The Department of the Treasury’s recently issued Illicit Finance Risk Assessment of Decentralized Finance is principally intended to provide insight on how illicit actors are abusing decentralized finance (DeFi) services, as well as anti-money laundering (AML) and countering the financing of terrorism (CFT) vulnerabilities unique to DeFi.  However, the report also contains critical insight on how Treasury, and, presumably, the Financial Crimes Enforcement Network (FinCEN) within Treasury, view the applicability of existing US AML/CFT regulations, issued pursuant to the Bank Secrecy Act (BSA), to DeFi projects. 

Continue Reading Risk Assessment Offers Treasury’s Most Extensive Comments to Date on DeFi Regulation

On January 18, 2023, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an order identifying the virtual currency exchange Bitzlato Limited (Bitzlato) as a “primary money laundering concern” in connection with Russian illicit finance.  The order, which is the first of its kind, was issued pursuant to Section 9714(a) of the Combating Russian Money Laundering Act. 

Continue Reading In Unprecedented Action FinCEN Identifies Virtual Currency Exchange as Primary Money Laundering Concern

On December 16, FinCEN issued a notice of proposed rulemaking (NPRM) entitled “Beneficial Ownership Information Access and Safeguards, and Use of FinCEN Identifiers for Entities.”  The NPRM is intended to implement the Corporate Transparency Act (CTA) and, in particular, to govern which entities may access corporate beneficial ownership information (BOI) that certain entities will soon be required to report to FinCEN under the CTA.  Steptoe previously summarized FinCEN’s final rule on BOI reporting here.

Continue Reading Proposed Rule Lays Out Who Will Have Access to New Corporate Beneficial Ownership Information

On October 11, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) announced enforcement actions against Bittrex, Inc. (Bittrex), a privately-owned digital asset trading platform based in Bellevue, Washington, for apparent violations of anti-money laundering (AML) laws and of multiple sanctions programs. A settlement of over $24 million was announced by OFAC and a $29 million fine was announced by FinCEN. FinCEN will credit payment of the OFAC settlement amount toward Bittrex’s potential liability with FinCEN, meaning Bittrex will pay just over $29 million in total. Joint enforcement action between OFAC and FinCEN is uncommon—the settlements mark the first instance of parallel enforcement actions by OFAC and FinCEN in the digital asset sector.

Continue Reading OFAC and FinCEN Announce Enforcement Actions Against Bittrex

On September 30, 2022, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a final rule to implement the beneficial ownership information (BOI) reporting provisions of the Corporate Transparency Act (CTA), which was enacted as part of the Anti-Money Laundering Act of 2020 within the National Defense Authorization Act for Fiscal Year 2021.  The final rule responds to comments on the proposed rule published by FinCEN in December 2021, which was the subject of a prior blog post.

The final rule is intended to protect US national security and the US financial system by preventing and combatting fraud, corruption, money laundering, and terrorist financing, among other illicit activities, by parties seeking to hide money and other assets in the United States via shell companies and other opaque legal structures. The rule aims to provide essential information to national security, intelligence, and law enforcement agencies by requiring certain business organizations and entities to report information to FinCEN about the beneficial owners and controllers of such organizations and the individuals who have filed an application with specified government authorities to form the entity or register it to do business. The rule describes who must file a beneficial ownership information report, what information must be reported, and when a report is due.

Continue Reading FinCEN Issues Final Rule on Beneficial Ownership Information Reporting

On August 1, Robinhood Crypto, LLC (RHC) entered a consent order with the New York State Department of Financial Services (DFS) requiring RHC to pay a $30 million fine for violating (1) New York’s virtual currency regulatory regime known as the BitLicense, (2) a Supervisory Agreement entered with DFS as a condition of its BitLicense, (3) anti-money laundering (AML) requirements applicable to money transmitters, and (4) other requirements related to transaction monitoring, filtering, and cybersecurity.  The consent order, which is DFS’s first enforcement action under the BitLicense regime or against a digital currency business, offers several important takeaways for blockchain companies operating or seeking to operate in the state, including (1) the importance of scaling up compliance processes commensurate with business growth, (2) the risks of relying on compliance programs of affiliated entities, (3) the importance of well-developed reporting lines in compliance programs, and (4) the consequences of filing “improper” certifications under DFS’s transaction monitoring and cybersecurity rules.

