White Collar, Investigations, Securities Litigation & Compliance Alert
The Department of Justice (DOJ) announced last week and earlier this month civil forfeiture actions brought by the United States Attorney’s Office for the District of Columbia to seize stolen or laundered virtual currency from various terrorist organizations and North Korean actors. These combined actions represent the largest seizures of cryptocurrency by the United States government to date. “Terrorist networks have adapted to technology, conducting complex financial transactions in the digital world, including through cryptocurrencies,” said Treasury Secretary Steven Mnuchin. Other statements by federal officials announcing these actions highlighted the ability of investigators and prosecutors to trace and seize virtual currency related to illegal activity. These cases demonstrate that in its fight against money laundering and terrorist financing, U.S. law enforcement can identify and prosecute terrorist networks that use virtual currency in their attempts to finance their activities through anonymous donations.
In these actions, the government seems to have raised both its expectations and incentives for financial institutions to work with the government to disrupt cyber-enabled money laundering. In announcing the complaint against the North Korean actors, Assistant Attorney General John Demers said, “[A]ctions like those today send a powerful message to the private sector and foreign governments regarding the benefits of working with us to counter” threats from North Korea.” Financial institutions that transact in virtual currency, such as exchanges, should review their AML compliance programs to ensure that they can detect and prevent the types of illegal behavior identified in these complaints. Financial institutions should consider employing technology-based solutions as they monitor for suspicious activity involving virtual currency.
In a forfeiture complaint filed last week, the DOJ alleges that North Korean hackers stole millions of dollars from virtual currency accounts and then attempted to launder the stolen funds to make them untraceable. The action, United States v. 280 Virtual Currency Accounts, follows a related criminal complaint and civil actions brought earlier this year. Last week’s complaint details several sophisticated techniques these state-sponsored actors took to launder the stolen proceeds, including layering funds though voluminous transactions (up to 5,000 in one instance), transferring funds through multiple countries, and “chain hopping” (i.e., converting to multiple cryptocurrencies before exchanging the funds for fiat currency). According to the complaint, the North Korean hackers also falsified KYC data to successfully deposit other types of stolen cryptocurrency at an exchange. In one instance, the hackers converted stolen cryptocurrency to fiat using over-the-counter (OTC) traders in China that were operating in the United States as unregistered foreign-located money services businesses. The complaints also point to the exchanges’ role in uncovering these violations, stating that the exchanges’ controls resulted in the freezing of several accounts and helped prosecutors track the transactions.
In the forfeiture actions brought earlier this month, the United States Attorney’s Office for the District of Columbia filed three separate civil complaints targeting assets associated with websites (including Facebook pages), as well as specified cryptocurrency accounts that solicited, sent or received funds to benefit Hamas, al-Qaeda and ISIS, organizations designated as terrorist organizations by the United States government (“designated terrorist organizations”). These seizures are the culmination of coordinated efforts of multiple government agencies, including the DOJ, the Department of Homeland Security and the Internal Revenue Service.
The three forfeiture complaints, identified as related cases by the DOJ, stem from three different funding schemes operated by various designated terrorist organizations:
The government also unveiled a criminal complaint and supporting affidavit, charging the two Turkish nationals identified above with money laundering and operating an unregistered foreign money services business (“MSB”) that engaged in MSB activities in the United States. Holding foreign MSBs liable for failing to register is consistent with long-standing FinCEN guidance.
As law enforcement and regulators have noted, terrorists and other bad actors are using increasingly sophisticated methods, including cyber-enabled funding campaigns and use of cryptocurrencies, to conduct complex financial transactions. But, as illustrated in these cases, the U.S. government is capable of obtaining critical information about the true identity of illicit actors through subpoenas to cryptocurrency exchanges seeking details regarding those firms’ KYC data and internal controls, as well as through the use of forensic tools. The DOJ’s press releases acknowledge the importance of the assistance from the exchanges involved and from private cybercrime investigative firms’ forensic tools.
Law enforcement and regulators expect financial institutions to effectively adapt their anti-money laundering programs to address risks posed by evolving methods of money laundering and terrorist financing, including through the use of cryptocurrency. For example, in an Iran-related advisory, FinCEN has suggested that financial institutions employ cryptocurrency-specific technology in their controls and has specifically identified for financial institutions convertible virtual currency-related activities and transaction characteristics that it considers red flags for illicit activity. As FinCEN Director Kenneth Blanco said in a November 2019 speech, financial institutions should be prepared to explain how they “mitigate risks associated with [anonymity-enhanced cryptocurrencies], including how [they] identify potentially suspicious activity and comply with reporting and recordkeeping requirements—including the Funds Travel Rule.” Financial institutions should also consider employing cryptocurrency-specific technology—like blockchain explorers—to monitor transactions and to help identify potentially suspicious activity.