The Attorney General’s Cyber-Digital Task Force (Task Force) issued a report on October 8, 2020, which outlines the Task Force’s proposed Cryptocurrency Enforcement Framework (Framework).1 The comprehensive Framework—which follows the Task Force’s 2018 report on cyber crime (2018 Report)2—indicates that the Department of Justice (Department) is likely to take an aggressive but well-informed approach toward abusive cryptocurrency activity in the near future. In the Framework, the Task Force: identifies legitimate and illicit uses of cryptocurrencies; describes existing tools federal prosecutors and civil enforcement authorities have used to address those illicit uses; and provides the views of the Task Force as to how private industry, the Department, and other state and federal agencies can more effectively mitigate the risks posed by the use of cryptocurrency. Importantly, in the Framework, the Task Force recognizes that the technology underlying cryptocurrencies “raises breathtaking possibilities for human flourishing” and will be “central” to the development of the Internet in the future. The Framework suggests that the Department is focused not on prohibiting such technologies, but rather on “ensur[ing] cryptocurrency is not used as a platform for illegality.” The Framework expresses the Department’s view that, “for cryptocurrency to realize its truly transformative potential,” national, federal and state governments, as well as other stakeholders, must take coordinated action to mitigate harmful uses of this technology.
The Task Force was established by Attorney General Barr in February 2018, and consists of officials in the Department’s Criminal Division, National Security Division, Office of Legal Policy and the FBI. The members of the Task Force operate with the support of professionals throughout the Department, including from the Money Laundering and Asset Recovery Section and the Computer Crime and Intellectual Property Section.
The Attorney General formed the Task Force to study how the Department responds to cyber threats, and to make recommendations about how “federal law enforcement [can] more effectively accomplish its mission” to curb those threats. Two years prior to the Framework, the 2018 Report addressed the impact of information technology developments on the Department’s ability to carry out its law enforcement mission.
The 2018 Report addressed (among other matters): foreign actors’ use of technology to influence U.S. elections; the increasingly sophisticated methods used by criminals to perpetrate crimes and evade detection by law enforcement; the Department’s efforts to remedy illicit uses of technology; and the Department’s efforts to train law enforcement personnel to address emerging threats. Its discussion of cryptocurrencies in particular was largely confined to the Digital Currency Initiative established by the Department’s Money Laundering and Asset Recovery Section, which was focused on “providing support and guidance to investigators, prosecutors, and other governmental agencies on cryptocurrency prosecutions and forfeitures.” The 2018 Report also noted that “the Department should continue evaluating the emerging threats posed by rapidly developing cryptocurrencies that malicious cyber actors often use.”
The Department’s Responses to Existing Threats Posed by the Use of Cryptocurrencies
The Framework shows the results of these further efforts. Unlike the 2018 Report, which addressed cyber crime generally, the Framework addresses the use and regulation of cryptocurrencies and blockchain technology in particular.
As noted in the Framework, the relative anonymity of cryptocurrency networks, as compared to traditional systems for transmitting fiat currencies, has made cryptocurrencies an attractive medium of exchange for use by criminals in connection with, for example, ransomware attacks, the proliferation of child sexual exploitation material and terrorism financing. For similar reasons, the Task Force reports that cryptocurrencies are commonly used by: drug cartels; weapons traffickers; darknet marketplaces; and individuals subject to financial sanctions. The Framework notes that, in addition to using cryptocurrencies in the commission of crimes, cryptocurrencies themselves often are “particularly attractive, adaptable, and scalable as a target for theft” and, furthermore, a useful tool for tax evasion, due to the nature of decentralized networks and associated cryptographic keys.
