FinCEN's FIN-2019-G001, published on May 9, 2019, is one of the key documents behind U.S. enforcement against custodial crypto privacy services. The memo did not invent a new statute, but it clarified how existing Bank Secrecy Act obligations apply to "convertible virtual currency" businesses and removed much of the ambiguity that operators previously relied on.
For mixer operators, the message was direct: if your service accepts and transmits value on behalf of others, you are likely in money-transmitter territory regardless of whether your frontend calls itself a wallet, a tumbler, a protocol, or an automated tool.
Who FinCEN Sees As A Money Services Business
The document introduces three roles:
- Users who obtain virtual currency for their own purposes. Users are generally not MSBs.
- Exchangers who trade CVC for fiat or other CVC on behalf of others.
- Administrators who issue, redeem, or have the ability to withdraw CVC from circulation.
FinCEN's test is functional, not branding-based: anyone who "accepts and transmits value" for another person can be treated as an MSB. That is why custodial mixers remain high-risk under this guidance even when they market themselves as software or privacy infrastructure.
Obligations For Mixers And Custodial Tools
The guidance reiterates that MSBs must:
- Register with FinCEN within 180 days of starting operations.
- Designate a compliance officer, run an AML program, and train staff.
- Maintain customer identification records and file Suspicious Activity Reports for $2,000+ suspicious transactions.
- Keep transaction logs for five years and respond to law-enforcement requests.
The document also makes clear that fee collection, managed routing, and service advertising can undercut a "mere software provider" argument. In practical terms, once a service touches custody or transmission for users, compliance obligations attach quickly.
Extraterritorial Reach
FinCEN also emphasizes extraterritorial exposure. Foreign operators can still face U.S. enforcement when they serve U.S. customers or interact with U.S.-linked banking rails. Later cases repeatedly cite this section to support "fair notice" arguments against offshore mixer operators.
Lasting Impact On Enforcement
Since 2019, prosecutors and examiners have used FIN-2019-G001 as baseline notice language. It appears across major complaints and sanctions-era actions as evidence that operators were warned about classification and registration risk.
- The Helix/Grams indictment (2020) and $60M FinCEN penalty.
- The Bitcoin Fog conviction (2024), where agents described the service as an unlicensed money transmitter.
- The Treasury Department’s mixer sanctions press releases in 2022–2023.
If you run a custodial privacy service, "we only provide privacy" is no longer a workable legal shield in U.S. context. Operationally, your options narrow to full compliance or strict jurisdictional exclusion and controls designed to keep U.S. touchpoints out of scope.
Primary Source
BitMixList does not operate a mixer. We publish this guide so builders and users grasp the compliance landscape before deploying or interacting with privacy services.
Author
NotATether
Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.
