The DOJ’s National Cryptocurrency Enforcement Team and Treasury’s OFAC are setting their sights on cryptocurrency use in cybercrimes.

By Benjamin A. Naftalis, Eric S. Volkman, Douglas K. Yatter, Nima H. Mohebbi, Jessie R. Michelin, and Deric Behar

The US Department of Justice (DOJ) is sharpening its focus on combatting cryptocurrency use in criminal activity. On October 6, 2021, the DOJ announced the creation of a National Cryptocurrency Enforcement Team (NCET) — a unit aimed to be the centerpiece in “a nationwide enforcement effort to combat the use of cryptocurrency as an illicit tool.” The DOJ identifies cryptocurrency as the “primary demand mechanism for ransomware payments” and “preferred means of exchange of value” to facilitate crimes on the dark web. The stated purpose of NCET is to conduct complex investigations and prosecutions of criminal misuse of cryptocurrency by individuals and entities operating in the digital asset space.

Underlying NCET is the DOJ Cyber Digital Task Force’s first published report, which highlighted the need to address threats posed by the use of cryptocurrency in cybercrimes, as well as its October 2020 Cryptocurrency Enforcement Framework (the Framework), which highlighted the emerging threats and enforcement challenges posed by cryptocurrency use and infrastructure abuse. In the Framework, the DOJ asserted broad and diverse jurisdiction over crimes involving cryptoassets to pursue violations of US law even if those violations were conducted by individuals or entities based outside the US, so long as those entities maintained a nexus of activity involving US persons (see this Latham post for more information).

In a year-end change of course, the SEC identified the minimum steps that broker-dealers must take when acting as custodians of digital asset securities.

By Stephen P. Wink, Naim Culhaci, Shaun Musuka, and Deric Behar

On December 23, 2020, the US Securities and Exchange Commission (SEC) staff issued a statement (Custody of Digital Asset Securities by Special Purpose Broker-Dealers) (the Statement) outlining its position on how broker-dealers must operate when acting as custodians of digital asset securities[i] in order to avoid enforcement action. The SEC’s Statement, which will be in effect for five years, is intended to encourage innovation while providing both industry participants and the SEC the opportunity to develop best practices with respect to the custody of digital asset securities.

Elisabeth Stheeman of the Financial Policy Committee outlined the new frameworks for building operational resilience against cyber risks and protection of payment chains.

By Brett Carr and Stuart Davis

On 9 September 2020, Elisabeth Stheeman, an External Member of the Financial Policy Committee (FPC) for the Bank of England (BoE) delivered a speech entitled, “The Financial ‘Plumbing’ Committee: from Plumbing to Policy” outlining the changes that financial services firms can expect in two priority areas — cyber and payments — in order to build operational resilience of the financial system.

By Andrew C. Moyle, Grace Erskine, and Charlotte Collins

As leading global financial and FinTech centres, the UK and Singapore will benefit from strengthening their cybersecurity alliance.

On 13 June 2019, the Bank of England, the Financial Conduct Authority, and the Monetary Authority of Singapore announced that they will be working together to strengthen cybersecurity in their countries’ financial sectors.

The regulators have characterised the aims of this new collaboration as “identifying effective ways to share information and exploring potential for staff exchanges”.

All three regulators have identified cybercrime as an increasing global problem. Speaking about the new initiative, Mark Carney, Governor of the Bank of England, said, “The average cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years. Cyber risk is not constrained by geographic boundaries, making international cooperation essential to address this growing threat”.

The new code aims to avoid customers being penalised for fraudsters’ actions.

By Andrea Monks and Nell Perks

Estimates indicate that fraudsters stole £1.2 billion from UK bank accounts in 2018 — a 16% increase on the previous year. UK Finance has described fraud as a “major threat to the UK”, and has confirmed that the finance industry is committed to tackling the issue. However, developments in banking that have led to quick and easy payment methods, combined with increasingly sophisticated cyber scams, mean that fraudsters continue to flourish.

There has been a particularly significant increase in authorised push payment (APP) fraud, in which a customer is tricked into making a payment to another account that is controlled by a criminal. Historically, victims of this sort of fraud have struggled to retrieve their money — only 23% of losses were returned last year.