Skip to content

Cryptocurrency 101 – DOJ’s New Cryptocurrency Enforcement Framework Provides Guidance and Promises of Heightened Scrutiny of Virtual Assets through Intergovernmental Collaboration

By Ephraim “Fry” Wernick, Branden Stein, and Elizabeth Matthews

On October 8, 2020, the Attorney General’s Cyber-Digital Task Force (“the Task Force”) issued its Cryptocurrency Enforcement Framework (the “Report”), which offers background on virtual assets, enforcement milestones, and plans for increasing scrutiny into the use of cryptocurrency, following the Task Force’s inception in 2018.

While the Report acknowledges the potential utility of blockchain technology—including its applicability to United States defense strategy, food safety, and the Federal Reserve System’s efforts to implement its own digital currency—the Task Force has detected three common illicit uses of cryptocurrency: (1) financial transactions associated with criminal activity, such as terrorism fundraising, exchanging illegal substances, and child exploitation; (2) money laundering and the shielding of legitimate activity from tax, reporting, or other legal requirements; and (3) crimes that directly compromise virtual asset markets themselves (often theft, fraud, and “cryptojacking”)[1].

The Report states that, in cooperation with a number of regulatory bodies, enforcement efforts have focused on money services businesses (“MSBs”) and virtual asset service providers (“VASPs”).  MSBs include currency dealers or exchangers; check cashers; issuers and sellers of traveler’s checks, money orders, or stored value; money transmitters; and the United States Postal Service.  VASPs provide services related to exchanging, transferring, and safekeeping virtual currencies.

The Report also identifies and defines specific business models that may facilitate criminal activities, likely foreshadowing future Department of Justice (“DOJ”) prosecution targets:

  • Cryptocurrency exchanges: entities and individuals that offer cryptocurrency and other virtual asset exchange services to the public, subject to the U.S. Department of the Treasury’s (“Treasury”) Financial Crimes Enforcement Network (“FinCEN”) and Bank Secrecy Act (“BSA”) requirements;
  • Peer-to-peer exchanges and platforms: networks of individuals that facilitate transfers of value for the public, including cryptocurrency, are MSBs and thus subject to FinCEN registration and reporting requirements (such as Suspicious Activity Reports, transaction reports, and customer data collection) under the BSA;
  • Cryptocurrency kiosks: dubbed “Bitcoin ATMs” and considered MSBs subject to the same FinCEN and BSA regulations, these machines allow users to convert fiat currency, “real money,” to and from bitcoin and other cryptocurrencies;
  • Virtual currency casinos: virtual platforms that facilitate betting denominated in bitcoin and other virtual currencies, subject to licensing requirements (when annual gross gaming revenue exceeds $1 million), and sometimes considered MSBs;
  • Anonymity enhanced cryptocurrencies (“AECs”): considered a “high-risk activity” by the DOJ, these currencies use non-public or private blockchains and have been accepted by MSBs and darknet marketplaces. AECs purportedly undermine the anti-money laundering and combating the financing of terrorism (collectively, “AML/CFT”) controls used to detect suspicious activity by MSBs and other financial institutions because they limit or negate an entity’s ability to run AML/CFT checks on customer activity and thereby satisfy BSA requirements;
  • Mixers, tumblers, and chain hopping: entities that mix the cryptocurrency of several users prior to delivery of the units to their ultimate destination to obfuscate the source and owners of cryptocurrency units are MSBs and thus subject to BSA requirements and related international regulations. Individual operators also risk money-laundering liability because these services are specifically designed to obscure the source of money; and
  • Jurisdictional arbitrage and compliance deficiencies: the DOJ has flagged risks associated with illicit financial flows denominated in virtual assets, which include (i) issues of unregulated currency that pools in overseas jurisdictions with nonexistent frameworks to ensure generation and retention of records necessary to support investigations, and (ii) the importance of regulatory collaboration across jurisdictions.

