On May 13, 2020, Kenneth A. Blanco, the Director of the U.S. Financial Crimes Enforcement Network (“FinCEN”) delivered a speech at the ConsenSys Blockchain Conference. As Mr. Blanco notes in his speech, FinCEN is the primary regulatory and administrator of the Bank Secrecy Act (“BSA”), which serves as the legal architecture for anti-money laundering and counter terrorism financing in the U.S. FinCEN collects and analyzes information about financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes. Mr. Blanco addressed three main topics in his speech.
COVID-19:
Mr. Blanco began by highlighting that FinCEN recently issued two Notices, one on March 16 and another on April 3, asking financial institutions to remain alert for malicious or fraudulent transactions and pointed to common patterns of such behavior following natural disasters. He stated further that these two Notices provided information about a direct contact mechanism that financial institutions could use for urgent COVID-19-related issues. The suggestion was that financial institutions should initiate contact with FinCEN if they anticipate challenges in fulfilling BSA obligations because of the pandemic.
Mr. Blanco also explained that FinCEN is independently monitoring for criminal activity exploiting the pandemic. FinCEN is supporting law enforcement investigations into cybercrime, scams, and fraud. Also, FinCEN plans to issue advisories highlighting common typologies of opportunistic criminal activity during the pandemic.
CYBERCRIME:
Mr. Blanco stated that it is clear that cybercriminals launder their proceeds and purchase tools used to perpetrate crimes via virtual currencies. He stressed that virtual currency services providers have the “opportunity, and obligation, to help identify these illicit criminal networks in their suspicious activity reporting [“SARs”] to FinCEN,” thereby providing data to FinCEN which it can use to identify red flags and spot risks. Mr. Blanco appealed to the industry’s sense of community, offering that in doing so, financial institutions were not just satisfying their legal obligations but were also protecting the interests of their loved ones, families, neighbors and fellow citizens.
He then offered examples of recent exploitive criminal activity. Cybercriminals are targeting individuals seeking critical healthcare information and supplies during the pandemic. Cybercriminals are also targeting vulnerabilities in applications and protocols used for remote work such as, phishing campaigns, malware extortion, business email compromise and stealing login credentials. FinCEN has also observed scams involving virtual currency payments and initial coin offering investments. Additionally, the pandemic necessitated adjustments to standard “know your customer” and other due diligence procedures. Mr. Blanco emphasized that criminals are becoming increasingly sophisticated in undermining due diligence processes by using, for example, “deepfakes” which are manipulated digital images or videos and “credential stuffing attacks” which are large scale automated account login requests using lists of stolen usernames and passwords.
TRAVEL RULE:
Mr. Blanco then moved to the Travel Rule, which is the recording and sharing of identifying customer information between financial institutions during asset transfers. The Travel Rule is common practice in the traditional banking system. Mr. Blanco applauded the Financial Action Task Force’s published standards from June 2019 asserting that virtual asset service providers (“VASPs”) should apply the “Travel Rule” in a manner similar to that of traditional financial service providers. The FATF is an independent inter-governmental body that develops global standards for anti-money laundering and counter-terrorist financing. The U.S. recently served a term as president of the FATF, and unsurprisingly, FinCEN issued guidance in May 2019 that included the Travel Rule for money service businesses engaged in virtual currency activities. Mr. Blanco emphasized that the U.S. has consistently communicated an expectation that VASPs receive sufficient information from the other party involved in a transfer. He also noted that examiners from the Internal Revenue Service—the U.S. tax authority—report recordkeeping violations as the most common citation among companies engaged in virtual currency transmission. Mr. Blanco expressed confidence that the industry could create an information exchange system that satisfies the Travel Rule.
OTHER OPPORTUNITIES FOR COLLABORATION AND CHALLENGES:
Mr. Blanco also took time to highlight FinCEN’s partnerships across a diverse group of regulators, supervisors, law enforcement and industries with the goal of stymieing illicit use of virtual currencies. For example, he mentioned FinCEN’s work with the National Cyber Investigative Joint Task Force and the Joint Criminal Opioid Darknet Enforcement to investigate criminal networks exploiting virtual currency in trafficking fentanyl, narcotics, cybercrime tools, and child abuse material. He also noted international initiatives. Mr. Blanco then stated that FinCEN has received almost 70,000 Suspicious Activity Reports (referred to as SARs) since 2013 involving virtual currencies. The number of reports is indicative of cooperation and recognition of potential issues within the industry. Nonetheless, he expressed concern over anonymity-enhanced cryptocurrencies, naming specifically, Monero, Zcash, Bitcoin, and Grin. He also expressed concern over non-U.S. companies attempting to market to or conduct business with people in the U.S without complying with U.S. rules. He asserted, “[i]f you are going to avail yourself of the U.S. financial system from abroad, you cannot do so without engagement in the financial integrity practices that make this financial system so powerful, stable, trusted, and desirable.”
