The Department of Justice is aggressively scrutinizing participants in the cryptocurrency markets—including “financial institutions working with cryptocurrency”—to thwart the use of the technology as a vehicle for money laundering and other illegal activity.

Even as cryptocurrency becomes more mainstream, it is the primary demand mechanism for ransomware payments, commonly underpins the operation of illegal or unregistered money services businesses, and is the preferred means of exchange of value on the “dark web” for drugs, weapons, and malware and other hacking tools.

On October 6, the Department of Justice (DOJ) announced the creation of a National Cryptocurrency Enforcement Team (NCET).  According to the DOJ press release, NCET will “tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services [which mix identifiable cryptocurrency funds with others to prevent tracing], and money laundering infrastructure actors.”  NCET will also focus on the recovery of illicit proceeds stashed as cryptocurrency.

The DOJ press release uses particularly ominous sounding language to herald the new unit: “Today we are launching the National Cryptocurrency Enforcement Team to draw on the Department’s cyber and money laundering expertise to strengthen our capacity to dismantle the financial entities that enable criminal actors to flourish—and quite frankly to profit—from abusing cryptocurrency platforms” said Deputy Attorney General Monaco.  “As the technology advances, so too must the Department evolve with it so that we’re poised to root out abuse on these platforms and ensure user confidence in these systems.”

NCET is the Department’s most direct response to date to combatting cryptocurrency as a tool of criminality.  In 2018, the DOJ Criminal Division’s Money Laundering and Asset Recovery Section (MLARS) established a Digital Currency Initiative focused on providing support and guidance to investigators, prosecutors, and other government agencies on cryptocurrency prosecutions and forfeitures, primarily in the form of education and training around the transmission, storage, and functionality of cryptocurrencies.  In October 2020, the DOJ released a Cryptocurrency Enforcement Framework that outlined the potential threats posed by cryptocurrencies and summarized relevant laws and authorities.

Unlike the Initiative and the Framework, which focused on Department-wide educational outreach, NCET’s mandate is to identify and prosecute cryptocurrency cases.  In doing so, NCET will identify areas for increased investigative and prosecutorial focus and develop strategic priorities for cryptocurrency investigations.  Priority targets already identified include the familiar list of bad actors or enterprises in this space:  professional money launderers, ransomware schemes, human traffickers, and narcotics traffickers.  However, NCET has also included “financial institutions working with cryptocurrency” on this list.  The inclusion of financial institutions in a list that otherwise names criminal actors suggests a wariness, if not deep skepticism, at DOJ towards the fundamental legitimacy of cryptocurrency activity.  This is a far cry from the introduction to the Framework, which recognized that distributed ledger technology, the technology underpinning cryptocurrencies, “raises breathtaking possibilities for human flourishing.”

Outside DOJ, other government agencies have also signaled an increased focus on cryptocurrency enforcement.  In September, the SEC issued a Wells notice to a cryptocurrency exchange threatening to sue if the company moved forward with its plans for a cryptocurrency lending program, alleging that it would amount to the sale of unregistered securities.  Weeks later, New Jersey and Texas securities regulators levied the same allegations against an existing cryptocurrency lending program, flagging serious concerns around the lack of oversight of the product and disclosures to its users.  In June, FinCEN included cryptocurrency in its anti-money laundering national priorities and named its first ever Digital Currency Advisor in July.  This year, Florida and Arkansas both updated their state money transmitter regulations to explicitly include cryptocurrency.

Financial institutions can mitigate the regulators’ concerns by updating and enhancing their existing risk-based anti-money laundering (AML) and financial crimes compliance programs to include cryptocurrency monitoring and reporting.  New firms, however, and fintech companies in particular, should consider implementing their own AML and financial crimes compliance programs, including transaction monitoring, customer due diligence, and counterparty screening.  Fintech companies in bank partnerships may rely on their bank partner’s compliance program, but will need to work together with the bank to ensure existing compliance infrastructure sufficiently addresses the risks pertaining to the cryptocurrency products and services the fintech company is offering.