On October 19, 2023, the U.S. Department of the Treasury’s (“Treasury”) Financial Crimes Enforcement Network (FinCEN) announced a Notice of Proposed Rulemaking (NPRM) that would implement new recordkeeping and reporting requirements on domestic financial institutions and domestic financial agencies, related to transactions that they know, suspect, or have reason to suspect involve convertible virtual currency (CVC) mixing within or involving a non-U.S. jurisdiction. 

FinCEN issued the NPRM pursuant to Section 311 of the USA PATRIOT Act, which provides the Secretary of the Treasury (the “Secretary”) the authority to require domestic financial institutions and domestic financial agencies to take “special measures” where the Secretary finds reasonable grounds to conclude that a class of transactions, institution, account, or foreign jurisdiction is of “primary money laundering concern.”  The NPRM identifies international CVC mixing as a class of transactions of primary money laundering concern, highlighting the use of CVC mixing services by illicit actors including cyber criminals and terrorist groups.  According to FinCEN’s press release, the NPRM represents FinCEN’s first use of Section 311 to target a class of transactions.Continue Reading FinCEN Proposed Rule Targets Digital Asset Mixers

After months of anticipation, a federal judge has finally ruled in the closely watched case of Joseph Van Loon, et al. v. Department of Treasury, et al.  This important case addressed challenges to the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) decision to impose sanctions on Tornado Cash as a Specially Designated National and Blocked Person (SDN).  The judge granted summary judgement in favor of OFAC, finding it had sufficient legal authority to designate Tornado Cash, and denied summary judgement on the plaintiffs’ claims.  Shortly after that ruling, OFAC announced the SDN designation of Roman Semenov, one of three alleged co-founders of Tornado Cash, and the Department of Justice (DOJ) charged Semenov and Roman Storm, another Tornado Cash founder, with multiple alleged criminal violations related to anti-money laundering (AML) and economic sanctions laws. 

All three actions are critical developments that contain key insights on how the US government views the AML and sanctions obligations of decentralized protocols and individuals associated with those protocols.  The developments make clear that, at least in certain scenarios, individuals involved in the creation of a DeFi platform can be held responsible for the activities conducted on that platform where such conduct violates US economic sanctions or AML laws, or constitutes sanctionable activity under applicable executive orders. Continue Reading Critical Tornado Cash Developments Have Significant Implications for DeFi AML and Sanctions Compliance

The Department of the Treasury’s recently issued Illicit Finance Risk Assessment of Decentralized Finance is principally intended to provide insight on how illicit actors are abusing decentralized finance (DeFi) services, as well as anti-money laundering (AML) and countering the financing of terrorism (CFT) vulnerabilities unique to DeFi.  However, the report also contains critical insight on how Treasury, and, presumably, the Financial Crimes Enforcement Network (FinCEN) within Treasury, view the applicability of existing US AML/CFT regulations, issued pursuant to the Bank Secrecy Act (BSA), to DeFi projects. Continue Reading Risk Assessment Offers Treasury’s Most Extensive Comments to Date on DeFi Regulation

On October 11, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) announced enforcement actions against Bittrex, Inc. (Bittrex), a privately-owned digital asset trading platform based in Bellevue, Washington, for apparent violations of anti-money laundering (AML) laws and of multiple sanctions programs. A settlement of over $24 million was announced by OFAC and a $29 million fine was announced by FinCEN. FinCEN will credit payment of the OFAC settlement amount toward Bittrex’s potential liability with FinCEN, meaning Bittrex will pay just over $29 million in total. Joint enforcement action between OFAC and FinCEN is uncommon—the settlements mark the first instance of parallel enforcement actions by OFAC and FinCEN in the digital asset sector.
Continue Reading OFAC and FinCEN Announce Enforcement Actions Against Bittrex

On August 30, 2022, further amendments to the UK’s nine thematic and 29 geographic sanctions regulations came into effect, which expand financial sanctions reporting obligations to cryptoasset exchanges and custodian wallet providers.  The amendments, which were introduced under the Sanctions (EU Exit) (Miscellaneous Amendments) Regulations 2022 and the Sanctions (EU Exit) (Miscellaneous Amendments) (No.2) Regulations 2022 (Amending Regulations), revise the definition of a “relevant firm” to which mandatory financial sanctions reporting obligations apply.
Continue Reading New UK Sanctions Legislation Expands Mandatory Financial Sanctions Reporting Obligations to Include Crypto Providers

On August 1, Robinhood Crypto, LLC (RHC) entered a consent order with the New York State Department of Financial Services (DFS) requiring RHC to pay a $30 million fine for violating (1) New York’s virtual currency regulatory regime known as the BitLicense, (2) a Supervisory Agreement entered with DFS as a condition of its BitLicense, (3) anti-money laundering (AML) requirements applicable to money transmitters, and (4) other requirements related to transaction monitoring, filtering, and cybersecurity.  The consent order, which is DFS’s first enforcement action under the BitLicense regime or against a digital currency business, offers several important takeaways for blockchain companies operating or seeking to operate in the state, including (1) the importance of scaling up compliance processes commensurate with business growth, (2) the risks of relying on compliance programs of affiliated entities, (3) the importance of well-developed reporting lines in compliance programs, and (4) the consequences of filing “improper” certifications under DFS’s transaction monitoring and cybersecurity rules.
Continue Reading DFS’s First Enforcement Action Against a Blockchain Company: Lessons Learned