Law Office of George R. Bravo
Your Business Lawyer

The Legal Side of Business

A blog written for entrepreneurs or established business owners that discusses the legal side of business issues that arise when starting or growing a business. 

Legal Pitfalls of Starting a Cryptocurrency Business

bitcoins stacked on a desk with computer in the background

The Legal Pitfalls

Starting a cryptocurrency business to either invest or create new blockchain technologies can be an exciting and lucrative opportunity. However, beside the investment risks of the volatility of cryptocurrency, there are also serious cryptocurrency legal issues involved. Recognizing and addressing these legal issues will enable you to avoid the legal pitfalls of starting a cryptocurrency business. The main legal pitfalls are (1) not registering your business as a “money service business” (MSB), (2) not complying with federal anti-money laundering laws, and (3) not complying with special privacy requirements. These special privacy requirements are in addition to the general privacy requirements that every business doing business in the U.S. and in California must abide by.


(1) How to Determine Whether Your Business is a "MSB"

If you are considered a MSB, then you must register your business with the U.S. Department of Treasury Financial Crimes Enforcement Network (FinCen) as a MSB. You may register online here: If you are considered a MSB and do not register, then your business will be subject to a $5,000 civil penalty for each violation (each day your company does not register is considered a separate violation) and your business may have a criminal fine imposed and/or you and other co-owners may be imprisoned for up to 5 years. 

What is a MSB?

According to FinCen, a money services business is “any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the following capacities:

1.      Currency dealer or exchanger

2.      Check casher

3.      Issuer of traveler’s checks, money orders or stored value

4.      Seller or redeemer of traveler’s checks, money order or stored value

5.      Money transmitter

6.      U.S. Postal Service”

Exceptions for being a MSB:

  • If the activities for (1) – (4) are $1,000 or less per person per day, then you are not considered a MSB.

  • If you are a bank

  • If you are registered with, and regulated or examined by, the Securities and Exchange Commission or the Commodity Futures Trading Commission

How does Cryptocurrency Fit in the Definition of a MSB?

FinCEN considers cryptocurrency like Bitcoin to be a “convertible virtual currency,” which it defines as virtual currency that either has an equivalent value in real currency or acts as a substitute for real currency. Three categories of persons are discussed in the FinCEN Guidance — (1)“users,” (2) “exchangers,” and (3) “administrators,” which are defined as follows:

  1. A user is a person that obtains virtual currency to purchase goods or services on his or her own behalf. A person who obtains virtual currency for the benefit of other parties would not be considered a user.

  2. An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency.

  3. An administrator is a person engaged as a business in issuing (putting into circulation) a virtual currency, who also has the authority to redeem (to withdraw from circulation) such virtual currency.

FinCEN treats the three categories of participants differently. A user who obtains convertible virtual currency by, for example, earning, harvesting, mining, creating, auto-generating, manufacturing, or purchasing the currency and uses it solely to purchase real or virtual goods or services is not a money transmitter, and therefore not an MSB.

In contrast, an administrator or exchanger that (i) accepts and transmits convertible virtual currency or (ii) buys or sells convertible virtual currency for any reason is a money transmitter and thus an MSB, unless the person qualifies for a limitation to or an exemption from the definition of a money transmitter as explained above.

More specifically, FinCEN states that a user who converts cryptocurrency into real currency or another convertible virtual currency will not be deemed to be an “exchanger” of convertible virtual currency as long as the conversion is “solely for the user’s own purposes and not as a business service performed for the benefit of another.” In contrast, FinCEN stated that any transfer of convertible virtual currency to third parties at the request of a seller, creditor, owner, or counterparty to a transaction may constitute “money transmission services” under the BSA Regulations.

What if My Business Only Invests in Cryptocurrency for its Own Profit?

FinCEN would not consider your business to be a MSB. According to FinCEN, “when the Company invests in a convertible virtual currency for its own account, and when it realizes the value of its investment, it is acting as a user of that convertible virtual currency within the meaning of the FinCEN guidance (stated above). As a result, to the extent that the Company limits its activities strictly to investing in virtual currency for its own account, it is not acting as a money transmitter and is not an MSB under FinCEN’s regulations.”

In other words, if your business is only investing in cryptocurrency for its own benefit for investment purposes, then your business will be considered to be a “user” as one of the categories defined above. As a “user,” your business will not be considered a MSB.

