Blockchain presents unprecedented challenges around national security. This is true not only for the federal government, but also for businesses in the private sector. From cross-border transactions involving cryptocurrency governed by the Bank Secrecy Act (BSA) to foreign investments in U.S. businesses subject to the Exon-Florio Amendment and the Foreign Investment and National Security Act of 2007 (FINSA), all types of commercial activities involving blockchain technology could implicate the national security interests of the United States.

But while the challenges that blockchain technology presents may be unprecedented, this does not mean that businesses can—or should—simply ignore them. To the contrary, businesses must prioritize compliance in this area to protect the country’s interests, their shareholders’ interests, and themselves. From the U.S. Department of Homeland Security (DHS) to the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), multiple federal authorities have oversight in this area, and these federal authorities are taking businesses (and their owners and executives) to task when they fail to do what is necessary.

Understanding the Intersection of National Security and Blockchain Technology

To effectively address the national security implications of implementing blockchain technology and executing cryptocurrency transactions, we first need to identify the intersection between these two very different—and seemingly unrelated—topics. So where do national security and blockchain technology cross paths?

In today’s world, the intersection is much wider than most people—including many national security and blockchain experts—realize. In fact, the relationship could be better described as a series of intersections rather than one single crossroads.

An Example of the Crossroads Between National Security and Blockchain

To illustrate, let’s look at an example. A business allows customers to use its online trading platform to transfer and invest in various types of digital currencies. The business is in the United States, and it focuses its advertising efforts on the domestic market.

So far so good, right?

As it turns out, while the business never had any intention of serving overseas customers, its platform does not prevent foreign entities from conducting cryptocurrency transactions—both with U.S. entities and with entities in foreign nations. Since the business is unknown, it becomes an attractive platform for foreign parties seeking to evade detection by U.S. federal authorities. Over the span of five years, the platform hosts tens of thousands of transactions involving parties in Crimea, Iran, Sudan, and Syria—all jurisdictions that are subject to OFAC sanctions due to national security concerns.

Suddenly, the business is responsible for facilitating millions of dollars in transactions involving territories and nations that concern federal national security authorities.

This example isn’t hypothetical—it’s real. On May 1, 2023, OFAC issued an Enforcement Release announcing a settlement with Poloniex Inc. The facts recited in the Enforcement Release are almost exactly as described above. Because of the apparent violations of OFAC sanctions (involving more than $15 million in offending transactions), Poloniex faced a statutory maximum civil monetary penalty of more than $19.6 billion and a base civil penalty of $99 million. Yet because of the business’s size, voluntary self-disclosure, and other mitigating factors, OFAC agreed to settle for just $7.5 million.

Blockchain Technology Has Wide-Ranging Implications (and Risks) Linked to National Security

This is just one of several examples of the intersection between the federal government’s constant efforts to preserve national security and the unique challenges presented by blockchain technology. But it illustrates not only the potential for surprising and unanticipated implications when using blockchain technology, but also the substantial financial risks involved with failing to address relevant national security implications.

In any event, financial risks are not necessarily businesses’ (or their owners’ or executives’) only concern. In some cases, statutory violations that compromise national security can have criminal implications as well. The BSA and multiple other federal statutes in this area include provisions for criminal enforcement, and the U.S. Department of Justice’s (DOJ) National Security Division routinely prosecutes both entities and individuals.

Avoiding (or Addressing) the National Security Implications of Blockchain and Cryptocurrency Transactions

With these concerns in mind, what can—and should—businesses do to avoid (or address) the national security implications of implementing blockchain technology or executing cryptocurrency transactions?

As with other areas of national security compliance, a proactive approach is key. Trading platforms, financial institutions, and other businesses engaged with blockchain technology must ensure that they have a clear and comprehensive understanding of the national security implications of their financial and commercial activities—and they must address these implications before they lead to violations (and the potential for civil or criminal enforcement). In some cases, this may mean acting to avoid any national security concerns. In most cases, however, it will likely mean implementing custom-tailored compliance protocols, policies, and procedures.

1. How Does Blockchain Technology Play a Role in the Institution’s or Business’s Financial and Commercial Activities?

Blockchain can still be characterized as novel technology, and it is a technology that many business leaders do not fully understand. But this is not an excuse for non-compliance. As a result, business leaders must work with their in-house subject matter experts (SMEs) and outside counsel to ensure that they understand all the ways blockchain technology plays a direct or indirect role in their operations.

As cryptocurrencies and blockchain technology become more mainstream, more businesses and financial institutions will need to seriously consider implementing these technologies to remain competitive. When doing so, however, they must not focus solely on the potential commercial implications. They must address all potential legal implications as well including the very real likelihood of facilitating threats to national security.

2. What Are the National Security Implications of the Institution’s or Business’s Use of Blockchain Technology (If Any)?

Just as blockchain technology has many uses, using blockchain technology can have many national security implications. Specific implications are not necessarily linked to specific uses of the technology. As a result, identifying and understanding the pertinent implications can prove challenging—but, again, this is a challenge that businesses and financial institutions must be prepared to overcome.

As shown by the example discussed above, a businesses or financial institution’s direct commercial activities need not have national security implications for concerns to arise. Customers’ use of businesses and financial institutions’ services and platforms can give rise to concerns as well. Thus, making informed decisions requires a broad and forward-thinking approach; and, once again, working with experienced outside counsel is critical.

3. What Federal Statutes and Regulations Do These National Security Implications Bring into Play?

Identifying all pertinent national security implications goes together with identifying the federal statutes and regulations with which businesses and financial institutions must comply. There are many possibilities, with some of the most common examples including:

• Bank Secrecy Act (BSA)
• Committee on Foreign Investment in the United States (CFIUS) regulations
• Export Administration Regulations (EAR)
• Exon-Florio Amendment to the Defense Production Act (DPA)
• Foreign Corrupt Practices Act (FCPA)
• Foreign Investment and National Security Act of 2007 (FINSA)
• OFAC’s sanctions regulations

Again, these are just examples. For many businesses and financial institutions, effectively addressing national security in the age of blockchain will involve developing a multi-faceted compliance program that cohesively addresses wide-ranging compliance duties. But this will also be just the start of the national security compliance process.

4. What Steps Are Necessary to Comply with These Federal Statutes and Regulations?

Along with developing a multi-faceted compliance program, managing national security compliance in the age of blockchain will generally require several additional steps. Effectively implementing the businesses or financial institution’s compliance program is crucial—and may involve steps ranging from internal training to adopting sanctions screening software and other technological safeguards. While entities can tailor their compliance efforts to their financial capabilities to an extent, they must be prepared to do what is necessary before embarking on a blockchain-based commercial enterprise with national security implications.

5. How Can the Institution or Business Effectively Monitor for National Security Compliance on an Ongoing Basis?

Addressing the national security implications of using blockchain technology is not a one-time event. Rather, it is a continuous process that requires due care and consideration on an ongoing basis. To ensure that they are not facilitating or advancing national security risks, businesses and financial institutions that rely on blockchain technology must be prepared to monitor for both new risks and new legal developments in this area. If they aren’t, they will fall behind, and this may have similar consequences to failing to address the national security implications of blockchain at all.