Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 6, the U.S. Treasury Department published a report on illicit finance risks in the decentralized finance (DeFi) sector, building upon Treasury’s other risk assessments, and continuing the work outlined in Executive Order 14067, Ensuring Responsible Development of Digital Assets (covered by InfoBytes here).
Written by Treasury’s Office of Terrorist Financing and Financial Crimes, in consultation with numerous federal agencies, the Illicit Finance Risk Assessment of Decentralized Finance is the first report of its kind in the world. The report explained that, while there is no generally accepted definition of DeFi, the term has broadly referred to virtual asset protocols and services that allow for automated peer-to-peer transactions through the use of blockchain technology. Used by a host of illicit actors to transfer and launder funds, the report found that “the most significant current illicit finance risk in this domain is from DeFi services that are not compliant with existing AML/CFT [anti-money laundering and countering the financing of terrorism] obligations.” These obligations include establishing effective AML programs, assessing illicit finance risks, and reporting suspicious activity, the report said.
The report made several recommendations for strengthening AML/CFT supervision and regulation of DeFi services, such as “closing any identified gaps in the [Bank Secrecy Act (BSA)] to the extent that they allow certain DeFi services to fall outside the scope of the BSA’s definition of financial institutions.” The report also recommended, “when relevant,” the “enforcement of virtual asset activities, including DeFi services, to increase compliance by virtual asset firms with BSA obligations,” and suggested continued research and engagement with the private sector on this subject.
In addition, the report pointed to a lack of implementation of international AML/CFT standards by foreign countries, “which enables illicit actors to use DeFi services with impunity in jurisdictions that lack AML/CFT requirements,” and commented that “poor cybersecurity practices by DeFi services, which enable theft and fraud of consumer assets, also present risks for national security, consumers, and the virtual asset industry.” To address these concerns, the report recommended “stepping up engagements with foreign partners to push for stronger implementation of international AML/CFT standards and advocating for improved cybersecurity practices by virtual asset firms to mitigate these vulnerabilities.” The report seeks input from the public sector to inform next steps.
On March 15, U.S. law enforcement, along with German criminal authorities, disabled a darknet cryptocurrency “mixing” service used to allegedly launder more than $3 billion in cryptocurrency underlying ransomware, darknet market activities, fraud, cryptocurrency heists, hacking schemes, and other activities. According to the DOJ’s announcement, law enforcement agencies seized two domains and back-end servers, as well as more than $46 million in cryptocurrency. The DOJ claimed the mixing service allowed criminals to obfuscate the source of stolen cryptocurrency by commingling users’ cryptocurrency in a way that made it difficult to trace the transactions. In conjunction with the action taken against the mixing service, a Vietnamese national responsible for creating and operating the online infrastructure was charged with money laundering, operating an unlicensed money transmitting business, and identity theft connected to the mixing service. Separate actions have also been taken by German law enforcement authorities, the DOJ said. “Criminals have long sought to launder the proceeds of their illegal activity through various means,” Special Agent in Charge Jacqueline Maguire of the FBI Philadelphia Field Office said in the announcement. “Technology has changed the game, though[.] In response, the FBI continues to evolve in the ways we ‘follow the money’ of illegal enterprise, employing all the tools and techniques at our disposal and drawing on our strong partnerships at home and around the globe.”
On February 24, the Financial Action Task Force (FATF), the international standard-setting body on illicit finance, suspended the Russian Federation’s membership, saying the country’s “actions unacceptably run counter to the FATF core principles aiming to promote security, safety, and the integrity of the global financial system.” This marks the first time the FATF has ever suspended a country from its membership. Despite the suspension, the FATF emphasized that Russia “remains accountable for its obligation to implement the FATF Standards” and “must continue to meet its financial obligations.” According to the statement, the FATF will continue to monitor the situation and will consider whether to lift or modify these restrictions during each of its plenary meetings.
Treasury Secretary Janet Yellen issued a statement following the suspension. Explaining that “FATF members lead the global effort on combatting money laundering and the financing of terrorism and proliferation and members are expected to uphold and promote core principles that safeguard the global financial system,” Yellen stressed that “Russia’s ongoing war undermines the principles of international cooperation and mutual respect that underpin the mandate of the FATF.” She further commented that the “United States commends the FATF’s historic decision to suspend Russia’s membership in the body,” and added that “Russia’s disregard for the sovereignty and territorial integrity of Ukraine is at odds with the FATF’s foundational values of international cooperation and the rule of law. Further, Russia’s dealings with suppliers of last resort such as Iran and North Korea, its government-driven efforts to evade international sanctions and export controls, and other activities … make it a haven for illicit finance—the very thing the FATF works to combat.”
