Navigating the Wild West of U.S. DeFi Regulations

Why is there still so much confusion about DeFi regulation?

Because the DeFi space encompasses a wide range of protocols and applications which now fall within existing anti-money laundering (AML) and know-your-customer (KYC) regulations, federal agencies are being proactive about clarifying the latest guidance for those working within decentralized finance.

As a result, DeFi businesses have seen a flurry of new proposals over the past several months, many of which have not been fully processed or taken seriously by the mainstream.

This new guidance indicates an evolving regulatory framework which, in addition to the Anti-Money Laundering Act of 2020 (AMLA), raises concerns for the DeFi industry.

New federal and international guidance has been issued over the past six months, most significantly the FATF proposal and the AML Act of 2020. Unlike previous statements from FinCEN about virtual assets, these far-reaching proposals offer a broader context, making them difficult for the industry to ignore.

What are the latest proposals, and how do they impact DeFi?

Several new proposals now apply to cryptocurrency and decentralized applications (DApps), making businesses in this space subject to money transmitter laws, which require a much higher level of compliance with AML and KYC rules.

Some of the major changes that may affect DeFi include:

• According to FinCEN guidance, any kind of platform or protocol that facilitating convertible virtual currency (CVC) will be subject to money transmitter regulations. This includes decentralized exchanges and peer-to-peer (P2P) platforms that run across a network of computers using a blockchain protocol.
• New guidance from the Federal Action Task Force (FATF), in coordination with its founding member, the U.S. Department of Justice (DOJ), specifically mentions that the owners and operators of DApps are now considered money transmitters.
• Some DeFi participants may be subject to criminal prosecution through this recent legislation if they fail to comply with the Bank Secrecy Act (BSA) which is designed to prevent, detect and prosecute money laundering and the financing of terrorism.

DOJ is now involved in a significant way

On October 1, 2020, the DOJ released an 83-page report entitled Report of the Attorney General’s Cyber Digital Task Force: Cryptocurrency Enforcement Framework, which is eerily similar to the statements made by the FATF later that month, but this was no coincidence.

According to the DOJ report, the United States is a founding member of the FATF and, while holding the FATF presidency from July 2018 through June 2019, made it a priority to regulate Virtual Currency Asset Providers (VASPs) for AML.

Department of Justice attorneys provided significant contributions to the drafting and adoption process for these important changes to the FATF standards.

What is the new DOJ protocol and Constitutional Law Considerations

Essentially, the protocol recommended by the FATF’s draft proposal echoes the same logic as earlier rulings issued by the Bank Secrecy Act (BSA), but with clearer language about who will be subject to regulation.

In its most recent report, Virtual Asset Red Flag indicators of ML/TF (September 2020), the agency observed that virtual assets have become increasingly normalized as a way to conduct criminal activity. In addition to money laundering and terrorist financing, cryptocurrency has been used for tax evasion, fraud, computer crimes, human trafficking, sanctions evasion, child exploitation, and to facilitate the sale of controlled substances and other illegal items.

In order to understand the new protocols being proposed by FATF for the DeFi industry, crypto businesses should also become familiar with its earlier guidance, a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, issued in June 2019.

Given the DOJ’s significant role in drafting the FATF’s proposal, one may assume that FATF’s recommendations to combat money laundering will become a part of the DOJ’s new protocol and FinCen’s Crypto Wallet Rule

According to Congresswoman Maloney the new AMLA requires ‘all companies to disclose their true, beneficial owners at the time the company is formed to prevent bad actors from using anonymous shell companies to thwart law enforcement and hide their illicit activities.

The U.S. is one of the easiest places in the world to set up anonymous shell companies, because no state in the U.S. currently requires companies to disclose their true, beneficial owners.”

As such, the fact that the crypto industry believes that they will be able to bypass the FinCen’s Crypto Wallet Rule is a curious one.   The new AMLA was approved as part of the new National Defense Authorization Act of 2021 to combat terrorism and money-laundering.

The BSA is the primary US AML law that was originally passed by the Congress in 1970.  Shortly after, several banking groups challenged the constitutionally of this law, claiming it violated both Fourth Amendment rights and Fifth Amendment rights of due process.  In California Bankers Assn. v. Shultz, 416 U.S. 21 (1974), the Supreme Court ruled that the BSA did not violate the Constitution and the financial institutions complied with the BSA’s reporting requirements.   Does the same destiny await Defi industry in the US?

