While doing on-site visits we have come across one of our convenience stores that has a bitcoin machine in it. anyone have experience with this? Due to the nature of the business they are already high risk but is there something extra we need to be looking for as far as money laundering purposes.

That would be a business that I would not want to be involved with. Bitcoin is the poster child for money laundering because the transactions are generally only traceable to a wallet ID and never a person. I hope they aren't running those transactions through your bank. Either way, I would exit them, I want no part of bitcoin.

Is the business operating the machine or is it leasing space to an operator who pays a monthly fee? The risks of banking the customer are very different depending on the answer.

Seen it too, but in all cases the machine was owned by someone else paying the customer to put it there. Find out what the situation is.

We have recently been approached by a C-Store looking for a new bank...any guess why they are leaving their current bank? Sounds like they weren't given a choice. Owner currently sells bitcoin through an iPad app from DigitalMint. The store is asking as an agent for DigitalMint, takes the money in, obtains a picture of the ID of the purchaser, enters the sale through the app, deposits the cash into the bank and later the account is settled / debited by DigitalMint for the purchases. We said NO WAY for banking this practice. Total purchase amounts were 25% of the stores monthly sales / cash coming in.

Prospect said he was willing to look at the Bitcoin machine DM offers. DM provided us with their "compliance" package how that are responsible for all BSA/AML requirements. They provided specifically what they handle. We still had a lot of questions. Based on what I was reading I presumed they did everything in terms of transactions, that our customer would own/lease the machine and receive a kick-back for having it in the store.

I am being told by DM that they do everything EXCEPT empty the machine. Our customer would still need to empty the machine and deposit the money here - which would also require CTR filings given the amounts of their current deposits ( I requested 3 months worth of current bank statements so I could see volumes).

Management initially said no to bitcoin but of course banker went back and said "Well there is a machine that can do everything." Writing a response to management today on the risks so someone can make a decision. I know there needs to be a outlet for bitcoin sales, exchanges, etc but given the limited resources and risk in this space, it is difficult for a community bank.

Not asking for help. Just happened to see this post and wanted to comment.

I would need more information to get into the details but perhaps I would suggest that the fees you charge this customer cover the full cost of an additional FTE for the compliance team.

That was my thought as well.

I'll refer you to FinCEN's Guidance "Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies" (FIN-2019-G001) pgs. 17-18. CVC kiosk owner-operators are money transmitters; however, places like convenience stores are typically acting as agents of them.

You'll need to start by determining the business model. Does the c-store intend to settle their activity through your Bank; or, will that occur elsewhere? The latter is the lower risk scenario (for your Institution).

In a way, the nature of CVC kiosk risks are comparable to banking "traditional" money transmittal (e.g. Western Union) agents. There will be both federal and state registrations you'll need to confirm, contracts you'll need to obtain, and of course you'll need to confirm that the principal (kiosk owner).

However, there are some key differences. For starters, I've observed plenty of Institutions with transmittal agent customers for whom they have not performed "full" EDD when they settle the activity elsewhere and had no issues with examiners. In other words, when the agents don't bank their risky activity with you, it's an acceptable practice - at least from what I've seen - to "flag" their agent status but not perform any additional EDD (e.g. obtaining contracts, principal BSA/AML Program, etc.). With CVC transmittal agents, I would not advise that approach, as it's such a "hot" risk area.

Furthermore, in my opinion, the risk assessing and monitoring expectations for CVC agents are higher. To put it simply, you need to do more to assess the principal and monitor the activity. Here are some items you'll need to consider:

- Coin Offerings: While Bitcoin gets all the news, it's arguably the least risky VC from a BSA/AML perspective, because it's pseudonymous. With BSA/AML regulations now clearly in place and the public ledger system, boutique monitoring systems used by VC exchanges can "map" Bitcoin addresses to entities and people. The riskier coins, likely getting more popular on the Darknet these days, are private or anonymizing coins like Monero.

In short, your decision to bank/not bank should account for the risk of the VC's based on the level of anonymity they provide.

- BSA/AML Program: You should not just do the typical collection of a boilerplate BSA/AML Policy. See if you can obtain the resumes of compliance leaders and actually *talk* to their BSA Officer.

- Principal's Monitoring: See if the principal is willing to give you a walkthrough of their AML System (assuming they have one). Focus on what scenarios they have in place to "map" bad actors to addresses and detect patterns indicative of mixing/tumbling.

- 314(b): Register for 314(b) and confirm that the principal is as well. Periodically, submit a general inquiry about the agent (your customer).

- Your Transaction Monitoring: You'll need to build this around how the agent settles the activity with the principal. If the activity runs through your Institution, you should set up one or more segregated accounts for it. Potentially, you may need one account for outgoing transmittals and another for incoming transmittals redeemed as cash. Either way, you should ensure you understand exactly how this works and assess the potential to either introduce illicit cash or take out illicit funds from the VC world as cash. Although many transactions will be folks using cash to buy/send Bitcoin, there also may be a potential for the store to try and introduce dirty cash themselves by funding the CVC kiosk with their own illegal cash source, which folks will then unwittingly withdraw and help them "clean", similar to private ATMs.

In addition, you should request that the c-store or kiosk owner (ideally) provide you with activity reports, so you can identify red flags like a high volume of kiosk customers sending funds to the same address. See FIN-2019-A003 for more red flags.

That should at least get you started, but I'm sure you'll run into more questions/concerns as you go along!