What If My Business Only Creates and Distributes Blockchain Software?

FinCEN would not consider your business to be a MSB if you create and distribute blockchain software. However, if your business uses the software to do business by exchanging cryptocurrency that is not strictly for your business’ own account and instead, it is for the benefit of others, then your business will be considered a money transmitter and thus a MSB.


(2) Complying With Federal Anti-Money Laundering Laws

If your business is a MSB, then under the law, your business will be considered a “financial institution,” which are subject to a whole set of more regulations, depending on your business’ activities. One of the most important set of regulations that your business will be subject to if it is a MSB are the U.S. anti-money laundering laws.

The Bank Secrecy Act (BSA) requires U.S. financial institutions to assist U.S. government agencies in detecting and preventing money laundering, by requiring all businesses to develop a written anti-money laundering (AML) program.

How to Develop an Anti-Money Laundering Program

The BSA Regulations require MSBs and their agents to develop, implement, and maintain an effective written anti-money laundering (AML) program that is reasonably designed to prevent the MSB or agent from being used to facilitate money laundering and the financing of terrorist activities. An AML program must “be commensurate with the risks posed by the location and size of, and the nature and volume of the financial services provided by, the [MSB].” This is a vague concept, but there are minimum requirements that every AML must have, which are that your business must:

  1. incorporate policies, procedures, and internal controls reasonably designed to assure compliance with the BSA Regulations, including, without limitation and to the extent applicable, provisions for verifying customer identity (also referred to as Know Your Customer, or KYC ), filing reports (including Suspicious Activity Reports, or SARs), creating and retaining records, and responding to law enforcement requests;

  2. designate a person to assure day-to-day compliance with the AML program and the BSA Regulations, whose responsibilities include assuring that: (a) the MSB properly files reports, and creates and retains records, in accordance with applicable requirements of the BSA Regulations; (b) the AML program is updated as necessary to reflect current requirements of the BSA Regulations and related guidance issued by the Department of the Treasury; and (c) the MSB provides appropriate training and education to its personnel in accordance with the BSA Regulations;

  3. provide education and/or training of appropriate personnel concerning their responsibilities under the AML program, including training in the detection of suspicious transactions (including cryptocurrency transaction monitoring) to the extent that the MSB is required to report such transactions under the BSA Regulations; and

  4. provide for independent review to monitor and maintain an adequate AML program commensurate with the risk of the financial services provided by the MSB.

Other Important BSA regulations to note:

  • All companies doing business in the U.S. must report any foreign bank accounts in excess of $10,000

  • Must report cash or currency transactions that are more than $10,000 conducted in any day by or on behalf of a person in connection with a trade or business


(3) MSB Special Privacy Compliance Requirements

An additional set of requirements of “financial institutions” are both federal and state privacy laws. The federal privacy law is called the Gramm-Leach-Bliley Act (GLBA) and under it, your business will be subject to the following additional privacy requirements:

  1. Must provide privacy policy clearly and conspicuously on your website and require the consumer to acknowledge receipt of the policy before obtaining a financial product or service

  2. Must provide an opt-out notice to a consumer before disclosing his or her nonpublic personal information to nonaffiliated third parties

If you are doing business in California, the relevant privacy law is called the California Financial Information Privacy Act (CFIPA). CFIPA generally prohibits financial institutions from sharing or selling nonpublic personal information without obtaining the consumer’s consent


  1. opt in before a financial institution may share nonpublic personal information with a non-affiliate, except in certain circumstances, including where the disclosure “is necessary to effect, administer, or enforce a transaction requested or authorized by the consumer”;

  2. be given the opportunity to opt out of sharing nonpublic personal information with the financial institution’s financial marketing partners; and

  3. be given the opportunity to opt out of sharing nonpublic personal information with the financial institution’s affiliates


These are the exceptions that generally apply when disclosing nonpublic personal information:

  • when it is necessary to perform the transaction

  • with the consent of the customer

  • to protect the customer

  • to resolve a customer dispute

  • in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely customers of the business or unit.

  • to comply with the law

Starting a cryptocurrency can be complicated and knowing whether your business is a MSB or not can be confusing. Contact me to find out if your business is a MSB and what steps you need to take to be in compliance. 

*The above blog article is for general informational purposes only and should not be taken as legal advice.