The relationship between the DOJ and FATF

The inter-governmental body known as FATF, or the Financial Action Task Force, is best known as the “global money laundering and terrorist financing watchdog” so it is not surprising that the United States would want to play a major role in preventing these illegal activities.

As a policy-making body, the goal of the FATF and its 200 participating countries is to generate the necessary political will to bring about a coordinated global response to terrorism, corruption, and organized crime, while halting any funding for weapons of mass destruction.

Many in the DeFi industry are unaware of the updated FATF Recommendations (originally published in 2012), which were released on October 23, 2020, or the recent statements from FATF earlier this year regarding money laundering and virtual assets. While many consider FATF’s recommended protocol something intended for European markets, the fact is that our own DOJ was major contributor to this recent guidance.

Because cryptocurrencies have gained widespread popularity around the world, regulating these assets is a top priority for FATF and, by extension, the DOJ. As a result, the FATF frequently implements standards that help them hold countries to account when they fail to comply.

Here is how FATF proposes to regulate decentralized or distributed applications (Dapps) and their operators:

Exchange or transfer services may also occur through so-called decentralized exchanges or platforms. DApps for example, is a term that refers to a software program that operates on a P2P network of computers running a blockchain protocol—a type of distributed public ledger that allows the development of other applications.

These applications or platforms are often run on a distributed ledger but still usually have a central party with some measure of involvement, such as creating and launching an asset, setting parameters, holding an administrative “key” or collecting fees.

Entities involved with the DApp may be VASPs under the FATF definition. For example, the owner/operator(s) of the DApp likely fall under the definition of a VASP, as they are conducting the exchange or transfer of VASP as a business on behalf of a customer.

The owner/operator is likely to be a VASP, even if other parties play a role in the service or portions of the process are automated. Likewise, a person that conducts business development for a DApp may be a VASP when they engage as a business in facilitating or conducting the activities previously described on behalf of another natural or legal person.

The decentralization of any individual element of operations does not eliminate VASP coverage if the elements of any part of the VASP definition remain in place.

AML Act of 2020 – What does it mean for DeFi?

AMLA will have significant consequences for certain DeFi businesses, specifically cryptocurrency traders, smaller companies, and foreign entities with ties to U.S. banks. In addition, AMLA makes enforcement of BSA and AML violations more severe, with increased rewards for whistleblowers and other significant consequences for certain institutions.

The three most important ways that AMLA is enforcing compliance within the DeFi space:

1. Clearly spelling out the rules for cryptocurrency businesses and removing any ambiguity about whether they must register with FinCEN as money transmitters, while adding antiquities dealers, consultants, and advisors to the growing list of “financial institutions” as defined by the BSA.

1. Adding a new layer of required reporting aimed at smaller companies acting as shell companies requires them to disclose information about the beneficial ownership of virtual assets. Under the Corporate Transparency Act (CTA), which Congress passed in January 2021 as part of the National Defense Authorization Act (and under the scope of AMLA), these companies must report the name, address, date of birth, and a unique state-issued ID number if, in fact, they are considered a “reporting company” under the statute.

3. Significantly expanding the U.S. government’s subpoena power to demand records from any bank account owned by a foreign be available for inspection and stating that “the foreign country’s privacy and confidentiality laws cannot be used as the sole basis for granting the motion.” While most experts believe this part of the statute is headed for litigation, it is advised that foreign companies with U.S. bank accounts get clarity on the details of this new requirement.

How serious is the U.S. government about enforcement?

Anyone considering the launch of a DeFi business or cryptocurrency exchange should know that creative planning around the BSA is no longer an option. As this is now considered a matter of national security, would-be participants in DeFi must go through the proper channels and follow the law.

Here are some examples of recent actions by the DOJ:

2020: In July 2020, the DOJ took down a $25 million illegal ATM operation, seizing 17 Bitcoin ATMs and some cryptocurrencies from a California man, Kais Mohammad, who openly admitted to operating unlicensed ATMs that “laundered millions of dollars in bitcoin and cash for criminals’ benefit.” After agreeing to plead guilty, the defendant is facing up to 30 years in federal prison.