Under current law, the Department has used various existing tools for prosecuting these criminal activities, including existing federal statutes that prohibit: wire fraud, securities fraud, access device fraud, identity theft and illicit computer access; and trafficking in narcotics, weapons and child sexual exploitation material. The Framework further notes that illicit use of cryptocurrencies may be prohibited by international and domestic regulation beyond the criminal code, including, for example, financial sanctions, anti-money laundering and tax laws. The Department’s efforts to improve its effectiveness in investigating and prosecuting these criminal activities have focused primarily on: educating federal enforcement personnel on investigative techniques for uncovering cryptocurrency crime; and working with civil enforcement agencies, state governments and international criminal law enforcement partners to assist in the prosecution of more sophisticated and increasingly global criminal activity.3
The Framework also highlights the Department’s views on the importance of compliance with the Bank Secrecy Act, as well as federal and state laws prohibiting the operation of unlicensed money services businesses (MSBs) by cryptocurrency market participants. The Framework notes that MSBs have “heightened responsibility to safeguard their platforms and businesses from exploitation by nefarious actors and to ensure that customer data is protected and secured,” and that “the proper collection and maintenance of customer and transactional information by MSBs ... is crucial to the Department’s ability to identify illicit actors, investigate criminal activity, and obtain evidence necessary for prosecutions.” The Department has coordinated closely with the Financial Crimes Enforcement Network (FinCEN) to police compliance with these laws, which apply when a cryptocurrency service provider (referred to in the Framework as a virtual asset service provider, or VASP) is transacting with U.S. persons, regardless of whether the VASP (for example, a cryptocurrency exchange) is located in or outside of the United States and regardless of whether the VASP also transacts in fiat currencies.
Following the discussion of the Department’s past enforcement efforts and existing enforcement authorities, the Framework identifies several ongoing challenges presented by emerging cryptocurrency markets and technologies, as well as strategies for improved effectiveness in its law enforcement mission.
Areas of particular concern for the Task Force are: the increasing use of: anonymity enhanced cryptocurrencies (AECs) and strategies for obfuscating the source or owner of particular units of cryptocurrency (including mixing, tumbling and “chain hopping”). The Framework cautions VASPs that the provision of services related to AECs should be considered a “high-risk activity that is indicative of possible criminal conduct,” and reminds VASPs they are required to implement and maintain appropriate risk-based policies and procedures in accordance with the Bank Secrecy Act state money transmission business licensing laws, and anti-money laundering requirements. While the Framework’s comments about the potential for illicit use of AECs or other technologies and services that enhance privacy in the cryptocurrency space may be concerning to some privacy-focused cryptocurrency market participants, the Framework is clear that the Department is focused on ensuring compliance with generally applicable anti-fraud and financial recordkeeping laws, and not on prohibiting the development of new technologies or services.
The Framework does not propose any legislative initiatives or regulatory actions. Instead, its discussion about approaches for improving the Department’s law enforcement capabilities are primarily concerned with developing: strategic guidance on the use of existing legal tools; improved interagency and intergovernmental coordination; and improved cooperation with the private sector. Noting that conflicting approaches of the federal and state governments has contributed to regulatory uncertainty for certain cryptocurrency market participants, the Framework encourages agencies within the Department to “communicate and coordinate with State financial and banking authorities that regulate money transmitters ... to prevent conflicts and duplication of efforts in money laundering prosecutions.” The Framework suggests that the Department is open to further engagement with cryptocurrency-focused financial institutions, traditional financial institutions and the “actual community of cryptocurrency users” to coordinate on further policy development.
Over the past several years, market participants and legislators have advocated for the passage of a new regulatory framework specifically directed at the cryptocurrency market. Those efforts generally have been unsuccessful, however, existing statutory and regulatory frameworks in the area of securities, commodities and banking regulation have proven to be relatively flexible in adapting to new technological developments. The Framework demonstrates that existing criminal law and enforcement policies are similarly flexible, and issues arising from new technological developments can be effectively addressed through intergovernmental and public-private cooperation. Although the Framework does not represent a definitive set of rules of the road for the cryptocurrency market, it signals that the Department is focusing on priorities that will promote the development of cryptocurrency technology, by enforcing criminal law to promote the safety and security of cryptocurrency and, hopefully, promote its use as a medium of exchange in compliance with applicable law.