On February 3, Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, met with the Banks Association of Turkey to discuss international sanctions actions against Russia for its war against Ukraine. Nelson highlighted global illicit finance challenges and stressed the importance of addressing weaknesses within the financial system “to root out financial crime, shine light on the financial shadows that illicit actors exploit, and work toward a more equitable and inclusive global economy.” Nelson commented on potential areas for cooperation between Turkish banks and the broader international finance community, pointing to opportunities for the U.S. and Turkey to work together to mitigate anti-money laundering vulnerabilities in the real estate sector. He also focused on Russia’s “abuse of the global financial system to fund” its war in Ukraine as a main factor in international cooperation for preventing Russia from circumventing sanctions and financial controls “in dozens of countries, including [Turkey].” While Nelson recognized Turkey’s reliance on Russian energy and agriculture, he said that “the marked rise over the past year in non-essential Turkish exports or re-exports to Russia makes the Turkish private sector particularly vulnerable to reputational and sanctions risks.” Engaging with sanctioned Russian entities puts Turkish banks and businesses “at risk of sanctions and a potential loss of access to G7 markets and correspondent relationships,” Nelson stressed, calling upon Turkish financial institutions to conduct “enhanced due diligence” in all transactions with Russian entities and individuals—especially within vulnerable sectors.
On February 1, Representative Blaine Luetkemeyer (R-MO) sent a letter to Attorney General Merrick Garland asking for an explanation as to why the DOJ has not complied with a provision in the 2021 National Defense Authorization Act (2021 NDAA), which requires the Department to report metrics on its use of Bank Secrecy Act (BSA) data to the Treasury Department. According to Luetkemeyer, section 6201 of the 2021 NDAA requires the DOJ to also report “on the use of data derived from financial institutions reporting under the [BSA]” in order to increase transparency on the usefulness of BSA data filed with FinCEN from financial institutions and ensure bad actors are not using the U.S. financial system to fund illicit activities.
Specifically, the DOJ is required by the 2021 NDAA to examine how often the reported data contains actionable information, the number of legal entities and individuals identified within the reported data, and information on investigations resulting from the reported data that are conducted by state and federal authorities, the letter said. Citing a Government Accountability Office report (which found that the DOJ’s report failed to “include new statistics on the use and impact of BSA reports, including the summary statistics required under the act”), Luetkemeyer claimed the lack of transparency “begs the question if the burdensome reporting is worthwhile” and prevents “FinCEN and Congress from determining the effectiveness of the U.S. anti-money laundering regime.” Luetkemeyer asked the DOJ for an explanation as to why it failed to provide the required information.
On January 25, FinCEN's acting Deputy Director, Jimmy Kirby, spoke before the Identity Policy Forum regarding digital identity threats, stating that FinCEN is “pragmatically focused” on protecting the U.S. financial system from illicit finance threats. According to Kirby, financial institutions must establish with confidence who their customers are on the front end and throughout the customer relationship. He noted that a failure or security compromise in any step of that process compromises the integrity of customer identity. Kirby also pointed out that security breaches have led to data hacks of centralized repositories of identity-related information, exposing personally identifiable information, and making those data sources less reliable, and that identity-related suspicious activity reports are increasing. Observing such threats, Kirby said that FinCEN designed the Identity Project to achieve three goals, to: (i) learn about financial institutions’ customer identification processes; (ii) quantify process breakdowns, vulnerabilities, and threats; and (iii) identify solutions, including digital identity. Kirby also discussed responsible innovation and emphasized the need to “foster development of infrastructure, information sharing, and standards that will safeguard the future of identity and the financial system.” Regarding expanding partnerships and feedback loops, Kirby said that the public sector must learn from each other, and that FinCEN is “also engaging with other domestic Federal agencies and regulators on digital identity, at FedID and throughout the year.”
On January 25, the Financial Crimes Enforcement Network (FinCEN) issued an alert to financial institutions on potential investments in the U.S. commercial real estate sector by sanctioned Russian elites, oligarchs, their family members, and the entities through which they act. The alert provides a list of possible red flags and typologies regarding attempted sanctions evasion in the commercial real estate sector and emphasizes financial institutions’ Bank Secrecy Act reporting obligations. The alert noted that banks frequently work with market participants who seek financing for commercial real estate projects, and that banks have customer due diligence obligations to verify the beneficial owners of legal entity customers. Specifically, the alert noted that “banks therefore may be in a position to identify and report suspicious activities associated with sanctioned Russian elites and their proxies including [politically exposed persons], among banks’ [commercial real estate]-related customers.” According to FinCEN, the recent alert builds on FinCEN’s March 2022 alert identifying real estate, luxury goods, and other high value assets involving sanctioned Russian and elites, and is the fourth alert issued by FinCEN on potential Russian illicit financial activity since Russia’s invasion of Ukraine in February 2022 (covered by InfoBytes here).
On January 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that Treasury and South Africa’s National Treasury recently formed the U.S. – South Africa Task Force on Combating the Financing of Wildlife Trafficking. According to the announcement, the Task Force will combat illicit finance connected to illegal wildlife trade in three key areas:
- Prioritizing the sharing of financial red flags and indicators connected to wildlife trafficking cases. Specifically, the South African Anti-Money Laundering Integrated Task Force, a public private partnership, will play a key role working in coordination with FinCEN.
- Increasing information sharing between financial intelligence units to support key law enforcement agencies from South Africa and the U.S. This is intended to “bolster law enforcement efforts to use financial investigations to pursue and recover the illicit proceeds of wildlife criminals, especially transnational criminal organizations (TCOs) fueling and benefiting from corruption and the trafficking of, among other things, abalone, rhino horns, pangolins, and elephant ivory.”