Legal and Regulatory Framework

The government has a growing number of tools to prosecute criminal activity involving virtual assets.  In addition to identifying familiar fraud, AML/CFT and BSA-related charges, and other provisions of the Criminal Code,[2] the Report summarizes the roles of agencies authorized to enforce regulations pertinent to cryptocurrency business models.

FinCEN.  FinCEN primarily administers and implements the BSA, which includes maintaining a database that stores reports of suspected money-laundering transactions.  FinCEN’s relationship with the DOJ centers on crime prevention (via compliance obligations targeting money laundering and terrorism efforts) and investigatory assistance with suspicious activity detected through the mandatory reporting.  If a potential crime is identified, FinCEN will refer matters to DOJ’s Fraud Section, Money Laundering and Asset Forfeiture Section or a local United States Attorney’s Office for criminal investigation and prosecution.  Interestingly, MSBs need not have a physical presence in the United States to be subject to the BSA; an MSB doing business in the United States may trigger BSA requirements.  As a key player in cryptocurrency enforcement, FinCEN’s role suggests that compliant reporting will maximize the efficacy of the BSA database and promote integrity of cryptocurrency markets.

OFAC.  The Treasury’s Office of Foreign Assets Control (“OFAC”) “administers and enforces economic and trade sanctions against targeted foreign countries and regimes; terrorist groups; international narcotics traffickers; those engaged in activities related to the proliferation of weapons of mass destruction; those engaged in malicious cyber activities; and other entities that present threats to the national security, foreign policy, or economy of the United States based on U.S. foreign policy and national security goals.”[3]  Thus, entities that provide or participate in online commerce or process transactions in digital currency must be aware of OFAC sanctions and enact appropriate controls.

OCC.  The Treasury’s Office of the Comptroller of the Currency (“OCC”) is responsible for issuing rules and regulations applicable to banks, as well as imposing corrective measures when banks act illegally or exhibit “unsafe or unsound” practices.  The OCC has confirmed in a July 22, 2020 Interpretive Letter that OCC-governed banks may provide custody services to lawful cryptocurrency businesses, as long as banks engage in proper risk management and regulatory and legal compliance.

SEC.  The Securities and Exchange Commission also plays a critical role in the cryptocurrency space, particularly through the regulation of the “rapid growth of the initial coin offerings (“ICOs”) market and its widespread promotion as a means for new investment opportunity, which has provided fertile ground for malicious actors to swindle investors.”[4]  ICOs promote the sale of digital tokens to raise capital in exchange for funding an entity’s new project or platform.  The Report boasts several enforcement actions made possible through collaboration with the DOJ.

CFTC.  The Commodity Futures Trading Commission (“CFTC”) has statutory authority to regulate certain aspects and uses of virtual assets.  Along with multiple federal courts, the CFTC has found certain virtual currencies to be “commodities” under the Commodities Exchange Act, and thus subject to CFTC oversight.  “CFTC’s jurisdiction is implicated when a virtual currency is the underlying asset in a derivatives contract, or if there is fraud or manipulation involving a virtual currency traded in interstate commerce.”[5]  Successful enforcement actions show examples of fraudulent activity, which include illegal offerings of margined or financed retail virtual currency, fictitious trades on derivatives platforms, and virtual currency Ponzi schemes.

IRS.  The Report also provides a helpful reminder that general tax exposure attaches to virtual currency transactions because the Internal Revenue Service (“IRS”) treats virtual currency as property.  Thus, “[i]ncome, including capital gains, from virtual currency transactions is taxable, and virtual currency transactions themselves must be reported on a taxpayer’s income tax return.”[6]  Failure to accurately report taxable income could therefore also trigger an investigation and potential civil or criminal actions.

The DOJ intends to continue to pursue tax-related prosecutions for failure to report income from virtual currency and assist with “John Doe” summons matters, which are IRS investigations approved by a federal court in order to locate taxpayers who are unknown to the IRS.  In fact, the IRS’s 2020 Draft 1040 adds a line requiring tax payers to answer the question: “At any time during 2020, did you receive, sell, send, exchange, or otherwise acquire any financial interest in any virtual currency?”  In the past, taxpayers had to report their virtual currency activity—or not, and risk receiving a letter from the IRS requesting amended returns that report virtual currency transactions and income.  The 2020 Draft 1040 reflects a more proactive approach to enforcement of virtual currency reporting that likely will result in greater scrutiny of individuals dealing in cryptocurrency and other virtual assets.

