On October 8, 2020, the U.S. Department of Justice (“DOJ”) released a Cryptocurrency Enforcement Framework (the “Framework”) authored by the Attorney General’s Cyber Digital Task Force. The Framework is the second detailed report authored by the Cyber-Digital Task Force addressing cryptocurrencies. The Framework provides a self-described comprehensive overview of what the DOJ considers to be emerging threats and enforcement challenges associated with cryptocurrencies. The Framework also details the collaboration that the Department of Justice has built with regulatory and enforcement partners both within the U.S. government and around the world. Further, the Framework outlines the Department’s response strategies.
The Framework insinuates some skepticism about the cryptocurrency industry. While, the Framework mentions some of the “potential” or “claimed” legitimate uses of cryptocurrencies as avowed by “proponents” or “advocates” of cryptocurrencies, the Framework sets forth a more expansive discussion of the illegitimate uses of cryptocurrencies. Above all else, the Framework makes clear the DOJ’s intent to monitor and prosecute cryptocurrency-related crimes. This point is underscored by the October 1 indictment of founders and executives of off-shore cryptocurrency derivatives exchange, Bitmex, for violations of the U.S. Bank Secrecy Act, and the October 15 indictment of 20 members of the transnational criminal organization, QQAAZZ, involved in a money-laundering scheme that incorporated cryptocurrencies.
Who Should Pay Attention to the Framework
Within the Framework, the DOJ sets forth business models and activities that may facilitate criminal activities:
- Cryptocurrency exchanges
- P2P exchangers
- Cryptocurrency ATMs / Kiosks
- Virtual currency casinos
- Use of anonymity enhanced cryptocurrencies (“AECs”), tumblers, mixers or chain hopping
All of these business must consider, among other issues, licensing and registration requirements, and ensure compliance with anti-money laundering (“AML”) and know your customer (“KYC”) obligations. The Framework also specifically calls out cryptocurrencies Monero, Zcash and Dash, avowing that use of AECs is “a high risk activity that is indicative of possible criminal conduct.” Similarly, the Framework emphasizes that tumbler, mixing and chain hopping activities pose a high risk of liability for money laundering because they are “designed specifically to ‘conceal or disguise the nature, the location, the source, the ownership, or the control’ of a financial transaction.”
The DOJ asserts that it has “robust authority to prosecute [virtual asset service providers] and other entities and individuals that violate U.S. law even when they are not located inside the United States.”
Crimes with Cryptocurrency
The DOJ stresses that criminals leverage cryptocurrencies for a variety of unsavory practices. The Framework identifies three different categories of criminal behavior that exploit the advantages of cryptocurrencies and the cryptocurrency marketplace:
- The use of cryptocurrencies to engage in financial transactions that are associated with a crime. The DOJ cites a variety of examples ranging from buying and selling drugs, weapons, child abuse material, financial support of terrorist activities, and blackmail schemes.
- The use of cryptocurrencies to engage in money laundering, i.e., obscuring the origin of proceeds from illegal activities, or otherwise shield legitimate activity from tax, reporting, or other legal requirements.
- Crimes committed directly in the cryptocurrency marketplace, such as theft of cryptocurrency through hacking exchanges or using the promise of cryptocurrency to defraud investors.
What to Expect from the DOJ
The Framework sets forth in broad terms what the public can expect from the DOJ.
First, the DOJ emphasizes that it will aggressively conduct investigations and prosecutions of individuals who use cryptocurrencies to commit, facilitate or assist in concealing crimes. Exchanges currently in operation should expect to receive requests from the authorities for transaction records or other types of data. It is critical that exchanges have a functioning and up-to-date compliance program in order to facilitate these requests and also demonstrate active due diligence measures. Again, the DOJ avows broad authority to prosecute individuals and businesses located outside the U.S.
Second, the DOJ will be training law enforcement about cryptocurrency technology. The DOJ states that it has already dedicated resources to existing initiatives and is considering proposals to legislatures to close gaps in enforcement authority.
Third, the DOJ will also increase cooperation with U.S. state-level and federal law enforcement and regulatory agencies such as the FBI, Financial Crimes Enforcement Network, the Securities Exchange Commission, the Internal Revenue Service, and the Office of Foreign Assets Control. The DOJ will also continue to pursue additional partnerships with non-U.S. law enforcement and regulatory agencies. These partnerships will facilitate sharing of information as well as support regulatory measures that promote adoption of consistent regulations across jurisdictions in order to prevent criminals from arbitraging inconsistent regulatory schemes. The DOJ is intent on repeating recent successes with international coalitions that traced bitcoin transactions leading to the recent takedown of the largest child abuse material website in the world and arrests of over 300 users.
What Should Operators of Crypto-Related Businesses Do?
The Framework is a clear expression to the world that the DOJ is focused on cryptocurrencies-related crimes and, through its various partnerships, will investigate and seek enforcement actions regardless of where an individual or company is based. Individuals and companies that engage in cryptocurrency-related businesses or use AECs (e.g., Monero, Zcash and Dash), tumblers or mixers—wherever they are located—must assess the extent to which their activities involve U.S.-based customers or otherwise fall under the purview of U.S. federal and state-level laws and regulations. If a U.S. nexus exists, these individuals and companies need to consider whether they are obliged to register or obtain a license for their activities. Furthermore, implementation and maintenance of proper AML programs may be necessary among other compliance obligations. To the extent that individuals and companies have not fulfilled their obligations, they should act swiftly to rectify those deficiencies. Ignorance of these obligations will not be an acceptable defense.