On Friday, the Department of Justice (“DOJ”) announced two developments:  First, the release of a 66-page report, The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets (the “Report”), issued under President Biden’s March 9, 2022 Executive Order on Ensuring Responsible Development of Digital Assets.  Second, the establishment of the Digital Asset Coordinator (“DAC”) Network, a nationwide group of prosecutors designated as legal and technical experts in digital asset cases.

We focus here on the regulatory and legislative recommendations of the Report, which seek to expand significantly the ability of the DOJ to investigate and prosecute offenses involving digital assets. The recommendations include increasing criminal penalties, extending statutes of limitations, expanding venue provisions, enhancing the government’s forfeiture powers, and prohibiting virtual asset service providers from “tipping off” the subjects of grand jury subpoenas received by the providers.  The recommendations also include making clear that the federal criminal law against maintaining an unlicensed money transmitter applies to peer-to-peer platforms that purportedly do not take custody or assume control over the digital asset being exchanged; ensuring that the Financial Crimes Enforcement Network (“FinCEN”) issues a final rule expanding the application of the Travel Rule under the Bank Secrecy Act (“BSA”) to digital asset transfers; and expanding or arguably clarifying that the BSA applies to platforms dealing in non-fungible tokens, or NFTs, including online auction houses and digital art galleries.

Continue Reading  DOJ Issues Report on Digital Asset Law Enforcement Seeking Expansive New Powers, and Launches New Crypto Prosecutor Network

Complaint Illustrates Existential Fight Over OFAC’s Ability to Sanction Open-Source Code – and OFAC Responds (?) By Issuing FAQs on Tornado Cash Use

Last month, the Office of Foreign Assets Control (“OFAC”) sanctioned Tornado Cash, a virtual currency “mixer” operating on the Ethereum blockchain which allegedly has been used to launder the virtual currency equivalent of more than $7 billion since its creation in 2019, by adding it to the Specially Designated Nationals and Blocked Persons List (the “SDN List”). The initial response from certain elements of the crypto community was, not surprisingly, negative: for example, an 8/15 Coin Center whitepaper and an 8/23 letter from Congressman Tom Emmer to Treasury Secretary Janet Yellen argued that OFAC lacked the legal authority.

In the intervening month, things have heated up considerably. Last week, six plaintiffs filed a complaint against OFAC and the Treasury Department, as well as Secretary Yellen and OFAC Director Andrea Gacki in their respective official capacities, in the Western District of Texas (Waco Division), seeking declaratory and injunctive relief – specifically, that the court declare OFAC’s addition of Tornado Cash to the SDN List as unlawful, and permanently enjoin the enforcement of the designation and any sanctions stemming therefrom.  Plaintiffs allege that venue is proper due to Plaintiff Joseph Van Loon’s residence in Cedar Park, TX, within the Western District.  Plaintiffs’ decision to opt for the Waco Division, rather than the Austin Division, may be intentional, because the Waco Division has only one judge, who until recently has been the go-to choice for patent litigation plaintiffs.

The complaint has and will continue to draw considerable attention.  It lays out the framework for a fascinating question:  under existing law, can OFAC act directly against a piece of technology such as open-source code?  Or, must OFAC pursue enforcement, through a more difficult, piece meal and time-consuming process, only against specific individuals and specific legal entities? Presumably, both sides will invoke broad policy-related and equity-related arguments regarding “privacy,” “transparency,” and the need to fight crime.  However, the key issue may come down to a more traditional and rather dry legal issue of parsing the meaning of statutory language.

Continue Reading  Civil Complaint Challenges OFAC’s Tornado Cash Sanctions

On September 8, the Office of the Comptroller of the Currency (“OCC”) published an extension of its notice and request for comment (the “Notice”) in the Federal Register regarding changes to the OCC’s Money Laundering Risk System (the “MLR System”)  The Notice indicates that the OCC is inviting greater scrutiny of customers and transactions involving

Department Focuses on Transfers of Virtual Currency

On August 8, 2022, the District of Columbia Department of Insurance, Securities and Banking (the Department”) issued a Bulletin on money transmission (the “Bulletin”).  The Department issued the Bulletin to ensure that parties “engaging in or planning to engage in money transmission with Bitcoin or other virtual currency

On August 8, the U.S. Department of the Office of Foreign Assets Control (“OFAC”) sanctioned “notorious” virtual currency “mixer” Tornado Cash, which allegedly has been used to launder more than $7 billion worth of virtual currency since its creation in 2019.  Tornado Cash is a virtual currency mixer that operates on the Ethereum blockchain.  Tornado Cash receives a variety of transactions and mixes them together before transmitting them to their individual recipients.  The stated purpose of such mixing is to increase privacy, but mixers are often used by illicit actors to launder funds because the process enhances anonymity and makes it very hard to track the flow of funds.  According to the Treasury Department press release, “[d]espite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risk.”  This statement seems to imply that Tornado Cash is run by actual people – an implication that is at the heart of the controversy over these sanctions, as we will discuss.

The sanctions against Tornado Cash have elicited enormous controversy in the crypto world because, some argue, (1) Tornado Cash is not an entity run by actual people, but is merely code; and (2) although OFAC has the legal authority to sanction people and entities, it lacks such authority to sanction code or a technology – or at the very least, such sanctions create many practical problems for innocent actors, including in ways which no one has foreseen fully.  As we discuss,  even a member of the U.S. House of Representatives has waded into the controversy this week, questioning the ability of OFAC to issue the sanctions and demanding answers.  The controversy also reflects that, once again, whether one chooses to focus on the word “privacy” or on the word “anonymity” typically reflects an a priori value judgment predicting one’s conclusion as to whether something in the crypto world is good or bad. 

