On September 16, 2022, the U.S. Department of the Treasury (“Treasury”) published three reports in response to a March 2022 Executive Order concerning the development of digital assets. The reports address the future of money and payments; implications for consumers, investors, and businesses; and the illicit financing risks of digital assets. Secretary Yellen described the reports as identifying the challenges and risks of digital assets used for financial services, while providing recommendations for mitigating such risks. The reports responded to President Biden’s March 9, 2022 Executive Order (“EO 14067”) on Ensuring Responsible Development of Digital Assets, which called for a coordinated, inter-agency strategy to harness the potential benefits of digital assets while addressing their inherent risks. We have written previously on EO 14067, and on a report issued by the Department of Justice pursuant to EO 14067. We analyze below one of the three Treasury reports, specifically the Treasury’s Action Plan to Address Illicit Financing Risks of Digital Assets (“Action Plan”).
EO 14067 called for the development of a coordinated interagency action plan for mitigating digital asset-related illicit finance and national security risks identified in the U.S. government’s National Strategy for Combating Terrorist and Other Illicit Financing, which was informed by analyses contained in the U.S. government’s 2022 national risk assessments for money laundering, terrorist financing, and proliferation financing.
Illicit Financing Threats Related to Digital Assets
The Action Plan provides examples of illicit financing threats that involve digital assets, including money laundering with ransomware payments and proliferation financing. Suspicious activity report data indicates that criminals behind top ransomware variants send the proceeds of their crimes to virtual asset service providers (“VASPs”), often located in jurisdictions with weak or non-existent AML/CFT controls, to be exchanged for fiat currency. This is a form of “layering,” and distances the fiat currency from the ransomware payments, helping the bad actors to disguise their criminal activity and the fact that the fiat currency is illegitimate tender. The Action Plan notes that digital assets are also increasingly being used to launder funds from fraud schemes, and that fraud schemes “continue to be the largest driver of money laundering activity overall in terms of the scope of activity and magnitude of illicit proceeds, generating billions of dollars annually.”
In terms of proliferation financing, the Action Plan warns that, while there is no evidence that a proliferation network has used a digital asset to procure a specific proliferation‑sensitive good or technology as an input to a weapons of mass destruction program, proliferation networks are increasingly using certain types of digital assets that enhance user anonymity. Regarding terrorist financing, U.S. authorities have identified several instances where terrorist groups and their financial supporters have solicited funds in digital assets.
Vulnerabilities of Digital Assets
Digital assets have multiple features that make them vulnerable to misuse. The Action Plan identifies four key illicit financing risks associated with digital assets:
- Gaps in the implementation of international AML/CFT standards across countries
- The Action Plan asserts that the “most significant illicit financing risk associated with digital assets stems from VASPs operating abroad with substantially deficient AML/CFT programs, particularly in jurisdictions where AML/CFT standards for digital assets are nonexistent or not effectively implemented.” Inadequate regulation or oversight allows actors to engage in “regulatory arbitrage.”
- Use of anonymity-enhancing technologies
- According to the Action Plan, criminals increasingly use such technologies (e.g., mixers) that aid them in hiding the movement or origin of funds. These technologies make it difficult for law enforcement to trace illicit funds.
- Lack of covered financial institutions as intermediaries in some digital asset transactions
- “Disintermediation” refers to the process of transferring assets without the involvement of an intermediary financial institution. Because such transactions may not involve a financial services provider, AML/CFT obligations might not be triggered.
- VASPs that are non-compliant with AML/CFT obligations
- VASPs that operate wholly or in substantial part in the U.S. have AML/CFT obligations, even if they are foreign-located. However, some VASPs fail to comply with such obligations, and criminals are more likely to exploit such VASPs.
Priority Actions and Request for Comment
The Action Plan sets forth seven priority actions, with accompanying supporting actions, to which the U.S. government is committed:
- Monitoring emerging risks
- Improving global AML/CFT regulation and enforcement
- Updating Bank Secrecy Act regulations
- Strengthening U.S. AML/CFT supervision of virtual asset activities
- Holding accountable cybercriminals and other illicit actors
- Engaging with the private sector
- Supporting U.S. leadership in financial and payments technology
The Action Plan concludes by listing specific issues that Treasury anticipates discussing with international and private sector partners. These issues correspond to a Request for Comment that Treasury issued, seeking input from the public on the Action Plan. Specific questions in the Request for Comment include (i) whether there are specific areas related to AML/CFT and sanctions obligations with respect to digital assets that require additional clarity; (ii) if there are specific countries or jurisdictions where the U.S. government should focus its efforts; and (iii) what technological solutions designed to improve AML/CFT and sanctions compliance are being used by the private sector for digital assets. Comments must be received on or before November 3, 2022.
As digital transformation accelerates across all sectors, cryptocurrencies become more integrated into mainstream financial services, and the metaverse continues to trend, governmental agencies will move to identify regulatory gaps in an effort to hold bad actors accountable. Now more than ever is the time for VASPs (crypto exchanges, peer-to-peer (P2P) exchanges, crypto ATMs/kiosks, wallet custodians, etc.) to assess and where necessary improve and remediate their essential compliance functions, internal controls, and technological solutions.