Continue Reading DFS’s First Enforcement Action Against a Blockchain Company: Lessons Learned

On August 8, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the imposition of sanctions on the decentralized digital asset mixer Tornado Cash.  The action marks the first time OFAC has targeted an on-chain decentralized protocol.  To date, OFAC has not issued any guidance specific to decentralized finance (DeFi) as part of its broader sanctions guidance for the “virtual currency” industry, but the Tornado Cash action lays down an important marker and makes clear that OFAC will target projects or protocols engaged in illicit activity regardless of their centralized or decentralized status.  (Our prior blog post on OFAC’s general virtual currency guidance is available here).

Continue Reading OFAC Designates Tornado Cash in First Action Against a Decentralized Platform

On March 7, 2022, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury published guidance (Guidance) for US financial institutions warning about: (1) efforts of foreign actors to evade expanding US economic sanctions and trade restrictions related to the Russian Federation and Belarus and (2) increased risk of malicious cyber-attacks and related ransomware campaigns, following the invasion of and continued military action in Ukraine.  The Guidance provides instructive red flags and related advice for all US financial institutions to evaluate, and provides information of particular relevance for Money Services Businesses (MSBs) and other FinCEN-regulated institutions undertaking transactions in what the agency calls “convertible virtual currency” (CVC).

Most notably, FinCEN strongly encourages US financial institutions that have information about CVC flows, including exchangers or administrators of CVC to: (1) be mindful of efforts to evade expanded US sanctions and export controls related to Russia and Belarus, summarized by Steptoe here; (2) submit Suspicious Activity Reports (SARs) as soon as possible regarding such conduct; (3) undertake appropriate risk-based due diligence of customers, and where required, enhanced due diligence; (4) voluntarily share information with other financial institutions consistent with Section 314(b) of the USA PATRIOT Act; and (5) consider using tools to identify assets that must be blocked or frozen under applicable sanctions.

Continue Reading What US Financial Institutions Need to Know about FinCEN’s Russian Sanctions Evasion and Ransomware Guidance

On December 7, 2021, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), published a proposed rule to implement the Corporate Transparency Act (CTA), which was enacted as part of the Anti-Money Laundering Act of 2020 within the National Defense Authorization Act for Fiscal Year 2021.  The proposed rule is intended to implement the CTA’s beneficial ownership reporting provisions, but does not yet have the force and effect of law. In short, the proposed rule would require certain business organizations and entities to report affirmatively information to FinCEN about the beneficial owners and controllers of such organizations and the individuals who have filed an application with state or tribal authorities to form the entity or register it to do business.  Below we summarize a number of the proposed rule’s key provisions, for which interested persons may submit public comments before February 7, 2022.

Continue Reading FinCEN Issues Proposed Rule on Reporting of Corporate Ownership

On October 15, 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued anticipated Sanctions Compliance Guidance for the Virtual Currency Industry and updated two related Frequently Asked Questions (FAQs 559 and 646).  OFAC has published industry-specific guidance for only a handful of other industries in the past two decades; the new guidance demonstrates the agency’s increasing focus on the virtual currency (VC) sector.  It also clarifies US sanctions compliance practices in ways that could lay a foundation for future OFAC enforcement actions.

OFAC’s guidance was announced as part of broader US government enforcement priorities to combat ransomware, money laundering, and other financial crimes in the virtual currency sector, as noted in the Department of Justice’s recent announcement of a National Cryptocurrency Enforcement Team.  The OFAC guidance was published in tandem with a Financial Crimes Enforcement Network (FinCEN) analysis of ransomware trends in suspicious activity reporting, but the guidance is directed at the VC industry in general and is not specific to ransomware.  A ransomware actor who demands VC may or may not be a target of OFAC sanctions, and sanctioned actors may engage in a wide variety of VC transactions that do not involve ransomware.  The recommended compliance practices in OFAC’s new guidance are focused on the full range of sanctions risks that arise from virtual currencies.

Continue Reading OFAC Issues Compliance Guidance for the Virtual Currency Industry