Indisputably, the Tornado Cash sanctions are, to date, unique and unprecedented.  Although they may turn out to be an outlier experiment by OFAC, public pronouncements by the U.S. Treasury Department strongly suggest that, to the contrary, they represent part of the future of crypto regulation, in which the enormous power of the U.S. government to issue broad sanctions obliterates legal and practical hurdles which could stymie other agencies, such as the Financial Crimes Enforcement Network (FinCEN).  This may be because, ultimately, the government actually agrees that no person is in control of a powerful technology that has easy application for malicious uses, and that is precisely the problem.

Continue Reading  OFAC Sanctions Virtual Currency “Mixer” Tornado Cash and Faces Crypto Backlash

Case Involves Familiar But Instructive Regulatory Findings

The New York Department of Financial Services (“NYDFS”) made clear last week that crypto companies can be held accountable for allegedly failing to comply with anti-money laundering (“AML”) / Bank Secrecy Act (“BSA”) regulations.  Federal and certain State laws require crypto companies like Robinhood Crypto, LLC (“RHC”) to maintain effective AML programs, and to implement systems to identify suspicious activity and block illegal transactions on their platforms (which we have previously discussed, including here and here).  On August 2, 2022, NYDFS announced that it entered a Consent Order penalizing RHC $30 million for alleged AML, cybersecurity and consumer protection violations.  RHC also is required to retain an independent consultant to perform compliance assessments evaluating the Company’s remediation efforts. 

This enforcement action is entirely consistent with the recent Guidance on Use of Blockchain Analytics issued by the NYDFS, directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  As we have blogged, the Guidance emphasizes “the importance of blockchain analytics to effective [AML] policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The Consent Order contains a litany of alleged AML deficiencies, many of which have figured prominently in other enforcement actions.  We detail them below.  From a BSA/AML perspective, the key focus – not surprisingly – was on the adequacy of RHC’s transaction monitoring systems.  Again, the message is:  written policies and programs may look great on their face, but actual execution is key.  The adequate funding and staffing of compliance functions is also critical.

Continue Reading  Crypto Compliance Matters: NYDFS Fines Robinhood $30M for Alleged AML, Cybersecurity, and Consumer Protection Violations

Report Focuses on Travel Rule Implementation – or Lack Thereof

The Financial Action Task Force (“FATF”) recently issued an updated review of the implementation of its anti-money laundering (“AML”) and counter-terrorist financing (“CFT”) standards to financial activities involving Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs), entitled Targeted Update On Implementation Of The FATF Standards On Virtual Assets And Virtual Asset Service Providers (“Report”). 

This post highlights the three main takeaways from the Report – with a focus on the FATF’s Travel Rule.  Condensed, the FATF Travel Rule requires the private sector to obtain and exchange beneficiary and originator information with VAs transfers valued at $1,000 or more. The Report also suggests that some DeFi arrangements are not truly “decentralized.”

Continue Reading  FATF Issues Targeted Update Report on Implementation of AML/CFT Standards on Virtual Assets

On June 6, Attorney General Merrick Garland (“AG”) issued a report titled “How to Strengthen International Law Enforcement Cooperation For Detecting, Investigating And Prosecuting Criminal Activity Related To Digital Assets” (the “Report). Led by the Department of Justice, the Report represents a collaborative effort with feedback from the Department of State, Department of Treasury, Department of Homeland Security, Securities and Exchange Commission, and Commodities Future Trading Commission (“CFTC”). The Report also comes as U.S. senators Cynthia Lummis, R-Wyo., and Kirsten Gillibrand, D-N.Y. recently introduced a sweeping bipartisan bill to bring clarity to cryptocurrency regulation by defining most digital assets as commodities (to be regulated primarily by the CFTC) and enacting rules governing stablecoins.

The Report was required by President Biden’s March 9, 2022 Executive Order, Ensuring Responsible Development of Digital Assets, on which we previously blogged.  The Executive Order addressed concerns about the growing role of digital assets in money laundering crimes and sanctions evasion, and called for a report to be published by the AG for the purpose of strengthening international law enforcement cooperation.  The resultant Report stresses the pragmatic problems facing cross-border investigations – particularly the reluctance or sheer inability of foreign jurisdictions to tackle such investigations independently – and makes three basic recommendations, all of which relate to improved funding, communication and standards.

Continue Reading  DOJ Report Calls For International Cooperation to Fight Digital Asset Crime

On May 19, 2022, the Associate Director of the Enforcement and Compliance Division of the Financial Crimes Enforcement Network (“FinCEN”), Alessio Evangelista, spoke at the Chainalysis Links Conference in New York City on the topic of “The Intersection of Cryptocurrencies and National Security.”  Associate Director Evangelista stressed “responsible innovation” by the cryptocurrency industry, in order to protect consumers and national security interests, as well as to combat cybercrime and other illicit financial activity.  Associate Director Evangelista also denied that FinCEN’s enforcement efforts represent a “gotcha” enterprise.

Shortly after Associate Director Evangelista’s speech, Acting Comptroller of the Currency Michael J. Hsu discussed vulnerabilities in the cryptocurrency framework and recent volatility with stablecoins in pointed remarks at the DC Blockchain Summit 2022.  Describing himself as a “crypto skeptic,” Acting Comptroller Hsu acknowledged the potential value of innovation presented by crypto, but repeatedly bemoaned a “hyped-based” crypto economy, and stressed that “hype is not harmless.”

Combined, these speeches leave no doubt that regulators are exceedingly focused on digital assets and cryptocurrencies, and in particular are increasingly focused on consumer protection concerns, beyond the usual illicit finance and terrorist financing concerns.

Continue Reading  FinCEN and OCC Address Cryptocurrency:  Responsible Innovation and Pervasive Hype