The U.S. Department of Justice (“DOJ”) recently released a publication titled, “Cryptocurrency: An Enforcement Framework,” (“Framework”). The Framework discusses emerging threats and challenges associated with cryptocurrencies. Formed in 2018, the DOJ’s Cyber-Digital Task Force designed the Framework to highlight the progress the DOJ has made with other domestic and international regulatory authorities and detail previous enforcement actions taken against illicit actors.
The Framework describes a tug-of-war between the need for legal enforcement against illicit cryptocurrency activities while recognizing how blockchain technology and cryptocurrencies are changing the world. The Framework’s overall focus however is centered around illicit activities that the DOJ and other enforcement agencies have prosecuted. The Framework is divided into three parts.
Part I
Part I of the Framework begins with discussing distinctions between cryptocurrency and “traditional currency” while detailing how cryptocurrencies operate and function. Specifically, the Framework discusses inherent features such as decentralization and anonymity that present unique regulatory challenges. The Framework balances these challenges in discussing legitimate uses for cryptocurrencies such as the facilitation of micro-payments and minimizing transaction costs on a global scale. While Part I does an elaborate job of describing various illicit centered around cryptocurrency, it doesn’t spend more than a page discussing legitimate uses. This does little to change the widespread perception that U.S. regulators are primarily averse to cryptocurrency.
The report identifies three categories of illicit cryptocurrency usage: (1) financial transactions associated with the commission of crimes, such as buying and selling drugs or weapons on the dark web, leasing servers to commit cybercrime, or soliciting funds to support terrorist activity; (2) money laundering and unlawfully shielding legitimate activity from taxes, reporting obligations, or other legal requirements; or (3) crimes directly implicating the cryptocurrency marketplace, such as stealing cryptocurrency from exchanges through hacking, or defrauding investors through the use or promise of cryptocurrency.
The infamous Silk Road case is a prime example that fits into the categories described. In February of 2011, Ross Ulbricht founded the website “Silk Road.” The website was an online marketplace where people were able to buy and sell narcotics and other illicit items. Bitcoin was the primary payment method used on the site as no ID, bank account, social security number or name are required to maintain a Bitcoin wallet address. By 2013, the U.S. government caught wind of the site’s swelling popularity. Ross was arrested in October of 2013 and was indicted on charges of narcotics conspiracy, money laundering and solicitation of murder for hire. The case was one of the first instances where cryptocurrencies were utilized to facilitate widespread illicit activity and showcased the U.S. government’s regulatory authority to combat it. Ross made no attempts to verify user identities and facilitated the laundering of money between parties, making the government’s case against him all the easier. The Silk Road saga also provided an example of how cryptocurrencies can work in the real world by showing that a decentralized currency can indeed transfer value between people in a global marketplace.
Part II
Part II of the Framework provides an overview of the legal authorities the DOJ uses to prosecute those who misuse cryptocurrency and describes the roles and responsibilities of the DOJ’s various enforcement partners such as such as the Securities and Exchange Commission (“SEC”), Commodity Futures Trading Commission (“CFTC”), and Department of the Treasury components including the Financial Crimes Enforcement Network (“FinCEN”), Office of Foreign Assets Control (“OFAC”), Office of Comptroller of the Currency (“OCC”), and the Internal Revenue Service (“IRS”). The section lists crimes such as money laundering (18 U.S.C. § 1956 et seq), failure to comply with the Bank Secrecy Act requirements (31 U.S.C. § 5331 et seq.) and fraud and intrusions in connection with computers, (18 U.S.C. § 1030.) among others.
The section also details various actions enforcement agencies have taken in regard to cryptocurrencies such as the infamous SEC v. Telegram Group Inc., case (No. 19-cv-09439-PKC, 2020 WL 1430035). Overall, the section details important milestones that the agencies have collectively achieved and includes significant indictments and disgorgement of billions of dollars in ill-gotten gains.
Part II does a fairly well job of detailing illicit cryptocurrency cases against various actors. In addition, the section details various criminal code authorities used by the DOJ. Lawyers and organizations that are operating in the cryptocurrency space would be wise to read and understand these authorities to fully understand the consequences of not being in compliance with U.S. law. The section also provides what specific actions law enforcement agencies take and serves as a general reference for what regulatory agency cryptocurrency actors can anticipate working with depending on nature of their business.
Part III
The Framework’s third section details challenges the government faces in cryptocurrency enforcement as well as the DOJ’s ongoing strategies for addressing these challenges. It describes facets of various cryptocurrency businesses such as exchanges, kiosks and mixers that could facilitate criminal activity. Among other cases, the report cites the BTC-e case from 2017. BTC-e received more than $4 billion worth of bitcoin over the course of its operation. According to the indictment, to appeal to criminals as a customer base, BTC-e did not require users to validate their identities, obscured and anonymized transactions and sources of funds, and lacked appropriate anti-money laundering processes. As a result, The Department of Justice filed criminal charges, and the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) assessed a $110 million civil penalty against the exchange for willfully violating U.S. anti-money laundering laws, and a $12 million penalty against the exchange’s operator personally. Much like Silk Road, BTC-e did not verify its users’ identities. While Silk Road was primarily used for illicit activities, it doesn’t change the expectation that cryptocurrency-based exchanges and marketplaces need to have identity verification for its users among other compliance measures.
Part III also discusses various business models and activity that could facilitate criminal activity but offers little regulatory clarity that the industry desires. For instance, what would the tax implications be for a Money Service Business (MSB) that operate with cryptocurrencies? Would a company that creates non-fungible tokens for users be legally liable if the user sells them on a third-party marketplace? These are just a few of the questions that businesses in the cryptocurrency space have without a clear answer from regulators. However, the section’s conclusion offers hope that the DOJ and other regulatory authorities will foster cooperation with the federal government to develop comprehensive and consistent regulation.
Overall, the Framework attempts to strike a balance between the need for enforcement of illegal activities while recognizing how blockchain technology and cryptocurrencies are changing the world. The Framework serves as a reminder for businesses across the U.S. that regulators will continue to come down on illicit activity centered around cryptocurrencies.