State Authorities and International Regulations.  Responsible for protecting the investing public through licensing investment firms, registering securities offerings, and enforcing other state securities and banking laws, state authorities are actively investigating virtual currency activity, mainly issuance and sales of ICOs.  The Report identifies New York as a “proactive” state “seeking to regulate and gather information in the virtual asset and ICO space.”[7]

Internationally, the Financial Action Task Force (“FATF”) serves as “the global standard-setter” for AML/CFT standards.  In June 2019, FATF issued updated Recommendations setting forth a framework of measures that countries should implement to combat money laundering and terrorist financing.  The United States was a founding member in 1989 and served as president from July 2018 to June 2019, during which time it made it a FATF priority to regulate VASPs.

Preparing for Battle with the Underworld

As virtual currency rapidly evolves to apex technological complexity, this framework may appear to be a tangled web of regulatory aspirations arriving too late; however, the Report boasts a number of recent prosecutions that reflect competent enforcement by each of the above authorities.  In addition to the notable changes to IRS Form 1040 referenced above, the indictment earlier this month against John McAfee for alleged tax evasion was a strong signal to the cryptocurrency community that DOJ is serious about enforcement.  McAfee has been a vocal proponent of cryptocurrency and he allegedly earned millions through consulting and other services.

The Report further confirms DOJ’s intention to continue developing strategies to respond to the threat of virtual assets, which include:

  • Committing resources to increase the quality and quantity of investigations and prosecutions;
  • Promoting law enforcement awareness and expertise;
  • Fostering cooperation with state authorities;
  • Enhancing international cooperation and promoting comprehensive and consistent international regulation; and
  • Conducting private sector education and outreach.

The release of the Report by DOJ should send a strong message to all who use cryptocurrency or otherwise service the cryptocurrency market that the government is intent on engaging in much stronger regulation and enforcement in the future.  If you or your company operate in the cryptocurrency space, you would be well-served to carefully review the developing laws and regulations so you can build an adequate compliance framework and respond to potential threats accordingly.

[1] The Report defines “cryptojacking” as “[t]he unauthorized use of someone else’s computer to generate (or ‘mine’) cryptocurrency.” Report at 16.

[2] The Report references several statutes, including: 18 U.S.C. § 1343 (Wire Fraud); 18 U.S.C. § 1341 (Mail Fraud); 15 U.S.C. §§ 78j and 78ff (Securities Fraud); 18 U.S.C. § 1029 (Access Device Fraud); 18 U.S.C. § 1028 (Identity Theft and Fraud); 18 U.S.C. § 1030 (Fraud and Intrusions in Connection with Computers); 18 U.S.C. § 921 et seq. (Illegal Sale and Possession of Firearms); 18 U.S.C. § 2320 (Possession and Distribution of Counterfeit Items); 18 U.S.C. § 2251 et seq. (Child Exploitation Activities); 21 U.S.C. § 841 et seq. (Possession and Distribution of Controlled Substances); 18 U.S.C. § 1956 et seq. (Money Laundering); 18 U.S.C. § 1957 (Transactions Involving Proceeds of Illegal Activity); 18 U.S.C. § 1960 (Operation of an Unlicensed Money Transmitting Business); 31 U.S.C. § 5331 et seq. (Failure to Comply with Bank Secrecy Act Requirements); 18 U.S.C. § 982 and 21 U.S.C. § 853 (Criminal Forfeiture); and 18 U.S.C. § 981 (Civil Forfeiture).

[3] Report at 26.

[4] Id. at 29.

[5] Id. at 32.

[6] Id. at 33.

[7] Report at 34.

This information is provided by Vinson & Elkins LLP for educational and informational purposes only and is not intended, nor should it be construed, as legal advice.