US Treasury Continues Whirlwind of Activity in the Crypto Space

On November 29, Treasury Deputy Secretary Wally Adeyemo addressed a gathering of industry leaders at the Blockchain Association Policy Summit in Washington, D.C. The wide ranging and detailed speech focused on the steps Treasury plans to take to "prevent bad actors from using the digital asset ecosystem for illicit activity." The speech laid out Treasury’s crypto-related illicit finance playbook - target the illicit parts of the crypto ecosystem with sanctions and use enforcement actions to send a message about the need for compliance.

One day prior to the speech the Dep Sec sent a letter to Congress asking for additional authorities including the creation of a new secondary sanctions tool that would more easily allow Treasury to target cryptocurrency exchanges that “facilitate payments to Hamas and other terrorist groups,” and legislation that could bring various DeFi services within the scope of the Bank Secrecy Act.

Beyond the speech and the letter, over the last few weeks we have seen a flurry of activity coming out of Treasury - from sanctions to proposed rulemakings, enforcement actions to historic settlements. While all of this feels like a whirlwind of activity, if you slow down a moment you can see key themes developing.

• Treasury has serious concerns about mixers

Even before the FinCEN October 19 proposed rule that would require U.S. financial institutions, including cryptocurrency businesses, to monitor and report on transactions involving cryptocurrency mixers, Treasury has had concerns that North Korea and other threat actors are taking advantage of mixers to launder the proceeds of hacks and other financial crime. 

The move against mixers actually began last year when OFAC sanctioned Blender.io, then Tornado Cash followed by the DOJ led takedown of ChipMixer. In addition, Treasury (and DOJ) have targeted mixers like Helix and Bitcoin Fog which advertised on darknet markets. Most recently, OFAC sanctioned bitcoin mixer Sinbad in a move to take out North Korea's latest go-to service. We are likely to see Treasury continue to target anonymity enhancing tools that are being used by cybercriminals. 

• Treasury continues to target illicit actors with sanctions

Since its first sanctions against non-compliant Russian VASP SUEX, Treasury has used its authorities to carve out bad actors while preserving the lawful crypto ecosystem. This is the strategy that Treasury official Todd Conklin previewed after the SUEX designation on TRM Talks when he referred to the need to target the “illicit underbelly” of the crypto economy. Targets have included non-compliant exchanges Chatex, Garantex, Bitzlato and most recently Gaza-based BuyCash. In addition to exchanges Treasury has used sanctions and other authorities to target darknet markets like Hydra and facilitators of sanctions evasion, drug trafficking and other illicit activity.

• Treasury thinks about DeFi

In April, Treasury released its DeFi Risk Assessment where it most notably opined that DeFi activities could fall under the Bank Secrecy Act. For much more listen to TRM Talks with Treasury here and with industry experts here. 

The report notes that AML obligations in the U.S. are activity-based, and asserts that the BSA requires entities acting like financial institutions to “establish and implement an effective anti-money laundering program,” and comply with OFAC sanctions. Treasury asserts that “[w]hile the degree to which a person is centralized could impact the service it provides, persons engaging in the activities of financial institutions as defined by the BSA, regardless of whether they are centralized or decentralized, will have these obligations.” While not regulation or even guidance - Treasury officials referred to the paper as the start of a conversation - the DeFi risk assessment was an early move by Treasury to preview its thinking on the decentralized space.

• Treasury continues to send a message about the importance of compliance

In the wake of the Binance settlement, it is more clear than ever that Treasury is sending a message about compliance to other VASPs. Over the years Treasury has taken enforcement actions against BitPay, BitGo, Bittrex, Kraken and others for simply not having sanctions and AML controls in place. In each enforcement action Treasury highlights the need for certain controls – from blockchain intelligence to geolocation – in an effort to not only punish and change the behavior of the target but also to send a message to the broader industry on the need for robust sanctions and AML compliance programs.

• Treasury looks to task forces and foreign partners to implement illicit finance strategy

In Deputy Secretary Adeyemo’s speech to industry he highlighted the need to work through the international anti-money laundering standard setter the Financial Action Task Force “to make sure our allies and partners around the world join us in updating their regulatory approach.” In other words the “we are only as strong as our weakest link” argument. Advocating for AML standards through the FATF has long been part of the Treasury strategy on digital assets and beyond.

In addition, just in the last week, Treasury announced task forces on both terror financing and fentanyl. First, FinCEN joined twelve financial intelligence units in forming a task force of FIUs in order to combat financing. According to the announcement, the task force was established immediately following the terror attacks by Hamas against Israel on October 7, and, explicitly calls out the need to coordinate with “technology companies” as part of the strategy.

In addition, Treasury announced the launch of a Treasury and IRS-CI Counter-Fentanyl Strike Force to focus on combatting the scourge of fentanyl through coordinated regulatory and law enforcement action. According to the press release, the Strike Force will, “identify additional disruption opportunities of key money laundering nodes in international fentanyl trafficking networks, especially those that rely heavily on cryptocurrency.”

As we close out 2023, the playbook for Treasury is clear - use sanctions to go after individuals, entities and services that are seen as facilitating illicit finance while using enforcement actions to punish and send a message about non-compliance. That approach will likely continue in 2024. 

However, Treasury’s letter to Congress which asks for additional authorities seems to take things a step further essentially expanding Treasury’s ability to go after “particular blockchain nodes or networks, rather than requiring that they be a designated person’s property or interest in property,” as is the case under the current sanctions regime. This language builds on the DeFi risk assessment which suggests application of the BSA to DeFi.

As the cryptocurrency ecosystem grows, as more and more transactions are done on open, public ledgers, the challenge for Treasury and other regulators will be to ensure that lawful users are able to transact in a secure and private manner while, at the same time, mitigating the risks from illicit actors who seek to take advantage of the promise of the technology for malign activity. The last few weeks, if nothing else, give us a sense of how the Treasury Department is thinking about this balancing.