October 09, 2020
by Steven D. Feldman, Matthew B. Comstock

On October 8, 2020, the U.S. Department of Justice (“DOJ”) announced the release of its 83-page task force report, Cryptocurrency: An Enforcement Framework (the “Framework”). Produced by the Attorney General’s Cyber-Digital Task Force, the Framework is divided into three parts with a conclusion. It provides an overview of threats and enforcement challenges associated with the increasing use of cryptocurrency; enumerates the criminal and civil statutes and regulatory framework used to investigate and regulate illegal crypto-related activities; and outlines ongoing challenges for businesses involved with cryptocurrency, and future strategies for investigating and prosecuting crypto involved crimes. It emphasizes anecdotal evidence of specific instances of criminal activity involving cryptocurrencies, such as utilization by terrorist organizations, to warn of a potential “oncoming storm” of crimes perpetrated with the help of cryptocurrencies. This skewed emphasis should give the industry some concern.

The report seeks to provide a cohesive framework to understand federal regulatory and law enforcement priorities in this space. It asserts that criminals are using cryptocurrency to try to prevent law enforcement from following the money in investigations, and to facilitate trade in illicit goods such as criminal tools sold on the dark web. By way of example, it emphasizes that cyber criminals behind ransomware attacks often use cryptocurrency to try to hide their true identities when acquiring malware and infrastructure, and receiving ransom payments.  In response, the Government claims that it is innovating to keep pace with the evolution of criminals' use of cryptocurrency. The Framework also purports to provide businesses and the public with information intended to help them understand and comply with their obligations under the legal regimes that govern.

In Part I, the Framework provides a detailed threat overview, cataloging the three categories into which most illicit uses of cryptocurrency typically fall: (1) financial transactions associated with the commission of crimes; (2) money laundering and the shielding of legitimate activity from tax, reporting, or other legal requirements; and (3) crimes, such as theft, directly implicating the cryptocurrency marketplace itself. Part II explores legal and regulatory tools utilized by the Government to investigate and prosecute activities related to the use of cryptocurrency by enumerating the criminal and civil statutes and regulatory framework that govern illegal crypto-related activities.

Finally, the Framework concludes in Part III with a discussion of the ongoing challenges the Government faces in cryptocurrency enforcement—particularly with respect to business models (employed by certain cryptocurrency exchanges, platforms, kiosks, and casinos), and to activity (like “mixing” and “tumbling,” “chain hopping,” and certain instances of jurisdictional arbitrage) that may facilitate criminal activity. It notes that DOJ will consider legislative proposals to close any existing gaps in its enforcement authority.  In addition, the Framework emphasizes that effective regulation and policing of cryptocurrency activity requires close cooperation between the public and private sectors whenever possible including through direct engagement with the companies that operate in the virtual asset space; with the banks and financial institutions that may be affected by virtual asset regulation; and with the community of cryptocurrency users.

In its conclusion, the Framework emphasizes the potential for wrongdoing by bad actors who utilize cryptocurrencies in aid of nefarious activities.  It asserts that “[e]very day, criminals expand and perfect techniques designed to evade detection and apprehension,” and hypothesizes that “illicit uses of cryptocurrency threaten not just public safety, but national security.” It emphasizes that cryptocurrency could provide terrorist organizations a tool to circumvent traditional financial institutions in order to obtain, transfer, and use funds to advance their missions. It warns that current terrorist use of cryptocurrency “may represent the first raindrops of an oncoming storm of expanded use that could challenge the ability of the United States and its allies to disrupt financial resources that would enable terrorist organizations to more successfully execute their deadly missions or to expand their influence.”  Yet it also acknowledges elsewhere in the Framework that “public data on terrorist use of cryptocurrency is limited,” and fails to provide any context for the pervasiveness of such terrorist conduct.

Similarly, it claims that cryptocurrency “presents a troubling new opportunity for individuals and rogue states to avoid international sanctions and to undermine traditional financial markets, thereby harming the interests” of the U.S. and its allies. It likewise provides no context to understand the pervasiveness of sanctions-busting transactions compared to the total marketplace of cryptocurrency transactions.

Finally, the Framework concludes with DOJ’s assurance that it has and will continue to aggressively investigate and prosecute malign actors who use cryptocurrencies to facilitate or to conceal their illicit activities.  It warns that to “promote public safety and protect national security, all stakeholders—from private industry to regulators, elected officials, and individual cryptocurrency users—will need to take steps to ensure cryptocurrency is not used as a platform for illegality.”  Rather, it asserts that “for cryptocurrency to realize its truly transformative potential, it is imperative that these risks be addressed.”

Our Take

DOJ’s Framework de-emphasizes and fails to adequately acknowledge the current market structure in which cryptocurrency transactions occur.  The vast majority of cryptocurrency transactions, whether effected in the United States or abroad, occur on cryptocurrency exchanges and through dealers that are subject to some level of government regulation and supervision.  For example, cryptocurrency exchanges that operate in the United States are “money transmitters” registered with Financial Crimes Enforcement Network (“FinCEN”), subject to the requirements of the Bank Secrecy Act, required to conduct “know-your-customer” reviews of new customers, and must register as money transmitters in each state in which they operate.  Moreover, while terrorists and other criminals undoubtedly use cryptocurrencies for unlawful activity; unlike fiat currency, which can be moved outside of financial institutions; and unlike cash transactions, which can be effected without records; cryptocurrency transactions have to be effected on a blockchain, which creates a permanent transaction record.  Finally, persons and entities who transact in cryptocurrencies often will want to convert their cryptocurrency holdings into fiat currencies.  These conversions necessarily involve a commercial bank, which are heavily regulated.

Importantly, the DOJ has regulatory and enforcement powers with respect to the criminal laws and regulations governing cryptocurrencies, with both domestic and international reach.  Persons and entities who participate in the cryptocurrency industry should recognize that the DOJ seems to have a highly skeptical view of that industry at the moment.