US Department of Justice’s sprawling report reveals regulatory enforcement priorities for cryptocurrencies and highlights multi-agency cooperation.

By Susan Engel, Miles Jennings, Benjamin Naftalis, Yvette Valdez, Eric Volkman, Stephen Wink, Douglas K. Yatter, and Deric Behar

On October 8, 2020, the US Attorney General’s Cyber-Digital Task Force of the Department of Justice (DOJ) published an extensive white paper, titled Cryptocurrency: An Enforcement Framework (the Report). The Report gives a detailed overview of legitimate uses of cryptocurrencies, the risks of illicit cryptocurrency activity, and related federal enforcement challenges and response strategies.

Attorney General William P. Barr’s remarks announcing the Report highlighted the regulatory balance between supporting innovation and prosecuting abuse: “Cryptocurrencies and distributed ledger technology present tremendous promise for the future, but it is critical that these important innovations follow the law.” Insofar as the Report provides a roadmap of the DOJ’s priorities for cryptocurrency enforcement, all market participants in the cryptocurrency space should be aware of its contents and the government’s evolving expectations for risk management and controls.

The Report is the Cyber-Digital Task Force’s second, after a July 2018 white paper on cyber threats, and is organized into three sections:

  1. An overview of cryptocurrency technology and the risks and illicit uses of cryptocurrency
  2. The laws and regulatory agencies that oversee cryptocurrencies and the enforcement tools at their disposal
  3. Ongoing challenges and potential strategies related to illicit uses of cryptocurrency

Highlights from the Framework

The Report is clear that blockchain technology and cryptocurrencies may be transformational innovations, but, as with any technology, parties with malicious intent can use blockchain and cryptocurrencies to circumvent the law and conduct illegal activity.

Illegal cryptoasset activities highlighted in the Report include:

  • Conducting financial transactions involving cryptocurrency associated with criminal activity (e.g., financing terrorism, sales of illegal substances, extortion, etc.)
  • Using cryptocurrency to hide financial activity (e.g., money laundering, tax evasion, and avoidance of other legal reporting requirements)
  • Committing crimes within the cryptocurrency marketplace itself (e.g., hacking, theft, phishing, fraud, etc., to obtain cryptocurrency illegally from victims, whether individuals or digital exchanges and platforms)

According to the Report, certain cryptoasset business models, such as money services businesses (MSBs) and other types of virtual asset service providers (VASPs), may face increased risk of being used to facilitate criminal activity, and therefore should be alert to potential abuses of their platforms. Other platforms that operate as kiosks, peer to-peer (P2P) exchangers, issuers, or brokers, are considered MSBs and are obligated to implement anti-money laundering (AML) programs, to file suspicious activity reports (SARs), and to follow other Bank Secrecy Act requirements. The DOJ is also focusing on individuals and entities engaged in the business of accepting and transmitting convertible virtual currency (CVC).

Anonymity enhanced cryptocurrencies (AECs), or privacy coins that use non-public or private blockchains, are also highlighted as models that can potentially be exploited to undermine AML programs as well as controls for combating the financing of terrorism (CFT). The mere use of AECs is labeled a “high-risk activity that is indicative of possible criminal conduct.” According to the Report, AECs can be exchanged for other virtual assets using mixers, tumblers, and chain hopping, “which may indicate a cross-virtual-asset layering technique for users attempting to conceal criminal behavior.”

Increasing Multi-agency Enforcement and Collaboration

While the DOJ acknowledges that “the lack of consistent AML/CFT regulation and supervision over VASPs across jurisdictions” presents a challenge (and indirectly promotes jurisdictional arbitrage), the DOJ asserts broad and diverse jurisdiction over crimes involving cryptoassets. If different types of cryptocurrency abuses implicate specific US agencies or regulators, the DOJ will collaborate with one or more such agency, as needed, including:

  • The Securities and Exchange Commission (SEC)
  • The Commodity Futures Trading Commission (CFTC)
  • The Office of the Comptroller of the Currency (OCC)
  • Financial Crimes Enforcement Network (FinCEN)
  • The Office of Foreign Assets Control (OFAC)
  • The Internal Revenue Service (IRS)

The Report devotes extensive space to elaborating on the DOJ’s multi-agency approach, which involves parallel or joint investigations and enforcement against individuals and entities for infractions involving cryptoassets. The DOJ is also coordinating with US state authorities and intergovernmental organizations such as the Financial Action Task Force (FATF), the standard setter for international money laundering rules. This multi-agency approach will undoubtedly continue, as the DOJ “recognize[s] the importance of working with interagency and international partners to enhance an already vigorous enforcement plan, regulatory scheme, and policy framework to thwart the opportunities created by cryptocurrency for criminals, terrorists, and other bad actors.”

The Long Arm of US Law Enforcement

In the Report, the DOJ reiterates a long-asserted right to prosecute violations of US law conducted by individuals or entities based outside the US, if those entities maintain a nexus of activity involving US persons. According to the Report, “[w]here virtual asset transactions touch financial, data storage, or other computer systems within the United States, the Department generally has jurisdiction to prosecute the actors who direct or conduct those transactions.” These aggressive and extraterritorial theories of jurisdiction may bring entities based outside the US within the DOJ’s reach.

Fear it or Embrace it?

Many in the crypto industry have decried the Report as a “parade of horribles” focused on illegitimate uses of cryptocurrencies. Nevertheless, the Report acknowledges that cryptocurrencies and blockchain technologies are legitimate and potentially transformative. It should come as no surprise that a report by the country’s federal law enforcement agency focuses on the “public safety and national security challenges” presented by cryptocurrencies, and the government’s corresponding enforcement priorities. Of course, it is also understandable that the Report would increase anxiety among individuals and companies committed to legitimate forms of cryptocurrency activities and innovation. But additional insight on the US government’s enforcement priorities may help shape and inform market participants’ plans in this rapidly growing and evolving industry.