DOJ Stakes a Claim in Cryptocurrency Enforcement with Publication of Broad New Framework

A new Department of Justice report signals that DOJ intends to take a more aggressive approach to virtual currencies, with a focus on pursuing anonymity-based activities and enforcing compliance with anti-money laundering rules. The report, “Cryptocurrency: An Enforcement Framework,” issued October 8, 2020 by the Attorney General’s Cyber Digital Task Force, comes on the heels of an unusual stand-alone anti-money laundering (AML) case brought against BitMEX by federal prosecutors in September. Taken together, those charges and the new report show DOJ’s growing appetite for cryptocurrency-related enforcement.

While the Enforcement Framework offers nothing truly groundbreaking, it provides several key insights. First, DOJ appears focused on the abuse of cryptocurrency to finance and support traditional criminal activity, including terrorism, narcotics activity, and money laundering. According to DOJ, anonymous and decentralized transactions present the greatest risk of facilitating this criminal activity; therefore, platforms and providers that deal in such transactions need to pay particular attention to their regulatory obligations. Second, the report suggests that DOJ coordinates closely with other financial regulators, leveraging their specific authorities to hold accountable virtual currency-based businesses for their Customer Due Diligence obligations and suspicious activity reporting. Given the particular focus on businesses that facilitate the trade of virtual assets absent a traditional financial institution or other centralized authority, including peer-to-peer exchanges and Bitcoin ATMs, such businesses need to be hyper aware of their potential status as a money service business (or “MSB”) and the attendant regulatory requirements, and be ready to implement and regularly update robust AML policies and procedures. Although some aspects of DOJ’s more assertive stance on enforcement may rely upon untested strategies and legal theories, cryptocurrency-based institutions can take proactive steps to avoid being in DOJ’s crosshairs.

Enforcement Priorities

The report highlights DOJ’s focus on three general categories of illicit activity:

1. Darknet marketplaces and transactions associated with the commission of crimes, the purchase or sale of illicit items, or transactions that support terrorism;
2. Anonymity Enhanced Cryptocurrencies and their potential to facilitate money laundering and the shielding of legitimate activity from tax, reporting, or other legal requirements; and
3. Computer intrusion, such as ransomware or theft, that directly implicate the integrity of the cryptocurrency marketplace.

The report frames several recent enforcement actions as templates for future DOJ enforcement, including a 2017 indictment against BTC-e, a virtual currency exchange that allegedly lacked basic AML policies and controls, “did not require users to validate their identities, [and] obscured and anonymized transactions and sources of funds” in order to facilitate the laundering of criminal proceeds worldwide, while charging a transaction fee for the funds exchanged. The report also notes that DOJ has prosecuted cryptocurrency exchanges operating as unlicensed MSBs. Again, DOJ appears to be flagging its intent to use MSB and Bank Secrecy Act regulations to target decentralized platforms that offer anonymity. Designing and maintaining compliance programs to address the risks identified by DOJ will be key for companies and platforms that may come into DOJ’s future view.

Technologies of Particular Concern

The DOJ report singles out anonymity-enhanced cryptocurrencies in particular, saying DOJ considers their use “a high-risk activity that is indicative of possible criminal conduct.” DOJ is openly skeptical that this technology can ever comply with anti-money laundering laws: “Companies that choose to offer AEC products should consider the increased risks of money laundering and financing of criminal activity, and should evaluate whether it is possible to adopt appropriate AML/CFT measures to address such risks.” The DOJ views mixers, tumblers, and chain hopping with similar suspicion, with the report saying that those practices “obfuscate the source or owner of particular units of cryptocurrency by mixing the cryptocurrency of several users prior to delivery of units to their ultimate destination.” According to DOJ, these technologies invite criminal conduct: “operators of these services can be criminally liable for money laundering because these mixers and tumblers are designed specifically to conceal or disguise the nature, the location, the source, the ownership, or the control of a financial transaction.”

The report takes a less cynical view of cryptocurrency exchanges and peer-to-peer exchangers and platforms, while noting the importance of FinCEN registration and reporting requirements and asserting that there is imperfect compliance in this growing space.

