1. CVC/LTDA Transaction Recordkeeping Rule
   
   In addition to the CVC/LTDA Transaction Reports, FinCEN proposes a new requirement that banks and MSBs verify and record the identity of a hosted wallet customer that engages in a withdrawal, exchange, payment, or transfer of CVC or LTDA by, through, or to the bank or MSB with a value greater than $3,000 if such transaction takes place with an unhosted wallet or Otherwise Covered Wallet. Banks and MSBs would be required to collect both the name and physical address for the counterparties to the transaction(s), as well as any additional information the Secretary of the Treasury may prescribe for CVC/LTDA Transaction Reports. 
   
   To calculate the $3,000 value, banks and MSBs would be required to use the Prevailing Exchange Rate at the time of the transaction, consistent with the CVC/LTDA Transaction Reporting requirement; however, no aggregation requirement would apply.
   
   The Proposed Rule would mandate that CVC/LTDA transaction records be maintained electronically, and retrievable by customer name, customer account number, or counterparty name. 
2. Procedural Requirements
   
   Similar to CTRs, the Proposed Rule would require CVC/LTDA Transaction Reports be filed with FinCEN, unless otherwise specified, on a form  prescribed by the Secretary of Treasury. Forms must be filed within 15 days of the date of the reportable transaction, and retained by the financial institution for five years.  Anti-structuring prohibitions for CVC and LTDA reporting would also align to similar provisions for CTRs. 
3. Specific Identification and Verification Requirements
   
   FinCEN indicates that when it is the originating financial institution for a reportable CVC or LTDA transaction, the bank or MSB should not complete the transaction until verification of their hosted wallet customer is complete. When the bank or MSB is the receiving financial institution, verification should be completed “as soon as practicable.”  If the financial institution has knowledge that the person accessing the account is not its customer, it is required to also verify that person. Neither the Proposed Rule nor the accompanying FAQ clarify expectations regarding what FinCEN anticipates is “practicable,” or the likelihood of being able to conduct a verification exercise after the transaction has been posted. Banks and MSBs may therefore decide to verify their hosted wallet customers before any transactions can be completed.
    
   The Proposed Rule specifies the data to be obtained and verified as follows:
   
   a. CVC/LTDA Transaction Report Requirements 
   
   Banks and MSBs must:

• Verify and record name and address of the person presenting the transaction.
• Record the identity, account number, Social Security or taxpayer identification number, if any, of any person or entity on whose behalf such transaction is to be effected.
  
  FinCEN specifies that verification of non-US residents or aliens must be conducted from a passport, alien identification card, or similar official document indicating the bearer’s nationality or residence. For US persons, the bank or MSB should review verification documentation similar to that which is “normally acceptable within the banking community as a means of identification when cashing checks for non-depositors,” but cautions that a bank signature card may be relied upon only if it contains the specific information from the identity document that was examined prior to issuing the signature card. In each instance, the specific identifying information used to verify identity must be included on the CVC/LTDA Transaction Report.
  
  b. CVC/LTDA Transaction Recordkeeping Requirements 
  
  For each qualifying CVC/LTDA Transaction record, the bank or MSB must record:
• Name and address of the financial institution’s customer, as well as any form relating to the transaction that is completed or signed by the financial institution’s customer.
• Type, amount, and value of convertible virtual currency or legal tender digital assets used in the transaction, as well as the time of the transaction.
• Any payment instructions received from the financial institution’s customer.
• Name and physical address of each counterparty to the transaction, as well as other counterparty information the secretary may prescribe as mandatory on the CVC/LTDA Transaction Report.
•  Any other information that uniquely identifies the transaction, the accounts, and, to the extent reasonably available, the parties involved.

1. Policy and Procedure Amendments

   In addition to documenting the proposed method for determining the Prevailing Exchange Rate, the Proposed Rule would require banks and MSBs to assess the risks of the reportable CVC or LTDA transactions and develop risk-based identity verification procedures that the bank or MSB is able “to form a reasonable belief that it knows the true identity of its customer.”  Banks and MSBs would be required to amend their current policies to incorporate provisions for when the financial institution is unable to obtain the required information, similar to the Customer Identification Program rule. FinCEN expects that, as part of their existing BSA/AML Program, banks and MSBs take a risk-based approach to ascertain when it is necessary to collect additional information or confirmation on a customer’s counterparty, and implies such procedures should likewise be applied to CVC/LTDA transactions without amendment.
   
   Banks and MSBs would also need to develop procedures for identifying whether a CVC/LTDA transaction is going to or coming from an unhosted or Otherwise Covered Wallet. Furthermore, FinCEN would require that the bank or MSB have documented procedures to confirm that, for a transaction coming from a FFI, such institution is in compliance with local registration or similar requirements. 

FinCEN's Request for Comments

FinCEN requests comments on several components of the Proposed Rule.

A. Costs and Estimated Burden
FinCEN asks responders to comment on the costs of implementation, and its estimates of the burden on the financial industry in relation to the benefit the new requirements would have to law  enforcement. FinCEN also asks commenters to consider the costs of alternatives dismissed by FinCEN, such as whether all hosted wallets should be included, thresholds should be lowered, or  modifications should be made to the data that banks and MSBs must collect.

B. Implementation Challenges
FinCEN further seeks comment on the clarity of the Proposed Rule, and whether technological requirements, such as creating and maintaining electronic records as proposed in the NPRM, are  reasonable.

C. Scope of the Proposed Rule
Lastly, FinCEN asks commenters to opine on whether the scope of the Proposed Rule is appropriate. For example, FinCEN wants to know whether the proposal should be expanded beyond  banks and MSBs to include other financial institutions such as broker dealers, whether the Proposed Rule appropriately balances the benefits of the reporting requirements to law enforcement  with consumer privacy goals, and whether the anti-structuring provisions are necessary. FinCEN also wants to know whether the scope of the data banks and MSBs must collect should be  expanded and whether it is considering the right process and initial list for the Foreign Jurisdictions List.

What You Should Start Doing

Banks and MSBs should consider proactively assessing their exposure to CVC/LTDA, both in current operations and any planned strategic changes, and conduct an analysis of the impact the Proposed Rule would have on the financial institution’s operations. The comment period is short. Based on the impact analysis and other strategic considerations, the bank or MSB should quickly decide whether to comment on the NPRM directly, or if its interests may be represented by an industry group.

The impact analysis should identify and assess the policies, procedures, and controls that would need to be amended or developed to comply with the Proposed Rule, along with the associated resources and budget. The bank or MSB should identify key stakeholders, and consider creating an action plan to track and prioritize necessary changes. When developing the action plan, financial institutions should determine whether existing technology can be leveraged and enhanced, and how the dynamic parts of the rule will be implemented, such as the exchange rate requirements, 24-hour aggregation, potential future changes to the Foreign Jurisdictions List, and confirmation of registration or other compliance requirements for foreign financial institutions. Additionally, should the bank or MSB process reportable transactions through a CVC exchange, the bank or MSB should identify the mechanism to obtain the required information about the counterparty from the CVC exchange.

Guidehouse can help banks and MSBs assess their compliance programs in light of the proposed regulatory changes, including determining developing and implementing updates to operations, policies, procedures, controls, and technology. Its areas of relevant expertise include the following:

• Anti-money laundering
• Sanctions
• Strategic planning
• Risk management
• Vendor sourcing and governance
• Executive training

Guidehouse is well-equipped to make an individualized assessment of your unique circumstances and offer innovative advice and solutions for responding to heightened regulatory requirements.