Written by: Matthew Digesti, VP, Government Affairs & Strategic Initiatives
On October 8, 2020, the United States Attorney General’s Cyber-Digital Task Force (the “DOJ”) published a paper (the “DOJ Paper”) that provides the DOJ’s most comprehensive view to date of both legitimate and illicit cryptocurrency activities (the “DOJ Framework”). It focuses largely on virtual assets, enforcement milestones, and a road map for increased scrutiny of cryptocurrencies.
The DOJ is not a regulator – it is a department within the federal executive branch responsible for enforcing the law. Therefore, the DOJ Framework is inclined to focus more on unlawful cryptocurrency activities as opposed to providing legal clarity around lawful cryptocurrency activities.
While the DOJ Paper largely highlights illicit cryptocurrency activities, it is quite clear that federal law enforcement officials acknowledge the positive impact and future potential blockchain and cryptocurrency have on society, including United States defense strategy, food safety, and the Federal Reserve System’s exploration of central bank digital currencies. On balance, the DOJ Framework is a positive step in the intersection of blockchain and the law, so long as law enforcement does not overstep its authority and restrain lawful innovation.
The DOJ Paper focuses on two areas. First, it discusses specific unlawful uses of cryptocurrencies. Second, it highlights particular business models that may facilitate criminal activities. Both the specific uses and business models discussed in the DOJ Paper provide fairly straightforward guidance as to what cryptocurrency activities may be unlawful. This likely foreshadows where the DOJ will focus its enforcement over the coming years. In fact, just 11 days after publishing the DOJ Framework, the Financial Crimes Enforcement Network (FinCEN) announced a 60 million dollar fine against the operator of a cryptocurrency mixer due to the service’s unlawful business model.
The common unlawful uses highlighted in the DOJ Framework are (1) financial transactions relating to criminal activity such as terrorism financing and child exploitation, (2) money laundering and the shielding of transactions from tax reporting or other legal requirements, and (3) crimes against virtual asset markets such as fraud, theft, and hacking. These unlawful uses are self-explanatory as they are common crimes that have been committed for decades, but in this context, the crimes are committed using blockchain and cryptocurrency technology.
The common unlawful business models highlighted in the DOJ Framework that may facilitate criminal activities are (1) cryptocurrency exchanges, (2) peer-to-peer exchanges and platforms, (3) cryptocurrency kiosks, (4) virtual currency casinos, (5) anonymity enhanced cryptocurrencies, (6) mixers, tumblers, and chain hopping, and (7) jurisdictional and compliance arbitrage. The DOJ Paper stated that these activities might trigger one or more legal obligations, including Bank Secrecy Act (“BSA”) obligations, Financial Action Task Force (FATF) Travel Rule implementation, state-level money services business licensing, or Commodity Exchange Act registration and compliance. These unlawful business activities are not self-explanatory like those unlawful activities listed above because the technologies giving rise to these business models are relatively new and almost entirely digital. The key here is that apart from the FATF’s newly minted Travel Rule, existing criminal law largely addresses these unlawful business activities without the need for Congress to pass specialized criminal legislation.
Then came the shot across the privacy bow when the DOJ Paper turned its focus toward one specific type of cryptocurrency business model and one specific type of cryptocurrency—peer-to-peer (“P2P”) platforms and anonymity enhanced cryptocurrencies. Both present a potential battleground for privacy advocates against law enforcement officials seeking to ban certain technology that prevents the surveillance and reporting of financial activities.
The first major privacy issue centers on P2P exchanges where individuals can swap virtual assets directly without an intermediary. The DOJ Paper seems to divide this class of activity into two sub-categories: P2P exchangers and P2P exchange platforms.
While the DOJ Paper does not explicitly define “P2P exchangers,” previous FinCEN guidance has clarified that an exchanger in the context of virtual currency is a money transmitter under the BSA if the person accepts virtual currency and transmits the virtual currency to another location or person. The DOJ Paper expands upon this concept by focusing on those “individuals who facilitate transfers of value for the public” and those that “generally find their customers through word of mouth, open source websites such as Craigslist, or online exchange platforms” (DOJ Paper, p. 38). Despite the DOJ Paper’s lack of express language, the guidance likely applies to individuals who are buying and/or selling cryptocurrencies on behalf of others. This seems like a fair conclusion considering FinCEN’s guidance on what activities meet the definition of P2P Exchangers.
The DOJ Paper was relatively straightforward on the second sub-set of P2P exchange activities, that being P2P exchange platforms. “P2P exchangers commonly use online exchange platforms or websites that allow users to trade virtual assets directly with one another and without a central operator. Nonetheless, when engaging in the transmission of virtual assets, these platforms must comply with BSA requirements” (DOJ Paper, p. 38). This wording, on its face, is quite clear. If a platform with no central operator allows users to trade virtual assets directly with one another, it must comply with BSA requirements.
As is the case with most emerging technologies, the decentralized finance ecosystem may have already evolved beyond these legal mandates. Decentralized exchanges where a user can swap virtual assets do not facilitate the swapping of assets between buyer and seller. Rather, decentralized exchanges allow liquidity providers to deposit trading pairs into a code contract in exchange for a liquidity provider token that gives the provider a claim to redeem the trading pair whenever they wish to do so. Suppose a buyer wants to swap one virtual currency for another. In that case, the user interacts with the exchange to sell one virtual asset in exchange for another directly from the liquidity pool. There is no P2P exchange, as contemplated in the DOJ Paper. The question becomes, does the DOJ Framework mandating BSA compliance apply to the most recent evolution of decentralized exchanges? The jury is still out on that question.
The second major privacy issue centers on anonymity enhanced cryptocurrencies (“AECs”). While the DOJ Paper does not explicitly define “cryptocurrency,” characteristics of the term result in some digital currencies being considered AECs; the DOJ does provide several examples such as Monero, Dash, and Zcash. These cryptocurrencies contain privacy-enhancing characteristics. The DOJ Paper is quite clear—the use of AECs is considered by the DOJ to be “a high-risk activity that is indicative of possible criminal conduct.” “Companies that choose to offer AEC products should consider the increased risks of money laundering and financing of criminal activity, and should evaluate whether it is possible to adopt appropriate [anti-money laundering/counter-financing of terrorism] measures to address such risks” (DOJ Paper, p. 41). Those who work in the cryptocurrency legal world heard the message quite clear: The DOJ does not believe any one person or company can offer an AEC product that does not violate the BSA.
Cryptocurrency is in the spotlight and clearly here to stay. Federal officials are paying close attention to the industry, learning about its nuances, and publishing guidance such as the DOJ Paper to articulate what is and is not allowed. While the DOJ Paper mostly contained information that those in the crypto legal industry expected to see, it did provide a new legal perspective on P2P exchanges and AECs that some in the industry did not expect. As blockchain technology continues to disintermediate financial services activities that promote privacy, federal officials will be faced with technology and transactions that do not fit nicely within existing regulations. Hopefully, criminal and regulatory guidance will evolve with the technology in a way that limits criminal activity while simultaneously empowering individuals to participate in this ecosystem of opportunity.