Enforcement

DOJ’s criminal actions against virtual currency technologies go beyond the more traditional illicit marketplaces or illicit transactions. The report reflects DOJ’s growing interest in enforcement actions against technologies that either remain deliberately ignorant of, or enable, illicit behavior by failing to implement adequate AML programs. The report comes just weeks after DOJ’s indictment of cryptocurrency platform BitMEX, an indictment that shows DOJ’s willingness to bring aggressive criminal enforcement actions based on failures to meet basic anti-money laundering standards. In that case, DOJ filed stand-alone criminal charges against three individual executives for a willful failure to maintain an adequate AML program and specifically highlighted activity that the DOJ viewed as attempts to avoid regulatory requirements, U.S. v. Hayes, et al., 20-cr-500-JGK (S.D.N.Y., filed Sept. 21, 2020). The DOJ typically charges AML program violations alongside traditional federal crimes such as money laundering or fraud. Rarely, if ever before, has the DOJ used AML program violations as a stand-alone charge.

The report mentions several other examples of AML criminal charges, including those filed against “Bitcoin Maven” Theresa Tetley. She was sentenced in July 2018 to one year in federal prison for laundering money and operating an unlicensed bitcoin-for-cash money-transmitting business that “purposely and deliberately existed outside of the regulated bank industry.” DOJ also filed criminal charges against BTC-e, alleging that it facilitated transactions for cybercriminals worldwide and received criminal proceeds from numerous computer intrusions and hacking incitements, ransomware scams, identity-theft schemes, corrupt public officials, and narcotics-distribution rings. These actions demonstrate DOJ’s increasing willingness to bring criminal actions where companies actively facilitate money laundering or fail to prevent it.

With the DOJ’s focus in mind, cryptocurrency-based financial institutions and businesses would be advised to:

• Closely monitor their direct and indirect exposure to Darknet Marketplaces, virtual currency mixers, and high-risk jurisdictions;
• Implement AML controls specifically tailored to the risk of anonymity-enhanced cryptocurrencies, including transaction limits, enhanced customer due diligence, and collecting counterparty information;
• Identify and document business-drivers for customer, geographic, and operational decisions that go beyond regulatory arbitrage; and
• Develop objective, attribute-based factors that support thoughtful and reasonable decision making.

Regulatory Authorities

The report highlights cases where DOJ has brought criminal charges alongside regulatory actions by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC), the Office of the Comptroller of Currency (OCC), the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), and the Internal Revenue Service (IRS). The report suggests that DOJ works and shares information with these agencies when investigating criminal conduct or to generate leads. FinCEN, SEC, and OFAC are particularly active in the virtual currency space and have coordinated with DOJ regularly in the past. DOJ will certainly continue coordinating with these agencies, including by using parallel criminal actions when the relevant regulatory agency pursues administrative or civil actions—a strategy DOJ says will “maximize its impact in investigating, dismantling, and deterring criminal activity.”

Given the DOJ’s reliance upon the potentially shifting landscape of financial regulations, cryptocurrency-based financial institutions must re-examine compliance determinations on at least an annual basis and be hyper-vigilant in examining the impact a new financial service, customer-base, or process has on their regulatory requirements.

Conclusion

When read in conjunction with the BitMEX indictment, the report is a sober reminder of the importance of building out anti-money laundering compliance practices within virtual currency companies in order to meet not just the expectations of financial regulators, but to avoid the risk of civil or criminal enforcement action by DOJ. The report signals DOJ’s intent to better coordinate with other federal agencies, and take a more assertive stance regulating virtual currencies, including by using a failure to comply with regulatory requirements as a sword to prosecute bad or negligent actors.

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Nicole Argentieri, an O’Melveny partner licensed to practice law in New York, David L. Kirman, an O’Melveny partner licensed to practice law in California, Laurel Loomis Rimon, an O’Melveny partner licensed to practice law in California and the District of Columbia, Eric Sibbitt, an O’Melveny partner licensed to practice law in California and New York, Damali A. Taylor, an O’Melveny partner licensed to practice law in California and New York, Braddock Stevenson, an O’Melveny counsel licensed to practice law in New Jersey and New York, Alex Duran, an O’Melveny associate licensed to practice law in California, and Ben Seelig, an O’Melveny associate licensed to practice law in California, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2020 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.