A US Department of Justice ("DOJ") report issued on October 8, 2020, provides a comprehensive presentation on the trending spectrum of crimes involving virtual currencies. It also signals that DOJ intends to take an aggressive enforcement approach to virtual currencies, pursuing anonymity-based activities and compliance with anti-money laundering ("AML") law. The DOJ Cyber-Digital Task Force, established in 2018, issued guidance in a web-based PDF, see, Cryptocurrency: An Enforcement Framework ('the Framework"). It warns that cryptocurrency, coupled with the Web3.0, pose a criminal and national security threat to the United States. The Framework examines the DOJ's role in prosecuting related misconduct, including applicable federal statutes, key partnerships, and enforcement challenges.

The Framework was issued mere days after the DOJ announced the criminal indictment of the founders and executives of the Bitcoin Mercantile Exchange (BitMEX). On October 1, 2020, the SDNY announced money laundering charges and Bank Secrecy Act violations, the DOJ issued an indictment, and the Commodity Futures Trading Commission ("CFTC") brought a civil enforcement action against BitMEX, claiming that they are operating an unregistered trading platform and violating AML, KYC, and other CFTC regulations. See our article on decentralized finance and the need for regulatory clarity and smarter compliance.

While the Framework offers nothing of a groundbreaking nature, these actions serve notice to offshore cryptocurrency exchanges and money services businesses ("MSB"s) operating outside of the reach of US authorities that US law enforcement agencies have a strong and long enforcement arm. The Framework provides key insights. The DOJ is focused on the abuse of cryptocurrency to finance traditional criminal activity, including terrorism, narcotics activity, and money laundering. According to the DOJ, anonymous and decentralized transactions facilitates criminal activity. We urge platforms and providers that deal in cryptocurrency to pay particular attention to their regulatory obligations. The Framework suggests that DOJ will work and collaborate with other financial regulators (e.g., BitMEX) to hold accountable virtual currency-based businesses for their Customer Due Diligence ("CDD") obligations and suspicious ("SAR"). Businesses need to determine their status as an MSB and the regulatory requirements. Additionally, per BitMEX, businesses must implement and maintain AML policies and procedures.

Statutes that can target bad crypto actors

There are a number of Federal statutes which address the prosecution of darknet and web3-crypto-related crimes, including charges for wire/mail fraud, securities, access device fraud, identity theft/fraud, fraud/intrusion in connection with computers, money laundering, tax evasion, failure to comply with Bank Secrecy Act requirements, and the operation of unlicensed money transmitting businesses. Criminal and civil forfeiture of cryptocurrency and other assets is typically sought in cases involving state actors and terrorist organizations. In fact, under some civil forfeiture laws, US authorities can seize assets even where there are no criminal charges filed or pending or where a defendant may be difficult to prosecute.

The Framework emphasizes the use of AML statutes to address cryptocurrency crimes, explaining that the DOJ "can bring to bear a wide variety of money laundering charges in cases involving misuse of cryptocurrency." See, Framework page 33 et seq. Money laundering is identified as one of the most significant risks for cryptocurrency due to the "the explosion of online marketplaces and exchanges that use cryptocurrency," which provide criminals with the ability to "move vast sums of money efficiently across borders" while "cover[ing] their financial footprints and to enjoy the benefits of their illegitimate earnings."

The Framework alerts businesses that issuers, exchangers, and brokers of digital assets are considered to be MSBs subject to AML and "know your customer" (KYC) requirements and that such companies/individuals are subject to oversight by the Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) and need to maintain relevant transactional information. The DOJ message is that exchanges should take seriously their legal and regulatory obligations to protect users and to safeguard potential evidence in criminal or national security investigations. The DOJ states that it will take action if an exchange breaches these obligations. The ongoing BitMEX case we discussed earlier will serve as an informative test case.

Partnership between regulators

The Framework restates that the DOJ works with multiple federal regulators and enforcement agencies, including the US Securities and Exchange Commission (SEC), the CFTC, the IRS, FinCEN, and the Office of Foreign Assets Control. The BitMEX prosecutions are the most recent example of the DOJ's cross-agency collaborations. As mentioned on October 1, 2020, both the DOJ and the CFTC filed actions against BitMEX. The DOJ is also working with foreign regulators through the Financial Action Task Force (FATF), an intergovernmental organization implementing legal, regulatory, and operational measures for combating threats to the international financial system. The US is a founding member of the FATF, made it a priority to regulate AML and virtual currencies to combat the financing of terrorism.

Challenges to enforcement

The crypto and virtual currency world have become a part of the global financial system, and as such, transactional data monitoring and analytics are needed to discover and address bad actors. There is no doubt that the ability to identify and investigate crypto and virtual currency crime increasingly is a basic requirement for national and international law enforcement agencies. Even more so, it is important to store and share the transactional data, as the analysis of cryptocurrency crimes is particularly difficult and sometimes impossible to investigate. Until then, the DOJ acknowledges several significant crypto-related enforcement challenges. First and foremost is geography. The Framework points to industry participants that engage in "jurisdictional arbitrage," i.e., operating from regulation lax jurisdictions. Similar to global privacy regulations, inconsistency in crypto regulations are detrimental to the international financial system. It impedes law enforcement's ability to investigate and prosecute criminal activity involving crypto and digital assets. The BitMEX filings, for example, allege that the defendants took steps designed to exempt BitMEX from the application of US AML and KYC laws. The company was incorporated in the Seychelles, a jurisdiction with lax regulation. In addition to geographic hurdles, the DOJ must overcome the challenges posed by anonymity mechanisms baked into the technology. Finally, there are mechanisms that disguise and conceal cryptocurrency transactions, which make it difficult to track and trace assets. So-called "mixers" and "tumblers" are entities intended to obfuscate the owner of cryptocurrency by co-mingling the cryptocurrency of several users prior to delivery. The DOJ notes that companies offering mixing or tumbling services are engaged in money transmission, and therefore are MSBs subject to AML and similar requirements.

The Framework is a message that US law enforcement will increase as the use of cryptocurrency and virtual currencies increases. In summary, it is incumbent on all developing cryptocurrency, virtual currencies, and decentralized finance applications to engage and follow the changes taking place in the legislative and regulatory landscape. It is prudent to retain compliance counsel from firms like Withersworldwide else they will find themselves on the wrong side of enforcement actions and criminal actions like those experienced by BitMEX.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.