December brings flurry of Treasury activity against virtual currency services

In the final days of November, the US Department of the Treasury decisively reasserted its intention to enforce the provisions of the Bank Secrecy Act, anti-money laundering (AML) requirements, and economic sanctions targeting the virtual currency sector and associated decentralized finance (Defi) and blockchain actors.  We can expect to see more sanctions designations by Treasury, settlement agreements with sanctions violators, and Department of Justice-led prosecutions.

On November 28, Treasury sent a letter to Congress pressing for broader authority to regulate virtual currency services including decentralized finance (Defi) services and blockchain utility providers such as validators.

The next day, Treasury announced new sanctions against virtual currency mixing service Sinbad.io. Later that same day, Deputy Treasury Secretary Wally Adeyemo delivered remarks at the Blockchain Association’s 2023 Policy Summit calling for enhanced AML and sanctions authorities to address blockchain and digital asset-based risks.

These moves follow on the heels of a significant Notice of Proposed Rulemaking in October that would deploy Treasury’s “special measures” authority under the PATRIOT Act to designate mixers and mixing activity as a “primary money laundering concern” and require financial institutions to essentially report all transactions with mixers and involving mixing activity.

Together, these actions signal an eventful 2024 for industry, including:

• Significant collaboration and information sharing among US and international financial intelligence units
  
  
• A focus on compliance
  
  
• A carrot-and-stick approach welcoming industry partnership while making clear that violators, especially repeat violators or those connected to terrorist financing or rogue states, will be held to account

Treasury letter asks for greater authority

Starting on November 28, Treasury began its campaign with a letter to Senate Banking Chair Sherrod Brown and House Financial Services Chart Patrick McHenry, among others, to provide new legislation authorizing Treasury to pursue virtual currency platforms that cater to terrorists, transnational criminals, and rogue states.

The letter included a term sheet with legislative proposals that, according to secondary sources, would provide (a) explicit authority to impose BSA/AML obligations on numerous additional entities, including certain validators and DeFi operators; (b) powerful “secondary sanctions” authority with respect to virtual asset services providers that assist sanctioned entities even if there is no US nexus; and (c) sanctions authority over correspondent bank accounts and “payable through” accounts that clear in USD to the digital asset world.

Secondary sanctions would allow Treasury to target non-US persons with no touch points to the US, including those who do not use US banks, the US dollar, or have US clients and/or service providers.  These sanctions are deployed to address US national security threats that are deemed the most severe.

Critics took aim at the letter’s suggestion of expanded extraterritorial jurisdiction to regulate transactions in US dollar-backed stablecoins, which Treasury likely views as equivalent to its authority to regulate US dollar transactions through correspondent or payable through accounts. In the critics’ view, regulating transactions in other countries merely because they are denominated in US dollars would be an unprecedented overreach with the risk of geopolitical blowback.

On the other hand, these expanded authorities recognize that terrorist groups and malign regimes have been using virtual currencies to sponsor terrorism and engage in destabilizing activities that threaten the US and its allies and partners. The proposed authorities force actors in these sectors to consider risks and think creatively about robust controls, a government engagement and collaboration strategy, and perhaps even turning away certain business.

Sanctions against yet another mixing service

Treasury followed up its letter to Congress by announcing sanctions against a virtual currency mixing service the next day. According to the press release, the virtual currency mixing service Sinbad.io processed millions of dollars of virtual currency from the OFAC-designated Lazarus Group, which Treasury identified as North Korea’s state-sponsored cyber hacking organization. Sinbad is a Bitcoin-based protocol that obfuscates the origin, destination, and transacting parties of Bitcoin transfers. Treasury allegedly tracked proceeds from several high-profile hacks through the Sinbad protocol including the various well-known heists and hacks totaling more than $800 million and further accused the protocol of offering its services to cybercriminals attempting to traffic illicit drugs and other materials.

Sinbad is now designated on OFAC’s Specially Designated Nationals (SDN) list and, as a result, any property of Sinbad that is in the US or in the control of US person must be immediately blocked and reported to OFAC. US persons and anyone located within the US are also prohibited from dealing with Sinbad including, most importantly, through using its protocol.

Sinbad is the third virtual currency mixing service to wind up on the SDN list, joining Blender.io and Tornado Cash, the founders of which were indicted in August. Treasury has also worked with DOJ to takedown several other mixers since last year. 

Adeyemo makes his case to industry

Within hours of sanctioning Sinbad under Treasury’s existing authority, Deputy Secretary Adeyemo was making the case for greater authority to a group of crypto industry natives at the Blockchain Association’s 2023 Policy Summit. Though he praised the industry’s appetite for innovation and “the tremendous opportunity digital assets present to promote innovation that helps us reimagine commerce,” he simultaneously warned of the risk that digital assets could be used by “transnational criminal organizations, terrorists, and rogue states.” Adeyemo expressed disappointment that “too many” in the industry had not taken up responsibility to “prevent illicit activity.” To this end, Adeyemo offered both a carrot and a stick - he welcomed engagement by industry, calling for “a shared commitment” to address the challenge of illicit activity but also warned criminals and those who turn a blind eye to criminal activity: “We will find you and hold you accountable,” specifically calling out Sinbad as an example. 

Adeyemo identified two features of virtual currency that, in his view, make them especially attractive to illicit actors: first, he likened blockchain’s new technology to early social media through which terrorist groups could spread their ideologies more quickly than ever before. Secondly, he attributed this to a lack of regulation, which may translate to vulnerability in the virtual currency space as well.

To address these risks, Adeyemo proposed deeper collaboration between industry and government and specifically invited “new tools that help prevent money laundering while continuing to provide legitimate protections to individuals.” He also previewed Treasury’s development of “new sanctions tools,” though in this case “tools” clearly meant new regulatory authority, not software. Adeyemo alluded to his letter to Congress requesting legislation creating a “secondary sanction regime” that would “cut off a firm from the U.S. financial system” if it was found doing business with sanctioned entities. He also called for updates to outdated finance laws and appeared to suggest greater scrutiny for US Dollar-backed stable coins.

Reminding his audience that “the seat belt and air bag did not squelch Henry Ford’s innovation,” Adeyemo ended his speech with a prediction that a regulatory environment that stops terrorists, criminal organizations, and rogue states would “help legitimate firms thrive in the long term.”

Key themes emerge

These developments are a grand finale in a year marked by Treasury’s decisive steps to regulate digital asset activity in the US and abroad. Starting in January 2023, Treasury used its special measures authority under the PATRIOT Act to prevent transactions with cryptocurrency exchange, Bitzlato, in coordination with DOJ’s charges against the founder. 

In October, Treasury proposed rules requiring reporting of any virtual currency transactions involving mixers or mixing activity, and later targeted Gaza-based centralized exchange BuyCash. Then, last month, Treasury announced new international task forces focused on counter terrorist financing and counter-fentanyl trafficking, both of which Treasury has associated with virtual currency transactions.

Just last week, on December 6, the former Bitzlato founder pled guilty to operating an unlicensed money transmission business, and DOJ specifically called out the exchange’s compliance failures citing its “deficient know-your-customer (KYC) procedures” that caused Bitzlato to become “a haven for criminal proceeds and funds intended for use in criminal activity.” 

As we enter 2024, industry participants should be mindful about Treasury’s emerging strategy to protect the US financial system and its national security from bad actors by sanctioning individuals and entities that directly facilitate illicit finance, encouraging engagement by entities that wish to promote compliance, pursuing enforcement actions against entities that fail to take compliance seriously, and using these actions to bolster the case for broader authority from Congress.