The Internal Revenue Service (IRS) is stepping up enforcement of Money Services Businesses (MSBs) and the penalties for non-compliance are hefty. In a published IRS report, it was found that in fiscal year 2016, there were 1,716 examinations of MSB’s with a total potential tax revenue of $3 billion. Fast forward to the present, and the IRS appears to be conducting more Title 31 exams in 2021 than previous years. If you operate as an MSB or provide compliance advice to companies operating as MSBs, this blog post will be informative on what to expect during a Title 31 audit by the IRS.
What is a Title 31?
Quite simply, a Title 31 is an examination to ensure that a business is complying with the Bank Secrecy Act (BSA) and that the necessary anti-money laundering controls are actively being conducted. Previously, the Title 31 exams had been imposed on Casinos and other non-bank financial institutions (NBFI’s). However, with money laundering concerns in the in the cryptocurrency industry and the far-reaching rules of the BSA, the IRS has been equally conducting examinations on large companies and the smaller bitcoin ATM operators or exchanges.
What is collected during the audit?
It starts with receiving an official notice (Letter 4313) from the IRS, which is always physically mailed the business. The notice explains that the IRS will be conducting an examination in-person to ensure that the MSB has been complying with the BSA. The notice will specify an examination time period which at the time of this writing is a six-month range. It will also include a (Form 4564) lengthy list of documents and information that needs to be sent to them by a specified date prior to the in-person examination. The typical requested items include (not an inclusive listing):
- Company BSA Compliance Officer and Information Technology (IT) Manager information
- Organizational chart
- Brief written history of the organization
- Copy of the Anti-Money Laundering (AML) program
- Procedures for identifying and reporting suspicious activity
- Copy of board resolution designating the Compliance Officer
- Copy of three most recent AML risk assessments
- Copy of the prior year and most recent independent AML reviews (audit) with engagement letter and management response to the findings
- Copy of Know You Customer (KYC) program if not included in the AML program
- List of methods used to verify a customer’s identity
- Copy of documentation that supports compliance with BSA training requirement
- Copy of the current MSB Registration and a copy of the electronic confirmation from the Financial Crimes Enforcement Network (FinCEN)
- List of all domestic and foreign bank accounts
- List of services offered and schedule of fees
- Written description of a typical transaction flow for each service offered
- List of all BSA examinations performed in the last three years
- Correspondence addressed between the organization, including personnel, state regulators, the US Dept of the Treasury, or law enforcement
- List of all states and countries where business is conducted
- Transaction volume based on country incoming and outgoing funds, number of transactions, and total dollar amount and average transaction size
- Copy of your database for all fiat currency-to-virtual currency (i.e., Bitcoin, Ethereum, Litecoin, Dash, Monero, etc.) and virtual currency-to-virtual currency transactions for the six-month range provided by the IRS
- Procedure for screening and monitoring transactions/customer activity
- Copy of any BSA enforcement actions issued by any local, state, federal, or international agency within the last three years
- Log of law enforcement requests made in the past three years
The list is extensive and new items are added by the IRS as their examination procedures develop and evolve. It’s not unusual for an MSB to not have every single item on the requested items list. This is all dependent on length that the business has been in operation and the situations encountered as an operator. Best rule of thumb; always document your operations, conduct regular documented risk assessments for the business, provide what you have from the list, and then provide written documentation or an explanation why an item can’t produced (i.e. the business has only operated one year and you only have one independent review to provide, the business has never had any law enforcement requests, etc.).
What should operators expect during the in-person exam?
You’ve made through the document and data collection process, sent the requested items to the IRS, and now you’re waiting for the in-person examination day to arrive. The one question being asked by operators experiencing a Title 31 exam is, “What should I expect for the in-person examination?”.
On the day of the in-person examination, the IRS agent will arrive and conduct formal introductions, and discuss the scope/reasoning of the examination. You should have a private meeting room prepared with copies of all the requested and necessary items. The IRS agent will then begin to discuss the requested items that you’ve submitted, your operational procedures, and test your knowledge AML/KYC knowledge. Think of this more as a formal interview. The next part is a deeper dive into specifics of transactions and addressing any or questions or apparent delinquencies. You and the persons representing the company attending this examination, should be knowledgeable about your AML program, internal procedures, and provide the most concise and direct responses. The examination will conclude once the IRS agent has completed their line of questioning and completed their examination standard process. You should expect to end the examination with some follow up questions and possibly some additional requested documentation for you to submit after the in-person meeting.
Timely Follow Up with Additional Requests
The IRS will mail you correspondence (Form 4564) for any additional information or items needed, and they should be immediately addressed. Once the IRS has received any follow up items and addressed their questions, you will receive a mailed notice of the Title 31 examination closure meeting. This meeting will address the examination findings and conclude the Title 31.
The regulations for financial penalties are complex and difficult to understand. There isn’t a straightforward matrix of fines or penalties set forth by the IRS or FinCEN, each case is evaluated on its own merits (nature and severity of violations, knowledge and intent, remedial measures taken) which can differ based on several factors including prior offenses committed by the company as well as any payments made related to other enforcement actions.
If you are a money services business operating bitcoin ATMs, it is important to know what to expect during an IRS Title 31 examination. Be prepared in advance by ensuring that you have the necessary information and documentation ready. If you’re currently in a Title 31 examination, know that if penalties or fines arise, they can be appealed through administrative channels after the examination is complete. We would be happy to help your company start compliance or perform an independent audit of your existing AML program. Contact us today for more information on how we may assist you with your compliance.
About the Author
Jeremy Snyder is the CEO of BTM Compliance, LLC which is a Veteran-owned and operated company providing federal compliance services to operators of the Bitcoin ATM industry. Prior to becoming the CEO of BTM Compliance, Jeremy has an eclectic background in military, law enforcement, and FinTech compliance operations. You can connect with him on LinkedIn here.
*This blog article cannot and does not contain legal advice. The information is provided for general informational purposes only which factually based on research, personal experience, and is not a substitute for professional advice from your own legal counsel. Accordingly, before taking any actions based upon such information, we encourage you to consult with your legal counsel. We do not provide any kind of legal advice. The use or reliance of any information contained in this blog is solely at your own risk.