According to FinCEN Director, Kenneth A. Blanco, “obligations under the BSA apply to money transmitters regardless of their size… it should not come as a surprise that we will take enforcement action based on what we have publicly stated since our March 2013 Guidance – that exchangers of convertible virtual currency, such as Mr. Powers, are money transmitters and must register as MSBs.”

As a result of these high-profile cases, blockchain companies are starting to recognize the problem and taking the initial steps to be compliant. Protocols are now in place, based on Ethereum, which allow DeFi players to incorporate the necessary AML and KYC features into their platforms.

State laws vs. Federal regulations

Many in the blockchain space have pointed out that state laws often run counter to federal regulations concerning money transmitters, MSBs, and P2P networks.

One such example of this is the case in California, where the CA Department of Financial Protection & Innovation indicated that if business falls into one of these three categories, it will not be considered a money transmitter and will not need to be licensed:

• The Company also operates a P2P exchange, in which the Company is not a buyer or seller of any digital or fiat currency within such exchange.
• A User wishes to purchase digital assets in exchange for other digital assets, and the hosted wallet of each user is debited and credited accordingly in the respected amounts.
• Users are executing trades in their hosted wallets and/or DDAs

Prior to the AML Act of 2020 and recent guidance from FATF and FinCEN, DeFi businesses might have operated under the assumption that contradictory state laws surrounding MSBs meant a money transmitter license may not be required.

When state laws are contradictory, such as the exceptions made in California, people mistakenly believe they are “safe” from federal regulators, but in reality, state laws will never trump federal AML regulations. Due to the increased level of federal oversight, it is ill-advised to operate in the DeFi space without first consulting the regulators.

Why is no one talking about this?

Crypto is certainly no exception to the AMLA, FATF, and other FinCEN enforcement actions. When one considers the huge potential losses that could be incurred by fund managers, MSBs, family offices, and the like, it is more important than ever to disclose these new regulations to investors and other stakeholders.

AMLA will impact not every startup, but it is better to take a cautious approach when getting started in DeFi.  For example, even if a startup recognizes the need for an MTL, it still takes close to 18 months to get one, or two years in New York State, so what does one do to remain compliant in the meantime?

In her remarks at the Parallel Summit in September 2020, Valerie Szczepanik, Head of the Strategic Hub for Innovation and Financial Technology at the U.S. Securities and Exchange Commission (SEC), cautioned:

“We’ve seen [DeFi] projects that are subject to vulnerabilities, attacks, hacks, manipulation. We’ve seen structures that purport to enable users to lend money, earn interest, borrow money, exchange, take positions; these are all financial activities, and they are likely subject to various laws already, including securities law, potentially banking and lending laws – definitely AML/CTF laws.”

DeFi entrepreneurs looking to fulfill the letter of the law in the U.S. would be wise to seek counsel and ask for feedback from FinHUB. If there is any question about how to properly and compliantly run a blockchain startup, FinHUB can provide initial feedback while preserving the anonymity of the requestor.

Resources:

• BSA/AML Policies For Crypto Exchanges and DeFi Applications
• U.S. Dept. of the Treasury, Fin. Crimes Enf’t Network, What is the BSA Data?
• FinCEN Guidance FIN- 2019-G001, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies
• CFTC Staff Issues Advisory for Virtual Currency Products
• Lael Brainard, Fed. Reserve Governor, “An Update on Digital Currencies”
• DoD Digital Modernization Strategy
• The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation
• FATF REPORT – Virtual Currencies Key Definitions and Potential AML/CFT Risks
• FBI Expects a Rise in Scams Involving Cryptocurrency Related to the COVID-19 Pandemic
• I.R.S. Notice 2014-21
• Operator Of Bitcoin Investment Platform Pleads Guilty To Securities Fraud And Obstruction Of Justice
• TREASURY ORDER 180-01. Financial Crimes Enforcement Network
• FinCEN Issues Guidance on Virtual Currencies and Regulatory Responsibilities
• Ripple Labs Inc. Resolves Criminal Investigation
• Office of Foreign Assets Control – Sanctions Programs and Information
• Treasury Sanctions Individuals Laundering Cryptocurrency for Lazarus Group
• OCC Interpretative Letter #1170, Authority of a National Bank to Provide Cryptocurrency Custody Services for Customers
• U.S. Dept. of the Treasury, Fin. Crimes Enf’t Network, FinCEN Advisory FIN-2012-A001: Foreign-Located Money Services Businesses