesses will face special regulatory and legal challenges.
"I feel a little bit like the undertaker at a birthday party," siad Brian Klein, partner at the law firm Baker Marquart and a former federal prosecutor. "I can feel the enthusiasm for Bitcoin and what's happening here, and when you start putting lawyers on panels, it's like brakes on a car."
Klein continued, "Just by its very nature, Bitcoin is going to get a lot of scrutiny."
He pointed to last week's US actions against Mt. Gox and said the possibility of criminal prosecutions is more a matter of "when" rather than "if".
"If you look at what the basis for those warrants are, it was lying on bank forms," Klein said. "You can't lie on bank forms, that's a federal crime."
Straus asked how a company should respond on a form when it's not sure if it qualifies as a "money transmitter". Klein advised having the company lawyer write a letter explaining exactly why the company did or didn't check that box on the form.
"You can't just hide behind the attorneys," Klein said. "It's important to operate in good faith and be honest."
That's especially true when you consider the federal prosecutors' point of view, Klein noted, which is "Bitcoin's being used by drug lords, it's being used to launder money, it's being used by terrorist organizations. We can't trace this, we're suspicious. When you're under that level of scrutiny you need to be really careful."
Straus asked whether that meant a bitcoin transaction is inherently suspicious.
"I don't know that inherently it meets that suspicious definition," Klein said, "but there's a lot of red flags out there."
While an oft-cited advantage of bitcoin transactions is the privacy they enable, bitcoin businesses still have an obligation to know certain things about their customers. Businesses outside the US, for example, must comply with US regulations if they have US-based customers.
"You need to collect an address or a country" when a customer signs up, Hansen said. "If you're internationally based and don't want to deal with US laws, don't deal with U.S. customers."
Roberts agreed.
"If the money's coming to or from the United States, you shouldn't try to pretend that you don't have to abide by the law of the United States," she said. "We've used IP blocking, identifying verification schemes, and all those kinds of things to verify that we know where our customers are and where they're coming from."
"Just being offshore isn't going to make you safe from the law," Klein added. "When I was a prosecutor we would reach out and get people from all over the world. There's all sorts of extradition treaties ... "