Deputy Attorney General Lisa Monaco of the U.S. Department of Justice (“DOJ”) announced on October 6, 2021, the launch of the National Cryptocurrency Enforcement Team (“NCET”) to undertake investigations and prosecutions involving the criminal misuse of cryptocurrency, and to assist in the tracing and recovery of assets lost to these crimes. The NCET members will initially include members from the DOJ’s Money Laundering and Asset Recovery Protection Section, Computer Crime and Intellectual Property Section, and Assistant U.S. Attorneys from offices across the country.
The NCET’s mission is to “deter, disrupt, investigate and prosecute criminal misuse of cryptocurrency.” That is because in addition to its many legitimate uses, cryptocurrency is also “used in a wide variety of criminal activity, from being the primary demand mechanism for ransomware payments, to money laundering and the operation of illegal or unregistered money services business, to being the preferred means of exchanges of value on ‘dark markets’ for illegal drugs, weapons, malware and other hacking tools. . . .”
According to the announcement, the initial targets of the NCET will include cryptocurrency exchanges, money laundering infrastructure providers, and mixing and tumbling services (which charge customers a fee to send cryptocurrency in a manner designed to conceal the source or owner of the currency). In a nutshell, the NCET’s initial mandate appears to be focused on the companies, entities, and individuals that/who enable criminal actors to utilize cryptocurrency to carry out illicit activities, and at times by design shield the identity of the criminal actor(s).
Perhaps not coincidentally, the DOJ’s introduction of the NCET came on the same day as its announcement of a Civil Cyber-Fraud Initiative aimed at combating “new and emerging cyber threats to the security of sensitive information and critical systems” by enforcing cybersecurity obligations for federal contractors and federal grant recipients under the False Claims Act. The Initiative will hold these actors liable if they put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresent cybersecurity practices, or knowingly violate obligations to monitor and report cybersecurity incidents. Taken together, these initiatives suggest that the federal government will make good on its promises to bring enforcement and regulatory efforts in line with emerging technological issues.
Chairman of the SEC Opines on SEC’s Authority to Regulate Cryptocurrency
The DOJ is not alone in focusing on the cryptocurrency industry. The Securities and Exchange Commission (“SEC”) Chairman, Gary Gensler, also continues to signal that the SEC will become more active in policing the cryptocurrency market. Just a few months back, in August of 2021, Chairman Gensler described the cryptocurrency market as being “rife with fraud, scams and abuse.” Furthermore, Chairman Gensler stated that there is not “enough investor protection in crypto” and described the market as the “Wild West.”
More recently, on October 5, 2021—the day before the DOJ announced its launch of the NCET—Chairman Gensler testified before the House Committee on Financial Services where he reiterated his views for greater investor protection—and zeroed in specifically on cryptocurrency in doing so. To that end, Chairman Gensler stated that in his view many of the cryptocurrency products are securities under the federal securities law and requested cryptocurrency platforms to engage with the SEC for discussions on the application of current rules and regulations and, if appropriate, voluntarily register with the SEC. He also testified that investors “are going to get hurt” because “right now [investors] don’t have that benefit [of the SEC] protecting people against fraud and manipulation.” This coordinated focus on cryptocurrencies shows that both the DOJ and SEC have the cryptocurrency industry square in their sights.
CFTC Also Shows Interest in Cryptocurrency
The Commodity Futures Trading Commission (“CFTC”) has also shown an interest in cryptocurrency since the agency’s Chair’s statement in his December 2014 Senate testimony that virtual currencies are encompassed under the definition of a “commodity” in the Commodity Exchange Act (“CEA”). Although the CFTC primarily regulates transactions in commodity interests (for example, futures, swaps and other such derivative products), under the CEA, the CFTC also has jurisdiction over spot commodity transactions in the event of fraud or market manipulation. The CFTC has brought several enforcement actions targeting, for instance, price manipulation or Ponzi schemes involving cryptocurrencies. For example, in March 2021, the CFTC filed a cryptocurrency-related complaint in the Southern District of New York against since-deceased antivirus software creator John McAfee and a former employee who served as executive adviser of his cryptocurrency team. The CFTC alleged that the defendants identified digital assets with respect to which they believed their promotional efforts could “move the market.” As part of its complaint, the CFTC alleged that the defendants secretly accumulated positions in those digital assets, falsely and misleadingly endorsed the digital assets via Twitter and other media as recommended long-term investments that would “change the world” while concealing their holdings and plan to liquidate quickly, and then secretly sold off most or all of their holdings during the resulting sharp rise in prices.
More recently, on September 28, 2021, the CFTC announced that it was levying a $1.25 million penalty against cryptocurrency exchange Kraken for failing to register as a futures commission merchant (“FCM”). On September 29, 2021, the CFTC announced that it was charging twelve additional cryptocurrency companies for failing to register as FCMs. Likewise, on October 15, 2021, the CFTC announced that (i) it was ordering stablecoin issuer Tether to pay a $41 million fine for making untrue statements and omissions of material fact in connection with its stablecoin USDT; and (ii) penalizing Bitfinex $1.5 million for engaging in illegal, off-exchange retail commodity transactions with U.S persons and failing to register as an FCM. The CFTC’s active enforcement efforts have been maintained despite having two (and soon to be three following Commissioner Berkovitz’s departure to the SEC) empty seats on the five-person Commission. This short staffing should end shortly, however, given President Biden’s September 13, 2021, announcement that he intends to fill these vacancies shortly. So, cryptocurrency may be looking at enforcement proceedings on multiple fronts by multiple regulators and enforcers.
Preparation for an Uptick in Enforcement
Although reasonable minds can agree to disagree on the precise role that cryptocurrencies will take in our national and international economies and topics of discourse, one fact appears rock solid: enforcement and regulation of cryptocurrencies are here to stay—especially at the federal level. To that end, cryptocurrency market participants should be proactive in preparing for what comes next whether from the DOJ, SEC, and/or CFTC.
Generally, in terms of planning, companies and participants in the cryptocurrency space should consider doing several things, including:
Financial Institutions and Fintech Companies: More specifically, financial institutions, for example, should consider updating and enhancing existing risk-based anti-money laundering (“AML”), Know Your Customer (“KYC”), and financial crimes compliance programs to include cryptocurrency screening, monitoring, and reporting. Fintech companies as well as new(er) companies should also consider implementing their own AML, KYC, and financial crimes compliance programs, including customer due diligence, counterparty screening, and transaction monitoring. Fintech companies in partnerships with financial institutions should not rely exclusively on their partners’ compliance programs, but rather should work proactively with their financial institution partners to provide input to mitigate compliance risks pertaining to the cryptocurrency products and services being offered by the fintech company.
Institutions Holding Cryptocurrency: To the extent any company is invested in cryptocurrency, it should consider conducting additional diligence to ensure it has a full understanding of the function and use of the digital asset that it is holding as an investment. This diligence should also include ensuring that all of its cryptocurrency-related service providers , at a minimum, have a robust compliance program in place to capture and remediate the issues that are now of interest to federal enforcers and regulators.
* * *
To be sure, only time will tell how the regulatory and enforcement landscape will evolve in response to the popularity and advancement of cryptocurrency. But steady and increasing compliance can be an effective way to neutralize and successfully deal with those risks however and whenever they emerge.