The U.S. Department of Justice (“DOJ”) has focused on cryptocurrency in the last six months, while consumer interest hits all-time highs. The cryptocurrency market is not unlike the cannabis market from several years ago—drawing a wide range of participants with a variety of motives to a rapidly growing and novel space. In this environment, the crypto-curious should keep in mind that transacting with unscrupulous actors can place companies and individuals in the crosshairs of law enforcement. This alert summarizes the most significant developments and highlights from criminal cases by DOJ from the fall of 2020 through the first quarter of 2021.
DOJ’S CRYPTOCURRENCY ENFORCEMENT FRAMEWORK AND AMLA 2020
In October 2020, DOJ released its Cryptocurrency Enforcement Framework (the “Framework”),1 which it developed as part of the Attorney General’s Cyber-Digital Task Force. The Framework contains three sections:2 (1) Threat Overview; (2) Law and Regulations; and (3) Ongoing Challenges and Future Strategies. The first section details the ways in which criminals have used cryptocurrency to fund and facilitate illegal activity, including drug and firearms trafficking, terrorist financing, and other online criminal activity.
The second section explains the existing statutory and regulatory tools that DOJ and others (such as U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”), Office of Foreign Assets Control (“OFAC”), the Securities & Exchange Commission (“SEC”), the Commodity Futures Trading Commission (“CFTC”), and the Internal Revenue Service (“IRS”)) have available to regulate cryptocurrency.
Anti-Money Laundering (“AML”) standards under the Bank Secrecy Act3 (“BSA”) must be considered in assessing cryptocurrency risks, as all financial institutions and money services businesses (“MSBs”)—including those that conduct business in virtual currency—are required establish an AML program. In short, a program must be reasonably designed to prevent money laundering and terrorist financing, including monitoring transactions for suspicious activity and reporting suspicious transactions to relevant regulators through Suspicious Activity Reports (“SARs”). The AML program obligations extend to all MSBs, which are defined as entities that do business “wholly or in substantial part” within the United States, irrespective of whether the entity is based in the United States.4
The third and final section of the Framework discusses challenges and strategies for law enforcement in prosecuting criminals. Although cryptocurrency presents challenges because it is decentralized and cross-border, DOJ emphasized that it will prosecute conduct that touches financial data or other computer systems within the United States, even if the actors reside outside the country. The DOJ outlined business models that have high risk profiles but aren’t subject to sufficient controls. These business models include public cryptocurrency exchanges, private peer-to-peer exchanges, and cryptocurrency kiosk operators. All are subject to regulatory requirements and are priority enforcement targets given their past misuse.
Then, in December, Congress passed the Anti-Money Laundering Act of 20205 (“AMLA 2020”), the most significant anti-money laundering statute in nearly two decades, which took effect on January 1, 2021. AMLA 2020 made clear that the Bank Secrecy Act applies to cryptocurrency. Specifically, it expressly expanded the reach of the BSA to businesses engaged in the trade of “value that substitutes for currency,” e.g., cryptocurrency. AMLA 2020’s definition of financial institution also expressly includes virtual currency businesses that essentially serve as money transmitters.
Among other things, AMLA 2020 increases civil and criminal penalties for BSA violations and provides large rewards to an expanded category of whistleblowers who report violations, up to 30% of the amount recovered by the government. The new law also allows nearly anyone with relevant knowledge to become a whistleblower, including compliance personnel or in-house counsel, although this latter category must navigate issues of privilege and confidentiality.