This is not legal advice, just my opinion.
I’ve met many brilliant entrepreneurs bravely navigating the alphabet soup of the American crypto regulatory environment. Today’s post is focused on the importance of knowing your customers (“KYC”) if you are a Money Service Business (“MSB”).
The Bank Secrecy Act (“BSA”) — adopted in 1970 — establishes the basic Anti-Money Laundering (“AML”) framework for financial institutions. It Authorizes the Secretary of the Treasury to issue regulations requiring record keeping and report filing to help the Financial Crimes Enforcement Network (“FinCEN”) with their investigation and prosecution of money laundering.
The US Patriot Act — enacted by Congress in 2001 as a response to the 9/11 terrorist attacks — strengthened the BSA and imposed a number of additional AML requirements including:
AML compliance programs;
Customer identification programs;
Monitoring, detecting, and filing reports of suspicious activity;
Due diligence on foreign correspondent accounts, including prohibitions on transactions with foreign shell banks;
Due diligence on private banking accounts;
Mandatory information-sharing (in response to requests by federal law enforcement); and
Compliance with “special measures” imposed by the Secretary of the Treasury to address particular AML concerns.
Is your Crypto Company an MSB?
These acts apply to anyone engaged in a Money Service Business. If your business converts crypto-to-cash or crypto-to-crypto, you are likely an MSB and need to register with FinCEN at a national level. You should also be aware of the state requirements, you likely need a Money Transmission license for New York, Alabama, Hawaii, Vermont, Virginia, Washington, and Wyoming, and you might need one for Alaska, Connecticut, and North Carolina.
FinCEN’s MSB Definition:
FinCEN has divided crypto companies into three categories, two of which are required to register as an MSB. 
User: A user is a person that obtains virtual currency to purchase goods or services. This is described as a person who earns, mines, or purchases virtual currency. A user is not a MSB, and does not need to register with or report to FinCEN.
Administrator: An administrator is a person engaged as a business in issuing a virtual currency, and who has the authority to redeem such virtual currency. An administrator is considered an MSB under FinCEN’s regulations.
Exchanger: An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency. An exchanger is also considered an MSB under FinCEN’s regulations.
Money Transmitter: There are seven categories of MSBs under FinCEN’s definition; both the Administrator and Exchanger are Money Transmitter MSBs. A Money Transmitter is someone who accepts something of value that substitutes for currency (in this case, crypto) from one person and then transfers it to another location or person by any means.
Exceptions: If dealing in goods or services, closed loop systems, or if the cumulative transactions will never exceed $1,000 per day, a company does not have to register. There are also limited exceptions for payment processors who are connected via a written agreement with BSA regulated insinuations (banks and credit card companies) who have already done considerable due diligence before issuing debit cards.
If you are an MSB, how do you comply with FinCEN?
First, you need to register with FinCEN by filing Form 107 on the BSA website. Their computer system is very particular; you will need to use Internet Explorer.
Second, you must write a compliance program that lists a designated compliance officer, schedules employee training, and explains how you will identify and report suspicious transactions that could result in money laundering or terrorist financing.
Third, you must implement a Know Your Customer program that will ensure you verify your customers before they interact with your business. You have to make a record of everything you obtain from them relating to their identity verification. You should know their full legal name & home address (verified by a photo of them holding their drivers license), their SSN, birthday and cell number.
Fourth, you must determine whether a customer appears on any list of known or suspected terrorist organizations designated by Treasury, primarily the OFAC list. There are two main searches, one is called the SDN List, which lists specifically designated nationals and blocked persons. The other is the non-SDN list, which includes like the Foreign Sanctions Evaders List, the List of Persons Identified as Blocked Solely Pursuant to E.O. 13599, the Non-SDN Iran Sanctions List, the Palestinian Legislative Counsel list, and more. To search the lists, you will need the person’s full name and address. The list will detect certain misspellings and will return near, or proximate matches.
Fifth, you must monitor your customer’s transactions closely and report any suspicious activity by filing a Suspicious Activity Report (“SAR”). SAR’s are filed for suspected insider abuse involving any amount, transactions aggregating more than $5,000 that the company suspects are intended to disguise funds derived from illegal activity, evade requirements of the BSA, funds that have no business or apparent lawful purpose, the company knows of no reasonable explanation for the transaction, or the company knows the source of funds is from criminal activity. These suspicious transactions are reported on FinCEN Form 101. A company must keep supporting documents associated with the report for five years. If the Company thinks the situation requires immediate attention, they may wish to report the situation by phone to FinCEN’s hotline at 1–866–556–3974.
The SAR is broken down into five parts:
Part I — Subject Information — Any name, address, social security or tax ID’s, birth date, drivers license numbers, passport numbers, occupation and phone numbers of all parties involved with the activity.
Part II — Suspicious Activity Information — Date Range and codes for the type of Suspicious Activity
Part III — Information about Financial Institution where Activity Occurred
Part IV — Filing Institution Contact Information — The contact information for the financial institution’s compliance officer or equivalent and list of any law enforcement agency that has been contacted while investigating the activity.
Part V — Suspicious Activity Information — Narrative — A written description of the activity.
Information Sharing of the BSA:
By registering with FinCEN as an MSB, you are agreeing to certain information sharing requirements. Some are mandatory, and some are voluntary.
314(a) Mandatory: You must share information requested by federal, state, local, and foreign (European Union) law enforcement agencies. As of September 25, 2018, FinCEN has reached out to more than 37,000 points of contact at more than 16,000 financial institutions to locate accounts and transactions of persons that may be involved in terrorism or money laundering. To date, the 314 Program Office has processed 3,849 requests pertinent to the following significant criminal investigations:
· Terrorism/Terrorist Financing — 595 cases
· Money Laundering — 3,254 cases
Penalties for BSA non-compliance:
Violations for noncompliance with the Patriot Act and the BSA can include civil fines up to $1,000,000 or 1% of the Company’s assets.  Additionally, criminal violations can include up to twenty years in prison.
If you are transacting in a way that could resemble an administrator or exchanger, you may want to seek legal advice to ensure you are complying with these cumbersome requirements. If you notice various companies in the space requiring KYC, it’s not their fault, they are forced to comply with the existing laws.
 31 CFR § 1010.100(ff)(5)(i)(A)