Federal law enforcement and regulators continue to focus on technology-driven financial crime — specifically, cyber-enabled fraud and the laundering of illicit funds through cryptocurrency. Last week, the Department of Justice (“DOJ”) announced that Eun Young Choi will serve as the first Director of the National Cryptocurrency Enforcement Team (“NCET”). As we have blogged, the DOJ created in 2021 the NCET in order to address issues on which we repeatedly have blogged: crypto exchangers and their AML obligations; the process of tracing digital asset transactions; ransomware; so-called “professional” money launderers; and the use of crypto to launder serious crimes such as drug trafficking and human trafficking. This attempt at a coordinated government approach to crypto enforcement followed the announcement earlier in 2021 by the Financial Crimes Enforcement Network (“FinCEN”) of appointing its first-ever Chief Digital Currency Advisor.
Meanwhile, FinCEN has stressed the need for, and utility of, specific information to be submitted by the victims of cyber-enabled financial crime schemes, or the financial institutions of those victims, to FinCEN’s Rapid Response Program, or RRP. The RRP seeks to share financial intelligence and recover the proceeds of crime.
According to the DOJ, the rapid innovation of digital assets and distributed ledger technologies has created a rise in the illicit use of these technologies by criminals “who exploit them to fuel cyberattacks and ransomware and extortion schemes; traffic in narcotics, hacking tools and illicit contraband online; commit thefts and scams; and launder the proceeds of their crimes[.]” The goal of the NCET therefore is to “identify, investigate, support and pursue the department’s cases involving the criminal use of digital assets, with a particular focus on virtual currency exchanges, mixing and tumbling services, infrastructure providers, and other entities that are enabling the misuse of cryptocurrency and related technologies to commit or facilitate criminal activity.”
The NCET will collaborate with the DOJ’s Criminal Division’s Computer Crime and Intellectual Property Section and Money Laundering and Asset Recovery Section; the U.S. Attorneys’ offices; the National Security Division; and the FBI, including the FBI’s new Virtual Asset Exploitation Unit, or VAXU. Relatedly, during a speech at the Munich Cyber Security Conference, DOJ Deputy Attorney General Lisa O. Monaco announced the formation of the FBI’s VAXU, which “will combine cryptocurrency experts into one nerve center that can provide equipment, blockchain analysis, virtual asset seizure and training to the rest of the FBI.”
FinCEN’s Rapid Response Program
Meanwhile, FinCEN recently touted the results of its Rapid Response Program, or RRP, through a fact sheet describing the RRP as an information-sharing team dedicated to helping “victims and their financial institutions recover funds stone as the result of certain cyber-enabled financial crime schemes, including business e-mail compromise (BEC).” FinCEN further describes the RRP as a partnership between itself; U.S. law enforcement agencies including the FBI, the U.S. Secret Service, Homeland Security Investigations, and the U.S. Postal Inspection Service; and foreign partner agencies that, like FinCEN, are the financial intelligence units, or FIUs, of their respective jurisdictions. According to FinCEN, it uses the RRP and its “authority to share financial intelligence rapidly with counterpart FIUs and encourages foreign authorities to interdict the fraudulent transactions, freeze funds, and stop and recall payments using their authorities under their own respective legal and regulatory frameworks. The RRP has been used to confront cyber threats involving approximately 70 foreign jurisdictions to date, and has the capacity to reach more than 160 foreign jurisdictions through FIU-to-FIU channels. Through these collaborative efforts, FinCEN has successfully assisted in the recovery of over $1.1 billion.”
FinCEN’s RRP fact sheet goes on to describe how a victim of cyber-enabled crime, or the victim’s financial institution, may file a complaint with law enforcement to initiate the RRP. The flow chart set forth below in the fact sheet describes the RRP’s operational flow. FinCEN encourages victims or victims’ financial institutions to provide as much transaction detail and cyber-related information regarding the scheme as possible when making a complaint, and notes that “the RRP has had greater success in recovering funds when victims or financial institutions report fraudulently induced wire transfers to law enforcement within 72 hours of the transaction.” Please consult the fact sheet for the specific information which FinCEN and law enforcement agencies like to see through RRP complaints.