White Collar and Corporate Investigations Alert
On October 8, 2020, the U.S. Attorney General’s Cyber-Digital Task Force released its Cryptocurrency Enforcement Framework. The Framework makes clear that, in addition to prosecuting bad actors who use cryptocurrency to commit crimes, the Department of Justice (“DOJ”) is expanding its focus to other players in the cryptocurrency space who facilitate such conduct. These include exchanges, crypto kiosks, money service businesses, and virtual currency casinos. The Framework puts the cryptocurrency community on notice that the DOJ is focusing enforcement resources on deterring the use of cryptocurrencies to further criminal activity, evade law enforcement, and engage in money laundering. While anti-money laundering (“AML”) compliance in the face of technologically sophisticated bad actors may seem daunting, an effective AML program can help protect businesses and safeguard customers from potential criminal activity.
The Framework sets out to help cryptocurrency businesses and financial institutions (1) understand federal enforcement priorities in this rapidly developing arena and (2) comply with their legal and regulatory obligations. While the DOJ maintains that it is committed to supporting the advancement of legal cryptocurrency usage, the Framework sends the clear message that the DOJ “will not hesitate to enforce the laws that govern these technologies when necessary to protect the public.”
As a brief overview, the Framework: (1) details the threats to the United States and its citizens from illicit cryptocurrency uses; (2) explores the various legal and regulatory tools at the federal government’s disposal to confront these threats; (3) highlights partnerships across federal and international agencies to enforce laws in this space; and (4) discusses the challenges the federal government faces in cryptocurrency enforcement. In its threat overview, the Framework categorizes the most common illicit uses of cryptocurrency as: (1) financial transactions associated with criminal activity; (2) money laundering and the shielding of legitimate activity from tax, reporting, or other legal requirements; and (3) crimes directly implicating the cryptocurrency marketplace itself (such as theft of digital currency).
This alert focuses on the Framework’s discussion of the intersection of AML and cryptocurrency criminal enforcement.
Organizations of all sizes and in all industries should note the gravity with which the DOJ views all crimes involving cryptocurrencies. Failure to comply with U.S. regulations involving and adjacent to cryptocurrencies can result in federal criminal charges. As indicated in the newly released Framework, the DOJ will not hesitate to assert broad jurisdiction in order to combat what it views as cryptocurrency’s substantial role in serious criminal activity.
Indeed, the DOJ seems to be expanding its enforcement priorities to encompass more players in the cryptocurrency space. Participants in the cryptocurrency ecosystem—exchanges, crypto kiosks, money service businesses, virtual currency casinos, and more—will be held responsible for ensuring their platforms safeguard customer data and are safe from exploitation by illicit actors. Potential federal criminal charges may stem from:
To date, the DOJ’s prosecution in this arena has focused on egregious criminal actors—e.g., international terrorists, narcotics traffickers, and operators of “dark web” marketplaces that overtly facilitate criminal activity. Nonetheless, organizations of all stripes would be wise to take steps to avoid exploitation by bad-faith actors by bolstering compliance tools and internal controls to prevent illicit activity from occurring in and through their institutions.
The DOJ views money laundering statutes as key tools to combat cryptocurrency crimes and has frequently relied on the enforcement of AML laws to prosecute a wide range of criminal activity. In so doing, the DOJ has relied not only on the traditional criminal money laundering statute (18 U.S.C. §§1956 and 1957), but also on the operation of unlicensed money transmitting businesses (18 U.S.C. §1960), and the Bank Secrecy Act (31. U.S.C. §5331 et seq.). In addition, the DOJ develops investigative leads by coordinating with regulatory authorities and self-regulatory agencies such as the Treasury Department’s Office of Foreign Assets Control, the Office of the Comptroller of the Currency, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Internal Revenue Service, the Federal Reserve, the Federal Deposit Insurance Corporation, the Financial Industry Regulatory Authority, and state Attorneys General.
The DOJ and partner agencies have already relied heavily on these money laundering and AML statutes to prosecute cryptocurrency-related crimes. In sidebars throughout the Framework, the Task Force discusses 15 case studies of past successful prosecutions of cryptocurrency-related crimes. Of these 15 examples, 12—or 80%—included money laundering charges. These representative past prosecutions can be grouped into two categories—(a) direct prosecutions of criminal actors for laundering the proceeds of their own criminal activity and (b) prosecutions of intermediaries for facilitating money laundering by other criminal actors. The case studies illustrate how the DOJ has used money laundering and AML statutes to enforce cryptocurrency laws:
The novel and rapidly evolving nature of cryptocurrencies presents unique compliance challenges for cryptocurrency exchanges, money transmitters, and other financial institutions that transact in cryptocurrencies. To stem illicit use of cryptocurrencies, sophisticated technical know-how is required to understand the complex processes involved in cryptocurrency transactions. According to the DOJ, cryptocurrency allows bad-faith actors to more easily obscure money trails and is more commonly associated with financial transactions tied to criminal activity. Accordingly, it is especially important for an organization to have the requisite technical understanding of how cryptocurrencies operate as well as have a heightened awareness of techniques used by criminal actors to conceal the source of financial transactions. For example:
Despite these challenges, there are practical steps organizations can take to ensure compliance in this arena. First, participants in the cryptocurrency ecosystem should ensure their platforms are secure, private, and encrypted. The decentralized exchanges inherent in the cryptocurrency ecosystem present a high risk for criminal activity to go undetected. Moreover, so-called Anonymity Enhanced Cryptocurrencies—such as Monero, Zcash, and Dash—reflect further opportunities for criminal obfuscation.
Organizations should also be on heightened alert for information tying financial flows to high-risk activity that might be indicative of illegal conduct. Some examples of high-risk indicators include obscured or anonymized transactions, obscured or anonymized sources of funds, and unregistered exchanges or money services businesses.
The cryptocurrency industry is complex and subject to fast-paced change. Establishing an effective AML program is vital in this context given the prevalence of cryptocurrencies in illicit transactions. An effective AML program can help safeguard customers from potential criminal activity and prevent bad actors from using an institution to unwittingly facilitate criminal activity. It can also help mitigate legal risk, as the DOJ has signaled its willingness to use money laundering and AML statutes and regulations to pursue and punish not only criminal actors, but also those who facilitate their conduct.
 This is the second report issued by the Task Force, which was established in February 2018 to assess global cyber threats and law enforcement’s role in combating those threats. The first Report of the Attorney General’s Cyber-Digital Task Force was issued in July 2018.
 The circumstances described in Section III(a)–(b) are allegations asserted by the government in its charging instruments. For a more detailed discussion of Al Qaeda, al-Qassam Brigades, and ISIS cases, see https://www.orrick.com/en/Insights/2020/08/DOJ-Demonstrates-its-Ability-to-Track-Illegal-Foreign-Funds-Laundered-Through-Crypto.
 As referenced above, the al-Qassam Brigades, when soliciting bitcoin donations via social media, claimed that such donations would be untraceable and used to support violent causes. The group’s website included videos on how to make anonymous donations using bitcoin.
 See Framework at 25–27.
 In each transaction, a small amount of digital currency “peels off” the chain to another address.