- Bringing together government authorities, regulators, law enforcement, and the private sector to enhance controls to combat money laundering and the illicit proceeds connected to drug and wildlife trafficking.
Treasury Secretary Janet L. Yellen emphasized that in order “[t]o protect wildlife populations from further poaching and disrupt the associated illicit trade, we must ‘follow the money’ in the same way we do with other serious crimes.”
On January 18, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act to identify a Hong Kong-registered global virtual currency exchange operating outside of the U.S. as a “primary money laundering concern” in connection with Russian illicit finance. FinCEN announced that the virtual currency exchange offers exchange and peer-to-peer services and “plays a critical role in laundering Convertible Virtual Currency (CVC) by facilitating illicit transactions for ransomware actors operating in Russia.” A FinCEN investigation revealed that the virtual currency exchange facilitated deposits and funds transfers to Russia-affiliated ransomware groups or affiliates, as well as transactions with Russia-connected darknet markets, one of which is currently sanctioned and subject to enforcement actions that have shuttered its operations. The investigation also found that the virtual currency exchange failed to meaningfully implement steps to identify and disrupt the illicit use and abuse of its services, and lacked adequate policies, procedures, or internal controls to combat money laundering and illicit finance.
Recognizing that the virtual currency exchange “poses a global threat by allowing Russian cybercriminals and ransomware actors to launder the proceeds of their theft,” FinCEN acting Director Himamauli Das emphasized that “[a]s criminals and criminal facilitators evolve, so too does our ability to disrupt these networks.” He warned that FinCEN will continue to leverage the full range of its authorities to prohibit these institutions from gaining access to and using the U.S. financial system to support Russian illicit finance. Effective February 1, covered financial institutions are prohibited from engaging in the transmittal of funds from or to the virtual currency exchange, or from or to any account or CVC address administered by or on behalf of the virtual currency exchange. Frequently asked questions on the action are available here.
Concurrently, the DOJ announced that the founder and majority owner of the virtual currency exchange was arrested for his alleged involvement in the transmission of illicit funds. Charged with conducting an unlicensed money transmitting business and processing more than $700 million of illicit funds, the DOJ said the individual allegedly “knowingly allowed [the virtual currency exchange] to become a perceived safe haven for funds used for and resulting from a variety of criminal activities,” and was aware that the virtual currency exchange’s accounts “were rife with illicit activity and that many of its users were registered under others’ identities.” While the virtual currency exchange claimed it did not accept users from the U.S., it allegedly conducted substantial business with U.S.-based customers and advised users that they could transfer funds from U.S. financial institutions.
Deputy Secretary of the Treasury Wally Adeyemo issued a statement following the announcement, noting that the action “is a unique step that has only been taken a handful of times in Treasury’s history for some of the most egregious money laundering cases, and is the first of its kind specifically under new authorities to combat Russian illicit finance.” He reiterated that the action “sends a clear message that we are prepared to take action against any financial institution—including virtual asset service providers—with lax controls against money laundering, terrorist financing, or other illicit finance.”
On December 5, Assistant Secretary for Terrorist Financing and Financial Crimes at the U.S. Department of Treasury Elizabeth Rosenberg outlined key illicit finance risks impacting the broader financial system during the ABA/ABA Financial Crimes Enforcement Conference. Rosenberg noted that for many nations, the illicit finance threat posed by Russia related to its invasion into Ukraine is a top priority. She commented that more than 30 countries immediately implemented sanctions or other economic measures against Russia, and that since then, the U.S. and other countries have created an expansive, multilateral web of restrictions targeting Russia’s ability to fund its war. Rosenberg also recognized that by reassessing their understanding of Russian illicit financial risks and implementing adaptive measures, companies and financial institutions play an important role in providing critical insight into emerging threats. Rosenberg also discussed Treasury’s risk-based approach to crafting policy responses, including those related to beneficial ownership transparency, investment adviser misuse, and the use of residential and commercial real estate to hide and grow illicit funds.
Rosenberg warned, however, that there are challenges in implementing a truly risk-based approach. She pointed to observations made by the Financial Action Task Force, which showed that while many countries and their financial institutions “are keenly aware of where enhanced due diligence is needed,” many “often can not readily identify the inverse: places where simplified due diligence should be expected and permitted.” She cautioned that focusing on high-risk areas rather than lower-risk parts “is not without costs,” and illustrated a common form of de-risking that occurs “when financial institutions categorically cut off relationships or services to avoid perceived risks—for example, certain geographic regions—rather than applying a nuanced, risk-based approach.” Doing so can lead to “deleterious effects,” she warned, such as excluding businesses based on their location or status, or impacting emerging markets that could serve underbanked populations. Rosenberg said Treasury intends to study these concerns through the Anti-Money Laundering Act of 2020, and will develop a strategy for addressing de-risking, including recommendations on ways to improve public-private engagement on the issue, regulatory guidance and adjustments, and international supervision.