The Regulatory Trinity Pt. VII
In our previous articles within the “Regulatory Trinity” series, we delved into securities regulations and explored the transformative potential of Disclosure NFTs.
In this installment, we'll examine the critical intersection of anti-money laundering (AML) and combating the financing of terrorism (CFT) regulations as they apply to digital assets. We'll analyze real-world cases, relevant legislation, and the importance of compliance for maintaining the integrity of the financial system.
Anti-money laundering and combating the financing of terrorism
AML and CFT laws have become essential in the financial regulatory framework, particularly concerning digital assets and cryptocurrencies. Examining money laundering cases involving cryptocurrencies and relevant laws provides valuable insights into measures taken to prevent illicit activities and maintain financial system integrity. Notable regulations like the Bank Secrecy Act, US Sanctions Program, and forthcoming legislation such as MiCA in Europe are crucial in tracing funds linked to unlawful activities. Compliance involves maintaining comprehensive records, implementing Know Your Customer standards, and monitoring transactions. These measures aim to punish wrongdoers by confiscating or blocking unlawfully acquired funds, emphasizing the importance of robust AML/CFT regulations in addressing the unique risks associated with digital assets.
TradFi AML & CFT
We previously discussed this topic in brief in the article “At the Intersection of Privacy & Compliance” [21]. Here we will provide further insight into the laws and the regulatory bodies (in the US) involved in shaping and adapting this regulation for the digital assets space. Some of the most notorious money laundering cases involving cryptocurrencies include:
Mt. Gox: Once the world’s largest bitcoin exchange, it abruptly ceased operations in 2014 after declaring that around 850,000 bitcoins, valued at over $450 million then and billions today, were missing and likely stolen, marking the biggest loss of Bitcoins in history.
BTC-e: Despite serving around 700,000 global customers and thriving in the ambiguous regulatory landscape of emerging crypto markets, BTC-e concealed its services to US customers, trying to evade US legal jurisdiction. The exchange faced accusations of being linked to the theft of over 300,000 BTC from Mt. Gox without exercising due diligence or filing Suspicious Activity Reports. On July 27, 2017, FinCEN found BTC-e in violation of numerous regulations, leading to indictments in California. Charges included money laundering, conspiracy, unlawful monetary transactions, and operating an unlicensed money transmission business.
Helix & Coin Ninja: From 2014 to 2019, Larry Dean Harmon operated Helix, a cryptocurrency “tumbler” service, and Coin Ninja LLC, a crypto media site and exchange, both classified as money transmitters and financial institutions by FinCEN. Harmon faced charges for willfully violating the BSA’s registration, AML program, and reporting requirements, including the failure to register Helix and Coin Ninja as money services businesses, the lack of an effective AML program for Helix, and failure to report suspicious activities tied to Helix.
Alphabay: In 2017, Alphabay, the largest criminal marketplace on the dark web, was seized by the U.S. Department of Justice after operating for over two years. It facilitated the sale of illegal items using cryptocurrencies like Bitcoin, Monero, and Ethereum to conceal its operations. The marketplace’s creator, Alexandre Cazes, faced multiple charges related to drug distribution, racketeering, identity theft, and money laundering.
Silk Road: A notorious online marketplace operating on the darknet that facilitated anonymous transactions involving illegal goods and services. Founder Ross Ulbricht faced charges of money laundering, drug trafficking, and computer hacking, leading to the FBI’s takedown of the site in 2013. The incident had a significant impact on the cryptocurrency community, with Bitcoin, the primary currency used on Silk Road, experiencing a substantial price decline after the site’s closure.
BitMEX: An exchange which was embroiled in a major scandal in the cryptocurrency world in 2020. It was accused of breaching the Bank Secrecy Act and running an unregistered futures exchange, leading to charges against its founders. The incident heightened regulatory scrutiny of cryptocurrency exchanges, causing investor concerns and undermining confidence in the industry, resulting in BitMEX paying a $100 million fine and implementing new anti-money laundering measures.
AML/CFT laws in the US are crucial for preventing illicit activities like money laundering and terrorist financing through the country’s financial system. Key agencies responsible for enforcing these laws include FinCEN, OFAC, and the DOJ, with main regulations like the BSA, USA PATRIOT Act, and FATCA. Virtual currencies are also covered under this regulatory framework, with specific guidance from agencies like FinCEN to address their unique risks.
The BSA mandates financial institutions to establish AML programs to prevent money laundering and terrorist financing, overseen by FinCEN, which enforces the BSA and can penalize non-compliant institutions. The USA PATRIOT Act broadened AML and CFT laws, requiring more entities to comply with the BSA, implement customer identification and enhanced due diligence measures, and report suspicious activity to FinCEN. FATCA obliges foreign financial institutions to report U.S. citizens’ offshore accounts to the IRS, and U.S. citizens must also report their foreign financial accounts to the IRS. Regulatory guidance from FinCEN and other agencies complements these laws through interpretive letters, advisories, and industry-specific guidance, providing clarity on regulatory requirements and expectations.
FinCEN has issued two important guidance documents on virtual currencies. Its 2013 guidance defined certain virtual currency activities as money transmission and required exchangers and administrators of convertible virtual currencies to register as Money Services Businesses (MSBs) and comply with relevant regulations. In 2019, it issued followup guidance to clarify regulatory obligations for businesses dealing with privacy coins and anonymizing services, categorizing privacy coins as subject to the same regulations as non-anonymized cryptocurrencies. It also found that developers of privacy coins might also be considered regulated MSBs if they operate as administrators of a payment system. Compliance with the Funds Travel Rule is mandatory for businesses exchanging privacy tokens and developers of privacy coins, but it does not mandate the tracking or sharing of transaction information via blockchain analysis and surveillance.
The Trinity Continues
The evolving world of digital assets necessitates robust AML/CFT regulations to address their inherent risks. By adopting a proactive stance towards compliance, industry participants can deter illicit activities and safeguard the reputation of this transformative sector.
In our next article in the “Regulatory Trinity” series, we will delve into the delicate balance between user privacy and regulatory compliance — exploring the potential of zero-knowledge technology in facilitating compliant private transfers and fraud investigations on the Galactica Network.
Join us on Zealy and participate in the Cypher State Campaign.